@de-otio/trellis 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1249) hide show
  1. package/LICENSE +661 -0
  2. package/dist/db.js +10 -18
  3. package/dist/db.js.map +1 -1
  4. package/dist/env.d.ts +66 -6
  5. package/dist/env.d.ts.map +1 -1
  6. package/dist/env.js +89 -70
  7. package/dist/env.js.map +1 -1
  8. package/dist/extensions.js +3 -8
  9. package/dist/extensions.js.map +1 -1
  10. package/dist/index.d.ts +2 -2
  11. package/dist/index.d.ts.map +1 -1
  12. package/dist/index.js +2 -9
  13. package/dist/index.js.map +1 -1
  14. package/dist/lambda/cleanup-cron.d.ts.map +1 -1
  15. package/dist/lambda/cleanup-cron.js +20 -24
  16. package/dist/lambda/cleanup-cron.js.map +1 -1
  17. package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
  18. package/dist/lambda/create-auth-challenge.js +17 -19
  19. package/dist/lambda/create-auth-challenge.js.map +1 -1
  20. package/dist/lambda/custom-message.js +1 -5
  21. package/dist/lambda/custom-message.js.map +1 -1
  22. package/dist/lambda/define-auth-challenge.js +1 -5
  23. package/dist/lambda/define-auth-challenge.js.map +1 -1
  24. package/dist/lambda/delete-account-worker.d.ts.map +1 -1
  25. package/dist/lambda/delete-account-worker.js +25 -58
  26. package/dist/lambda/delete-account-worker.js.map +1 -1
  27. package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
  28. package/dist/lambda/diagnostics-proxy.js +14 -49
  29. package/dist/lambda/diagnostics-proxy.js.map +1 -1
  30. package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
  31. package/dist/lambda/e2e-sweeper.js +30 -38
  32. package/dist/lambda/e2e-sweeper.js.map +1 -1
  33. package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
  34. package/dist/lambda/federation-outbox-worker.js +4 -6
  35. package/dist/lambda/federation-outbox-worker.js.map +1 -1
  36. package/dist/lambda/followers-events-worker.d.ts.map +1 -1
  37. package/dist/lambda/followers-events-worker.js +4 -6
  38. package/dist/lambda/followers-events-worker.js.map +1 -1
  39. package/dist/lambda/hourly-cron.d.ts.map +1 -1
  40. package/dist/lambda/hourly-cron.js +100 -32
  41. package/dist/lambda/hourly-cron.js.map +1 -1
  42. package/dist/lambda/link-check-worker.d.ts.map +1 -1
  43. package/dist/lambda/link-check-worker.js +4 -6
  44. package/dist/lambda/link-check-worker.js.map +1 -1
  45. package/dist/lambda/maintenance-cron.d.ts.map +1 -1
  46. package/dist/lambda/maintenance-cron.js +30 -63
  47. package/dist/lambda/maintenance-cron.js.map +1 -1
  48. package/dist/lambda/media-processing-worker.d.ts.map +1 -1
  49. package/dist/lambda/media-processing-worker.js +11 -46
  50. package/dist/lambda/media-processing-worker.js.map +1 -1
  51. package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
  52. package/dist/lambda/media-reconciliation-worker.js +4 -6
  53. package/dist/lambda/media-reconciliation-worker.js.map +1 -1
  54. package/dist/lambda/nightly-cron.d.ts.map +1 -1
  55. package/dist/lambda/nightly-cron.js +67 -112
  56. package/dist/lambda/nightly-cron.js.map +1 -1
  57. package/dist/lambda/post-confirmation.d.ts.map +1 -1
  58. package/dist/lambda/post-confirmation.js +147 -45
  59. package/dist/lambda/post-confirmation.js.map +1 -1
  60. package/dist/lambda/pre-signup.js +7 -11
  61. package/dist/lambda/pre-signup.js.map +1 -1
  62. package/dist/lambda/pre-token-generation.d.ts.map +1 -1
  63. package/dist/lambda/pre-token-generation.js +27 -35
  64. package/dist/lambda/pre-token-generation.js.map +1 -1
  65. package/dist/lambda/tools/check-health.js +1 -5
  66. package/dist/lambda/tools/check-health.js.map +1 -1
  67. package/dist/lambda/tools/describe-services.js +4 -8
  68. package/dist/lambda/tools/describe-services.js.map +1 -1
  69. package/dist/lambda/tools/get-cost-report.js +4 -8
  70. package/dist/lambda/tools/get-cost-report.js.map +1 -1
  71. package/dist/lambda/tools/get-errors.js +5 -9
  72. package/dist/lambda/tools/get-errors.js.map +1 -1
  73. package/dist/lambda/tools/get-feature-flags.js +4 -8
  74. package/dist/lambda/tools/get-feature-flags.js.map +1 -1
  75. package/dist/lambda/tools/get-queue-status.js +5 -9
  76. package/dist/lambda/tools/get-queue-status.js.map +1 -1
  77. package/dist/lambda/tools/search-logs.js +5 -9
  78. package/dist/lambda/tools/search-logs.js.map +1 -1
  79. package/dist/lambda/tools/send-alert.js +4 -8
  80. package/dist/lambda/tools/send-alert.js.map +1 -1
  81. package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
  82. package/dist/lambda/verify-auth-challenge.js +10 -12
  83. package/dist/lambda/verify-auth-challenge.js.map +1 -1
  84. package/dist/lib/abuse-metrics.d.ts.map +1 -1
  85. package/dist/lib/abuse-metrics.js +10 -13
  86. package/dist/lib/abuse-metrics.js.map +1 -1
  87. package/dist/lib/activitypub/activity-processor.d.ts +1 -1
  88. package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
  89. package/dist/lib/activitypub/activity-processor.js +9 -43
  90. package/dist/lib/activitypub/activity-processor.js.map +1 -1
  91. package/dist/lib/activitypub/activity-service.js +1 -5
  92. package/dist/lib/activitypub/activity-service.js.map +1 -1
  93. package/dist/lib/activitypub/actor.d.ts +1 -1
  94. package/dist/lib/activitypub/actor.d.ts.map +1 -1
  95. package/dist/lib/activitypub/actor.js +1 -5
  96. package/dist/lib/activitypub/actor.js.map +1 -1
  97. package/dist/lib/activitypub/audience-service.d.ts +2 -2
  98. package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
  99. package/dist/lib/activitypub/audience-service.js +8 -12
  100. package/dist/lib/activitypub/audience-service.js.map +1 -1
  101. package/dist/lib/activitypub/crypto.d.ts +1 -1
  102. package/dist/lib/activitypub/crypto.d.ts.map +1 -1
  103. package/dist/lib/activitypub/crypto.js +3 -41
  104. package/dist/lib/activitypub/crypto.js.map +1 -1
  105. package/dist/lib/activitypub/delivery-service.d.ts +5 -5
  106. package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
  107. package/dist/lib/activitypub/delivery-service.js +10 -47
  108. package/dist/lib/activitypub/delivery-service.js.map +1 -1
  109. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
  110. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
  111. package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
  112. package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
  113. package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
  114. package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
  115. package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
  116. package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
  117. package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
  118. package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
  119. package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
  120. package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
  121. package/dist/lib/activitypub/dm-service.js +1 -5
  122. package/dist/lib/activitypub/dm-service.js.map +1 -1
  123. package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
  124. package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
  125. package/dist/lib/activitypub/entity-profile-service.js +6 -10
  126. package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
  127. package/dist/lib/activitypub/fedify/config.d.ts +3 -3
  128. package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
  129. package/dist/lib/activitypub/fedify/config.js +5 -8
  130. package/dist/lib/activitypub/fedify/config.js.map +1 -1
  131. package/dist/lib/activitypub/fedify/context.d.ts +1 -1
  132. package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
  133. package/dist/lib/activitypub/fedify/context.js +8 -12
  134. package/dist/lib/activitypub/fedify/context.js.map +1 -1
  135. package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
  136. package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
  137. package/dist/lib/activitypub/fedify/runtime.js +3 -6
  138. package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
  139. package/dist/lib/activitypub/friendship-service.js +1 -5
  140. package/dist/lib/activitypub/friendship-service.js.map +1 -1
  141. package/dist/lib/activitypub/group-service.d.ts +1 -1
  142. package/dist/lib/activitypub/group-service.d.ts.map +1 -1
  143. package/dist/lib/activitypub/group-service.js +9 -46
  144. package/dist/lib/activitypub/group-service.js.map +1 -1
  145. package/dist/lib/activitypub/http-signatures.js +8 -45
  146. package/dist/lib/activitypub/http-signatures.js.map +1 -1
  147. package/dist/lib/activitypub/jsonld.d.ts +1 -1
  148. package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
  149. package/dist/lib/activitypub/jsonld.js +1 -5
  150. package/dist/lib/activitypub/jsonld.js.map +1 -1
  151. package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
  152. package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
  153. package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
  154. package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
  155. package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
  156. package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
  157. package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
  158. package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
  159. package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
  160. package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
  161. package/dist/lib/activitypub/listeners/inbox.js +31 -35
  162. package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
  163. package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
  164. package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
  165. package/dist/lib/activitypub/listeners/outbox.js +17 -20
  166. package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
  167. package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
  168. package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
  169. package/dist/lib/activitypub/remote-fetch-service.js +6 -10
  170. package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
  171. package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
  172. package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
  173. package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
  174. package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
  175. package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
  176. package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
  177. package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
  178. package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
  179. package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
  180. package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
  181. package/dist/lib/activitypub/services/fedify-converters.js +3 -8
  182. package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
  183. package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
  184. package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
  185. package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
  186. package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
  187. package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
  188. package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
  189. package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
  190. package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
  191. package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
  192. package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
  193. package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
  194. package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
  195. package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
  196. package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
  197. package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
  198. package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
  199. package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
  200. package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
  201. package/dist/lib/activitypub/standalone-mode.js +13 -50
  202. package/dist/lib/activitypub/standalone-mode.js.map +1 -1
  203. package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
  204. package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
  205. package/dist/lib/activitypub/webfinger/server.js +18 -54
  206. package/dist/lib/activitypub/webfinger/server.js.map +1 -1
  207. package/dist/lib/age-gate-middleware.d.ts +4 -4
  208. package/dist/lib/age-gate-middleware.d.ts.map +1 -1
  209. package/dist/lib/age-gate-middleware.js +3 -6
  210. package/dist/lib/age-gate-middleware.js.map +1 -1
  211. package/dist/lib/age-gate.js +3 -8
  212. package/dist/lib/age-gate.js.map +1 -1
  213. package/dist/lib/age-tier-transition.d.ts +1 -1
  214. package/dist/lib/age-tier-transition.d.ts.map +1 -1
  215. package/dist/lib/age-tier-transition.js +7 -44
  216. package/dist/lib/age-tier-transition.js.map +1 -1
  217. package/dist/lib/app.d.ts +76 -0
  218. package/dist/lib/app.d.ts.map +1 -0
  219. package/dist/lib/app.js +400 -0
  220. package/dist/lib/app.js.map +1 -0
  221. package/dist/lib/audit/csv-export.js +6 -13
  222. package/dist/lib/audit/csv-export.js.map +1 -1
  223. package/dist/lib/audit/pii-filter.d.ts +9 -0
  224. package/dist/lib/audit/pii-filter.d.ts.map +1 -1
  225. package/dist/lib/audit/pii-filter.js +57 -7
  226. package/dist/lib/audit/pii-filter.js.map +1 -1
  227. package/dist/lib/audit-actions.d.ts +94 -0
  228. package/dist/lib/audit-actions.d.ts.map +1 -0
  229. package/dist/lib/audit-actions.js +107 -0
  230. package/dist/lib/audit-actions.js.map +1 -0
  231. package/dist/lib/audit-composer.d.ts +174 -0
  232. package/dist/lib/audit-composer.d.ts.map +1 -0
  233. package/dist/lib/audit-composer.js +421 -0
  234. package/dist/lib/audit-composer.js.map +1 -0
  235. package/dist/lib/auth/auth-context.d.ts +1 -1
  236. package/dist/lib/auth/auth-context.js +1 -2
  237. package/dist/lib/auth/auth-context.js.map +1 -1
  238. package/dist/lib/auth/auth-middleware.d.ts +16 -2
  239. package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
  240. package/dist/lib/auth/auth-middleware.js +36 -45
  241. package/dist/lib/auth/auth-middleware.js.map +1 -1
  242. package/dist/lib/auth/capabilities.js +2 -5
  243. package/dist/lib/auth/capabilities.js.map +1 -1
  244. package/dist/lib/auth/claims-cache.d.ts +2 -2
  245. package/dist/lib/auth/claims-cache.js +19 -24
  246. package/dist/lib/auth/claims-cache.js.map +1 -1
  247. package/dist/lib/auth/cognito-jwt.d.ts +20 -2
  248. package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
  249. package/dist/lib/auth/cognito-jwt.js +83 -23
  250. package/dist/lib/auth/cognito-jwt.js.map +1 -1
  251. package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
  252. package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
  253. package/dist/lib/auth/idp-redirect-builder.js +4 -10
  254. package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
  255. package/dist/lib/auth/require.d.ts +4 -4
  256. package/dist/lib/auth/require.d.ts.map +1 -1
  257. package/dist/lib/auth/require.js +11 -18
  258. package/dist/lib/auth/require.js.map +1 -1
  259. package/dist/lib/auth/role-grants.d.ts +1 -1
  260. package/dist/lib/auth/role-grants.d.ts.map +1 -1
  261. package/dist/lib/auth/role-grants.js +28 -31
  262. package/dist/lib/auth/role-grants.js.map +1 -1
  263. package/dist/lib/auth-context-manager.js +1 -5
  264. package/dist/lib/auth-context-manager.js.map +1 -1
  265. package/dist/lib/auth-handler.d.ts +5 -5
  266. package/dist/lib/auth-handler.d.ts.map +1 -1
  267. package/dist/lib/auth-handler.js +5 -9
  268. package/dist/lib/auth-handler.js.map +1 -1
  269. package/dist/lib/badge-handler.d.ts +1 -1
  270. package/dist/lib/badge-handler.d.ts.map +1 -1
  271. package/dist/lib/badge-handler.js +14 -52
  272. package/dist/lib/badge-handler.js.map +1 -1
  273. package/dist/lib/circle-handler.d.ts +10 -10
  274. package/dist/lib/circle-handler.d.ts.map +1 -1
  275. package/dist/lib/circle-handler.js +10 -47
  276. package/dist/lib/circle-handler.js.map +1 -1
  277. package/dist/lib/cognito/idp-sdk.js +11 -18
  278. package/dist/lib/cognito/idp-sdk.js.map +1 -1
  279. package/dist/lib/cognito/issuer-probe.js +9 -14
  280. package/dist/lib/cognito/issuer-probe.js.map +1 -1
  281. package/dist/lib/comment-handler.d.ts +10 -10
  282. package/dist/lib/comment-handler.d.ts.map +1 -1
  283. package/dist/lib/comment-handler.js +61 -97
  284. package/dist/lib/comment-handler.js.map +1 -1
  285. package/dist/lib/compliance/baseline.d.ts +2 -2
  286. package/dist/lib/compliance/baseline.d.ts.map +1 -1
  287. package/dist/lib/compliance/baseline.js +15 -18
  288. package/dist/lib/compliance/baseline.js.map +1 -1
  289. package/dist/lib/compliance/tenant-merge.d.ts +1 -1
  290. package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
  291. package/dist/lib/compliance/tenant-merge.js +1 -4
  292. package/dist/lib/compliance/tenant-merge.js.map +1 -1
  293. package/dist/lib/compliance/types.d.ts +1 -1
  294. package/dist/lib/compliance/types.js +2 -3
  295. package/dist/lib/compliance/types.js.map +1 -1
  296. package/dist/lib/connection-code-handler.d.ts +7 -7
  297. package/dist/lib/connection-code-handler.d.ts.map +1 -1
  298. package/dist/lib/connection-code-handler.js +13 -50
  299. package/dist/lib/connection-code-handler.js.map +1 -1
  300. package/dist/lib/content-discovery.d.ts +1 -1
  301. package/dist/lib/content-discovery.d.ts.map +1 -1
  302. package/dist/lib/content-discovery.js +15 -52
  303. package/dist/lib/content-discovery.js.map +1 -1
  304. package/dist/lib/context-aware-data-access.d.ts +1 -1
  305. package/dist/lib/context-aware-data-access.d.ts.map +1 -1
  306. package/dist/lib/context-aware-data-access.js +1 -5
  307. package/dist/lib/context-aware-data-access.js.map +1 -1
  308. package/dist/lib/cors-handler.d.ts +1 -1
  309. package/dist/lib/cors-handler.d.ts.map +1 -1
  310. package/dist/lib/cors-handler.js +13 -17
  311. package/dist/lib/cors-handler.js.map +1 -1
  312. package/dist/lib/cost-accumulator.d.ts.map +1 -1
  313. package/dist/lib/cost-accumulator.js +7 -11
  314. package/dist/lib/cost-accumulator.js.map +1 -1
  315. package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
  316. package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
  317. package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
  318. package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
  319. package/dist/lib/crypto/voting/hash-utils.js +6 -12
  320. package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
  321. package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
  322. package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
  323. package/dist/lib/crypto/voting/index.js +4 -14
  324. package/dist/lib/crypto/voting/index.js.map +1 -1
  325. package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
  326. package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
  327. package/dist/lib/csrf.d.ts +2 -2
  328. package/dist/lib/csrf.d.ts.map +1 -1
  329. package/dist/lib/csrf.js +1 -5
  330. package/dist/lib/csrf.js.map +1 -1
  331. package/dist/lib/data-router.d.ts +5 -4
  332. package/dist/lib/data-router.d.ts.map +1 -1
  333. package/dist/lib/data-router.js +60 -90
  334. package/dist/lib/data-router.js.map +1 -1
  335. package/dist/lib/database-circuit-breaker.d.ts +61 -34
  336. package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
  337. package/dist/lib/database-circuit-breaker.js +102 -109
  338. package/dist/lib/database-circuit-breaker.js.map +1 -1
  339. package/dist/lib/database-config.js +1 -4
  340. package/dist/lib/database-config.js.map +1 -1
  341. package/dist/lib/database-connection-manager.d.ts +42 -2
  342. package/dist/lib/database-connection-manager.d.ts.map +1 -1
  343. package/dist/lib/database-connection-manager.js +178 -74
  344. package/dist/lib/database-connection-manager.js.map +1 -1
  345. package/dist/lib/database-monitor.d.ts +1 -1
  346. package/dist/lib/database-monitor.d.ts.map +1 -1
  347. package/dist/lib/database-monitor.js +5 -9
  348. package/dist/lib/database-monitor.js.map +1 -1
  349. package/dist/lib/database-rate-limiter.d.ts +1 -1
  350. package/dist/lib/database-rate-limiter.d.ts.map +1 -1
  351. package/dist/lib/database-rate-limiter.js +3 -7
  352. package/dist/lib/database-rate-limiter.js.map +1 -1
  353. package/dist/lib/database-wrapper-helper.d.ts +2 -2
  354. package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
  355. package/dist/lib/database-wrapper-helper.js +7 -11
  356. package/dist/lib/database-wrapper-helper.js.map +1 -1
  357. package/dist/lib/database-wrapper.d.ts +1 -1
  358. package/dist/lib/database-wrapper.d.ts.map +1 -1
  359. package/dist/lib/database-wrapper.js +5 -9
  360. package/dist/lib/database-wrapper.js.map +1 -1
  361. package/dist/lib/db-query-helper.d.ts +3 -3
  362. package/dist/lib/db-query-helper.d.ts.map +1 -1
  363. package/dist/lib/db-query-helper.js +4 -9
  364. package/dist/lib/db-query-helper.js.map +1 -1
  365. package/dist/lib/discovery-exposure.d.ts +42 -0
  366. package/dist/lib/discovery-exposure.d.ts.map +1 -0
  367. package/dist/lib/discovery-exposure.js +89 -0
  368. package/dist/lib/discovery-exposure.js.map +1 -0
  369. package/dist/lib/discovery-handler.d.ts +6 -6
  370. package/dist/lib/discovery-handler.d.ts.map +1 -1
  371. package/dist/lib/discovery-handler.js +10 -43
  372. package/dist/lib/discovery-handler.js.map +1 -1
  373. package/dist/lib/domain-reputation-service.d.ts +1 -1
  374. package/dist/lib/domain-reputation-service.d.ts.map +1 -1
  375. package/dist/lib/domain-reputation-service.js +12 -15
  376. package/dist/lib/domain-reputation-service.js.map +1 -1
  377. package/dist/lib/email-privacy.js +4 -8
  378. package/dist/lib/email-privacy.js.map +1 -1
  379. package/dist/lib/email-provider.d.ts +2 -2
  380. package/dist/lib/email-provider.d.ts.map +1 -1
  381. package/dist/lib/email-provider.js +8 -16
  382. package/dist/lib/email-provider.js.map +1 -1
  383. package/dist/lib/entity-handler.d.ts +5 -6
  384. package/dist/lib/entity-handler.d.ts.map +1 -1
  385. package/dist/lib/entity-handler.js +45 -80
  386. package/dist/lib/entity-handler.js.map +1 -1
  387. package/dist/lib/entity-relationship-handler.d.ts +9 -9
  388. package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
  389. package/dist/lib/entity-relationship-handler.js +14 -51
  390. package/dist/lib/entity-relationship-handler.js.map +1 -1
  391. package/dist/lib/entity-tagging-errors.js +4 -11
  392. package/dist/lib/entity-tagging-errors.js.map +1 -1
  393. package/dist/lib/entity-tagging-validator.d.ts +3 -3
  394. package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
  395. package/dist/lib/entity-tagging-validator.js +6 -11
  396. package/dist/lib/entity-tagging-validator.js.map +1 -1
  397. package/dist/lib/exif-stripper.js +1 -4
  398. package/dist/lib/exif-stripper.js.map +1 -1
  399. package/dist/lib/extension-context.d.ts +2 -2
  400. package/dist/lib/extension-context.d.ts.map +1 -1
  401. package/dist/lib/extension-context.js +1 -4
  402. package/dist/lib/extension-context.js.map +1 -1
  403. package/dist/lib/extension-route-wrapper.d.ts +1 -1
  404. package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
  405. package/dist/lib/extension-route-wrapper.js +17 -55
  406. package/dist/lib/extension-route-wrapper.js.map +1 -1
  407. package/dist/lib/extension-validator.js +3 -6
  408. package/dist/lib/extension-validator.js.map +1 -1
  409. package/dist/lib/feature-flags.d.ts +5 -2
  410. package/dist/lib/feature-flags.d.ts.map +1 -1
  411. package/dist/lib/feature-flags.js +15 -48
  412. package/dist/lib/feature-flags.js.map +1 -1
  413. package/dist/lib/feature-toggle-global-client.d.ts +6 -0
  414. package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
  415. package/dist/lib/feature-toggle-global-client.js +73 -0
  416. package/dist/lib/feature-toggle-global-client.js.map +1 -0
  417. package/dist/lib/feature-toggle-service.d.ts +137 -27
  418. package/dist/lib/feature-toggle-service.d.ts.map +1 -1
  419. package/dist/lib/feature-toggle-service.js +302 -119
  420. package/dist/lib/feature-toggle-service.js.map +1 -1
  421. package/dist/lib/feed-handler.d.ts +8 -8
  422. package/dist/lib/feed-handler.d.ts.map +1 -1
  423. package/dist/lib/feed-handler.js +33 -62
  424. package/dist/lib/feed-handler.js.map +1 -1
  425. package/dist/lib/feed-pagination.d.ts +26 -0
  426. package/dist/lib/feed-pagination.d.ts.map +1 -1
  427. package/dist/lib/feed-pagination.js +31 -11
  428. package/dist/lib/feed-pagination.js.map +1 -1
  429. package/dist/lib/feed-personalization.d.ts +1 -1
  430. package/dist/lib/feed-personalization.d.ts.map +1 -1
  431. package/dist/lib/feed-personalization.js +6 -43
  432. package/dist/lib/feed-personalization.js.map +1 -1
  433. package/dist/lib/followers-events.js +8 -13
  434. package/dist/lib/followers-events.js.map +1 -1
  435. package/dist/lib/friends-handler.d.ts +2 -2
  436. package/dist/lib/friends-handler.d.ts.map +1 -1
  437. package/dist/lib/friends-handler.js +9 -46
  438. package/dist/lib/friends-handler.js.map +1 -1
  439. package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
  440. package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
  441. package/dist/lib/geo/entity-geo-repository.js +91 -0
  442. package/dist/lib/geo/entity-geo-repository.js.map +1 -0
  443. package/dist/lib/graph/errors.d.ts.map +1 -1
  444. package/dist/lib/graph/errors.js +13 -18
  445. package/dist/lib/graph/errors.js.map +1 -1
  446. package/dist/lib/graph/graph-factory.d.ts +12 -53
  447. package/dist/lib/graph/graph-factory.d.ts.map +1 -1
  448. package/dist/lib/graph/graph-factory.js +67 -162
  449. package/dist/lib/graph/graph-factory.js.map +1 -1
  450. package/dist/lib/graph/graph-service.d.ts +1 -1
  451. package/dist/lib/graph/graph-service.d.ts.map +1 -1
  452. package/dist/lib/graph/graph-service.js +1 -2
  453. package/dist/lib/graph/graph-service.js.map +1 -1
  454. package/dist/lib/graph/index.d.ts +10 -14
  455. package/dist/lib/graph/index.d.ts.map +1 -1
  456. package/dist/lib/graph/index.js +12 -46
  457. package/dist/lib/graph/index.js.map +1 -1
  458. package/dist/lib/graph/postgres/_shared.d.ts +18 -0
  459. package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
  460. package/dist/lib/graph/postgres/_shared.js +24 -0
  461. package/dist/lib/graph/postgres/_shared.js.map +1 -0
  462. package/dist/lib/graph/postgres/circles.d.ts +66 -0
  463. package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
  464. package/dist/lib/graph/postgres/circles.js +513 -0
  465. package/dist/lib/graph/postgres/circles.js.map +1 -0
  466. package/dist/lib/graph/postgres/discovery.d.ts +165 -0
  467. package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
  468. package/dist/lib/graph/postgres/discovery.js +579 -0
  469. package/dist/lib/graph/postgres/discovery.js.map +1 -0
  470. package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
  471. package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
  472. package/dist/lib/graph/postgres/entity-relationships.js +304 -0
  473. package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
  474. package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
  475. package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
  476. package/dist/lib/graph/postgres/interaction-events.js +162 -0
  477. package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
  478. package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
  479. package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
  480. package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
  481. package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
  482. package/dist/lib/graph/postgres/relationships.d.ts +58 -0
  483. package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
  484. package/dist/lib/graph/postgres/relationships.js +314 -0
  485. package/dist/lib/graph/postgres/relationships.js.map +1 -0
  486. package/dist/lib/graph/postgres/scoring.d.ts +74 -0
  487. package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
  488. package/dist/lib/graph/postgres/scoring.js +297 -0
  489. package/dist/lib/graph/postgres/scoring.js.map +1 -0
  490. package/dist/lib/graph/postgres/sync.d.ts +149 -0
  491. package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
  492. package/dist/lib/graph/postgres/sync.js +269 -0
  493. package/dist/lib/graph/postgres/sync.js.map +1 -0
  494. package/dist/lib/graph/scoring-engine.d.ts +7 -1
  495. package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
  496. package/dist/lib/graph/scoring-engine.js +29 -35
  497. package/dist/lib/graph/scoring-engine.js.map +1 -1
  498. package/dist/lib/graph/types.d.ts +18 -1
  499. package/dist/lib/graph/types.d.ts.map +1 -1
  500. package/dist/lib/graph/types.js +1 -2
  501. package/dist/lib/graph/types.js.map +1 -1
  502. package/dist/lib/hook-dispatcher.d.ts +1 -1
  503. package/dist/lib/hook-dispatcher.d.ts.map +1 -1
  504. package/dist/lib/hook-dispatcher.js +8 -12
  505. package/dist/lib/hook-dispatcher.js.map +1 -1
  506. package/dist/lib/input-sanitizer.js +1 -5
  507. package/dist/lib/input-sanitizer.js.map +1 -1
  508. package/dist/lib/internal-docs-handler.d.ts +2 -2
  509. package/dist/lib/internal-docs-handler.d.ts.map +1 -1
  510. package/dist/lib/internal-docs-handler.js +20 -28
  511. package/dist/lib/internal-docs-handler.js.map +1 -1
  512. package/dist/lib/internal-docs-navigation.js +2 -6
  513. package/dist/lib/internal-docs-navigation.js.map +1 -1
  514. package/dist/lib/invitation-handler.d.ts +2 -2
  515. package/dist/lib/invitation-handler.d.ts.map +1 -1
  516. package/dist/lib/invitation-handler.js +41 -82
  517. package/dist/lib/invitation-handler.js.map +1 -1
  518. package/dist/lib/ip-scrubber.js +3 -8
  519. package/dist/lib/ip-scrubber.js.map +1 -1
  520. package/dist/lib/link-security-handler.d.ts +3 -2
  521. package/dist/lib/link-security-handler.d.ts.map +1 -1
  522. package/dist/lib/link-security-handler.js +8 -44
  523. package/dist/lib/link-security-handler.js.map +1 -1
  524. package/dist/lib/logger.d.ts +31 -82
  525. package/dist/lib/logger.d.ts.map +1 -1
  526. package/dist/lib/logger.js +43 -185
  527. package/dist/lib/logger.js.map +1 -1
  528. package/dist/lib/media-cleanup-handler.d.ts +2 -2
  529. package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
  530. package/dist/lib/media-cleanup-handler.js +7 -11
  531. package/dist/lib/media-cleanup-handler.js.map +1 -1
  532. package/dist/lib/media-handler.d.ts +1 -1
  533. package/dist/lib/media-handler.d.ts.map +1 -1
  534. package/dist/lib/media-handler.js +36 -73
  535. package/dist/lib/media-handler.js.map +1 -1
  536. package/dist/lib/media-metadata-extractor.d.ts +1 -1
  537. package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
  538. package/dist/lib/media-metadata-extractor.js +3 -7
  539. package/dist/lib/media-metadata-extractor.js.map +1 -1
  540. package/dist/lib/media-metrics.d.ts +2 -2
  541. package/dist/lib/media-metrics.d.ts.map +1 -1
  542. package/dist/lib/media-metrics.js +3 -7
  543. package/dist/lib/media-metrics.js.map +1 -1
  544. package/dist/lib/metadata/index.d.ts +5 -5
  545. package/dist/lib/metadata/index.d.ts.map +1 -1
  546. package/dist/lib/metadata/index.js +5 -21
  547. package/dist/lib/metadata/index.js.map +1 -1
  548. package/dist/lib/metadata/metadata-config.js +2 -5
  549. package/dist/lib/metadata/metadata-config.js.map +1 -1
  550. package/dist/lib/metadata/metadata-errors.js +2 -7
  551. package/dist/lib/metadata/metadata-errors.js.map +1 -1
  552. package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
  553. package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
  554. package/dist/lib/metadata/metadata-extractor.js +42 -82
  555. package/dist/lib/metadata/metadata-extractor.js.map +1 -1
  556. package/dist/lib/metadata/metadata-sanitizer.js +17 -24
  557. package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
  558. package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
  559. package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
  560. package/dist/lib/metadata/metadata-schemas.js +31 -34
  561. package/dist/lib/metadata/metadata-schemas.js.map +1 -1
  562. package/dist/lib/mfa/mfa-handler.d.ts +1 -1
  563. package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
  564. package/dist/lib/mfa/mfa-handler.js +13 -17
  565. package/dist/lib/mfa/mfa-handler.js.map +1 -1
  566. package/dist/lib/mfa/totp-service.js +8 -18
  567. package/dist/lib/mfa/totp-service.js.map +1 -1
  568. package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
  569. package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
  570. package/dist/lib/middleware/comment-rate-limit.js +7 -10
  571. package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
  572. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
  573. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
  574. package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
  575. package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
  576. package/dist/lib/middleware/idempotency-store.js +20 -26
  577. package/dist/lib/middleware/idempotency-store.js.map +1 -1
  578. package/dist/lib/middleware/idempotency.d.ts +2 -2
  579. package/dist/lib/middleware/idempotency.d.ts.map +1 -1
  580. package/dist/lib/middleware/idempotency.js +12 -50
  581. package/dist/lib/middleware/idempotency.js.map +1 -1
  582. package/dist/lib/middleware.d.ts +22 -9
  583. package/dist/lib/middleware.d.ts.map +1 -1
  584. package/dist/lib/middleware.js +72 -153
  585. package/dist/lib/middleware.js.map +1 -1
  586. package/dist/lib/moderation-handler.d.ts +1 -1
  587. package/dist/lib/moderation-handler.d.ts.map +1 -1
  588. package/dist/lib/moderation-handler.js +15 -54
  589. package/dist/lib/moderation-handler.js.map +1 -1
  590. package/dist/lib/net/trusted-client-ip.d.ts +8 -30
  591. package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
  592. package/dist/lib/net/trusted-client-ip.js +13 -94
  593. package/dist/lib/net/trusted-client-ip.js.map +1 -1
  594. package/dist/lib/notification-handler.d.ts +1 -1
  595. package/dist/lib/notification-handler.d.ts.map +1 -1
  596. package/dist/lib/notification-handler.js +10 -15
  597. package/dist/lib/notification-handler.js.map +1 -1
  598. package/dist/lib/notification-preferences-handler.d.ts +1 -1
  599. package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
  600. package/dist/lib/notification-preferences-handler.js +7 -11
  601. package/dist/lib/notification-preferences-handler.js.map +1 -1
  602. package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
  603. package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
  604. package/dist/lib/oauth/cognito-issuer.js +5 -10
  605. package/dist/lib/oauth/cognito-issuer.js.map +1 -1
  606. package/dist/lib/oauth/device-authorization.d.ts +1 -1
  607. package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
  608. package/dist/lib/oauth/device-authorization.js +62 -77
  609. package/dist/lib/oauth/device-authorization.js.map +1 -1
  610. package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
  611. package/dist/lib/oauth/envelope-crypto.js +22 -34
  612. package/dist/lib/oauth/envelope-crypto.js.map +1 -1
  613. package/dist/lib/oauth/refresh-detection.js +42 -52
  614. package/dist/lib/oauth/refresh-detection.js.map +1 -1
  615. package/dist/lib/openai-budget.d.ts.map +1 -1
  616. package/dist/lib/openai-budget.js +7 -44
  617. package/dist/lib/openai-budget.js.map +1 -1
  618. package/dist/lib/openapi/generator.d.ts +1 -1
  619. package/dist/lib/openapi/generator.d.ts.map +1 -1
  620. package/dist/lib/openapi/generator.js +2 -6
  621. package/dist/lib/openapi/generator.js.map +1 -1
  622. package/dist/lib/orphaned-media-handler.d.ts +1 -1
  623. package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
  624. package/dist/lib/orphaned-media-handler.js +9 -46
  625. package/dist/lib/orphaned-media-handler.js.map +1 -1
  626. package/dist/lib/parental-control-handler.d.ts +2 -2
  627. package/dist/lib/parental-control-handler.d.ts.map +1 -1
  628. package/dist/lib/parental-control-handler.js +18 -55
  629. package/dist/lib/parental-control-handler.js.map +1 -1
  630. package/dist/lib/parental-link-handler.d.ts +8 -8
  631. package/dist/lib/parental-link-handler.d.ts.map +1 -1
  632. package/dist/lib/parental-link-handler.js +10 -14
  633. package/dist/lib/parental-link-handler.js.map +1 -1
  634. package/dist/lib/performance-metrics.d.ts +1 -1
  635. package/dist/lib/performance-metrics.d.ts.map +1 -1
  636. package/dist/lib/performance-metrics.js +3 -6
  637. package/dist/lib/performance-metrics.js.map +1 -1
  638. package/dist/lib/post-handler.d.ts +9 -9
  639. package/dist/lib/post-handler.d.ts.map +1 -1
  640. package/dist/lib/post-handler.js +67 -101
  641. package/dist/lib/post-handler.js.map +1 -1
  642. package/dist/lib/privacy-defaults.js +3 -8
  643. package/dist/lib/privacy-defaults.js.map +1 -1
  644. package/dist/lib/privacy-handler.d.ts +2 -2
  645. package/dist/lib/privacy-handler.d.ts.map +1 -1
  646. package/dist/lib/privacy-handler.js +6 -10
  647. package/dist/lib/privacy-handler.js.map +1 -1
  648. package/dist/lib/pseudonym.d.ts +56 -0
  649. package/dist/lib/pseudonym.d.ts.map +1 -0
  650. package/dist/lib/pseudonym.js +85 -0
  651. package/dist/lib/pseudonym.js.map +1 -0
  652. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
  653. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
  654. package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
  655. package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
  656. package/dist/lib/quiet-hours.js +2 -6
  657. package/dist/lib/quiet-hours.js.map +1 -1
  658. package/dist/lib/rate-limit.d.ts +58 -47
  659. package/dist/lib/rate-limit.d.ts.map +1 -1
  660. package/dist/lib/rate-limit.js +168 -157
  661. package/dist/lib/rate-limit.js.map +1 -1
  662. package/dist/lib/reaction-handler.d.ts +10 -10
  663. package/dist/lib/reaction-handler.d.ts.map +1 -1
  664. package/dist/lib/reaction-handler.js +44 -80
  665. package/dist/lib/reaction-handler.js.map +1 -1
  666. package/dist/lib/recaptcha.js +6 -9
  667. package/dist/lib/recaptcha.js.map +1 -1
  668. package/dist/lib/redirect-resolver.d.ts +2 -2
  669. package/dist/lib/redirect-resolver.d.ts.map +1 -1
  670. package/dist/lib/redirect-resolver.js +5 -9
  671. package/dist/lib/redirect-resolver.js.map +1 -1
  672. package/dist/lib/region-config.d.ts +3 -3
  673. package/dist/lib/region-config.d.ts.map +1 -1
  674. package/dist/lib/region-config.js +15 -58
  675. package/dist/lib/region-config.js.map +1 -1
  676. package/dist/lib/region-detection.d.ts +55 -24
  677. package/dist/lib/region-detection.d.ts.map +1 -1
  678. package/dist/lib/region-detection.js +140 -199
  679. package/dist/lib/region-detection.js.map +1 -1
  680. package/dist/lib/region-registry.d.ts +49 -0
  681. package/dist/lib/region-registry.d.ts.map +1 -0
  682. package/dist/lib/region-registry.js +112 -0
  683. package/dist/lib/region-registry.js.map +1 -0
  684. package/dist/lib/relationship-handler.d.ts +9 -9
  685. package/dist/lib/relationship-handler.d.ts.map +1 -1
  686. package/dist/lib/relationship-handler.js +12 -49
  687. package/dist/lib/relationship-handler.js.map +1 -1
  688. package/dist/lib/request-context.d.ts +16 -16
  689. package/dist/lib/request-context.d.ts.map +1 -1
  690. package/dist/lib/request-context.js +14 -22
  691. package/dist/lib/request-context.js.map +1 -1
  692. package/dist/lib/route-helpers.d.ts +3 -4
  693. package/dist/lib/route-helpers.d.ts.map +1 -1
  694. package/dist/lib/route-helpers.js +20 -75
  695. package/dist/lib/route-helpers.js.map +1 -1
  696. package/dist/lib/routes/activitypub/actor.d.ts +1 -1
  697. package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
  698. package/dist/lib/routes/activitypub/actor.js +20 -23
  699. package/dist/lib/routes/activitypub/actor.js.map +1 -1
  700. package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
  701. package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
  702. package/dist/lib/routes/activitypub/audiences.js +76 -80
  703. package/dist/lib/routes/activitypub/audiences.js.map +1 -1
  704. package/dist/lib/routes/activitypub/collections.d.ts +1 -1
  705. package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
  706. package/dist/lib/routes/activitypub/collections.js +24 -26
  707. package/dist/lib/routes/activitypub/collections.js.map +1 -1
  708. package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
  709. package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
  710. package/dist/lib/routes/activitypub/entity-profile.js +36 -39
  711. package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
  712. package/dist/lib/routes/activitypub/friends.d.ts +1 -1
  713. package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
  714. package/dist/lib/routes/activitypub/friends.js +9 -12
  715. package/dist/lib/routes/activitypub/friends.js.map +1 -1
  716. package/dist/lib/routes/activitypub/group.d.ts +1 -1
  717. package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
  718. package/dist/lib/routes/activitypub/group.js +91 -94
  719. package/dist/lib/routes/activitypub/group.js.map +1 -1
  720. package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
  721. package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
  722. package/dist/lib/routes/activitypub/inbox.js +30 -33
  723. package/dist/lib/routes/activitypub/inbox.js.map +1 -1
  724. package/dist/lib/routes/activitypub/messages.d.ts +1 -1
  725. package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
  726. package/dist/lib/routes/activitypub/messages.js +79 -83
  727. package/dist/lib/routes/activitypub/messages.js.map +1 -1
  728. package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
  729. package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
  730. package/dist/lib/routes/activitypub/outbox.js +9 -12
  731. package/dist/lib/routes/activitypub/outbox.js.map +1 -1
  732. package/dist/lib/routes/activitypub/post.d.ts +1 -1
  733. package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
  734. package/dist/lib/routes/activitypub/post.js +32 -35
  735. package/dist/lib/routes/activitypub/post.js.map +1 -1
  736. package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
  737. package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
  738. package/dist/lib/routes/activitypub/webfinger.js +5 -8
  739. package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
  740. package/dist/lib/routes/admin-costs.d.ts +1 -1
  741. package/dist/lib/routes/admin-costs.d.ts.map +1 -1
  742. package/dist/lib/routes/admin-costs.js +22 -26
  743. package/dist/lib/routes/admin-costs.js.map +1 -1
  744. package/dist/lib/routes/admin.d.ts +1 -1
  745. package/dist/lib/routes/admin.d.ts.map +1 -1
  746. package/dist/lib/routes/admin.js +290 -269
  747. package/dist/lib/routes/admin.js.map +1 -1
  748. package/dist/lib/routes/agent-authorize.d.ts +5 -5
  749. package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
  750. package/dist/lib/routes/agent-authorize.js +68 -74
  751. package/dist/lib/routes/agent-authorize.js.map +1 -1
  752. package/dist/lib/routes/agent-sessions.d.ts +4 -4
  753. package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
  754. package/dist/lib/routes/agent-sessions.js +30 -35
  755. package/dist/lib/routes/agent-sessions.js.map +1 -1
  756. package/dist/lib/routes/agent-surface.d.ts +2 -2
  757. package/dist/lib/routes/agent-surface.d.ts.map +1 -1
  758. package/dist/lib/routes/agent-surface.js +20 -24
  759. package/dist/lib/routes/agent-surface.js.map +1 -1
  760. package/dist/lib/routes/auth-discover.d.ts +1 -1
  761. package/dist/lib/routes/auth-discover.d.ts.map +1 -1
  762. package/dist/lib/routes/auth-discover.js +20 -56
  763. package/dist/lib/routes/auth-discover.js.map +1 -1
  764. package/dist/lib/routes/auth.d.ts +1 -1
  765. package/dist/lib/routes/auth.d.ts.map +1 -1
  766. package/dist/lib/routes/auth.js +13 -16
  767. package/dist/lib/routes/auth.js.map +1 -1
  768. package/dist/lib/routes/badges.d.ts +1 -1
  769. package/dist/lib/routes/badges.d.ts.map +1 -1
  770. package/dist/lib/routes/badges.js +20 -23
  771. package/dist/lib/routes/badges.js.map +1 -1
  772. package/dist/lib/routes/circles.d.ts +1 -1
  773. package/dist/lib/routes/circles.d.ts.map +1 -1
  774. package/dist/lib/routes/circles.js +40 -44
  775. package/dist/lib/routes/circles.js.map +1 -1
  776. package/dist/lib/routes/comments.d.ts +1 -1
  777. package/dist/lib/routes/comments.d.ts.map +1 -1
  778. package/dist/lib/routes/comments.js +67 -71
  779. package/dist/lib/routes/comments.js.map +1 -1
  780. package/dist/lib/routes/connection-codes.d.ts +1 -1
  781. package/dist/lib/routes/connection-codes.d.ts.map +1 -1
  782. package/dist/lib/routes/connection-codes.js +30 -34
  783. package/dist/lib/routes/connection-codes.js.map +1 -1
  784. package/dist/lib/routes/content-discovery.d.ts +1 -1
  785. package/dist/lib/routes/content-discovery.d.ts.map +1 -1
  786. package/dist/lib/routes/content-discovery.js +31 -34
  787. package/dist/lib/routes/content-discovery.js.map +1 -1
  788. package/dist/lib/routes/dashboard.d.ts +1 -1
  789. package/dist/lib/routes/dashboard.d.ts.map +1 -1
  790. package/dist/lib/routes/dashboard.js +251 -288
  791. package/dist/lib/routes/dashboard.js.map +1 -1
  792. package/dist/lib/routes/deletion.d.ts +1 -1
  793. package/dist/lib/routes/deletion.d.ts.map +1 -1
  794. package/dist/lib/routes/deletion.js +37 -74
  795. package/dist/lib/routes/deletion.js.map +1 -1
  796. package/dist/lib/routes/discovery.d.ts +1 -1
  797. package/dist/lib/routes/discovery.d.ts.map +1 -1
  798. package/dist/lib/routes/discovery.js +20 -24
  799. package/dist/lib/routes/discovery.js.map +1 -1
  800. package/dist/lib/routes/employees.d.ts +1 -1
  801. package/dist/lib/routes/employees.d.ts.map +1 -1
  802. package/dist/lib/routes/employees.js +15 -52
  803. package/dist/lib/routes/employees.js.map +1 -1
  804. package/dist/lib/routes/entities.d.ts +1 -1
  805. package/dist/lib/routes/entities.d.ts.map +1 -1
  806. package/dist/lib/routes/entities.js +133 -137
  807. package/dist/lib/routes/entities.js.map +1 -1
  808. package/dist/lib/routes/entity-relationships.d.ts +1 -1
  809. package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
  810. package/dist/lib/routes/entity-relationships.js +35 -39
  811. package/dist/lib/routes/entity-relationships.js.map +1 -1
  812. package/dist/lib/routes/errors.d.ts +1 -1
  813. package/dist/lib/routes/errors.d.ts.map +1 -1
  814. package/dist/lib/routes/errors.js +4 -10
  815. package/dist/lib/routes/errors.js.map +1 -1
  816. package/dist/lib/routes/export.d.ts +1 -1
  817. package/dist/lib/routes/export.d.ts.map +1 -1
  818. package/dist/lib/routes/export.js +31 -35
  819. package/dist/lib/routes/export.js.map +1 -1
  820. package/dist/lib/routes/feature-flags.d.ts +1 -1
  821. package/dist/lib/routes/feature-flags.d.ts.map +1 -1
  822. package/dist/lib/routes/feature-flags.js +20 -23
  823. package/dist/lib/routes/feature-flags.js.map +1 -1
  824. package/dist/lib/routes/feeds.d.ts +1 -1
  825. package/dist/lib/routes/feeds.d.ts.map +1 -1
  826. package/dist/lib/routes/feeds.js +42 -46
  827. package/dist/lib/routes/feeds.js.map +1 -1
  828. package/dist/lib/routes/friends.d.ts +1 -1
  829. package/dist/lib/routes/friends.d.ts.map +1 -1
  830. package/dist/lib/routes/friends.js +35 -39
  831. package/dist/lib/routes/friends.js.map +1 -1
  832. package/dist/lib/routes/health.d.ts +1 -1
  833. package/dist/lib/routes/health.d.ts.map +1 -1
  834. package/dist/lib/routes/health.js +23 -27
  835. package/dist/lib/routes/health.js.map +1 -1
  836. package/dist/lib/routes/index.d.ts +2 -7
  837. package/dist/lib/routes/index.d.ts.map +1 -1
  838. package/dist/lib/routes/index.js +137 -158
  839. package/dist/lib/routes/index.js.map +1 -1
  840. package/dist/lib/routes/internal-docs.d.ts +1 -1
  841. package/dist/lib/routes/internal-docs.d.ts.map +1 -1
  842. package/dist/lib/routes/internal-docs.js +13 -16
  843. package/dist/lib/routes/internal-docs.js.map +1 -1
  844. package/dist/lib/routes/invitations.d.ts +1 -1
  845. package/dist/lib/routes/invitations.d.ts.map +1 -1
  846. package/dist/lib/routes/invitations.js +19 -22
  847. package/dist/lib/routes/invitations.js.map +1 -1
  848. package/dist/lib/routes/link-reports.d.ts +2 -2
  849. package/dist/lib/routes/link-reports.d.ts.map +1 -1
  850. package/dist/lib/routes/link-reports.js +86 -48
  851. package/dist/lib/routes/link-reports.js.map +1 -1
  852. package/dist/lib/routes/map.d.ts +1 -1
  853. package/dist/lib/routes/map.d.ts.map +1 -1
  854. package/dist/lib/routes/map.js +5 -8
  855. package/dist/lib/routes/map.js.map +1 -1
  856. package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
  857. package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
  858. package/dist/lib/routes/media-metadata-visibility.js +30 -67
  859. package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
  860. package/dist/lib/routes/media.d.ts +1 -1
  861. package/dist/lib/routes/media.d.ts.map +1 -1
  862. package/dist/lib/routes/media.js +156 -193
  863. package/dist/lib/routes/media.js.map +1 -1
  864. package/dist/lib/routes/mfa.d.ts +1 -1
  865. package/dist/lib/routes/mfa.d.ts.map +1 -1
  866. package/dist/lib/routes/mfa.js +60 -64
  867. package/dist/lib/routes/mfa.js.map +1 -1
  868. package/dist/lib/routes/notifications.d.ts +1 -1
  869. package/dist/lib/routes/notifications.d.ts.map +1 -1
  870. package/dist/lib/routes/notifications.js +68 -72
  871. package/dist/lib/routes/notifications.js.map +1 -1
  872. package/dist/lib/routes/oauth.d.ts +1 -1
  873. package/dist/lib/routes/oauth.d.ts.map +1 -1
  874. package/dist/lib/routes/oauth.js +20 -23
  875. package/dist/lib/routes/oauth.js.map +1 -1
  876. package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
  877. package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
  878. package/dist/lib/routes/orphaned-media-health.js +10 -13
  879. package/dist/lib/routes/orphaned-media-health.js.map +1 -1
  880. package/dist/lib/routes/orphaned-media.d.ts +1 -1
  881. package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
  882. package/dist/lib/routes/orphaned-media.js +20 -57
  883. package/dist/lib/routes/orphaned-media.js.map +1 -1
  884. package/dist/lib/routes/out.d.ts +1 -1
  885. package/dist/lib/routes/out.d.ts.map +1 -1
  886. package/dist/lib/routes/out.js +21 -24
  887. package/dist/lib/routes/out.js.map +1 -1
  888. package/dist/lib/routes/parental-controls.d.ts +1 -1
  889. package/dist/lib/routes/parental-controls.d.ts.map +1 -1
  890. package/dist/lib/routes/parental-controls.js +91 -95
  891. package/dist/lib/routes/parental-controls.js.map +1 -1
  892. package/dist/lib/routes/posts.d.ts +1 -1
  893. package/dist/lib/routes/posts.d.ts.map +1 -1
  894. package/dist/lib/routes/posts.js +101 -105
  895. package/dist/lib/routes/posts.js.map +1 -1
  896. package/dist/lib/routes/privacy.d.ts +1 -1
  897. package/dist/lib/routes/privacy.d.ts.map +1 -1
  898. package/dist/lib/routes/privacy.js +21 -25
  899. package/dist/lib/routes/privacy.js.map +1 -1
  900. package/dist/lib/routes/products.d.ts +1 -1
  901. package/dist/lib/routes/products.d.ts.map +1 -1
  902. package/dist/lib/routes/products.js +44 -48
  903. package/dist/lib/routes/products.js.map +1 -1
  904. package/dist/lib/routes/relationships.d.ts +1 -1
  905. package/dist/lib/routes/relationships.d.ts.map +1 -1
  906. package/dist/lib/routes/relationships.js +35 -39
  907. package/dist/lib/routes/relationships.js.map +1 -1
  908. package/dist/lib/routes/sentiments.d.ts +1 -1
  909. package/dist/lib/routes/sentiments.d.ts.map +1 -1
  910. package/dist/lib/routes/sentiments.js +71 -75
  911. package/dist/lib/routes/sentiments.js.map +1 -1
  912. package/dist/lib/routes/setup-status.d.ts +1 -1
  913. package/dist/lib/routes/setup-status.d.ts.map +1 -1
  914. package/dist/lib/routes/setup-status.js +17 -20
  915. package/dist/lib/routes/setup-status.js.map +1 -1
  916. package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
  917. package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
  918. package/dist/lib/routes/taxonomy-analytics.js +29 -33
  919. package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
  920. package/dist/lib/routes/taxonomy.d.ts +1 -1
  921. package/dist/lib/routes/taxonomy.d.ts.map +1 -1
  922. package/dist/lib/routes/taxonomy.js +48 -51
  923. package/dist/lib/routes/taxonomy.js.map +1 -1
  924. package/dist/lib/routes/tenant-audit.d.ts +1 -1
  925. package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
  926. package/dist/lib/routes/tenant-audit.js +35 -92
  927. package/dist/lib/routes/tenant-audit.js.map +1 -1
  928. package/dist/lib/routes/tenant-compliance.d.ts +1 -1
  929. package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
  930. package/dist/lib/routes/tenant-compliance.js +16 -52
  931. package/dist/lib/routes/tenant-compliance.js.map +1 -1
  932. package/dist/lib/routes/tenant-domains.d.ts +1 -1
  933. package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
  934. package/dist/lib/routes/tenant-domains.js +27 -30
  935. package/dist/lib/routes/tenant-domains.js.map +1 -1
  936. package/dist/lib/routes/tenant-idp.d.ts +1 -1
  937. package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
  938. package/dist/lib/routes/tenant-idp.js +27 -30
  939. package/dist/lib/routes/tenant-idp.js.map +1 -1
  940. package/dist/lib/routes/tenant-members.d.ts +1 -1
  941. package/dist/lib/routes/tenant-members.d.ts.map +1 -1
  942. package/dist/lib/routes/tenant-members.js +21 -24
  943. package/dist/lib/routes/tenant-members.js.map +1 -1
  944. package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
  945. package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
  946. package/dist/lib/routes/tenant-role-mappings.js +27 -30
  947. package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
  948. package/dist/lib/routes/tenants.d.ts +1 -1
  949. package/dist/lib/routes/tenants.d.ts.map +1 -1
  950. package/dist/lib/routes/tenants.js +37 -40
  951. package/dist/lib/routes/tenants.js.map +1 -1
  952. package/dist/lib/routes/types.d.ts +10 -5
  953. package/dist/lib/routes/types.d.ts.map +1 -1
  954. package/dist/lib/routes/types.js +1 -2
  955. package/dist/lib/routes/types.js.map +1 -1
  956. package/dist/lib/routes/upload-sessions.d.ts +1 -1
  957. package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
  958. package/dist/lib/routes/upload-sessions.js +57 -94
  959. package/dist/lib/routes/upload-sessions.js.map +1 -1
  960. package/dist/lib/routes/user.d.ts +1 -1
  961. package/dist/lib/routes/user.d.ts.map +1 -1
  962. package/dist/lib/routes/user.js +137 -85
  963. package/dist/lib/routes/user.js.map +1 -1
  964. package/dist/lib/routes.d.ts +2 -2
  965. package/dist/lib/routes.d.ts.map +1 -1
  966. package/dist/lib/routes.js +2 -7
  967. package/dist/lib/routes.js.map +1 -1
  968. package/dist/lib/scaling-health.d.ts.map +1 -1
  969. package/dist/lib/scaling-health.js +6 -9
  970. package/dist/lib/scaling-health.js.map +1 -1
  971. package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
  972. package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
  973. package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
  974. package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
  975. package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
  976. package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
  977. package/dist/lib/schemas.d.ts +85 -204
  978. package/dist/lib/schemas.d.ts.map +1 -1
  979. package/dist/lib/schemas.js +71 -74
  980. package/dist/lib/schemas.js.map +1 -1
  981. package/dist/lib/secrets/idp-secrets.d.ts +1 -1
  982. package/dist/lib/secrets/idp-secrets.js +13 -19
  983. package/dist/lib/secrets/idp-secrets.js.map +1 -1
  984. package/dist/lib/security-event-cleaner.js +1 -5
  985. package/dist/lib/security-event-cleaner.js.map +1 -1
  986. package/dist/lib/security-headers.js +1 -5
  987. package/dist/lib/security-headers.js.map +1 -1
  988. package/dist/lib/security-monitor.d.ts +4 -2
  989. package/dist/lib/security-monitor.d.ts.map +1 -1
  990. package/dist/lib/security-monitor.js +16 -18
  991. package/dist/lib/security-monitor.js.map +1 -1
  992. package/dist/lib/sentiment-digest.d.ts +1 -1
  993. package/dist/lib/sentiment-digest.d.ts.map +1 -1
  994. package/dist/lib/sentiment-digest.js +5 -8
  995. package/dist/lib/sentiment-digest.js.map +1 -1
  996. package/dist/lib/sentiment-display.js +3 -7
  997. package/dist/lib/sentiment-display.js.map +1 -1
  998. package/dist/lib/services/image-normalizer.js +1 -5
  999. package/dist/lib/services/image-normalizer.js.map +1 -1
  1000. package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
  1001. package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
  1002. package/dist/lib/services/media-reconciliation-service.js +7 -11
  1003. package/dist/lib/services/media-reconciliation-service.js.map +1 -1
  1004. package/dist/lib/services/media-upload-service.d.ts +1 -1
  1005. package/dist/lib/services/media-upload-service.d.ts.map +1 -1
  1006. package/dist/lib/services/media-upload-service.js +4 -8
  1007. package/dist/lib/services/media-upload-service.js.map +1 -1
  1008. package/dist/lib/services/user-data-deletion.d.ts +45 -2
  1009. package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
  1010. package/dist/lib/services/user-data-deletion.js +87 -9
  1011. package/dist/lib/services/user-data-deletion.js.map +1 -1
  1012. package/dist/lib/session-awareness.js +2 -6
  1013. package/dist/lib/session-awareness.js.map +1 -1
  1014. package/dist/lib/session-config.js +8 -17
  1015. package/dist/lib/session-config.js.map +1 -1
  1016. package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
  1017. package/dist/lib/session-cookie.d.ts.map +1 -0
  1018. package/dist/lib/session-cookie.js +0 -0
  1019. package/dist/lib/session-cookie.js.map +1 -0
  1020. package/dist/lib/signup-metadata.d.ts +129 -0
  1021. package/dist/lib/signup-metadata.d.ts.map +1 -0
  1022. package/dist/lib/signup-metadata.js +127 -0
  1023. package/dist/lib/signup-metadata.js.map +1 -0
  1024. package/dist/lib/sso-auth-handler.js +1 -5
  1025. package/dist/lib/sso-auth-handler.js.map +1 -1
  1026. package/dist/lib/tag-suggestions-handler.d.ts +1 -1
  1027. package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
  1028. package/dist/lib/tag-suggestions-handler.js +1 -5
  1029. package/dist/lib/tag-suggestions-handler.js.map +1 -1
  1030. package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
  1031. package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
  1032. package/dist/lib/taxonomy-handler-factory.js +7 -10
  1033. package/dist/lib/taxonomy-handler-factory.js.map +1 -1
  1034. package/dist/lib/taxonomy-handler.d.ts +2 -2
  1035. package/dist/lib/taxonomy-handler.d.ts.map +1 -1
  1036. package/dist/lib/taxonomy-handler.js +8 -8
  1037. package/dist/lib/taxonomy-handler.js.map +1 -1
  1038. package/dist/lib/taxonomy-metrics.js +5 -9
  1039. package/dist/lib/taxonomy-metrics.js.map +1 -1
  1040. package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
  1041. package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
  1042. package/dist/lib/taxonomy-search-metrics.js +3 -7
  1043. package/dist/lib/taxonomy-search-metrics.js.map +1 -1
  1044. package/dist/lib/tenant/audit-emit.d.ts +18 -8
  1045. package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
  1046. package/dist/lib/tenant/audit-emit.js +50 -11
  1047. package/dist/lib/tenant/audit-emit.js.map +1 -1
  1048. package/dist/lib/tenant/derive-domain.js +1 -4
  1049. package/dist/lib/tenant/derive-domain.js.map +1 -1
  1050. package/dist/lib/tenant/domain-handler.d.ts +2 -2
  1051. package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
  1052. package/dist/lib/tenant/domain-handler.js +50 -62
  1053. package/dist/lib/tenant/domain-handler.js.map +1 -1
  1054. package/dist/lib/tenant/domain-validator.d.ts +1 -1
  1055. package/dist/lib/tenant/domain-validator.js +10 -13
  1056. package/dist/lib/tenant/domain-validator.js.map +1 -1
  1057. package/dist/lib/tenant/domain-verifier.d.ts +3 -3
  1058. package/dist/lib/tenant/domain-verifier.js +8 -11
  1059. package/dist/lib/tenant/domain-verifier.js.map +1 -1
  1060. package/dist/lib/tenant/idp-handler.d.ts +4 -4
  1061. package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
  1062. package/dist/lib/tenant/idp-handler.js +45 -82
  1063. package/dist/lib/tenant/idp-handler.js.map +1 -1
  1064. package/dist/lib/tenant/idp-name.js +1 -4
  1065. package/dist/lib/tenant/idp-name.js.map +1 -1
  1066. package/dist/lib/tenant/member-handler.d.ts +2 -2
  1067. package/dist/lib/tenant/member-handler.d.ts.map +1 -1
  1068. package/dist/lib/tenant/member-handler.js +30 -67
  1069. package/dist/lib/tenant/member-handler.js.map +1 -1
  1070. package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
  1071. package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
  1072. package/dist/lib/tenant/reserved-slugs.js +8 -14
  1073. package/dist/lib/tenant/reserved-slugs.js.map +1 -1
  1074. package/dist/lib/tenant/resolve-role.js +1 -4
  1075. package/dist/lib/tenant/resolve-role.js.map +1 -1
  1076. package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
  1077. package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
  1078. package/dist/lib/tenant/role-mapping-handler.js +24 -61
  1079. package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
  1080. package/dist/lib/tenant/setup-status.d.ts +1 -1
  1081. package/dist/lib/tenant/setup-status.d.ts.map +1 -1
  1082. package/dist/lib/tenant/setup-status.js +3 -40
  1083. package/dist/lib/tenant/setup-status.js.map +1 -1
  1084. package/dist/lib/tenant/slug-validator.js +3 -6
  1085. package/dist/lib/tenant/slug-validator.js.map +1 -1
  1086. package/dist/lib/tenant/tenant-handler.d.ts +2 -2
  1087. package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
  1088. package/dist/lib/tenant/tenant-handler.js +31 -68
  1089. package/dist/lib/tenant/tenant-handler.js.map +1 -1
  1090. package/dist/lib/tenant/transfer-ownership.js +2 -6
  1091. package/dist/lib/tenant/transfer-ownership.js.map +1 -1
  1092. package/dist/lib/tenant-scope.d.ts +97 -0
  1093. package/dist/lib/tenant-scope.d.ts.map +1 -0
  1094. package/dist/lib/tenant-scope.js +270 -0
  1095. package/dist/lib/tenant-scope.js.map +1 -0
  1096. package/dist/lib/terminology.d.ts.map +1 -1
  1097. package/dist/lib/terminology.js +7 -9
  1098. package/dist/lib/terminology.js.map +1 -1
  1099. package/dist/lib/theme.js +2 -6
  1100. package/dist/lib/theme.js.map +1 -1
  1101. package/dist/lib/threat-intel-service.d.ts +2 -2
  1102. package/dist/lib/threat-intel-service.d.ts.map +1 -1
  1103. package/dist/lib/threat-intel-service.js +3 -7
  1104. package/dist/lib/threat-intel-service.js.map +1 -1
  1105. package/dist/lib/types/media-reconciliation.js +1 -2
  1106. package/dist/lib/types/media-reconciliation.js.map +1 -1
  1107. package/dist/lib/upload-session-handler.d.ts +1 -1
  1108. package/dist/lib/upload-session-handler.d.ts.map +1 -1
  1109. package/dist/lib/upload-session-handler.js +13 -50
  1110. package/dist/lib/upload-session-handler.js.map +1 -1
  1111. package/dist/lib/user/derive-handle.js +2 -6
  1112. package/dist/lib/user/derive-handle.js.map +1 -1
  1113. package/dist/lib/user-badge.js +6 -14
  1114. package/dist/lib/user-badge.js.map +1 -1
  1115. package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
  1116. package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
  1117. package/dist/lib/user-deletion-handler-enhanced.js +16 -53
  1118. package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
  1119. package/dist/lib/user-deprovisioning.d.ts +1 -1
  1120. package/dist/lib/user-deprovisioning.d.ts.map +1 -1
  1121. package/dist/lib/user-deprovisioning.js +16 -20
  1122. package/dist/lib/user-deprovisioning.js.map +1 -1
  1123. package/dist/lib/user-export-handler.d.ts +4 -4
  1124. package/dist/lib/user-export-handler.d.ts.map +1 -1
  1125. package/dist/lib/user-export-handler.js +11 -15
  1126. package/dist/lib/user-export-handler.js.map +1 -1
  1127. package/dist/lib/validate-request.js +8 -13
  1128. package/dist/lib/validate-request.js.map +1 -1
  1129. package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
  1130. package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
  1131. package/dist/lib/validation/feature-toggle-schemas.js +50 -59
  1132. package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
  1133. package/dist/lib/validation/validate-request.d.ts.map +1 -1
  1134. package/dist/lib/validation/validate-request.js +12 -23
  1135. package/dist/lib/validation/validate-request.js.map +1 -1
  1136. package/dist/lib/validation.js +1 -5
  1137. package/dist/lib/validation.js.map +1 -1
  1138. package/dist/lib/version.js +3 -8
  1139. package/dist/lib/version.js.map +1 -1
  1140. package/dist/server.d.ts +1 -1
  1141. package/dist/server.d.ts.map +1 -1
  1142. package/dist/server.js +29 -69
  1143. package/dist/server.js.map +1 -1
  1144. package/dist/types/cloudflare-compat.d.ts +3 -93
  1145. package/dist/types/cloudflare-compat.d.ts.map +1 -1
  1146. package/dist/types/cloudflare-compat.js +1 -2
  1147. package/dist/types/cloudflare-compat.js.map +1 -1
  1148. package/dist/worker.d.ts +6 -6
  1149. package/dist/worker.d.ts.map +1 -1
  1150. package/dist/worker.js +6 -13
  1151. package/dist/worker.js.map +1 -1
  1152. package/package.json +30 -17
  1153. package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
  1154. package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
  1155. package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
  1156. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
  1157. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
  1158. package/prisma/schema.prisma +419 -68
  1159. package/src/lambda/cleanup-cron.ts +10 -7
  1160. package/src/lambda/create-auth-challenge.ts +6 -3
  1161. package/src/lambda/delete-account-worker.ts +17 -12
  1162. package/src/lambda/diagnostics-proxy.ts +9 -6
  1163. package/src/lambda/e2e-sweeper.ts +17 -23
  1164. package/src/lambda/federation-outbox-worker.ts +4 -1
  1165. package/src/lambda/followers-events-worker.ts +4 -1
  1166. package/src/lambda/hourly-cron.ts +112 -20
  1167. package/src/lambda/link-check-worker.ts +4 -1
  1168. package/src/lambda/maintenance-cron.ts +24 -13
  1169. package/src/lambda/media-processing-worker.ts +5 -2
  1170. package/src/lambda/media-reconciliation-worker.ts +4 -1
  1171. package/src/lambda/nightly-cron.ts +53 -54
  1172. package/src/lambda/post-confirmation.ts +188 -62
  1173. package/src/lambda/pre-token-generation.ts +39 -44
  1174. package/src/lambda/verify-auth-challenge.ts +4 -1
  1175. package/dist/lib/audit/emit.d.ts +0 -56
  1176. package/dist/lib/audit/emit.d.ts.map +0 -1
  1177. package/dist/lib/audit/emit.js +0 -124
  1178. package/dist/lib/audit/emit.js.map +0 -1
  1179. package/dist/lib/audit/event-types.d.ts +0 -36
  1180. package/dist/lib/audit/event-types.d.ts.map +0 -1
  1181. package/dist/lib/audit/event-types.js +0 -69
  1182. package/dist/lib/audit/event-types.js.map +0 -1
  1183. package/dist/lib/audit-logger.d.ts +0 -142
  1184. package/dist/lib/audit-logger.d.ts.map +0 -1
  1185. package/dist/lib/audit-logger.js +0 -326
  1186. package/dist/lib/audit-logger.js.map +0 -1
  1187. package/dist/lib/circuit-breaker.d.ts +0 -27
  1188. package/dist/lib/circuit-breaker.d.ts.map +0 -1
  1189. package/dist/lib/circuit-breaker.js +0 -63
  1190. package/dist/lib/circuit-breaker.js.map +0 -1
  1191. package/dist/lib/graph/dual-write-service.d.ts +0 -116
  1192. package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
  1193. package/dist/lib/graph/dual-write-service.js +0 -332
  1194. package/dist/lib/graph/dual-write-service.js.map +0 -1
  1195. package/dist/lib/graph/dual-write.d.ts +0 -396
  1196. package/dist/lib/graph/dual-write.d.ts.map +0 -1
  1197. package/dist/lib/graph/dual-write.js +0 -53
  1198. package/dist/lib/graph/dual-write.js.map +0 -1
  1199. package/dist/lib/graph/graph-schema-init.d.ts +0 -31
  1200. package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
  1201. package/dist/lib/graph/graph-schema-init.js +0 -105
  1202. package/dist/lib/graph/graph-schema-init.js.map +0 -1
  1203. package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
  1204. package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
  1205. package/dist/lib/graph/neo4j-graph-service.js +0 -1625
  1206. package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
  1207. package/dist/lib/graph/reconciliation-service.d.ts +0 -113
  1208. package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
  1209. package/dist/lib/graph/reconciliation-service.js +0 -533
  1210. package/dist/lib/graph/reconciliation-service.js.map +0 -1
  1211. package/dist/lib/id-generator.d.ts +0 -29
  1212. package/dist/lib/id-generator.d.ts.map +0 -1
  1213. package/dist/lib/id-generator.js +0 -51
  1214. package/dist/lib/id-generator.js.map +0 -1
  1215. package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
  1216. package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
  1217. package/dist/lib/kv/dynamodb-kv.js +0 -239
  1218. package/dist/lib/kv/dynamodb-kv.js.map +0 -1
  1219. package/dist/lib/queue/sqs-queue.d.ts +0 -16
  1220. package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
  1221. package/dist/lib/queue/sqs-queue.js +0 -39
  1222. package/dist/lib/queue/sqs-queue.js.map +0 -1
  1223. package/dist/lib/route-matcher.d.ts +0 -24
  1224. package/dist/lib/route-matcher.d.ts.map +0 -1
  1225. package/dist/lib/route-matcher.js +0 -96
  1226. package/dist/lib/route-matcher.js.map +0 -1
  1227. package/dist/lib/router.d.ts +0 -26
  1228. package/dist/lib/router.d.ts.map +0 -1
  1229. package/dist/lib/router.js +0 -90
  1230. package/dist/lib/router.js.map +0 -1
  1231. package/dist/lib/routes-all.d.ts +0 -9
  1232. package/dist/lib/routes-all.d.ts.map +0 -1
  1233. package/dist/lib/routes-all.js +0 -170
  1234. package/dist/lib/routes-all.js.map +0 -1
  1235. package/dist/lib/secret-resolver.d.ts +0 -88
  1236. package/dist/lib/secret-resolver.d.ts.map +0 -1
  1237. package/dist/lib/secret-resolver.js +0 -183
  1238. package/dist/lib/secret-resolver.js.map +0 -1
  1239. package/dist/lib/session-manager.d.ts.map +0 -1
  1240. package/dist/lib/session-manager.js +0 -492
  1241. package/dist/lib/session-manager.js.map +0 -1
  1242. package/dist/lib/storage/s3-storage.d.ts +0 -29
  1243. package/dist/lib/storage/s3-storage.d.ts.map +0 -1
  1244. package/dist/lib/storage/s3-storage.js +0 -135
  1245. package/dist/lib/storage/s3-storage.js.map +0 -1
  1246. package/dist/lib/tenant-context.d.ts +0 -35
  1247. package/dist/lib/tenant-context.d.ts.map +0 -1
  1248. package/dist/lib/tenant-context.js +0 -54
  1249. package/dist/lib/tenant-context.js.map +0 -1
@@ -23,33 +23,40 @@ import type {
23
23
  PreTokenGenerationV2TriggerEvent,
24
24
  PreTokenGenerationV2TriggerHandler,
25
25
  } from "aws-lambda";
26
- import { SecretsManagerClient, GetSecretValueCommand } from "@aws-sdk/client-secrets-manager";
26
+ import { Logger } from "@aws-lambda-powertools/logger";
27
+ import { getSecret } from "@aws-lambda-powertools/parameters/secrets";
28
+ import { PrismaPg } from "@prisma/adapter-pg";
27
29
  import { PrismaClient, type TenantRole } from "@prisma/client";
28
30
  import {
29
31
  ClaimsCache,
30
32
  createClaimsCacheFromEnv,
31
33
  DEFAULT_CACHE_TTL_SECONDS,
32
34
  type CachedClaims,
33
- } from "../lib/auth/claims-cache";
34
- import { resolveTenantRole, type RoleMappingInput } from "../lib/tenant/resolve-role";
35
+ } from "../lib/auth/claims-cache.js";
36
+ import { resolveTenantRole, type RoleMappingInput } from "../lib/tenant/resolve-role.js";
35
37
 
36
- const secretsClient = new SecretsManagerClient({ region: process.env.AWS_REGION });
38
+ const logger = new Logger({ serviceName: "pre-token-generation" });
37
39
  let prisma: PrismaClient | null = null;
38
40
  let cache: ClaimsCache | null = null;
39
41
 
40
42
  async function getPrisma(): Promise<PrismaClient> {
41
43
  if (prisma) return prisma;
42
- const secret = await secretsClient.send(
43
- new GetSecretValueCommand({ SecretId: process.env.DB_SECRET_ARN! }),
44
- );
45
- const { username, password, host, port, dbname } = JSON.parse(secret.SecretString!);
46
- prisma = new PrismaClient({
47
- datasources: {
48
- db: {
49
- url: `postgresql://${username}:${encodeURIComponent(password)}@${host}:${port}/${dbname}?connection_limit=1`,
50
- },
51
- },
44
+ const { username, password, host, port, dbname } = (await getSecret(
45
+ process.env.DB_SECRET_ARN!,
46
+ { transform: "json" },
47
+ )) as unknown as {
48
+ username: string;
49
+ password: string;
50
+ host: string;
51
+ port: string | number;
52
+ dbname: string;
53
+ };
54
+ // Prisma 7 removed the `datasources` constructor option; the connection URL
55
+ // is now supplied via a driver adapter.
56
+ const adapter = new PrismaPg({
57
+ connectionString: `postgresql://${username}:${encodeURIComponent(password)}@${host}:${port}/${dbname}?connection_limit=1`,
52
58
  });
59
+ prisma = new PrismaClient({ adapter });
53
60
  return prisma;
54
61
  }
55
62
 
@@ -213,18 +220,15 @@ export const handler: PreTokenGenerationV2TriggerHandler = async (event) => {
213
220
  try {
214
221
  preferredTenantId = await claimsCache.getActiveTenantPreference(cognitoSub);
215
222
  } catch (err) {
216
- console.warn(
217
- JSON.stringify({
218
- event: "pretoken.preference_lookup_failed",
219
- cognitoSub,
220
- error: (err as { code?: string })?.code ?? "unknown",
221
- }),
222
- );
223
+ logger.warn("pretoken.preference_lookup_failed", {
224
+ cognitoSub,
225
+ error: (err as { code?: string })?.code ?? "unknown",
226
+ });
223
227
  }
224
228
  const loaded = await loadFromRds(db, cognitoSub, federated, preferredTenantId);
225
229
 
226
230
  if (!loaded.user) {
227
- console.warn(JSON.stringify({ event: "pretoken.drift", cognitoSub }));
231
+ logger.warn("pretoken.drift", { cognitoSub });
228
232
  claims = { ...DRIFT_CLAIMS };
229
233
  writeAccessTokenClaims(event, claims);
230
234
  return event;
@@ -235,7 +239,7 @@ export const handler: PreTokenGenerationV2TriggerHandler = async (event) => {
235
239
  // value when present). Treat either signal as suspension. Defense-in-depth:
236
240
  // even if a writer forgets one column, the other still blocks issuance.
237
241
  if (loaded.user.suspended || loaded.user.suspendedAt !== null) {
238
- console.warn(JSON.stringify({ event: "pretoken.suspended", cognitoSub }));
242
+ logger.warn("pretoken.suspended", { cognitoSub });
239
243
  claims = { ...DRIFT_CLAIMS };
240
244
  writeAccessTokenClaims(event, claims);
241
245
  return event;
@@ -274,34 +278,25 @@ export const handler: PreTokenGenerationV2TriggerHandler = async (event) => {
274
278
  });
275
279
  persisted = true;
276
280
  } catch (err) {
277
- console.warn(
278
- JSON.stringify({
279
- event: "pretoken.role_refresh_persist_failed",
280
- cognitoSub,
281
- error: (err as { code?: string })?.code ?? "unknown",
282
- }),
283
- );
281
+ logger.warn("pretoken.role_refresh_persist_failed", {
282
+ cognitoSub,
283
+ error: (err as { code?: string })?.code ?? "unknown",
284
+ });
284
285
  }
285
286
  if (persisted) {
286
287
  claims = { ...claims, tenantRole: refreshed };
287
288
  cacheHit = false;
288
- console.log(
289
- JSON.stringify({
290
- event: "pretoken.role_refreshed",
291
- cognitoSub,
292
- tenantId: claims.activeTenantId,
293
- }),
294
- );
289
+ logger.info("pretoken.role_refreshed", {
290
+ cognitoSub,
291
+ tenantId: claims.activeTenantId,
292
+ });
295
293
  }
296
294
  }
297
295
  } catch (err) {
298
- console.warn(
299
- JSON.stringify({
300
- event: "pretoken.role_refresh_failed",
301
- cognitoSub,
302
- error: (err as { code?: string }).code ?? "unknown",
303
- }),
304
- );
296
+ logger.warn("pretoken.role_refresh_failed", {
297
+ cognitoSub,
298
+ error: (err as { code?: string }).code ?? "unknown",
299
+ });
305
300
  }
306
301
  }
307
302
 
@@ -1,5 +1,8 @@
1
1
  import { timingSafeEqual, createHash } from "node:crypto";
2
2
  import { DynamoDBClient, DeleteItemCommand } from "@aws-sdk/client-dynamodb";
3
+ import { Logger } from "@aws-lambda-powertools/logger";
4
+
5
+ const logger = new Logger({ serviceName: "verify-auth-challenge" });
3
6
 
4
7
  const dynamo = new DynamoDBClient({ region: process.env.AWS_REGION });
5
8
  const TABLE = process.env.DYNAMODB_TABLE!;
@@ -29,7 +32,7 @@ export const handler = async (event: any) => {
29
32
  },
30
33
  }));
31
34
  } catch (err) {
32
- console.error("Failed to delete magic link token", err);
35
+ logger.error("Failed to delete magic link token", { error: err });
33
36
  }
34
37
  }
35
38
 
@@ -1,56 +0,0 @@
1
- /**
2
- * AuditEventEmitter
3
- *
4
- * Writes structured audit events to CloudWatch Logs and Postgres security_events.
5
- * Emission is non-blocking — callers do `void emitter.emit(...)`.
6
- * CloudWatch failures fall back to a console.error "audit-fallback" line that
7
- * ops can grep from the log stream.
8
- */
9
- import { CloudWatchLogsClient } from "@aws-sdk/client-cloudwatch-logs";
10
- import type { AuditEventType } from "./event-types";
11
- export interface AuditEmitInput {
12
- type: AuditEventType;
13
- tenantId: string;
14
- actorUserId: string;
15
- payload: Record<string, unknown>;
16
- /** Source IP — will be anonymised to /24 before storage. */
17
- sourceIp?: string;
18
- /** Present when the request was made through an agent session (T9b). */
19
- agentSessionId?: string;
20
- }
21
- export interface AuditRecord {
22
- eventId: string;
23
- type: AuditEventType;
24
- tenantId: string;
25
- actorUserId: string;
26
- payload: Record<string, unknown>;
27
- sourceIp: string;
28
- agentSessionId: string | null;
29
- createdAt: Date;
30
- }
31
- export declare class AuditEventEmitter {
32
- private readonly cwClient;
33
- constructor(cwClient?: CloudWatchLogsClient);
34
- /**
35
- * Emit an audit event. Returns a promise but callers should fire-and-forget
36
- * via `void emitter.emit(...)` — the handler must not await this.
37
- */
38
- emit(input: AuditEmitInput, dbClient: {
39
- securityEvent: {
40
- create: (args: {
41
- data: {
42
- type: string;
43
- severity: string;
44
- tenantId: string;
45
- userId: string;
46
- ipAddress: string;
47
- details: string;
48
- retentionUntil: Date;
49
- };
50
- }) => Promise<unknown>;
51
- };
52
- }): Promise<void>;
53
- private _writeToCloudWatch;
54
- private _writeToPostgres;
55
- }
56
- //# sourceMappingURL=emit.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"emit.d.ts","sourceRoot":"","sources":["../../../src/lib/audit/emit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,oBAAoB,EAErB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGpD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,cAAc,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,cAAc,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,SAAS,EAAE,IAAI,CAAC;CACjB;AAOD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAuB;gBAEpC,QAAQ,CAAC,EAAE,oBAAoB;IAQ3C;;;OAGG;IACG,IAAI,CACR,KAAK,EAAE,cAAc,EACrB,QAAQ,EAAE;QACR,aAAa,EAAE;YACb,MAAM,EAAE,CAAC,IAAI,EAAE;gBACb,IAAI,EAAE;oBACJ,IAAI,EAAE,MAAM,CAAC;oBACb,QAAQ,EAAE,MAAM,CAAC;oBACjB,QAAQ,EAAE,MAAM,CAAC;oBACjB,MAAM,EAAE,MAAM,CAAC;oBACf,SAAS,EAAE,MAAM,CAAC;oBAClB,OAAO,EAAE,MAAM,CAAC;oBAChB,cAAc,EAAE,IAAI,CAAC;iBACtB,CAAC;aACH,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;SACxB,CAAC;KACH,GACA,OAAO,CAAC,IAAI,CAAC;YA0CF,kBAAkB;YAmClB,gBAAgB;CA4C/B"}
@@ -1,124 +0,0 @@
1
- "use strict";
2
- /**
3
- * AuditEventEmitter
4
- *
5
- * Writes structured audit events to CloudWatch Logs and Postgres security_events.
6
- * Emission is non-blocking — callers do `void emitter.emit(...)`.
7
- * CloudWatch failures fall back to a console.error "audit-fallback" line that
8
- * ops can grep from the log stream.
9
- */
10
- Object.defineProperty(exports, "__esModule", { value: true });
11
- exports.AuditEventEmitter = void 0;
12
- const client_cloudwatch_logs_1 = require("@aws-sdk/client-cloudwatch-logs");
13
- const crypto_1 = require("crypto");
14
- const pii_filter_1 = require("./pii-filter");
15
- function getLogGroup() {
16
- const stage = process.env.STAGE ?? "dev";
17
- return process.env.AUDIT_LOG_GROUP ?? `/skybber/${stage}/audit-events`;
18
- }
19
- class AuditEventEmitter {
20
- cwClient;
21
- constructor(cwClient) {
22
- this.cwClient =
23
- cwClient ??
24
- new client_cloudwatch_logs_1.CloudWatchLogsClient({
25
- region: process.env.AWS_REGION ?? "eu-central-1",
26
- });
27
- }
28
- /**
29
- * Emit an audit event. Returns a promise but callers should fire-and-forget
30
- * via `void emitter.emit(...)` — the handler must not await this.
31
- */
32
- async emit(input, dbClient) {
33
- const eventId = (0, crypto_1.randomUUID)();
34
- const createdAt = new Date();
35
- const anonymisedIp = input.sourceIp ? (0, pii_filter_1.anonymizeIp)(input.sourceIp) : "unknown";
36
- const { filtered, droppedCount } = (0, pii_filter_1.filterPayload)({
37
- ...input.payload,
38
- tenantId: input.tenantId,
39
- actorUserId: input.actorUserId,
40
- sourceIp: anonymisedIp,
41
- ...(input.agentSessionId ? { agentSessionId: input.agentSessionId } : {}),
42
- });
43
- if (droppedCount > 0) {
44
- console.error(JSON.stringify({
45
- level: "warn",
46
- tag: "audit-pii-filter",
47
- eventId,
48
- type: input.type,
49
- droppedCount,
50
- }));
51
- }
52
- const record = {
53
- eventId,
54
- type: input.type,
55
- tenantId: input.tenantId,
56
- actorUserId: input.actorUserId,
57
- payload: filtered,
58
- sourceIp: anonymisedIp,
59
- agentSessionId: input.agentSessionId ?? null,
60
- createdAt,
61
- };
62
- await Promise.all([
63
- this._writeToCloudWatch(record),
64
- this._writeToPostgres(record, dbClient),
65
- ]);
66
- }
67
- async _writeToCloudWatch(record) {
68
- const logGroup = getLogGroup();
69
- const logStream = `audit-${record.tenantId}`;
70
- const message = JSON.stringify(record);
71
- try {
72
- await this.cwClient.send(new client_cloudwatch_logs_1.PutLogEventsCommand({
73
- logGroupName: logGroup,
74
- logStreamName: logStream,
75
- logEvents: [
76
- {
77
- timestamp: record.createdAt.getTime(),
78
- message,
79
- },
80
- ],
81
- }));
82
- }
83
- catch (err) {
84
- console.error(JSON.stringify({
85
- level: "error",
86
- tag: "audit-fallback",
87
- eventId: record.eventId,
88
- type: record.type,
89
- tenantId: record.tenantId,
90
- actorUserId: record.actorUserId,
91
- createdAt: record.createdAt.toISOString(),
92
- payload: record.payload,
93
- cwError: err instanceof Error ? err.message : String(err),
94
- }));
95
- }
96
- }
97
- async _writeToPostgres(record, db) {
98
- const retentionUntil = new Date(record.createdAt);
99
- retentionUntil.setDate(retentionUntil.getDate() + 30);
100
- try {
101
- await db.securityEvent.create({
102
- data: {
103
- type: record.type,
104
- severity: "medium",
105
- tenantId: record.tenantId,
106
- userId: record.actorUserId,
107
- ipAddress: record.sourceIp,
108
- details: JSON.stringify({ ...record.payload, eventId: record.eventId }),
109
- retentionUntil,
110
- },
111
- });
112
- }
113
- catch (err) {
114
- console.error(JSON.stringify({
115
- level: "error",
116
- tag: "audit-fallback",
117
- eventId: record.eventId,
118
- pgError: err instanceof Error ? err.message : String(err),
119
- }));
120
- }
121
- }
122
- }
123
- exports.AuditEventEmitter = AuditEventEmitter;
124
- //# sourceMappingURL=emit.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"emit.js","sourceRoot":"","sources":["../../../src/lib/audit/emit.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,4EAGyC;AACzC,mCAAoC;AAEpC,6CAA0D;AAwB1D,SAAS,WAAW;IAClB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,KAAK,CAAC;IACzC,OAAO,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,YAAY,KAAK,eAAe,CAAC;AACzE,CAAC;AAED,MAAa,iBAAiB;IACX,QAAQ,CAAuB;IAEhD,YAAY,QAA+B;QACzC,IAAI,CAAC,QAAQ;YACX,QAAQ;gBACR,IAAI,6CAAoB,CAAC;oBACvB,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,cAAc;iBACjD,CAAC,CAAC;IACP,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CACR,KAAqB,EACrB,QAcC;QAED,MAAM,OAAO,GAAG,IAAA,mBAAU,GAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAA,wBAAW,EAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE9E,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,IAAA,0BAAa,EAAC;YAC/C,GAAG,KAAK,CAAC,OAAO;YAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,YAAY;YACtB,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1E,CAAC,CAAC;QAEH,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,KAAK,CACX,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,MAAM;gBACb,GAAG,EAAE,kBAAkB;gBACvB,OAAO;gBACP,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,YAAY;aACb,CAAC,CACH,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAgB;YAC1B,OAAO;YACP,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,OAAO,EAAE,QAAQ;YACjB,QAAQ,EAAE,YAAY;YACtB,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,IAAI;YAC5C,SAAS;SACV,CAAC;QAEF,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC;YAC/B,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,QAAQ,CAAC;SACxC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,MAAmB;QAClD,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,SAAS,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAEvC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CACtB,IAAI,4CAAmB,CAAC;gBACtB,YAAY,EAAE,QAAQ;gBACtB,aAAa,EAAE,SAAS;gBACxB,SAAS,EAAE;oBACT;wBACE,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;wBACrC,OAAO;qBACR;iBACF;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CACX,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,OAAO;gBACd,GAAG,EAAE,gBAAgB;gBACrB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE;gBACzC,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aAC1D,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,MAAmB,EACnB,EAcC;QAED,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAClD,cAAc,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;QAEtD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBAC5B,IAAI,EAAE;oBACJ,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,MAAM,EAAE,MAAM,CAAC,WAAW;oBAC1B,SAAS,EAAE,MAAM,CAAC,QAAQ;oBAC1B,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;oBACvE,cAAc;iBACf;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CACX,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,OAAO;gBACd,GAAG,EAAE,gBAAgB;gBACrB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aAC1D,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAzJD,8CAyJC"}
@@ -1,36 +0,0 @@
1
- /**
2
- * Audit Event Types
3
- *
4
- * Canonical catalog of all identity-federation audit events.
5
- * Every AuditEventType emitted by a handler must appear here.
6
- */
7
- export declare const AuditEventType: {
8
- readonly TENANT_CREATED: "tenant.created";
9
- readonly TENANT_MEMBER_INVITED: "tenant.member.invited";
10
- readonly TENANT_MEMBER_JOINED: "tenant.member.joined";
11
- readonly TENANT_MEMBER_ROLE_CHANGED: "tenant.member.role_changed";
12
- readonly TENANT_MEMBER_REMOVED: "tenant.member.removed";
13
- readonly TENANT_DOMAIN_ADDED: "tenant.domain.added";
14
- readonly TENANT_DOMAIN_VERIFIED: "tenant.domain.verified";
15
- readonly TENANT_IDP_CONNECTED: "tenant.idp.connected";
16
- readonly TENANT_IDP_MODIFIED: "tenant.idp.modified";
17
- readonly TENANT_IDP_DISABLED: "tenant.idp.disabled";
18
- readonly TENANT_IDP_DELETED: "tenant.idp.deleted";
19
- readonly TENANT_ROLE_MAPPING_ADDED: "tenant.role_mapping.added";
20
- readonly TENANT_ROLE_MAPPING_REMOVED: "tenant.role_mapping.removed";
21
- readonly TENANT_FEDERATED_LOGIN_SUCCESS: "tenant.federated_login.success";
22
- readonly TENANT_FEDERATED_LOGIN_DENIED: "tenant.federated_login.denied";
23
- readonly TENANT_ROLE_REFRESHED_JIT: "tenant.role.refreshed_jit";
24
- readonly TENANT_OWNERSHIP_TRANSFERRED: "tenant.ownership_transferred";
25
- readonly TENANT_UPDATED: "tenant.updated";
26
- readonly AUTH_AGENT_SESSION_APPROVED: "auth.agent_session.approved";
27
- readonly AUTH_AGENT_SESSION_REVOKED: "auth.agent_session.revoked";
28
- readonly AUTH_REFRESH_REPLAY: "auth.refresh_replay";
29
- };
30
- export type AuditEventType = (typeof AuditEventType)[keyof typeof AuditEventType];
31
- /**
32
- * Per-type allowed payload field names (allowlist).
33
- * Populated by the PII filter — anything outside this set is redacted.
34
- */
35
- export declare const PII_ALLOWED_FIELDS: Set<string>;
36
- //# sourceMappingURL=event-types.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"event-types.d.ts","sourceRoot":"","sources":["../../../src/lib/audit/event-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;CAsBjB,CAAC;AAEX,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,OAAO,cAAc,CAAC,CAAC;AAElF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,aA+B7B,CAAC"}
@@ -1,69 +0,0 @@
1
- "use strict";
2
- /**
3
- * Audit Event Types
4
- *
5
- * Canonical catalog of all identity-federation audit events.
6
- * Every AuditEventType emitted by a handler must appear here.
7
- */
8
- Object.defineProperty(exports, "__esModule", { value: true });
9
- exports.PII_ALLOWED_FIELDS = exports.AuditEventType = void 0;
10
- exports.AuditEventType = {
11
- TENANT_CREATED: "tenant.created",
12
- TENANT_MEMBER_INVITED: "tenant.member.invited",
13
- TENANT_MEMBER_JOINED: "tenant.member.joined",
14
- TENANT_MEMBER_ROLE_CHANGED: "tenant.member.role_changed",
15
- TENANT_MEMBER_REMOVED: "tenant.member.removed",
16
- TENANT_DOMAIN_ADDED: "tenant.domain.added",
17
- TENANT_DOMAIN_VERIFIED: "tenant.domain.verified",
18
- TENANT_IDP_CONNECTED: "tenant.idp.connected",
19
- TENANT_IDP_MODIFIED: "tenant.idp.modified",
20
- TENANT_IDP_DISABLED: "tenant.idp.disabled",
21
- TENANT_IDP_DELETED: "tenant.idp.deleted",
22
- TENANT_ROLE_MAPPING_ADDED: "tenant.role_mapping.added",
23
- TENANT_ROLE_MAPPING_REMOVED: "tenant.role_mapping.removed",
24
- TENANT_FEDERATED_LOGIN_SUCCESS: "tenant.federated_login.success",
25
- TENANT_FEDERATED_LOGIN_DENIED: "tenant.federated_login.denied",
26
- TENANT_ROLE_REFRESHED_JIT: "tenant.role.refreshed_jit",
27
- TENANT_OWNERSHIP_TRANSFERRED: "tenant.ownership_transferred",
28
- TENANT_UPDATED: "tenant.updated",
29
- AUTH_AGENT_SESSION_APPROVED: "auth.agent_session.approved",
30
- AUTH_AGENT_SESSION_REVOKED: "auth.agent_session.revoked",
31
- AUTH_REFRESH_REPLAY: "auth.refresh_replay",
32
- };
33
- /**
34
- * Per-type allowed payload field names (allowlist).
35
- * Populated by the PII filter — anything outside this set is redacted.
36
- */
37
- exports.PII_ALLOWED_FIELDS = new Set([
38
- "tenantId",
39
- "actorUserId",
40
- "targetUserId",
41
- "targetType",
42
- "oldRole",
43
- "newRole",
44
- "domain",
45
- "idpStatus",
46
- "idpKind",
47
- "issuer",
48
- "idpGroup",
49
- "role",
50
- "source",
51
- "reason",
52
- "verificationMethod",
53
- "changedAttributes",
54
- "sourceIp",
55
- "agentSessionId",
56
- "slug",
57
- "displayName",
58
- "type",
59
- "agentLabel",
60
- "userAgent",
61
- // G4 MEDIUM-6/N2: `deviceCodeHash` was previously written into
62
- // AUTH_AGENT_SESSION_APPROVED audit payloads and could act as a
63
- // confirmation oracle if a raw device_code ever leaked elsewhere.
64
- // Removed from the allow-list so a future regression that re-adds
65
- // the field would fail the audit-emit allow-list check.
66
- "refreshJti",
67
- "cognitoUserId",
68
- ]);
69
- //# sourceMappingURL=event-types.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"event-types.js","sourceRoot":"","sources":["../../../src/lib/audit/event-types.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,cAAc,GAAG;IAC5B,cAAc,EAAE,gBAAgB;IAChC,qBAAqB,EAAE,uBAAuB;IAC9C,oBAAoB,EAAE,sBAAsB;IAC5C,0BAA0B,EAAE,4BAA4B;IACxD,qBAAqB,EAAE,uBAAuB;IAC9C,mBAAmB,EAAE,qBAAqB;IAC1C,sBAAsB,EAAE,wBAAwB;IAChD,oBAAoB,EAAE,sBAAsB;IAC5C,mBAAmB,EAAE,qBAAqB;IAC1C,mBAAmB,EAAE,qBAAqB;IAC1C,kBAAkB,EAAE,oBAAoB;IACxC,yBAAyB,EAAE,2BAA2B;IACtD,2BAA2B,EAAE,6BAA6B;IAC1D,8BAA8B,EAAE,gCAAgC;IAChE,6BAA6B,EAAE,+BAA+B;IAC9D,yBAAyB,EAAE,2BAA2B;IACtD,4BAA4B,EAAE,8BAA8B;IAC5D,cAAc,EAAE,gBAAgB;IAChC,2BAA2B,EAAE,6BAA6B;IAC1D,0BAA0B,EAAE,4BAA4B;IACxD,mBAAmB,EAAE,qBAAqB;CAClC,CAAC;AAIX;;;GAGG;AACU,QAAA,kBAAkB,GAAG,IAAI,GAAG,CAAS;IAChD,UAAU;IACV,aAAa;IACb,cAAc;IACd,YAAY;IACZ,SAAS;IACT,SAAS;IACT,QAAQ;IACR,WAAW;IACX,SAAS;IACT,QAAQ;IACR,UAAU;IACV,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,oBAAoB;IACpB,mBAAmB;IACnB,UAAU;IACV,gBAAgB;IAChB,MAAM;IACN,aAAa;IACb,MAAM;IACN,YAAY;IACZ,WAAW;IACX,+DAA+D;IAC/D,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,wDAAwD;IACxD,YAAY;IACZ,eAAe;CAChB,CAAC,CAAC"}
@@ -1,142 +0,0 @@
1
- /**
2
- * Audit Logger Module
3
- *
4
- * Provides audit logging for data access and user actions with region tracking.
5
- *
6
- * Security: All audit events are stored in database with region/dataRegion tracking
7
- * for compliance and data residency verification.
8
- *
9
- * Uses existing Logger for application logging and SecurityEvent table for persistence.
10
- */
11
- import { type LoggerEnv } from "./logger";
12
- import { type EnvWithDb } from "../db";
13
- import { type Region } from "./region-detection";
14
- /**
15
- * Environment interface for audit logger
16
- */
17
- export interface AuditLoggerEnv extends EnvWithDb, LoggerEnv {
18
- DEFAULT_REGION?: string;
19
- }
20
- /**
21
- * Audit event types
22
- */
23
- export type AuditEventType = "data_access" | "data_create" | "data_update" | "data_delete" | "user_action" | "authentication" | "authorization" | "region_change";
24
- /**
25
- * Audit event severity
26
- */
27
- export type AuditEventSeverity = "low" | "medium" | "high" | "critical";
28
- /**
29
- * Audit event interface
30
- */
31
- export interface AuditEvent {
32
- type: AuditEventType;
33
- action: string;
34
- resource: string;
35
- resourceId?: string;
36
- userId?: string;
37
- region: Region;
38
- dataRegion?: string;
39
- ipAddress?: string;
40
- userAgent?: string;
41
- metadata?: Record<string, unknown>;
42
- severity?: AuditEventSeverity;
43
- success: boolean;
44
- }
45
- /**
46
- * Audit Logger class
47
- *
48
- * Provides audit logging with region tracking for compliance.
49
- */
50
- export declare class AuditLogger {
51
- private logger;
52
- private requestId?;
53
- constructor(env?: LoggerEnv, requestId?: string);
54
- /**
55
- * Create audit logger with request ID for correlation
56
- */
57
- withRequestId(requestId: string): AuditLogger;
58
- /**
59
- * Log data access event
60
- *
61
- * Use this for read operations (GET, SELECT).
62
- *
63
- * @param event - Audit event details
64
- * @param env - Environment variables
65
- */
66
- logDataAccess(event: Omit<AuditEvent, "type" | "severity"> & {
67
- type?: AuditEventType;
68
- severity?: AuditEventSeverity;
69
- }, env: AuditLoggerEnv): Promise<void>;
70
- /**
71
- * Log user action event
72
- *
73
- * Use this for user-initiated actions (create, update, delete).
74
- *
75
- * @param event - Audit event details
76
- * @param env - Environment variables
77
- */
78
- logUserAction(event: Omit<AuditEvent, "type" | "severity"> & {
79
- type?: AuditEventType;
80
- severity?: AuditEventSeverity;
81
- }, env: AuditLoggerEnv): Promise<void>;
82
- /**
83
- * Log authentication event
84
- *
85
- * @param event - Audit event details
86
- * @param env - Environment variables
87
- */
88
- logAuthentication(event: Omit<AuditEvent, "type" | "severity"> & {
89
- type?: AuditEventType;
90
- severity?: AuditEventSeverity;
91
- }, env: AuditLoggerEnv): Promise<void>;
92
- /**
93
- * Log authorization event
94
- *
95
- * @param event - Audit event details
96
- * @param env - Environment variables
97
- */
98
- logAuthorization(event: Omit<AuditEvent, "type" | "severity"> & {
99
- type?: AuditEventType;
100
- severity?: AuditEventSeverity;
101
- }, env: AuditLoggerEnv): Promise<void>;
102
- /**
103
- * Generic log method that routes to the appropriate specific log method
104
- *
105
- * @param event - Audit event details
106
- * @param env - Environment variables
107
- */
108
- log(event: Omit<AuditEvent, "severity"> & {
109
- severity?: AuditEventSeverity;
110
- }, env: AuditLoggerEnv): Promise<void>;
111
- /**
112
- * Log audit event to database and application logs
113
- *
114
- * Security: All audit events are stored in database with region/dataRegion tracking.
115
- *
116
- * @param event - Audit event to log
117
- * @param env - Environment variables
118
- */
119
- private logAuditEvent;
120
- /**
121
- * Calculate retention date based on severity
122
- *
123
- * Retention periods:
124
- * - critical: 365 days (1 year)
125
- * - high: 90 days
126
- * - medium: 30 days
127
- * - low: 7 days
128
- *
129
- * @param severity - Event severity level
130
- * @returns Date when the event should be deleted, or null if retention is disabled
131
- */
132
- private calculateRetentionUntil;
133
- }
134
- /**
135
- * Create an audit logger instance
136
- *
137
- * @param env - Environment variables
138
- * @param requestId - Optional request ID for correlation
139
- * @returns AuditLogger instance
140
- */
141
- export declare function createAuditLogger(env?: LoggerEnv, requestId?: string): AuditLogger;
142
- //# sourceMappingURL=audit-logger.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"audit-logger.d.ts","sourceRoot":"","sources":["../../src/lib/audit-logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAA6B,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AACrE,OAAO,EAAyB,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AAC9D,OAAO,EAAiB,KAAK,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,cAAe,SAAQ,SAAS,EAAE,SAAS;IAE1D,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,aAAa,GACb,aAAa,GACb,aAAa,GACb,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,eAAe,GACf,eAAe,CAAC;AAEpB;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAExE;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAC9B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;;;GAIG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAC,CAAS;gBAEf,GAAG,CAAC,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,MAAM;IAK/C;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW;IAO7C;;;;;;;OAOG;IACG,aAAa,CACjB,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QAC7C,IAAI,CAAC,EAAE,cAAc,CAAC;QACtB,QAAQ,CAAC,EAAE,kBAAkB,CAAC;KAC/B,EACD,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,IAAI,CAAC;IAmBhB;;;;;;;OAOG;IACG,aAAa,CACjB,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QAC7C,IAAI,CAAC,EAAE,cAAc,CAAC;QACtB,QAAQ,CAAC,EAAE,kBAAkB,CAAC;KAC/B,EACD,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,IAAI,CAAC;IAmBhB;;;;;OAKG;IACG,iBAAiB,CACrB,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QAC7C,IAAI,CAAC,EAAE,cAAc,CAAC;QACtB,QAAQ,CAAC,EAAE,kBAAkB,CAAC;KAC/B,EACD,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,IAAI,CAAC;IAmBhB;;;;;OAKG;IACG,gBAAgB,CACpB,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QAC7C,IAAI,CAAC,EAAE,cAAc,CAAC;QACtB,QAAQ,CAAC,EAAE,kBAAkB,CAAC;KAC/B,EACD,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,IAAI,CAAC;IAmBhB;;;;;OAKG;IACG,GAAG,CACP,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,kBAAkB,CAAA;KAAE,EACvE,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,IAAI,CAAC;IAsBhB;;;;;;;OAOG;YACW,aAAa;IAkH3B;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,uBAAuB;CAahC;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,GAAG,CAAC,EAAE,SAAS,EACf,SAAS,CAAC,EAAE,MAAM,GACjB,WAAW,CAEb"}