@commonpub/server 2.47.4 → 2.49.0

package/dist/identity/__tests__/health.test.js

@@ -0,0 +1,113 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { checkIdentityConfig, assertIdentityConfig } from '../health.js';
+const VALID_KEY = '0'.repeat(64);
+// Minimal CommonPubConfig builder — kept inline (rather than importing
+// @commonpub/test-utils) so this test file doesn't add a workspace dep
+// that @commonpub/server otherwise doesn't need.
+function makeConfig(idOverrides = {}) {
+    return {
+        instance: {
+            domain: 'test.example.com',
+            name: 'Test',
+            description: 'Test instance',
+        },
+        features: {
+            content: true, social: true, hubs: true, docs: true, video: true,
+            contests: false, events: false, learning: true, explainers: true,
+            editorial: true, federation: false, seamlessFederation: false,
+            federateHubs: false, admin: false, emailNotifications: false,
+            publicApi: false,
+            identity: {
+                linkRemoteAccounts: false,
+                signInWithRemote: false,
+                actingAs: false,
+                remoteInteract: false,
+                remotePublish: false,
+                ...idOverrides,
+            },
+        },
+        auth: {
+            emailPassword: true,
+            magicLink: false,
+            passkeys: false,
+        },
+        docs: {
+            searchLanguage: 'english',
+        },
+    };
+}
+describe('checkIdentityConfig', () => {
+    let originalKey;
+    beforeEach(() => {
+        originalKey = process.env.CPUB_FED_TOKEN_KEY;
+    });
+    afterEach(() => {
+        if (originalKey === undefined)
+            delete process.env.CPUB_FED_TOKEN_KEY;
+        else
+            process.env.CPUB_FED_TOKEN_KEY = originalKey;
+    });
+    it('ok when no identity flags are enabled', () => {
+        delete process.env.CPUB_FED_TOKEN_KEY;
+        const result = checkIdentityConfig(makeConfig());
+        expect(result).toEqual({ ok: true, errors: [] });
+    });
+    it('ok when only `actingAs` is enabled (no token I/O)', () => {
+        delete process.env.CPUB_FED_TOKEN_KEY;
+        const result = checkIdentityConfig(makeConfig({ actingAs: true }));
+        expect(result.ok).toBe(true);
+    });
+    it('errors when linkRemoteAccounts is on without key', () => {
+        delete process.env.CPUB_FED_TOKEN_KEY;
+        const result = checkIdentityConfig(makeConfig({ linkRemoteAccounts: true }));
+        expect(result.ok).toBe(false);
+        expect(result.errors[0]).toMatch(/CPUB_FED_TOKEN_KEY/);
+    });
+    it('errors when signInWithRemote is on without key', () => {
+        delete process.env.CPUB_FED_TOKEN_KEY;
+        const result = checkIdentityConfig(makeConfig({ signInWithRemote: true }));
+        expect(result.ok).toBe(false);
+    });
+    it('errors when remoteInteract is on without key', () => {
+        delete process.env.CPUB_FED_TOKEN_KEY;
+        const result = checkIdentityConfig(makeConfig({ remoteInteract: true }));
+        expect(result.ok).toBe(false);
+    });
+    it('errors when remotePublish is on without key', () => {
+        delete process.env.CPUB_FED_TOKEN_KEY;
+        const result = checkIdentityConfig(makeConfig({ remotePublish: true }));
+        expect(result.ok).toBe(false);
+    });
+    it('ok when token-using flag is on AND key is configured', () => {
+        process.env.CPUB_FED_TOKEN_KEY = VALID_KEY;
+        const result = checkIdentityConfig(makeConfig({ linkRemoteAccounts: true, remotePublish: true }));
+        expect(result.ok).toBe(true);
+    });
+    it('errors when key is malformed (wrong length)', () => {
+        process.env.CPUB_FED_TOKEN_KEY = '0'.repeat(63);
+        const result = checkIdentityConfig(makeConfig({ linkRemoteAccounts: true }));
+        expect(result.ok).toBe(false);
+        expect(result.errors[0]).toMatch(/CPUB_FED_TOKEN_KEY/);
+    });
+});
+describe('assertIdentityConfig', () => {
+    let originalKey;
+    beforeEach(() => {
+        originalKey = process.env.CPUB_FED_TOKEN_KEY;
+    });
+    afterEach(() => {
+        if (originalKey === undefined)
+            delete process.env.CPUB_FED_TOKEN_KEY;
+        else
+            process.env.CPUB_FED_TOKEN_KEY = originalKey;
+    });
+    it('does not throw when ok', () => {
+        process.env.CPUB_FED_TOKEN_KEY = VALID_KEY;
+        expect(() => assertIdentityConfig(makeConfig({ linkRemoteAccounts: true }))).not.toThrow();
+    });
+    it('throws with all errors joined when not ok', () => {
+        delete process.env.CPUB_FED_TOKEN_KEY;
+        expect(() => assertIdentityConfig(makeConfig({ linkRemoteAccounts: true }))).toThrow(/misconfigured.*CPUB_FED_TOKEN_KEY/s);
+    });
+});
+//# sourceMappingURL=health.test.js.map

package/dist/identity/__tests__/health.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.test.js","sourceRoot":"","sources":["../../../src/identity/__tests__/health.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAErE,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEzE,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAEjC,uEAAuE;AACvE,uEAAuE;AACvE,iDAAiD;AACjD,SAAS,UAAU,CAAC,cAAgE,EAAE;IACpF,OAAO;QACL,QAAQ,EAAE;YACR,MAAM,EAAE,kBAAkB;YAC1B,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,eAAe;SAC7B;QACD,QAAQ,EAAE;YACR,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI;YAChE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI;YAChE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK;YAC7D,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK;YAC5D,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE;gBACR,kBAAkB,EAAE,KAAK;gBACzB,gBAAgB,EAAE,KAAK;gBACvB,QAAQ,EAAE,KAAK;gBACf,cAAc,EAAE,KAAK;gBACrB,aAAa,EAAE,KAAK;gBACpB,GAAG,WAAW;aACf;SACF;QACD,IAAI,EAAE;YACJ,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,KAAK;SAChB;QACD,IAAI,EAAE;YACJ,cAAc,EAAE,SAAS;SAC1B;KACF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,IAAI,WAA+B,CAAC;IAEpC,UAAU,CAAC,GAAG,EAAE;QACd,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,WAAW,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;;YAChE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,WAAW,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,EAAE,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC7E,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3E,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACzE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,SAAS,CAAC;QAC3C,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAClG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC7E,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,IAAI,WAA+B,CAAC;IAEpC,UAAU,CAAC,GAAG,EAAE;QACd,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,WAAW,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;;YAChE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,WAAW,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,SAAS,CAAC;QAC3C,MAAM,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAC7F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAC;IAC7H,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/identity/__tests__/router.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=router.test.d.ts.map

package/dist/identity/__tests__/router.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.test.d.ts","sourceRoot":"","sources":["../../../src/identity/__tests__/router.test.ts"],"names":[],"mappings":""}

package/dist/identity/__tests__/router.test.js

@@ -0,0 +1,163 @@
+import { describe, it, expect, vi, afterEach } from 'vitest';
+import { run, ActionUnavailable, InsufficientScopes, LinkedIdentityRevoked, } from '../router.js';
+import { setFediClientFactory, } from '../fediClient.js';
+// Reset the factory between tests so leakage between cases is impossible.
+afterEach(() => setFediClientFactory(null));
+const fakeEvent = {};
+const NATIVE = {
+    kind: 'native',
+    id: 'u1',
+    userId: 'u1',
+    username: 'moheeb',
+    instance: 'deveco.io',
+    actorUri: 'https://deveco.io/users/moheeb',
+    handle: '@moheeb@deveco.io',
+};
+function makeLinked(overrides = {}) {
+    return {
+        kind: 'linked',
+        id: 'fa1',
+        userId: 'u1',
+        username: 'moheeb',
+        instance: 'commonpub.io',
+        actorUri: 'https://commonpub.io/users/moheeb',
+        handle: '@moheeb@commonpub.io',
+        scopes: ['read', 'write'],
+        softwareKind: 'cpub',
+        revokedAt: null,
+        ...overrides,
+    };
+}
+function makeAction(opts = {}) {
+    return {
+        name: opts.name ?? 'test-action',
+        scopes: opts.scopes ?? [],
+        local: opts.local ?? vi.fn(async () => 'local-result'),
+        remote: opts.remote,
+    };
+}
+describe('run() — native identity', () => {
+    it('dispatches to action.local', async () => {
+        const local = vi.fn(async () => 'OK');
+        const action = makeAction({ local });
+        const result = await run(fakeEvent, NATIVE, action, undefined);
+        expect(result).toBe('OK');
+        expect(local).toHaveBeenCalledOnce();
+        expect(local).toHaveBeenCalledWith(fakeEvent, NATIVE, undefined);
+    });
+    it('passes input through unchanged', async () => {
+        const local = vi.fn(async (_e, _id, x) => x.hello);
+        const action = {
+            name: 'test',
+            scopes: [],
+            local,
+        };
+        const result = await run(fakeEvent, NATIVE, action, { hello: 'world' });
+        expect(result).toBe('world');
+    });
+    it('does NOT check scopes for native (scopes are linked-only)', async () => {
+        const action = makeAction({ scopes: ['publish'] });
+        // Native passes through even though "scopes: ['publish']" is declared.
+        const result = await run(fakeEvent, NATIVE, action, undefined);
+        expect(result).toBe('local-result');
+    });
+});
+describe('run() — linked identity', () => {
+    it('throws ActionUnavailable when the action has no remote half', async () => {
+        const action = makeAction(); // no remote
+        await expect(run(fakeEvent, makeLinked(), action, undefined))
+            .rejects.toBeInstanceOf(ActionUnavailable);
+        await expect(run(fakeEvent, makeLinked(), action, undefined))
+            .rejects.toMatchObject({ action: 'test-action', reason: 'not-proxiable' });
+    });
+    it('throws LinkedIdentityRevoked when the grant is revoked', async () => {
+        const remote = vi.fn(async () => 'remote-result');
+        const action = makeAction({ remote });
+        const revoked = makeLinked({ revokedAt: new Date() });
+        await expect(run(fakeEvent, revoked, action, undefined))
+            .rejects.toBeInstanceOf(LinkedIdentityRevoked);
+        expect(remote).not.toHaveBeenCalled();
+    });
+    it('throws InsufficientScopes when granted scopes do not cover required', async () => {
+        const remote = vi.fn(async () => 'remote-result');
+        const action = makeAction({ scopes: ['publish'], remote });
+        const linked = makeLinked({ scopes: ['read', 'write'] });
+        try {
+            await run(fakeEvent, linked, action, undefined);
+            throw new Error('expected throw');
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(InsufficientScopes);
+            expect(err.required).toEqual(['publish']);
+            expect(err.granted).toEqual(['read', 'write']);
+        }
+        expect(remote).not.toHaveBeenCalled();
+    });
+    it('throws when no FediClient factory is registered', async () => {
+        // Phase 1a default state: no factory. Reaching getFediClient must
+        // surface a clear, actionable error rather than silently no-op'ing.
+        const remote = vi.fn(async () => 'remote-result');
+        const action = makeAction({ scopes: ['read'], remote });
+        const linked = makeLinked({ scopes: ['read', 'write'] });
+        await expect(run(fakeEvent, linked, action, undefined))
+            .rejects.toThrow(/factory not registered/);
+        expect(remote).not.toHaveBeenCalled();
+    });
+    it('dispatches to action.remote with the factory-built client', async () => {
+        // The crucial chain-completeness test: Phase 1b plugs in a factory,
+        // and run() must thread the constructed client through to the
+        // action's remote handler with the linked identity unchanged.
+        const fakeClient = {
+            account: { verifyCredentials: vi.fn(async () => ({ id: '1', username: 'm', acct: 'm@host' })) },
+        };
+        const factory = vi.fn(async () => fakeClient);
+        setFediClientFactory(factory);
+        const remote = vi.fn(async (client, _id, _input) => {
+            // Verify it's actually the registered factory's client
+            expect(client).toBe(fakeClient);
+            return 'remote-result';
+        });
+        const action = makeAction({ scopes: ['read'], remote });
+        const linked = makeLinked({ scopes: ['read', 'write'] });
+        const result = await run(fakeEvent, linked, action, undefined);
+        expect(result).toBe('remote-result');
+        expect(factory).toHaveBeenCalledOnce();
+        expect(factory).toHaveBeenCalledWith(linked);
+        expect(remote).toHaveBeenCalledOnce();
+    });
+    it('propagates factory errors as-is (no silent swallow)', async () => {
+        setFediClientFactory(async () => { throw new Error('database unreachable'); });
+        const action = makeAction({ scopes: ['read'], remote: vi.fn() });
+        const linked = makeLinked({ scopes: ['read'] });
+        await expect(run(fakeEvent, linked, action, undefined))
+            .rejects.toThrow(/database unreachable/);
+    });
+});
+describe('error classes', () => {
+    it('ActionUnavailable carries action + reason', () => {
+        const e = new ActionUnavailable('publish', 'no-token');
+        expect(e.name).toBe('ActionUnavailable');
+        expect(e.action).toBe('publish');
+        expect(e.reason).toBe('no-token');
+        expect(e.message).toContain('publish');
+        expect(e.message).toContain('no-token');
+    });
+    it('InsufficientScopes carries required + granted', () => {
+        const e = new InsufficientScopes('publish', ['publish'], ['read']);
+        expect(e.required).toEqual(['publish']);
+        expect(e.granted).toEqual(['read']);
+        expect(e.message).toContain('publish');
+    });
+    it('LinkedIdentityRevoked carries identity reference', () => {
+        const id = makeLinked({ revokedAt: new Date() });
+        const e = new LinkedIdentityRevoked(id);
+        expect(e.identity).toBe(id);
+        expect(e.message).toContain(id.handle);
+    });
+    // Sanity: typeof Identity narrowing works at runtime
+    it('Identity union still includes both kinds', () => {
+        const ids = [NATIVE, makeLinked()];
+        expect(ids.map(i => i.kind).sort()).toEqual(['linked', 'native']);
+    });
+});
+//# sourceMappingURL=router.test.js.map

package/dist/identity/__tests__/router.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.test.js","sourceRoot":"","sources":["../../../src/identity/__tests__/router.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAO7D,OAAO,EACL,GAAG,EACH,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GAEtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,oBAAoB,GAGrB,MAAM,kBAAkB,CAAC;AAE1B,0EAA0E;AAC1E,SAAS,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC;AAK5C,MAAM,SAAS,GAAc,EAAE,CAAC;AAEhC,MAAM,MAAM,GAAmB;IAC7B,IAAI,EAAE,QAAQ;IACd,EAAE,EAAE,IAAI;IACR,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,WAAW;IACrB,QAAQ,EAAE,gCAAgC;IAC1C,MAAM,EAAE,mBAAmB;CAC5B,CAAC;AAEF,SAAS,UAAU,CAAC,YAAqC,EAAE;IACzD,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,EAAE,EAAE,KAAK;QACT,MAAM,EAAE,IAAI;QACZ,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,mCAAmC;QAC7C,MAAM,EAAE,sBAAsB;QAC9B,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAY;QACpC,YAAY,EAAE,MAAM;QACpB,SAAS,EAAE,IAAI;QACf,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAA4B,OAK3C,EAAE;IACJ,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,aAAa;QAChC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;QACzB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAK,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,cAAsB,CAA2D;QACzH,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,KAAK,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,EAAE,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,KAAK,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAa,EAAE,GAAG,EAAE,CAAoB,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACjF,MAAM,MAAM,GAAsD;YAChE,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,EAAE;YACV,KAAK;SACN,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACxE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACnD,uEAAuE;QACvE,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;QAC3E,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC,CAAC,YAAY;QACzC,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aAC1D,OAAO,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC;QAC7C,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aAC1D,OAAO,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,UAAU,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aACrD,OAAO,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;YAC/C,MAAM,CAAE,GAA0B,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;YAClE,MAAM,CAAE,GAA0B,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,kEAAkE;QAClE,oEAAoE;QACpE,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QACzD,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aACpD,OAAO,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,oEAAoE;QACpE,8DAA8D;QAC9D,8DAA8D;QAC9D,MAAM,UAAU,GAAe;YAC7B,OAAO,EAAE,EAAE,iBAAiB,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE;SAChG,CAAC;QACF,MAAM,OAAO,GAAsB,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC;QACjE,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,MAAkB,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE;YAC7D,uDAAuD;YACvD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAChC,OAAO,eAAe,CAAC;QACzB,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAEzD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACrC,MAAM,CAAC,OAAO,CAAC,CAAC,oBAAoB,EAAE,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,oBAAoB,CAAC,KAAK,IAAI,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAChD,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aACpD,OAAO,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,GAAG,IAAI,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACvD,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACzC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,CAAC,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QACnE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACpC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,EAAE,GAAG,UAAU,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QACjD,MAAM,CAAC,GAAG,IAAI,qBAAqB,CAAC,EAAE,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5B,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,GAAG,GAAe,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;QAC/C,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/identity/fediClient.d.ts

@@ -0,0 +1,82 @@
+/**
+ * FediClient — opaque, protocol-agnostic facade for calling a remote
+ * Fediverse instance as a linked identity. Phase 1a defines the
+ * interface; Phase 1b plumbs in the megalodon-backed implementation.
+ *
+ * Why opaque: callers (action handlers) should never see the bearer
+ * token, never call `fetch` directly, never know whether the remote
+ * is Mastodon vs Pleroma vs CommonPub. They write `client.statuses.create({ ... })`
+ * and the wrapper handles authentication, software-specific quirks,
+ * 401-detection-as-revocation, audit logging, and rate-limit backoff.
+ *
+ * The interface is intentionally narrow — only the actions we proxy.
+ * Add methods as Phase 4 (delegated actions) opens specific surfaces.
+ *
+ * See docs/sessions/136-cross-instance-identity-plan.md.
+ */
+import type { LinkedIdentity } from '@commonpub/auth';
+/**
+ * The minimal account shape returned by a verify-credentials call. All
+ * Mastodon-API-compatible servers expose this at GET /api/v1/accounts/verify_credentials.
+ * CommonPub instances expose the same shape via the OAuth token-exchange
+ * response (per existing `processTokenExchange`).
+ */
+export interface VerifiedAccount {
+    /** Stable id at the remote (string for Mastodon API compat). */
+    id: string;
+    /** Bare username, no @host. */
+    username: string;
+    /** Full handle: `user@host`. Mastodon-API field name. */
+    acct: string;
+    /** Display name (optional). */
+    displayName?: string;
+    /** Avatar URL (optional). */
+    avatar?: string;
+    /** Canonical AP actor URI when known. */
+    url?: string;
+}
+export interface FediClient {
+    /** Phase 1: only the verification call lands here. Phase 4 expands. */
+    account: {
+        verifyCredentials(): Promise<VerifiedAccount>;
+    };
+}
+/**
+ * A FediClient factory. Phase 1b will register a real implementation
+ * via `setFediClientFactory` at app init; the factory closes over the
+ * DB handle, decryption key, audit logger, and any other dependencies
+ * a real client needs without forcing those onto `run()`'s call sites.
+ *
+ * Tests register mock factories per-case via `setFediClientFactory`
+ * and clear with `setFediClientFactory(null)` in afterEach.
+ */
+export type FediClientFactory = (identity: LinkedIdentity) => Promise<FediClient>;
+/**
+ * Register the FediClient factory. Called once at app init by Phase 1b's
+ * Nitro plugin (something like `setFediClientFactory(makeMastodonFactory(useDB(), tokenKey))`).
+ *
+ * Pass `null` to clear (used in tests).
+ *
+ * Why factory-registration instead of explicit DI through `run()`:
+ *   - keeps `run()`'s signature simple — no DB / audit-logger cruft
+ *     leaking into every call site
+ *   - keeps `@commonpub/server` framework-agnostic — no h3 / Nuxt
+ *     specific globals
+ *   - app init is the natural place to wire dependencies once
+ */
+export declare function setFediClientFactory(factory: FediClientFactory | null): void;
+/**
+ * Construct a FediClient for a linked identity. Delegates to the
+ * registered factory; throws if no factory has been registered (i.e.,
+ * Phase 1b plumbing isn't in place yet, or the test forgot to call
+ * `setFediClientFactory`).
+ *
+ * The Phase 1b factory will:
+ *   1. Read federated_accounts row for `identity.id`
+ *   2. Decrypt access_token via `decryptToken` (@commonpub/infra)
+ *   3. Construct megalodon client based on `identity.softwareKind`
+ *   4. Wrap with 401-detection (mark revoked_at on auth failure),
+ *      audit logging, and rate-limit handling
+ */
+export declare function getFediClient(identity: LinkedIdentity): Promise<FediClient>;
+//# sourceMappingURL=fediClient.d.ts.map

package/dist/identity/fediClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fediClient.d.ts","sourceRoot":"","sources":["../../src/identity/fediClient.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,gEAAgE;IAChE,EAAE,EAAE,MAAM,CAAC;IACX,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6BAA6B;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,UAAU;IACzB,uEAAuE;IACvE,OAAO,EAAE;QACP,iBAAiB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;KAC/C,CAAC;CAKH;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,QAAQ,EAAE,cAAc,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;AAIlF;;;;;;;;;;;;GAYG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI,GAAG,IAAI,CAE5E;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CAAC,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAUjF"}

package/dist/identity/fediClient.js

@@ -0,0 +1,40 @@
+let registeredFactory = null;
+/**
+ * Register the FediClient factory. Called once at app init by Phase 1b's
+ * Nitro plugin (something like `setFediClientFactory(makeMastodonFactory(useDB(), tokenKey))`).
+ *
+ * Pass `null` to clear (used in tests).
+ *
+ * Why factory-registration instead of explicit DI through `run()`:
+ *   - keeps `run()`'s signature simple — no DB / audit-logger cruft
+ *     leaking into every call site
+ *   - keeps `@commonpub/server` framework-agnostic — no h3 / Nuxt
+ *     specific globals
+ *   - app init is the natural place to wire dependencies once
+ */
+export function setFediClientFactory(factory) {
+    registeredFactory = factory;
+}
+/**
+ * Construct a FediClient for a linked identity. Delegates to the
+ * registered factory; throws if no factory has been registered (i.e.,
+ * Phase 1b plumbing isn't in place yet, or the test forgot to call
+ * `setFediClientFactory`).
+ *
+ * The Phase 1b factory will:
+ *   1. Read federated_accounts row for `identity.id`
+ *   2. Decrypt access_token via `decryptToken` (@commonpub/infra)
+ *   3. Construct megalodon client based on `identity.softwareKind`
+ *   4. Wrap with 401-detection (mark revoked_at on auth failure),
+ *      audit logging, and rate-limit handling
+ */
+export async function getFediClient(identity) {
+    if (!registeredFactory) {
+        throw new Error(`FediClient factory not registered. ` +
+            `Phase 1b: call setFediClientFactory(...) at app init. ` +
+            `Tests: register a mock via setFediClientFactory(async () => mockClient). ` +
+            `See docs/sessions/136-cross-instance-identity-plan.md.`);
+    }
+    return registeredFactory(identity);
+}
+//# sourceMappingURL=fediClient.js.map

package/dist/identity/fediClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fediClient.js","sourceRoot":"","sources":["../../src/identity/fediClient.ts"],"names":[],"mappings":"AA6DA,IAAI,iBAAiB,GAA6B,IAAI,CAAC;AAEvD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAiC;IACpE,iBAAiB,GAAG,OAAO,CAAC;AAC9B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,QAAwB;IAC1D,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,qCAAqC;YACrC,wDAAwD;YACxD,2EAA2E;YAC3E,wDAAwD,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC"}

package/dist/identity/health.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Identity-configuration startup invariants.
+ *
+ * Cross-instance delegated authorization stores OAuth bearer tokens at
+ * rest under a symmetric key (`CPUB_FED_TOKEN_KEY`). If any feature
+ * flag that *uses* tokens is enabled but the key is missing, the
+ * operator has misconfigured the deploy — better to refuse to start
+ * than to fail at first OAuth callback when a real user is mid-sign-in.
+ *
+ * Phase 1b plugs this into a Nitro plugin that runs at app init:
+ *
+ *     // layers/base/server/plugins/identity-startup.ts
+ *     export default defineNitroPlugin(() => {
+ *       assertIdentityConfig(useConfig());
+ *     });
+ *
+ * `actingAs` does NOT need the key — it's purely a UI identity-context
+ * switcher and doesn't store tokens. Listed exclusion below.
+ */
+import type { CommonPubConfig } from '@commonpub/config';
+export interface IdentityConfigCheckResult {
+    ok: boolean;
+    errors: ReadonlyArray<string>;
+}
+/**
+ * Inspect the config; return the list of identity-related
+ * misconfigurations. Empty errors → `ok: true`.
+ *
+ * Pure function: no env mutation, no I/O beyond reading the env var
+ * (which `isTokenKeyConfigured` does without logging the key).
+ */
+export declare function checkIdentityConfig(config: CommonPubConfig): IdentityConfigCheckResult;
+/**
+ * Same as `checkIdentityConfig` but throws on any error. Use at
+ * Nitro-plugin startup so a misconfigured deploy fails to boot rather
+ * than 500-ing on first user OAuth attempt.
+ *
+ * Error message lists ALL detected problems (not just the first) so
+ * operators can fix everything in one go.
+ */
+export declare function assertIdentityConfig(config: CommonPubConfig): void;
+//# sourceMappingURL=health.d.ts.map

package/dist/identity/health.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../src/identity/health.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGzD,MAAM,WAAW,yBAAyB;IACxC,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC/B;AAeD;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,eAAe,GAAG,yBAAyB,CAatF;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,eAAe,GAAG,IAAI,CAOlE"}

package/dist/identity/health.js

@@ -0,0 +1,43 @@
+import { isTokenKeyConfigured } from '@commonpub/infra';
+/**
+ * True iff this flag set requires an active `CPUB_FED_TOKEN_KEY`.
+ * `actingAs` alone is fine — it's UI state, not token I/O.
+ */
+function requiresTokenKey(id) {
+    return (id.linkRemoteAccounts ||
+        id.signInWithRemote ||
+        id.remoteInteract ||
+        id.remotePublish);
+}
+/**
+ * Inspect the config; return the list of identity-related
+ * misconfigurations. Empty errors → `ok: true`.
+ *
+ * Pure function: no env mutation, no I/O beyond reading the env var
+ * (which `isTokenKeyConfigured` does without logging the key).
+ */
+export function checkIdentityConfig(config) {
+    const errors = [];
+    const id = config.features.identity;
+    if (requiresTokenKey(id) && !isTokenKeyConfigured()) {
+        errors.push('CPUB_FED_TOKEN_KEY env var must be set when any of ' +
+            'features.identity.{linkRemoteAccounts, signInWithRemote, remoteInteract, remotePublish} ' +
+            'is enabled. Generate with: openssl rand -hex 32');
+    }
+    return { ok: errors.length === 0, errors };
+}
+/**
+ * Same as `checkIdentityConfig` but throws on any error. Use at
+ * Nitro-plugin startup so a misconfigured deploy fails to boot rather
+ * than 500-ing on first user OAuth attempt.
+ *
+ * Error message lists ALL detected problems (not just the first) so
+ * operators can fix everything in one go.
+ */
+export function assertIdentityConfig(config) {
+    const result = checkIdentityConfig(config);
+    if (!result.ok) {
+        throw new Error(`Cross-instance identity misconfigured:\n  - ${result.errors.join('\n  - ')}`);
+    }
+}
+//# sourceMappingURL=health.js.map

package/dist/identity/health.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.js","sourceRoot":"","sources":["../../src/identity/health.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAOxD;;;GAGG;AACH,SAAS,gBAAgB,CAAC,EAA2C;IACnE,OAAO,CACL,EAAE,CAAC,kBAAkB;QACrB,EAAE,CAAC,gBAAgB;QACnB,EAAE,CAAC,cAAc;QACjB,EAAE,CAAC,aAAa,CACjB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAuB;IACzD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;IAEpC,IAAI,gBAAgB,CAAC,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;QACpD,MAAM,CAAC,IAAI,CACT,qDAAqD;YACrD,0FAA0F;YAC1F,iDAAiD,CAClD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAC7C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAuB;IAC1D,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,+CAA+C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAC9E,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/identity/index.d.ts

@@ -0,0 +1,17 @@
+/**
+ * @commonpub/server / identity — cross-instance delegated authorization.
+ *
+ * Phase 1a foundation: types + action router + FediClient interface.
+ * Phase 1b lands the OAuth flow + FediClient implementation.
+ * Phase 3 lands resolveIdentityContext middleware.
+ * Phase 4 lands ActionRoute declarations for publish/like/follow/comment.
+ *
+ * See docs/sessions/136-cross-instance-identity-plan.md.
+ */
+export type { ActionRoute } from './router.js';
+export { run, ActionUnavailable, InsufficientScopes, LinkedIdentityRevoked, } from './router.js';
+export type { FediClient, VerifiedAccount, FediClientFactory } from './fediClient.js';
+export { getFediClient, setFediClientFactory } from './fediClient.js';
+export type { IdentityConfigCheckResult } from './health.js';
+export { checkIdentityConfig, assertIdentityConfig } from './health.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/identity/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/identity/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EACL,GAAG,EACH,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,aAAa,CAAC;AAErB,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACtF,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEtE,YAAY,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC"}

package/dist/identity/index.js

@@ -0,0 +1,14 @@
+/**
+ * @commonpub/server / identity — cross-instance delegated authorization.
+ *
+ * Phase 1a foundation: types + action router + FediClient interface.
+ * Phase 1b lands the OAuth flow + FediClient implementation.
+ * Phase 3 lands resolveIdentityContext middleware.
+ * Phase 4 lands ActionRoute declarations for publish/like/follow/comment.
+ *
+ * See docs/sessions/136-cross-instance-identity-plan.md.
+ */
+export { run, ActionUnavailable, InsufficientScopes, LinkedIdentityRevoked, } from './router.js';
+export { getFediClient, setFediClientFactory } from './fediClient.js';
+export { checkIdentityConfig, assertIdentityConfig } from './health.js';
+//# sourceMappingURL=index.js.map

package/dist/identity/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/identity/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EACL,GAAG,EACH,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAGtE,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC"}