@de-otio/trellis 0.7.1 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1252) hide show
  1. package/LICENSE +661 -0
  2. package/dist/db.js +10 -18
  3. package/dist/db.js.map +1 -1
  4. package/dist/env.d.ts +66 -6
  5. package/dist/env.d.ts.map +1 -1
  6. package/dist/env.js +89 -70
  7. package/dist/env.js.map +1 -1
  8. package/dist/extensions.js +3 -8
  9. package/dist/extensions.js.map +1 -1
  10. package/dist/index.d.ts +2 -2
  11. package/dist/index.d.ts.map +1 -1
  12. package/dist/index.js +2 -9
  13. package/dist/index.js.map +1 -1
  14. package/dist/lambda/cleanup-cron.d.ts.map +1 -1
  15. package/dist/lambda/cleanup-cron.js +20 -24
  16. package/dist/lambda/cleanup-cron.js.map +1 -1
  17. package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
  18. package/dist/lambda/create-auth-challenge.js +17 -19
  19. package/dist/lambda/create-auth-challenge.js.map +1 -1
  20. package/dist/lambda/custom-message.js +1 -5
  21. package/dist/lambda/custom-message.js.map +1 -1
  22. package/dist/lambda/define-auth-challenge.js +1 -5
  23. package/dist/lambda/define-auth-challenge.js.map +1 -1
  24. package/dist/lambda/delete-account-worker.d.ts.map +1 -1
  25. package/dist/lambda/delete-account-worker.js +25 -58
  26. package/dist/lambda/delete-account-worker.js.map +1 -1
  27. package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
  28. package/dist/lambda/diagnostics-proxy.js +14 -49
  29. package/dist/lambda/diagnostics-proxy.js.map +1 -1
  30. package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
  31. package/dist/lambda/e2e-sweeper.js +30 -38
  32. package/dist/lambda/e2e-sweeper.js.map +1 -1
  33. package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
  34. package/dist/lambda/federation-outbox-worker.js +4 -6
  35. package/dist/lambda/federation-outbox-worker.js.map +1 -1
  36. package/dist/lambda/followers-events-worker.d.ts.map +1 -1
  37. package/dist/lambda/followers-events-worker.js +4 -6
  38. package/dist/lambda/followers-events-worker.js.map +1 -1
  39. package/dist/lambda/hourly-cron.d.ts.map +1 -1
  40. package/dist/lambda/hourly-cron.js +100 -32
  41. package/dist/lambda/hourly-cron.js.map +1 -1
  42. package/dist/lambda/link-check-worker.d.ts.map +1 -1
  43. package/dist/lambda/link-check-worker.js +4 -6
  44. package/dist/lambda/link-check-worker.js.map +1 -1
  45. package/dist/lambda/maintenance-cron.d.ts.map +1 -1
  46. package/dist/lambda/maintenance-cron.js +30 -63
  47. package/dist/lambda/maintenance-cron.js.map +1 -1
  48. package/dist/lambda/media-processing-worker.d.ts.map +1 -1
  49. package/dist/lambda/media-processing-worker.js +11 -46
  50. package/dist/lambda/media-processing-worker.js.map +1 -1
  51. package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
  52. package/dist/lambda/media-reconciliation-worker.js +4 -6
  53. package/dist/lambda/media-reconciliation-worker.js.map +1 -1
  54. package/dist/lambda/nightly-cron.d.ts.map +1 -1
  55. package/dist/lambda/nightly-cron.js +67 -112
  56. package/dist/lambda/nightly-cron.js.map +1 -1
  57. package/dist/lambda/post-confirmation.d.ts.map +1 -1
  58. package/dist/lambda/post-confirmation.js +203 -47
  59. package/dist/lambda/post-confirmation.js.map +1 -1
  60. package/dist/lambda/pre-signup.js +7 -11
  61. package/dist/lambda/pre-signup.js.map +1 -1
  62. package/dist/lambda/pre-token-generation.d.ts.map +1 -1
  63. package/dist/lambda/pre-token-generation.js +27 -35
  64. package/dist/lambda/pre-token-generation.js.map +1 -1
  65. package/dist/lambda/tools/check-health.js +1 -5
  66. package/dist/lambda/tools/check-health.js.map +1 -1
  67. package/dist/lambda/tools/describe-services.js +4 -8
  68. package/dist/lambda/tools/describe-services.js.map +1 -1
  69. package/dist/lambda/tools/get-cost-report.js +4 -8
  70. package/dist/lambda/tools/get-cost-report.js.map +1 -1
  71. package/dist/lambda/tools/get-errors.js +5 -9
  72. package/dist/lambda/tools/get-errors.js.map +1 -1
  73. package/dist/lambda/tools/get-feature-flags.js +4 -8
  74. package/dist/lambda/tools/get-feature-flags.js.map +1 -1
  75. package/dist/lambda/tools/get-queue-status.js +5 -9
  76. package/dist/lambda/tools/get-queue-status.js.map +1 -1
  77. package/dist/lambda/tools/search-logs.js +5 -9
  78. package/dist/lambda/tools/search-logs.js.map +1 -1
  79. package/dist/lambda/tools/send-alert.js +4 -8
  80. package/dist/lambda/tools/send-alert.js.map +1 -1
  81. package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
  82. package/dist/lambda/verify-auth-challenge.js +10 -12
  83. package/dist/lambda/verify-auth-challenge.js.map +1 -1
  84. package/dist/lib/abuse-metrics.d.ts.map +1 -1
  85. package/dist/lib/abuse-metrics.js +10 -13
  86. package/dist/lib/abuse-metrics.js.map +1 -1
  87. package/dist/lib/activitypub/activity-processor.d.ts +1 -1
  88. package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
  89. package/dist/lib/activitypub/activity-processor.js +9 -43
  90. package/dist/lib/activitypub/activity-processor.js.map +1 -1
  91. package/dist/lib/activitypub/activity-service.js +1 -5
  92. package/dist/lib/activitypub/activity-service.js.map +1 -1
  93. package/dist/lib/activitypub/actor.d.ts +1 -1
  94. package/dist/lib/activitypub/actor.d.ts.map +1 -1
  95. package/dist/lib/activitypub/actor.js +1 -5
  96. package/dist/lib/activitypub/actor.js.map +1 -1
  97. package/dist/lib/activitypub/audience-service.d.ts +2 -2
  98. package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
  99. package/dist/lib/activitypub/audience-service.js +8 -12
  100. package/dist/lib/activitypub/audience-service.js.map +1 -1
  101. package/dist/lib/activitypub/crypto.d.ts +1 -1
  102. package/dist/lib/activitypub/crypto.d.ts.map +1 -1
  103. package/dist/lib/activitypub/crypto.js +3 -41
  104. package/dist/lib/activitypub/crypto.js.map +1 -1
  105. package/dist/lib/activitypub/delivery-service.d.ts +5 -5
  106. package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
  107. package/dist/lib/activitypub/delivery-service.js +10 -47
  108. package/dist/lib/activitypub/delivery-service.js.map +1 -1
  109. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
  110. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
  111. package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
  112. package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
  113. package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
  114. package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
  115. package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
  116. package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
  117. package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
  118. package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
  119. package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
  120. package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
  121. package/dist/lib/activitypub/dm-service.js +1 -5
  122. package/dist/lib/activitypub/dm-service.js.map +1 -1
  123. package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
  124. package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
  125. package/dist/lib/activitypub/entity-profile-service.js +6 -10
  126. package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
  127. package/dist/lib/activitypub/fedify/config.d.ts +3 -3
  128. package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
  129. package/dist/lib/activitypub/fedify/config.js +5 -8
  130. package/dist/lib/activitypub/fedify/config.js.map +1 -1
  131. package/dist/lib/activitypub/fedify/context.d.ts +1 -1
  132. package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
  133. package/dist/lib/activitypub/fedify/context.js +8 -12
  134. package/dist/lib/activitypub/fedify/context.js.map +1 -1
  135. package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
  136. package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
  137. package/dist/lib/activitypub/fedify/runtime.js +3 -6
  138. package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
  139. package/dist/lib/activitypub/friendship-service.js +1 -5
  140. package/dist/lib/activitypub/friendship-service.js.map +1 -1
  141. package/dist/lib/activitypub/group-service.d.ts +1 -1
  142. package/dist/lib/activitypub/group-service.d.ts.map +1 -1
  143. package/dist/lib/activitypub/group-service.js +9 -46
  144. package/dist/lib/activitypub/group-service.js.map +1 -1
  145. package/dist/lib/activitypub/http-signatures.js +8 -45
  146. package/dist/lib/activitypub/http-signatures.js.map +1 -1
  147. package/dist/lib/activitypub/jsonld.d.ts +1 -1
  148. package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
  149. package/dist/lib/activitypub/jsonld.js +1 -5
  150. package/dist/lib/activitypub/jsonld.js.map +1 -1
  151. package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
  152. package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
  153. package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
  154. package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
  155. package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
  156. package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
  157. package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
  158. package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
  159. package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
  160. package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
  161. package/dist/lib/activitypub/listeners/inbox.js +31 -35
  162. package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
  163. package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
  164. package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
  165. package/dist/lib/activitypub/listeners/outbox.js +17 -20
  166. package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
  167. package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
  168. package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
  169. package/dist/lib/activitypub/remote-fetch-service.js +6 -10
  170. package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
  171. package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
  172. package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
  173. package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
  174. package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
  175. package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
  176. package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
  177. package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
  178. package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
  179. package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
  180. package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
  181. package/dist/lib/activitypub/services/fedify-converters.js +3 -8
  182. package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
  183. package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
  184. package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
  185. package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
  186. package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
  187. package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
  188. package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
  189. package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
  190. package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
  191. package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
  192. package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
  193. package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
  194. package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
  195. package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
  196. package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
  197. package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
  198. package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
  199. package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
  200. package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
  201. package/dist/lib/activitypub/standalone-mode.js +13 -50
  202. package/dist/lib/activitypub/standalone-mode.js.map +1 -1
  203. package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
  204. package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
  205. package/dist/lib/activitypub/webfinger/server.js +18 -54
  206. package/dist/lib/activitypub/webfinger/server.js.map +1 -1
  207. package/dist/lib/age-gate-middleware.d.ts +4 -4
  208. package/dist/lib/age-gate-middleware.d.ts.map +1 -1
  209. package/dist/lib/age-gate-middleware.js +3 -6
  210. package/dist/lib/age-gate-middleware.js.map +1 -1
  211. package/dist/lib/age-gate.js +3 -8
  212. package/dist/lib/age-gate.js.map +1 -1
  213. package/dist/lib/age-tier-transition.d.ts +1 -1
  214. package/dist/lib/age-tier-transition.d.ts.map +1 -1
  215. package/dist/lib/age-tier-transition.js +7 -44
  216. package/dist/lib/age-tier-transition.js.map +1 -1
  217. package/dist/lib/app.d.ts +76 -0
  218. package/dist/lib/app.d.ts.map +1 -0
  219. package/dist/lib/app.js +400 -0
  220. package/dist/lib/app.js.map +1 -0
  221. package/dist/lib/audit/csv-export.js +6 -13
  222. package/dist/lib/audit/csv-export.js.map +1 -1
  223. package/dist/lib/audit/pii-filter.d.ts +9 -0
  224. package/dist/lib/audit/pii-filter.d.ts.map +1 -1
  225. package/dist/lib/audit/pii-filter.js +57 -7
  226. package/dist/lib/audit/pii-filter.js.map +1 -1
  227. package/dist/lib/audit-actions.d.ts +94 -0
  228. package/dist/lib/audit-actions.d.ts.map +1 -0
  229. package/dist/lib/audit-actions.js +107 -0
  230. package/dist/lib/audit-actions.js.map +1 -0
  231. package/dist/lib/audit-composer.d.ts +174 -0
  232. package/dist/lib/audit-composer.d.ts.map +1 -0
  233. package/dist/lib/audit-composer.js +421 -0
  234. package/dist/lib/audit-composer.js.map +1 -0
  235. package/dist/lib/auth/auth-context.d.ts +1 -1
  236. package/dist/lib/auth/auth-context.js +1 -2
  237. package/dist/lib/auth/auth-context.js.map +1 -1
  238. package/dist/lib/auth/auth-middleware.d.ts +16 -2
  239. package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
  240. package/dist/lib/auth/auth-middleware.js +36 -45
  241. package/dist/lib/auth/auth-middleware.js.map +1 -1
  242. package/dist/lib/auth/capabilities.js +2 -5
  243. package/dist/lib/auth/capabilities.js.map +1 -1
  244. package/dist/lib/auth/claims-cache.d.ts +2 -2
  245. package/dist/lib/auth/claims-cache.js +19 -24
  246. package/dist/lib/auth/claims-cache.js.map +1 -1
  247. package/dist/lib/auth/cognito-jwt.d.ts +20 -2
  248. package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
  249. package/dist/lib/auth/cognito-jwt.js +83 -23
  250. package/dist/lib/auth/cognito-jwt.js.map +1 -1
  251. package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
  252. package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
  253. package/dist/lib/auth/idp-redirect-builder.js +4 -10
  254. package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
  255. package/dist/lib/auth/require.d.ts +4 -4
  256. package/dist/lib/auth/require.d.ts.map +1 -1
  257. package/dist/lib/auth/require.js +11 -18
  258. package/dist/lib/auth/require.js.map +1 -1
  259. package/dist/lib/auth/role-grants.d.ts +1 -1
  260. package/dist/lib/auth/role-grants.d.ts.map +1 -1
  261. package/dist/lib/auth/role-grants.js +28 -31
  262. package/dist/lib/auth/role-grants.js.map +1 -1
  263. package/dist/lib/auth-context-manager.js +1 -5
  264. package/dist/lib/auth-context-manager.js.map +1 -1
  265. package/dist/lib/auth-handler.d.ts +5 -5
  266. package/dist/lib/auth-handler.d.ts.map +1 -1
  267. package/dist/lib/auth-handler.js +5 -9
  268. package/dist/lib/auth-handler.js.map +1 -1
  269. package/dist/lib/badge-handler.d.ts +1 -1
  270. package/dist/lib/badge-handler.d.ts.map +1 -1
  271. package/dist/lib/badge-handler.js +14 -52
  272. package/dist/lib/badge-handler.js.map +1 -1
  273. package/dist/lib/circle-handler.d.ts +10 -10
  274. package/dist/lib/circle-handler.d.ts.map +1 -1
  275. package/dist/lib/circle-handler.js +10 -47
  276. package/dist/lib/circle-handler.js.map +1 -1
  277. package/dist/lib/cognito/idp-sdk.js +11 -18
  278. package/dist/lib/cognito/idp-sdk.js.map +1 -1
  279. package/dist/lib/cognito/issuer-probe.js +9 -14
  280. package/dist/lib/cognito/issuer-probe.js.map +1 -1
  281. package/dist/lib/comment-handler.d.ts +10 -10
  282. package/dist/lib/comment-handler.d.ts.map +1 -1
  283. package/dist/lib/comment-handler.js +61 -97
  284. package/dist/lib/comment-handler.js.map +1 -1
  285. package/dist/lib/compliance/baseline.d.ts +2 -2
  286. package/dist/lib/compliance/baseline.d.ts.map +1 -1
  287. package/dist/lib/compliance/baseline.js +15 -18
  288. package/dist/lib/compliance/baseline.js.map +1 -1
  289. package/dist/lib/compliance/tenant-merge.d.ts +1 -1
  290. package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
  291. package/dist/lib/compliance/tenant-merge.js +1 -4
  292. package/dist/lib/compliance/tenant-merge.js.map +1 -1
  293. package/dist/lib/compliance/types.d.ts +1 -1
  294. package/dist/lib/compliance/types.js +2 -3
  295. package/dist/lib/compliance/types.js.map +1 -1
  296. package/dist/lib/connection-code-handler.d.ts +7 -7
  297. package/dist/lib/connection-code-handler.d.ts.map +1 -1
  298. package/dist/lib/connection-code-handler.js +13 -50
  299. package/dist/lib/connection-code-handler.js.map +1 -1
  300. package/dist/lib/content-discovery.d.ts +1 -1
  301. package/dist/lib/content-discovery.d.ts.map +1 -1
  302. package/dist/lib/content-discovery.js +15 -52
  303. package/dist/lib/content-discovery.js.map +1 -1
  304. package/dist/lib/context-aware-data-access.d.ts +1 -1
  305. package/dist/lib/context-aware-data-access.d.ts.map +1 -1
  306. package/dist/lib/context-aware-data-access.js +1 -5
  307. package/dist/lib/context-aware-data-access.js.map +1 -1
  308. package/dist/lib/cors-handler.d.ts +1 -1
  309. package/dist/lib/cors-handler.d.ts.map +1 -1
  310. package/dist/lib/cors-handler.js +13 -17
  311. package/dist/lib/cors-handler.js.map +1 -1
  312. package/dist/lib/cost-accumulator.d.ts.map +1 -1
  313. package/dist/lib/cost-accumulator.js +7 -11
  314. package/dist/lib/cost-accumulator.js.map +1 -1
  315. package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
  316. package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
  317. package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
  318. package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
  319. package/dist/lib/crypto/voting/hash-utils.js +6 -12
  320. package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
  321. package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
  322. package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
  323. package/dist/lib/crypto/voting/index.js +4 -14
  324. package/dist/lib/crypto/voting/index.js.map +1 -1
  325. package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
  326. package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
  327. package/dist/lib/csrf.d.ts +2 -2
  328. package/dist/lib/csrf.d.ts.map +1 -1
  329. package/dist/lib/csrf.js +1 -5
  330. package/dist/lib/csrf.js.map +1 -1
  331. package/dist/lib/data-router.d.ts +5 -4
  332. package/dist/lib/data-router.d.ts.map +1 -1
  333. package/dist/lib/data-router.js +67 -90
  334. package/dist/lib/data-router.js.map +1 -1
  335. package/dist/lib/database-circuit-breaker.d.ts +61 -34
  336. package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
  337. package/dist/lib/database-circuit-breaker.js +102 -109
  338. package/dist/lib/database-circuit-breaker.js.map +1 -1
  339. package/dist/lib/database-config.js +1 -4
  340. package/dist/lib/database-config.js.map +1 -1
  341. package/dist/lib/database-connection-manager.d.ts +42 -2
  342. package/dist/lib/database-connection-manager.d.ts.map +1 -1
  343. package/dist/lib/database-connection-manager.js +178 -74
  344. package/dist/lib/database-connection-manager.js.map +1 -1
  345. package/dist/lib/database-monitor.d.ts +1 -1
  346. package/dist/lib/database-monitor.d.ts.map +1 -1
  347. package/dist/lib/database-monitor.js +5 -9
  348. package/dist/lib/database-monitor.js.map +1 -1
  349. package/dist/lib/database-rate-limiter.d.ts +1 -1
  350. package/dist/lib/database-rate-limiter.d.ts.map +1 -1
  351. package/dist/lib/database-rate-limiter.js +3 -7
  352. package/dist/lib/database-rate-limiter.js.map +1 -1
  353. package/dist/lib/database-wrapper-helper.d.ts +2 -2
  354. package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
  355. package/dist/lib/database-wrapper-helper.js +7 -11
  356. package/dist/lib/database-wrapper-helper.js.map +1 -1
  357. package/dist/lib/database-wrapper.d.ts +1 -1
  358. package/dist/lib/database-wrapper.d.ts.map +1 -1
  359. package/dist/lib/database-wrapper.js +5 -9
  360. package/dist/lib/database-wrapper.js.map +1 -1
  361. package/dist/lib/db-query-helper.d.ts +3 -3
  362. package/dist/lib/db-query-helper.d.ts.map +1 -1
  363. package/dist/lib/db-query-helper.js +4 -9
  364. package/dist/lib/db-query-helper.js.map +1 -1
  365. package/dist/lib/discovery-exposure.d.ts +42 -0
  366. package/dist/lib/discovery-exposure.d.ts.map +1 -0
  367. package/dist/lib/discovery-exposure.js +89 -0
  368. package/dist/lib/discovery-exposure.js.map +1 -0
  369. package/dist/lib/discovery-handler.d.ts +6 -6
  370. package/dist/lib/discovery-handler.d.ts.map +1 -1
  371. package/dist/lib/discovery-handler.js +10 -43
  372. package/dist/lib/discovery-handler.js.map +1 -1
  373. package/dist/lib/domain-reputation-service.d.ts +1 -1
  374. package/dist/lib/domain-reputation-service.d.ts.map +1 -1
  375. package/dist/lib/domain-reputation-service.js +12 -15
  376. package/dist/lib/domain-reputation-service.js.map +1 -1
  377. package/dist/lib/email-privacy.js +4 -8
  378. package/dist/lib/email-privacy.js.map +1 -1
  379. package/dist/lib/email-provider.d.ts +2 -2
  380. package/dist/lib/email-provider.d.ts.map +1 -1
  381. package/dist/lib/email-provider.js +8 -16
  382. package/dist/lib/email-provider.js.map +1 -1
  383. package/dist/lib/entity-handler.d.ts +5 -6
  384. package/dist/lib/entity-handler.d.ts.map +1 -1
  385. package/dist/lib/entity-handler.js +52 -81
  386. package/dist/lib/entity-handler.js.map +1 -1
  387. package/dist/lib/entity-relationship-handler.d.ts +9 -9
  388. package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
  389. package/dist/lib/entity-relationship-handler.js +14 -51
  390. package/dist/lib/entity-relationship-handler.js.map +1 -1
  391. package/dist/lib/entity-tagging-errors.js +4 -11
  392. package/dist/lib/entity-tagging-errors.js.map +1 -1
  393. package/dist/lib/entity-tagging-validator.d.ts +3 -3
  394. package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
  395. package/dist/lib/entity-tagging-validator.js +6 -11
  396. package/dist/lib/entity-tagging-validator.js.map +1 -1
  397. package/dist/lib/exif-stripper.js +1 -4
  398. package/dist/lib/exif-stripper.js.map +1 -1
  399. package/dist/lib/extension-context.d.ts +2 -2
  400. package/dist/lib/extension-context.d.ts.map +1 -1
  401. package/dist/lib/extension-context.js +1 -4
  402. package/dist/lib/extension-context.js.map +1 -1
  403. package/dist/lib/extension-route-wrapper.d.ts +1 -1
  404. package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
  405. package/dist/lib/extension-route-wrapper.js +17 -55
  406. package/dist/lib/extension-route-wrapper.js.map +1 -1
  407. package/dist/lib/extension-validator.js +3 -6
  408. package/dist/lib/extension-validator.js.map +1 -1
  409. package/dist/lib/feature-flags.d.ts +5 -2
  410. package/dist/lib/feature-flags.d.ts.map +1 -1
  411. package/dist/lib/feature-flags.js +15 -48
  412. package/dist/lib/feature-flags.js.map +1 -1
  413. package/dist/lib/feature-toggle-global-client.d.ts +6 -0
  414. package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
  415. package/dist/lib/feature-toggle-global-client.js +73 -0
  416. package/dist/lib/feature-toggle-global-client.js.map +1 -0
  417. package/dist/lib/feature-toggle-service.d.ts +137 -27
  418. package/dist/lib/feature-toggle-service.d.ts.map +1 -1
  419. package/dist/lib/feature-toggle-service.js +302 -119
  420. package/dist/lib/feature-toggle-service.js.map +1 -1
  421. package/dist/lib/feed-handler.d.ts +8 -8
  422. package/dist/lib/feed-handler.d.ts.map +1 -1
  423. package/dist/lib/feed-handler.js +33 -62
  424. package/dist/lib/feed-handler.js.map +1 -1
  425. package/dist/lib/feed-pagination.d.ts +26 -0
  426. package/dist/lib/feed-pagination.d.ts.map +1 -1
  427. package/dist/lib/feed-pagination.js +31 -11
  428. package/dist/lib/feed-pagination.js.map +1 -1
  429. package/dist/lib/feed-personalization.d.ts +1 -1
  430. package/dist/lib/feed-personalization.d.ts.map +1 -1
  431. package/dist/lib/feed-personalization.js +6 -43
  432. package/dist/lib/feed-personalization.js.map +1 -1
  433. package/dist/lib/followers-events.js +8 -13
  434. package/dist/lib/followers-events.js.map +1 -1
  435. package/dist/lib/friends-handler.d.ts +2 -2
  436. package/dist/lib/friends-handler.d.ts.map +1 -1
  437. package/dist/lib/friends-handler.js +9 -46
  438. package/dist/lib/friends-handler.js.map +1 -1
  439. package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
  440. package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
  441. package/dist/lib/geo/entity-geo-repository.js +91 -0
  442. package/dist/lib/geo/entity-geo-repository.js.map +1 -0
  443. package/dist/lib/graph/errors.d.ts.map +1 -1
  444. package/dist/lib/graph/errors.js +13 -18
  445. package/dist/lib/graph/errors.js.map +1 -1
  446. package/dist/lib/graph/graph-factory.d.ts +12 -53
  447. package/dist/lib/graph/graph-factory.d.ts.map +1 -1
  448. package/dist/lib/graph/graph-factory.js +67 -162
  449. package/dist/lib/graph/graph-factory.js.map +1 -1
  450. package/dist/lib/graph/graph-service.d.ts +1 -1
  451. package/dist/lib/graph/graph-service.d.ts.map +1 -1
  452. package/dist/lib/graph/graph-service.js +1 -2
  453. package/dist/lib/graph/graph-service.js.map +1 -1
  454. package/dist/lib/graph/index.d.ts +10 -14
  455. package/dist/lib/graph/index.d.ts.map +1 -1
  456. package/dist/lib/graph/index.js +12 -46
  457. package/dist/lib/graph/index.js.map +1 -1
  458. package/dist/lib/graph/postgres/_shared.d.ts +18 -0
  459. package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
  460. package/dist/lib/graph/postgres/_shared.js +24 -0
  461. package/dist/lib/graph/postgres/_shared.js.map +1 -0
  462. package/dist/lib/graph/postgres/circles.d.ts +66 -0
  463. package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
  464. package/dist/lib/graph/postgres/circles.js +513 -0
  465. package/dist/lib/graph/postgres/circles.js.map +1 -0
  466. package/dist/lib/graph/postgres/discovery.d.ts +165 -0
  467. package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
  468. package/dist/lib/graph/postgres/discovery.js +579 -0
  469. package/dist/lib/graph/postgres/discovery.js.map +1 -0
  470. package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
  471. package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
  472. package/dist/lib/graph/postgres/entity-relationships.js +304 -0
  473. package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
  474. package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
  475. package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
  476. package/dist/lib/graph/postgres/interaction-events.js +162 -0
  477. package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
  478. package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
  479. package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
  480. package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
  481. package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
  482. package/dist/lib/graph/postgres/relationships.d.ts +58 -0
  483. package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
  484. package/dist/lib/graph/postgres/relationships.js +314 -0
  485. package/dist/lib/graph/postgres/relationships.js.map +1 -0
  486. package/dist/lib/graph/postgres/scoring.d.ts +74 -0
  487. package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
  488. package/dist/lib/graph/postgres/scoring.js +297 -0
  489. package/dist/lib/graph/postgres/scoring.js.map +1 -0
  490. package/dist/lib/graph/postgres/sync.d.ts +149 -0
  491. package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
  492. package/dist/lib/graph/postgres/sync.js +269 -0
  493. package/dist/lib/graph/postgres/sync.js.map +1 -0
  494. package/dist/lib/graph/scoring-engine.d.ts +7 -1
  495. package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
  496. package/dist/lib/graph/scoring-engine.js +29 -35
  497. package/dist/lib/graph/scoring-engine.js.map +1 -1
  498. package/dist/lib/graph/types.d.ts +18 -1
  499. package/dist/lib/graph/types.d.ts.map +1 -1
  500. package/dist/lib/graph/types.js +1 -2
  501. package/dist/lib/graph/types.js.map +1 -1
  502. package/dist/lib/hook-dispatcher.d.ts +1 -1
  503. package/dist/lib/hook-dispatcher.d.ts.map +1 -1
  504. package/dist/lib/hook-dispatcher.js +8 -12
  505. package/dist/lib/hook-dispatcher.js.map +1 -1
  506. package/dist/lib/input-sanitizer.js +1 -5
  507. package/dist/lib/input-sanitizer.js.map +1 -1
  508. package/dist/lib/internal-docs-handler.d.ts +2 -2
  509. package/dist/lib/internal-docs-handler.d.ts.map +1 -1
  510. package/dist/lib/internal-docs-handler.js +20 -28
  511. package/dist/lib/internal-docs-handler.js.map +1 -1
  512. package/dist/lib/internal-docs-navigation.js +2 -6
  513. package/dist/lib/internal-docs-navigation.js.map +1 -1
  514. package/dist/lib/invitation-handler.d.ts +2 -2
  515. package/dist/lib/invitation-handler.d.ts.map +1 -1
  516. package/dist/lib/invitation-handler.js +41 -82
  517. package/dist/lib/invitation-handler.js.map +1 -1
  518. package/dist/lib/ip-scrubber.js +3 -8
  519. package/dist/lib/ip-scrubber.js.map +1 -1
  520. package/dist/lib/link-security-handler.d.ts +3 -2
  521. package/dist/lib/link-security-handler.d.ts.map +1 -1
  522. package/dist/lib/link-security-handler.js +8 -44
  523. package/dist/lib/link-security-handler.js.map +1 -1
  524. package/dist/lib/logger.d.ts +31 -82
  525. package/dist/lib/logger.d.ts.map +1 -1
  526. package/dist/lib/logger.js +43 -185
  527. package/dist/lib/logger.js.map +1 -1
  528. package/dist/lib/media-cleanup-handler.d.ts +2 -2
  529. package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
  530. package/dist/lib/media-cleanup-handler.js +7 -11
  531. package/dist/lib/media-cleanup-handler.js.map +1 -1
  532. package/dist/lib/media-handler.d.ts +1 -1
  533. package/dist/lib/media-handler.d.ts.map +1 -1
  534. package/dist/lib/media-handler.js +36 -73
  535. package/dist/lib/media-handler.js.map +1 -1
  536. package/dist/lib/media-metadata-extractor.d.ts +1 -1
  537. package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
  538. package/dist/lib/media-metadata-extractor.js +3 -7
  539. package/dist/lib/media-metadata-extractor.js.map +1 -1
  540. package/dist/lib/media-metrics.d.ts +2 -2
  541. package/dist/lib/media-metrics.d.ts.map +1 -1
  542. package/dist/lib/media-metrics.js +3 -7
  543. package/dist/lib/media-metrics.js.map +1 -1
  544. package/dist/lib/metadata/index.d.ts +5 -5
  545. package/dist/lib/metadata/index.d.ts.map +1 -1
  546. package/dist/lib/metadata/index.js +5 -21
  547. package/dist/lib/metadata/index.js.map +1 -1
  548. package/dist/lib/metadata/metadata-config.js +2 -5
  549. package/dist/lib/metadata/metadata-config.js.map +1 -1
  550. package/dist/lib/metadata/metadata-errors.js +2 -7
  551. package/dist/lib/metadata/metadata-errors.js.map +1 -1
  552. package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
  553. package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
  554. package/dist/lib/metadata/metadata-extractor.js +42 -82
  555. package/dist/lib/metadata/metadata-extractor.js.map +1 -1
  556. package/dist/lib/metadata/metadata-sanitizer.js +17 -24
  557. package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
  558. package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
  559. package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
  560. package/dist/lib/metadata/metadata-schemas.js +31 -34
  561. package/dist/lib/metadata/metadata-schemas.js.map +1 -1
  562. package/dist/lib/mfa/mfa-handler.d.ts +1 -1
  563. package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
  564. package/dist/lib/mfa/mfa-handler.js +13 -17
  565. package/dist/lib/mfa/mfa-handler.js.map +1 -1
  566. package/dist/lib/mfa/totp-service.js +8 -18
  567. package/dist/lib/mfa/totp-service.js.map +1 -1
  568. package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
  569. package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
  570. package/dist/lib/middleware/comment-rate-limit.js +7 -10
  571. package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
  572. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
  573. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
  574. package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
  575. package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
  576. package/dist/lib/middleware/idempotency-store.js +20 -26
  577. package/dist/lib/middleware/idempotency-store.js.map +1 -1
  578. package/dist/lib/middleware/idempotency.d.ts +2 -2
  579. package/dist/lib/middleware/idempotency.d.ts.map +1 -1
  580. package/dist/lib/middleware/idempotency.js +12 -50
  581. package/dist/lib/middleware/idempotency.js.map +1 -1
  582. package/dist/lib/middleware.d.ts +22 -9
  583. package/dist/lib/middleware.d.ts.map +1 -1
  584. package/dist/lib/middleware.js +72 -153
  585. package/dist/lib/middleware.js.map +1 -1
  586. package/dist/lib/moderation-handler.d.ts +1 -1
  587. package/dist/lib/moderation-handler.d.ts.map +1 -1
  588. package/dist/lib/moderation-handler.js +15 -54
  589. package/dist/lib/moderation-handler.js.map +1 -1
  590. package/dist/lib/net/trusted-client-ip.d.ts +8 -30
  591. package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
  592. package/dist/lib/net/trusted-client-ip.js +13 -94
  593. package/dist/lib/net/trusted-client-ip.js.map +1 -1
  594. package/dist/lib/notification-handler.d.ts +1 -1
  595. package/dist/lib/notification-handler.d.ts.map +1 -1
  596. package/dist/lib/notification-handler.js +10 -15
  597. package/dist/lib/notification-handler.js.map +1 -1
  598. package/dist/lib/notification-preferences-handler.d.ts +1 -1
  599. package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
  600. package/dist/lib/notification-preferences-handler.js +7 -11
  601. package/dist/lib/notification-preferences-handler.js.map +1 -1
  602. package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
  603. package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
  604. package/dist/lib/oauth/cognito-issuer.js +5 -10
  605. package/dist/lib/oauth/cognito-issuer.js.map +1 -1
  606. package/dist/lib/oauth/device-authorization.d.ts +1 -1
  607. package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
  608. package/dist/lib/oauth/device-authorization.js +62 -77
  609. package/dist/lib/oauth/device-authorization.js.map +1 -1
  610. package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
  611. package/dist/lib/oauth/envelope-crypto.js +22 -34
  612. package/dist/lib/oauth/envelope-crypto.js.map +1 -1
  613. package/dist/lib/oauth/refresh-detection.js +42 -52
  614. package/dist/lib/oauth/refresh-detection.js.map +1 -1
  615. package/dist/lib/openai-budget.d.ts.map +1 -1
  616. package/dist/lib/openai-budget.js +7 -44
  617. package/dist/lib/openai-budget.js.map +1 -1
  618. package/dist/lib/openapi/generator.d.ts +1 -1
  619. package/dist/lib/openapi/generator.d.ts.map +1 -1
  620. package/dist/lib/openapi/generator.js +2 -6
  621. package/dist/lib/openapi/generator.js.map +1 -1
  622. package/dist/lib/orphaned-media-handler.d.ts +1 -1
  623. package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
  624. package/dist/lib/orphaned-media-handler.js +9 -46
  625. package/dist/lib/orphaned-media-handler.js.map +1 -1
  626. package/dist/lib/parental-control-handler.d.ts +2 -2
  627. package/dist/lib/parental-control-handler.d.ts.map +1 -1
  628. package/dist/lib/parental-control-handler.js +18 -55
  629. package/dist/lib/parental-control-handler.js.map +1 -1
  630. package/dist/lib/parental-link-handler.d.ts +8 -8
  631. package/dist/lib/parental-link-handler.d.ts.map +1 -1
  632. package/dist/lib/parental-link-handler.js +10 -14
  633. package/dist/lib/parental-link-handler.js.map +1 -1
  634. package/dist/lib/performance-metrics.d.ts +1 -1
  635. package/dist/lib/performance-metrics.d.ts.map +1 -1
  636. package/dist/lib/performance-metrics.js +3 -6
  637. package/dist/lib/performance-metrics.js.map +1 -1
  638. package/dist/lib/post-handler.d.ts +9 -9
  639. package/dist/lib/post-handler.d.ts.map +1 -1
  640. package/dist/lib/post-handler.js +67 -101
  641. package/dist/lib/post-handler.js.map +1 -1
  642. package/dist/lib/privacy-defaults.js +3 -8
  643. package/dist/lib/privacy-defaults.js.map +1 -1
  644. package/dist/lib/privacy-handler.d.ts +2 -2
  645. package/dist/lib/privacy-handler.d.ts.map +1 -1
  646. package/dist/lib/privacy-handler.js +6 -10
  647. package/dist/lib/privacy-handler.js.map +1 -1
  648. package/dist/lib/pseudonym.d.ts +56 -0
  649. package/dist/lib/pseudonym.d.ts.map +1 -0
  650. package/dist/lib/pseudonym.js +85 -0
  651. package/dist/lib/pseudonym.js.map +1 -0
  652. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
  653. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
  654. package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
  655. package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
  656. package/dist/lib/quiet-hours.js +2 -6
  657. package/dist/lib/quiet-hours.js.map +1 -1
  658. package/dist/lib/rate-limit.d.ts +58 -47
  659. package/dist/lib/rate-limit.d.ts.map +1 -1
  660. package/dist/lib/rate-limit.js +168 -157
  661. package/dist/lib/rate-limit.js.map +1 -1
  662. package/dist/lib/reaction-handler.d.ts +10 -10
  663. package/dist/lib/reaction-handler.d.ts.map +1 -1
  664. package/dist/lib/reaction-handler.js +44 -80
  665. package/dist/lib/reaction-handler.js.map +1 -1
  666. package/dist/lib/recaptcha.js +6 -9
  667. package/dist/lib/recaptcha.js.map +1 -1
  668. package/dist/lib/redirect-resolver.d.ts +2 -2
  669. package/dist/lib/redirect-resolver.d.ts.map +1 -1
  670. package/dist/lib/redirect-resolver.js +5 -9
  671. package/dist/lib/redirect-resolver.js.map +1 -1
  672. package/dist/lib/region-config.d.ts +3 -3
  673. package/dist/lib/region-config.d.ts.map +1 -1
  674. package/dist/lib/region-config.js +15 -58
  675. package/dist/lib/region-config.js.map +1 -1
  676. package/dist/lib/region-detection.d.ts +55 -24
  677. package/dist/lib/region-detection.d.ts.map +1 -1
  678. package/dist/lib/region-detection.js +140 -199
  679. package/dist/lib/region-detection.js.map +1 -1
  680. package/dist/lib/region-registry.d.ts +49 -0
  681. package/dist/lib/region-registry.d.ts.map +1 -0
  682. package/dist/lib/region-registry.js +112 -0
  683. package/dist/lib/region-registry.js.map +1 -0
  684. package/dist/lib/relationship-handler.d.ts +9 -9
  685. package/dist/lib/relationship-handler.d.ts.map +1 -1
  686. package/dist/lib/relationship-handler.js +12 -49
  687. package/dist/lib/relationship-handler.js.map +1 -1
  688. package/dist/lib/request-context.d.ts +16 -16
  689. package/dist/lib/request-context.d.ts.map +1 -1
  690. package/dist/lib/request-context.js +14 -22
  691. package/dist/lib/request-context.js.map +1 -1
  692. package/dist/lib/route-helpers.d.ts +3 -4
  693. package/dist/lib/route-helpers.d.ts.map +1 -1
  694. package/dist/lib/route-helpers.js +20 -75
  695. package/dist/lib/route-helpers.js.map +1 -1
  696. package/dist/lib/routes/activitypub/actor.d.ts +1 -1
  697. package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
  698. package/dist/lib/routes/activitypub/actor.js +20 -23
  699. package/dist/lib/routes/activitypub/actor.js.map +1 -1
  700. package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
  701. package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
  702. package/dist/lib/routes/activitypub/audiences.js +76 -80
  703. package/dist/lib/routes/activitypub/audiences.js.map +1 -1
  704. package/dist/lib/routes/activitypub/collections.d.ts +1 -1
  705. package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
  706. package/dist/lib/routes/activitypub/collections.js +24 -26
  707. package/dist/lib/routes/activitypub/collections.js.map +1 -1
  708. package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
  709. package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
  710. package/dist/lib/routes/activitypub/entity-profile.js +36 -39
  711. package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
  712. package/dist/lib/routes/activitypub/friends.d.ts +1 -1
  713. package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
  714. package/dist/lib/routes/activitypub/friends.js +9 -12
  715. package/dist/lib/routes/activitypub/friends.js.map +1 -1
  716. package/dist/lib/routes/activitypub/group.d.ts +1 -1
  717. package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
  718. package/dist/lib/routes/activitypub/group.js +91 -94
  719. package/dist/lib/routes/activitypub/group.js.map +1 -1
  720. package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
  721. package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
  722. package/dist/lib/routes/activitypub/inbox.js +30 -33
  723. package/dist/lib/routes/activitypub/inbox.js.map +1 -1
  724. package/dist/lib/routes/activitypub/messages.d.ts +1 -1
  725. package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
  726. package/dist/lib/routes/activitypub/messages.js +79 -83
  727. package/dist/lib/routes/activitypub/messages.js.map +1 -1
  728. package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
  729. package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
  730. package/dist/lib/routes/activitypub/outbox.js +9 -12
  731. package/dist/lib/routes/activitypub/outbox.js.map +1 -1
  732. package/dist/lib/routes/activitypub/post.d.ts +1 -1
  733. package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
  734. package/dist/lib/routes/activitypub/post.js +32 -35
  735. package/dist/lib/routes/activitypub/post.js.map +1 -1
  736. package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
  737. package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
  738. package/dist/lib/routes/activitypub/webfinger.js +5 -8
  739. package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
  740. package/dist/lib/routes/admin-costs.d.ts +1 -1
  741. package/dist/lib/routes/admin-costs.d.ts.map +1 -1
  742. package/dist/lib/routes/admin-costs.js +22 -26
  743. package/dist/lib/routes/admin-costs.js.map +1 -1
  744. package/dist/lib/routes/admin.d.ts +1 -1
  745. package/dist/lib/routes/admin.d.ts.map +1 -1
  746. package/dist/lib/routes/admin.js +290 -269
  747. package/dist/lib/routes/admin.js.map +1 -1
  748. package/dist/lib/routes/agent-authorize.d.ts +5 -5
  749. package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
  750. package/dist/lib/routes/agent-authorize.js +68 -74
  751. package/dist/lib/routes/agent-authorize.js.map +1 -1
  752. package/dist/lib/routes/agent-sessions.d.ts +4 -4
  753. package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
  754. package/dist/lib/routes/agent-sessions.js +30 -35
  755. package/dist/lib/routes/agent-sessions.js.map +1 -1
  756. package/dist/lib/routes/agent-surface.d.ts +2 -2
  757. package/dist/lib/routes/agent-surface.d.ts.map +1 -1
  758. package/dist/lib/routes/agent-surface.js +20 -24
  759. package/dist/lib/routes/agent-surface.js.map +1 -1
  760. package/dist/lib/routes/auth-discover.d.ts +1 -1
  761. package/dist/lib/routes/auth-discover.d.ts.map +1 -1
  762. package/dist/lib/routes/auth-discover.js +20 -56
  763. package/dist/lib/routes/auth-discover.js.map +1 -1
  764. package/dist/lib/routes/auth.d.ts +1 -1
  765. package/dist/lib/routes/auth.d.ts.map +1 -1
  766. package/dist/lib/routes/auth.js +13 -16
  767. package/dist/lib/routes/auth.js.map +1 -1
  768. package/dist/lib/routes/badges.d.ts +1 -1
  769. package/dist/lib/routes/badges.d.ts.map +1 -1
  770. package/dist/lib/routes/badges.js +20 -23
  771. package/dist/lib/routes/badges.js.map +1 -1
  772. package/dist/lib/routes/circles.d.ts +1 -1
  773. package/dist/lib/routes/circles.d.ts.map +1 -1
  774. package/dist/lib/routes/circles.js +40 -44
  775. package/dist/lib/routes/circles.js.map +1 -1
  776. package/dist/lib/routes/comments.d.ts +1 -1
  777. package/dist/lib/routes/comments.d.ts.map +1 -1
  778. package/dist/lib/routes/comments.js +67 -71
  779. package/dist/lib/routes/comments.js.map +1 -1
  780. package/dist/lib/routes/connection-codes.d.ts +1 -1
  781. package/dist/lib/routes/connection-codes.d.ts.map +1 -1
  782. package/dist/lib/routes/connection-codes.js +30 -34
  783. package/dist/lib/routes/connection-codes.js.map +1 -1
  784. package/dist/lib/routes/content-discovery.d.ts +1 -1
  785. package/dist/lib/routes/content-discovery.d.ts.map +1 -1
  786. package/dist/lib/routes/content-discovery.js +31 -34
  787. package/dist/lib/routes/content-discovery.js.map +1 -1
  788. package/dist/lib/routes/dashboard.d.ts +1 -1
  789. package/dist/lib/routes/dashboard.d.ts.map +1 -1
  790. package/dist/lib/routes/dashboard.js +251 -288
  791. package/dist/lib/routes/dashboard.js.map +1 -1
  792. package/dist/lib/routes/deletion.d.ts +1 -1
  793. package/dist/lib/routes/deletion.d.ts.map +1 -1
  794. package/dist/lib/routes/deletion.js +37 -74
  795. package/dist/lib/routes/deletion.js.map +1 -1
  796. package/dist/lib/routes/discovery.d.ts +1 -1
  797. package/dist/lib/routes/discovery.d.ts.map +1 -1
  798. package/dist/lib/routes/discovery.js +20 -24
  799. package/dist/lib/routes/discovery.js.map +1 -1
  800. package/dist/lib/routes/employees.d.ts +1 -1
  801. package/dist/lib/routes/employees.d.ts.map +1 -1
  802. package/dist/lib/routes/employees.js +15 -52
  803. package/dist/lib/routes/employees.js.map +1 -1
  804. package/dist/lib/routes/entities.d.ts +1 -1
  805. package/dist/lib/routes/entities.d.ts.map +1 -1
  806. package/dist/lib/routes/entities.js +133 -137
  807. package/dist/lib/routes/entities.js.map +1 -1
  808. package/dist/lib/routes/entity-relationships.d.ts +1 -1
  809. package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
  810. package/dist/lib/routes/entity-relationships.js +35 -39
  811. package/dist/lib/routes/entity-relationships.js.map +1 -1
  812. package/dist/lib/routes/errors.d.ts +1 -1
  813. package/dist/lib/routes/errors.d.ts.map +1 -1
  814. package/dist/lib/routes/errors.js +4 -10
  815. package/dist/lib/routes/errors.js.map +1 -1
  816. package/dist/lib/routes/export.d.ts +1 -1
  817. package/dist/lib/routes/export.d.ts.map +1 -1
  818. package/dist/lib/routes/export.js +31 -35
  819. package/dist/lib/routes/export.js.map +1 -1
  820. package/dist/lib/routes/feature-flags.d.ts +1 -1
  821. package/dist/lib/routes/feature-flags.d.ts.map +1 -1
  822. package/dist/lib/routes/feature-flags.js +20 -23
  823. package/dist/lib/routes/feature-flags.js.map +1 -1
  824. package/dist/lib/routes/feeds.d.ts +1 -1
  825. package/dist/lib/routes/feeds.d.ts.map +1 -1
  826. package/dist/lib/routes/feeds.js +42 -46
  827. package/dist/lib/routes/feeds.js.map +1 -1
  828. package/dist/lib/routes/friends.d.ts +1 -1
  829. package/dist/lib/routes/friends.d.ts.map +1 -1
  830. package/dist/lib/routes/friends.js +35 -39
  831. package/dist/lib/routes/friends.js.map +1 -1
  832. package/dist/lib/routes/health.d.ts +1 -1
  833. package/dist/lib/routes/health.d.ts.map +1 -1
  834. package/dist/lib/routes/health.js +23 -27
  835. package/dist/lib/routes/health.js.map +1 -1
  836. package/dist/lib/routes/index.d.ts +2 -7
  837. package/dist/lib/routes/index.d.ts.map +1 -1
  838. package/dist/lib/routes/index.js +137 -158
  839. package/dist/lib/routes/index.js.map +1 -1
  840. package/dist/lib/routes/internal-docs.d.ts +1 -1
  841. package/dist/lib/routes/internal-docs.d.ts.map +1 -1
  842. package/dist/lib/routes/internal-docs.js +13 -16
  843. package/dist/lib/routes/internal-docs.js.map +1 -1
  844. package/dist/lib/routes/invitations.d.ts +1 -1
  845. package/dist/lib/routes/invitations.d.ts.map +1 -1
  846. package/dist/lib/routes/invitations.js +19 -22
  847. package/dist/lib/routes/invitations.js.map +1 -1
  848. package/dist/lib/routes/link-reports.d.ts +2 -2
  849. package/dist/lib/routes/link-reports.d.ts.map +1 -1
  850. package/dist/lib/routes/link-reports.js +86 -48
  851. package/dist/lib/routes/link-reports.js.map +1 -1
  852. package/dist/lib/routes/map.d.ts +1 -1
  853. package/dist/lib/routes/map.d.ts.map +1 -1
  854. package/dist/lib/routes/map.js +5 -8
  855. package/dist/lib/routes/map.js.map +1 -1
  856. package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
  857. package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
  858. package/dist/lib/routes/media-metadata-visibility.js +30 -67
  859. package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
  860. package/dist/lib/routes/media.d.ts +1 -1
  861. package/dist/lib/routes/media.d.ts.map +1 -1
  862. package/dist/lib/routes/media.js +156 -193
  863. package/dist/lib/routes/media.js.map +1 -1
  864. package/dist/lib/routes/mfa.d.ts +1 -1
  865. package/dist/lib/routes/mfa.d.ts.map +1 -1
  866. package/dist/lib/routes/mfa.js +60 -64
  867. package/dist/lib/routes/mfa.js.map +1 -1
  868. package/dist/lib/routes/notifications.d.ts +1 -1
  869. package/dist/lib/routes/notifications.d.ts.map +1 -1
  870. package/dist/lib/routes/notifications.js +68 -72
  871. package/dist/lib/routes/notifications.js.map +1 -1
  872. package/dist/lib/routes/oauth.d.ts +1 -1
  873. package/dist/lib/routes/oauth.d.ts.map +1 -1
  874. package/dist/lib/routes/oauth.js +20 -23
  875. package/dist/lib/routes/oauth.js.map +1 -1
  876. package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
  877. package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
  878. package/dist/lib/routes/orphaned-media-health.js +10 -13
  879. package/dist/lib/routes/orphaned-media-health.js.map +1 -1
  880. package/dist/lib/routes/orphaned-media.d.ts +1 -1
  881. package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
  882. package/dist/lib/routes/orphaned-media.js +20 -57
  883. package/dist/lib/routes/orphaned-media.js.map +1 -1
  884. package/dist/lib/routes/out.d.ts +1 -1
  885. package/dist/lib/routes/out.d.ts.map +1 -1
  886. package/dist/lib/routes/out.js +21 -24
  887. package/dist/lib/routes/out.js.map +1 -1
  888. package/dist/lib/routes/parental-controls.d.ts +1 -1
  889. package/dist/lib/routes/parental-controls.d.ts.map +1 -1
  890. package/dist/lib/routes/parental-controls.js +91 -95
  891. package/dist/lib/routes/parental-controls.js.map +1 -1
  892. package/dist/lib/routes/posts.d.ts +1 -1
  893. package/dist/lib/routes/posts.d.ts.map +1 -1
  894. package/dist/lib/routes/posts.js +101 -105
  895. package/dist/lib/routes/posts.js.map +1 -1
  896. package/dist/lib/routes/privacy.d.ts +1 -1
  897. package/dist/lib/routes/privacy.d.ts.map +1 -1
  898. package/dist/lib/routes/privacy.js +21 -25
  899. package/dist/lib/routes/privacy.js.map +1 -1
  900. package/dist/lib/routes/products.d.ts +1 -1
  901. package/dist/lib/routes/products.d.ts.map +1 -1
  902. package/dist/lib/routes/products.js +44 -48
  903. package/dist/lib/routes/products.js.map +1 -1
  904. package/dist/lib/routes/relationships.d.ts +1 -1
  905. package/dist/lib/routes/relationships.d.ts.map +1 -1
  906. package/dist/lib/routes/relationships.js +35 -39
  907. package/dist/lib/routes/relationships.js.map +1 -1
  908. package/dist/lib/routes/sentiments.d.ts +1 -1
  909. package/dist/lib/routes/sentiments.d.ts.map +1 -1
  910. package/dist/lib/routes/sentiments.js +71 -75
  911. package/dist/lib/routes/sentiments.js.map +1 -1
  912. package/dist/lib/routes/setup-status.d.ts +1 -1
  913. package/dist/lib/routes/setup-status.d.ts.map +1 -1
  914. package/dist/lib/routes/setup-status.js +17 -20
  915. package/dist/lib/routes/setup-status.js.map +1 -1
  916. package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
  917. package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
  918. package/dist/lib/routes/taxonomy-analytics.js +29 -33
  919. package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
  920. package/dist/lib/routes/taxonomy.d.ts +1 -1
  921. package/dist/lib/routes/taxonomy.d.ts.map +1 -1
  922. package/dist/lib/routes/taxonomy.js +48 -51
  923. package/dist/lib/routes/taxonomy.js.map +1 -1
  924. package/dist/lib/routes/tenant-audit.d.ts +1 -1
  925. package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
  926. package/dist/lib/routes/tenant-audit.js +35 -92
  927. package/dist/lib/routes/tenant-audit.js.map +1 -1
  928. package/dist/lib/routes/tenant-compliance.d.ts +1 -1
  929. package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
  930. package/dist/lib/routes/tenant-compliance.js +16 -52
  931. package/dist/lib/routes/tenant-compliance.js.map +1 -1
  932. package/dist/lib/routes/tenant-domains.d.ts +1 -1
  933. package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
  934. package/dist/lib/routes/tenant-domains.js +27 -30
  935. package/dist/lib/routes/tenant-domains.js.map +1 -1
  936. package/dist/lib/routes/tenant-idp.d.ts +1 -1
  937. package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
  938. package/dist/lib/routes/tenant-idp.js +27 -30
  939. package/dist/lib/routes/tenant-idp.js.map +1 -1
  940. package/dist/lib/routes/tenant-members.d.ts +1 -1
  941. package/dist/lib/routes/tenant-members.d.ts.map +1 -1
  942. package/dist/lib/routes/tenant-members.js +21 -24
  943. package/dist/lib/routes/tenant-members.js.map +1 -1
  944. package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
  945. package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
  946. package/dist/lib/routes/tenant-role-mappings.js +27 -30
  947. package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
  948. package/dist/lib/routes/tenants.d.ts +1 -1
  949. package/dist/lib/routes/tenants.d.ts.map +1 -1
  950. package/dist/lib/routes/tenants.js +37 -40
  951. package/dist/lib/routes/tenants.js.map +1 -1
  952. package/dist/lib/routes/types.d.ts +10 -5
  953. package/dist/lib/routes/types.d.ts.map +1 -1
  954. package/dist/lib/routes/types.js +1 -2
  955. package/dist/lib/routes/types.js.map +1 -1
  956. package/dist/lib/routes/upload-sessions.d.ts +1 -1
  957. package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
  958. package/dist/lib/routes/upload-sessions.js +57 -94
  959. package/dist/lib/routes/upload-sessions.js.map +1 -1
  960. package/dist/lib/routes/user.d.ts +1 -1
  961. package/dist/lib/routes/user.d.ts.map +1 -1
  962. package/dist/lib/routes/user.js +137 -85
  963. package/dist/lib/routes/user.js.map +1 -1
  964. package/dist/lib/routes.d.ts +2 -2
  965. package/dist/lib/routes.d.ts.map +1 -1
  966. package/dist/lib/routes.js +2 -7
  967. package/dist/lib/routes.js.map +1 -1
  968. package/dist/lib/scaling-health.d.ts.map +1 -1
  969. package/dist/lib/scaling-health.js +6 -9
  970. package/dist/lib/scaling-health.js.map +1 -1
  971. package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
  972. package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
  973. package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
  974. package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
  975. package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
  976. package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
  977. package/dist/lib/schemas.d.ts +85 -204
  978. package/dist/lib/schemas.d.ts.map +1 -1
  979. package/dist/lib/schemas.js +71 -74
  980. package/dist/lib/schemas.js.map +1 -1
  981. package/dist/lib/secrets/idp-secrets.d.ts +1 -1
  982. package/dist/lib/secrets/idp-secrets.js +13 -19
  983. package/dist/lib/secrets/idp-secrets.js.map +1 -1
  984. package/dist/lib/security-event-cleaner.js +1 -5
  985. package/dist/lib/security-event-cleaner.js.map +1 -1
  986. package/dist/lib/security-headers.js +1 -5
  987. package/dist/lib/security-headers.js.map +1 -1
  988. package/dist/lib/security-monitor.d.ts +4 -2
  989. package/dist/lib/security-monitor.d.ts.map +1 -1
  990. package/dist/lib/security-monitor.js +16 -18
  991. package/dist/lib/security-monitor.js.map +1 -1
  992. package/dist/lib/sentiment-digest.d.ts +1 -1
  993. package/dist/lib/sentiment-digest.d.ts.map +1 -1
  994. package/dist/lib/sentiment-digest.js +5 -8
  995. package/dist/lib/sentiment-digest.js.map +1 -1
  996. package/dist/lib/sentiment-display.js +3 -7
  997. package/dist/lib/sentiment-display.js.map +1 -1
  998. package/dist/lib/services/image-normalizer.js +1 -5
  999. package/dist/lib/services/image-normalizer.js.map +1 -1
  1000. package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
  1001. package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
  1002. package/dist/lib/services/media-reconciliation-service.js +7 -11
  1003. package/dist/lib/services/media-reconciliation-service.js.map +1 -1
  1004. package/dist/lib/services/media-upload-service.d.ts +1 -1
  1005. package/dist/lib/services/media-upload-service.d.ts.map +1 -1
  1006. package/dist/lib/services/media-upload-service.js +4 -8
  1007. package/dist/lib/services/media-upload-service.js.map +1 -1
  1008. package/dist/lib/services/user-data-deletion.d.ts +45 -2
  1009. package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
  1010. package/dist/lib/services/user-data-deletion.js +87 -9
  1011. package/dist/lib/services/user-data-deletion.js.map +1 -1
  1012. package/dist/lib/session-awareness.js +2 -6
  1013. package/dist/lib/session-awareness.js.map +1 -1
  1014. package/dist/lib/session-config.js +8 -17
  1015. package/dist/lib/session-config.js.map +1 -1
  1016. package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
  1017. package/dist/lib/session-cookie.d.ts.map +1 -0
  1018. package/dist/lib/session-cookie.js +0 -0
  1019. package/dist/lib/session-cookie.js.map +1 -0
  1020. package/dist/lib/signup-metadata.d.ts +129 -0
  1021. package/dist/lib/signup-metadata.d.ts.map +1 -0
  1022. package/dist/lib/signup-metadata.js +127 -0
  1023. package/dist/lib/signup-metadata.js.map +1 -0
  1024. package/dist/lib/sso-auth-handler.js +1 -5
  1025. package/dist/lib/sso-auth-handler.js.map +1 -1
  1026. package/dist/lib/tag-suggestions-handler.d.ts +1 -1
  1027. package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
  1028. package/dist/lib/tag-suggestions-handler.js +1 -5
  1029. package/dist/lib/tag-suggestions-handler.js.map +1 -1
  1030. package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
  1031. package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
  1032. package/dist/lib/taxonomy-handler-factory.js +7 -10
  1033. package/dist/lib/taxonomy-handler-factory.js.map +1 -1
  1034. package/dist/lib/taxonomy-handler.d.ts +2 -2
  1035. package/dist/lib/taxonomy-handler.d.ts.map +1 -1
  1036. package/dist/lib/taxonomy-handler.js +8 -8
  1037. package/dist/lib/taxonomy-handler.js.map +1 -1
  1038. package/dist/lib/taxonomy-metrics.js +5 -9
  1039. package/dist/lib/taxonomy-metrics.js.map +1 -1
  1040. package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
  1041. package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
  1042. package/dist/lib/taxonomy-search-metrics.js +3 -7
  1043. package/dist/lib/taxonomy-search-metrics.js.map +1 -1
  1044. package/dist/lib/tenant/audit-emit.d.ts +18 -8
  1045. package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
  1046. package/dist/lib/tenant/audit-emit.js +50 -11
  1047. package/dist/lib/tenant/audit-emit.js.map +1 -1
  1048. package/dist/lib/tenant/derive-domain.js +1 -4
  1049. package/dist/lib/tenant/derive-domain.js.map +1 -1
  1050. package/dist/lib/tenant/domain-handler.d.ts +2 -2
  1051. package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
  1052. package/dist/lib/tenant/domain-handler.js +50 -62
  1053. package/dist/lib/tenant/domain-handler.js.map +1 -1
  1054. package/dist/lib/tenant/domain-validator.d.ts +1 -1
  1055. package/dist/lib/tenant/domain-validator.js +10 -13
  1056. package/dist/lib/tenant/domain-validator.js.map +1 -1
  1057. package/dist/lib/tenant/domain-verifier.d.ts +3 -3
  1058. package/dist/lib/tenant/domain-verifier.js +8 -11
  1059. package/dist/lib/tenant/domain-verifier.js.map +1 -1
  1060. package/dist/lib/tenant/idp-handler.d.ts +4 -4
  1061. package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
  1062. package/dist/lib/tenant/idp-handler.js +45 -82
  1063. package/dist/lib/tenant/idp-handler.js.map +1 -1
  1064. package/dist/lib/tenant/idp-name.js +1 -4
  1065. package/dist/lib/tenant/idp-name.js.map +1 -1
  1066. package/dist/lib/tenant/member-handler.d.ts +2 -2
  1067. package/dist/lib/tenant/member-handler.d.ts.map +1 -1
  1068. package/dist/lib/tenant/member-handler.js +30 -67
  1069. package/dist/lib/tenant/member-handler.js.map +1 -1
  1070. package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
  1071. package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
  1072. package/dist/lib/tenant/reserved-slugs.js +8 -14
  1073. package/dist/lib/tenant/reserved-slugs.js.map +1 -1
  1074. package/dist/lib/tenant/resolve-role.js +1 -4
  1075. package/dist/lib/tenant/resolve-role.js.map +1 -1
  1076. package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
  1077. package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
  1078. package/dist/lib/tenant/role-mapping-handler.js +24 -61
  1079. package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
  1080. package/dist/lib/tenant/setup-status.d.ts +1 -1
  1081. package/dist/lib/tenant/setup-status.d.ts.map +1 -1
  1082. package/dist/lib/tenant/setup-status.js +3 -40
  1083. package/dist/lib/tenant/setup-status.js.map +1 -1
  1084. package/dist/lib/tenant/slug-validator.js +3 -6
  1085. package/dist/lib/tenant/slug-validator.js.map +1 -1
  1086. package/dist/lib/tenant/tenant-handler.d.ts +2 -2
  1087. package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
  1088. package/dist/lib/tenant/tenant-handler.js +31 -68
  1089. package/dist/lib/tenant/tenant-handler.js.map +1 -1
  1090. package/dist/lib/tenant/transfer-ownership.js +2 -6
  1091. package/dist/lib/tenant/transfer-ownership.js.map +1 -1
  1092. package/dist/lib/tenant-scope.d.ts +97 -0
  1093. package/dist/lib/tenant-scope.d.ts.map +1 -0
  1094. package/dist/lib/tenant-scope.js +270 -0
  1095. package/dist/lib/tenant-scope.js.map +1 -0
  1096. package/dist/lib/terminology.d.ts.map +1 -1
  1097. package/dist/lib/terminology.js +7 -9
  1098. package/dist/lib/terminology.js.map +1 -1
  1099. package/dist/lib/theme.js +2 -6
  1100. package/dist/lib/theme.js.map +1 -1
  1101. package/dist/lib/threat-intel-service.d.ts +2 -2
  1102. package/dist/lib/threat-intel-service.d.ts.map +1 -1
  1103. package/dist/lib/threat-intel-service.js +3 -7
  1104. package/dist/lib/threat-intel-service.js.map +1 -1
  1105. package/dist/lib/types/media-reconciliation.js +1 -2
  1106. package/dist/lib/types/media-reconciliation.js.map +1 -1
  1107. package/dist/lib/upload-session-handler.d.ts +1 -1
  1108. package/dist/lib/upload-session-handler.d.ts.map +1 -1
  1109. package/dist/lib/upload-session-handler.js +13 -50
  1110. package/dist/lib/upload-session-handler.js.map +1 -1
  1111. package/dist/lib/user/derive-handle.d.ts +22 -0
  1112. package/dist/lib/user/derive-handle.d.ts.map +1 -1
  1113. package/dist/lib/user/derive-handle.js +18 -6
  1114. package/dist/lib/user/derive-handle.js.map +1 -1
  1115. package/dist/lib/user-badge.js +6 -14
  1116. package/dist/lib/user-badge.js.map +1 -1
  1117. package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
  1118. package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
  1119. package/dist/lib/user-deletion-handler-enhanced.js +16 -53
  1120. package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
  1121. package/dist/lib/user-deprovisioning.d.ts +1 -1
  1122. package/dist/lib/user-deprovisioning.d.ts.map +1 -1
  1123. package/dist/lib/user-deprovisioning.js +16 -20
  1124. package/dist/lib/user-deprovisioning.js.map +1 -1
  1125. package/dist/lib/user-export-handler.d.ts +4 -4
  1126. package/dist/lib/user-export-handler.d.ts.map +1 -1
  1127. package/dist/lib/user-export-handler.js +11 -15
  1128. package/dist/lib/user-export-handler.js.map +1 -1
  1129. package/dist/lib/validate-request.js +8 -13
  1130. package/dist/lib/validate-request.js.map +1 -1
  1131. package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
  1132. package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
  1133. package/dist/lib/validation/feature-toggle-schemas.js +50 -59
  1134. package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
  1135. package/dist/lib/validation/validate-request.d.ts.map +1 -1
  1136. package/dist/lib/validation/validate-request.js +12 -23
  1137. package/dist/lib/validation/validate-request.js.map +1 -1
  1138. package/dist/lib/validation.js +1 -5
  1139. package/dist/lib/validation.js.map +1 -1
  1140. package/dist/lib/version.js +3 -8
  1141. package/dist/lib/version.js.map +1 -1
  1142. package/dist/server.d.ts +1 -1
  1143. package/dist/server.d.ts.map +1 -1
  1144. package/dist/server.js +29 -69
  1145. package/dist/server.js.map +1 -1
  1146. package/dist/types/cloudflare-compat.d.ts +3 -93
  1147. package/dist/types/cloudflare-compat.d.ts.map +1 -1
  1148. package/dist/types/cloudflare-compat.js +1 -2
  1149. package/dist/types/cloudflare-compat.js.map +1 -1
  1150. package/dist/worker.d.ts +6 -6
  1151. package/dist/worker.d.ts.map +1 -1
  1152. package/dist/worker.js +6 -13
  1153. package/dist/worker.js.map +1 -1
  1154. package/package.json +28 -15
  1155. package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
  1156. package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
  1157. package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
  1158. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
  1159. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
  1160. package/prisma/migrations/20260606000000_handle_canonical_identity/migration.sql +18 -0
  1161. package/prisma/schema.prisma +426 -68
  1162. package/src/lambda/cleanup-cron.ts +10 -7
  1163. package/src/lambda/create-auth-challenge.ts +6 -3
  1164. package/src/lambda/delete-account-worker.ts +17 -12
  1165. package/src/lambda/diagnostics-proxy.ts +9 -6
  1166. package/src/lambda/e2e-sweeper.ts +17 -23
  1167. package/src/lambda/federation-outbox-worker.ts +4 -1
  1168. package/src/lambda/followers-events-worker.ts +4 -1
  1169. package/src/lambda/hourly-cron.ts +112 -20
  1170. package/src/lambda/link-check-worker.ts +4 -1
  1171. package/src/lambda/maintenance-cron.ts +24 -13
  1172. package/src/lambda/media-processing-worker.ts +5 -2
  1173. package/src/lambda/media-reconciliation-worker.ts +4 -1
  1174. package/src/lambda/nightly-cron.ts +53 -54
  1175. package/src/lambda/post-confirmation.ts +262 -76
  1176. package/src/lambda/pre-token-generation.ts +39 -44
  1177. package/src/lambda/verify-auth-challenge.ts +4 -1
  1178. package/dist/lib/audit/emit.d.ts +0 -56
  1179. package/dist/lib/audit/emit.d.ts.map +0 -1
  1180. package/dist/lib/audit/emit.js +0 -124
  1181. package/dist/lib/audit/emit.js.map +0 -1
  1182. package/dist/lib/audit/event-types.d.ts +0 -36
  1183. package/dist/lib/audit/event-types.d.ts.map +0 -1
  1184. package/dist/lib/audit/event-types.js +0 -69
  1185. package/dist/lib/audit/event-types.js.map +0 -1
  1186. package/dist/lib/audit-logger.d.ts +0 -142
  1187. package/dist/lib/audit-logger.d.ts.map +0 -1
  1188. package/dist/lib/audit-logger.js +0 -326
  1189. package/dist/lib/audit-logger.js.map +0 -1
  1190. package/dist/lib/circuit-breaker.d.ts +0 -27
  1191. package/dist/lib/circuit-breaker.d.ts.map +0 -1
  1192. package/dist/lib/circuit-breaker.js +0 -63
  1193. package/dist/lib/circuit-breaker.js.map +0 -1
  1194. package/dist/lib/graph/dual-write-service.d.ts +0 -116
  1195. package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
  1196. package/dist/lib/graph/dual-write-service.js +0 -332
  1197. package/dist/lib/graph/dual-write-service.js.map +0 -1
  1198. package/dist/lib/graph/dual-write.d.ts +0 -396
  1199. package/dist/lib/graph/dual-write.d.ts.map +0 -1
  1200. package/dist/lib/graph/dual-write.js +0 -53
  1201. package/dist/lib/graph/dual-write.js.map +0 -1
  1202. package/dist/lib/graph/graph-schema-init.d.ts +0 -31
  1203. package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
  1204. package/dist/lib/graph/graph-schema-init.js +0 -105
  1205. package/dist/lib/graph/graph-schema-init.js.map +0 -1
  1206. package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
  1207. package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
  1208. package/dist/lib/graph/neo4j-graph-service.js +0 -1625
  1209. package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
  1210. package/dist/lib/graph/reconciliation-service.d.ts +0 -113
  1211. package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
  1212. package/dist/lib/graph/reconciliation-service.js +0 -533
  1213. package/dist/lib/graph/reconciliation-service.js.map +0 -1
  1214. package/dist/lib/id-generator.d.ts +0 -29
  1215. package/dist/lib/id-generator.d.ts.map +0 -1
  1216. package/dist/lib/id-generator.js +0 -51
  1217. package/dist/lib/id-generator.js.map +0 -1
  1218. package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
  1219. package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
  1220. package/dist/lib/kv/dynamodb-kv.js +0 -239
  1221. package/dist/lib/kv/dynamodb-kv.js.map +0 -1
  1222. package/dist/lib/queue/sqs-queue.d.ts +0 -16
  1223. package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
  1224. package/dist/lib/queue/sqs-queue.js +0 -39
  1225. package/dist/lib/queue/sqs-queue.js.map +0 -1
  1226. package/dist/lib/route-matcher.d.ts +0 -24
  1227. package/dist/lib/route-matcher.d.ts.map +0 -1
  1228. package/dist/lib/route-matcher.js +0 -96
  1229. package/dist/lib/route-matcher.js.map +0 -1
  1230. package/dist/lib/router.d.ts +0 -26
  1231. package/dist/lib/router.d.ts.map +0 -1
  1232. package/dist/lib/router.js +0 -90
  1233. package/dist/lib/router.js.map +0 -1
  1234. package/dist/lib/routes-all.d.ts +0 -9
  1235. package/dist/lib/routes-all.d.ts.map +0 -1
  1236. package/dist/lib/routes-all.js +0 -170
  1237. package/dist/lib/routes-all.js.map +0 -1
  1238. package/dist/lib/secret-resolver.d.ts +0 -88
  1239. package/dist/lib/secret-resolver.d.ts.map +0 -1
  1240. package/dist/lib/secret-resolver.js +0 -183
  1241. package/dist/lib/secret-resolver.js.map +0 -1
  1242. package/dist/lib/session-manager.d.ts.map +0 -1
  1243. package/dist/lib/session-manager.js +0 -492
  1244. package/dist/lib/session-manager.js.map +0 -1
  1245. package/dist/lib/storage/s3-storage.d.ts +0 -29
  1246. package/dist/lib/storage/s3-storage.d.ts.map +0 -1
  1247. package/dist/lib/storage/s3-storage.js +0 -135
  1248. package/dist/lib/storage/s3-storage.js.map +0 -1
  1249. package/dist/lib/tenant-context.d.ts +0 -35
  1250. package/dist/lib/tenant-context.d.ts.map +0 -1
  1251. package/dist/lib/tenant-context.js +0 -54
  1252. package/dist/lib/tenant-context.js.map +0 -1
@@ -4,11 +4,10 @@ generator client {
4
4
  }
5
5
 
6
6
  datasource db {
7
- provider = "postgresql"
8
- url = env("DATABASE_URL")
9
- directUrl = env("DIRECT_DATABASE_URL")
10
- // Note: Prisma 7 will require moving url/directUrl to prisma.config.ts
11
- // This schema is correct for Prisma 5.x
7
+ provider = "postgresql"
8
+ // Prisma 7: url/directUrl moved out of the datasource block. The migration
9
+ // connection lives in apps/api/prisma.config.ts; the runtime connection is
10
+ // supplied via the PrismaPg driver adapter (lib/database-connection-manager.ts).
12
11
  }
13
12
 
14
13
  // Generic Entity model (replaces Dog model)
@@ -32,7 +31,7 @@ model Entity {
32
31
  lifeStageCalculatedAt DateTime? @map("life_stage_calculated_at")
33
32
 
34
33
  // ActivityPub federation fields
35
- actorUri String? @unique @map("actor_uri") // e.g. https://skybber.app/ap/entities/{id}
34
+ actorUri String? @unique @map("actor_uri") // e.g. https://example.com/ap/entities/{id}
36
35
  inboxUrl String? @map("inbox_url")
37
36
  outboxUrl String? @map("outbox_url")
38
37
  followersUrl String? @map("followers_url")
@@ -69,6 +68,9 @@ enum EntityStatus {
69
68
 
70
69
  model PostGeoIndex {
71
70
  postUri String @id @map("post_uri")
71
+ // Multi-tenancy — denormalized from the owning post; location data is
72
+ // sensitive, so geo rows carry their own tenant_id for direct RLS.
73
+ tenantId String @map("tenant_id")
72
74
  entityRef String? @map("entity_ref") // Generic entity reference
73
75
  geohash String
74
76
  lat Float
@@ -82,12 +84,37 @@ model PostGeoIndex {
82
84
  sensitivityLevel String @default("benign") @map("sensitivity_level")
83
85
  // Values: 'benign', 'sensitive', 'decoy'
84
86
 
87
+ tenant Tenant @relation(fields: [tenantId], references: [id], onDelete: Cascade)
88
+
89
+ @@index([tenantId])
85
90
  @@index([entityRef])
86
91
  @@index([geohash])
87
92
  @@index([sensitivityLevel]) // Index for sensitivity level queries
88
93
  @@map("post_geo_index")
89
94
  }
90
95
 
96
+ /// Entity geo-location for proximity discovery (C7). Neptune (the graph DB) has
97
+ /// no spatial type, so geo-proximity lives here and is queried with PostGIS
98
+ /// (ST_DWithin / KNN over a GiST index) via $queryRaw. Populated from the
99
+ /// dual-write (syncEntity). Location is sensitive → own tenant_id for direct RLS
100
+ /// (mirrors post_geo_index). See plans/redesign/entity-location-subsystem.md.
101
+ model EntityLocation {
102
+ entityId String @id @map("entity_id")
103
+ tenantId String @map("tenant_id")
104
+ // PostGIS geography(Point,4326). Prisma Client cannot filter/order on it —
105
+ // spatial reads/writes go through $queryRaw. The geography column type, GiST
106
+ // index, and RLS are added in the migration SQL (not derivable from Prisma).
107
+ location Unsupported("geography(Point, 4326)")
108
+ lat Float
109
+ lng Float
110
+ updatedAt DateTime @default(now()) @updatedAt @map("updated_at")
111
+
112
+ tenant Tenant @relation(fields: [tenantId], references: [id], onDelete: Cascade)
113
+
114
+ @@index([tenantId])
115
+ @@map("entity_location")
116
+ }
117
+
91
118
  model IngestState {
92
119
  id String @id @default(cuid())
93
120
  cursor String? @unique
@@ -104,9 +131,27 @@ enum UserRole {
104
131
  PARTNER_ADMIN
105
132
  INTERNAL
106
133
  CONTENT_CREATOR
134
+ MODERATOR // Surveillance-hardening Phase 0 (E5): moderation-queue access; routes are Phase 1
107
135
  SUPER_ADMIN
108
136
  }
109
137
 
138
+ // Surveillance-hardening Phase 0 (E2): how an account was created. Nullable on
139
+ // User — existing accounts predate capture and stay NULL (unknown), never
140
+ // backfilled. See doc/02-technical/surveillance-threat-model/03-signup-...
141
+ enum SignupMethod {
142
+ COGNITO
143
+ INVITE
144
+ MAGIC_LINK
145
+ }
146
+
147
+ // Surveillance-hardening Phase 0 (E3): discriminator for the generalized Report
148
+ // model. LINK reports exist today (folded in from LinkReport, P4); ACCOUNT
149
+ // reports are Phase 1 (just a new reportType, not a new subsystem).
150
+ enum ReportType {
151
+ LINK
152
+ ACCOUNT
153
+ }
154
+
110
155
  // Role metadata for UI display and documentation
111
156
  model RoleMetadata {
112
157
  role UserRole @id // Maps to enum value
@@ -128,8 +173,15 @@ model User {
128
173
  id String @id @default(cuid())
129
174
  email String @unique
130
175
  role UserRole @default(END_USER)
131
- actorUri String? @unique @map("actor_uri") // ActivityPub actor URI (e.g., "https://skybber.com/users/{username}")
132
- handle String? // ActivityPub handle (e.g., "@user@skybber.com")
176
+ actorUri String? @unique @map("actor_uri") // ActivityPub actor URI (e.g., "https://example.com/users/{handle}")
177
+ // Canonical, portable, AP-actor-shaped identifier (S-CP2). The bare local
178
+ // label (e.g. "alice"); the addressable handle is `@{handle}@{domain}` and
179
+ // the actor URI is `{baseUrl}/users/{handle}`. Derived + collision-checked at
180
+ // provisioning; non-null + globally unique so federation is additive, never a
181
+ // migration. (WebFinger/AP still resolve on `username` until the federation
182
+ // repoint — that change is code-only, no data migration, since `handle` is the
183
+ // stable key.)
184
+ handle String @unique
133
185
  createdAt DateTime @default(now()) @map("created_at")
134
186
 
135
187
  // Cognito Auth integration
@@ -179,6 +231,14 @@ model User {
179
231
  // FUTURE USE: Respect user preference when sending analytics events
180
232
  analyticsOptOut Boolean @default(false) @map("analytics_opt_out")
181
233
 
234
+ // Surveillance-hardening Phase 0 (E2): signup-metadata capture (P3 wires it).
235
+ // signupMethod records how the account was created; invitationId links the
236
+ // redeemed invitation. Client signals (IP/UA) go to SecurityEvent (retention-
237
+ // bound), NEVER as columns here — see 07-data-minimization.md. Both nullable:
238
+ // existing accounts stay NULL (unknown), no fabricated backfill.
239
+ signupMethod SignupMethod? @map("signup_method")
240
+ invitationId String? @map("invitation_id")
241
+
182
242
  // Verification Status (synced from Cognito)
183
243
  emailVerified Boolean @default(false) @map("email_verified")
184
244
  emailVerifiedAt DateTime? @map("email_verified_at")
@@ -194,19 +254,19 @@ model User {
194
254
  identityVerificationProvider String? @map("identity_verification_provider") // 'jumio', 'onfido', 'veriff', 'manual'
195
255
  showIdentityVerifiedBadge Boolean @default(true) @map("show_identity_verified_badge")
196
256
 
197
- // PREPARATORY CHANGE: Region tracking for China expansion
257
+ // PREPARATORY CHANGE: Region tracking for multi-region support
198
258
  // region: User's detected region (where they're located)
199
259
  // dataRegion: Where user's data is stored (for compliance)
200
- // FUTURE USE: When China expansion is implemented, dataRegion will be used
260
+ // FUTURE USE: When CN-region support is enabled, dataRegion will be used
201
261
  // to route data to the correct regional database
202
262
  region String @default("EU") @map("region") // User's region (US, EU, CN)
203
263
  dataRegion String? @map("data_region") // Where data is stored (for compliance)
204
264
 
205
- posts Post[]
206
- securityEvents SecurityEvent[]
207
- createdInvitations Invitation[] @relation("CreatedInvitations")
208
- usedInvitations Invitation[] @relation("UsedInvitations")
209
- crossRegionConsents CrossRegionConsent[]
265
+ posts Post[]
266
+ securityEvents SecurityEvent[]
267
+ createdInvitations Invitation[] @relation("CreatedInvitations")
268
+ usedInvitations Invitation[] @relation("UsedInvitations")
269
+ consents Consent[]
210
270
 
211
271
  // Circle configuration and read state
212
272
  circleConfig CircleConfig?
@@ -226,8 +286,14 @@ model User {
226
286
  createdAudiences CustomAudience[] @relation("AudienceCreator")
227
287
  audienceMemberships CustomAudienceMember[] @relation("AudienceMembers")
228
288
 
229
- // Link reports
230
- linkReports LinkReport[]
289
+ // Surveillance-hardening Phase 0: behavioral-event actor side (E1, P2) and
290
+ // generalized reports filed BY this user (E3, P4). Both cascade on delete.
291
+ interactionEvents InteractionEvent[] @relation("InteractionActor")
292
+ filedReports Report[] @relation("ReportReporter")
293
+
294
+ // Surveillance-hardening Phase 0 (E2): the invitation this user redeemed at
295
+ // signup, if any. Distinct from createdInvitations / usedInvitations.
296
+ signupInvitation Invitation? @relation("SignupInvitation", fields: [invitationId], references: [id])
231
297
 
232
298
  // ActivityPub protocol fields
233
299
  inboxUrl String? @map("inbox_url") // ActivityPub inbox endpoint
@@ -270,6 +336,14 @@ model User {
270
336
  dateOfBirth DateTime? @map("date_of_birth")
271
337
  ageTier AgeTier @default(ADULT) @map("age_tier")
272
338
 
339
+ // Fail-CLOSED age signal for research/cohort inclusion. Distinct from
340
+ // `ageTier` (which fails OPEN at ADULT — a deliberate, accepted product-side
341
+ // minor-safety choice, see PSEUDONYM.md / RESEARCH-AGE-SIGNAL note). Any
342
+ // future research or cohort query MUST gate on `ageVerified = true`. `ageTier`
343
+ // is NEVER an includability signal: an unverified user defaults to ADULT and
344
+ // would otherwise leak into adult cohorts.
345
+ ageVerified Boolean @default(false) @map("age_verified")
346
+
273
347
  // Parental links
274
348
  parentalLinks ParentalLink[] @relation("ChildParentalLinks")
275
349
  guardianLinks ParentalLink[] @relation("GuardianParentalLinks")
@@ -313,6 +387,7 @@ model User {
313
387
  @@index([anonymousId]) // Index for anonymous ID lookups
314
388
  @@index([cognitoSub]) // Index for Cognito sub lookups
315
389
  @@index([personalTenantId])
390
+ @@index([invitationId]) // Phase 0 (E2): invitation-chain traversal, Phase 2 detection only
316
391
  @@map("users")
317
392
  }
318
393
 
@@ -361,28 +436,70 @@ model UserEncryptionKey {
361
436
  @@map("user_encryption_keys")
362
437
  }
363
438
 
364
- // Cross-region access consent for GDPR compliance
365
- // Tracks user consent for accessing data from different regions
366
- model CrossRegionConsent {
367
- id String @id @default(cuid())
368
- userId String @map("user_id")
369
- dataRegion String @map("data_region") // Where data is stored (e.g., "EU")
370
- accessRegion String @map("access_region") // Region user is accessing from (e.g., "US")
371
- consented Boolean @default(false)
372
- consentedAt DateTime? @map("consented_at")
373
- withdrawnAt DateTime? @map("withdrawn_at")
374
- ipAddress String? @map("ip_address")
375
- userAgent String? @map("user_agent")
376
- createdAt DateTime @default(now()) @map("created_at")
377
- updatedAt DateTime @updatedAt @map("updated_at")
439
+ // Purpose discriminator for the unified Consent model.
440
+ // CROSS_REGION — GDPR cross-region data-access consent (sets
441
+ // dataRegion/accessRegion; studyId is NULL).
442
+ // RESEARCH_OBSERVATION — opt-in to observational research (no per-study
443
+ // intervention; studyId set).
444
+ // RESEARCH_PARTICIPATION opt-in to active study participation (studyId set).
445
+ enum ConsentPurpose {
446
+ CROSS_REGION
447
+ RESEARCH_OBSERVATION
448
+ RESEARCH_PARTICIPATION
449
+ }
450
+
451
+ // Purpose-tagged consent (generalised from the old CrossRegionConsent).
452
+ //
453
+ // CONSENT-HISTORY DESIGN — APPEND-ONLY (GDPR Art.7(1)/(3), IRB audit):
454
+ // Each grant or withdrawal is a NEW row. A grant/withdraw never mutates an
455
+ // earlier row, so the original `consentedAt` of every grant is preserved
456
+ // forever and the full lifecycle is reconstructable. The CURRENT state for a
457
+ // (user, purpose, key) is the single row with `active = true`; superseding a
458
+ // row sets `active = false` + `supersededAt = now()`. `withdrawnAt` records
459
+ // when consent was withdrawn ON the row that recorded it (a withdrawal row
460
+ // carries consented=false + withdrawnAt set and PRESERVES the grant's
461
+ // consentedAt if it descends from one — never null it).
462
+ //
463
+ // Uniqueness is therefore keyed on ACTIVE rows only:
464
+ // - research rows (studyId non-null): @@unique([userId, purpose, studyId]).
465
+ // NOTE Postgres treats NULLs as DISTINCT, so this composite does NOT
466
+ // constrain CROSS_REGION rows (studyId is NULL there) — by design.
467
+ // - CROSS_REGION rows: a RAW partial unique index in the migration:
468
+ // CREATE UNIQUE INDEX consent_cross_region_key
469
+ // ON consent (user_id, data_region, access_region)
470
+ // WHERE purpose = 'CROSS_REGION' AND active;
471
+ // This preserves the pre-existing @@unique([userId, dataRegion,
472
+ // accessRegion]) guarantee for the active cross-region row.
473
+ model Consent {
474
+ id String @id @default(cuid())
475
+ userId String @map("user_id")
476
+ purpose ConsentPurpose @default(CROSS_REGION)
477
+ // Research consents only. NULL for CROSS_REGION rows.
478
+ studyId String? @map("study_id")
479
+ // Cross-region consents only. NULL for research rows.
480
+ dataRegion String? @map("data_region") // Where data is stored (e.g., "EU")
481
+ accessRegion String? @map("access_region") // Region user is accessing from (e.g., "US")
482
+ consented Boolean @default(false)
483
+ consentedAt DateTime? @map("consented_at")
484
+ withdrawnAt DateTime? @map("withdrawn_at")
485
+ ipAddress String? @map("ip_address")
486
+ userAgent String? @map("user_agent")
487
+ // Append-only history discriminators.
488
+ active Boolean @default(true)
489
+ supersededAt DateTime? @map("superseded_at")
490
+ createdAt DateTime @default(now()) @map("created_at")
491
+ updatedAt DateTime @updatedAt @map("updated_at")
378
492
 
379
493
  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
380
494
 
381
- @@unique([userId, dataRegion, accessRegion])
495
+ // Research-row uniqueness (studyId non-null). Does NOT cover CROSS_REGION
496
+ // rows — those are constrained by the raw partial index in the migration.
497
+ @@unique([userId, purpose, studyId])
382
498
  @@index([userId])
383
499
  @@index([consented])
384
500
  @@index([dataRegion, accessRegion])
385
- @@map("cross_region_consent")
501
+ @@index([userId, purpose, active])
502
+ @@map("consent")
386
503
  }
387
504
 
388
505
  // Posting radius — how far content radiates on the author's social graph
@@ -430,15 +547,15 @@ model Post {
430
547
  taxonomyTags PostTaxonomyTag[]
431
548
  linkChecks LinkCheck[]
432
549
 
433
- // PREPARATORY CHANGE: Region tracking for China expansion
550
+ // PREPARATORY CHANGE: Region tracking for multi-region support
434
551
  // dataRegion: Where post data is stored (for compliance)
435
- // FUTURE USE: When China expansion is implemented, dataRegion will be used
552
+ // FUTURE USE: When CN-region support is enabled, dataRegion will be used
436
553
  // to route data to the correct regional database
437
554
  dataRegion String? @map("data_region") // Where post data is stored (for compliance)
438
555
 
439
556
  // ActivityPub fields (nullable for backward compatibility)
440
- activityId String? @unique @map("activity_id") // Activity URI (e.g., "https://skybber.com/posts/{id}/activity")
441
- objectId String? @unique @map("object_id") // Note object URI (e.g., "https://skybber.com/posts/{id}")
557
+ activityId String? @unique @map("activity_id") // Activity URI (e.g., "https://example.com/posts/{id}/activity")
558
+ objectId String? @unique @map("object_id") // Note object URI (e.g., "https://example.com/posts/{id}")
442
559
  to Json? // Audience targeting (array of URIs)
443
560
  cc Json? // Additional audience
444
561
  bto Json? // Blind recipients (for private posts)
@@ -574,16 +691,20 @@ model UploadSession {
574
691
 
575
692
  // Post media
576
693
  model PostMedia {
577
- id String @id @default(cuid())
578
- postId String @map("post_id")
579
- mediaId String @map("media_id")
580
- alt String?
581
- order Int @default(0)
582
-
583
- post Post @relation(fields: [postId], references: [id], onDelete: Cascade)
584
- media MediaFile @relation(fields: [mediaId], references: [id], onDelete: Restrict)
694
+ id String @id @default(cuid())
695
+ // Multi-tenancy — denormalized from the owning post; same scope.
696
+ tenantId String @map("tenant_id")
697
+ postId String @map("post_id")
698
+ mediaId String @map("media_id")
699
+ alt String?
700
+ order Int @default(0)
701
+
702
+ post Post @relation(fields: [postId], references: [id], onDelete: Cascade)
703
+ media MediaFile @relation(fields: [mediaId], references: [id], onDelete: Restrict)
704
+ tenant Tenant @relation(fields: [tenantId], references: [id], onDelete: Cascade)
585
705
 
586
706
  @@unique([postId, mediaId])
707
+ @@index([tenantId])
587
708
  @@index([postId])
588
709
  @@index([mediaId])
589
710
  @@map("post_media")
@@ -592,13 +713,16 @@ model PostMedia {
592
713
  // Post sentiment reactions
593
714
  model PostSentiment {
594
715
  id String @id @default(cuid())
716
+ // Multi-tenancy — denormalized from the owning post; same scope.
717
+ tenantId String @map("tenant_id")
595
718
  postId String @map("post_id")
596
719
  postUri String? @map("post_uri")
597
720
  authorId String @map("author_id")
598
721
  sentiment String
599
722
  createdAt DateTime @default(now()) @map("created_at")
600
723
 
601
- post Post @relation(fields: [postId], references: [id], onDelete: Cascade)
724
+ post Post @relation(fields: [postId], references: [id], onDelete: Cascade)
725
+ tenant Tenant @relation(fields: [tenantId], references: [id], onDelete: Cascade)
602
726
 
603
727
  @@unique([postId, authorId])
604
728
  @@unique([postUri, authorId])
@@ -609,6 +733,7 @@ model PostSentiment {
609
733
  @@index([postId, createdAt]) // For time-based sentiment queries
610
734
  @@index([postId, sentiment, createdAt(sort: Desc)], name: "idx_post_sentiment_summary") // For window function query (top 3 users per sentiment)
611
735
  @@index([postId, sentiment, createdAt(sort: Desc), id(sort: Desc)], name: "idx_post_sentiment_pagination") // For cursor-based pagination
736
+ @@index([tenantId])
612
737
  @@map("post_sentiments")
613
738
  }
614
739
 
@@ -747,11 +872,13 @@ model SecurityEvent {
747
872
  details String // JSON string
748
873
  timestamp DateTime @default(now())
749
874
 
750
- // PREPARATORY CHANGE: Retention tracking for future log retention policy
751
- // This field stores when the log entry should be automatically deleted
752
- // FUTURE USE: A scheduled cleanup job will delete events where retentionUntil < NOW()
753
- // Retention periods: critical=365 days, high=90 days, medium=30 days, low=7 days
754
- retentionUntil DateTime? @map("retention_until")
875
+ // Retention bound NON-NULLABLE (Surveillance-hardening Phase 0, P1). A NULL
876
+ // row escapes the hourly-cron pruning forever: exactly the unbounded client-
877
+ // metadata log the threat model forbids (07-data-minimization.md), and P3
878
+ // writes IP/UA `signup` rows into this table. The hourly cron deletes events
879
+ // where retention_until < NOW(). Retention by severity: critical=365d,
880
+ // high=90d, medium=30d, low=7d (see security-monitor.calculateRetentionUntil).
881
+ retentionUntil DateTime @map("retention_until")
755
882
 
756
883
  user User? @relation(fields: [userId], references: [id])
757
884
 
@@ -765,18 +892,68 @@ model SecurityEvent {
765
892
  @@map("security_events")
766
893
  }
767
894
 
768
- // Feature Toggle model for global feature flags
895
+ // AuditEvent model (phase 1.C.2)
896
+ //
897
+ // Backing store for `@de-otio/saas-foundation/audit` via
898
+ // `PostgresAuditStore` (the `auditEvent.create` shape). Column names
899
+ // and nullability mirror foundation's `PrismaAuditClient` contract
900
+ // EXACTLY — see foundation `src/audit/prisma.ts`. The frozen
901
+ // `AuditEvent` type owns this shape; changes require the frozen-type
902
+ // RFC process.
903
+ //
904
+ // Append-only posture: foundation's PostgresAuditStore performs INSERT
905
+ // only. A separate sweeper deletes rows where `retention_until < now()`.
906
+ // `id` is a foundation-minted ulid (NOT a Prisma cuid default).
907
+ model AuditEvent {
908
+ id String @id
909
+ timestamp DateTime
910
+ tenantId String? @map("tenant_id")
911
+ actorKind String @map("actor_kind")
912
+ actorId String @map("actor_id")
913
+ action String
914
+ resourceKind String? @map("resource_kind")
915
+ resourceId String? @map("resource_id")
916
+ outcome String
917
+ failureReason String? @map("failure_reason")
918
+ severity String
919
+ requestId String? @map("request_id")
920
+ traceId String? @map("trace_id")
921
+ ipAddress String? @map("ip_address")
922
+ userAgent String? @map("user_agent")
923
+ metadata Json?
924
+ retentionUntil DateTime @map("retention_until")
925
+
926
+ @@index([tenantId])
927
+ @@index([timestamp])
928
+ @@index([action])
929
+ @@index([retentionUntil]) // sweeper: DELETE WHERE retention_until < now()
930
+ @@map("audit_event")
931
+ }
932
+
933
+ // Feature Toggle model — global or per-tenant (Surveillance-hardening Phase 0,
934
+ // E4). tenantId NULL = global row; a non-NULL row overrides the global for that
935
+ // tenant. Resolution (tenant → global → coded default) is P5.
936
+ //
937
+ // Uniqueness: `@@unique([key, tenantId])` lets each tenant hold one row per key.
938
+ // Postgres treats NULLs as DISTINCT, so that constraint alone would permit
939
+ // DUPLICATE global rows for the same key — the migration adds a PARTIAL unique
940
+ // index `feature_toggles_key_global ON (key) WHERE tenant_id IS NULL` to forbid
941
+ // it. That partial index is NOT expressible in schema.prisma; it lives only in
942
+ // the migration SQL. Do not let a later `prisma migrate dev` treat it as drift.
769
943
  model FeatureToggle {
770
944
  id String @id @default(cuid())
771
- key String @unique // e.g., "global_public_posting_enabled"
945
+ key String // e.g., "global_public_posting_enabled"
772
946
  enabled Boolean @default(false)
773
947
  description String? // Human-readable description
948
+ tenantId String? @map("tenant_id") // NULL = global; non-NULL = per-tenant override
774
949
  changedBy String? @map("changed_by") // Email of user who last changed it
775
- lastChanged DateTime @default(now()) @updatedAt @map("last_changed")
950
+ changedAt DateTime @default(now()) @updatedAt @map("last_changed")
776
951
  createdAt DateTime @default(now()) @map("created_at")
777
952
 
953
+ @@unique([key, tenantId])
778
954
  @@index([key])
779
955
  @@index([enabled])
956
+ @@index([tenantId])
780
957
  @@map("feature_toggles")
781
958
  }
782
959
 
@@ -797,6 +974,9 @@ model Invitation {
797
974
  creator User? @relation("CreatedInvitations", fields: [createdBy], references: [id])
798
975
  user User? @relation("UsedInvitations", fields: [usedBy], references: [id])
799
976
 
977
+ // Phase 0 (E2): accounts that recorded this invitation as their signup origin.
978
+ signupUsers User[] @relation("SignupInvitation")
979
+
800
980
  @@index([code])
801
981
  @@index([createdBy])
802
982
  @@index([createdBy, createdAt]) // Composite index for efficient listing queries (filter by createdBy, order by createdAt)
@@ -930,15 +1110,23 @@ model EntityTaxonomyTag {
930
1110
  }
931
1111
 
932
1112
  // Junction table for product-taxonomy tag relationships
1113
+ // Tags a tenant's Shopify product (an external `productId` string — there is
1114
+ // no local `Product` table) with internal taxonomy taxa. This is tenant-owned
1115
+ // data, so it carries its own tenant_id for direct RLS. (Without it,
1116
+ // `findMany({ where: { productId } })` leaks tags across tenants that happen to
1117
+ // reference the same Shopify product id.)
933
1118
  model ProductTaxonomyTag {
934
1119
  id String @id @default(cuid())
1120
+ tenantId String @map("tenant_id")
935
1121
  productId String @map("product_id")
936
1122
  taxonId String @map("taxon_id")
937
1123
  createdAt DateTime @default(now()) @map("created_at")
938
1124
 
939
- taxon TaxonomyTaxon @relation(fields: [taxonId], references: [id], onDelete: Cascade)
1125
+ taxon TaxonomyTaxon @relation(fields: [taxonId], references: [id], onDelete: Cascade)
1126
+ tenant Tenant @relation(fields: [tenantId], references: [id], onDelete: Cascade)
940
1127
 
941
1128
  @@unique([productId, taxonId])
1129
+ @@index([tenantId])
942
1130
  @@index([productId])
943
1131
  @@index([taxonId])
944
1132
  @@map("product_taxonomy_tags")
@@ -1167,7 +1355,7 @@ model CustomAudience {
1167
1355
  id String @id @default(cuid())
1168
1356
  name String
1169
1357
  creatorId String @map("creator_id") // Creator's user ID
1170
- collectionId String @unique @map("collection_id") // Collection URI (e.g., "https://skybber.com/audiences/{id}")
1358
+ collectionId String @unique @map("collection_id") // Collection URI (e.g., "https://example.com/audiences/{id}")
1171
1359
  createdAt DateTime @default(now()) @map("created_at")
1172
1360
  updatedAt DateTime @updatedAt @map("updated_at")
1173
1361
 
@@ -1220,6 +1408,9 @@ model DomainReputation {
1220
1408
  // Link check results (for posts/comments)
1221
1409
  model LinkCheck {
1222
1410
  id String @id @default(cuid())
1411
+ // Multi-tenancy — denormalized from the owning post/comment (both are
1412
+ // tenant-scoped); required so geo/link rows are directly RLS-able.
1413
+ tenantId String @map("tenant_id")
1223
1414
  postId String? @map("post_id") // Nullable for comments
1224
1415
  commentId String? @map("comment_id") // Nullable for posts
1225
1416
  originalUrl String @map("original_url")
@@ -1236,7 +1427,9 @@ model LinkCheck {
1236
1427
  post Post? @relation(fields: [postId], references: [id], onDelete: Cascade)
1237
1428
  comment PostComment? @relation(fields: [commentId], references: [id], onDelete: Cascade)
1238
1429
  domainReputation DomainReputation @relation(fields: [domain], references: [domain])
1430
+ tenant Tenant @relation(fields: [tenantId], references: [id], onDelete: Cascade)
1239
1431
 
1432
+ @@index([tenantId])
1240
1433
  @@index([postId])
1241
1434
  @@index([commentId])
1242
1435
  @@index([domain])
@@ -1244,22 +1437,94 @@ model LinkCheck {
1244
1437
  @@map("link_checks")
1245
1438
  }
1246
1439
 
1247
- // Link reports from users
1248
- model LinkReport {
1249
- id String @id @default(cuid())
1250
- userId String @map("user_id")
1251
- linkUrl String @map("link_url")
1252
- domain String
1253
- reason String?
1254
- status String @default("pending") // pending, reviewed, resolved
1440
+ // LinkReport was folded into the generalized `Report` model (Surveillance-
1441
+ // hardening Phase 0, P4): reportType=LINK, resourceType="url", resourceId=url,
1442
+ // reporterUserId=userId, plus the indexed `domain` column. The link_reports
1443
+ // table is dropped in the P4 migration.
1444
+
1445
+ // ============================================================================
1446
+ // Surveillance-hardening Phase 0 (doc/02-technical/surveillance-threat-model/)
1447
+ // ============================================================================
1448
+
1449
+ // E1 — Append-only behavioral event log. Preserves the TEMPORAL signal that
1450
+ // `Relationship.signals` aggregate counters destroy, bounded to a rolling
1451
+ // retention window. P2 writes the rows (dual-write alongside aggregation);
1452
+ // Phase 0 ships ZERO read paths — any future read is restricted to the Phase 2
1453
+ // detection path + moderator surfaces (MODERATOR/SUPER_ADMIN, audited).
1454
+ //
1455
+ // Data-minimization invariants (security review blocks on these):
1456
+ // - NO free-text/content column — event type + references only. The table
1457
+ // must be useless as a content archive.
1458
+ // - `expiresAt` is NON-NULLABLE: no schema path to an unbounded behavioral
1459
+ // log. P2 sets it to createdAt + retentionDays (config).
1460
+ // - `targetId` has no FK (polymorphic; the target may be a deleted user) —
1461
+ // so cascade can't reach rows ABOUT a deleted user. P2 adds the explicit
1462
+ // deleteMany to user-data-deletion.ts (GDPR Art. 17).
1463
+ model InteractionEvent {
1464
+ id String @id @default(cuid())
1465
+ actorUserId String @map("actor_user_id")
1466
+
1467
+ // Polymorphic target, no FK (matches Relationship's convention). Vocabulary:
1468
+ // "user" | "entity" | "post" — the GraphNodeType strings P2 dual-writes from.
1469
+ targetType String @map("target_type")
1470
+ targetId String @map("target_id")
1471
+
1472
+ // Interaction vocabulary — exactly InteractionCounts in graph/postgres/
1473
+ // scoring.ts: view | react | comment | share | depth_mode | profile_visit |
1474
+ // content_creation. A string, not an enum, to track that vocabulary cheaply.
1475
+ interactionType String @map("interaction_type")
1476
+
1477
+ tenantId String? @map("tenant_id")
1255
1478
  createdAt DateTime @default(now()) @map("created_at")
1256
1479
 
1257
- user User @relation(fields: [userId], references: [id], onDelete: Cascade)
1480
+ // Retention bound NON-NULLABLE. Append-only: no updatedAt, no update path.
1481
+ expiresAt DateTime @map("expires_at")
1258
1482
 
1483
+ actor User @relation("InteractionActor", fields: [actorUserId], references: [id], onDelete: Cascade)
1484
+
1485
+ @@index([actorUserId, createdAt])
1486
+ @@index([targetType, targetId, createdAt])
1487
+ @@index([expiresAt]) // pruning: DELETE WHERE expires_at < now()
1488
+ @@map("interaction_events")
1489
+ }
1490
+
1491
+ // E3 — Generalized report model. Folds in LinkReport (P4) and makes Phase 1
1492
+ // account reporting "add a reportType", not a new subsystem. Queue fields
1493
+ // (assignee/resolution) exist now but are unused until Phase 1.
1494
+ //
1495
+ // Erasure:
1496
+ // - `reporterUserId` cascades (a deleted reporter's reports go with them —
1497
+ // matches the old LinkReport behavior).
1498
+ // - `resourceId` is an OPAQUE string, no FK: an ACCOUNT report's reported
1499
+ // user may be deleted. P4 pseudonymizes resourceId on erasure of the
1500
+ // reported user (aggregate pattern analysis survives; plaintext ID does
1501
+ // not — "pattern analysis" is not an Art. 17(3) exemption).
1502
+ // - `assigneeUserId` is a plain string (no FK): a deleted moderator must not
1503
+ // cascade-delete the reports they were assigned.
1504
+ model Report {
1505
+ id String @id @default(cuid())
1506
+ reportType ReportType @map("report_type")
1507
+ resourceType String @map("resource_type") // "url" (LINK) | "user" (ACCOUNT)
1508
+ resourceId String @map("resource_id") // opaque; no FK by design
1509
+ reporterUserId String @map("reporter_user_id")
1510
+ reason String? // free-text; P4 enforces a 1000-char Zod bound at the boundary
1511
+ status String @default("pending") // pending | reviewed | resolved
1512
+ // LINK-report registrable domain (P4 fold-in of LinkReport). Indexed +
1513
+ // queried hot by DomainReputationService (auto-block threshold counts by
1514
+ // domain). Nullable: ACCOUNT reports have no domain.
1515
+ domain String?
1516
+ assigneeUserId String? @map("assignee_user_id") // Phase 1 moderator queue
1517
+ resolvedAt DateTime? @map("resolved_at")
1518
+ resolution String? // Phase 1 moderator queue
1519
+ createdAt DateTime @default(now()) @map("created_at")
1520
+
1521
+ reporter User @relation("ReportReporter", fields: [reporterUserId], references: [id], onDelete: Cascade)
1522
+
1523
+ @@index([reportType, status])
1524
+ @@index([resourceType, resourceId])
1525
+ @@index([reporterUserId])
1259
1526
  @@index([domain])
1260
- @@index([status])
1261
- @@index([userId])
1262
- @@map("link_reports")
1527
+ @@map("reports")
1263
1528
  }
1264
1529
 
1265
1530
  // ============================================================================
@@ -1485,6 +1750,14 @@ model Tenant {
1485
1750
  connectionCodeRedemptions ConnectionCodeRedemption[]
1486
1751
  notifications Notification[]
1487
1752
 
1753
+ // Denormalized tenant_id on by-relation children (P1 — for direct RLS).
1754
+ postMedia PostMedia[]
1755
+ postSentiments PostSentiment[]
1756
+ linkChecks LinkCheck[]
1757
+ postGeoIndexes PostGeoIndex[]
1758
+ productTaxonomyTags ProductTaxonomyTag[]
1759
+ entityLocations EntityLocation[]
1760
+
1488
1761
  // Personal-tenant owner back-relation (uses @relation name to disambiguate)
1489
1762
  personalOwner User? @relation("PersonalTenantOwner", fields: [personalOwnerUserId], references: [id])
1490
1763
 
@@ -1656,3 +1929,88 @@ model TenantInvitation {
1656
1929
  @@index([expiresAt])
1657
1930
  @@map("tenant_invitations")
1658
1931
  }
1932
+
1933
+ // ============================================================================
1934
+ // Graph edges in Postgres (graph-db revisit 2026-06: see
1935
+ // plans/redesign/graph-backend-contract.md)
1936
+ //
1937
+ // These two tables hold the edges that previously lived only in the graph DB
1938
+ // (RELATES_TO and typed entity-to-entity edges). OWNS (entity_ownerships) and
1939
+ // ABOUT (post_subjects) already existed in Postgres. Modeled as standalone
1940
+ // tables (no Prisma @relation) so the migration is self-contained and
1941
+ // non-breaking; targetId is polymorphic (user|entity) so it cannot carry a
1942
+ // single FK. Cascade-on-delete is enforced in app code by the GraphService
1943
+ // remove* methods, exactly as the graph layer did. Read by the Postgres
1944
+ // GraphService adapter (apps/api/src/lib/graph/postgres/).
1945
+ // ============================================================================
1946
+
1947
+ // RELATES_TO — a scored relationship from a user to a target (user or entity).
1948
+ model Relationship {
1949
+ id String @id @default(cuid())
1950
+ tenantId String @map("tenant_id") // denormalized scope, like entity_ownerships
1951
+ userId String @map("user_id")
1952
+
1953
+ // Polymorphic target: "user" | "entity" (matches GraphNodeType). No FK.
1954
+ targetType String @map("target_type")
1955
+ targetId String @map("target_id")
1956
+
1957
+ computedScore Float @default(0) @map("computed_score")
1958
+ manualScore Float? @map("manual_score") // null = no override
1959
+ tier Int @default(3) // CircleTier 0..3
1960
+ interactionCount Int @default(0) @map("interaction_count")
1961
+ lastInteractionAt DateTime? @map("last_interaction_at")
1962
+ connectionMethod String @map("connection_method") // code|import|suggestion|discovery
1963
+ reciprocated Boolean @default(false)
1964
+ // Per-interaction-type signal breakdown used by scoring-engine.ts.
1965
+ // Shape finalized in Phase 1 (B5) against the scoring engine; JSON keeps the
1966
+ // migration stable while that lands.
1967
+ signals Json?
1968
+
1969
+ createdAt DateTime @default(now()) @map("created_at")
1970
+ updatedAt DateTime @updatedAt @map("updated_at")
1971
+
1972
+ @@unique([userId, targetType, targetId])
1973
+ @@index([userId]) // forward: a user's relationships
1974
+ @@index([targetType, targetId]) // reverse: who relates to X (FoF, recompute)
1975
+ @@index([targetId])
1976
+ @@index([userId, tier]) // circle-tier membership
1977
+ @@index([tenantId])
1978
+ @@map("relationships")
1979
+ }
1980
+
1981
+ // Typed, unscored entity-to-entity edge (PACK_MATE, SIBLING, …), confirmable.
1982
+ model EntityRelationship {
1983
+ id String @id @default(cuid())
1984
+ tenantId String @map("tenant_id")
1985
+
1986
+ entityId String @map("entity_id")
1987
+ relatedEntityId String @map("related_entity_id")
1988
+ type EntityRelationshipType
1989
+ status EntityRelationshipStatus @default(PENDING)
1990
+ proposedByUserId String @map("proposed_by_user_id")
1991
+
1992
+ since DateTime @default(now())
1993
+ createdAt DateTime @default(now()) @map("created_at")
1994
+ updatedAt DateTime @updatedAt @map("updated_at")
1995
+
1996
+ @@unique([entityId, relatedEntityId, type])
1997
+ @@index([entityId, type, status]) // discovery / list-by-entity
1998
+ @@index([relatedEntityId, type, status]) // reverse / pending-by-owner
1999
+ @@index([tenantId])
2000
+ @@map("entity_relationships")
2001
+ }
2002
+
2003
+ enum EntityRelationshipType {
2004
+ PACK_MATE
2005
+ SIBLING
2006
+ PLAYMATE
2007
+ PARENT
2008
+ OFFSPRING
2009
+ WALK_BUDDY
2010
+ }
2011
+
2012
+ enum EntityRelationshipStatus {
2013
+ PENDING
2014
+ CONFIRMED
2015
+ REJECTED
2016
+ }