@de-otio/trellis 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1249) hide show
  1. package/LICENSE +661 -0
  2. package/dist/db.js +10 -18
  3. package/dist/db.js.map +1 -1
  4. package/dist/env.d.ts +66 -6
  5. package/dist/env.d.ts.map +1 -1
  6. package/dist/env.js +89 -70
  7. package/dist/env.js.map +1 -1
  8. package/dist/extensions.js +3 -8
  9. package/dist/extensions.js.map +1 -1
  10. package/dist/index.d.ts +2 -2
  11. package/dist/index.d.ts.map +1 -1
  12. package/dist/index.js +2 -9
  13. package/dist/index.js.map +1 -1
  14. package/dist/lambda/cleanup-cron.d.ts.map +1 -1
  15. package/dist/lambda/cleanup-cron.js +20 -24
  16. package/dist/lambda/cleanup-cron.js.map +1 -1
  17. package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
  18. package/dist/lambda/create-auth-challenge.js +17 -19
  19. package/dist/lambda/create-auth-challenge.js.map +1 -1
  20. package/dist/lambda/custom-message.js +1 -5
  21. package/dist/lambda/custom-message.js.map +1 -1
  22. package/dist/lambda/define-auth-challenge.js +1 -5
  23. package/dist/lambda/define-auth-challenge.js.map +1 -1
  24. package/dist/lambda/delete-account-worker.d.ts.map +1 -1
  25. package/dist/lambda/delete-account-worker.js +25 -58
  26. package/dist/lambda/delete-account-worker.js.map +1 -1
  27. package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
  28. package/dist/lambda/diagnostics-proxy.js +14 -49
  29. package/dist/lambda/diagnostics-proxy.js.map +1 -1
  30. package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
  31. package/dist/lambda/e2e-sweeper.js +30 -38
  32. package/dist/lambda/e2e-sweeper.js.map +1 -1
  33. package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
  34. package/dist/lambda/federation-outbox-worker.js +4 -6
  35. package/dist/lambda/federation-outbox-worker.js.map +1 -1
  36. package/dist/lambda/followers-events-worker.d.ts.map +1 -1
  37. package/dist/lambda/followers-events-worker.js +4 -6
  38. package/dist/lambda/followers-events-worker.js.map +1 -1
  39. package/dist/lambda/hourly-cron.d.ts.map +1 -1
  40. package/dist/lambda/hourly-cron.js +100 -32
  41. package/dist/lambda/hourly-cron.js.map +1 -1
  42. package/dist/lambda/link-check-worker.d.ts.map +1 -1
  43. package/dist/lambda/link-check-worker.js +4 -6
  44. package/dist/lambda/link-check-worker.js.map +1 -1
  45. package/dist/lambda/maintenance-cron.d.ts.map +1 -1
  46. package/dist/lambda/maintenance-cron.js +30 -63
  47. package/dist/lambda/maintenance-cron.js.map +1 -1
  48. package/dist/lambda/media-processing-worker.d.ts.map +1 -1
  49. package/dist/lambda/media-processing-worker.js +11 -46
  50. package/dist/lambda/media-processing-worker.js.map +1 -1
  51. package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
  52. package/dist/lambda/media-reconciliation-worker.js +4 -6
  53. package/dist/lambda/media-reconciliation-worker.js.map +1 -1
  54. package/dist/lambda/nightly-cron.d.ts.map +1 -1
  55. package/dist/lambda/nightly-cron.js +67 -112
  56. package/dist/lambda/nightly-cron.js.map +1 -1
  57. package/dist/lambda/post-confirmation.d.ts.map +1 -1
  58. package/dist/lambda/post-confirmation.js +147 -45
  59. package/dist/lambda/post-confirmation.js.map +1 -1
  60. package/dist/lambda/pre-signup.js +7 -11
  61. package/dist/lambda/pre-signup.js.map +1 -1
  62. package/dist/lambda/pre-token-generation.d.ts.map +1 -1
  63. package/dist/lambda/pre-token-generation.js +27 -35
  64. package/dist/lambda/pre-token-generation.js.map +1 -1
  65. package/dist/lambda/tools/check-health.js +1 -5
  66. package/dist/lambda/tools/check-health.js.map +1 -1
  67. package/dist/lambda/tools/describe-services.js +4 -8
  68. package/dist/lambda/tools/describe-services.js.map +1 -1
  69. package/dist/lambda/tools/get-cost-report.js +4 -8
  70. package/dist/lambda/tools/get-cost-report.js.map +1 -1
  71. package/dist/lambda/tools/get-errors.js +5 -9
  72. package/dist/lambda/tools/get-errors.js.map +1 -1
  73. package/dist/lambda/tools/get-feature-flags.js +4 -8
  74. package/dist/lambda/tools/get-feature-flags.js.map +1 -1
  75. package/dist/lambda/tools/get-queue-status.js +5 -9
  76. package/dist/lambda/tools/get-queue-status.js.map +1 -1
  77. package/dist/lambda/tools/search-logs.js +5 -9
  78. package/dist/lambda/tools/search-logs.js.map +1 -1
  79. package/dist/lambda/tools/send-alert.js +4 -8
  80. package/dist/lambda/tools/send-alert.js.map +1 -1
  81. package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
  82. package/dist/lambda/verify-auth-challenge.js +10 -12
  83. package/dist/lambda/verify-auth-challenge.js.map +1 -1
  84. package/dist/lib/abuse-metrics.d.ts.map +1 -1
  85. package/dist/lib/abuse-metrics.js +10 -13
  86. package/dist/lib/abuse-metrics.js.map +1 -1
  87. package/dist/lib/activitypub/activity-processor.d.ts +1 -1
  88. package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
  89. package/dist/lib/activitypub/activity-processor.js +9 -43
  90. package/dist/lib/activitypub/activity-processor.js.map +1 -1
  91. package/dist/lib/activitypub/activity-service.js +1 -5
  92. package/dist/lib/activitypub/activity-service.js.map +1 -1
  93. package/dist/lib/activitypub/actor.d.ts +1 -1
  94. package/dist/lib/activitypub/actor.d.ts.map +1 -1
  95. package/dist/lib/activitypub/actor.js +1 -5
  96. package/dist/lib/activitypub/actor.js.map +1 -1
  97. package/dist/lib/activitypub/audience-service.d.ts +2 -2
  98. package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
  99. package/dist/lib/activitypub/audience-service.js +8 -12
  100. package/dist/lib/activitypub/audience-service.js.map +1 -1
  101. package/dist/lib/activitypub/crypto.d.ts +1 -1
  102. package/dist/lib/activitypub/crypto.d.ts.map +1 -1
  103. package/dist/lib/activitypub/crypto.js +3 -41
  104. package/dist/lib/activitypub/crypto.js.map +1 -1
  105. package/dist/lib/activitypub/delivery-service.d.ts +5 -5
  106. package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
  107. package/dist/lib/activitypub/delivery-service.js +10 -47
  108. package/dist/lib/activitypub/delivery-service.js.map +1 -1
  109. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
  110. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
  111. package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
  112. package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
  113. package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
  114. package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
  115. package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
  116. package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
  117. package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
  118. package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
  119. package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
  120. package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
  121. package/dist/lib/activitypub/dm-service.js +1 -5
  122. package/dist/lib/activitypub/dm-service.js.map +1 -1
  123. package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
  124. package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
  125. package/dist/lib/activitypub/entity-profile-service.js +6 -10
  126. package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
  127. package/dist/lib/activitypub/fedify/config.d.ts +3 -3
  128. package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
  129. package/dist/lib/activitypub/fedify/config.js +5 -8
  130. package/dist/lib/activitypub/fedify/config.js.map +1 -1
  131. package/dist/lib/activitypub/fedify/context.d.ts +1 -1
  132. package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
  133. package/dist/lib/activitypub/fedify/context.js +8 -12
  134. package/dist/lib/activitypub/fedify/context.js.map +1 -1
  135. package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
  136. package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
  137. package/dist/lib/activitypub/fedify/runtime.js +3 -6
  138. package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
  139. package/dist/lib/activitypub/friendship-service.js +1 -5
  140. package/dist/lib/activitypub/friendship-service.js.map +1 -1
  141. package/dist/lib/activitypub/group-service.d.ts +1 -1
  142. package/dist/lib/activitypub/group-service.d.ts.map +1 -1
  143. package/dist/lib/activitypub/group-service.js +9 -46
  144. package/dist/lib/activitypub/group-service.js.map +1 -1
  145. package/dist/lib/activitypub/http-signatures.js +8 -45
  146. package/dist/lib/activitypub/http-signatures.js.map +1 -1
  147. package/dist/lib/activitypub/jsonld.d.ts +1 -1
  148. package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
  149. package/dist/lib/activitypub/jsonld.js +1 -5
  150. package/dist/lib/activitypub/jsonld.js.map +1 -1
  151. package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
  152. package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
  153. package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
  154. package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
  155. package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
  156. package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
  157. package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
  158. package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
  159. package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
  160. package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
  161. package/dist/lib/activitypub/listeners/inbox.js +31 -35
  162. package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
  163. package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
  164. package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
  165. package/dist/lib/activitypub/listeners/outbox.js +17 -20
  166. package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
  167. package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
  168. package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
  169. package/dist/lib/activitypub/remote-fetch-service.js +6 -10
  170. package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
  171. package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
  172. package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
  173. package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
  174. package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
  175. package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
  176. package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
  177. package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
  178. package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
  179. package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
  180. package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
  181. package/dist/lib/activitypub/services/fedify-converters.js +3 -8
  182. package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
  183. package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
  184. package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
  185. package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
  186. package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
  187. package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
  188. package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
  189. package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
  190. package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
  191. package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
  192. package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
  193. package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
  194. package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
  195. package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
  196. package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
  197. package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
  198. package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
  199. package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
  200. package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
  201. package/dist/lib/activitypub/standalone-mode.js +13 -50
  202. package/dist/lib/activitypub/standalone-mode.js.map +1 -1
  203. package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
  204. package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
  205. package/dist/lib/activitypub/webfinger/server.js +18 -54
  206. package/dist/lib/activitypub/webfinger/server.js.map +1 -1
  207. package/dist/lib/age-gate-middleware.d.ts +4 -4
  208. package/dist/lib/age-gate-middleware.d.ts.map +1 -1
  209. package/dist/lib/age-gate-middleware.js +3 -6
  210. package/dist/lib/age-gate-middleware.js.map +1 -1
  211. package/dist/lib/age-gate.js +3 -8
  212. package/dist/lib/age-gate.js.map +1 -1
  213. package/dist/lib/age-tier-transition.d.ts +1 -1
  214. package/dist/lib/age-tier-transition.d.ts.map +1 -1
  215. package/dist/lib/age-tier-transition.js +7 -44
  216. package/dist/lib/age-tier-transition.js.map +1 -1
  217. package/dist/lib/app.d.ts +76 -0
  218. package/dist/lib/app.d.ts.map +1 -0
  219. package/dist/lib/app.js +400 -0
  220. package/dist/lib/app.js.map +1 -0
  221. package/dist/lib/audit/csv-export.js +6 -13
  222. package/dist/lib/audit/csv-export.js.map +1 -1
  223. package/dist/lib/audit/pii-filter.d.ts +9 -0
  224. package/dist/lib/audit/pii-filter.d.ts.map +1 -1
  225. package/dist/lib/audit/pii-filter.js +57 -7
  226. package/dist/lib/audit/pii-filter.js.map +1 -1
  227. package/dist/lib/audit-actions.d.ts +94 -0
  228. package/dist/lib/audit-actions.d.ts.map +1 -0
  229. package/dist/lib/audit-actions.js +107 -0
  230. package/dist/lib/audit-actions.js.map +1 -0
  231. package/dist/lib/audit-composer.d.ts +174 -0
  232. package/dist/lib/audit-composer.d.ts.map +1 -0
  233. package/dist/lib/audit-composer.js +421 -0
  234. package/dist/lib/audit-composer.js.map +1 -0
  235. package/dist/lib/auth/auth-context.d.ts +1 -1
  236. package/dist/lib/auth/auth-context.js +1 -2
  237. package/dist/lib/auth/auth-context.js.map +1 -1
  238. package/dist/lib/auth/auth-middleware.d.ts +16 -2
  239. package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
  240. package/dist/lib/auth/auth-middleware.js +36 -45
  241. package/dist/lib/auth/auth-middleware.js.map +1 -1
  242. package/dist/lib/auth/capabilities.js +2 -5
  243. package/dist/lib/auth/capabilities.js.map +1 -1
  244. package/dist/lib/auth/claims-cache.d.ts +2 -2
  245. package/dist/lib/auth/claims-cache.js +19 -24
  246. package/dist/lib/auth/claims-cache.js.map +1 -1
  247. package/dist/lib/auth/cognito-jwt.d.ts +20 -2
  248. package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
  249. package/dist/lib/auth/cognito-jwt.js +83 -23
  250. package/dist/lib/auth/cognito-jwt.js.map +1 -1
  251. package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
  252. package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
  253. package/dist/lib/auth/idp-redirect-builder.js +4 -10
  254. package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
  255. package/dist/lib/auth/require.d.ts +4 -4
  256. package/dist/lib/auth/require.d.ts.map +1 -1
  257. package/dist/lib/auth/require.js +11 -18
  258. package/dist/lib/auth/require.js.map +1 -1
  259. package/dist/lib/auth/role-grants.d.ts +1 -1
  260. package/dist/lib/auth/role-grants.d.ts.map +1 -1
  261. package/dist/lib/auth/role-grants.js +28 -31
  262. package/dist/lib/auth/role-grants.js.map +1 -1
  263. package/dist/lib/auth-context-manager.js +1 -5
  264. package/dist/lib/auth-context-manager.js.map +1 -1
  265. package/dist/lib/auth-handler.d.ts +5 -5
  266. package/dist/lib/auth-handler.d.ts.map +1 -1
  267. package/dist/lib/auth-handler.js +5 -9
  268. package/dist/lib/auth-handler.js.map +1 -1
  269. package/dist/lib/badge-handler.d.ts +1 -1
  270. package/dist/lib/badge-handler.d.ts.map +1 -1
  271. package/dist/lib/badge-handler.js +14 -52
  272. package/dist/lib/badge-handler.js.map +1 -1
  273. package/dist/lib/circle-handler.d.ts +10 -10
  274. package/dist/lib/circle-handler.d.ts.map +1 -1
  275. package/dist/lib/circle-handler.js +10 -47
  276. package/dist/lib/circle-handler.js.map +1 -1
  277. package/dist/lib/cognito/idp-sdk.js +11 -18
  278. package/dist/lib/cognito/idp-sdk.js.map +1 -1
  279. package/dist/lib/cognito/issuer-probe.js +9 -14
  280. package/dist/lib/cognito/issuer-probe.js.map +1 -1
  281. package/dist/lib/comment-handler.d.ts +10 -10
  282. package/dist/lib/comment-handler.d.ts.map +1 -1
  283. package/dist/lib/comment-handler.js +61 -97
  284. package/dist/lib/comment-handler.js.map +1 -1
  285. package/dist/lib/compliance/baseline.d.ts +2 -2
  286. package/dist/lib/compliance/baseline.d.ts.map +1 -1
  287. package/dist/lib/compliance/baseline.js +15 -18
  288. package/dist/lib/compliance/baseline.js.map +1 -1
  289. package/dist/lib/compliance/tenant-merge.d.ts +1 -1
  290. package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
  291. package/dist/lib/compliance/tenant-merge.js +1 -4
  292. package/dist/lib/compliance/tenant-merge.js.map +1 -1
  293. package/dist/lib/compliance/types.d.ts +1 -1
  294. package/dist/lib/compliance/types.js +2 -3
  295. package/dist/lib/compliance/types.js.map +1 -1
  296. package/dist/lib/connection-code-handler.d.ts +7 -7
  297. package/dist/lib/connection-code-handler.d.ts.map +1 -1
  298. package/dist/lib/connection-code-handler.js +13 -50
  299. package/dist/lib/connection-code-handler.js.map +1 -1
  300. package/dist/lib/content-discovery.d.ts +1 -1
  301. package/dist/lib/content-discovery.d.ts.map +1 -1
  302. package/dist/lib/content-discovery.js +15 -52
  303. package/dist/lib/content-discovery.js.map +1 -1
  304. package/dist/lib/context-aware-data-access.d.ts +1 -1
  305. package/dist/lib/context-aware-data-access.d.ts.map +1 -1
  306. package/dist/lib/context-aware-data-access.js +1 -5
  307. package/dist/lib/context-aware-data-access.js.map +1 -1
  308. package/dist/lib/cors-handler.d.ts +1 -1
  309. package/dist/lib/cors-handler.d.ts.map +1 -1
  310. package/dist/lib/cors-handler.js +13 -17
  311. package/dist/lib/cors-handler.js.map +1 -1
  312. package/dist/lib/cost-accumulator.d.ts.map +1 -1
  313. package/dist/lib/cost-accumulator.js +7 -11
  314. package/dist/lib/cost-accumulator.js.map +1 -1
  315. package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
  316. package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
  317. package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
  318. package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
  319. package/dist/lib/crypto/voting/hash-utils.js +6 -12
  320. package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
  321. package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
  322. package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
  323. package/dist/lib/crypto/voting/index.js +4 -14
  324. package/dist/lib/crypto/voting/index.js.map +1 -1
  325. package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
  326. package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
  327. package/dist/lib/csrf.d.ts +2 -2
  328. package/dist/lib/csrf.d.ts.map +1 -1
  329. package/dist/lib/csrf.js +1 -5
  330. package/dist/lib/csrf.js.map +1 -1
  331. package/dist/lib/data-router.d.ts +5 -4
  332. package/dist/lib/data-router.d.ts.map +1 -1
  333. package/dist/lib/data-router.js +60 -90
  334. package/dist/lib/data-router.js.map +1 -1
  335. package/dist/lib/database-circuit-breaker.d.ts +61 -34
  336. package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
  337. package/dist/lib/database-circuit-breaker.js +102 -109
  338. package/dist/lib/database-circuit-breaker.js.map +1 -1
  339. package/dist/lib/database-config.js +1 -4
  340. package/dist/lib/database-config.js.map +1 -1
  341. package/dist/lib/database-connection-manager.d.ts +42 -2
  342. package/dist/lib/database-connection-manager.d.ts.map +1 -1
  343. package/dist/lib/database-connection-manager.js +178 -74
  344. package/dist/lib/database-connection-manager.js.map +1 -1
  345. package/dist/lib/database-monitor.d.ts +1 -1
  346. package/dist/lib/database-monitor.d.ts.map +1 -1
  347. package/dist/lib/database-monitor.js +5 -9
  348. package/dist/lib/database-monitor.js.map +1 -1
  349. package/dist/lib/database-rate-limiter.d.ts +1 -1
  350. package/dist/lib/database-rate-limiter.d.ts.map +1 -1
  351. package/dist/lib/database-rate-limiter.js +3 -7
  352. package/dist/lib/database-rate-limiter.js.map +1 -1
  353. package/dist/lib/database-wrapper-helper.d.ts +2 -2
  354. package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
  355. package/dist/lib/database-wrapper-helper.js +7 -11
  356. package/dist/lib/database-wrapper-helper.js.map +1 -1
  357. package/dist/lib/database-wrapper.d.ts +1 -1
  358. package/dist/lib/database-wrapper.d.ts.map +1 -1
  359. package/dist/lib/database-wrapper.js +5 -9
  360. package/dist/lib/database-wrapper.js.map +1 -1
  361. package/dist/lib/db-query-helper.d.ts +3 -3
  362. package/dist/lib/db-query-helper.d.ts.map +1 -1
  363. package/dist/lib/db-query-helper.js +4 -9
  364. package/dist/lib/db-query-helper.js.map +1 -1
  365. package/dist/lib/discovery-exposure.d.ts +42 -0
  366. package/dist/lib/discovery-exposure.d.ts.map +1 -0
  367. package/dist/lib/discovery-exposure.js +89 -0
  368. package/dist/lib/discovery-exposure.js.map +1 -0
  369. package/dist/lib/discovery-handler.d.ts +6 -6
  370. package/dist/lib/discovery-handler.d.ts.map +1 -1
  371. package/dist/lib/discovery-handler.js +10 -43
  372. package/dist/lib/discovery-handler.js.map +1 -1
  373. package/dist/lib/domain-reputation-service.d.ts +1 -1
  374. package/dist/lib/domain-reputation-service.d.ts.map +1 -1
  375. package/dist/lib/domain-reputation-service.js +12 -15
  376. package/dist/lib/domain-reputation-service.js.map +1 -1
  377. package/dist/lib/email-privacy.js +4 -8
  378. package/dist/lib/email-privacy.js.map +1 -1
  379. package/dist/lib/email-provider.d.ts +2 -2
  380. package/dist/lib/email-provider.d.ts.map +1 -1
  381. package/dist/lib/email-provider.js +8 -16
  382. package/dist/lib/email-provider.js.map +1 -1
  383. package/dist/lib/entity-handler.d.ts +5 -6
  384. package/dist/lib/entity-handler.d.ts.map +1 -1
  385. package/dist/lib/entity-handler.js +45 -80
  386. package/dist/lib/entity-handler.js.map +1 -1
  387. package/dist/lib/entity-relationship-handler.d.ts +9 -9
  388. package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
  389. package/dist/lib/entity-relationship-handler.js +14 -51
  390. package/dist/lib/entity-relationship-handler.js.map +1 -1
  391. package/dist/lib/entity-tagging-errors.js +4 -11
  392. package/dist/lib/entity-tagging-errors.js.map +1 -1
  393. package/dist/lib/entity-tagging-validator.d.ts +3 -3
  394. package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
  395. package/dist/lib/entity-tagging-validator.js +6 -11
  396. package/dist/lib/entity-tagging-validator.js.map +1 -1
  397. package/dist/lib/exif-stripper.js +1 -4
  398. package/dist/lib/exif-stripper.js.map +1 -1
  399. package/dist/lib/extension-context.d.ts +2 -2
  400. package/dist/lib/extension-context.d.ts.map +1 -1
  401. package/dist/lib/extension-context.js +1 -4
  402. package/dist/lib/extension-context.js.map +1 -1
  403. package/dist/lib/extension-route-wrapper.d.ts +1 -1
  404. package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
  405. package/dist/lib/extension-route-wrapper.js +17 -55
  406. package/dist/lib/extension-route-wrapper.js.map +1 -1
  407. package/dist/lib/extension-validator.js +3 -6
  408. package/dist/lib/extension-validator.js.map +1 -1
  409. package/dist/lib/feature-flags.d.ts +5 -2
  410. package/dist/lib/feature-flags.d.ts.map +1 -1
  411. package/dist/lib/feature-flags.js +15 -48
  412. package/dist/lib/feature-flags.js.map +1 -1
  413. package/dist/lib/feature-toggle-global-client.d.ts +6 -0
  414. package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
  415. package/dist/lib/feature-toggle-global-client.js +73 -0
  416. package/dist/lib/feature-toggle-global-client.js.map +1 -0
  417. package/dist/lib/feature-toggle-service.d.ts +137 -27
  418. package/dist/lib/feature-toggle-service.d.ts.map +1 -1
  419. package/dist/lib/feature-toggle-service.js +302 -119
  420. package/dist/lib/feature-toggle-service.js.map +1 -1
  421. package/dist/lib/feed-handler.d.ts +8 -8
  422. package/dist/lib/feed-handler.d.ts.map +1 -1
  423. package/dist/lib/feed-handler.js +33 -62
  424. package/dist/lib/feed-handler.js.map +1 -1
  425. package/dist/lib/feed-pagination.d.ts +26 -0
  426. package/dist/lib/feed-pagination.d.ts.map +1 -1
  427. package/dist/lib/feed-pagination.js +31 -11
  428. package/dist/lib/feed-pagination.js.map +1 -1
  429. package/dist/lib/feed-personalization.d.ts +1 -1
  430. package/dist/lib/feed-personalization.d.ts.map +1 -1
  431. package/dist/lib/feed-personalization.js +6 -43
  432. package/dist/lib/feed-personalization.js.map +1 -1
  433. package/dist/lib/followers-events.js +8 -13
  434. package/dist/lib/followers-events.js.map +1 -1
  435. package/dist/lib/friends-handler.d.ts +2 -2
  436. package/dist/lib/friends-handler.d.ts.map +1 -1
  437. package/dist/lib/friends-handler.js +9 -46
  438. package/dist/lib/friends-handler.js.map +1 -1
  439. package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
  440. package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
  441. package/dist/lib/geo/entity-geo-repository.js +91 -0
  442. package/dist/lib/geo/entity-geo-repository.js.map +1 -0
  443. package/dist/lib/graph/errors.d.ts.map +1 -1
  444. package/dist/lib/graph/errors.js +13 -18
  445. package/dist/lib/graph/errors.js.map +1 -1
  446. package/dist/lib/graph/graph-factory.d.ts +12 -53
  447. package/dist/lib/graph/graph-factory.d.ts.map +1 -1
  448. package/dist/lib/graph/graph-factory.js +67 -162
  449. package/dist/lib/graph/graph-factory.js.map +1 -1
  450. package/dist/lib/graph/graph-service.d.ts +1 -1
  451. package/dist/lib/graph/graph-service.d.ts.map +1 -1
  452. package/dist/lib/graph/graph-service.js +1 -2
  453. package/dist/lib/graph/graph-service.js.map +1 -1
  454. package/dist/lib/graph/index.d.ts +10 -14
  455. package/dist/lib/graph/index.d.ts.map +1 -1
  456. package/dist/lib/graph/index.js +12 -46
  457. package/dist/lib/graph/index.js.map +1 -1
  458. package/dist/lib/graph/postgres/_shared.d.ts +18 -0
  459. package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
  460. package/dist/lib/graph/postgres/_shared.js +24 -0
  461. package/dist/lib/graph/postgres/_shared.js.map +1 -0
  462. package/dist/lib/graph/postgres/circles.d.ts +66 -0
  463. package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
  464. package/dist/lib/graph/postgres/circles.js +513 -0
  465. package/dist/lib/graph/postgres/circles.js.map +1 -0
  466. package/dist/lib/graph/postgres/discovery.d.ts +165 -0
  467. package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
  468. package/dist/lib/graph/postgres/discovery.js +579 -0
  469. package/dist/lib/graph/postgres/discovery.js.map +1 -0
  470. package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
  471. package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
  472. package/dist/lib/graph/postgres/entity-relationships.js +304 -0
  473. package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
  474. package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
  475. package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
  476. package/dist/lib/graph/postgres/interaction-events.js +162 -0
  477. package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
  478. package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
  479. package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
  480. package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
  481. package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
  482. package/dist/lib/graph/postgres/relationships.d.ts +58 -0
  483. package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
  484. package/dist/lib/graph/postgres/relationships.js +314 -0
  485. package/dist/lib/graph/postgres/relationships.js.map +1 -0
  486. package/dist/lib/graph/postgres/scoring.d.ts +74 -0
  487. package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
  488. package/dist/lib/graph/postgres/scoring.js +297 -0
  489. package/dist/lib/graph/postgres/scoring.js.map +1 -0
  490. package/dist/lib/graph/postgres/sync.d.ts +149 -0
  491. package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
  492. package/dist/lib/graph/postgres/sync.js +269 -0
  493. package/dist/lib/graph/postgres/sync.js.map +1 -0
  494. package/dist/lib/graph/scoring-engine.d.ts +7 -1
  495. package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
  496. package/dist/lib/graph/scoring-engine.js +29 -35
  497. package/dist/lib/graph/scoring-engine.js.map +1 -1
  498. package/dist/lib/graph/types.d.ts +18 -1
  499. package/dist/lib/graph/types.d.ts.map +1 -1
  500. package/dist/lib/graph/types.js +1 -2
  501. package/dist/lib/graph/types.js.map +1 -1
  502. package/dist/lib/hook-dispatcher.d.ts +1 -1
  503. package/dist/lib/hook-dispatcher.d.ts.map +1 -1
  504. package/dist/lib/hook-dispatcher.js +8 -12
  505. package/dist/lib/hook-dispatcher.js.map +1 -1
  506. package/dist/lib/input-sanitizer.js +1 -5
  507. package/dist/lib/input-sanitizer.js.map +1 -1
  508. package/dist/lib/internal-docs-handler.d.ts +2 -2
  509. package/dist/lib/internal-docs-handler.d.ts.map +1 -1
  510. package/dist/lib/internal-docs-handler.js +20 -28
  511. package/dist/lib/internal-docs-handler.js.map +1 -1
  512. package/dist/lib/internal-docs-navigation.js +2 -6
  513. package/dist/lib/internal-docs-navigation.js.map +1 -1
  514. package/dist/lib/invitation-handler.d.ts +2 -2
  515. package/dist/lib/invitation-handler.d.ts.map +1 -1
  516. package/dist/lib/invitation-handler.js +41 -82
  517. package/dist/lib/invitation-handler.js.map +1 -1
  518. package/dist/lib/ip-scrubber.js +3 -8
  519. package/dist/lib/ip-scrubber.js.map +1 -1
  520. package/dist/lib/link-security-handler.d.ts +3 -2
  521. package/dist/lib/link-security-handler.d.ts.map +1 -1
  522. package/dist/lib/link-security-handler.js +8 -44
  523. package/dist/lib/link-security-handler.js.map +1 -1
  524. package/dist/lib/logger.d.ts +31 -82
  525. package/dist/lib/logger.d.ts.map +1 -1
  526. package/dist/lib/logger.js +43 -185
  527. package/dist/lib/logger.js.map +1 -1
  528. package/dist/lib/media-cleanup-handler.d.ts +2 -2
  529. package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
  530. package/dist/lib/media-cleanup-handler.js +7 -11
  531. package/dist/lib/media-cleanup-handler.js.map +1 -1
  532. package/dist/lib/media-handler.d.ts +1 -1
  533. package/dist/lib/media-handler.d.ts.map +1 -1
  534. package/dist/lib/media-handler.js +36 -73
  535. package/dist/lib/media-handler.js.map +1 -1
  536. package/dist/lib/media-metadata-extractor.d.ts +1 -1
  537. package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
  538. package/dist/lib/media-metadata-extractor.js +3 -7
  539. package/dist/lib/media-metadata-extractor.js.map +1 -1
  540. package/dist/lib/media-metrics.d.ts +2 -2
  541. package/dist/lib/media-metrics.d.ts.map +1 -1
  542. package/dist/lib/media-metrics.js +3 -7
  543. package/dist/lib/media-metrics.js.map +1 -1
  544. package/dist/lib/metadata/index.d.ts +5 -5
  545. package/dist/lib/metadata/index.d.ts.map +1 -1
  546. package/dist/lib/metadata/index.js +5 -21
  547. package/dist/lib/metadata/index.js.map +1 -1
  548. package/dist/lib/metadata/metadata-config.js +2 -5
  549. package/dist/lib/metadata/metadata-config.js.map +1 -1
  550. package/dist/lib/metadata/metadata-errors.js +2 -7
  551. package/dist/lib/metadata/metadata-errors.js.map +1 -1
  552. package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
  553. package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
  554. package/dist/lib/metadata/metadata-extractor.js +42 -82
  555. package/dist/lib/metadata/metadata-extractor.js.map +1 -1
  556. package/dist/lib/metadata/metadata-sanitizer.js +17 -24
  557. package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
  558. package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
  559. package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
  560. package/dist/lib/metadata/metadata-schemas.js +31 -34
  561. package/dist/lib/metadata/metadata-schemas.js.map +1 -1
  562. package/dist/lib/mfa/mfa-handler.d.ts +1 -1
  563. package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
  564. package/dist/lib/mfa/mfa-handler.js +13 -17
  565. package/dist/lib/mfa/mfa-handler.js.map +1 -1
  566. package/dist/lib/mfa/totp-service.js +8 -18
  567. package/dist/lib/mfa/totp-service.js.map +1 -1
  568. package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
  569. package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
  570. package/dist/lib/middleware/comment-rate-limit.js +7 -10
  571. package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
  572. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
  573. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
  574. package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
  575. package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
  576. package/dist/lib/middleware/idempotency-store.js +20 -26
  577. package/dist/lib/middleware/idempotency-store.js.map +1 -1
  578. package/dist/lib/middleware/idempotency.d.ts +2 -2
  579. package/dist/lib/middleware/idempotency.d.ts.map +1 -1
  580. package/dist/lib/middleware/idempotency.js +12 -50
  581. package/dist/lib/middleware/idempotency.js.map +1 -1
  582. package/dist/lib/middleware.d.ts +22 -9
  583. package/dist/lib/middleware.d.ts.map +1 -1
  584. package/dist/lib/middleware.js +72 -153
  585. package/dist/lib/middleware.js.map +1 -1
  586. package/dist/lib/moderation-handler.d.ts +1 -1
  587. package/dist/lib/moderation-handler.d.ts.map +1 -1
  588. package/dist/lib/moderation-handler.js +15 -54
  589. package/dist/lib/moderation-handler.js.map +1 -1
  590. package/dist/lib/net/trusted-client-ip.d.ts +8 -30
  591. package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
  592. package/dist/lib/net/trusted-client-ip.js +13 -94
  593. package/dist/lib/net/trusted-client-ip.js.map +1 -1
  594. package/dist/lib/notification-handler.d.ts +1 -1
  595. package/dist/lib/notification-handler.d.ts.map +1 -1
  596. package/dist/lib/notification-handler.js +10 -15
  597. package/dist/lib/notification-handler.js.map +1 -1
  598. package/dist/lib/notification-preferences-handler.d.ts +1 -1
  599. package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
  600. package/dist/lib/notification-preferences-handler.js +7 -11
  601. package/dist/lib/notification-preferences-handler.js.map +1 -1
  602. package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
  603. package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
  604. package/dist/lib/oauth/cognito-issuer.js +5 -10
  605. package/dist/lib/oauth/cognito-issuer.js.map +1 -1
  606. package/dist/lib/oauth/device-authorization.d.ts +1 -1
  607. package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
  608. package/dist/lib/oauth/device-authorization.js +62 -77
  609. package/dist/lib/oauth/device-authorization.js.map +1 -1
  610. package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
  611. package/dist/lib/oauth/envelope-crypto.js +22 -34
  612. package/dist/lib/oauth/envelope-crypto.js.map +1 -1
  613. package/dist/lib/oauth/refresh-detection.js +42 -52
  614. package/dist/lib/oauth/refresh-detection.js.map +1 -1
  615. package/dist/lib/openai-budget.d.ts.map +1 -1
  616. package/dist/lib/openai-budget.js +7 -44
  617. package/dist/lib/openai-budget.js.map +1 -1
  618. package/dist/lib/openapi/generator.d.ts +1 -1
  619. package/dist/lib/openapi/generator.d.ts.map +1 -1
  620. package/dist/lib/openapi/generator.js +2 -6
  621. package/dist/lib/openapi/generator.js.map +1 -1
  622. package/dist/lib/orphaned-media-handler.d.ts +1 -1
  623. package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
  624. package/dist/lib/orphaned-media-handler.js +9 -46
  625. package/dist/lib/orphaned-media-handler.js.map +1 -1
  626. package/dist/lib/parental-control-handler.d.ts +2 -2
  627. package/dist/lib/parental-control-handler.d.ts.map +1 -1
  628. package/dist/lib/parental-control-handler.js +18 -55
  629. package/dist/lib/parental-control-handler.js.map +1 -1
  630. package/dist/lib/parental-link-handler.d.ts +8 -8
  631. package/dist/lib/parental-link-handler.d.ts.map +1 -1
  632. package/dist/lib/parental-link-handler.js +10 -14
  633. package/dist/lib/parental-link-handler.js.map +1 -1
  634. package/dist/lib/performance-metrics.d.ts +1 -1
  635. package/dist/lib/performance-metrics.d.ts.map +1 -1
  636. package/dist/lib/performance-metrics.js +3 -6
  637. package/dist/lib/performance-metrics.js.map +1 -1
  638. package/dist/lib/post-handler.d.ts +9 -9
  639. package/dist/lib/post-handler.d.ts.map +1 -1
  640. package/dist/lib/post-handler.js +67 -101
  641. package/dist/lib/post-handler.js.map +1 -1
  642. package/dist/lib/privacy-defaults.js +3 -8
  643. package/dist/lib/privacy-defaults.js.map +1 -1
  644. package/dist/lib/privacy-handler.d.ts +2 -2
  645. package/dist/lib/privacy-handler.d.ts.map +1 -1
  646. package/dist/lib/privacy-handler.js +6 -10
  647. package/dist/lib/privacy-handler.js.map +1 -1
  648. package/dist/lib/pseudonym.d.ts +56 -0
  649. package/dist/lib/pseudonym.d.ts.map +1 -0
  650. package/dist/lib/pseudonym.js +85 -0
  651. package/dist/lib/pseudonym.js.map +1 -0
  652. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
  653. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
  654. package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
  655. package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
  656. package/dist/lib/quiet-hours.js +2 -6
  657. package/dist/lib/quiet-hours.js.map +1 -1
  658. package/dist/lib/rate-limit.d.ts +58 -47
  659. package/dist/lib/rate-limit.d.ts.map +1 -1
  660. package/dist/lib/rate-limit.js +168 -157
  661. package/dist/lib/rate-limit.js.map +1 -1
  662. package/dist/lib/reaction-handler.d.ts +10 -10
  663. package/dist/lib/reaction-handler.d.ts.map +1 -1
  664. package/dist/lib/reaction-handler.js +44 -80
  665. package/dist/lib/reaction-handler.js.map +1 -1
  666. package/dist/lib/recaptcha.js +6 -9
  667. package/dist/lib/recaptcha.js.map +1 -1
  668. package/dist/lib/redirect-resolver.d.ts +2 -2
  669. package/dist/lib/redirect-resolver.d.ts.map +1 -1
  670. package/dist/lib/redirect-resolver.js +5 -9
  671. package/dist/lib/redirect-resolver.js.map +1 -1
  672. package/dist/lib/region-config.d.ts +3 -3
  673. package/dist/lib/region-config.d.ts.map +1 -1
  674. package/dist/lib/region-config.js +15 -58
  675. package/dist/lib/region-config.js.map +1 -1
  676. package/dist/lib/region-detection.d.ts +55 -24
  677. package/dist/lib/region-detection.d.ts.map +1 -1
  678. package/dist/lib/region-detection.js +140 -199
  679. package/dist/lib/region-detection.js.map +1 -1
  680. package/dist/lib/region-registry.d.ts +49 -0
  681. package/dist/lib/region-registry.d.ts.map +1 -0
  682. package/dist/lib/region-registry.js +112 -0
  683. package/dist/lib/region-registry.js.map +1 -0
  684. package/dist/lib/relationship-handler.d.ts +9 -9
  685. package/dist/lib/relationship-handler.d.ts.map +1 -1
  686. package/dist/lib/relationship-handler.js +12 -49
  687. package/dist/lib/relationship-handler.js.map +1 -1
  688. package/dist/lib/request-context.d.ts +16 -16
  689. package/dist/lib/request-context.d.ts.map +1 -1
  690. package/dist/lib/request-context.js +14 -22
  691. package/dist/lib/request-context.js.map +1 -1
  692. package/dist/lib/route-helpers.d.ts +3 -4
  693. package/dist/lib/route-helpers.d.ts.map +1 -1
  694. package/dist/lib/route-helpers.js +20 -75
  695. package/dist/lib/route-helpers.js.map +1 -1
  696. package/dist/lib/routes/activitypub/actor.d.ts +1 -1
  697. package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
  698. package/dist/lib/routes/activitypub/actor.js +20 -23
  699. package/dist/lib/routes/activitypub/actor.js.map +1 -1
  700. package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
  701. package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
  702. package/dist/lib/routes/activitypub/audiences.js +76 -80
  703. package/dist/lib/routes/activitypub/audiences.js.map +1 -1
  704. package/dist/lib/routes/activitypub/collections.d.ts +1 -1
  705. package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
  706. package/dist/lib/routes/activitypub/collections.js +24 -26
  707. package/dist/lib/routes/activitypub/collections.js.map +1 -1
  708. package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
  709. package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
  710. package/dist/lib/routes/activitypub/entity-profile.js +36 -39
  711. package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
  712. package/dist/lib/routes/activitypub/friends.d.ts +1 -1
  713. package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
  714. package/dist/lib/routes/activitypub/friends.js +9 -12
  715. package/dist/lib/routes/activitypub/friends.js.map +1 -1
  716. package/dist/lib/routes/activitypub/group.d.ts +1 -1
  717. package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
  718. package/dist/lib/routes/activitypub/group.js +91 -94
  719. package/dist/lib/routes/activitypub/group.js.map +1 -1
  720. package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
  721. package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
  722. package/dist/lib/routes/activitypub/inbox.js +30 -33
  723. package/dist/lib/routes/activitypub/inbox.js.map +1 -1
  724. package/dist/lib/routes/activitypub/messages.d.ts +1 -1
  725. package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
  726. package/dist/lib/routes/activitypub/messages.js +79 -83
  727. package/dist/lib/routes/activitypub/messages.js.map +1 -1
  728. package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
  729. package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
  730. package/dist/lib/routes/activitypub/outbox.js +9 -12
  731. package/dist/lib/routes/activitypub/outbox.js.map +1 -1
  732. package/dist/lib/routes/activitypub/post.d.ts +1 -1
  733. package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
  734. package/dist/lib/routes/activitypub/post.js +32 -35
  735. package/dist/lib/routes/activitypub/post.js.map +1 -1
  736. package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
  737. package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
  738. package/dist/lib/routes/activitypub/webfinger.js +5 -8
  739. package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
  740. package/dist/lib/routes/admin-costs.d.ts +1 -1
  741. package/dist/lib/routes/admin-costs.d.ts.map +1 -1
  742. package/dist/lib/routes/admin-costs.js +22 -26
  743. package/dist/lib/routes/admin-costs.js.map +1 -1
  744. package/dist/lib/routes/admin.d.ts +1 -1
  745. package/dist/lib/routes/admin.d.ts.map +1 -1
  746. package/dist/lib/routes/admin.js +290 -269
  747. package/dist/lib/routes/admin.js.map +1 -1
  748. package/dist/lib/routes/agent-authorize.d.ts +5 -5
  749. package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
  750. package/dist/lib/routes/agent-authorize.js +68 -74
  751. package/dist/lib/routes/agent-authorize.js.map +1 -1
  752. package/dist/lib/routes/agent-sessions.d.ts +4 -4
  753. package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
  754. package/dist/lib/routes/agent-sessions.js +30 -35
  755. package/dist/lib/routes/agent-sessions.js.map +1 -1
  756. package/dist/lib/routes/agent-surface.d.ts +2 -2
  757. package/dist/lib/routes/agent-surface.d.ts.map +1 -1
  758. package/dist/lib/routes/agent-surface.js +20 -24
  759. package/dist/lib/routes/agent-surface.js.map +1 -1
  760. package/dist/lib/routes/auth-discover.d.ts +1 -1
  761. package/dist/lib/routes/auth-discover.d.ts.map +1 -1
  762. package/dist/lib/routes/auth-discover.js +20 -56
  763. package/dist/lib/routes/auth-discover.js.map +1 -1
  764. package/dist/lib/routes/auth.d.ts +1 -1
  765. package/dist/lib/routes/auth.d.ts.map +1 -1
  766. package/dist/lib/routes/auth.js +13 -16
  767. package/dist/lib/routes/auth.js.map +1 -1
  768. package/dist/lib/routes/badges.d.ts +1 -1
  769. package/dist/lib/routes/badges.d.ts.map +1 -1
  770. package/dist/lib/routes/badges.js +20 -23
  771. package/dist/lib/routes/badges.js.map +1 -1
  772. package/dist/lib/routes/circles.d.ts +1 -1
  773. package/dist/lib/routes/circles.d.ts.map +1 -1
  774. package/dist/lib/routes/circles.js +40 -44
  775. package/dist/lib/routes/circles.js.map +1 -1
  776. package/dist/lib/routes/comments.d.ts +1 -1
  777. package/dist/lib/routes/comments.d.ts.map +1 -1
  778. package/dist/lib/routes/comments.js +67 -71
  779. package/dist/lib/routes/comments.js.map +1 -1
  780. package/dist/lib/routes/connection-codes.d.ts +1 -1
  781. package/dist/lib/routes/connection-codes.d.ts.map +1 -1
  782. package/dist/lib/routes/connection-codes.js +30 -34
  783. package/dist/lib/routes/connection-codes.js.map +1 -1
  784. package/dist/lib/routes/content-discovery.d.ts +1 -1
  785. package/dist/lib/routes/content-discovery.d.ts.map +1 -1
  786. package/dist/lib/routes/content-discovery.js +31 -34
  787. package/dist/lib/routes/content-discovery.js.map +1 -1
  788. package/dist/lib/routes/dashboard.d.ts +1 -1
  789. package/dist/lib/routes/dashboard.d.ts.map +1 -1
  790. package/dist/lib/routes/dashboard.js +251 -288
  791. package/dist/lib/routes/dashboard.js.map +1 -1
  792. package/dist/lib/routes/deletion.d.ts +1 -1
  793. package/dist/lib/routes/deletion.d.ts.map +1 -1
  794. package/dist/lib/routes/deletion.js +37 -74
  795. package/dist/lib/routes/deletion.js.map +1 -1
  796. package/dist/lib/routes/discovery.d.ts +1 -1
  797. package/dist/lib/routes/discovery.d.ts.map +1 -1
  798. package/dist/lib/routes/discovery.js +20 -24
  799. package/dist/lib/routes/discovery.js.map +1 -1
  800. package/dist/lib/routes/employees.d.ts +1 -1
  801. package/dist/lib/routes/employees.d.ts.map +1 -1
  802. package/dist/lib/routes/employees.js +15 -52
  803. package/dist/lib/routes/employees.js.map +1 -1
  804. package/dist/lib/routes/entities.d.ts +1 -1
  805. package/dist/lib/routes/entities.d.ts.map +1 -1
  806. package/dist/lib/routes/entities.js +133 -137
  807. package/dist/lib/routes/entities.js.map +1 -1
  808. package/dist/lib/routes/entity-relationships.d.ts +1 -1
  809. package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
  810. package/dist/lib/routes/entity-relationships.js +35 -39
  811. package/dist/lib/routes/entity-relationships.js.map +1 -1
  812. package/dist/lib/routes/errors.d.ts +1 -1
  813. package/dist/lib/routes/errors.d.ts.map +1 -1
  814. package/dist/lib/routes/errors.js +4 -10
  815. package/dist/lib/routes/errors.js.map +1 -1
  816. package/dist/lib/routes/export.d.ts +1 -1
  817. package/dist/lib/routes/export.d.ts.map +1 -1
  818. package/dist/lib/routes/export.js +31 -35
  819. package/dist/lib/routes/export.js.map +1 -1
  820. package/dist/lib/routes/feature-flags.d.ts +1 -1
  821. package/dist/lib/routes/feature-flags.d.ts.map +1 -1
  822. package/dist/lib/routes/feature-flags.js +20 -23
  823. package/dist/lib/routes/feature-flags.js.map +1 -1
  824. package/dist/lib/routes/feeds.d.ts +1 -1
  825. package/dist/lib/routes/feeds.d.ts.map +1 -1
  826. package/dist/lib/routes/feeds.js +42 -46
  827. package/dist/lib/routes/feeds.js.map +1 -1
  828. package/dist/lib/routes/friends.d.ts +1 -1
  829. package/dist/lib/routes/friends.d.ts.map +1 -1
  830. package/dist/lib/routes/friends.js +35 -39
  831. package/dist/lib/routes/friends.js.map +1 -1
  832. package/dist/lib/routes/health.d.ts +1 -1
  833. package/dist/lib/routes/health.d.ts.map +1 -1
  834. package/dist/lib/routes/health.js +23 -27
  835. package/dist/lib/routes/health.js.map +1 -1
  836. package/dist/lib/routes/index.d.ts +2 -7
  837. package/dist/lib/routes/index.d.ts.map +1 -1
  838. package/dist/lib/routes/index.js +137 -158
  839. package/dist/lib/routes/index.js.map +1 -1
  840. package/dist/lib/routes/internal-docs.d.ts +1 -1
  841. package/dist/lib/routes/internal-docs.d.ts.map +1 -1
  842. package/dist/lib/routes/internal-docs.js +13 -16
  843. package/dist/lib/routes/internal-docs.js.map +1 -1
  844. package/dist/lib/routes/invitations.d.ts +1 -1
  845. package/dist/lib/routes/invitations.d.ts.map +1 -1
  846. package/dist/lib/routes/invitations.js +19 -22
  847. package/dist/lib/routes/invitations.js.map +1 -1
  848. package/dist/lib/routes/link-reports.d.ts +2 -2
  849. package/dist/lib/routes/link-reports.d.ts.map +1 -1
  850. package/dist/lib/routes/link-reports.js +86 -48
  851. package/dist/lib/routes/link-reports.js.map +1 -1
  852. package/dist/lib/routes/map.d.ts +1 -1
  853. package/dist/lib/routes/map.d.ts.map +1 -1
  854. package/dist/lib/routes/map.js +5 -8
  855. package/dist/lib/routes/map.js.map +1 -1
  856. package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
  857. package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
  858. package/dist/lib/routes/media-metadata-visibility.js +30 -67
  859. package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
  860. package/dist/lib/routes/media.d.ts +1 -1
  861. package/dist/lib/routes/media.d.ts.map +1 -1
  862. package/dist/lib/routes/media.js +156 -193
  863. package/dist/lib/routes/media.js.map +1 -1
  864. package/dist/lib/routes/mfa.d.ts +1 -1
  865. package/dist/lib/routes/mfa.d.ts.map +1 -1
  866. package/dist/lib/routes/mfa.js +60 -64
  867. package/dist/lib/routes/mfa.js.map +1 -1
  868. package/dist/lib/routes/notifications.d.ts +1 -1
  869. package/dist/lib/routes/notifications.d.ts.map +1 -1
  870. package/dist/lib/routes/notifications.js +68 -72
  871. package/dist/lib/routes/notifications.js.map +1 -1
  872. package/dist/lib/routes/oauth.d.ts +1 -1
  873. package/dist/lib/routes/oauth.d.ts.map +1 -1
  874. package/dist/lib/routes/oauth.js +20 -23
  875. package/dist/lib/routes/oauth.js.map +1 -1
  876. package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
  877. package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
  878. package/dist/lib/routes/orphaned-media-health.js +10 -13
  879. package/dist/lib/routes/orphaned-media-health.js.map +1 -1
  880. package/dist/lib/routes/orphaned-media.d.ts +1 -1
  881. package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
  882. package/dist/lib/routes/orphaned-media.js +20 -57
  883. package/dist/lib/routes/orphaned-media.js.map +1 -1
  884. package/dist/lib/routes/out.d.ts +1 -1
  885. package/dist/lib/routes/out.d.ts.map +1 -1
  886. package/dist/lib/routes/out.js +21 -24
  887. package/dist/lib/routes/out.js.map +1 -1
  888. package/dist/lib/routes/parental-controls.d.ts +1 -1
  889. package/dist/lib/routes/parental-controls.d.ts.map +1 -1
  890. package/dist/lib/routes/parental-controls.js +91 -95
  891. package/dist/lib/routes/parental-controls.js.map +1 -1
  892. package/dist/lib/routes/posts.d.ts +1 -1
  893. package/dist/lib/routes/posts.d.ts.map +1 -1
  894. package/dist/lib/routes/posts.js +101 -105
  895. package/dist/lib/routes/posts.js.map +1 -1
  896. package/dist/lib/routes/privacy.d.ts +1 -1
  897. package/dist/lib/routes/privacy.d.ts.map +1 -1
  898. package/dist/lib/routes/privacy.js +21 -25
  899. package/dist/lib/routes/privacy.js.map +1 -1
  900. package/dist/lib/routes/products.d.ts +1 -1
  901. package/dist/lib/routes/products.d.ts.map +1 -1
  902. package/dist/lib/routes/products.js +44 -48
  903. package/dist/lib/routes/products.js.map +1 -1
  904. package/dist/lib/routes/relationships.d.ts +1 -1
  905. package/dist/lib/routes/relationships.d.ts.map +1 -1
  906. package/dist/lib/routes/relationships.js +35 -39
  907. package/dist/lib/routes/relationships.js.map +1 -1
  908. package/dist/lib/routes/sentiments.d.ts +1 -1
  909. package/dist/lib/routes/sentiments.d.ts.map +1 -1
  910. package/dist/lib/routes/sentiments.js +71 -75
  911. package/dist/lib/routes/sentiments.js.map +1 -1
  912. package/dist/lib/routes/setup-status.d.ts +1 -1
  913. package/dist/lib/routes/setup-status.d.ts.map +1 -1
  914. package/dist/lib/routes/setup-status.js +17 -20
  915. package/dist/lib/routes/setup-status.js.map +1 -1
  916. package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
  917. package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
  918. package/dist/lib/routes/taxonomy-analytics.js +29 -33
  919. package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
  920. package/dist/lib/routes/taxonomy.d.ts +1 -1
  921. package/dist/lib/routes/taxonomy.d.ts.map +1 -1
  922. package/dist/lib/routes/taxonomy.js +48 -51
  923. package/dist/lib/routes/taxonomy.js.map +1 -1
  924. package/dist/lib/routes/tenant-audit.d.ts +1 -1
  925. package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
  926. package/dist/lib/routes/tenant-audit.js +35 -92
  927. package/dist/lib/routes/tenant-audit.js.map +1 -1
  928. package/dist/lib/routes/tenant-compliance.d.ts +1 -1
  929. package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
  930. package/dist/lib/routes/tenant-compliance.js +16 -52
  931. package/dist/lib/routes/tenant-compliance.js.map +1 -1
  932. package/dist/lib/routes/tenant-domains.d.ts +1 -1
  933. package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
  934. package/dist/lib/routes/tenant-domains.js +27 -30
  935. package/dist/lib/routes/tenant-domains.js.map +1 -1
  936. package/dist/lib/routes/tenant-idp.d.ts +1 -1
  937. package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
  938. package/dist/lib/routes/tenant-idp.js +27 -30
  939. package/dist/lib/routes/tenant-idp.js.map +1 -1
  940. package/dist/lib/routes/tenant-members.d.ts +1 -1
  941. package/dist/lib/routes/tenant-members.d.ts.map +1 -1
  942. package/dist/lib/routes/tenant-members.js +21 -24
  943. package/dist/lib/routes/tenant-members.js.map +1 -1
  944. package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
  945. package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
  946. package/dist/lib/routes/tenant-role-mappings.js +27 -30
  947. package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
  948. package/dist/lib/routes/tenants.d.ts +1 -1
  949. package/dist/lib/routes/tenants.d.ts.map +1 -1
  950. package/dist/lib/routes/tenants.js +37 -40
  951. package/dist/lib/routes/tenants.js.map +1 -1
  952. package/dist/lib/routes/types.d.ts +10 -5
  953. package/dist/lib/routes/types.d.ts.map +1 -1
  954. package/dist/lib/routes/types.js +1 -2
  955. package/dist/lib/routes/types.js.map +1 -1
  956. package/dist/lib/routes/upload-sessions.d.ts +1 -1
  957. package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
  958. package/dist/lib/routes/upload-sessions.js +57 -94
  959. package/dist/lib/routes/upload-sessions.js.map +1 -1
  960. package/dist/lib/routes/user.d.ts +1 -1
  961. package/dist/lib/routes/user.d.ts.map +1 -1
  962. package/dist/lib/routes/user.js +137 -85
  963. package/dist/lib/routes/user.js.map +1 -1
  964. package/dist/lib/routes.d.ts +2 -2
  965. package/dist/lib/routes.d.ts.map +1 -1
  966. package/dist/lib/routes.js +2 -7
  967. package/dist/lib/routes.js.map +1 -1
  968. package/dist/lib/scaling-health.d.ts.map +1 -1
  969. package/dist/lib/scaling-health.js +6 -9
  970. package/dist/lib/scaling-health.js.map +1 -1
  971. package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
  972. package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
  973. package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
  974. package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
  975. package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
  976. package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
  977. package/dist/lib/schemas.d.ts +85 -204
  978. package/dist/lib/schemas.d.ts.map +1 -1
  979. package/dist/lib/schemas.js +71 -74
  980. package/dist/lib/schemas.js.map +1 -1
  981. package/dist/lib/secrets/idp-secrets.d.ts +1 -1
  982. package/dist/lib/secrets/idp-secrets.js +13 -19
  983. package/dist/lib/secrets/idp-secrets.js.map +1 -1
  984. package/dist/lib/security-event-cleaner.js +1 -5
  985. package/dist/lib/security-event-cleaner.js.map +1 -1
  986. package/dist/lib/security-headers.js +1 -5
  987. package/dist/lib/security-headers.js.map +1 -1
  988. package/dist/lib/security-monitor.d.ts +4 -2
  989. package/dist/lib/security-monitor.d.ts.map +1 -1
  990. package/dist/lib/security-monitor.js +16 -18
  991. package/dist/lib/security-monitor.js.map +1 -1
  992. package/dist/lib/sentiment-digest.d.ts +1 -1
  993. package/dist/lib/sentiment-digest.d.ts.map +1 -1
  994. package/dist/lib/sentiment-digest.js +5 -8
  995. package/dist/lib/sentiment-digest.js.map +1 -1
  996. package/dist/lib/sentiment-display.js +3 -7
  997. package/dist/lib/sentiment-display.js.map +1 -1
  998. package/dist/lib/services/image-normalizer.js +1 -5
  999. package/dist/lib/services/image-normalizer.js.map +1 -1
  1000. package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
  1001. package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
  1002. package/dist/lib/services/media-reconciliation-service.js +7 -11
  1003. package/dist/lib/services/media-reconciliation-service.js.map +1 -1
  1004. package/dist/lib/services/media-upload-service.d.ts +1 -1
  1005. package/dist/lib/services/media-upload-service.d.ts.map +1 -1
  1006. package/dist/lib/services/media-upload-service.js +4 -8
  1007. package/dist/lib/services/media-upload-service.js.map +1 -1
  1008. package/dist/lib/services/user-data-deletion.d.ts +45 -2
  1009. package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
  1010. package/dist/lib/services/user-data-deletion.js +87 -9
  1011. package/dist/lib/services/user-data-deletion.js.map +1 -1
  1012. package/dist/lib/session-awareness.js +2 -6
  1013. package/dist/lib/session-awareness.js.map +1 -1
  1014. package/dist/lib/session-config.js +8 -17
  1015. package/dist/lib/session-config.js.map +1 -1
  1016. package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
  1017. package/dist/lib/session-cookie.d.ts.map +1 -0
  1018. package/dist/lib/session-cookie.js +0 -0
  1019. package/dist/lib/session-cookie.js.map +1 -0
  1020. package/dist/lib/signup-metadata.d.ts +129 -0
  1021. package/dist/lib/signup-metadata.d.ts.map +1 -0
  1022. package/dist/lib/signup-metadata.js +127 -0
  1023. package/dist/lib/signup-metadata.js.map +1 -0
  1024. package/dist/lib/sso-auth-handler.js +1 -5
  1025. package/dist/lib/sso-auth-handler.js.map +1 -1
  1026. package/dist/lib/tag-suggestions-handler.d.ts +1 -1
  1027. package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
  1028. package/dist/lib/tag-suggestions-handler.js +1 -5
  1029. package/dist/lib/tag-suggestions-handler.js.map +1 -1
  1030. package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
  1031. package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
  1032. package/dist/lib/taxonomy-handler-factory.js +7 -10
  1033. package/dist/lib/taxonomy-handler-factory.js.map +1 -1
  1034. package/dist/lib/taxonomy-handler.d.ts +2 -2
  1035. package/dist/lib/taxonomy-handler.d.ts.map +1 -1
  1036. package/dist/lib/taxonomy-handler.js +8 -8
  1037. package/dist/lib/taxonomy-handler.js.map +1 -1
  1038. package/dist/lib/taxonomy-metrics.js +5 -9
  1039. package/dist/lib/taxonomy-metrics.js.map +1 -1
  1040. package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
  1041. package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
  1042. package/dist/lib/taxonomy-search-metrics.js +3 -7
  1043. package/dist/lib/taxonomy-search-metrics.js.map +1 -1
  1044. package/dist/lib/tenant/audit-emit.d.ts +18 -8
  1045. package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
  1046. package/dist/lib/tenant/audit-emit.js +50 -11
  1047. package/dist/lib/tenant/audit-emit.js.map +1 -1
  1048. package/dist/lib/tenant/derive-domain.js +1 -4
  1049. package/dist/lib/tenant/derive-domain.js.map +1 -1
  1050. package/dist/lib/tenant/domain-handler.d.ts +2 -2
  1051. package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
  1052. package/dist/lib/tenant/domain-handler.js +50 -62
  1053. package/dist/lib/tenant/domain-handler.js.map +1 -1
  1054. package/dist/lib/tenant/domain-validator.d.ts +1 -1
  1055. package/dist/lib/tenant/domain-validator.js +10 -13
  1056. package/dist/lib/tenant/domain-validator.js.map +1 -1
  1057. package/dist/lib/tenant/domain-verifier.d.ts +3 -3
  1058. package/dist/lib/tenant/domain-verifier.js +8 -11
  1059. package/dist/lib/tenant/domain-verifier.js.map +1 -1
  1060. package/dist/lib/tenant/idp-handler.d.ts +4 -4
  1061. package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
  1062. package/dist/lib/tenant/idp-handler.js +45 -82
  1063. package/dist/lib/tenant/idp-handler.js.map +1 -1
  1064. package/dist/lib/tenant/idp-name.js +1 -4
  1065. package/dist/lib/tenant/idp-name.js.map +1 -1
  1066. package/dist/lib/tenant/member-handler.d.ts +2 -2
  1067. package/dist/lib/tenant/member-handler.d.ts.map +1 -1
  1068. package/dist/lib/tenant/member-handler.js +30 -67
  1069. package/dist/lib/tenant/member-handler.js.map +1 -1
  1070. package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
  1071. package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
  1072. package/dist/lib/tenant/reserved-slugs.js +8 -14
  1073. package/dist/lib/tenant/reserved-slugs.js.map +1 -1
  1074. package/dist/lib/tenant/resolve-role.js +1 -4
  1075. package/dist/lib/tenant/resolve-role.js.map +1 -1
  1076. package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
  1077. package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
  1078. package/dist/lib/tenant/role-mapping-handler.js +24 -61
  1079. package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
  1080. package/dist/lib/tenant/setup-status.d.ts +1 -1
  1081. package/dist/lib/tenant/setup-status.d.ts.map +1 -1
  1082. package/dist/lib/tenant/setup-status.js +3 -40
  1083. package/dist/lib/tenant/setup-status.js.map +1 -1
  1084. package/dist/lib/tenant/slug-validator.js +3 -6
  1085. package/dist/lib/tenant/slug-validator.js.map +1 -1
  1086. package/dist/lib/tenant/tenant-handler.d.ts +2 -2
  1087. package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
  1088. package/dist/lib/tenant/tenant-handler.js +31 -68
  1089. package/dist/lib/tenant/tenant-handler.js.map +1 -1
  1090. package/dist/lib/tenant/transfer-ownership.js +2 -6
  1091. package/dist/lib/tenant/transfer-ownership.js.map +1 -1
  1092. package/dist/lib/tenant-scope.d.ts +97 -0
  1093. package/dist/lib/tenant-scope.d.ts.map +1 -0
  1094. package/dist/lib/tenant-scope.js +270 -0
  1095. package/dist/lib/tenant-scope.js.map +1 -0
  1096. package/dist/lib/terminology.d.ts.map +1 -1
  1097. package/dist/lib/terminology.js +7 -9
  1098. package/dist/lib/terminology.js.map +1 -1
  1099. package/dist/lib/theme.js +2 -6
  1100. package/dist/lib/theme.js.map +1 -1
  1101. package/dist/lib/threat-intel-service.d.ts +2 -2
  1102. package/dist/lib/threat-intel-service.d.ts.map +1 -1
  1103. package/dist/lib/threat-intel-service.js +3 -7
  1104. package/dist/lib/threat-intel-service.js.map +1 -1
  1105. package/dist/lib/types/media-reconciliation.js +1 -2
  1106. package/dist/lib/types/media-reconciliation.js.map +1 -1
  1107. package/dist/lib/upload-session-handler.d.ts +1 -1
  1108. package/dist/lib/upload-session-handler.d.ts.map +1 -1
  1109. package/dist/lib/upload-session-handler.js +13 -50
  1110. package/dist/lib/upload-session-handler.js.map +1 -1
  1111. package/dist/lib/user/derive-handle.js +2 -6
  1112. package/dist/lib/user/derive-handle.js.map +1 -1
  1113. package/dist/lib/user-badge.js +6 -14
  1114. package/dist/lib/user-badge.js.map +1 -1
  1115. package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
  1116. package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
  1117. package/dist/lib/user-deletion-handler-enhanced.js +16 -53
  1118. package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
  1119. package/dist/lib/user-deprovisioning.d.ts +1 -1
  1120. package/dist/lib/user-deprovisioning.d.ts.map +1 -1
  1121. package/dist/lib/user-deprovisioning.js +16 -20
  1122. package/dist/lib/user-deprovisioning.js.map +1 -1
  1123. package/dist/lib/user-export-handler.d.ts +4 -4
  1124. package/dist/lib/user-export-handler.d.ts.map +1 -1
  1125. package/dist/lib/user-export-handler.js +11 -15
  1126. package/dist/lib/user-export-handler.js.map +1 -1
  1127. package/dist/lib/validate-request.js +8 -13
  1128. package/dist/lib/validate-request.js.map +1 -1
  1129. package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
  1130. package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
  1131. package/dist/lib/validation/feature-toggle-schemas.js +50 -59
  1132. package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
  1133. package/dist/lib/validation/validate-request.d.ts.map +1 -1
  1134. package/dist/lib/validation/validate-request.js +12 -23
  1135. package/dist/lib/validation/validate-request.js.map +1 -1
  1136. package/dist/lib/validation.js +1 -5
  1137. package/dist/lib/validation.js.map +1 -1
  1138. package/dist/lib/version.js +3 -8
  1139. package/dist/lib/version.js.map +1 -1
  1140. package/dist/server.d.ts +1 -1
  1141. package/dist/server.d.ts.map +1 -1
  1142. package/dist/server.js +29 -69
  1143. package/dist/server.js.map +1 -1
  1144. package/dist/types/cloudflare-compat.d.ts +3 -93
  1145. package/dist/types/cloudflare-compat.d.ts.map +1 -1
  1146. package/dist/types/cloudflare-compat.js +1 -2
  1147. package/dist/types/cloudflare-compat.js.map +1 -1
  1148. package/dist/worker.d.ts +6 -6
  1149. package/dist/worker.d.ts.map +1 -1
  1150. package/dist/worker.js +6 -13
  1151. package/dist/worker.js.map +1 -1
  1152. package/package.json +30 -17
  1153. package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
  1154. package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
  1155. package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
  1156. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
  1157. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
  1158. package/prisma/schema.prisma +419 -68
  1159. package/src/lambda/cleanup-cron.ts +10 -7
  1160. package/src/lambda/create-auth-challenge.ts +6 -3
  1161. package/src/lambda/delete-account-worker.ts +17 -12
  1162. package/src/lambda/diagnostics-proxy.ts +9 -6
  1163. package/src/lambda/e2e-sweeper.ts +17 -23
  1164. package/src/lambda/federation-outbox-worker.ts +4 -1
  1165. package/src/lambda/followers-events-worker.ts +4 -1
  1166. package/src/lambda/hourly-cron.ts +112 -20
  1167. package/src/lambda/link-check-worker.ts +4 -1
  1168. package/src/lambda/maintenance-cron.ts +24 -13
  1169. package/src/lambda/media-processing-worker.ts +5 -2
  1170. package/src/lambda/media-reconciliation-worker.ts +4 -1
  1171. package/src/lambda/nightly-cron.ts +53 -54
  1172. package/src/lambda/post-confirmation.ts +188 -62
  1173. package/src/lambda/pre-token-generation.ts +39 -44
  1174. package/src/lambda/verify-auth-challenge.ts +4 -1
  1175. package/dist/lib/audit/emit.d.ts +0 -56
  1176. package/dist/lib/audit/emit.d.ts.map +0 -1
  1177. package/dist/lib/audit/emit.js +0 -124
  1178. package/dist/lib/audit/emit.js.map +0 -1
  1179. package/dist/lib/audit/event-types.d.ts +0 -36
  1180. package/dist/lib/audit/event-types.d.ts.map +0 -1
  1181. package/dist/lib/audit/event-types.js +0 -69
  1182. package/dist/lib/audit/event-types.js.map +0 -1
  1183. package/dist/lib/audit-logger.d.ts +0 -142
  1184. package/dist/lib/audit-logger.d.ts.map +0 -1
  1185. package/dist/lib/audit-logger.js +0 -326
  1186. package/dist/lib/audit-logger.js.map +0 -1
  1187. package/dist/lib/circuit-breaker.d.ts +0 -27
  1188. package/dist/lib/circuit-breaker.d.ts.map +0 -1
  1189. package/dist/lib/circuit-breaker.js +0 -63
  1190. package/dist/lib/circuit-breaker.js.map +0 -1
  1191. package/dist/lib/graph/dual-write-service.d.ts +0 -116
  1192. package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
  1193. package/dist/lib/graph/dual-write-service.js +0 -332
  1194. package/dist/lib/graph/dual-write-service.js.map +0 -1
  1195. package/dist/lib/graph/dual-write.d.ts +0 -396
  1196. package/dist/lib/graph/dual-write.d.ts.map +0 -1
  1197. package/dist/lib/graph/dual-write.js +0 -53
  1198. package/dist/lib/graph/dual-write.js.map +0 -1
  1199. package/dist/lib/graph/graph-schema-init.d.ts +0 -31
  1200. package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
  1201. package/dist/lib/graph/graph-schema-init.js +0 -105
  1202. package/dist/lib/graph/graph-schema-init.js.map +0 -1
  1203. package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
  1204. package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
  1205. package/dist/lib/graph/neo4j-graph-service.js +0 -1625
  1206. package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
  1207. package/dist/lib/graph/reconciliation-service.d.ts +0 -113
  1208. package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
  1209. package/dist/lib/graph/reconciliation-service.js +0 -533
  1210. package/dist/lib/graph/reconciliation-service.js.map +0 -1
  1211. package/dist/lib/id-generator.d.ts +0 -29
  1212. package/dist/lib/id-generator.d.ts.map +0 -1
  1213. package/dist/lib/id-generator.js +0 -51
  1214. package/dist/lib/id-generator.js.map +0 -1
  1215. package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
  1216. package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
  1217. package/dist/lib/kv/dynamodb-kv.js +0 -239
  1218. package/dist/lib/kv/dynamodb-kv.js.map +0 -1
  1219. package/dist/lib/queue/sqs-queue.d.ts +0 -16
  1220. package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
  1221. package/dist/lib/queue/sqs-queue.js +0 -39
  1222. package/dist/lib/queue/sqs-queue.js.map +0 -1
  1223. package/dist/lib/route-matcher.d.ts +0 -24
  1224. package/dist/lib/route-matcher.d.ts.map +0 -1
  1225. package/dist/lib/route-matcher.js +0 -96
  1226. package/dist/lib/route-matcher.js.map +0 -1
  1227. package/dist/lib/router.d.ts +0 -26
  1228. package/dist/lib/router.d.ts.map +0 -1
  1229. package/dist/lib/router.js +0 -90
  1230. package/dist/lib/router.js.map +0 -1
  1231. package/dist/lib/routes-all.d.ts +0 -9
  1232. package/dist/lib/routes-all.d.ts.map +0 -1
  1233. package/dist/lib/routes-all.js +0 -170
  1234. package/dist/lib/routes-all.js.map +0 -1
  1235. package/dist/lib/secret-resolver.d.ts +0 -88
  1236. package/dist/lib/secret-resolver.d.ts.map +0 -1
  1237. package/dist/lib/secret-resolver.js +0 -183
  1238. package/dist/lib/secret-resolver.js.map +0 -1
  1239. package/dist/lib/session-manager.d.ts.map +0 -1
  1240. package/dist/lib/session-manager.js +0 -492
  1241. package/dist/lib/session-manager.js.map +0 -1
  1242. package/dist/lib/storage/s3-storage.d.ts +0 -29
  1243. package/dist/lib/storage/s3-storage.d.ts.map +0 -1
  1244. package/dist/lib/storage/s3-storage.js +0 -135
  1245. package/dist/lib/storage/s3-storage.js.map +0 -1
  1246. package/dist/lib/tenant-context.d.ts +0 -35
  1247. package/dist/lib/tenant-context.d.ts.map +0 -1
  1248. package/dist/lib/tenant-context.js +0 -54
  1249. package/dist/lib/tenant-context.js.map +0 -1
@@ -1,14 +1,18 @@
1
1
  import { DynamoDBClient, PutItemCommand, DeleteItemCommand } from "@aws-sdk/client-dynamodb";
2
- import { SecretsManagerClient, GetSecretValueCommand } from "@aws-sdk/client-secrets-manager";
3
2
  import { S3Client, DeleteObjectsCommand, ListObjectsV2Command } from "@aws-sdk/client-s3";
4
3
  import { CognitoIdentityProviderClient, AdminDeleteUserCommand } from "@aws-sdk/client-cognito-identity-provider";
5
- import { CloudWatchClient, PutMetricDataCommand } from "@aws-sdk/client-cloudwatch";
6
4
  import { SESClient, SendEmailCommand } from "@aws-sdk/client-ses";
7
5
  import { marshall } from "@aws-sdk/util-dynamodb";
6
+ import { PrismaPg } from "@prisma/adapter-pg";
8
7
  import { PrismaClient } from "@prisma/client";
8
+ import { Logger } from "@aws-lambda-powertools/logger";
9
+ import { Metrics, MetricUnit } from "@aws-lambda-powertools/metrics";
10
+ import { getSecret } from "@aws-lambda-powertools/parameters/secrets";
11
+
12
+ const logger = new Logger({ serviceName: "nightly-cron" });
13
+ const metrics = new Metrics({ namespace: "Trellis/Deletion", serviceName: "nightly-cron" });
9
14
 
10
15
  const dynamo = new DynamoDBClient({ region: process.env.AWS_REGION });
11
- const secretsClient = new SecretsManagerClient({ region: process.env.AWS_REGION });
12
16
  const s3 = new S3Client({ region: process.env.AWS_REGION });
13
17
  const TABLE = process.env.DYNAMODB_TABLE!;
14
18
  const MEDIA_BUCKET = process.env.MEDIA_BUCKET_NAME!;
@@ -17,11 +21,19 @@ let prisma: PrismaClient | null = null;
17
21
 
18
22
  async function getPrisma(): Promise<PrismaClient> {
19
23
  if (prisma) return prisma;
20
- const secret = await secretsClient.send(new GetSecretValueCommand({ SecretId: process.env.DB_SECRET_ARN! }));
21
- const { username, password, host, port, dbname } = JSON.parse(secret.SecretString!);
22
- prisma = new PrismaClient({
23
- datasources: { db: { url: `postgresql://${username}:${encodeURIComponent(password)}@${host}:${port}/${dbname}?connection_limit=1` } },
24
+ const { username, password, host, port, dbname } = (await getSecret(process.env.DB_SECRET_ARN!, { transform: "json" })) as unknown as {
25
+ username: string;
26
+ password: string;
27
+ host: string;
28
+ port: string | number;
29
+ dbname: string;
30
+ };
31
+ // Prisma 7 removed the `datasources` constructor option; the connection URL
32
+ // is now supplied via a driver adapter.
33
+ const adapter = new PrismaPg({
34
+ connectionString: `postgresql://${username}:${encodeURIComponent(password)}@${host}:${port}/${dbname}?connection_limit=1`,
24
35
  });
36
+ prisma = new PrismaClient({ adapter });
25
37
  return prisma;
26
38
  }
27
39
 
@@ -43,11 +55,11 @@ export const handler = async (): Promise<void> => {
43
55
  ExpressionAttributeValues: marshall({ ":now": now }),
44
56
  }));
45
57
  } catch {
46
- console.log(JSON.stringify({ level: "info", msg: "Nightly cron already running, skipping" }));
58
+ logger.info("Nightly cron already running, skipping");
47
59
  return;
48
60
  }
49
61
 
50
- console.log(JSON.stringify({ level: "info", msg: "Nightly cron started" }));
62
+ logger.info("Nightly cron started");
51
63
 
52
64
  const db = await getPrisma();
53
65
 
@@ -78,7 +90,7 @@ export const handler = async (): Promise<void> => {
78
90
  Delete: { Objects: batch.map((Key) => ({ Key })) },
79
91
  }));
80
92
  } catch (err) {
81
- console.error(JSON.stringify({ level: "error", msg: "S3 batch delete failed", error: String(err), batchSize: batch.length }));
93
+ logger.error("S3 batch delete failed", { error: err, batchSize: batch.length });
82
94
  }
83
95
  }
84
96
  }
@@ -87,10 +99,10 @@ export const handler = async (): Promise<void> => {
87
99
  const result = await db.mediaFile.deleteMany({
88
100
  where: { id: { in: mediaToDelete.map((m) => m.id) } },
89
101
  });
90
- console.log(JSON.stringify({ level: "info", msg: "Soft-deleted media purged", dbDeleted: result.count, s3Keys: keys.length }));
102
+ logger.info("Soft-deleted media purged", { dbDeleted: result.count, s3Keys: keys.length });
91
103
  }
92
104
  } catch (err) {
93
- console.error(JSON.stringify({ level: "error", msg: "Media purge failed", error: String(err) }));
105
+ logger.error("Media purge failed", { error: err });
94
106
  }
95
107
 
96
108
  // 2. Clean up expired invitations
@@ -99,10 +111,10 @@ export const handler = async (): Promise<void> => {
99
111
  where: { expiresAt: { lte: new Date() }, usedAt: null },
100
112
  });
101
113
  if (result.count > 0) {
102
- console.log(JSON.stringify({ level: "info", msg: "Expired invitations cleaned", deleted: result.count }));
114
+ logger.info("Expired invitations cleaned", { deleted: result.count });
103
115
  }
104
116
  } catch (err) {
105
- console.error(JSON.stringify({ level: "error", msg: "Invitation cleanup failed", error: String(err) }));
117
+ logger.error("Invitation cleanup failed", { error: err });
106
118
  }
107
119
 
108
120
  // 3. Follower counts removed — relationships now live in graph DB (AuraDB)
@@ -110,7 +122,7 @@ export const handler = async (): Promise<void> => {
110
122
 
111
123
  // 4. Process scheduled account deletions (GDPR Article 17 compliance)
112
124
  try {
113
- const { deleteUserData } = await import("../lib/services/user-data-deletion");
125
+ const { deleteUserData } = await import("../lib/services/user-data-deletion.js");
114
126
 
115
127
  const usersToDelete = await db.user.findMany({
116
128
  where: {
@@ -137,7 +149,7 @@ export const handler = async (): Promise<void> => {
137
149
  const MAX_PAGES = 100;
138
150
  do {
139
151
  if (pages >= MAX_PAGES) {
140
- console.log(JSON.stringify({ level: "warn", msg: "S3 pagination circuit breaker hit", userId: user.id, pages: MAX_PAGES }));
152
+ logger.warn("S3 pagination circuit breaker hit", { userId: user.id, pages: MAX_PAGES });
141
153
  break;
142
154
  }
143
155
  const list = await s3.send(new ListObjectsV2Command({
@@ -153,7 +165,7 @@ export const handler = async (): Promise<void> => {
153
165
  pages++;
154
166
  } while (continuationToken);
155
167
  } catch (s3Err) {
156
- console.error(JSON.stringify({ level: "error", msg: "S3 media deletion failed", userId: user.id, error: String(s3Err) }));
168
+ logger.error("S3 media deletion failed", { userId: user.id, error: s3Err });
157
169
  }
158
170
 
159
171
  // 4c. Delete Cognito identity
@@ -166,7 +178,7 @@ export const handler = async (): Promise<void> => {
166
178
  }));
167
179
  } catch (cognitoErr) {
168
180
  // Log but don't fail — user may already be deleted from Cognito
169
- console.warn(JSON.stringify({ level: "warn", msg: "Cognito deletion failed", userId: user.id, error: String(cognitoErr) }));
181
+ logger.warn("Cognito deletion failed", { userId: user.id, error: cognitoErr });
170
182
  }
171
183
  }
172
184
 
@@ -192,7 +204,7 @@ export const handler = async (): Promise<void> => {
192
204
  },
193
205
  });
194
206
  } catch (auditErr) {
195
- console.error(JSON.stringify({ level: "error", msg: "Audit log write failed", userId: user.id, error: String(auditErr) }));
207
+ logger.error("Audit log write failed", { userId: user.id, error: auditErr });
196
208
  }
197
209
 
198
210
  // 4f. Send deletion completion email
@@ -212,20 +224,15 @@ export const handler = async (): Promise<void> => {
212
224
  },
213
225
  }));
214
226
  } catch (emailErr) {
215
- console.warn(JSON.stringify({ level: "warn", msg: "Deletion email failed", userId: user.id, error: String(emailErr) }));
227
+ logger.warn("Deletion email failed", { userId: user.id, error: emailErr });
216
228
  }
217
229
  }
218
230
 
219
231
  deletedCount++;
220
- console.log(JSON.stringify({
221
- level: "info",
222
- msg: "Account deleted",
223
- userId: user.id,
224
- itemsDeleted: result,
225
- }));
232
+ logger.info("Account deleted", { userId: user.id, itemsDeleted: result });
226
233
  } catch (err) {
227
234
  failedCount++;
228
- console.error(JSON.stringify({ level: "error", msg: "Account deletion failed", userId: user.id, error: String(err) }));
235
+ logger.error("Account deletion failed", { userId: user.id, error: err });
229
236
  }
230
237
  }
231
238
 
@@ -239,52 +246,44 @@ export const handler = async (): Promise<void> => {
239
246
 
240
247
  // Emit CloudWatch metrics
241
248
  try {
242
- const cw = new CloudWatchClient({ region: process.env.AWS_REGION });
243
- const timestamp = new Date();
244
- await cw.send(new PutMetricDataCommand({
245
- Namespace: "Trellis/Deletion",
246
- MetricData: [
247
- { MetricName: "ProcessedCount", Value: deletedCount, Unit: "Count", Timestamp: timestamp },
248
- { MetricName: "FailedCount", Value: failedCount, Unit: "Count", Timestamp: timestamp },
249
- { MetricName: "PendingCount", Value: pendingCount, Unit: "Count", Timestamp: timestamp },
250
- ],
251
- }));
249
+ metrics.addMetric("ProcessedCount", MetricUnit.Count, deletedCount);
250
+ metrics.addMetric("FailedCount", MetricUnit.Count, failedCount);
251
+ metrics.addMetric("PendingCount", MetricUnit.Count, pendingCount);
252
+ metrics.publishStoredMetrics();
252
253
  } catch (cwErr) {
253
- console.error(JSON.stringify({ level: "error", msg: "CloudWatch metrics failed", error: String(cwErr) }));
254
+ logger.error("CloudWatch metrics failed", { error: cwErr });
254
255
  }
255
256
 
256
257
  if (usersToDelete.length > 0) {
257
- console.log(JSON.stringify({
258
- level: "info",
259
- msg: "Scheduled account deletions processed",
258
+ logger.info("Scheduled account deletions processed", {
260
259
  total: usersToDelete.length,
261
260
  deleted: deletedCount,
262
261
  failed: failedCount,
263
262
  pending: pendingCount,
264
- }));
263
+ });
265
264
  }
266
265
  } catch (err) {
267
- console.error(JSON.stringify({ level: "error", msg: "Scheduled deletion processing failed", error: String(err) }));
266
+ logger.error("Scheduled deletion processing failed", { error: err });
268
267
  }
269
268
 
270
269
  // 5. Check age tier transitions (Safer Social Design)
271
270
  try {
272
- const { checkAgeTierTransitions } = await import("../lib/age-tier-transition");
273
- const { buildEnv } = await import("../env");
271
+ const { checkAgeTierTransitions } = await import("../lib/age-tier-transition.js");
272
+ const { buildEnv } = await import("../env.js");
274
273
  const appEnv = await buildEnv();
275
274
  const result = await checkAgeTierTransitions(appEnv);
276
275
  if (result.transitioned > 0 || result.errors > 0) {
277
- console.log(JSON.stringify({ level: "info", msg: "Age tier transitions processed", transitioned: result.transitioned, errors: result.errors }));
276
+ logger.info("Age tier transitions processed", { transitioned: result.transitioned, errors: result.errors });
278
277
  }
279
278
  } catch (err) {
280
- console.error(JSON.stringify({ level: "error", msg: "Age tier transition check failed", error: String(err) }));
279
+ logger.error("Age tier transition check failed", { error: err });
281
280
  }
282
281
 
283
282
  // 6. Generate sentiment digest notifications (Safer Social Design)
284
283
  try {
285
- const { generateSentimentDigest } = await import("../lib/sentiment-digest");
286
- const { NotificationHandler } = await import("../lib/notification-handler");
287
- const { buildEnv } = await import("../env");
284
+ const { generateSentimentDigest } = await import("../lib/sentiment-digest.js");
285
+ const { NotificationHandler } = await import("../lib/notification-handler.js");
286
+ const { buildEnv } = await import("../env.js");
288
287
  const appEnv = await buildEnv();
289
288
  const notificationHandler = new NotificationHandler();
290
289
 
@@ -326,16 +325,16 @@ export const handler = async (): Promise<void> => {
326
325
  }
327
326
  } catch (digestErr) {
328
327
  // Don't fail the whole batch for one user
329
- console.error(JSON.stringify({ level: "error", msg: "Digest generation failed for user", userId: user.id, error: String(digestErr) }));
328
+ logger.error("Digest generation failed for user", { userId: user.id, error: digestErr });
330
329
  }
331
330
  }
332
331
 
333
332
  if (digestCount > 0) {
334
- console.log(JSON.stringify({ level: "info", msg: "Sentiment digest notifications created", count: digestCount }));
333
+ logger.info("Sentiment digest notifications created", { count: digestCount });
335
334
  }
336
335
  } catch (err) {
337
- console.error(JSON.stringify({ level: "error", msg: "Sentiment digest delivery failed", error: String(err) }));
336
+ logger.error("Sentiment digest delivery failed", { error: err });
338
337
  }
339
338
 
340
- console.log(JSON.stringify({ level: "info", msg: "Nightly cron complete" }));
339
+ logger.info("Nightly cron complete");
341
340
  };
@@ -33,7 +33,9 @@ import type {
33
33
  PostConfirmationTriggerEvent,
34
34
  PostConfirmationTriggerHandler,
35
35
  } from "aws-lambda";
36
- import { SecretsManagerClient, GetSecretValueCommand } from "@aws-sdk/client-secrets-manager";
36
+ import { Logger } from "@aws-lambda-powertools/logger";
37
+ import { getSecret } from "@aws-lambda-powertools/parameters/secrets";
38
+ import { PrismaPg } from "@prisma/adapter-pg";
37
39
  import {
38
40
  PrismaClient,
39
41
  type AgeTier,
@@ -41,28 +43,39 @@ import {
41
43
  type TenantRole,
42
44
  type UserRole,
43
45
  } from "@prisma/client";
44
- import { ClaimsCache, createClaimsCacheFromEnv, type CachedClaims } from "../lib/auth/claims-cache";
45
- import { deriveEmailDomain } from "../lib/tenant/derive-domain";
46
- import { resolveTenantRole, type RoleMappingInput } from "../lib/tenant/resolve-role";
47
- import { deriveHandle } from "../lib/user/derive-handle";
46
+ import { ClaimsCache, createClaimsCacheFromEnv, type CachedClaims } from "../lib/auth/claims-cache.js";
47
+ import { deriveEmailDomain } from "../lib/tenant/derive-domain.js";
48
+ import { resolveTenantRole, type RoleMappingInput } from "../lib/tenant/resolve-role.js";
49
+ import { deriveHandle } from "../lib/user/derive-handle.js";
50
+ import { computeAnonymousId } from "../lib/pseudonym.js";
51
+ import {
52
+ emitSignupSecurityEvent,
53
+ signupUserData,
54
+ } from "../lib/signup-metadata.js";
55
+ import type { SignupMethod } from "@prisma/client";
48
56
 
49
- const secretsClient = new SecretsManagerClient({ region: process.env.AWS_REGION });
57
+ const logger = new Logger({ serviceName: "post-confirmation" });
50
58
  let prisma: PrismaClient | null = null;
51
59
  let cache: ClaimsCache | null = null;
52
60
 
53
61
  async function getPrisma(): Promise<PrismaClient> {
54
62
  if (prisma) return prisma;
55
- const secret = await secretsClient.send(
56
- new GetSecretValueCommand({ SecretId: process.env.DB_SECRET_ARN! }),
57
- );
58
- const { username, password, host, port, dbname } = JSON.parse(secret.SecretString!);
59
- prisma = new PrismaClient({
60
- datasources: {
61
- db: {
62
- url: `postgresql://${username}:${encodeURIComponent(password)}@${host}:${port}/${dbname}?connection_limit=1`,
63
- },
64
- },
63
+ const { username, password, host, port, dbname } = (await getSecret(
64
+ process.env.DB_SECRET_ARN!,
65
+ { transform: "json" },
66
+ )) as unknown as {
67
+ username: string;
68
+ password: string;
69
+ host: string;
70
+ port: string | number;
71
+ dbname: string;
72
+ };
73
+ // Prisma 7 removed the `datasources` constructor option; the connection URL
74
+ // is now supplied via a driver adapter.
75
+ const adapter = new PrismaPg({
76
+ connectionString: `postgresql://${username}:${encodeURIComponent(password)}@${host}:${port}/${dbname}?connection_limit=1`,
65
77
  });
78
+ prisma = new PrismaClient({ adapter });
66
79
  return prisma;
67
80
  }
68
81
 
@@ -97,6 +110,24 @@ function isFederatedEvent(event: PostConfirmationTriggerEvent): boolean {
97
110
  }
98
111
  }
99
112
 
113
+ /**
114
+ * Parse an explicit `signupMethod` hint from clientMetadata, if present and
115
+ * valid. Returns undefined for anything we don't recognize (the caller then
116
+ * derives the method from the invitation code / defaults to COGNITO).
117
+ */
118
+ function parseSignupMethodHint(
119
+ raw: string | undefined | null,
120
+ ): SignupMethod | undefined {
121
+ switch (raw) {
122
+ case "COGNITO":
123
+ case "INVITE":
124
+ case "MAGIC_LINK":
125
+ return raw;
126
+ default:
127
+ return undefined;
128
+ }
129
+ }
130
+
100
131
  function parseIdpGroups(raw: string | undefined | null): string[] {
101
132
  if (!raw) return [];
102
133
  // Split on `,` and `;` only — IdPs (notably Okta in displayName mode) may
@@ -118,6 +149,11 @@ interface ProvisioningResult {
118
149
  orgTenantId: string | null;
119
150
  orgTenantSlug: string | null;
120
151
  orgTenantRole: TenantRole | null;
152
+ // Signup-metadata (P3): how this account was created and which invitation it
153
+ // redeemed. Populated only for freshly created users (existing users keep
154
+ // their NULL legacy state — no backfill).
155
+ signupMethod: SignupMethod;
156
+ invitationId: string | null;
121
157
  }
122
158
 
123
159
  const SUPPORTED_TRIGGERS = new Set([
@@ -132,7 +168,7 @@ export const handler: PostConfirmationTriggerHandler = async (event) => {
132
168
  const attrs = event.request.userAttributes;
133
169
  const email = attrs.email?.toLowerCase();
134
170
  if (!email) {
135
- console.warn(JSON.stringify({ event: "postconfirm.no_email", cognitoSub }));
171
+ logger.warn("postconfirm.no_email", { cognitoSub });
136
172
  return event;
137
173
  }
138
174
 
@@ -150,6 +186,17 @@ export const handler: PostConfirmationTriggerHandler = async (event) => {
150
186
  }
151
187
  }
152
188
 
189
+ // Signup-metadata (P3): how the account was created. An explicit
190
+ // `signupMethod` hint in clientMetadata wins (e.g. a passwordless/MAGIC_LINK
191
+ // signup labels itself); otherwise an invitation code present at signup means
192
+ // INVITE, and the default is COGNITO. The invitation FK is resolved inside the
193
+ // transaction below (only when a matching Prisma Invitation exists).
194
+ const invitationCode =
195
+ event.request.clientMetadata?.invitationCode?.trim() || undefined;
196
+ const requestedMethod = parseSignupMethodHint(
197
+ event.request.clientMetadata?.signupMethod,
198
+ );
199
+
153
200
  const db = await getPrisma();
154
201
 
155
202
  const result = await db.$transaction(
@@ -162,6 +209,8 @@ export const handler: PostConfirmationTriggerHandler = async (event) => {
162
209
  dateOfBirth,
163
210
  ageTier,
164
211
  providedHandle: attrs["custom:handle"],
212
+ invitationCode,
213
+ requestedMethod,
165
214
  }),
166
215
  { timeout: 8000 },
167
216
  );
@@ -180,18 +229,38 @@ export const handler: PostConfirmationTriggerHandler = async (event) => {
180
229
  }
181
230
  }
182
231
 
232
+ // Populate the research pseudonym (best-effort, fail-safe). Done AFTER the
233
+ // provisioning transaction so a KMS hiccup can never roll back account
234
+ // creation. No backfill: only set when currently null (idempotent on Cognito
235
+ // retries). If no KMS HMAC key is configured, computeAnonymousId throws and
236
+ // we skip — never an unkeyed fallback. See lib/PSEUDONYM.md.
237
+ await populateAnonymousId(db, result.userId);
238
+
183
239
  await primeClaimsCache(cognitoSub, result);
184
240
 
185
- console.log(
186
- JSON.stringify({
187
- event: "postconfirm.ok",
188
- cognitoSub,
189
- userId: result.userId,
190
- personalTenantId: result.personalTenantId,
191
- orgTenantId: result.orgTenantId,
192
- federated,
193
- }),
194
- );
241
+ // Signup-metadata SecurityEvent (P3). Emitted AFTER the provisioning
242
+ // transaction commits so a telemetry hiccup can never roll back account
243
+ // creation; the helper itself also fails open. Cognito's PostConfirmation
244
+ // event exposes no client source IP/UA (callerContext carries only
245
+ // awsSdkVersion + clientId), so this records method + invitation + tenant
246
+ // only — no fabricated client signals. Retention is config-driven.
247
+ await emitSignupSecurityEvent({
248
+ db,
249
+ userId: result.userId,
250
+ method: result.signupMethod,
251
+ invitationId: result.invitationId,
252
+ tenantId: result.orgTenantId ?? result.personalTenantId,
253
+ config: { SIGNUP_EVENT_RETENTION_DAYS: process.env.SIGNUP_EVENT_RETENTION_DAYS },
254
+ logger: { warn: (...args) => console.warn(...args) },
255
+ });
256
+
257
+ logger.info("postconfirm.ok", {
258
+ cognitoSub,
259
+ userId: result.userId,
260
+ personalTenantId: result.personalTenantId,
261
+ orgTenantId: result.orgTenantId,
262
+ federated,
263
+ });
195
264
 
196
265
  return event;
197
266
  };
@@ -205,6 +274,10 @@ interface ProvisioningInput {
205
274
  dateOfBirth: Date | undefined;
206
275
  ageTier: AgeTier;
207
276
  providedHandle: string | undefined;
277
+ /** Invitation code presented at signup (clientMetadata), if any. */
278
+ invitationCode: string | undefined;
279
+ /** Explicit signupMethod hint from clientMetadata, if recognized. */
280
+ requestedMethod: SignupMethod | undefined;
208
281
  }
209
282
 
210
283
  async function provisionUserAndTenancy(
@@ -219,12 +292,35 @@ async function provisionUserAndTenancy(
219
292
  dateOfBirth,
220
293
  ageTier,
221
294
  providedHandle,
295
+ invitationCode,
296
+ requestedMethod,
222
297
  } = input;
223
298
 
224
299
  const existing = await tx.user.findFirst({
225
300
  where: { OR: [{ cognitoSub }, { email }] },
226
301
  });
227
302
 
303
+ // Signup-metadata (P3): resolve the redeemed Prisma Invitation (if the code
304
+ // presented at signup matches one) so we can set the FK. Codes are stored
305
+ // upper-cased on the Invitation model. A code that doesn't resolve to a
306
+ // Prisma invitation simply yields no FK (still a valid signup).
307
+ let redeemedInvitationId: string | null = null;
308
+ if (invitationCode) {
309
+ const inv = await tx.invitation.findUnique({
310
+ where: { code: invitationCode.toUpperCase() },
311
+ select: { id: true },
312
+ });
313
+ redeemedInvitationId = inv?.id ?? null;
314
+ }
315
+ // Method precedence: explicit hint > resolved invitation FK > COGNITO default.
316
+ const signupMethod: SignupMethod =
317
+ requestedMethod ?? (redeemedInvitationId ? "INVITE" : "COGNITO");
318
+ // Choke point: the only place User signup-metadata is assembled.
319
+ const signupFields = signupUserData({
320
+ method: signupMethod,
321
+ invitationId: redeemedInvitationId,
322
+ });
323
+
228
324
  let user = existing;
229
325
  if (!user) {
230
326
  const initialHandle =
@@ -239,6 +335,14 @@ async function provisionUserAndTenancy(
239
335
  email,
240
336
  handle: initialHandle,
241
337
  role: federated ? "B2B_PARTNER" : "END_USER",
338
+ // Fail-CLOSED research age signal: a new account is NOT age-verified
339
+ // until an explicit verification flow sets it. Distinct from `ageTier`
340
+ // (which fails open at ADULT). See prisma User.ageVerified doc + PSEUDONYM.md.
341
+ ageVerified: false,
342
+ // Signup-metadata (P3): how the account was created + redeemed
343
+ // invitation FK. Client signals (IP/UA) go to SecurityEvent, never here.
344
+ signupMethod: signupFields.signupMethod,
345
+ invitationId: signupFields.invitationId,
242
346
  ...(dateOfBirth && { dateOfBirth, ageTier }),
243
347
  },
244
348
  });
@@ -320,9 +424,7 @@ async function provisionUserAndTenancy(
320
424
  // creation above is unaffected — Cognito has already authenticated them.
321
425
  const emailVerified = input.emailVerified === "true";
322
426
  if (!emailVerified) {
323
- console.warn(
324
- JSON.stringify({ event: "postconfirm.federated.email_unverified", cognitoSub }),
325
- );
427
+ logger.warn("postconfirm.federated.email_unverified", { cognitoSub });
326
428
  return {
327
429
  userId: user.id,
328
430
  globalRole: user.role,
@@ -332,11 +434,13 @@ async function provisionUserAndTenancy(
332
434
  orgTenantId: null,
333
435
  orgTenantSlug: null,
334
436
  orgTenantRole: null,
437
+ signupMethod,
438
+ invitationId: redeemedInvitationId,
335
439
  };
336
440
  }
337
441
  const domain = deriveEmailDomain(email);
338
442
  if (!domain) {
339
- console.warn(JSON.stringify({ event: "postconfirm.federated.invalid_email", cognitoSub }));
443
+ logger.warn("postconfirm.federated.invalid_email", { cognitoSub });
340
444
  } else {
341
445
  const tenantDomain = await tx.tenantDomain.findUnique({
342
446
  where: { domain },
@@ -355,28 +459,20 @@ async function provisionUserAndTenancy(
355
459
  });
356
460
 
357
461
  if (!tenantDomain) {
358
- console.warn(
359
- JSON.stringify({ event: "postconfirm.federated.no_domain_match", cognitoSub }),
360
- );
462
+ logger.warn("postconfirm.federated.no_domain_match", { cognitoSub });
361
463
  } else if (!tenantDomain.verifiedAt) {
362
- console.warn(
363
- JSON.stringify({
364
- event: "postconfirm.federated.unverified_domain",
365
- cognitoSub,
366
- tenantId: tenantDomain.tenantId,
367
- }),
368
- );
464
+ logger.warn("postconfirm.federated.unverified_domain", {
465
+ cognitoSub,
466
+ tenantId: tenantDomain.tenantId,
467
+ });
369
468
  } else if (
370
469
  !tenantDomain.tenant.identityProvider ||
371
470
  tenantDomain.tenant.identityProvider.status !== "ACTIVE"
372
471
  ) {
373
- console.warn(
374
- JSON.stringify({
375
- event: "postconfirm.federated.inactive_idp",
376
- cognitoSub,
377
- tenantId: tenantDomain.tenantId,
378
- }),
379
- );
472
+ logger.warn("postconfirm.federated.inactive_idp", {
473
+ cognitoSub,
474
+ tenantId: tenantDomain.tenantId,
475
+ });
380
476
  } else {
381
477
  const role = resolveTenantRole(
382
478
  idpGroups,
@@ -384,13 +480,10 @@ async function provisionUserAndTenancy(
384
480
  tenantDomain.tenant.identityProvider.defaultRole,
385
481
  );
386
482
  if (!role) {
387
- console.warn(
388
- JSON.stringify({
389
- event: "postconfirm.federated.no_role",
390
- cognitoSub,
391
- tenantId: tenantDomain.tenantId,
392
- }),
393
- );
483
+ logger.warn("postconfirm.federated.no_role", {
484
+ cognitoSub,
485
+ tenantId: tenantDomain.tenantId,
486
+ });
394
487
  } else {
395
488
  await tx.tenantMember.upsert({
396
489
  where: {
@@ -427,9 +520,45 @@ async function provisionUserAndTenancy(
427
520
  orgTenantId,
428
521
  orgTenantSlug,
429
522
  orgTenantRole,
523
+ signupMethod,
524
+ invitationId: redeemedInvitationId,
430
525
  };
431
526
  }
432
527
 
528
+ /**
529
+ * Best-effort, fail-safe population of `User.anonymousId` (the research
530
+ * pseudonym). Only sets it when currently null (no backfill, idempotent on
531
+ * Cognito's up-to-3 retries). A KMS / config failure is logged and swallowed —
532
+ * account provisioning has already committed and must not be undone by a
533
+ * pseudonym hiccup. NEVER falls back to an unkeyed hash (computeAnonymousId
534
+ * throws when no KMS HMAC key is configured).
535
+ */
536
+ async function populateAnonymousId(db: PrismaClient, userId: string): Promise<void> {
537
+ try {
538
+ const existing = await db.user.findUnique({
539
+ where: { id: userId },
540
+ select: { anonymousId: true },
541
+ });
542
+ if (existing?.anonymousId) return; // no backfill / already set
543
+
544
+ const anonymousId = await computeAnonymousId(userId, {
545
+ PSEUDONYM_HMAC_KMS_KEY_ID: process.env.PSEUDONYM_HMAC_KMS_KEY_ID,
546
+ AWS_REGION: process.env.AWS_REGION,
547
+ });
548
+
549
+ // Guard against the unique-collision race on concurrent retries.
550
+ await db.user.update({
551
+ where: { id: userId },
552
+ data: { anonymousId },
553
+ });
554
+ } catch (err) {
555
+ logger.warn("postconfirm.anonymous_id_skipped", {
556
+ userId,
557
+ reason: (err as { name?: string }).name ?? "unknown",
558
+ });
559
+ }
560
+ }
561
+
433
562
  async function primeClaimsCache(cognitoSub: string, result: ProvisioningResult): Promise<void> {
434
563
  const activeTenantId = result.orgTenantId ?? result.personalTenantId;
435
564
  const activeTenantSlug = result.orgTenantSlug ?? result.personalTenantSlug;
@@ -445,12 +574,9 @@ async function primeClaimsCache(cognitoSub: string, result: ProvisioningResult):
445
574
  try {
446
575
  await getCache().put(cognitoSub, claims);
447
576
  } catch (err) {
448
- console.warn(
449
- JSON.stringify({
450
- event: "postconfirm.cache_prime_failed",
451
- cognitoSub,
452
- error: (err as { code?: string }).code ?? "unknown",
453
- }),
454
- );
577
+ logger.warn("postconfirm.cache_prime_failed", {
578
+ cognitoSub,
579
+ error: (err as { code?: string }).code ?? "unknown",
580
+ });
455
581
  }
456
582
  }