@c15t/backend 2.0.0-rc.6 → 2.0.0

package/dist/router.cjs

@@ -42,7 +42,7 @@ const schema_namespaceObject = require("@c15t/schema");
 const external_hono_namespaceObject = require("hono");
 const external_hono_openapi_namespaceObject = require("hono-openapi");
 const http_exception_namespaceObject = require("hono/http-exception");
-function extractErrorMessage(error) {
+function extract_error_message_extractErrorMessage(error) {
     if (error instanceof AggregateError && error.errors?.length > 0) {
         const inner = error.errors.map((e)=>e instanceof Error ? e.message : String(e)).join('; ');
         return `AggregateError: ${inner}`;
@@ -75,7 +75,7 @@ function getDefaultAttributes() {
 const handleSpanError = (span, error)=>{
     span.setStatus({
         code: api_namespaceObject.SpanStatusCode.ERROR,
-        message: extractErrorMessage(error)
+        message: extract_error_message_extractErrorMessage(error)
     });
     if (error instanceof Error) span.setAttribute('error.type', error.name);
 };
@@ -244,7 +244,7 @@ function createMetrics(meter) {
     };
 }
 let metricsInstance = null;
-function getMetrics(options) {
+function metrics_getMetrics(options) {
     if (metricsInstance) return metricsInstance;
     if (!create_telemetry_options_isTelemetryEnabled(options)) return null;
     metricsInstance = createMetrics(getMeter(options));
@@ -270,7 +270,7 @@ async function batchLoadPolicies(policyIds, ctx) {
     for (const p of policyMap.values())uniqueTypes.add(p.type);
     const latestPolicyByType = new Map();
     for (const type of uniqueTypes){
-        const latest = await registry.findOrCreatePolicy(type);
+        const latest = await registry.findLatestPolicyByType(type);
         if (latest) latestPolicyByType.set(type, latest.id);
     }
     return {
@@ -296,11 +296,17 @@ async function enrichConsents(consents, ctx) {
     }
     return consents.map((consent)=>{
         let policyType = 'unknown';
+        let policyVersion;
+        let policyHash;
+        let policyEffectiveDate;
         let isLatestPolicy = false;
         if (consent.policyId) {
             const policy = policyMap.get(consent.policyId);
             if (policy) {
                 policyType = policy.type;
+                policyVersion = policy.version;
+                policyHash = policy.hash ?? void 0;
+                policyEffectiveDate = policy.effectiveDate;
                 isLatestPolicy = latestPolicyByType.get(policyType) === consent.policyId;
             }
         }
@@ -317,6 +323,9 @@ async function enrichConsents(consents, ctx) {
             id: consent.id,
             type: policyType,
             policyId: consent.policyId ?? void 0,
+            policyVersion,
+            policyHash,
+            policyEffectiveDate,
             isLatestPolicy,
             preferences,
             givenAt: consent.givenAt
@@ -408,14 +417,14 @@ const checkConsentHandler = async (c)=>{
             externalId,
             results
         });
-        const metrics = getMetrics();
+        const metrics = metrics_getMetrics();
         if (metrics) for (const [type, result] of Object.entries(results))metrics.recordConsentCheck(type, result.hasConsent);
         return c.json({
             results
         });
     } catch (error) {
         logger.error('Error in GET /consents/check handler', {
-            error: extractErrorMessage(error),
+            error: extract_error_message_extractErrorMessage(error),
             errorType: error instanceof Error ? error.constructor.name : typeof error
         });
         if (error instanceof http_exception_namespaceObject.HTTPException) throw error;
@@ -592,14 +601,14 @@ async function fetchGVLWithLanguage(language, vendorIds, endpoint = GVL_ENDPOINT
                 if (!parsed.vendorListVersion || !parsed.purposes || !parsed.vendors) throw new Error('Invalid GVL response: missing required fields');
                 return parsed;
             });
-            getMetrics()?.recordGvlFetch({
+            metrics_getMetrics()?.recordGvlFetch({
                 language,
                 source: 'fetch',
                 status: 200
             }, Date.now() - fetchStart);
             return gvl;
         } catch (error) {
-            getMetrics()?.recordGvlError({
+            metrics_getMetrics()?.recordGvlError({
                 language,
                 errorType: error instanceof Error ? error.name : 'UnknownError'
             });
@@ -620,18 +629,18 @@ function createGVLResolver(options) {
             if (bundled?.[language]) return bundled[language];
             const memoryHit = await withCacheSpan('get', 'memory', ()=>memoryCache.get(cacheKey));
             if (memoryHit) {
-                getMetrics()?.recordCacheHit('memory');
+                metrics_getMetrics()?.recordCacheHit('memory');
                 return memoryHit;
             }
-            getMetrics()?.recordCacheMiss('memory');
+            metrics_getMetrics()?.recordCacheMiss('memory');
             if (cacheAdapter) {
                 const externalHit = await withCacheSpan('get', 'external', ()=>cacheAdapter.get(cacheKey));
                 if (externalHit) {
-                    getMetrics()?.recordCacheHit('external');
+                    metrics_getMetrics()?.recordCacheHit('external');
                     await withCacheSpan('set', 'memory', ()=>memoryCache.set(cacheKey, externalHit, 300000));
                     return externalHit;
                 }
-                getMetrics()?.recordCacheMiss('external');
+                metrics_getMetrics()?.recordCacheMiss('external');
             }
             const gvl = await fetchGVLWithLanguage(language, vendorIds, endpoint);
             if (gvl) {
@@ -1125,7 +1134,7 @@ async function resolveInitPayload(request, options, logger) {
         proofConfig: policyDecision.policy.proof
     }) : void 0;
     const gpc = '1' === request.headers.get('sec-gpc');
-    getMetrics()?.recordInit({
+    metrics_getMetrics()?.recordInit({
         jurisdiction,
         country: location?.countryCode ?? void 0,
         region: location?.regionCode ?? void 0,
@@ -1194,7 +1203,15 @@ Use for geo-targeted consent banners and regional compliance.`,
     });
     return app;
 };
-const version_version = '2.0.0-rc.6';
+const external_base_x_namespaceObject = require("base-x");
+var external_base_x_default = /*#__PURE__*/ __webpack_require__.n(external_base_x_namespaceObject);
+external_base_x_default()('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
+class consent_policy_LegalDocumentPolicyConflictError extends Error {
+    constructor(message){
+        super(message);
+        this.name = 'LegalDocumentPolicyConflictError';
+    }
+}
 function getHeaders(headers) {
     if (!headers) return {
         countryCode: null,
@@ -1229,7 +1246,7 @@ const statusHandler = async (c)=>{
     try {
         await ctx.db.findFirst('subject', {});
         return c.json({
-            version: version_version,
+            version: "2.0.0",
             timestamp: new Date(),
             client: clientInfo
         });
@@ -1322,7 +1339,7 @@ const getSubjectHandler = async (c)=>{
         });
     } catch (error) {
         logger.error('Error in GET /subjects/:id handler', {
-            error: extractErrorMessage(error),
+            error: extract_error_message_extractErrorMessage(error),
             errorType: error instanceof Error ? error.constructor.name : typeof error
         });
         if (error instanceof http_exception_namespaceObject.HTTPException) throw error;
@@ -1383,7 +1400,7 @@ const listSubjectsHandler = async (c)=>{
         });
     } catch (error) {
         logger.error('Error in GET /subjects handler', {
-            error: extractErrorMessage(error),
+            error: extract_error_message_extractErrorMessage(error),
             errorType: error instanceof Error ? error.constructor.name : typeof error
         });
         if (error instanceof http_exception_namespaceObject.HTTPException) throw error;
@@ -1395,9 +1412,7 @@ const listSubjectsHandler = async (c)=>{
         });
     }
 };
-const external_base_x_namespaceObject = require("base-x");
-var external_base_x_default = /*#__PURE__*/ __webpack_require__.n(external_base_x_namespaceObject);
-const prefixes = {
+const utils_prefixes = {
     auditLog: 'log',
     consent: 'cns',
     consentPolicy: 'pol',
@@ -1405,10 +1420,10 @@ const prefixes = {
     domain: 'dom',
     subject: 'sub'
 };
-const b58 = external_base_x_default()('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
-function generateId(model) {
+const utils_b58 = external_base_x_default()('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
+function utils_generateId(model) {
     const buf = crypto.getRandomValues(new Uint8Array(20));
-    const prefix = prefixes[model];
+    const prefix = utils_prefixes[model];
     const EPOCH_TIMESTAMP = 1700000000000;
     const t = Date.now() - EPOCH_TIMESTAMP;
     const high = Math.floor(t / 0x100000000);
@@ -1421,9 +1436,9 @@ function generateId(model) {
     buf[5] = low >>> 16 & 255;
     buf[6] = low >>> 8 & 255;
     buf[7] = 255 & low;
-    return `${prefix}_${b58.encode(buf)}`;
+    return `${prefix}_${utils_b58.encode(buf)}`;
 }
-async function generateUniqueId(db, model, ctx, options = {}) {
+async function utils_generateUniqueId(db, model, ctx, options = {}) {
     const { maxRetries = 10, attempt = 0, baseDelay = 5 } = options;
     if (attempt >= maxRetries) {
         const error = new Error(`Failed to generate unique ID for ${model} after ${maxRetries} attempts`);
@@ -1433,7 +1448,7 @@ async function generateUniqueId(db, model, ctx, options = {}) {
         });
         throw error;
     }
-    const id = generateId(model);
+    const id = utils_generateId(model);
     try {
         const existing = await db.findFirst(model, {
             where: (b)=>b('id', '=', id)
@@ -1447,7 +1462,7 @@ async function generateUniqueId(db, model, ctx, options = {}) {
             });
             const delay = Math.min(baseDelay * 2 ** attempt, 1000);
             await new Promise((resolve)=>setTimeout(resolve, delay));
-            return generateUniqueId(db, model, ctx, {
+            return utils_generateUniqueId(db, model, ctx, {
                 maxRetries,
                 attempt: attempt + 1,
                 baseDelay
@@ -1463,7 +1478,7 @@ async function generateUniqueId(db, model, ctx, options = {}) {
         if (attempt < maxRetries - 1) {
             const delay = Math.min(baseDelay * 2 ** attempt, 2000);
             await new Promise((resolve)=>setTimeout(resolve, delay));
-            return generateUniqueId(db, model, ctx, {
+            return utils_generateUniqueId(db, model, ctx, {
                 maxRetries,
                 attempt: attempt + 1,
                 baseDelay
@@ -1512,7 +1527,7 @@ const patchSubjectHandler = async (c)=>{
                 }
             });
             await tx.create('auditLog', {
-                id: await generateUniqueId(tx, 'auditLog', ctx),
+                id: await utils_generateUniqueId(tx, 'auditLog', ctx),
                 subjectId,
                 entityType: 'subject',
                 entityId: subjectId,
@@ -1540,7 +1555,7 @@ const patchSubjectHandler = async (c)=>{
             externalId,
             identityProvider
         });
-        getMetrics()?.recordSubjectLinked(identityProvider);
+        metrics_getMetrics()?.recordSubjectLinked(identityProvider);
         return c.json({
             success: true,
             subject: {
@@ -1550,7 +1565,7 @@ const patchSubjectHandler = async (c)=>{
         });
     } catch (error) {
         logger.error('Error in PATCH /subjects/:id handler', {
-            error: extractErrorMessage(error),
+            error: extract_error_message_extractErrorMessage(error),
             errorType: error instanceof Error ? error.constructor.name : typeof error
         });
         if (error instanceof http_exception_namespaceObject.HTTPException) throw error;
@@ -1562,6 +1577,79 @@ const patchSubjectHandler = async (c)=>{
         });
     }
 };
+const DEFAULT_ISSUER = 'c15t';
+const DEFAULT_AUDIENCE = 'c15t-legal-document-snapshot';
+function isLegalDocumentPolicyType(type) {
+    return 'privacy_policy' === type || 'terms_and_conditions' === type || 'dpa' === type;
+}
+function snapshot_resolveSnapshotIssuer(options) {
+    return options?.issuer?.trim() || DEFAULT_ISSUER;
+}
+function snapshot_resolveSnapshotAudience(params) {
+    const configuredAudience = params.options?.audience?.trim();
+    if (configuredAudience) return configuredAudience;
+    return params.tenantId ? `${DEFAULT_AUDIENCE}:${params.tenantId}` : DEFAULT_AUDIENCE;
+}
+function snapshot_getSigningKey(secret) {
+    return new TextEncoder().encode(secret);
+}
+function isLegalDocumentSnapshotPayload(payload) {
+    return 'string' == typeof payload.iss && 'string' == typeof payload.aud && 'string' == typeof payload.sub && isLegalDocumentPolicyType(payload.type) && 'string' == typeof payload.version && 'string' == typeof payload.hash && 'string' == typeof payload.effectiveDate && 'number' == typeof payload.iat && 'number' == typeof payload.exp;
+}
+async function verifyLegalDocumentSnapshotToken(params) {
+    const { token, options, tenantId } = params;
+    if (!options?.signingKey) return {
+        valid: false,
+        reason: 'missing'
+    };
+    if (!token) return {
+        valid: false,
+        reason: 'missing'
+    };
+    if (3 !== token.split('.').length) return {
+        valid: false,
+        reason: 'malformed'
+    };
+    try {
+        const { payload, protectedHeader } = await (0, external_jose_namespaceObject.jwtVerify)(token, snapshot_getSigningKey(options.signingKey), {
+            issuer: snapshot_resolveSnapshotIssuer(options),
+            audience: snapshot_resolveSnapshotAudience({
+                options,
+                tenantId
+            })
+        });
+        const header = protectedHeader;
+        if ('HS256' !== header.alg || 'JWT' !== header.typ) return {
+            valid: false,
+            reason: 'invalid'
+        };
+        if (!isLegalDocumentSnapshotPayload(payload)) return {
+            valid: false,
+            reason: 'invalid'
+        };
+        if (payload.sub !== payload.hash) return {
+            valid: false,
+            reason: 'invalid'
+        };
+        if ((tenantId ?? void 0) !== (payload.tenantId ?? void 0)) return {
+            valid: false,
+            reason: 'invalid'
+        };
+        return {
+            valid: true,
+            payload
+        };
+    } catch (error) {
+        if (error instanceof external_jose_namespaceObject.errors.JWTExpired) return {
+            valid: false,
+            reason: 'expired'
+        };
+        return {
+            valid: false,
+            reason: 'invalid'
+        };
+    }
+}
 function buildRuntimeDecisionDedupeKey(input) {
     return [
         input.tenantId ?? 'default',
@@ -1641,6 +1729,9 @@ function parseLanguageFromHeader(header) {
     if (!firstLanguage) return;
     return firstLanguage.split('-')[0]?.toLowerCase();
 }
+function isLegalDocumentType(type) {
+    return 'privacy_policy' === type || 'terms_and_conditions' === type || 'dpa' === type;
+}
 function resolveSnapshotFailureMode(ctx) {
     return ctx.policySnapshot?.onValidationFailure ?? 'reject';
 }
@@ -1675,6 +1766,45 @@ function buildSnapshotHttpException(reason) {
             }
     }
 }
+function buildLegalDocumentSnapshotHttpException(reason) {
+    switch(reason){
+        case 'missing':
+            return new http_exception_namespaceObject.HTTPException(409, {
+                message: 'Legal document snapshot token is required',
+                cause: {
+                    code: 'LEGAL_DOCUMENT_SNAPSHOT_REQUIRED'
+                }
+            });
+        case 'expired':
+            return new http_exception_namespaceObject.HTTPException(409, {
+                message: 'Legal document snapshot token has expired',
+                cause: {
+                    code: 'LEGAL_DOCUMENT_SNAPSHOT_EXPIRED'
+                }
+            });
+        case 'malformed':
+        case 'invalid':
+            return new http_exception_namespaceObject.HTTPException(409, {
+                message: 'Legal document snapshot token is invalid',
+                cause: {
+                    code: 'LEGAL_DOCUMENT_SNAPSHOT_INVALID'
+                }
+            });
+        default:
+            {
+                const _exhaustive = reason;
+                throw new Error(`Unhandled legal document snapshot verification failure reason: ${_exhaustive}`);
+            }
+    }
+}
+function buildLegalDocumentProofHttpException(message) {
+    return new http_exception_namespaceObject.HTTPException(409, {
+        message,
+        cause: {
+            code: 'LEGAL_DOCUMENT_PROOF_REQUIRED'
+        }
+    });
+}
 const postSubjectHandler = async (c)=>{
     const ctx = c.get('c15tContext');
     const logger = ctx.logger;
@@ -1700,16 +1830,30 @@ const postSubjectHandler = async (c)=>{
         const requestLanguage = parseLanguageFromHeader(acceptLanguage);
         const location = await getLocation(request, ctx);
         const resolvedJurisdiction = getJurisdiction(location, ctx);
-        const snapshotVerification = await verifyPolicySnapshotToken({
+        const legalDocumentConsent = isLegalDocumentType(type);
+        const runtimeSnapshotVerification = legalDocumentConsent ? {
+            valid: false,
+            reason: 'missing'
+        } : await verifyPolicySnapshotToken({
             token: input.policySnapshotToken,
             options: ctx.policySnapshot,
             tenantId: ctx.tenantId
         });
-        const hasValidSnapshot = snapshotVerification.valid;
-        const snapshotPayload = snapshotVerification.valid ? snapshotVerification.payload : null;
-        const shouldRequireSnapshot = !!ctx.policySnapshot?.signingKey && 'reject' === resolveSnapshotFailureMode(ctx);
-        if (!hasValidSnapshot && shouldRequireSnapshot) throw buildSnapshotHttpException(snapshotVerification.reason);
-        const resolvedPolicyDecision = hasValidSnapshot ? void 0 : await resolvePolicyDecision({
+        const legalDocumentSnapshotVerification = legalDocumentConsent ? await verifyLegalDocumentSnapshotToken({
+            token: input.documentSnapshotToken,
+            options: ctx.legalDocumentSnapshot,
+            tenantId: ctx.tenantId
+        }) : {
+            valid: false,
+            reason: 'missing'
+        };
+        const hasValidSnapshot = runtimeSnapshotVerification.valid;
+        const snapshotPayload = runtimeSnapshotVerification.valid ? runtimeSnapshotVerification.payload : null;
+        const shouldRequireSnapshot = !legalDocumentConsent && !!ctx.policySnapshot?.signingKey && 'reject' === resolveSnapshotFailureMode(ctx);
+        if (!hasValidSnapshot && shouldRequireSnapshot) throw buildSnapshotHttpException(runtimeSnapshotVerification.reason);
+        const shouldRequireLegalDocumentSnapshot = legalDocumentConsent && !!ctx.legalDocumentSnapshot?.signingKey;
+        if (shouldRequireLegalDocumentSnapshot && !legalDocumentSnapshotVerification.valid) throw buildLegalDocumentSnapshotHttpException(legalDocumentSnapshotVerification.reason);
+        const resolvedPolicyDecision = hasValidSnapshot ? void 0 : legalDocumentConsent ? void 0 : await resolvePolicyDecision({
             policies: ctx.policyPacks,
             countryCode: location.countryCode,
             regionCode: location.regionCode,
@@ -1766,7 +1910,61 @@ const postSubjectHandler = async (c)=>{
         let purposeIds = [];
         let appliedPreferences;
         const inputPolicyId = 'policyId' in input ? input.policyId : void 0;
-        if (inputPolicyId) {
+        const inputPolicyHash = 'policyHash' in input ? input.policyHash : void 0;
+        if (legalDocumentConsent && legalDocumentSnapshotVerification.valid) {
+            if (legalDocumentSnapshotVerification.payload.type !== type) throw buildLegalDocumentSnapshotHttpException('invalid');
+            const effectiveDate = new Date(legalDocumentSnapshotVerification.payload.effectiveDate);
+            if (Number.isNaN(effectiveDate.getTime())) throw buildLegalDocumentSnapshotHttpException('invalid');
+            const documentPolicy = await registry.findOrCreateLegalDocumentPolicy({
+                type,
+                version: legalDocumentSnapshotVerification.payload.version,
+                hash: legalDocumentSnapshotVerification.payload.hash,
+                effectiveDate
+            });
+            policyId = documentPolicy.id;
+        } else if (legalDocumentConsent) {
+            if (!ctx.legalDocumentSnapshot?.signingKey && !inputPolicyId && !inputPolicyHash) throw buildLegalDocumentProofHttpException('Legal document consent requires policyId or policyHash when snapshot verification is disabled');
+            if (inputPolicyId) {
+                policyId = inputPolicyId;
+                const policy = await registry.findConsentPolicyById(inputPolicyId);
+                if (!policy) throw new http_exception_namespaceObject.HTTPException(404, {
+                    message: 'Policy not found',
+                    cause: {
+                        code: 'POLICY_NOT_FOUND',
+                        policyId,
+                        type
+                    }
+                });
+                if (!policy.isActive) throw new http_exception_namespaceObject.HTTPException(400, {
+                    message: 'Policy is inactive',
+                    cause: {
+                        code: 'POLICY_INACTIVE',
+                        policyId,
+                        type
+                    }
+                });
+            } else if (inputPolicyHash) {
+                const policy = await registry.findLegalDocumentPolicyByHash(type, inputPolicyHash);
+                if (!policy) throw new http_exception_namespaceObject.HTTPException(404, {
+                    message: 'Policy not found',
+                    cause: {
+                        code: 'POLICY_NOT_FOUND',
+                        type,
+                        policyHash: inputPolicyHash
+                    }
+                });
+                if (!policy.isActive) throw new http_exception_namespaceObject.HTTPException(400, {
+                    message: 'Policy is inactive',
+                    cause: {
+                        code: 'POLICY_INACTIVE',
+                        policyId: policy.id,
+                        type,
+                        policyHash: inputPolicyHash
+                    }
+                });
+                policyId = policy.id;
+            }
+        } else if (inputPolicyId) {
             policyId = inputPolicyId;
             const policy = await registry.findConsentPolicyById(inputPolicyId);
             if (!policy) throw new http_exception_namespaceObject.HTTPException(404, {
@@ -1828,6 +2026,13 @@ const postSubjectHandler = async (c)=>{
             });
             purposeIds = purposes;
         }
+        if (!policyId) throw new http_exception_namespaceObject.HTTPException(500, {
+            message: 'Failed to resolve policy',
+            cause: {
+                code: 'POLICY_RESOLUTION_FAILED',
+                type
+            }
+        });
         const expiryDays = effectivePolicy?.consent?.expiryDays;
         const validUntil = 'number' == typeof expiryDays && Number.isFinite(expiryDays) ? new Date(givenAt.getTime() + 86400000 * Math.max(0, expiryDays)) : void 0;
         const proofConfig = effectivePolicy?.proof;
@@ -1920,7 +2125,7 @@ const postSubjectHandler = async (c)=>{
                     where: (b)=>b('dedupeKey', '=', decisionPayload.dedupeKey)
                 })) : void 0;
             const consentRecord = await tx.create('consent', {
-                id: await generateUniqueId(tx, 'consent', ctx),
+                id: await utils_generateUniqueId(tx, 'consent', ctx),
                 subjectId: subject.id,
                 domainId: domainRecord.id,
                 policyId,
@@ -1957,7 +2162,7 @@ const postSubjectHandler = async (c)=>{
                 consent: consentRecord
             };
         });
-        const metrics = getMetrics();
+        const metrics = metrics_getMetrics();
         if (metrics) {
             const jurisdiction = effectiveJurisdiction;
             metrics.recordConsentCreated({
@@ -1987,10 +2192,16 @@ const postSubjectHandler = async (c)=>{
         });
     } catch (error) {
         logger.error('Error in POST /subjects handler', {
-            error: extractErrorMessage(error),
+            error: extract_error_message_extractErrorMessage(error),
             errorType: error instanceof Error ? error.constructor.name : typeof error
         });
         if (error instanceof http_exception_namespaceObject.HTTPException) throw error;
+        if (error instanceof consent_policy_LegalDocumentPolicyConflictError) throw new http_exception_namespaceObject.HTTPException(409, {
+            message: error.message,
+            cause: {
+                code: 'LEGAL_DOCUMENT_RELEASE_CONFLICT'
+            }
+        });
         throw new http_exception_namespaceObject.HTTPException(500, {
             message: 'Internal server error',
             cause: {
@@ -2024,7 +2235,7 @@ const createSubjectRoutes = ()=>{
     }), (0, external_hono_openapi_namespaceObject.validator)('param', schema_namespaceObject.getSubjectInputSchema), getSubjectHandler);
     app.post('/', (0, external_hono_openapi_namespaceObject.describeRoute)({
         summary: 'Record consent for a subject',
-        description: "Creates a new consent record (append-only). Creates the subject if it does not exist.\n\n**Request body by `type`:**\n- `cookie_banner` – Requires `preferences` object\n- `privacy_policy`, `dpa`, `terms_and_conditions` – Optional `policyId`\n- `marketing_communications`, `age_verification`, `other` – Optional `preferences`",
+        description: "Creates a new consent record (append-only). Creates the subject if it does not exist.\n\n**Request body by `type`:**\n- `cookie_banner` – Requires `preferences` object\n- `privacy_policy`, `dpa`, `terms_and_conditions` – Prefer a signed `documentSnapshotToken`; otherwise use a release `policyHash`, with `policyId` kept only for compatibility\n- `marketing_communications`, `age_verification`, `other` – Optional `preferences`",
         tags: [
             'Subject',
             'Consent'

package/dist/router.js

@@ -1 +1 @@
-export { createConsentRoutes, createInitRoute, createStatusRoute, createSubjectRoutes } from "./364.js";
+export { createConsentRoutes, createInitRoute, createStatusRoute, createSubjectRoutes } from "./915.js";

package/dist-types/cache/gvl-resolver.d.ts

@@ -9,7 +9,7 @@
  *
  * @packageDocumentation
  */
-import type { GlobalVendorList } from '../../../schema/dist-types/types';
+import type { GlobalVendorList } from '@c15t/schema/types';
 import type { CacheAdapter } from './types';
 /**
  * Options for creating a GVL resolver.

package/dist-types/db/registry/consent-policy.d.ts

@@ -1,19 +1,75 @@
-import type { PolicyType } from '../schema';
+import type { LegalDocumentPolicyType, PolicyType } from '../schema';
 import type { Registry } from './types';
+export interface LegalDocumentPolicyInput {
+    type: LegalDocumentPolicyType;
+    version: string;
+    hash: string;
+    effectiveDate: Date;
+}
+export declare class LegalDocumentPolicyConflictError extends Error {
+    constructor(message: string);
+}
+export declare function buildLegalDocumentPolicyId(input: {
+    tenantId?: string;
+    type: LegalDocumentPolicyType;
+    hash: string;
+}): Promise<string>;
 export declare function policyRegistry({ db, ctx }: Registry): {
     findConsentPolicyById: (policyId: string) => Promise<{
         id: string;
         version: string;
         type: string;
+        hash: string | null;
         effectiveDate: Date;
         isActive: boolean;
         createdAt: Date;
         tenantId: string | null;
     } | null>;
+    findLatestPolicyByType: (type: PolicyType) => Promise<{
+        id: string;
+        version: string;
+        type: string;
+        hash: string | null;
+        effectiveDate: Date;
+        isActive: boolean;
+        createdAt: Date;
+        tenantId: string | null;
+    } | null>;
+    findLegalDocumentPolicyByHash: (type: LegalDocumentPolicyType, hash: string) => Promise<{
+        id: string;
+        version: string;
+        type: string;
+        hash: string | null;
+        effectiveDate: Date;
+        isActive: boolean;
+        createdAt: Date;
+        tenantId: string | null;
+    } | null>;
+    syncCurrentLegalDocumentPolicy: (input: LegalDocumentPolicyInput) => Promise<{
+        id: string;
+        version: string;
+        type: string;
+        hash: string | null;
+        effectiveDate: Date;
+        isActive: boolean;
+        createdAt: Date;
+        tenantId: string | null;
+    }>;
+    findOrCreateLegalDocumentPolicy: (input: LegalDocumentPolicyInput) => Promise<{
+        id: string;
+        version: string;
+        type: string;
+        hash: string | null;
+        effectiveDate: Date;
+        isActive: boolean;
+        createdAt: Date;
+        tenantId: string | null;
+    }>;
     findOrCreatePolicy: (type: PolicyType) => Promise<{
         id: string;
         version: string;
         type: string;
+        hash: string | null;
         effectiveDate: Date;
         isActive: boolean;
         createdAt: Date;