@c15t/backend 2.0.2 → 2.0.4

package/dist/302.js

@@ -13,7 +13,7 @@ function createTelemetryOptions(appName = 'c15t', telemetryConfig, tenantId) {
     const defaultAttributes = {
         ...telemetryConfig?.defaultAttributes || {},
         'service.name': String(appName),
-        'service.version': "2.0.2"
+        'service.version': "2.0.4"
     };
     if (tenantId) defaultAttributes['tenant.id'] = tenantId;
     const config = {

package/dist/915.js

@@ -709,7 +709,7 @@ const statusHandler = async (c)=>{
     try {
         await ctx.db.findFirst('subject', {});
         return c.json({
-            version: "2.0.2",
+            version: "2.0.4",
             timestamp: new Date(),
             client: clientInfo
         });
@@ -1462,10 +1462,14 @@ const postSubjectHandler = async (c)=>{
             const hasWildcardCategoryScope = allowedCategories?.includes('*') === true;
             const appliedPreferenceEntries = Object.entries(preferences);
             let filteredAppliedPreferenceEntries = appliedPreferenceEntries;
-            if (allowedCategories && allowedCategories.length > 0 && !hasWildcardCategoryScope) {
-                const disallowed = appliedPreferenceEntries.map(([purpose])=>purpose).filter((purpose)=>!allowedCategories.includes(purpose));
-                filteredAppliedPreferenceEntries = appliedPreferenceEntries.filter(([purpose])=>allowedCategories.includes(purpose));
-                if (disallowed.length > 0 && 'strict' === effectiveScopeMode) throw new HTTPException(400, {
+            if ('strict' === effectiveScopeMode && allowedCategories && allowedCategories.length > 0 && !hasWildcardCategoryScope) {
+                const strictAllowedCategories = new Set([
+                    'necessary',
+                    ...allowedCategories
+                ]);
+                const disallowed = appliedPreferenceEntries.map(([purpose])=>purpose).filter((purpose)=>!strictAllowedCategories.has(purpose));
+                filteredAppliedPreferenceEntries = appliedPreferenceEntries.filter(([purpose])=>strictAllowedCategories.has(purpose));
+                if (disallowed.length > 0) throw new HTTPException(400, {
                     message: 'Preferences include categories not allowed by policy',
                     cause: {
                         code: 'PURPOSE_NOT_ALLOWED',

package/dist/core.cjs

@@ -349,7 +349,7 @@ var __webpack_exports__ = {};
 (()=>{
     __webpack_require__.r(__webpack_exports__);
     __webpack_require__.d(__webpack_exports__, {
-        version: ()=>"2.0.2",
+        version: ()=>"2.0.4",
         c15tInstance: ()=>c15tInstance,
         EEA_COUNTRY_CODES: ()=>types_namespaceObject.EEA_COUNTRY_CODES,
         EU_COUNTRY_CODES: ()=>types_namespaceObject.EU_COUNTRY_CODES,
@@ -757,7 +757,7 @@ var __webpack_exports__ = {};
         const defaultAttributes = {
             ...telemetryConfig?.defaultAttributes || {},
             'service.name': String(appName),
-            'service.version': "2.0.2"
+            'service.version': "2.0.4"
         };
         if (tenantId) defaultAttributes['tenant.id'] = tenantId;
         const config = {
@@ -2676,7 +2676,7 @@ Use for geo-targeted consent banners and regional compliance.`,
         try {
             await ctx.db.findFirst('subject', {});
             return c.json({
-                version: "2.0.2",
+                version: "2.0.4",
                 timestamp: new Date(),
                 client: clientInfo
             });
@@ -3430,10 +3430,14 @@ Use for health checks, load balancer probes, and debugging. Performs a lightweig
                 const hasWildcardCategoryScope = allowedCategories?.includes('*') === true;
                 const appliedPreferenceEntries = Object.entries(preferences);
                 let filteredAppliedPreferenceEntries = appliedPreferenceEntries;
-                if (allowedCategories && allowedCategories.length > 0 && !hasWildcardCategoryScope) {
-                    const disallowed = appliedPreferenceEntries.map(([purpose])=>purpose).filter((purpose)=>!allowedCategories.includes(purpose));
-                    filteredAppliedPreferenceEntries = appliedPreferenceEntries.filter(([purpose])=>allowedCategories.includes(purpose));
-                    if (disallowed.length > 0 && 'strict' === effectiveScopeMode) throw new http_exception_namespaceObject.HTTPException(400, {
+                if ('strict' === effectiveScopeMode && allowedCategories && allowedCategories.length > 0 && !hasWildcardCategoryScope) {
+                    const strictAllowedCategories = new Set([
+                        'necessary',
+                        ...allowedCategories
+                    ]);
+                    const disallowed = appliedPreferenceEntries.map(([purpose])=>purpose).filter((purpose)=>!strictAllowedCategories.has(purpose));
+                    filteredAppliedPreferenceEntries = appliedPreferenceEntries.filter(([purpose])=>strictAllowedCategories.has(purpose));
+                    if (disallowed.length > 0) throw new http_exception_namespaceObject.HTTPException(400, {
                         message: 'Preferences include categories not allowed by policy',
                         cause: {
                             code: 'PURPOSE_NOT_ALLOWED',
@@ -3878,7 +3882,7 @@ Use for health checks, load balancer probes, and debugging. Performs a lightweig
                     openapi: '3.1.0',
                     info: {
                         title: options.appName || 'c15t API',
-                        version: "2.0.2",
+                        version: "2.0.4",
                         description: 'API for consent management'
                     },
                     servers: [

package/dist/core.js

@@ -767,7 +767,7 @@ const c15tInstance = (options)=>{
                 openapi: '3.1.0',
                 info: {
                     title: options.appName || 'c15t API',
-                    version: "2.0.2",
+                    version: "2.0.4",
                     description: 'API for consent management'
                 },
                 servers: [
@@ -881,7 +881,7 @@ const c15tInstance = (options)=>{
         getDocsUI
     };
 };
-var core_version = "2.0.2";
+var core_version = "2.0.4";
 export { defineConfig } from "./define-config.js";
 export { inspectPolicies } from "./583.js";
 export { EEA_COUNTRY_CODES, EU_COUNTRY_CODES, POLICY_MATCH_DATASET_VERSION, UK_COUNTRY_CODES, c15tInstance, core_version as version, policyBuilder, policyMatchers, policyPackPresets };

package/dist/router.cjs

@@ -1246,7 +1246,7 @@ const statusHandler = async (c)=>{
     try {
         await ctx.db.findFirst('subject', {});
         return c.json({
-            version: "2.0.2",
+            version: "2.0.4",
             timestamp: new Date(),
             client: clientInfo
         });
@@ -2000,10 +2000,14 @@ const postSubjectHandler = async (c)=>{
             const hasWildcardCategoryScope = allowedCategories?.includes('*') === true;
             const appliedPreferenceEntries = Object.entries(preferences);
             let filteredAppliedPreferenceEntries = appliedPreferenceEntries;
-            if (allowedCategories && allowedCategories.length > 0 && !hasWildcardCategoryScope) {
-                const disallowed = appliedPreferenceEntries.map(([purpose])=>purpose).filter((purpose)=>!allowedCategories.includes(purpose));
-                filteredAppliedPreferenceEntries = appliedPreferenceEntries.filter(([purpose])=>allowedCategories.includes(purpose));
-                if (disallowed.length > 0 && 'strict' === effectiveScopeMode) throw new http_exception_namespaceObject.HTTPException(400, {
+            if ('strict' === effectiveScopeMode && allowedCategories && allowedCategories.length > 0 && !hasWildcardCategoryScope) {
+                const strictAllowedCategories = new Set([
+                    'necessary',
+                    ...allowedCategories
+                ]);
+                const disallowed = appliedPreferenceEntries.map(([purpose])=>purpose).filter((purpose)=>!strictAllowedCategories.has(purpose));
+                filteredAppliedPreferenceEntries = appliedPreferenceEntries.filter(([purpose])=>strictAllowedCategories.has(purpose));
+                if (disallowed.length > 0) throw new http_exception_namespaceObject.HTTPException(400, {
                     message: 'Preferences include categories not allowed by policy',
                     cause: {
                         code: 'PURPOSE_NOT_ALLOWED',

package/dist-types/version.d.ts

@@ -1 +1 @@
-export declare const version = "2.0.2";
+export declare const version = "2.0.4";

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@c15t/backend",
-	"version": "2.0.2",
+	"version": "2.0.4",
 	"description": "Consent policy engine and API for c15t. Powers the cookie banner, consent manager, and preference center. Webhooks, audit logs, storage adapters. Self-host or use inth.com",
 	"keywords": [
 		"consent",
@@ -120,14 +120,14 @@
 		"fmt": "bun biome format --write . && bun biome check --formatter-enabled=false --linter-enabled=false --write",
 		"knip": "knip",
 		"lint": "bun biome lint ./src",
-		"prepack": "bun run build",
+		"prepack": "bun ../../scripts/verify-package-artifacts.ts",
 		"start": "node dist/server.cjs",
 		"test": "bun prebuild && vitest run",
 		"test:watch": "bun prebuild && vitest"
 	},
 	"dependencies": {
 		"@c15t/logger": "2.0.0",
-		"@c15t/schema": "2.0.0",
+		"@c15t/schema": "2.0.1",
 		"@c15t/translations": "2.0.0",
 		"@hono/standard-validator": "^0.2.2",
 		"@hono/valibot-validator": "0.6.1",
@@ -136,9 +136,9 @@
 		"@scalar/hono-api-reference": "0.10.5",
 		"@valibot/to-json-schema": "1.6.0",
 		"base-x": "5.0.1",
-		"defu": "6.1.4",
+		"defu": "6.1.5",
 		"fumadb": "0.2.2",
-		"hono": "4.12.9",
+		"hono": "4.12.14",
 		"hono-openapi": "1.3.0",
 		"jose": "6.2.2",
 		"valibot": "1.3.1"