npm - @c15t/backend - Versions diffs - 2.0.0-rc.4 → 2.0.0-rc.5 - Mend

@c15t/backend 2.0.0-rc.4 → 2.0.0-rc.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (308) hide show

package/dist/core.cjs +830 -74
package/dist/core.js +807 -75
package/dist/db/schema.cjs +37 -0
package/dist/db/schema.js +33 -2
package/dist/edge.cjs +1106 -0
package/dist/edge.js +1069 -0
package/dist/router.cjs +613 -64
package/dist/router.js +613 -64
package/{dist → dist-types}/cache/adapters/cloudflare-kv.d.ts +0 -1
package/{dist → dist-types}/cache/adapters/index.d.ts +0 -1
package/{dist → dist-types}/cache/adapters/memory.d.ts +0 -1
package/{dist → dist-types}/cache/adapters/upstash-redis.d.ts +0 -1
package/{dist → dist-types}/cache/gvl-resolver.d.ts +1 -2
package/{dist → dist-types}/cache/index.d.ts +0 -1
package/{dist → dist-types}/cache/keys.d.ts +0 -1
package/{dist → dist-types}/cache/types.d.ts +0 -1
package/{dist → dist-types}/core.d.ts +8 -1
package/{dist → dist-types}/db/migrator/index.d.ts +0 -1
package/{dist → dist-types}/db/registry/consent-policy.d.ts +0 -1
package/{dist → dist-types}/db/registry/consent-purpose.d.ts +0 -1
package/{dist → dist-types}/db/registry/domain.d.ts +0 -1
package/{dist → dist-types}/db/registry/index.d.ts +22 -2
package/dist-types/db/registry/runtime-policy-decision.d.ts +60 -0
package/{dist → dist-types}/db/registry/subject.d.ts +0 -1
package/{dist → dist-types}/db/registry/types.d.ts +1 -2
package/{dist → dist-types}/db/registry/utils/generate-id.d.ts +0 -1
package/{dist → dist-types}/db/registry/utils.d.ts +0 -1
package/{dist → dist-types}/db/schema/1.0.0/audit-log.d.ts +0 -1
package/{dist → dist-types}/db/schema/1.0.0/consent-policy.d.ts +0 -1
package/{dist → dist-types}/db/schema/1.0.0/consent-purpose.d.ts +0 -1
package/{dist → dist-types}/db/schema/1.0.0/consent-record.d.ts +0 -1
package/{dist → dist-types}/db/schema/1.0.0/consent.d.ts +1 -2
package/{dist → dist-types}/db/schema/1.0.0/domain.d.ts +0 -1
package/{dist → dist-types}/db/schema/1.0.0/index.d.ts +0 -1
package/{dist → dist-types}/db/schema/1.0.0/subject.d.ts +0 -1
package/{dist → dist-types}/db/schema/2.0.0/audit-log.d.ts +1 -2
package/{dist → dist-types}/db/schema/2.0.0/consent-policy.d.ts +1 -2
package/{dist → dist-types}/db/schema/2.0.0/consent-purpose.d.ts +1 -2
package/{dist → dist-types}/db/schema/2.0.0/consent.d.ts +5 -2
package/{dist → dist-types}/db/schema/2.0.0/domain.d.ts +1 -2
package/{dist → dist-types}/db/schema/2.0.0/index.d.ts +432 -17
package/dist-types/db/schema/2.0.0/runtime-policy-decision.d.ts +23 -0
package/{dist → dist-types}/db/schema/2.0.0/subject.d.ts +1 -2
package/{dist → dist-types}/db/schema/index.d.ts +862 -33
package/{dist → dist-types}/db/tenant-scope.d.ts +0 -1
package/{dist → dist-types}/define-config.d.ts +0 -1
package/dist-types/edge/index.d.ts +5 -0
package/dist-types/edge/init-handler.d.ts +38 -0
package/dist-types/edge/resolve-consent.d.ts +80 -0
package/dist-types/edge/types.d.ts +13 -0
package/{dist → dist-types}/handlers/consent/check.handler.d.ts +0 -1
package/{src/handlers/consent/index.ts → dist-types/handlers/consent/index.d.ts} +0 -1
package/{dist → dist-types}/handlers/init/geo.d.ts +2 -3
package/{dist → dist-types}/handlers/init/index.d.ts +4 -5
package/dist-types/handlers/init/policy.d.ts +26 -0
package/dist-types/handlers/init/resolve-init.d.ts +44 -0
package/dist-types/handlers/init/translations.d.ts +48 -0
package/dist-types/handlers/policy/snapshot.d.ts +99 -0
package/{src/handlers/status/index.ts → dist-types/handlers/status/index.d.ts} +0 -1
package/{dist → dist-types}/handlers/status/status.handler.d.ts +0 -1
package/{dist → dist-types}/handlers/subject/get.handler.d.ts +0 -1
package/{src/handlers/subject/index.ts → dist-types/handlers/subject/index.d.ts} +0 -1
package/{dist → dist-types}/handlers/subject/list.handler.d.ts +0 -1
package/{dist → dist-types}/handlers/subject/patch.handler.d.ts +0 -1
package/{dist → dist-types}/handlers/subject/post.handler.d.ts +12 -1
package/{dist → dist-types}/handlers/utils/consent-enrichment.d.ts +0 -1
package/{dist → dist-types}/init.d.ts +0 -1
package/{dist → dist-types}/middleware/auth/index.d.ts +0 -1
package/{dist → dist-types}/middleware/auth/validate-api-key.d.ts +0 -1
package/{dist → dist-types}/middleware/cors/cors.d.ts +0 -1
package/{src/middleware/cors/index.ts → dist-types/middleware/cors/index.d.ts} +0 -1
package/{dist → dist-types}/middleware/cors/is-origin-trusted.d.ts +1 -2
package/{dist → dist-types}/middleware/cors/process-cors.d.ts +0 -1
package/{dist → dist-types}/middleware/openapi/config.d.ts +0 -1
package/{dist → dist-types}/middleware/openapi/handlers.d.ts +0 -1
package/{src/middleware/openapi/index.ts → dist-types/middleware/openapi/index.d.ts} +0 -1
package/{dist → dist-types}/middleware/process-ip/index.d.ts +0 -1
package/dist-types/policies/builder.d.ts +127 -0
package/dist-types/policies/defaults.d.ts +2 -0
package/dist-types/policies/matchers.d.ts +3 -0
package/{dist → dist-types}/router.d.ts +0 -1
package/{dist → dist-types}/routes/consent.d.ts +0 -1
package/{src/routes/index.ts → dist-types/routes/index.d.ts} +0 -1
package/{dist → dist-types}/routes/init.d.ts +0 -1
package/{dist → dist-types}/routes/status.d.ts +0 -1
package/{dist → dist-types}/routes/subject.d.ts +0 -1
package/{dist → dist-types}/types/api.d.ts +0 -1
package/{dist → dist-types}/types/index.d.ts +110 -6
package/dist-types/utils/background.d.ts +6 -0
package/{dist → dist-types}/utils/create-telemetry-options.d.ts +0 -1
package/{dist → dist-types}/utils/env.d.ts +0 -1
package/{dist → dist-types}/utils/extract-error-message.d.ts +0 -1
package/{dist → dist-types}/utils/instrumentation.d.ts +0 -1
package/{dist → dist-types}/utils/logger.d.ts +1 -2
package/{dist → dist-types}/utils/metrics.d.ts +0 -1
package/dist-types/version.d.ts +1 -0
package/docs/README.md +49 -0
package/docs/api/configuration.md +197 -0
package/docs/api/endpoints.md +211 -0
package/docs/guides/caching.md +85 -0
package/docs/guides/database-setup.md +128 -0
package/docs/guides/edge-deployment.md +248 -0
package/docs/guides/framework-integration.md +142 -0
package/docs/guides/iab-tcf.md +89 -0
package/docs/guides/observability.md +96 -0
package/docs/guides/policy-packs.md +396 -0
package/docs/quickstart.md +129 -0
package/package.json +33 -19
package/.turbo/turbo-build.log +0 -49
package/CHANGELOG.md +0 -123
package/dist/cache/adapters/cloudflare-kv.d.ts.map +0 -1
package/dist/cache/adapters/index.d.ts.map +0 -1
package/dist/cache/adapters/memory.d.ts.map +0 -1
package/dist/cache/adapters/upstash-redis.d.ts.map +0 -1
package/dist/cache/gvl-resolver.d.ts.map +0 -1
package/dist/cache/index.d.ts.map +0 -1
package/dist/cache/keys.d.ts.map +0 -1
package/dist/cache/types.d.ts.map +0 -1
package/dist/core.d.ts.map +0 -1
package/dist/db/adapters/drizzle.d.ts +0 -2
package/dist/db/adapters/drizzle.d.ts.map +0 -1
package/dist/db/adapters/index.d.ts +0 -2
package/dist/db/adapters/index.d.ts.map +0 -1
package/dist/db/adapters/kysely.d.ts +0 -2
package/dist/db/adapters/kysely.d.ts.map +0 -1
package/dist/db/adapters/mongo.d.ts +0 -2
package/dist/db/adapters/mongo.d.ts.map +0 -1
package/dist/db/adapters/prisma.d.ts +0 -2
package/dist/db/adapters/prisma.d.ts.map +0 -1
package/dist/db/adapters/typeorm.d.ts +0 -2
package/dist/db/adapters/typeorm.d.ts.map +0 -1
package/dist/db/migrator/index.d.ts.map +0 -1
package/dist/db/registry/consent-policy.d.ts.map +0 -1
package/dist/db/registry/consent-purpose.d.ts.map +0 -1
package/dist/db/registry/domain.d.ts.map +0 -1
package/dist/db/registry/index.d.ts.map +0 -1
package/dist/db/registry/subject.d.ts.map +0 -1
package/dist/db/registry/types.d.ts.map +0 -1
package/dist/db/registry/utils/generate-id.d.ts.map +0 -1
package/dist/db/registry/utils.d.ts.map +0 -1
package/dist/db/schema/1.0.0/audit-log.d.ts.map +0 -1
package/dist/db/schema/1.0.0/consent-policy.d.ts.map +0 -1
package/dist/db/schema/1.0.0/consent-purpose.d.ts.map +0 -1
package/dist/db/schema/1.0.0/consent-record.d.ts.map +0 -1
package/dist/db/schema/1.0.0/consent.d.ts.map +0 -1
package/dist/db/schema/1.0.0/domain.d.ts.map +0 -1
package/dist/db/schema/1.0.0/index.d.ts.map +0 -1
package/dist/db/schema/1.0.0/subject.d.ts.map +0 -1
package/dist/db/schema/2.0.0/audit-log.d.ts.map +0 -1
package/dist/db/schema/2.0.0/consent-policy.d.ts.map +0 -1
package/dist/db/schema/2.0.0/consent-purpose.d.ts.map +0 -1
package/dist/db/schema/2.0.0/consent.d.ts.map +0 -1
package/dist/db/schema/2.0.0/domain.d.ts.map +0 -1
package/dist/db/schema/2.0.0/index.d.ts.map +0 -1
package/dist/db/schema/2.0.0/subject.d.ts.map +0 -1
package/dist/db/schema/index.d.ts.map +0 -1
package/dist/db/tenant-scope.d.ts.map +0 -1
package/dist/define-config.d.ts.map +0 -1
package/dist/handlers/consent/check.handler.d.ts.map +0 -1
package/dist/handlers/consent/index.d.ts +0 -12
package/dist/handlers/consent/index.d.ts.map +0 -1
package/dist/handlers/init/geo.d.ts.map +0 -1
package/dist/handlers/init/index.d.ts.map +0 -1
package/dist/handlers/init/translations.d.ts +0 -26
package/dist/handlers/init/translations.d.ts.map +0 -1
package/dist/handlers/status/index.d.ts +0 -7
package/dist/handlers/status/index.d.ts.map +0 -1
package/dist/handlers/status/status.handler.d.ts.map +0 -1
package/dist/handlers/subject/get.handler.d.ts.map +0 -1
package/dist/handlers/subject/index.d.ts +0 -10
package/dist/handlers/subject/index.d.ts.map +0 -1
package/dist/handlers/subject/list.handler.d.ts.map +0 -1
package/dist/handlers/subject/patch.handler.d.ts.map +0 -1
package/dist/handlers/subject/post.handler.d.ts.map +0 -1
package/dist/handlers/utils/consent-enrichment.d.ts.map +0 -1
package/dist/init.d.ts.map +0 -1
package/dist/middleware/auth/index.d.ts.map +0 -1
package/dist/middleware/auth/validate-api-key.d.ts.map +0 -1
package/dist/middleware/cors/cors.d.ts.map +0 -1
package/dist/middleware/cors/index.d.ts +0 -30
package/dist/middleware/cors/index.d.ts.map +0 -1
package/dist/middleware/cors/is-origin-trusted.d.ts.map +0 -1
package/dist/middleware/cors/process-cors.d.ts.map +0 -1
package/dist/middleware/openapi/config.d.ts.map +0 -1
package/dist/middleware/openapi/handlers.d.ts.map +0 -1
package/dist/middleware/openapi/index.d.ts +0 -12
package/dist/middleware/openapi/index.d.ts.map +0 -1
package/dist/middleware/process-ip/index.d.ts.map +0 -1
package/dist/router.d.ts.map +0 -1
package/dist/routes/consent.d.ts.map +0 -1
package/dist/routes/index.d.ts +0 -10
package/dist/routes/index.d.ts.map +0 -1
package/dist/routes/init.d.ts.map +0 -1
package/dist/routes/status.d.ts.map +0 -1
package/dist/routes/subject.d.ts.map +0 -1
package/dist/types/api.d.ts.map +0 -1
package/dist/types/index.d.ts.map +0 -1
package/dist/utils/create-telemetry-options.d.ts.map +0 -1
package/dist/utils/env.d.ts.map +0 -1
package/dist/utils/extract-error-message.d.ts.map +0 -1
package/dist/utils/index.d.ts +0 -4
package/dist/utils/index.d.ts.map +0 -1
package/dist/utils/instrumentation.d.ts.map +0 -1
package/dist/utils/logger.d.ts.map +0 -1
package/dist/utils/metrics.d.ts.map +0 -1
package/dist/version.d.ts +0 -2
package/dist/version.d.ts.map +0 -1
package/knip.json +0 -31
package/rslib.config.ts +0 -93
package/src/cache/adapters/cloudflare-kv.ts +0 -71
package/src/cache/adapters/index.ts +0 -22
package/src/cache/adapters/memory.ts +0 -111
package/src/cache/adapters/upstash-redis.ts +0 -113
package/src/cache/gvl-resolver.ts +0 -289
package/src/cache/index.ts +0 -34
package/src/cache/keys.ts +0 -68
package/src/cache/types.ts +0 -66
package/src/core.ts +0 -369
package/src/db/migrator/index.ts +0 -80
package/src/db/registry/consent-policy.test.ts +0 -451
package/src/db/registry/consent-policy.ts +0 -82
package/src/db/registry/consent-purpose.test.ts +0 -428
package/src/db/registry/consent-purpose.ts +0 -61
package/src/db/registry/domain.test.ts +0 -445
package/src/db/registry/domain.ts +0 -91
package/src/db/registry/index.ts +0 -14
package/src/db/registry/subject.test.ts +0 -371
package/src/db/registry/subject.ts +0 -126
package/src/db/registry/types.ts +0 -10
package/src/db/registry/utils/generate-id.test.ts +0 -216
package/src/db/registry/utils/generate-id.ts +0 -133
package/src/db/registry/utils.ts +0 -133
package/src/db/schema/1.0.0/audit-log.ts +0 -15
package/src/db/schema/1.0.0/consent-policy.ts +0 -14
package/src/db/schema/1.0.0/consent-purpose.ts +0 -14
package/src/db/schema/1.0.0/consent-record.ts +0 -10
package/src/db/schema/1.0.0/consent.ts +0 -20
package/src/db/schema/1.0.0/domain.ts +0 -12
package/src/db/schema/1.0.0/index.ts +0 -48
package/src/db/schema/1.0.0/subject.ts +0 -11
package/src/db/schema/2.0.0/audit-log.ts +0 -18
package/src/db/schema/2.0.0/consent-policy.ts +0 -28
package/src/db/schema/2.0.0/consent-purpose.ts +0 -12
package/src/db/schema/2.0.0/consent.ts +0 -28
package/src/db/schema/2.0.0/domain.ts +0 -12
package/src/db/schema/2.0.0/index.ts +0 -47
package/src/db/schema/2.0.0/subject.ts +0 -13
package/src/db/schema/index.ts +0 -15
package/src/db/tenant-scope.test.ts +0 -747
package/src/db/tenant-scope.ts +0 -103
package/src/define-config.ts +0 -19
package/src/handlers/consent/check.handler.ts +0 -126
package/src/handlers/init/geo.test.ts +0 -317
package/src/handlers/init/geo.ts +0 -195
package/src/handlers/init/index.test.ts +0 -205
package/src/handlers/init/index.ts +0 -114
package/src/handlers/init/translations.test.ts +0 -121
package/src/handlers/init/translations.ts +0 -69
package/src/handlers/status/status.handler.test.ts +0 -155
package/src/handlers/status/status.handler.ts +0 -51
package/src/handlers/subject/get.handler.ts +0 -92
package/src/handlers/subject/list.handler.ts +0 -92
package/src/handlers/subject/patch.handler.ts +0 -119
package/src/handlers/subject/post.handler.test.ts +0 -294
package/src/handlers/subject/post.handler.ts +0 -268
package/src/handlers/utils/consent-enrichment.test.ts +0 -380
package/src/handlers/utils/consent-enrichment.ts +0 -218
package/src/init.test.ts +0 -122
package/src/init.ts +0 -88
package/src/middleware/auth/index.ts +0 -11
package/src/middleware/auth/validate-api-key.test.ts +0 -86
package/src/middleware/auth/validate-api-key.ts +0 -107
package/src/middleware/cors/cors.test.ts +0 -135
package/src/middleware/cors/cors.ts +0 -186
package/src/middleware/cors/is-origin-trusted.test.ts +0 -164
package/src/middleware/cors/is-origin-trusted.ts +0 -130
package/src/middleware/cors/process-cors.ts +0 -91
package/src/middleware/openapi/config.ts +0 -29
package/src/middleware/openapi/handlers.ts +0 -34
package/src/middleware/process-ip/index.test.ts +0 -193
package/src/middleware/process-ip/index.ts +0 -199
package/src/router.ts +0 -15
package/src/routes/consent.ts +0 -52
package/src/routes/init.ts +0 -105
package/src/routes/status.ts +0 -46
package/src/routes/subject.ts +0 -152
package/src/types/api.ts +0 -48
package/src/types/index.ts +0 -391
package/src/utils/create-telemetry-options.test.ts +0 -286
package/src/utils/create-telemetry-options.ts +0 -229
package/src/utils/env.ts +0 -84
package/src/utils/extract-error-message.ts +0 -21
package/src/utils/instrumentation.test.ts +0 -183
package/src/utils/instrumentation.ts +0 -194
package/src/utils/logger.ts +0 -41
package/src/utils/metrics.test.ts +0 -311
package/src/utils/metrics.ts +0 -402
package/src/utils/telemetry-pii.test.ts +0 -323
package/src/version.ts +0 -2
package/tsconfig.json +0 -11
package/vitest.config.ts +0 -28
/package/{src/db/adapters/drizzle.ts → dist-types/db/adapters/drizzle.d.ts} +0 -0
/package/{src/db/adapters/index.ts → dist-types/db/adapters/index.d.ts} +0 -0
/package/{src/db/adapters/kysely.ts → dist-types/db/adapters/kysely.d.ts} +0 -0
/package/{src/db/adapters/mongo.ts → dist-types/db/adapters/mongo.d.ts} +0 -0
/package/{src/db/adapters/prisma.ts → dist-types/db/adapters/prisma.d.ts} +0 -0
/package/{src/db/adapters/typeorm.ts → dist-types/db/adapters/typeorm.d.ts} +0 -0
/package/{src/utils/index.ts → dist-types/utils/index.d.ts} +0 -0

package/src/handlers/subject/post.handler.test.ts DELETED Viewed

@@ -1,294 +0,0 @@
-import { afterEach, describe, expect, it, vi } from 'vitest';
-import { postSubjectHandler } from './post.handler';
-vi.mock('~/utils/metrics', () => ({
-	getMetrics: vi.fn(() => ({
-		recordConsentCreated: vi.fn(),
-		recordConsentAccepted: vi.fn(),
-		recordConsentRejected: vi.fn(),
-	})),
-}));
-vi.mock('~/db/registry/utils', () => ({
-	generateUniqueId: vi.fn().mockResolvedValue('con_new'),
-}));
-const GIVEN_AT = 1700000000000;
-const GIVEN_AT_DATE = new Date(GIVEN_AT);
-const baseInput = {
-	type: 'cookie_consent',
-	subjectId: 'sub_user1',
-	domain: 'example.com',
-	givenAt: GIVEN_AT,
-	metadata: { source: 'banner' },
-};
-const mockSubject = { id: 'sub_user1' };
-const mockDomain = { id: 'dom_1', name: 'example.com' };
-const mockPolicy = { id: 'pol_1', isActive: true };
-function createMockRegistry() {
-	return {
-		findOrCreateSubject: vi.fn().mockResolvedValue(mockSubject),
-		findOrCreateDomain: vi.fn().mockResolvedValue(mockDomain),
-		findOrCreatePolicy: vi.fn().mockResolvedValue(mockPolicy),
-		findConsentPolicyById: vi.fn(),
-		findOrCreateConsentPurposeByCode: vi.fn(),
-	};
-}
-function createMockDb(findFirstResult: unknown = null) {
-	return {
-		findFirst: vi.fn().mockResolvedValue(findFirstResult),
-		transaction: vi.fn(async (fn: (tx: unknown) => unknown) => {
-			const tx = {
-				create: vi.fn().mockResolvedValue({
-					id: 'con_new',
-					givenAt: GIVEN_AT_DATE,
-				}),
-			};
-			return fn(tx);
-		}),
-	};
-}
-function createMockContext(db: unknown, registry: unknown) {
-	const logger = {
-		info: vi.fn(),
-		debug: vi.fn(),
-		warn: vi.fn(),
-		error: vi.fn(),
-	};
-	const ctx = {
-		db,
-		registry,
-		logger,
-		ipAddress: '127.0.0.1',
-		userAgent: 'TestAgent/1.0',
-	};
-	let jsonData: unknown;
-	return {
-		get: (key: string) => {
-			if (key === 'c15tContext') return ctx;
-			return undefined;
-		},
-		json: vi.fn((data) => {
-			jsonData = data;
-			return data;
-		}),
-		req: {
-			json: vi.fn().mockResolvedValue(baseInput),
-		},
-		getJsonData: () => jsonData,
-		_ctx: ctx,
-	};
-}
-describe('postSubjectHandler idempotency', () => {
-	afterEach(() => {
-		vi.clearAllMocks();
-		vi.restoreAllMocks();
-	});
-	it('should return existing consent on duplicate submission', async () => {
-		const existingConsent = {
-			id: 'con_existing',
-			givenAt: GIVEN_AT_DATE,
-		};
-		const db = createMockDb(existingConsent);
-		const registry = createMockRegistry();
-		const mockCtx = createMockContext(db, registry);
-		// @ts-expect-error - simplified test context
-		await postSubjectHandler(mockCtx);
-		const result = mockCtx.getJsonData() as {
-			consentId: string;
-			subjectId: string;
-		};
-		expect(result.consentId).toBe('con_existing');
-		expect(result.subjectId).toBe('sub_user1');
-		expect(db.findFirst).toHaveBeenCalledWith('consent', {
-			where: expect.any(Function),
-		});
-		expect(db.transaction).not.toHaveBeenCalled();
-	});
-	it('should create new consent when no duplicate exists', async () => {
-		const db = createMockDb(null);
-		const registry = createMockRegistry();
-		const mockCtx = createMockContext(db, registry);
-		// @ts-expect-error - simplified test context
-		await postSubjectHandler(mockCtx);
-		const result = mockCtx.getJsonData() as {
-			consentId: string;
-			subjectId: string;
-		};
-		expect(result.consentId).toBe('con_new');
-		expect(db.findFirst).toHaveBeenCalled();
-		expect(db.transaction).toHaveBeenCalled();
-	});
-	it('should create separate records for different givenAt timestamps', async () => {
-		const db = createMockDb(null);
-		const registry = createMockRegistry();
-		// First call
-		const mockCtx1 = createMockContext(db, registry);
-		// @ts-expect-error - simplified test context
-		await postSubjectHandler(mockCtx1);
-		// Second call with different givenAt
-		const mockCtx2 = createMockContext(db, registry);
-		mockCtx2.req.json = vi.fn().mockResolvedValue({
-			...baseInput,
-			givenAt: GIVEN_AT + 1000,
-		});
-		// @ts-expect-error - simplified test context
-		await postSubjectHandler(mockCtx2);
-		// Both calls should go through the transaction (findFirst returns null)
-		expect(db.transaction).toHaveBeenCalledTimes(2);
-	});
-	it('should persist metadata and uiSource in consent record', async () => {
-		const inputWithMeta = {
-			...baseInput,
-			metadata: { customKey: 'customValue' },
-			uiSource: 'banner',
-		};
-		const db = createMockDb(null);
-		const registry = createMockRegistry();
-		const mockCtx = createMockContext(db, registry);
-		mockCtx.req.json = vi.fn().mockResolvedValue(inputWithMeta);
-		// @ts-expect-error - simplified test context
-		await postSubjectHandler(mockCtx);
-		// Get the tx.create call
-		const transactionFn = db.transaction.mock.calls[0][0];
-		const tx = {
-			create: vi
-				.fn()
-				.mockResolvedValue({ id: 'con_new', givenAt: GIVEN_AT_DATE }),
-		};
-		await transactionFn(tx);
-		expect(tx.create).toHaveBeenCalledWith(
-			'consent',
-			expect.objectContaining({
-				metadata: { json: { customKey: 'customValue' } },
-				uiSource: 'banner',
-			})
-		);
-	});
-	it('should include uiSource in response for new consent', async () => {
-		const inputWithSource = {
-			...baseInput,
-			uiSource: 'dialog',
-		};
-		const db = createMockDb(null);
-		const registry = createMockRegistry();
-		const mockCtx = createMockContext(db, registry);
-		mockCtx.req.json = vi.fn().mockResolvedValue(inputWithSource);
-		// @ts-expect-error - simplified test context
-		await postSubjectHandler(mockCtx);
-		const result = mockCtx.getJsonData() as {
-			uiSource: string;
-		};
-		expect(result.uiSource).toBe('dialog');
-	});
-	it('should include uiSource in response for duplicate consent', async () => {
-		const inputWithSource = {
-			...baseInput,
-			uiSource: 'widget',
-		};
-		const existingConsent = {
-			id: 'con_existing',
-			givenAt: GIVEN_AT_DATE,
-		};
-		const db = createMockDb(existingConsent);
-		const registry = createMockRegistry();
-		const mockCtx = createMockContext(db, registry);
-		mockCtx.req.json = vi.fn().mockResolvedValue(inputWithSource);
-		// @ts-expect-error - simplified test context
-		await postSubjectHandler(mockCtx);
-		const result = mockCtx.getJsonData() as {
-			uiSource: string;
-		};
-		expect(result.uiSource).toBe('widget');
-	});
-	it('should omit metadata from consent record when not provided', async () => {
-		const inputNoMeta = {
-			type: 'cookie_consent',
-			subjectId: 'sub_user1',
-			domain: 'example.com',
-			givenAt: GIVEN_AT,
-		};
-		const db = createMockDb(null);
-		const registry = createMockRegistry();
-		const mockCtx = createMockContext(db, registry);
-		mockCtx.req.json = vi.fn().mockResolvedValue(inputNoMeta);
-		// @ts-expect-error - simplified test context
-		await postSubjectHandler(mockCtx);
-		// Get the tx.create call
-		const transactionFn = db.transaction.mock.calls[0][0];
-		const tx = {
-			create: vi
-				.fn()
-				.mockResolvedValue({ id: 'con_new', givenAt: GIVEN_AT_DATE }),
-		};
-		await transactionFn(tx);
-		expect(tx.create).toHaveBeenCalledWith(
-			'consent',
-			expect.objectContaining({
-				metadata: undefined,
-			})
-		);
-	});
-	it('should not record metrics for duplicate submissions', async () => {
-		const { getMetrics } = await import('~/utils/metrics');
-		const mockMetrics = {
-			recordConsentCreated: vi.fn(),
-			recordConsentAccepted: vi.fn(),
-			recordConsentRejected: vi.fn(),
-		};
-		vi.mocked(getMetrics).mockReturnValue(mockMetrics as never);
-		const existingConsent = {
-			id: 'con_existing',
-			givenAt: GIVEN_AT_DATE,
-		};
-		const db = createMockDb(existingConsent);
-		const registry = createMockRegistry();
-		const mockCtx = createMockContext(db, registry);
-		// @ts-expect-error - simplified test context
-		await postSubjectHandler(mockCtx);
-		expect(mockMetrics.recordConsentCreated).not.toHaveBeenCalled();
-		expect(mockMetrics.recordConsentAccepted).not.toHaveBeenCalled();
-		expect(mockMetrics.recordConsentRejected).not.toHaveBeenCalled();
-	});
-});

package/src/handlers/subject/post.handler.ts DELETED Viewed

@@ -1,268 +0,0 @@
-/**
- * POST /subjects handler - Records consent (append-only).
- *
- * @packageDocumentation
- */
-import type { PostSubjectInput } from '@c15t/schema';
-import type { Context } from 'hono';
-import { HTTPException } from 'hono/http-exception';
-import { generateUniqueId } from '~/db/registry/utils';
-import type { C15TContext } from '~/types';
-import { extractErrorMessage } from '~/utils/extract-error-message';
-import { getMetrics } from '~/utils/metrics';
-/**
- * Handles the creation of a new consent record for a subject.
- *
- * This handler processes consent submissions with client-generated subject IDs.
- * Each call creates a new consent record (append-only), preserving the full audit trail.
- */
-export const postSubjectHandler = async (c: Context) => {
-	const ctx = c.get('c15tContext') as C15TContext;
-	const logger = ctx.logger;
-	logger.info('Handling POST /subjects request');
-	const { db, registry } = ctx;
-	const input = await c.req.json<PostSubjectInput>();
-	const {
-		type,
-		subjectId,
-		identityProvider,
-		externalSubjectId,
-		domain,
-		metadata,
-		givenAt: givenAtEpoch,
-	} = input;
-	const preferences = 'preferences' in input ? input.preferences : undefined;
-	const givenAt = new Date(givenAtEpoch);
-	// Derive model-aware consent action from the raw frontend type
-	const rawConsentAction =
-		'consentAction' in input ? input.consentAction : undefined;
-	let derivedConsentAction: string | undefined;
-	if (rawConsentAction === 'all') {
-		derivedConsentAction = 'accept_all';
-	} else if (rawConsentAction === 'necessary') {
-		derivedConsentAction =
-			input.jurisdictionModel === 'opt-out' ? 'opt_out' : 'reject_all';
-	} else if (rawConsentAction === 'custom') {
-		derivedConsentAction = 'custom';
-	}
-	logger.debug('Request parameters', {
-		type,
-		subjectId,
-		identityProvider,
-		externalSubjectId,
-		domain,
-	});
-	try {
-		// Find or create subject with the client-provided ID
-		const subject = await registry.findOrCreateSubject({
-			subjectId,
-			externalSubjectId,
-			identityProvider,
-			ipAddress: ctx.ipAddress,
-		});
-		if (!subject) {
-			throw new HTTPException(500, {
-				message: 'Failed to create subject',
-				cause: { code: 'SUBJECT_CREATION_FAILED', subjectId },
-			});
-		}
-		logger.debug('Subject found/created', { subjectId: subject.id });
-		const domainRecord = await registry.findOrCreateDomain(domain);
-		if (!domainRecord) {
-			throw new HTTPException(500, {
-				message: 'Failed to create domain',
-				cause: { code: 'DOMAIN_CREATION_FAILED', domain },
-			});
-		}
-		let policyId: string | undefined;
-		let purposeIds: string[] = [];
-		const inputPolicyId =
-			'policyId' in input ? (input.policyId as string | undefined) : undefined;
-		if (inputPolicyId) {
-			policyId = inputPolicyId;
-			// Verify the policy exists and is active
-			const policy = await registry.findConsentPolicyById(inputPolicyId);
-			if (!policy) {
-				throw new HTTPException(404, {
-					message: 'Policy not found',
-					cause: { code: 'POLICY_NOT_FOUND', policyId, type },
-				});
-			}
-			if (!policy.isActive) {
-				throw new HTTPException(400, {
-					message: 'Policy is inactive',
-					cause: { code: 'POLICY_INACTIVE', policyId, type },
-				});
-			}
-		} else {
-			const policy = await registry.findOrCreatePolicy(type);
-			if (!policy) {
-				throw new HTTPException(500, {
-					message: 'Failed to create policy',
-					cause: { code: 'POLICY_CREATION_FAILED', type },
-				});
-			}
-			policyId = policy.id;
-		}
-		// Handle purposes if they exist
-		if (preferences) {
-			const consentedPurposes = Object.entries(preferences)
-				.filter(([_, isConsented]) => isConsented)
-				.map(([purposeCode]) => purposeCode);
-			logger.debug('Consented purposes', { consentedPurposes });
-			// Batch fetch all existing purposes
-			const purposesRaw = await Promise.all(
-				consentedPurposes.map((purposeCode) =>
-					registry.findOrCreateConsentPurposeByCode(purposeCode)
-				)
-			);
-			const purposes = purposesRaw
-				.map((purpose) => purpose?.id ?? null)
-				.filter((id): id is string => Boolean(id));
-			logger.debug('Filtered purposes', { purposes });
-			if (purposes.length === 0) {
-				logger.warn(
-					'No valid purpose IDs found after filtering. Using empty list.',
-					{ consentedPurposes }
-				);
-			}
-			purposeIds = purposes;
-		}
-		// Check for duplicate consent (idempotency)
-		const existingConsent = await db.findFirst('consent', {
-			where: (b) =>
-				b.and(
-					b('subjectId', '=', subject.id),
-					b('domainId', '=', domainRecord.id),
-					b('policyId', '=', policyId),
-					b('givenAt', '=', givenAt)
-				),
-		});
-		if (existingConsent) {
-			logger.debug('Duplicate consent detected, returning existing record', {
-				consentId: existingConsent.id,
-			});
-			return c.json({
-				subjectId: subject.id,
-				consentId: existingConsent.id,
-				domainId: domainRecord.id,
-				domain: domainRecord.name,
-				type,
-				metadata,
-				uiSource: input.uiSource,
-				givenAt: existingConsent.givenAt,
-			});
-		}
-		const result = await db.transaction(async (tx) => {
-			logger.debug('Creating consent record', {
-				subjectId: subject.id,
-				domainId: domainRecord.id,
-				policyId,
-				purposeIds,
-			});
-			// Always create a new consent record (append-only)
-			const consentRecord = await tx.create('consent', {
-				id: await generateUniqueId(tx, 'consent', ctx),
-				subjectId: subject.id,
-				domainId: domainRecord.id,
-				policyId,
-				purposeIds: { json: purposeIds },
-				metadata: metadata ? { json: metadata } : undefined,
-				ipAddress: ctx.ipAddress,
-				userAgent: ctx.userAgent,
-				jurisdiction: input.jurisdiction,
-				jurisdictionModel: input.jurisdictionModel,
-				tcString: input.tcString,
-				uiSource: input.uiSource,
-				consentAction: derivedConsentAction,
-				givenAt,
-			});
-			logger.debug('Created consent', { consentRecord: consentRecord.id });
-			if (!consentRecord) {
-				throw new HTTPException(500, {
-					message: 'Failed to create consent',
-					cause: {
-						code: 'CONSENT_CREATION_FAILED',
-						subjectId: subject.id,
-						domain,
-					},
-				});
-			}
-			return {
-				consent: consentRecord,
-			};
-		});
-		// Record telemetry metrics
-		const metrics = getMetrics();
-		if (metrics) {
-			const jurisdiction = input.jurisdiction;
-			metrics.recordConsentCreated({ type, jurisdiction });
-			// Determine accepted vs rejected based on preferences
-			const hasAccepted =
-				preferences && Object.values(preferences).some(Boolean);
-			if (hasAccepted) {
-				metrics.recordConsentAccepted({ type, jurisdiction });
-			} else {
-				metrics.recordConsentRejected({ type, jurisdiction });
-			}
-		}
-		// Return the response
-		return c.json({
-			subjectId: subject.id,
-			consentId: result.consent.id,
-			domainId: domainRecord.id,
-			domain: domainRecord.name,
-			type,
-			metadata,
-			uiSource: input.uiSource,
-			givenAt: result.consent.givenAt,
-		});
-	} catch (error) {
-		logger.error('Error in POST /subjects handler', {
-			error: extractErrorMessage(error),
-			errorType: error instanceof Error ? error.constructor.name : typeof error,
-		});
-		if (error instanceof HTTPException) {
-			throw error;
-		}
-		throw new HTTPException(500, {
-			message: 'Internal server error',
-			cause: { code: 'INTERNAL_SERVER_ERROR' },
-		});
-	}
-};