@de-otio/trellis 0.7.1 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1252) hide show
  1. package/LICENSE +661 -0
  2. package/dist/db.js +10 -18
  3. package/dist/db.js.map +1 -1
  4. package/dist/env.d.ts +66 -6
  5. package/dist/env.d.ts.map +1 -1
  6. package/dist/env.js +89 -70
  7. package/dist/env.js.map +1 -1
  8. package/dist/extensions.js +3 -8
  9. package/dist/extensions.js.map +1 -1
  10. package/dist/index.d.ts +2 -2
  11. package/dist/index.d.ts.map +1 -1
  12. package/dist/index.js +2 -9
  13. package/dist/index.js.map +1 -1
  14. package/dist/lambda/cleanup-cron.d.ts.map +1 -1
  15. package/dist/lambda/cleanup-cron.js +20 -24
  16. package/dist/lambda/cleanup-cron.js.map +1 -1
  17. package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
  18. package/dist/lambda/create-auth-challenge.js +17 -19
  19. package/dist/lambda/create-auth-challenge.js.map +1 -1
  20. package/dist/lambda/custom-message.js +1 -5
  21. package/dist/lambda/custom-message.js.map +1 -1
  22. package/dist/lambda/define-auth-challenge.js +1 -5
  23. package/dist/lambda/define-auth-challenge.js.map +1 -1
  24. package/dist/lambda/delete-account-worker.d.ts.map +1 -1
  25. package/dist/lambda/delete-account-worker.js +25 -58
  26. package/dist/lambda/delete-account-worker.js.map +1 -1
  27. package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
  28. package/dist/lambda/diagnostics-proxy.js +14 -49
  29. package/dist/lambda/diagnostics-proxy.js.map +1 -1
  30. package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
  31. package/dist/lambda/e2e-sweeper.js +30 -38
  32. package/dist/lambda/e2e-sweeper.js.map +1 -1
  33. package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
  34. package/dist/lambda/federation-outbox-worker.js +4 -6
  35. package/dist/lambda/federation-outbox-worker.js.map +1 -1
  36. package/dist/lambda/followers-events-worker.d.ts.map +1 -1
  37. package/dist/lambda/followers-events-worker.js +4 -6
  38. package/dist/lambda/followers-events-worker.js.map +1 -1
  39. package/dist/lambda/hourly-cron.d.ts.map +1 -1
  40. package/dist/lambda/hourly-cron.js +100 -32
  41. package/dist/lambda/hourly-cron.js.map +1 -1
  42. package/dist/lambda/link-check-worker.d.ts.map +1 -1
  43. package/dist/lambda/link-check-worker.js +4 -6
  44. package/dist/lambda/link-check-worker.js.map +1 -1
  45. package/dist/lambda/maintenance-cron.d.ts.map +1 -1
  46. package/dist/lambda/maintenance-cron.js +30 -63
  47. package/dist/lambda/maintenance-cron.js.map +1 -1
  48. package/dist/lambda/media-processing-worker.d.ts.map +1 -1
  49. package/dist/lambda/media-processing-worker.js +11 -46
  50. package/dist/lambda/media-processing-worker.js.map +1 -1
  51. package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
  52. package/dist/lambda/media-reconciliation-worker.js +4 -6
  53. package/dist/lambda/media-reconciliation-worker.js.map +1 -1
  54. package/dist/lambda/nightly-cron.d.ts.map +1 -1
  55. package/dist/lambda/nightly-cron.js +67 -112
  56. package/dist/lambda/nightly-cron.js.map +1 -1
  57. package/dist/lambda/post-confirmation.d.ts.map +1 -1
  58. package/dist/lambda/post-confirmation.js +203 -47
  59. package/dist/lambda/post-confirmation.js.map +1 -1
  60. package/dist/lambda/pre-signup.js +7 -11
  61. package/dist/lambda/pre-signup.js.map +1 -1
  62. package/dist/lambda/pre-token-generation.d.ts.map +1 -1
  63. package/dist/lambda/pre-token-generation.js +27 -35
  64. package/dist/lambda/pre-token-generation.js.map +1 -1
  65. package/dist/lambda/tools/check-health.js +1 -5
  66. package/dist/lambda/tools/check-health.js.map +1 -1
  67. package/dist/lambda/tools/describe-services.js +4 -8
  68. package/dist/lambda/tools/describe-services.js.map +1 -1
  69. package/dist/lambda/tools/get-cost-report.js +4 -8
  70. package/dist/lambda/tools/get-cost-report.js.map +1 -1
  71. package/dist/lambda/tools/get-errors.js +5 -9
  72. package/dist/lambda/tools/get-errors.js.map +1 -1
  73. package/dist/lambda/tools/get-feature-flags.js +4 -8
  74. package/dist/lambda/tools/get-feature-flags.js.map +1 -1
  75. package/dist/lambda/tools/get-queue-status.js +5 -9
  76. package/dist/lambda/tools/get-queue-status.js.map +1 -1
  77. package/dist/lambda/tools/search-logs.js +5 -9
  78. package/dist/lambda/tools/search-logs.js.map +1 -1
  79. package/dist/lambda/tools/send-alert.js +4 -8
  80. package/dist/lambda/tools/send-alert.js.map +1 -1
  81. package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
  82. package/dist/lambda/verify-auth-challenge.js +10 -12
  83. package/dist/lambda/verify-auth-challenge.js.map +1 -1
  84. package/dist/lib/abuse-metrics.d.ts.map +1 -1
  85. package/dist/lib/abuse-metrics.js +10 -13
  86. package/dist/lib/abuse-metrics.js.map +1 -1
  87. package/dist/lib/activitypub/activity-processor.d.ts +1 -1
  88. package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
  89. package/dist/lib/activitypub/activity-processor.js +9 -43
  90. package/dist/lib/activitypub/activity-processor.js.map +1 -1
  91. package/dist/lib/activitypub/activity-service.js +1 -5
  92. package/dist/lib/activitypub/activity-service.js.map +1 -1
  93. package/dist/lib/activitypub/actor.d.ts +1 -1
  94. package/dist/lib/activitypub/actor.d.ts.map +1 -1
  95. package/dist/lib/activitypub/actor.js +1 -5
  96. package/dist/lib/activitypub/actor.js.map +1 -1
  97. package/dist/lib/activitypub/audience-service.d.ts +2 -2
  98. package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
  99. package/dist/lib/activitypub/audience-service.js +8 -12
  100. package/dist/lib/activitypub/audience-service.js.map +1 -1
  101. package/dist/lib/activitypub/crypto.d.ts +1 -1
  102. package/dist/lib/activitypub/crypto.d.ts.map +1 -1
  103. package/dist/lib/activitypub/crypto.js +3 -41
  104. package/dist/lib/activitypub/crypto.js.map +1 -1
  105. package/dist/lib/activitypub/delivery-service.d.ts +5 -5
  106. package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
  107. package/dist/lib/activitypub/delivery-service.js +10 -47
  108. package/dist/lib/activitypub/delivery-service.js.map +1 -1
  109. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
  110. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
  111. package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
  112. package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
  113. package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
  114. package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
  115. package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
  116. package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
  117. package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
  118. package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
  119. package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
  120. package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
  121. package/dist/lib/activitypub/dm-service.js +1 -5
  122. package/dist/lib/activitypub/dm-service.js.map +1 -1
  123. package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
  124. package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
  125. package/dist/lib/activitypub/entity-profile-service.js +6 -10
  126. package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
  127. package/dist/lib/activitypub/fedify/config.d.ts +3 -3
  128. package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
  129. package/dist/lib/activitypub/fedify/config.js +5 -8
  130. package/dist/lib/activitypub/fedify/config.js.map +1 -1
  131. package/dist/lib/activitypub/fedify/context.d.ts +1 -1
  132. package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
  133. package/dist/lib/activitypub/fedify/context.js +8 -12
  134. package/dist/lib/activitypub/fedify/context.js.map +1 -1
  135. package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
  136. package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
  137. package/dist/lib/activitypub/fedify/runtime.js +3 -6
  138. package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
  139. package/dist/lib/activitypub/friendship-service.js +1 -5
  140. package/dist/lib/activitypub/friendship-service.js.map +1 -1
  141. package/dist/lib/activitypub/group-service.d.ts +1 -1
  142. package/dist/lib/activitypub/group-service.d.ts.map +1 -1
  143. package/dist/lib/activitypub/group-service.js +9 -46
  144. package/dist/lib/activitypub/group-service.js.map +1 -1
  145. package/dist/lib/activitypub/http-signatures.js +8 -45
  146. package/dist/lib/activitypub/http-signatures.js.map +1 -1
  147. package/dist/lib/activitypub/jsonld.d.ts +1 -1
  148. package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
  149. package/dist/lib/activitypub/jsonld.js +1 -5
  150. package/dist/lib/activitypub/jsonld.js.map +1 -1
  151. package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
  152. package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
  153. package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
  154. package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
  155. package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
  156. package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
  157. package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
  158. package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
  159. package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
  160. package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
  161. package/dist/lib/activitypub/listeners/inbox.js +31 -35
  162. package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
  163. package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
  164. package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
  165. package/dist/lib/activitypub/listeners/outbox.js +17 -20
  166. package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
  167. package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
  168. package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
  169. package/dist/lib/activitypub/remote-fetch-service.js +6 -10
  170. package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
  171. package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
  172. package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
  173. package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
  174. package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
  175. package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
  176. package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
  177. package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
  178. package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
  179. package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
  180. package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
  181. package/dist/lib/activitypub/services/fedify-converters.js +3 -8
  182. package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
  183. package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
  184. package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
  185. package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
  186. package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
  187. package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
  188. package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
  189. package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
  190. package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
  191. package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
  192. package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
  193. package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
  194. package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
  195. package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
  196. package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
  197. package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
  198. package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
  199. package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
  200. package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
  201. package/dist/lib/activitypub/standalone-mode.js +13 -50
  202. package/dist/lib/activitypub/standalone-mode.js.map +1 -1
  203. package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
  204. package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
  205. package/dist/lib/activitypub/webfinger/server.js +18 -54
  206. package/dist/lib/activitypub/webfinger/server.js.map +1 -1
  207. package/dist/lib/age-gate-middleware.d.ts +4 -4
  208. package/dist/lib/age-gate-middleware.d.ts.map +1 -1
  209. package/dist/lib/age-gate-middleware.js +3 -6
  210. package/dist/lib/age-gate-middleware.js.map +1 -1
  211. package/dist/lib/age-gate.js +3 -8
  212. package/dist/lib/age-gate.js.map +1 -1
  213. package/dist/lib/age-tier-transition.d.ts +1 -1
  214. package/dist/lib/age-tier-transition.d.ts.map +1 -1
  215. package/dist/lib/age-tier-transition.js +7 -44
  216. package/dist/lib/age-tier-transition.js.map +1 -1
  217. package/dist/lib/app.d.ts +76 -0
  218. package/dist/lib/app.d.ts.map +1 -0
  219. package/dist/lib/app.js +400 -0
  220. package/dist/lib/app.js.map +1 -0
  221. package/dist/lib/audit/csv-export.js +6 -13
  222. package/dist/lib/audit/csv-export.js.map +1 -1
  223. package/dist/lib/audit/pii-filter.d.ts +9 -0
  224. package/dist/lib/audit/pii-filter.d.ts.map +1 -1
  225. package/dist/lib/audit/pii-filter.js +57 -7
  226. package/dist/lib/audit/pii-filter.js.map +1 -1
  227. package/dist/lib/audit-actions.d.ts +94 -0
  228. package/dist/lib/audit-actions.d.ts.map +1 -0
  229. package/dist/lib/audit-actions.js +107 -0
  230. package/dist/lib/audit-actions.js.map +1 -0
  231. package/dist/lib/audit-composer.d.ts +174 -0
  232. package/dist/lib/audit-composer.d.ts.map +1 -0
  233. package/dist/lib/audit-composer.js +421 -0
  234. package/dist/lib/audit-composer.js.map +1 -0
  235. package/dist/lib/auth/auth-context.d.ts +1 -1
  236. package/dist/lib/auth/auth-context.js +1 -2
  237. package/dist/lib/auth/auth-context.js.map +1 -1
  238. package/dist/lib/auth/auth-middleware.d.ts +16 -2
  239. package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
  240. package/dist/lib/auth/auth-middleware.js +36 -45
  241. package/dist/lib/auth/auth-middleware.js.map +1 -1
  242. package/dist/lib/auth/capabilities.js +2 -5
  243. package/dist/lib/auth/capabilities.js.map +1 -1
  244. package/dist/lib/auth/claims-cache.d.ts +2 -2
  245. package/dist/lib/auth/claims-cache.js +19 -24
  246. package/dist/lib/auth/claims-cache.js.map +1 -1
  247. package/dist/lib/auth/cognito-jwt.d.ts +20 -2
  248. package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
  249. package/dist/lib/auth/cognito-jwt.js +83 -23
  250. package/dist/lib/auth/cognito-jwt.js.map +1 -1
  251. package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
  252. package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
  253. package/dist/lib/auth/idp-redirect-builder.js +4 -10
  254. package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
  255. package/dist/lib/auth/require.d.ts +4 -4
  256. package/dist/lib/auth/require.d.ts.map +1 -1
  257. package/dist/lib/auth/require.js +11 -18
  258. package/dist/lib/auth/require.js.map +1 -1
  259. package/dist/lib/auth/role-grants.d.ts +1 -1
  260. package/dist/lib/auth/role-grants.d.ts.map +1 -1
  261. package/dist/lib/auth/role-grants.js +28 -31
  262. package/dist/lib/auth/role-grants.js.map +1 -1
  263. package/dist/lib/auth-context-manager.js +1 -5
  264. package/dist/lib/auth-context-manager.js.map +1 -1
  265. package/dist/lib/auth-handler.d.ts +5 -5
  266. package/dist/lib/auth-handler.d.ts.map +1 -1
  267. package/dist/lib/auth-handler.js +5 -9
  268. package/dist/lib/auth-handler.js.map +1 -1
  269. package/dist/lib/badge-handler.d.ts +1 -1
  270. package/dist/lib/badge-handler.d.ts.map +1 -1
  271. package/dist/lib/badge-handler.js +14 -52
  272. package/dist/lib/badge-handler.js.map +1 -1
  273. package/dist/lib/circle-handler.d.ts +10 -10
  274. package/dist/lib/circle-handler.d.ts.map +1 -1
  275. package/dist/lib/circle-handler.js +10 -47
  276. package/dist/lib/circle-handler.js.map +1 -1
  277. package/dist/lib/cognito/idp-sdk.js +11 -18
  278. package/dist/lib/cognito/idp-sdk.js.map +1 -1
  279. package/dist/lib/cognito/issuer-probe.js +9 -14
  280. package/dist/lib/cognito/issuer-probe.js.map +1 -1
  281. package/dist/lib/comment-handler.d.ts +10 -10
  282. package/dist/lib/comment-handler.d.ts.map +1 -1
  283. package/dist/lib/comment-handler.js +61 -97
  284. package/dist/lib/comment-handler.js.map +1 -1
  285. package/dist/lib/compliance/baseline.d.ts +2 -2
  286. package/dist/lib/compliance/baseline.d.ts.map +1 -1
  287. package/dist/lib/compliance/baseline.js +15 -18
  288. package/dist/lib/compliance/baseline.js.map +1 -1
  289. package/dist/lib/compliance/tenant-merge.d.ts +1 -1
  290. package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
  291. package/dist/lib/compliance/tenant-merge.js +1 -4
  292. package/dist/lib/compliance/tenant-merge.js.map +1 -1
  293. package/dist/lib/compliance/types.d.ts +1 -1
  294. package/dist/lib/compliance/types.js +2 -3
  295. package/dist/lib/compliance/types.js.map +1 -1
  296. package/dist/lib/connection-code-handler.d.ts +7 -7
  297. package/dist/lib/connection-code-handler.d.ts.map +1 -1
  298. package/dist/lib/connection-code-handler.js +13 -50
  299. package/dist/lib/connection-code-handler.js.map +1 -1
  300. package/dist/lib/content-discovery.d.ts +1 -1
  301. package/dist/lib/content-discovery.d.ts.map +1 -1
  302. package/dist/lib/content-discovery.js +15 -52
  303. package/dist/lib/content-discovery.js.map +1 -1
  304. package/dist/lib/context-aware-data-access.d.ts +1 -1
  305. package/dist/lib/context-aware-data-access.d.ts.map +1 -1
  306. package/dist/lib/context-aware-data-access.js +1 -5
  307. package/dist/lib/context-aware-data-access.js.map +1 -1
  308. package/dist/lib/cors-handler.d.ts +1 -1
  309. package/dist/lib/cors-handler.d.ts.map +1 -1
  310. package/dist/lib/cors-handler.js +13 -17
  311. package/dist/lib/cors-handler.js.map +1 -1
  312. package/dist/lib/cost-accumulator.d.ts.map +1 -1
  313. package/dist/lib/cost-accumulator.js +7 -11
  314. package/dist/lib/cost-accumulator.js.map +1 -1
  315. package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
  316. package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
  317. package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
  318. package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
  319. package/dist/lib/crypto/voting/hash-utils.js +6 -12
  320. package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
  321. package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
  322. package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
  323. package/dist/lib/crypto/voting/index.js +4 -14
  324. package/dist/lib/crypto/voting/index.js.map +1 -1
  325. package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
  326. package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
  327. package/dist/lib/csrf.d.ts +2 -2
  328. package/dist/lib/csrf.d.ts.map +1 -1
  329. package/dist/lib/csrf.js +1 -5
  330. package/dist/lib/csrf.js.map +1 -1
  331. package/dist/lib/data-router.d.ts +5 -4
  332. package/dist/lib/data-router.d.ts.map +1 -1
  333. package/dist/lib/data-router.js +67 -90
  334. package/dist/lib/data-router.js.map +1 -1
  335. package/dist/lib/database-circuit-breaker.d.ts +61 -34
  336. package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
  337. package/dist/lib/database-circuit-breaker.js +102 -109
  338. package/dist/lib/database-circuit-breaker.js.map +1 -1
  339. package/dist/lib/database-config.js +1 -4
  340. package/dist/lib/database-config.js.map +1 -1
  341. package/dist/lib/database-connection-manager.d.ts +42 -2
  342. package/dist/lib/database-connection-manager.d.ts.map +1 -1
  343. package/dist/lib/database-connection-manager.js +178 -74
  344. package/dist/lib/database-connection-manager.js.map +1 -1
  345. package/dist/lib/database-monitor.d.ts +1 -1
  346. package/dist/lib/database-monitor.d.ts.map +1 -1
  347. package/dist/lib/database-monitor.js +5 -9
  348. package/dist/lib/database-monitor.js.map +1 -1
  349. package/dist/lib/database-rate-limiter.d.ts +1 -1
  350. package/dist/lib/database-rate-limiter.d.ts.map +1 -1
  351. package/dist/lib/database-rate-limiter.js +3 -7
  352. package/dist/lib/database-rate-limiter.js.map +1 -1
  353. package/dist/lib/database-wrapper-helper.d.ts +2 -2
  354. package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
  355. package/dist/lib/database-wrapper-helper.js +7 -11
  356. package/dist/lib/database-wrapper-helper.js.map +1 -1
  357. package/dist/lib/database-wrapper.d.ts +1 -1
  358. package/dist/lib/database-wrapper.d.ts.map +1 -1
  359. package/dist/lib/database-wrapper.js +5 -9
  360. package/dist/lib/database-wrapper.js.map +1 -1
  361. package/dist/lib/db-query-helper.d.ts +3 -3
  362. package/dist/lib/db-query-helper.d.ts.map +1 -1
  363. package/dist/lib/db-query-helper.js +4 -9
  364. package/dist/lib/db-query-helper.js.map +1 -1
  365. package/dist/lib/discovery-exposure.d.ts +42 -0
  366. package/dist/lib/discovery-exposure.d.ts.map +1 -0
  367. package/dist/lib/discovery-exposure.js +89 -0
  368. package/dist/lib/discovery-exposure.js.map +1 -0
  369. package/dist/lib/discovery-handler.d.ts +6 -6
  370. package/dist/lib/discovery-handler.d.ts.map +1 -1
  371. package/dist/lib/discovery-handler.js +10 -43
  372. package/dist/lib/discovery-handler.js.map +1 -1
  373. package/dist/lib/domain-reputation-service.d.ts +1 -1
  374. package/dist/lib/domain-reputation-service.d.ts.map +1 -1
  375. package/dist/lib/domain-reputation-service.js +12 -15
  376. package/dist/lib/domain-reputation-service.js.map +1 -1
  377. package/dist/lib/email-privacy.js +4 -8
  378. package/dist/lib/email-privacy.js.map +1 -1
  379. package/dist/lib/email-provider.d.ts +2 -2
  380. package/dist/lib/email-provider.d.ts.map +1 -1
  381. package/dist/lib/email-provider.js +8 -16
  382. package/dist/lib/email-provider.js.map +1 -1
  383. package/dist/lib/entity-handler.d.ts +5 -6
  384. package/dist/lib/entity-handler.d.ts.map +1 -1
  385. package/dist/lib/entity-handler.js +52 -81
  386. package/dist/lib/entity-handler.js.map +1 -1
  387. package/dist/lib/entity-relationship-handler.d.ts +9 -9
  388. package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
  389. package/dist/lib/entity-relationship-handler.js +14 -51
  390. package/dist/lib/entity-relationship-handler.js.map +1 -1
  391. package/dist/lib/entity-tagging-errors.js +4 -11
  392. package/dist/lib/entity-tagging-errors.js.map +1 -1
  393. package/dist/lib/entity-tagging-validator.d.ts +3 -3
  394. package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
  395. package/dist/lib/entity-tagging-validator.js +6 -11
  396. package/dist/lib/entity-tagging-validator.js.map +1 -1
  397. package/dist/lib/exif-stripper.js +1 -4
  398. package/dist/lib/exif-stripper.js.map +1 -1
  399. package/dist/lib/extension-context.d.ts +2 -2
  400. package/dist/lib/extension-context.d.ts.map +1 -1
  401. package/dist/lib/extension-context.js +1 -4
  402. package/dist/lib/extension-context.js.map +1 -1
  403. package/dist/lib/extension-route-wrapper.d.ts +1 -1
  404. package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
  405. package/dist/lib/extension-route-wrapper.js +17 -55
  406. package/dist/lib/extension-route-wrapper.js.map +1 -1
  407. package/dist/lib/extension-validator.js +3 -6
  408. package/dist/lib/extension-validator.js.map +1 -1
  409. package/dist/lib/feature-flags.d.ts +5 -2
  410. package/dist/lib/feature-flags.d.ts.map +1 -1
  411. package/dist/lib/feature-flags.js +15 -48
  412. package/dist/lib/feature-flags.js.map +1 -1
  413. package/dist/lib/feature-toggle-global-client.d.ts +6 -0
  414. package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
  415. package/dist/lib/feature-toggle-global-client.js +73 -0
  416. package/dist/lib/feature-toggle-global-client.js.map +1 -0
  417. package/dist/lib/feature-toggle-service.d.ts +137 -27
  418. package/dist/lib/feature-toggle-service.d.ts.map +1 -1
  419. package/dist/lib/feature-toggle-service.js +302 -119
  420. package/dist/lib/feature-toggle-service.js.map +1 -1
  421. package/dist/lib/feed-handler.d.ts +8 -8
  422. package/dist/lib/feed-handler.d.ts.map +1 -1
  423. package/dist/lib/feed-handler.js +33 -62
  424. package/dist/lib/feed-handler.js.map +1 -1
  425. package/dist/lib/feed-pagination.d.ts +26 -0
  426. package/dist/lib/feed-pagination.d.ts.map +1 -1
  427. package/dist/lib/feed-pagination.js +31 -11
  428. package/dist/lib/feed-pagination.js.map +1 -1
  429. package/dist/lib/feed-personalization.d.ts +1 -1
  430. package/dist/lib/feed-personalization.d.ts.map +1 -1
  431. package/dist/lib/feed-personalization.js +6 -43
  432. package/dist/lib/feed-personalization.js.map +1 -1
  433. package/dist/lib/followers-events.js +8 -13
  434. package/dist/lib/followers-events.js.map +1 -1
  435. package/dist/lib/friends-handler.d.ts +2 -2
  436. package/dist/lib/friends-handler.d.ts.map +1 -1
  437. package/dist/lib/friends-handler.js +9 -46
  438. package/dist/lib/friends-handler.js.map +1 -1
  439. package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
  440. package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
  441. package/dist/lib/geo/entity-geo-repository.js +91 -0
  442. package/dist/lib/geo/entity-geo-repository.js.map +1 -0
  443. package/dist/lib/graph/errors.d.ts.map +1 -1
  444. package/dist/lib/graph/errors.js +13 -18
  445. package/dist/lib/graph/errors.js.map +1 -1
  446. package/dist/lib/graph/graph-factory.d.ts +12 -53
  447. package/dist/lib/graph/graph-factory.d.ts.map +1 -1
  448. package/dist/lib/graph/graph-factory.js +67 -162
  449. package/dist/lib/graph/graph-factory.js.map +1 -1
  450. package/dist/lib/graph/graph-service.d.ts +1 -1
  451. package/dist/lib/graph/graph-service.d.ts.map +1 -1
  452. package/dist/lib/graph/graph-service.js +1 -2
  453. package/dist/lib/graph/graph-service.js.map +1 -1
  454. package/dist/lib/graph/index.d.ts +10 -14
  455. package/dist/lib/graph/index.d.ts.map +1 -1
  456. package/dist/lib/graph/index.js +12 -46
  457. package/dist/lib/graph/index.js.map +1 -1
  458. package/dist/lib/graph/postgres/_shared.d.ts +18 -0
  459. package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
  460. package/dist/lib/graph/postgres/_shared.js +24 -0
  461. package/dist/lib/graph/postgres/_shared.js.map +1 -0
  462. package/dist/lib/graph/postgres/circles.d.ts +66 -0
  463. package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
  464. package/dist/lib/graph/postgres/circles.js +513 -0
  465. package/dist/lib/graph/postgres/circles.js.map +1 -0
  466. package/dist/lib/graph/postgres/discovery.d.ts +165 -0
  467. package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
  468. package/dist/lib/graph/postgres/discovery.js +579 -0
  469. package/dist/lib/graph/postgres/discovery.js.map +1 -0
  470. package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
  471. package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
  472. package/dist/lib/graph/postgres/entity-relationships.js +304 -0
  473. package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
  474. package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
  475. package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
  476. package/dist/lib/graph/postgres/interaction-events.js +162 -0
  477. package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
  478. package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
  479. package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
  480. package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
  481. package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
  482. package/dist/lib/graph/postgres/relationships.d.ts +58 -0
  483. package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
  484. package/dist/lib/graph/postgres/relationships.js +314 -0
  485. package/dist/lib/graph/postgres/relationships.js.map +1 -0
  486. package/dist/lib/graph/postgres/scoring.d.ts +74 -0
  487. package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
  488. package/dist/lib/graph/postgres/scoring.js +297 -0
  489. package/dist/lib/graph/postgres/scoring.js.map +1 -0
  490. package/dist/lib/graph/postgres/sync.d.ts +149 -0
  491. package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
  492. package/dist/lib/graph/postgres/sync.js +269 -0
  493. package/dist/lib/graph/postgres/sync.js.map +1 -0
  494. package/dist/lib/graph/scoring-engine.d.ts +7 -1
  495. package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
  496. package/dist/lib/graph/scoring-engine.js +29 -35
  497. package/dist/lib/graph/scoring-engine.js.map +1 -1
  498. package/dist/lib/graph/types.d.ts +18 -1
  499. package/dist/lib/graph/types.d.ts.map +1 -1
  500. package/dist/lib/graph/types.js +1 -2
  501. package/dist/lib/graph/types.js.map +1 -1
  502. package/dist/lib/hook-dispatcher.d.ts +1 -1
  503. package/dist/lib/hook-dispatcher.d.ts.map +1 -1
  504. package/dist/lib/hook-dispatcher.js +8 -12
  505. package/dist/lib/hook-dispatcher.js.map +1 -1
  506. package/dist/lib/input-sanitizer.js +1 -5
  507. package/dist/lib/input-sanitizer.js.map +1 -1
  508. package/dist/lib/internal-docs-handler.d.ts +2 -2
  509. package/dist/lib/internal-docs-handler.d.ts.map +1 -1
  510. package/dist/lib/internal-docs-handler.js +20 -28
  511. package/dist/lib/internal-docs-handler.js.map +1 -1
  512. package/dist/lib/internal-docs-navigation.js +2 -6
  513. package/dist/lib/internal-docs-navigation.js.map +1 -1
  514. package/dist/lib/invitation-handler.d.ts +2 -2
  515. package/dist/lib/invitation-handler.d.ts.map +1 -1
  516. package/dist/lib/invitation-handler.js +41 -82
  517. package/dist/lib/invitation-handler.js.map +1 -1
  518. package/dist/lib/ip-scrubber.js +3 -8
  519. package/dist/lib/ip-scrubber.js.map +1 -1
  520. package/dist/lib/link-security-handler.d.ts +3 -2
  521. package/dist/lib/link-security-handler.d.ts.map +1 -1
  522. package/dist/lib/link-security-handler.js +8 -44
  523. package/dist/lib/link-security-handler.js.map +1 -1
  524. package/dist/lib/logger.d.ts +31 -82
  525. package/dist/lib/logger.d.ts.map +1 -1
  526. package/dist/lib/logger.js +43 -185
  527. package/dist/lib/logger.js.map +1 -1
  528. package/dist/lib/media-cleanup-handler.d.ts +2 -2
  529. package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
  530. package/dist/lib/media-cleanup-handler.js +7 -11
  531. package/dist/lib/media-cleanup-handler.js.map +1 -1
  532. package/dist/lib/media-handler.d.ts +1 -1
  533. package/dist/lib/media-handler.d.ts.map +1 -1
  534. package/dist/lib/media-handler.js +36 -73
  535. package/dist/lib/media-handler.js.map +1 -1
  536. package/dist/lib/media-metadata-extractor.d.ts +1 -1
  537. package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
  538. package/dist/lib/media-metadata-extractor.js +3 -7
  539. package/dist/lib/media-metadata-extractor.js.map +1 -1
  540. package/dist/lib/media-metrics.d.ts +2 -2
  541. package/dist/lib/media-metrics.d.ts.map +1 -1
  542. package/dist/lib/media-metrics.js +3 -7
  543. package/dist/lib/media-metrics.js.map +1 -1
  544. package/dist/lib/metadata/index.d.ts +5 -5
  545. package/dist/lib/metadata/index.d.ts.map +1 -1
  546. package/dist/lib/metadata/index.js +5 -21
  547. package/dist/lib/metadata/index.js.map +1 -1
  548. package/dist/lib/metadata/metadata-config.js +2 -5
  549. package/dist/lib/metadata/metadata-config.js.map +1 -1
  550. package/dist/lib/metadata/metadata-errors.js +2 -7
  551. package/dist/lib/metadata/metadata-errors.js.map +1 -1
  552. package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
  553. package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
  554. package/dist/lib/metadata/metadata-extractor.js +42 -82
  555. package/dist/lib/metadata/metadata-extractor.js.map +1 -1
  556. package/dist/lib/metadata/metadata-sanitizer.js +17 -24
  557. package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
  558. package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
  559. package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
  560. package/dist/lib/metadata/metadata-schemas.js +31 -34
  561. package/dist/lib/metadata/metadata-schemas.js.map +1 -1
  562. package/dist/lib/mfa/mfa-handler.d.ts +1 -1
  563. package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
  564. package/dist/lib/mfa/mfa-handler.js +13 -17
  565. package/dist/lib/mfa/mfa-handler.js.map +1 -1
  566. package/dist/lib/mfa/totp-service.js +8 -18
  567. package/dist/lib/mfa/totp-service.js.map +1 -1
  568. package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
  569. package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
  570. package/dist/lib/middleware/comment-rate-limit.js +7 -10
  571. package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
  572. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
  573. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
  574. package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
  575. package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
  576. package/dist/lib/middleware/idempotency-store.js +20 -26
  577. package/dist/lib/middleware/idempotency-store.js.map +1 -1
  578. package/dist/lib/middleware/idempotency.d.ts +2 -2
  579. package/dist/lib/middleware/idempotency.d.ts.map +1 -1
  580. package/dist/lib/middleware/idempotency.js +12 -50
  581. package/dist/lib/middleware/idempotency.js.map +1 -1
  582. package/dist/lib/middleware.d.ts +22 -9
  583. package/dist/lib/middleware.d.ts.map +1 -1
  584. package/dist/lib/middleware.js +72 -153
  585. package/dist/lib/middleware.js.map +1 -1
  586. package/dist/lib/moderation-handler.d.ts +1 -1
  587. package/dist/lib/moderation-handler.d.ts.map +1 -1
  588. package/dist/lib/moderation-handler.js +15 -54
  589. package/dist/lib/moderation-handler.js.map +1 -1
  590. package/dist/lib/net/trusted-client-ip.d.ts +8 -30
  591. package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
  592. package/dist/lib/net/trusted-client-ip.js +13 -94
  593. package/dist/lib/net/trusted-client-ip.js.map +1 -1
  594. package/dist/lib/notification-handler.d.ts +1 -1
  595. package/dist/lib/notification-handler.d.ts.map +1 -1
  596. package/dist/lib/notification-handler.js +10 -15
  597. package/dist/lib/notification-handler.js.map +1 -1
  598. package/dist/lib/notification-preferences-handler.d.ts +1 -1
  599. package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
  600. package/dist/lib/notification-preferences-handler.js +7 -11
  601. package/dist/lib/notification-preferences-handler.js.map +1 -1
  602. package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
  603. package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
  604. package/dist/lib/oauth/cognito-issuer.js +5 -10
  605. package/dist/lib/oauth/cognito-issuer.js.map +1 -1
  606. package/dist/lib/oauth/device-authorization.d.ts +1 -1
  607. package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
  608. package/dist/lib/oauth/device-authorization.js +62 -77
  609. package/dist/lib/oauth/device-authorization.js.map +1 -1
  610. package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
  611. package/dist/lib/oauth/envelope-crypto.js +22 -34
  612. package/dist/lib/oauth/envelope-crypto.js.map +1 -1
  613. package/dist/lib/oauth/refresh-detection.js +42 -52
  614. package/dist/lib/oauth/refresh-detection.js.map +1 -1
  615. package/dist/lib/openai-budget.d.ts.map +1 -1
  616. package/dist/lib/openai-budget.js +7 -44
  617. package/dist/lib/openai-budget.js.map +1 -1
  618. package/dist/lib/openapi/generator.d.ts +1 -1
  619. package/dist/lib/openapi/generator.d.ts.map +1 -1
  620. package/dist/lib/openapi/generator.js +2 -6
  621. package/dist/lib/openapi/generator.js.map +1 -1
  622. package/dist/lib/orphaned-media-handler.d.ts +1 -1
  623. package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
  624. package/dist/lib/orphaned-media-handler.js +9 -46
  625. package/dist/lib/orphaned-media-handler.js.map +1 -1
  626. package/dist/lib/parental-control-handler.d.ts +2 -2
  627. package/dist/lib/parental-control-handler.d.ts.map +1 -1
  628. package/dist/lib/parental-control-handler.js +18 -55
  629. package/dist/lib/parental-control-handler.js.map +1 -1
  630. package/dist/lib/parental-link-handler.d.ts +8 -8
  631. package/dist/lib/parental-link-handler.d.ts.map +1 -1
  632. package/dist/lib/parental-link-handler.js +10 -14
  633. package/dist/lib/parental-link-handler.js.map +1 -1
  634. package/dist/lib/performance-metrics.d.ts +1 -1
  635. package/dist/lib/performance-metrics.d.ts.map +1 -1
  636. package/dist/lib/performance-metrics.js +3 -6
  637. package/dist/lib/performance-metrics.js.map +1 -1
  638. package/dist/lib/post-handler.d.ts +9 -9
  639. package/dist/lib/post-handler.d.ts.map +1 -1
  640. package/dist/lib/post-handler.js +67 -101
  641. package/dist/lib/post-handler.js.map +1 -1
  642. package/dist/lib/privacy-defaults.js +3 -8
  643. package/dist/lib/privacy-defaults.js.map +1 -1
  644. package/dist/lib/privacy-handler.d.ts +2 -2
  645. package/dist/lib/privacy-handler.d.ts.map +1 -1
  646. package/dist/lib/privacy-handler.js +6 -10
  647. package/dist/lib/privacy-handler.js.map +1 -1
  648. package/dist/lib/pseudonym.d.ts +56 -0
  649. package/dist/lib/pseudonym.d.ts.map +1 -0
  650. package/dist/lib/pseudonym.js +85 -0
  651. package/dist/lib/pseudonym.js.map +1 -0
  652. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
  653. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
  654. package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
  655. package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
  656. package/dist/lib/quiet-hours.js +2 -6
  657. package/dist/lib/quiet-hours.js.map +1 -1
  658. package/dist/lib/rate-limit.d.ts +58 -47
  659. package/dist/lib/rate-limit.d.ts.map +1 -1
  660. package/dist/lib/rate-limit.js +168 -157
  661. package/dist/lib/rate-limit.js.map +1 -1
  662. package/dist/lib/reaction-handler.d.ts +10 -10
  663. package/dist/lib/reaction-handler.d.ts.map +1 -1
  664. package/dist/lib/reaction-handler.js +44 -80
  665. package/dist/lib/reaction-handler.js.map +1 -1
  666. package/dist/lib/recaptcha.js +6 -9
  667. package/dist/lib/recaptcha.js.map +1 -1
  668. package/dist/lib/redirect-resolver.d.ts +2 -2
  669. package/dist/lib/redirect-resolver.d.ts.map +1 -1
  670. package/dist/lib/redirect-resolver.js +5 -9
  671. package/dist/lib/redirect-resolver.js.map +1 -1
  672. package/dist/lib/region-config.d.ts +3 -3
  673. package/dist/lib/region-config.d.ts.map +1 -1
  674. package/dist/lib/region-config.js +15 -58
  675. package/dist/lib/region-config.js.map +1 -1
  676. package/dist/lib/region-detection.d.ts +55 -24
  677. package/dist/lib/region-detection.d.ts.map +1 -1
  678. package/dist/lib/region-detection.js +140 -199
  679. package/dist/lib/region-detection.js.map +1 -1
  680. package/dist/lib/region-registry.d.ts +49 -0
  681. package/dist/lib/region-registry.d.ts.map +1 -0
  682. package/dist/lib/region-registry.js +112 -0
  683. package/dist/lib/region-registry.js.map +1 -0
  684. package/dist/lib/relationship-handler.d.ts +9 -9
  685. package/dist/lib/relationship-handler.d.ts.map +1 -1
  686. package/dist/lib/relationship-handler.js +12 -49
  687. package/dist/lib/relationship-handler.js.map +1 -1
  688. package/dist/lib/request-context.d.ts +16 -16
  689. package/dist/lib/request-context.d.ts.map +1 -1
  690. package/dist/lib/request-context.js +14 -22
  691. package/dist/lib/request-context.js.map +1 -1
  692. package/dist/lib/route-helpers.d.ts +3 -4
  693. package/dist/lib/route-helpers.d.ts.map +1 -1
  694. package/dist/lib/route-helpers.js +20 -75
  695. package/dist/lib/route-helpers.js.map +1 -1
  696. package/dist/lib/routes/activitypub/actor.d.ts +1 -1
  697. package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
  698. package/dist/lib/routes/activitypub/actor.js +20 -23
  699. package/dist/lib/routes/activitypub/actor.js.map +1 -1
  700. package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
  701. package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
  702. package/dist/lib/routes/activitypub/audiences.js +76 -80
  703. package/dist/lib/routes/activitypub/audiences.js.map +1 -1
  704. package/dist/lib/routes/activitypub/collections.d.ts +1 -1
  705. package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
  706. package/dist/lib/routes/activitypub/collections.js +24 -26
  707. package/dist/lib/routes/activitypub/collections.js.map +1 -1
  708. package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
  709. package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
  710. package/dist/lib/routes/activitypub/entity-profile.js +36 -39
  711. package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
  712. package/dist/lib/routes/activitypub/friends.d.ts +1 -1
  713. package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
  714. package/dist/lib/routes/activitypub/friends.js +9 -12
  715. package/dist/lib/routes/activitypub/friends.js.map +1 -1
  716. package/dist/lib/routes/activitypub/group.d.ts +1 -1
  717. package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
  718. package/dist/lib/routes/activitypub/group.js +91 -94
  719. package/dist/lib/routes/activitypub/group.js.map +1 -1
  720. package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
  721. package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
  722. package/dist/lib/routes/activitypub/inbox.js +30 -33
  723. package/dist/lib/routes/activitypub/inbox.js.map +1 -1
  724. package/dist/lib/routes/activitypub/messages.d.ts +1 -1
  725. package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
  726. package/dist/lib/routes/activitypub/messages.js +79 -83
  727. package/dist/lib/routes/activitypub/messages.js.map +1 -1
  728. package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
  729. package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
  730. package/dist/lib/routes/activitypub/outbox.js +9 -12
  731. package/dist/lib/routes/activitypub/outbox.js.map +1 -1
  732. package/dist/lib/routes/activitypub/post.d.ts +1 -1
  733. package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
  734. package/dist/lib/routes/activitypub/post.js +32 -35
  735. package/dist/lib/routes/activitypub/post.js.map +1 -1
  736. package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
  737. package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
  738. package/dist/lib/routes/activitypub/webfinger.js +5 -8
  739. package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
  740. package/dist/lib/routes/admin-costs.d.ts +1 -1
  741. package/dist/lib/routes/admin-costs.d.ts.map +1 -1
  742. package/dist/lib/routes/admin-costs.js +22 -26
  743. package/dist/lib/routes/admin-costs.js.map +1 -1
  744. package/dist/lib/routes/admin.d.ts +1 -1
  745. package/dist/lib/routes/admin.d.ts.map +1 -1
  746. package/dist/lib/routes/admin.js +290 -269
  747. package/dist/lib/routes/admin.js.map +1 -1
  748. package/dist/lib/routes/agent-authorize.d.ts +5 -5
  749. package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
  750. package/dist/lib/routes/agent-authorize.js +68 -74
  751. package/dist/lib/routes/agent-authorize.js.map +1 -1
  752. package/dist/lib/routes/agent-sessions.d.ts +4 -4
  753. package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
  754. package/dist/lib/routes/agent-sessions.js +30 -35
  755. package/dist/lib/routes/agent-sessions.js.map +1 -1
  756. package/dist/lib/routes/agent-surface.d.ts +2 -2
  757. package/dist/lib/routes/agent-surface.d.ts.map +1 -1
  758. package/dist/lib/routes/agent-surface.js +20 -24
  759. package/dist/lib/routes/agent-surface.js.map +1 -1
  760. package/dist/lib/routes/auth-discover.d.ts +1 -1
  761. package/dist/lib/routes/auth-discover.d.ts.map +1 -1
  762. package/dist/lib/routes/auth-discover.js +20 -56
  763. package/dist/lib/routes/auth-discover.js.map +1 -1
  764. package/dist/lib/routes/auth.d.ts +1 -1
  765. package/dist/lib/routes/auth.d.ts.map +1 -1
  766. package/dist/lib/routes/auth.js +13 -16
  767. package/dist/lib/routes/auth.js.map +1 -1
  768. package/dist/lib/routes/badges.d.ts +1 -1
  769. package/dist/lib/routes/badges.d.ts.map +1 -1
  770. package/dist/lib/routes/badges.js +20 -23
  771. package/dist/lib/routes/badges.js.map +1 -1
  772. package/dist/lib/routes/circles.d.ts +1 -1
  773. package/dist/lib/routes/circles.d.ts.map +1 -1
  774. package/dist/lib/routes/circles.js +40 -44
  775. package/dist/lib/routes/circles.js.map +1 -1
  776. package/dist/lib/routes/comments.d.ts +1 -1
  777. package/dist/lib/routes/comments.d.ts.map +1 -1
  778. package/dist/lib/routes/comments.js +67 -71
  779. package/dist/lib/routes/comments.js.map +1 -1
  780. package/dist/lib/routes/connection-codes.d.ts +1 -1
  781. package/dist/lib/routes/connection-codes.d.ts.map +1 -1
  782. package/dist/lib/routes/connection-codes.js +30 -34
  783. package/dist/lib/routes/connection-codes.js.map +1 -1
  784. package/dist/lib/routes/content-discovery.d.ts +1 -1
  785. package/dist/lib/routes/content-discovery.d.ts.map +1 -1
  786. package/dist/lib/routes/content-discovery.js +31 -34
  787. package/dist/lib/routes/content-discovery.js.map +1 -1
  788. package/dist/lib/routes/dashboard.d.ts +1 -1
  789. package/dist/lib/routes/dashboard.d.ts.map +1 -1
  790. package/dist/lib/routes/dashboard.js +251 -288
  791. package/dist/lib/routes/dashboard.js.map +1 -1
  792. package/dist/lib/routes/deletion.d.ts +1 -1
  793. package/dist/lib/routes/deletion.d.ts.map +1 -1
  794. package/dist/lib/routes/deletion.js +37 -74
  795. package/dist/lib/routes/deletion.js.map +1 -1
  796. package/dist/lib/routes/discovery.d.ts +1 -1
  797. package/dist/lib/routes/discovery.d.ts.map +1 -1
  798. package/dist/lib/routes/discovery.js +20 -24
  799. package/dist/lib/routes/discovery.js.map +1 -1
  800. package/dist/lib/routes/employees.d.ts +1 -1
  801. package/dist/lib/routes/employees.d.ts.map +1 -1
  802. package/dist/lib/routes/employees.js +15 -52
  803. package/dist/lib/routes/employees.js.map +1 -1
  804. package/dist/lib/routes/entities.d.ts +1 -1
  805. package/dist/lib/routes/entities.d.ts.map +1 -1
  806. package/dist/lib/routes/entities.js +133 -137
  807. package/dist/lib/routes/entities.js.map +1 -1
  808. package/dist/lib/routes/entity-relationships.d.ts +1 -1
  809. package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
  810. package/dist/lib/routes/entity-relationships.js +35 -39
  811. package/dist/lib/routes/entity-relationships.js.map +1 -1
  812. package/dist/lib/routes/errors.d.ts +1 -1
  813. package/dist/lib/routes/errors.d.ts.map +1 -1
  814. package/dist/lib/routes/errors.js +4 -10
  815. package/dist/lib/routes/errors.js.map +1 -1
  816. package/dist/lib/routes/export.d.ts +1 -1
  817. package/dist/lib/routes/export.d.ts.map +1 -1
  818. package/dist/lib/routes/export.js +31 -35
  819. package/dist/lib/routes/export.js.map +1 -1
  820. package/dist/lib/routes/feature-flags.d.ts +1 -1
  821. package/dist/lib/routes/feature-flags.d.ts.map +1 -1
  822. package/dist/lib/routes/feature-flags.js +20 -23
  823. package/dist/lib/routes/feature-flags.js.map +1 -1
  824. package/dist/lib/routes/feeds.d.ts +1 -1
  825. package/dist/lib/routes/feeds.d.ts.map +1 -1
  826. package/dist/lib/routes/feeds.js +42 -46
  827. package/dist/lib/routes/feeds.js.map +1 -1
  828. package/dist/lib/routes/friends.d.ts +1 -1
  829. package/dist/lib/routes/friends.d.ts.map +1 -1
  830. package/dist/lib/routes/friends.js +35 -39
  831. package/dist/lib/routes/friends.js.map +1 -1
  832. package/dist/lib/routes/health.d.ts +1 -1
  833. package/dist/lib/routes/health.d.ts.map +1 -1
  834. package/dist/lib/routes/health.js +23 -27
  835. package/dist/lib/routes/health.js.map +1 -1
  836. package/dist/lib/routes/index.d.ts +2 -7
  837. package/dist/lib/routes/index.d.ts.map +1 -1
  838. package/dist/lib/routes/index.js +137 -158
  839. package/dist/lib/routes/index.js.map +1 -1
  840. package/dist/lib/routes/internal-docs.d.ts +1 -1
  841. package/dist/lib/routes/internal-docs.d.ts.map +1 -1
  842. package/dist/lib/routes/internal-docs.js +13 -16
  843. package/dist/lib/routes/internal-docs.js.map +1 -1
  844. package/dist/lib/routes/invitations.d.ts +1 -1
  845. package/dist/lib/routes/invitations.d.ts.map +1 -1
  846. package/dist/lib/routes/invitations.js +19 -22
  847. package/dist/lib/routes/invitations.js.map +1 -1
  848. package/dist/lib/routes/link-reports.d.ts +2 -2
  849. package/dist/lib/routes/link-reports.d.ts.map +1 -1
  850. package/dist/lib/routes/link-reports.js +86 -48
  851. package/dist/lib/routes/link-reports.js.map +1 -1
  852. package/dist/lib/routes/map.d.ts +1 -1
  853. package/dist/lib/routes/map.d.ts.map +1 -1
  854. package/dist/lib/routes/map.js +5 -8
  855. package/dist/lib/routes/map.js.map +1 -1
  856. package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
  857. package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
  858. package/dist/lib/routes/media-metadata-visibility.js +30 -67
  859. package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
  860. package/dist/lib/routes/media.d.ts +1 -1
  861. package/dist/lib/routes/media.d.ts.map +1 -1
  862. package/dist/lib/routes/media.js +156 -193
  863. package/dist/lib/routes/media.js.map +1 -1
  864. package/dist/lib/routes/mfa.d.ts +1 -1
  865. package/dist/lib/routes/mfa.d.ts.map +1 -1
  866. package/dist/lib/routes/mfa.js +60 -64
  867. package/dist/lib/routes/mfa.js.map +1 -1
  868. package/dist/lib/routes/notifications.d.ts +1 -1
  869. package/dist/lib/routes/notifications.d.ts.map +1 -1
  870. package/dist/lib/routes/notifications.js +68 -72
  871. package/dist/lib/routes/notifications.js.map +1 -1
  872. package/dist/lib/routes/oauth.d.ts +1 -1
  873. package/dist/lib/routes/oauth.d.ts.map +1 -1
  874. package/dist/lib/routes/oauth.js +20 -23
  875. package/dist/lib/routes/oauth.js.map +1 -1
  876. package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
  877. package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
  878. package/dist/lib/routes/orphaned-media-health.js +10 -13
  879. package/dist/lib/routes/orphaned-media-health.js.map +1 -1
  880. package/dist/lib/routes/orphaned-media.d.ts +1 -1
  881. package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
  882. package/dist/lib/routes/orphaned-media.js +20 -57
  883. package/dist/lib/routes/orphaned-media.js.map +1 -1
  884. package/dist/lib/routes/out.d.ts +1 -1
  885. package/dist/lib/routes/out.d.ts.map +1 -1
  886. package/dist/lib/routes/out.js +21 -24
  887. package/dist/lib/routes/out.js.map +1 -1
  888. package/dist/lib/routes/parental-controls.d.ts +1 -1
  889. package/dist/lib/routes/parental-controls.d.ts.map +1 -1
  890. package/dist/lib/routes/parental-controls.js +91 -95
  891. package/dist/lib/routes/parental-controls.js.map +1 -1
  892. package/dist/lib/routes/posts.d.ts +1 -1
  893. package/dist/lib/routes/posts.d.ts.map +1 -1
  894. package/dist/lib/routes/posts.js +101 -105
  895. package/dist/lib/routes/posts.js.map +1 -1
  896. package/dist/lib/routes/privacy.d.ts +1 -1
  897. package/dist/lib/routes/privacy.d.ts.map +1 -1
  898. package/dist/lib/routes/privacy.js +21 -25
  899. package/dist/lib/routes/privacy.js.map +1 -1
  900. package/dist/lib/routes/products.d.ts +1 -1
  901. package/dist/lib/routes/products.d.ts.map +1 -1
  902. package/dist/lib/routes/products.js +44 -48
  903. package/dist/lib/routes/products.js.map +1 -1
  904. package/dist/lib/routes/relationships.d.ts +1 -1
  905. package/dist/lib/routes/relationships.d.ts.map +1 -1
  906. package/dist/lib/routes/relationships.js +35 -39
  907. package/dist/lib/routes/relationships.js.map +1 -1
  908. package/dist/lib/routes/sentiments.d.ts +1 -1
  909. package/dist/lib/routes/sentiments.d.ts.map +1 -1
  910. package/dist/lib/routes/sentiments.js +71 -75
  911. package/dist/lib/routes/sentiments.js.map +1 -1
  912. package/dist/lib/routes/setup-status.d.ts +1 -1
  913. package/dist/lib/routes/setup-status.d.ts.map +1 -1
  914. package/dist/lib/routes/setup-status.js +17 -20
  915. package/dist/lib/routes/setup-status.js.map +1 -1
  916. package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
  917. package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
  918. package/dist/lib/routes/taxonomy-analytics.js +29 -33
  919. package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
  920. package/dist/lib/routes/taxonomy.d.ts +1 -1
  921. package/dist/lib/routes/taxonomy.d.ts.map +1 -1
  922. package/dist/lib/routes/taxonomy.js +48 -51
  923. package/dist/lib/routes/taxonomy.js.map +1 -1
  924. package/dist/lib/routes/tenant-audit.d.ts +1 -1
  925. package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
  926. package/dist/lib/routes/tenant-audit.js +35 -92
  927. package/dist/lib/routes/tenant-audit.js.map +1 -1
  928. package/dist/lib/routes/tenant-compliance.d.ts +1 -1
  929. package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
  930. package/dist/lib/routes/tenant-compliance.js +16 -52
  931. package/dist/lib/routes/tenant-compliance.js.map +1 -1
  932. package/dist/lib/routes/tenant-domains.d.ts +1 -1
  933. package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
  934. package/dist/lib/routes/tenant-domains.js +27 -30
  935. package/dist/lib/routes/tenant-domains.js.map +1 -1
  936. package/dist/lib/routes/tenant-idp.d.ts +1 -1
  937. package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
  938. package/dist/lib/routes/tenant-idp.js +27 -30
  939. package/dist/lib/routes/tenant-idp.js.map +1 -1
  940. package/dist/lib/routes/tenant-members.d.ts +1 -1
  941. package/dist/lib/routes/tenant-members.d.ts.map +1 -1
  942. package/dist/lib/routes/tenant-members.js +21 -24
  943. package/dist/lib/routes/tenant-members.js.map +1 -1
  944. package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
  945. package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
  946. package/dist/lib/routes/tenant-role-mappings.js +27 -30
  947. package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
  948. package/dist/lib/routes/tenants.d.ts +1 -1
  949. package/dist/lib/routes/tenants.d.ts.map +1 -1
  950. package/dist/lib/routes/tenants.js +37 -40
  951. package/dist/lib/routes/tenants.js.map +1 -1
  952. package/dist/lib/routes/types.d.ts +10 -5
  953. package/dist/lib/routes/types.d.ts.map +1 -1
  954. package/dist/lib/routes/types.js +1 -2
  955. package/dist/lib/routes/types.js.map +1 -1
  956. package/dist/lib/routes/upload-sessions.d.ts +1 -1
  957. package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
  958. package/dist/lib/routes/upload-sessions.js +57 -94
  959. package/dist/lib/routes/upload-sessions.js.map +1 -1
  960. package/dist/lib/routes/user.d.ts +1 -1
  961. package/dist/lib/routes/user.d.ts.map +1 -1
  962. package/dist/lib/routes/user.js +137 -85
  963. package/dist/lib/routes/user.js.map +1 -1
  964. package/dist/lib/routes.d.ts +2 -2
  965. package/dist/lib/routes.d.ts.map +1 -1
  966. package/dist/lib/routes.js +2 -7
  967. package/dist/lib/routes.js.map +1 -1
  968. package/dist/lib/scaling-health.d.ts.map +1 -1
  969. package/dist/lib/scaling-health.js +6 -9
  970. package/dist/lib/scaling-health.js.map +1 -1
  971. package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
  972. package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
  973. package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
  974. package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
  975. package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
  976. package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
  977. package/dist/lib/schemas.d.ts +85 -204
  978. package/dist/lib/schemas.d.ts.map +1 -1
  979. package/dist/lib/schemas.js +71 -74
  980. package/dist/lib/schemas.js.map +1 -1
  981. package/dist/lib/secrets/idp-secrets.d.ts +1 -1
  982. package/dist/lib/secrets/idp-secrets.js +13 -19
  983. package/dist/lib/secrets/idp-secrets.js.map +1 -1
  984. package/dist/lib/security-event-cleaner.js +1 -5
  985. package/dist/lib/security-event-cleaner.js.map +1 -1
  986. package/dist/lib/security-headers.js +1 -5
  987. package/dist/lib/security-headers.js.map +1 -1
  988. package/dist/lib/security-monitor.d.ts +4 -2
  989. package/dist/lib/security-monitor.d.ts.map +1 -1
  990. package/dist/lib/security-monitor.js +16 -18
  991. package/dist/lib/security-monitor.js.map +1 -1
  992. package/dist/lib/sentiment-digest.d.ts +1 -1
  993. package/dist/lib/sentiment-digest.d.ts.map +1 -1
  994. package/dist/lib/sentiment-digest.js +5 -8
  995. package/dist/lib/sentiment-digest.js.map +1 -1
  996. package/dist/lib/sentiment-display.js +3 -7
  997. package/dist/lib/sentiment-display.js.map +1 -1
  998. package/dist/lib/services/image-normalizer.js +1 -5
  999. package/dist/lib/services/image-normalizer.js.map +1 -1
  1000. package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
  1001. package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
  1002. package/dist/lib/services/media-reconciliation-service.js +7 -11
  1003. package/dist/lib/services/media-reconciliation-service.js.map +1 -1
  1004. package/dist/lib/services/media-upload-service.d.ts +1 -1
  1005. package/dist/lib/services/media-upload-service.d.ts.map +1 -1
  1006. package/dist/lib/services/media-upload-service.js +4 -8
  1007. package/dist/lib/services/media-upload-service.js.map +1 -1
  1008. package/dist/lib/services/user-data-deletion.d.ts +45 -2
  1009. package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
  1010. package/dist/lib/services/user-data-deletion.js +87 -9
  1011. package/dist/lib/services/user-data-deletion.js.map +1 -1
  1012. package/dist/lib/session-awareness.js +2 -6
  1013. package/dist/lib/session-awareness.js.map +1 -1
  1014. package/dist/lib/session-config.js +8 -17
  1015. package/dist/lib/session-config.js.map +1 -1
  1016. package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
  1017. package/dist/lib/session-cookie.d.ts.map +1 -0
  1018. package/dist/lib/session-cookie.js +0 -0
  1019. package/dist/lib/session-cookie.js.map +1 -0
  1020. package/dist/lib/signup-metadata.d.ts +129 -0
  1021. package/dist/lib/signup-metadata.d.ts.map +1 -0
  1022. package/dist/lib/signup-metadata.js +127 -0
  1023. package/dist/lib/signup-metadata.js.map +1 -0
  1024. package/dist/lib/sso-auth-handler.js +1 -5
  1025. package/dist/lib/sso-auth-handler.js.map +1 -1
  1026. package/dist/lib/tag-suggestions-handler.d.ts +1 -1
  1027. package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
  1028. package/dist/lib/tag-suggestions-handler.js +1 -5
  1029. package/dist/lib/tag-suggestions-handler.js.map +1 -1
  1030. package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
  1031. package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
  1032. package/dist/lib/taxonomy-handler-factory.js +7 -10
  1033. package/dist/lib/taxonomy-handler-factory.js.map +1 -1
  1034. package/dist/lib/taxonomy-handler.d.ts +2 -2
  1035. package/dist/lib/taxonomy-handler.d.ts.map +1 -1
  1036. package/dist/lib/taxonomy-handler.js +8 -8
  1037. package/dist/lib/taxonomy-handler.js.map +1 -1
  1038. package/dist/lib/taxonomy-metrics.js +5 -9
  1039. package/dist/lib/taxonomy-metrics.js.map +1 -1
  1040. package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
  1041. package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
  1042. package/dist/lib/taxonomy-search-metrics.js +3 -7
  1043. package/dist/lib/taxonomy-search-metrics.js.map +1 -1
  1044. package/dist/lib/tenant/audit-emit.d.ts +18 -8
  1045. package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
  1046. package/dist/lib/tenant/audit-emit.js +50 -11
  1047. package/dist/lib/tenant/audit-emit.js.map +1 -1
  1048. package/dist/lib/tenant/derive-domain.js +1 -4
  1049. package/dist/lib/tenant/derive-domain.js.map +1 -1
  1050. package/dist/lib/tenant/domain-handler.d.ts +2 -2
  1051. package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
  1052. package/dist/lib/tenant/domain-handler.js +50 -62
  1053. package/dist/lib/tenant/domain-handler.js.map +1 -1
  1054. package/dist/lib/tenant/domain-validator.d.ts +1 -1
  1055. package/dist/lib/tenant/domain-validator.js +10 -13
  1056. package/dist/lib/tenant/domain-validator.js.map +1 -1
  1057. package/dist/lib/tenant/domain-verifier.d.ts +3 -3
  1058. package/dist/lib/tenant/domain-verifier.js +8 -11
  1059. package/dist/lib/tenant/domain-verifier.js.map +1 -1
  1060. package/dist/lib/tenant/idp-handler.d.ts +4 -4
  1061. package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
  1062. package/dist/lib/tenant/idp-handler.js +45 -82
  1063. package/dist/lib/tenant/idp-handler.js.map +1 -1
  1064. package/dist/lib/tenant/idp-name.js +1 -4
  1065. package/dist/lib/tenant/idp-name.js.map +1 -1
  1066. package/dist/lib/tenant/member-handler.d.ts +2 -2
  1067. package/dist/lib/tenant/member-handler.d.ts.map +1 -1
  1068. package/dist/lib/tenant/member-handler.js +30 -67
  1069. package/dist/lib/tenant/member-handler.js.map +1 -1
  1070. package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
  1071. package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
  1072. package/dist/lib/tenant/reserved-slugs.js +8 -14
  1073. package/dist/lib/tenant/reserved-slugs.js.map +1 -1
  1074. package/dist/lib/tenant/resolve-role.js +1 -4
  1075. package/dist/lib/tenant/resolve-role.js.map +1 -1
  1076. package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
  1077. package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
  1078. package/dist/lib/tenant/role-mapping-handler.js +24 -61
  1079. package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
  1080. package/dist/lib/tenant/setup-status.d.ts +1 -1
  1081. package/dist/lib/tenant/setup-status.d.ts.map +1 -1
  1082. package/dist/lib/tenant/setup-status.js +3 -40
  1083. package/dist/lib/tenant/setup-status.js.map +1 -1
  1084. package/dist/lib/tenant/slug-validator.js +3 -6
  1085. package/dist/lib/tenant/slug-validator.js.map +1 -1
  1086. package/dist/lib/tenant/tenant-handler.d.ts +2 -2
  1087. package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
  1088. package/dist/lib/tenant/tenant-handler.js +31 -68
  1089. package/dist/lib/tenant/tenant-handler.js.map +1 -1
  1090. package/dist/lib/tenant/transfer-ownership.js +2 -6
  1091. package/dist/lib/tenant/transfer-ownership.js.map +1 -1
  1092. package/dist/lib/tenant-scope.d.ts +97 -0
  1093. package/dist/lib/tenant-scope.d.ts.map +1 -0
  1094. package/dist/lib/tenant-scope.js +270 -0
  1095. package/dist/lib/tenant-scope.js.map +1 -0
  1096. package/dist/lib/terminology.d.ts.map +1 -1
  1097. package/dist/lib/terminology.js +7 -9
  1098. package/dist/lib/terminology.js.map +1 -1
  1099. package/dist/lib/theme.js +2 -6
  1100. package/dist/lib/theme.js.map +1 -1
  1101. package/dist/lib/threat-intel-service.d.ts +2 -2
  1102. package/dist/lib/threat-intel-service.d.ts.map +1 -1
  1103. package/dist/lib/threat-intel-service.js +3 -7
  1104. package/dist/lib/threat-intel-service.js.map +1 -1
  1105. package/dist/lib/types/media-reconciliation.js +1 -2
  1106. package/dist/lib/types/media-reconciliation.js.map +1 -1
  1107. package/dist/lib/upload-session-handler.d.ts +1 -1
  1108. package/dist/lib/upload-session-handler.d.ts.map +1 -1
  1109. package/dist/lib/upload-session-handler.js +13 -50
  1110. package/dist/lib/upload-session-handler.js.map +1 -1
  1111. package/dist/lib/user/derive-handle.d.ts +22 -0
  1112. package/dist/lib/user/derive-handle.d.ts.map +1 -1
  1113. package/dist/lib/user/derive-handle.js +18 -6
  1114. package/dist/lib/user/derive-handle.js.map +1 -1
  1115. package/dist/lib/user-badge.js +6 -14
  1116. package/dist/lib/user-badge.js.map +1 -1
  1117. package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
  1118. package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
  1119. package/dist/lib/user-deletion-handler-enhanced.js +16 -53
  1120. package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
  1121. package/dist/lib/user-deprovisioning.d.ts +1 -1
  1122. package/dist/lib/user-deprovisioning.d.ts.map +1 -1
  1123. package/dist/lib/user-deprovisioning.js +16 -20
  1124. package/dist/lib/user-deprovisioning.js.map +1 -1
  1125. package/dist/lib/user-export-handler.d.ts +4 -4
  1126. package/dist/lib/user-export-handler.d.ts.map +1 -1
  1127. package/dist/lib/user-export-handler.js +11 -15
  1128. package/dist/lib/user-export-handler.js.map +1 -1
  1129. package/dist/lib/validate-request.js +8 -13
  1130. package/dist/lib/validate-request.js.map +1 -1
  1131. package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
  1132. package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
  1133. package/dist/lib/validation/feature-toggle-schemas.js +50 -59
  1134. package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
  1135. package/dist/lib/validation/validate-request.d.ts.map +1 -1
  1136. package/dist/lib/validation/validate-request.js +12 -23
  1137. package/dist/lib/validation/validate-request.js.map +1 -1
  1138. package/dist/lib/validation.js +1 -5
  1139. package/dist/lib/validation.js.map +1 -1
  1140. package/dist/lib/version.js +3 -8
  1141. package/dist/lib/version.js.map +1 -1
  1142. package/dist/server.d.ts +1 -1
  1143. package/dist/server.d.ts.map +1 -1
  1144. package/dist/server.js +29 -69
  1145. package/dist/server.js.map +1 -1
  1146. package/dist/types/cloudflare-compat.d.ts +3 -93
  1147. package/dist/types/cloudflare-compat.d.ts.map +1 -1
  1148. package/dist/types/cloudflare-compat.js +1 -2
  1149. package/dist/types/cloudflare-compat.js.map +1 -1
  1150. package/dist/worker.d.ts +6 -6
  1151. package/dist/worker.d.ts.map +1 -1
  1152. package/dist/worker.js +6 -13
  1153. package/dist/worker.js.map +1 -1
  1154. package/package.json +28 -15
  1155. package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
  1156. package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
  1157. package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
  1158. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
  1159. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
  1160. package/prisma/migrations/20260606000000_handle_canonical_identity/migration.sql +18 -0
  1161. package/prisma/schema.prisma +426 -68
  1162. package/src/lambda/cleanup-cron.ts +10 -7
  1163. package/src/lambda/create-auth-challenge.ts +6 -3
  1164. package/src/lambda/delete-account-worker.ts +17 -12
  1165. package/src/lambda/diagnostics-proxy.ts +9 -6
  1166. package/src/lambda/e2e-sweeper.ts +17 -23
  1167. package/src/lambda/federation-outbox-worker.ts +4 -1
  1168. package/src/lambda/followers-events-worker.ts +4 -1
  1169. package/src/lambda/hourly-cron.ts +112 -20
  1170. package/src/lambda/link-check-worker.ts +4 -1
  1171. package/src/lambda/maintenance-cron.ts +24 -13
  1172. package/src/lambda/media-processing-worker.ts +5 -2
  1173. package/src/lambda/media-reconciliation-worker.ts +4 -1
  1174. package/src/lambda/nightly-cron.ts +53 -54
  1175. package/src/lambda/post-confirmation.ts +262 -76
  1176. package/src/lambda/pre-token-generation.ts +39 -44
  1177. package/src/lambda/verify-auth-challenge.ts +4 -1
  1178. package/dist/lib/audit/emit.d.ts +0 -56
  1179. package/dist/lib/audit/emit.d.ts.map +0 -1
  1180. package/dist/lib/audit/emit.js +0 -124
  1181. package/dist/lib/audit/emit.js.map +0 -1
  1182. package/dist/lib/audit/event-types.d.ts +0 -36
  1183. package/dist/lib/audit/event-types.d.ts.map +0 -1
  1184. package/dist/lib/audit/event-types.js +0 -69
  1185. package/dist/lib/audit/event-types.js.map +0 -1
  1186. package/dist/lib/audit-logger.d.ts +0 -142
  1187. package/dist/lib/audit-logger.d.ts.map +0 -1
  1188. package/dist/lib/audit-logger.js +0 -326
  1189. package/dist/lib/audit-logger.js.map +0 -1
  1190. package/dist/lib/circuit-breaker.d.ts +0 -27
  1191. package/dist/lib/circuit-breaker.d.ts.map +0 -1
  1192. package/dist/lib/circuit-breaker.js +0 -63
  1193. package/dist/lib/circuit-breaker.js.map +0 -1
  1194. package/dist/lib/graph/dual-write-service.d.ts +0 -116
  1195. package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
  1196. package/dist/lib/graph/dual-write-service.js +0 -332
  1197. package/dist/lib/graph/dual-write-service.js.map +0 -1
  1198. package/dist/lib/graph/dual-write.d.ts +0 -396
  1199. package/dist/lib/graph/dual-write.d.ts.map +0 -1
  1200. package/dist/lib/graph/dual-write.js +0 -53
  1201. package/dist/lib/graph/dual-write.js.map +0 -1
  1202. package/dist/lib/graph/graph-schema-init.d.ts +0 -31
  1203. package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
  1204. package/dist/lib/graph/graph-schema-init.js +0 -105
  1205. package/dist/lib/graph/graph-schema-init.js.map +0 -1
  1206. package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
  1207. package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
  1208. package/dist/lib/graph/neo4j-graph-service.js +0 -1625
  1209. package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
  1210. package/dist/lib/graph/reconciliation-service.d.ts +0 -113
  1211. package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
  1212. package/dist/lib/graph/reconciliation-service.js +0 -533
  1213. package/dist/lib/graph/reconciliation-service.js.map +0 -1
  1214. package/dist/lib/id-generator.d.ts +0 -29
  1215. package/dist/lib/id-generator.d.ts.map +0 -1
  1216. package/dist/lib/id-generator.js +0 -51
  1217. package/dist/lib/id-generator.js.map +0 -1
  1218. package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
  1219. package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
  1220. package/dist/lib/kv/dynamodb-kv.js +0 -239
  1221. package/dist/lib/kv/dynamodb-kv.js.map +0 -1
  1222. package/dist/lib/queue/sqs-queue.d.ts +0 -16
  1223. package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
  1224. package/dist/lib/queue/sqs-queue.js +0 -39
  1225. package/dist/lib/queue/sqs-queue.js.map +0 -1
  1226. package/dist/lib/route-matcher.d.ts +0 -24
  1227. package/dist/lib/route-matcher.d.ts.map +0 -1
  1228. package/dist/lib/route-matcher.js +0 -96
  1229. package/dist/lib/route-matcher.js.map +0 -1
  1230. package/dist/lib/router.d.ts +0 -26
  1231. package/dist/lib/router.d.ts.map +0 -1
  1232. package/dist/lib/router.js +0 -90
  1233. package/dist/lib/router.js.map +0 -1
  1234. package/dist/lib/routes-all.d.ts +0 -9
  1235. package/dist/lib/routes-all.d.ts.map +0 -1
  1236. package/dist/lib/routes-all.js +0 -170
  1237. package/dist/lib/routes-all.js.map +0 -1
  1238. package/dist/lib/secret-resolver.d.ts +0 -88
  1239. package/dist/lib/secret-resolver.d.ts.map +0 -1
  1240. package/dist/lib/secret-resolver.js +0 -183
  1241. package/dist/lib/secret-resolver.js.map +0 -1
  1242. package/dist/lib/session-manager.d.ts.map +0 -1
  1243. package/dist/lib/session-manager.js +0 -492
  1244. package/dist/lib/session-manager.js.map +0 -1
  1245. package/dist/lib/storage/s3-storage.d.ts +0 -29
  1246. package/dist/lib/storage/s3-storage.d.ts.map +0 -1
  1247. package/dist/lib/storage/s3-storage.js +0 -135
  1248. package/dist/lib/storage/s3-storage.js.map +0 -1
  1249. package/dist/lib/tenant-context.d.ts +0 -35
  1250. package/dist/lib/tenant-context.d.ts.map +0 -1
  1251. package/dist/lib/tenant-context.js +0 -54
  1252. package/dist/lib/tenant-context.js.map +0 -1
@@ -1,17 +1,10 @@
1
- "use strict";
2
1
  /**
3
2
  * CSV Export for Audit Events (RFC 4180)
4
3
  *
5
4
  * Fields that contain commas, double-quotes, or newlines are enclosed in
6
5
  * double-quotes. Inner double-quotes are doubled per RFC 4180 §2.7.
7
6
  */
8
- Object.defineProperty(exports, "__esModule", { value: true });
9
- exports.CSV_HEADERS = void 0;
10
- exports.escapeCsvField = escapeCsvField;
11
- exports.renderCsvRow = renderCsvRow;
12
- exports.renderCsvHeader = renderCsvHeader;
13
- exports.renderCsv = renderCsv;
14
- exports.CSV_HEADERS = [
7
+ export const CSV_HEADERS = [
15
8
  "eventId",
16
9
  "type",
17
10
  "tenantId",
@@ -21,22 +14,22 @@ exports.CSV_HEADERS = [
21
14
  "payload",
22
15
  ];
23
16
  /** Escape a single CSV field per RFC 4180. */
24
- function escapeCsvField(value) {
17
+ export function escapeCsvField(value) {
25
18
  if (value.includes(",") || value.includes('"') || value.includes("\n") || value.includes("\r")) {
26
19
  return `"${value.replace(/"/g, '""')}"`;
27
20
  }
28
21
  return value;
29
22
  }
30
23
  /** Render one CSV row from an array of string values. */
31
- function renderCsvRow(fields) {
24
+ export function renderCsvRow(fields) {
32
25
  return fields.map(escapeCsvField).join(",");
33
26
  }
34
27
  /** Render the header row. */
35
- function renderCsvHeader() {
36
- return renderCsvRow([...exports.CSV_HEADERS]);
28
+ export function renderCsvHeader() {
29
+ return renderCsvRow([...CSV_HEADERS]);
37
30
  }
38
31
  /** Render a complete CSV document (header + rows) from an array of row objects. */
39
- function renderCsv(rows) {
32
+ export function renderCsv(rows) {
40
33
  const lines = [renderCsvHeader()];
41
34
  for (const row of rows) {
42
35
  lines.push(renderCsvRow([
@@ -1 +1 @@
1
- {"version":3,"file":"csv-export.js","sourceRoot":"","sources":["../../../src/lib/audit/csv-export.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAuBH,wCAKC;AAGD,oCAEC;AAGD,0CAEC;AAGD,8BAgBC;AAvDY,QAAA,WAAW,GAAG;IACzB,SAAS;IACT,MAAM;IACN,UAAU;IACV,aAAa;IACb,WAAW;IACX,UAAU;IACV,SAAS;CACD,CAAC;AAYX,8CAA8C;AAC9C,SAAgB,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/F,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;IAC1C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,yDAAyD;AACzD,SAAgB,YAAY,CAAC,MAAgB;IAC3C,OAAO,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9C,CAAC;AAED,6BAA6B;AAC7B,SAAgB,eAAe;IAC7B,OAAO,YAAY,CAAC,CAAC,GAAG,mBAAW,CAAC,CAAC,CAAC;AACxC,CAAC;AAED,mFAAmF;AACnF,SAAgB,SAAS,CAAC,IAAc;IACtC,MAAM,KAAK,GAAa,CAAC,eAAe,EAAE,CAAC,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,YAAY,CAAC;YACX,GAAG,CAAC,OAAO;YACX,GAAG,CAAC,IAAI;YACR,GAAG,CAAC,QAAQ;YACZ,GAAG,CAAC,WAAW;YACf,GAAG,CAAC,SAAS;YACb,GAAG,CAAC,QAAQ;YACZ,GAAG,CAAC,OAAO;SACZ,CAAC,CACH,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC"}
1
+ {"version":3,"file":"csv-export.js","sourceRoot":"","sources":["../../../src/lib/audit/csv-export.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,SAAS;IACT,MAAM;IACN,UAAU;IACV,aAAa;IACb,WAAW;IACX,UAAU;IACV,SAAS;CACD,CAAC;AAYX,8CAA8C;AAC9C,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/F,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;IAC1C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,YAAY,CAAC,MAAgB;IAC3C,OAAO,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9C,CAAC;AAED,6BAA6B;AAC7B,MAAM,UAAU,eAAe;IAC7B,OAAO,YAAY,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;AACxC,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,SAAS,CAAC,IAAc;IACtC,MAAM,KAAK,GAAa,CAAC,eAAe,EAAE,CAAC,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,YAAY,CAAC;YACX,GAAG,CAAC,OAAO;YACX,GAAG,CAAC,IAAI;YACR,GAAG,CAAC,QAAQ;YACZ,GAAG,CAAC,WAAW;YACf,GAAG,CAAC,SAAS;YACb,GAAG,CAAC,QAAQ;YACZ,GAAG,CAAC,OAAO;SACZ,CAAC,CACH,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC"}
@@ -5,6 +5,15 @@
5
5
  * with the literal string "<redacted>" and a drop counter is incremented.
6
6
  * Claim *names* are fine to store; claim *values* must never appear.
7
7
  */
8
+ /**
9
+ * Per-key allowlist for audit metadata. Anything outside this set is
10
+ * replaced with "<redacted>". Migrated here from the now-deleted
11
+ * `event-types.ts` (phase 1.C.2) so the allowlist lives next to the
12
+ * filter that consumes it.
13
+ *
14
+ * Claim *names* are fine to store; claim *values* must never appear.
15
+ */
16
+ export declare const PII_ALLOWED_FIELDS: Set<string>;
8
17
  export interface FilterResult {
9
18
  filtered: Record<string, unknown>;
10
19
  droppedCount: number;
@@ -1 +1 @@
1
- {"version":3,"file":"pii-filter.d.ts","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAiB9C;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,aAAa,GAAE,GAAG,CAAC,MAAM,CAAsB,GAC9C,YAAY,CAcd"}
1
+ {"version":3,"file":"pii-filter.d.ts","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,aA8C7B,CAAC;AAEH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAiB9C;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,aAAa,GAAE,GAAG,CAAC,MAAM,CAAsB,GAC9C,YAAY,CAcd"}
@@ -1,4 +1,3 @@
1
- "use strict";
2
1
  /**
3
2
  * PII Filter for Audit Payloads
4
3
  *
@@ -6,15 +5,66 @@
6
5
  * with the literal string "<redacted>" and a drop counter is incremented.
7
6
  * Claim *names* are fine to store; claim *values* must never appear.
8
7
  */
9
- Object.defineProperty(exports, "__esModule", { value: true });
10
- exports.anonymizeIp = anonymizeIp;
11
- exports.filterPayload = filterPayload;
12
- const event_types_1 = require("./event-types");
8
+ /**
9
+ * Per-key allowlist for audit metadata. Anything outside this set is
10
+ * replaced with "<redacted>". Migrated here from the now-deleted
11
+ * `event-types.ts` (phase 1.C.2) so the allowlist lives next to the
12
+ * filter that consumes it.
13
+ *
14
+ * Claim *names* are fine to store; claim *values* must never appear.
15
+ */
16
+ export const PII_ALLOWED_FIELDS = new Set([
17
+ "tenantId",
18
+ "actorUserId",
19
+ "targetUserId",
20
+ "targetType",
21
+ "oldRole",
22
+ "newRole",
23
+ "domain",
24
+ "idpStatus",
25
+ "idpKind",
26
+ "issuer",
27
+ "idpGroup",
28
+ "role",
29
+ "source",
30
+ "reason",
31
+ "verificationMethod",
32
+ "changedAttributes",
33
+ "sourceIp",
34
+ "agentSessionId",
35
+ "slug",
36
+ "displayName",
37
+ "type",
38
+ "agentLabel",
39
+ "userAgent",
40
+ // G4 MEDIUM-6/N2: `deviceCodeHash` was previously written into
41
+ // AUTH_AGENT_SESSION_APPROVED audit payloads and could act as a
42
+ // confirmation oracle if a raw device_code ever leaked elsewhere.
43
+ // Kept OFF the allow-list so a future regression that re-adds the
44
+ // field would fail the audit-emit allow-list check.
45
+ "refreshJti",
46
+ "cognitoUserId",
47
+ // Region codes are NOT PII (US/EU/CN); they are data-residency
48
+ // compliance signals carried by the data-lifecycle audit events.
49
+ // Added in phase 1.C.2 so the data-router region context survives
50
+ // the allowlist instead of being redacted away. See migration note.
51
+ "region",
52
+ "dataRegion",
53
+ "requestedRegion",
54
+ "actualDataRegion",
55
+ // Feature-toggle audit fields (feature_toggle.changed events).
56
+ // key is a system identifier (no PII); oldEnabled/newEnabled are booleans;
57
+ // changedBy carries the admin's USER ID (never email — see convention doc).
58
+ "key",
59
+ "oldEnabled",
60
+ "newEnabled",
61
+ "changedBy",
62
+ ]);
13
63
  /**
14
64
  * Redact IPv4 to /24 and IPv6 to /64 for GDPR-compliant storage.
15
65
  * "1.2.3.4" → "1.2.3.0/24", "2001:db8::1" → "2001:db8::/64"
16
66
  */
17
- function anonymizeIp(ip) {
67
+ export function anonymizeIp(ip) {
18
68
  if (!ip || ip === "unknown")
19
69
  return ip;
20
70
  if (ip.includes(".")) {
@@ -34,7 +84,7 @@ function anonymizeIp(ip) {
34
84
  * Filter a raw payload object against the PII allowlist.
35
85
  * Returns the cleaned object and the number of dropped fields.
36
86
  */
37
- function filterPayload(payload, allowedFields = event_types_1.PII_ALLOWED_FIELDS) {
87
+ export function filterPayload(payload, allowedFields = PII_ALLOWED_FIELDS) {
38
88
  const filtered = {};
39
89
  let droppedCount = 0;
40
90
  for (const [key, value] of Object.entries(payload)) {
@@ -1 +1 @@
1
- {"version":3,"file":"pii-filter.js","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAaH,kCAiBC;AAMD,sCAiBC;AAnDD,+CAAmD;AAOnD;;;GAGG;AACH,SAAgB,WAAW,CAAC,EAAU;IACpC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAEvC,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3C,OAAO,GAAG,MAAM,OAAO,CAAC;IAC1B,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,OAAgC,EAChC,gBAA6B,gCAAkB;IAE/C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAC7B,YAAY,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AACpC,CAAC"}
1
+ {"version":3,"file":"pii-filter.js","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAS;IAChD,UAAU;IACV,aAAa;IACb,cAAc;IACd,YAAY;IACZ,SAAS;IACT,SAAS;IACT,QAAQ;IACR,WAAW;IACX,SAAS;IACT,QAAQ;IACR,UAAU;IACV,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,oBAAoB;IACpB,mBAAmB;IACnB,UAAU;IACV,gBAAgB;IAChB,MAAM;IACN,aAAa;IACb,MAAM;IACN,YAAY;IACZ,WAAW;IACX,+DAA+D;IAC/D,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,oDAAoD;IACpD,YAAY;IACZ,eAAe;IACf,+DAA+D;IAC/D,iEAAiE;IACjE,kEAAkE;IAClE,oEAAoE;IACpE,QAAQ;IACR,YAAY;IACZ,iBAAiB;IACjB,kBAAkB;IAClB,+DAA+D;IAC/D,2EAA2E;IAC3E,4EAA4E;IAC5E,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,WAAW;CACZ,CAAC,CAAC;AAOH;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,EAAU;IACpC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAEvC,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3C,OAAO,GAAG,MAAM,OAAO,CAAC;IAC1B,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAC3B,OAAgC,EAChC,gBAA6B,kBAAkB;IAE/C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAC7B,YAAY,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AACpC,CAAC"}
@@ -0,0 +1,94 @@
1
+ /**
2
+ * Trellis audit-action constants (phase 1.C.2).
3
+ *
4
+ * These are the canonical `action` strings trellis writes to the
5
+ * foundation audit log. `AuditAction` is an OPEN string union (frozen
6
+ * type) — well-known foundation values get autocomplete; consumers
7
+ * extend with their own dotted names without an API bump. We therefore
8
+ * declare these as `AuditAction`-typed constants (NOT an enum) so the
9
+ * call sites read symbolically while the values stay plain strings.
10
+ *
11
+ * Naming follows foundation's dotted convention. Two families:
12
+ * - data lifecycle (data.*, auth.*, system.region_change)
13
+ * - tenant / IdP (tenant.*, auth.agent_session.*, auth.refresh_replay)
14
+ *
15
+ * The tenant/IdP set is the migration of the old
16
+ * `lib/audit/event-types.ts` `AuditEventType` catalog; the string
17
+ * VALUES are preserved exactly so existing rows / dashboards keep
18
+ * matching.
19
+ */
20
+ import type { AuditAction } from "@de-otio/saas-foundation/audit";
21
+ export declare const DATA_READ: AuditAction;
22
+ export declare const DATA_CREATE: AuditAction;
23
+ export declare const DATA_UPDATE: AuditAction;
24
+ export declare const DATA_DELETE: AuditAction;
25
+ export declare const AUTH_LOGIN: AuditAction;
26
+ export declare const AUTH_LOGOUT: AuditAction;
27
+ export declare const AUTHZ_DENIED: AuditAction;
28
+ export declare const AUTHZ_GRANTED: AuditAction;
29
+ export declare const SYSTEM_REGION_CHANGE: AuditAction;
30
+ export declare const TENANT_CREATED: AuditAction;
31
+ export declare const TENANT_UPDATED: AuditAction;
32
+ export declare const TENANT_OWNERSHIP_TRANSFERRED: AuditAction;
33
+ export declare const TENANT_MEMBER_INVITED: AuditAction;
34
+ export declare const TENANT_MEMBER_JOINED: AuditAction;
35
+ export declare const TENANT_MEMBER_ROLE_CHANGED: AuditAction;
36
+ export declare const TENANT_MEMBER_REMOVED: AuditAction;
37
+ export declare const TENANT_DOMAIN_ADDED: AuditAction;
38
+ export declare const TENANT_DOMAIN_VERIFIED: AuditAction;
39
+ export declare const TENANT_DOMAIN_REMOVED: AuditAction;
40
+ export declare const TENANT_IDP_CONNECTED: AuditAction;
41
+ export declare const TENANT_IDP_MODIFIED: AuditAction;
42
+ export declare const TENANT_IDP_DISABLED: AuditAction;
43
+ export declare const TENANT_IDP_DELETED: AuditAction;
44
+ export declare const TENANT_ROLE_MAPPING_ADDED: AuditAction;
45
+ export declare const TENANT_ROLE_MAPPING_REMOVED: AuditAction;
46
+ export declare const TENANT_FEDERATED_LOGIN_SUCCESS: AuditAction;
47
+ export declare const TENANT_FEDERATED_LOGIN_DENIED: AuditAction;
48
+ export declare const TENANT_ROLE_REFRESHED_JIT: AuditAction;
49
+ export declare const AUTH_AGENT_SESSION_APPROVED: AuditAction;
50
+ export declare const AUTH_AGENT_SESSION_REVOKED: AuditAction;
51
+ export declare const AUTH_REFRESH_REPLAY: AuditAction;
52
+ export declare const RESEARCH_QUERY: AuditAction;
53
+ export declare const RESEARCH_EXTRACT: AuditAction;
54
+ export declare const EXPERIMENT_ASSIGN: AuditAction;
55
+ export declare const FEATURE_TOGGLE_CHANGED: AuditAction;
56
+ export declare const CONSENT_CHANGED: AuditAction;
57
+ /**
58
+ * Old tenant/IdP `AuditEventType` string -> `AuditAction` constant.
59
+ * The values are identical (preserved verbatim), so this is an identity
60
+ * map at runtime; it exists so the four `AuditEventEmitter` consumers
61
+ * (idp-handler, tenant-handler, agent-authorize, agent-sessions) can
62
+ * keep referencing `AuditEventType.TENANT_*` symbolically via a single
63
+ * re-exported object.
64
+ */
65
+ export declare const AuditEventType: {
66
+ readonly TENANT_CREATED: string & {};
67
+ readonly TENANT_UPDATED: string & {};
68
+ readonly TENANT_OWNERSHIP_TRANSFERRED: string & {};
69
+ readonly TENANT_MEMBER_INVITED: string & {};
70
+ readonly TENANT_MEMBER_JOINED: string & {};
71
+ readonly TENANT_MEMBER_ROLE_CHANGED: string & {};
72
+ readonly TENANT_MEMBER_REMOVED: string & {};
73
+ readonly TENANT_DOMAIN_ADDED: string & {};
74
+ readonly TENANT_DOMAIN_VERIFIED: string & {};
75
+ readonly TENANT_DOMAIN_REMOVED: string & {};
76
+ readonly TENANT_IDP_CONNECTED: string & {};
77
+ readonly TENANT_IDP_MODIFIED: string & {};
78
+ readonly TENANT_IDP_DISABLED: string & {};
79
+ readonly TENANT_IDP_DELETED: string & {};
80
+ readonly TENANT_ROLE_MAPPING_ADDED: string & {};
81
+ readonly TENANT_ROLE_MAPPING_REMOVED: string & {};
82
+ readonly TENANT_FEDERATED_LOGIN_SUCCESS: string & {};
83
+ readonly TENANT_FEDERATED_LOGIN_DENIED: string & {};
84
+ readonly TENANT_ROLE_REFRESHED_JIT: string & {};
85
+ readonly AUTH_AGENT_SESSION_APPROVED: string & {};
86
+ readonly AUTH_AGENT_SESSION_REVOKED: string & {};
87
+ readonly AUTH_REFRESH_REPLAY: string & {};
88
+ readonly RESEARCH_QUERY: string & {};
89
+ readonly RESEARCH_EXTRACT: string & {};
90
+ readonly EXPERIMENT_ASSIGN: string & {};
91
+ readonly FEATURE_TOGGLE_CHANGED: string & {};
92
+ readonly CONSENT_CHANGED: string & {};
93
+ };
94
+ //# sourceMappingURL=audit-actions.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"audit-actions.d.ts","sourceRoot":"","sources":["../../src/lib/audit-actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAGlE,eAAO,MAAM,SAAS,EAAE,WAAyB,CAAC;AAClD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AACtD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AACtD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AAEtD,eAAO,MAAM,UAAU,EAAE,WAA0B,CAAC;AACpD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AACtD,eAAO,MAAM,YAAY,EAAE,WAA4B,CAAC;AACxD,eAAO,MAAM,aAAa,EAAE,WAA6B,CAAC;AAE1D,eAAO,MAAM,oBAAoB,EAAE,WAAoC,CAAC;AAIxE,eAAO,MAAM,cAAc,EAAE,WAA8B,CAAC;AAC5D,eAAO,MAAM,cAAc,EAAE,WAA8B,CAAC;AAC5D,eAAO,MAAM,4BAA4B,EAAE,WAA4C,CAAC;AACxF,eAAO,MAAM,qBAAqB,EAAE,WAAqC,CAAC;AAC1E,eAAO,MAAM,oBAAoB,EAAE,WAAoC,CAAC;AACxE,eAAO,MAAM,0BAA0B,EAAE,WAA0C,CAAC;AACpF,eAAO,MAAM,qBAAqB,EAAE,WAAqC,CAAC;AAC1E,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AACtE,eAAO,MAAM,sBAAsB,EAAE,WAAsC,CAAC;AAC5E,eAAO,MAAM,qBAAqB,EAAE,WAAqC,CAAC;AAC1E,eAAO,MAAM,oBAAoB,EAAE,WAAoC,CAAC;AACxE,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AACtE,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AACtE,eAAO,MAAM,kBAAkB,EAAE,WAAkC,CAAC;AACpE,eAAO,MAAM,yBAAyB,EAAE,WAAyC,CAAC;AAClF,eAAO,MAAM,2BAA2B,EAAE,WAA2C,CAAC;AACtF,eAAO,MAAM,8BAA8B,EAAE,WAA8C,CAAC;AAC5F,eAAO,MAAM,6BAA6B,EAAE,WAA6C,CAAC;AAC1F,eAAO,MAAM,yBAAyB,EAAE,WAAyC,CAAC;AAElF,eAAO,MAAM,2BAA2B,EAAE,WAA2C,CAAC;AACtF,eAAO,MAAM,0BAA0B,EAAE,WAA0C,CAAC;AACpF,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AAOtE,eAAO,MAAM,cAAc,EAAE,WAA8B,CAAC;AAC5D,eAAO,MAAM,gBAAgB,EAAE,WAAgC,CAAC;AAChE,eAAO,MAAM,iBAAiB,EAAE,WAAiC,CAAC;AAKlE,eAAO,MAAM,sBAAsB,EAAE,WAAsC,CAAC;AAI5E,eAAO,MAAM,eAAe,EAAE,WAA+B,CAAC;AAE9D;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6BjB,CAAC"}
@@ -0,0 +1,107 @@
1
+ /**
2
+ * Trellis audit-action constants (phase 1.C.2).
3
+ *
4
+ * These are the canonical `action` strings trellis writes to the
5
+ * foundation audit log. `AuditAction` is an OPEN string union (frozen
6
+ * type) — well-known foundation values get autocomplete; consumers
7
+ * extend with their own dotted names without an API bump. We therefore
8
+ * declare these as `AuditAction`-typed constants (NOT an enum) so the
9
+ * call sites read symbolically while the values stay plain strings.
10
+ *
11
+ * Naming follows foundation's dotted convention. Two families:
12
+ * - data lifecycle (data.*, auth.*, system.region_change)
13
+ * - tenant / IdP (tenant.*, auth.agent_session.*, auth.refresh_replay)
14
+ *
15
+ * The tenant/IdP set is the migration of the old
16
+ * `lib/audit/event-types.ts` `AuditEventType` catalog; the string
17
+ * VALUES are preserved exactly so existing rows / dashboards keep
18
+ * matching.
19
+ */
20
+ // ── Data-lifecycle actions ───────────────────────────────────────────
21
+ export const DATA_READ = "data.read";
22
+ export const DATA_CREATE = "data.create";
23
+ export const DATA_UPDATE = "data.update";
24
+ export const DATA_DELETE = "data.delete";
25
+ export const AUTH_LOGIN = "auth.login";
26
+ export const AUTH_LOGOUT = "auth.logout";
27
+ export const AUTHZ_DENIED = "authz.denied";
28
+ export const AUTHZ_GRANTED = "authz.granted";
29
+ export const SYSTEM_REGION_CHANGE = "system.region_change";
30
+ // ── Tenant / IdP actions (migrated from lib/audit/event-types.ts) ─────
31
+ // VALUES preserved verbatim from the old `AuditEventType` catalog.
32
+ export const TENANT_CREATED = "tenant.created";
33
+ export const TENANT_UPDATED = "tenant.updated";
34
+ export const TENANT_OWNERSHIP_TRANSFERRED = "tenant.ownership_transferred";
35
+ export const TENANT_MEMBER_INVITED = "tenant.member.invited";
36
+ export const TENANT_MEMBER_JOINED = "tenant.member.joined";
37
+ export const TENANT_MEMBER_ROLE_CHANGED = "tenant.member.role_changed";
38
+ export const TENANT_MEMBER_REMOVED = "tenant.member.removed";
39
+ export const TENANT_DOMAIN_ADDED = "tenant.domain.added";
40
+ export const TENANT_DOMAIN_VERIFIED = "tenant.domain.verified";
41
+ export const TENANT_DOMAIN_REMOVED = "tenant.domain.removed";
42
+ export const TENANT_IDP_CONNECTED = "tenant.idp.connected";
43
+ export const TENANT_IDP_MODIFIED = "tenant.idp.modified";
44
+ export const TENANT_IDP_DISABLED = "tenant.idp.disabled";
45
+ export const TENANT_IDP_DELETED = "tenant.idp.deleted";
46
+ export const TENANT_ROLE_MAPPING_ADDED = "tenant.role_mapping.added";
47
+ export const TENANT_ROLE_MAPPING_REMOVED = "tenant.role_mapping.removed";
48
+ export const TENANT_FEDERATED_LOGIN_SUCCESS = "tenant.federated_login.success";
49
+ export const TENANT_FEDERATED_LOGIN_DENIED = "tenant.federated_login.denied";
50
+ export const TENANT_ROLE_REFRESHED_JIT = "tenant.role.refreshed_jit";
51
+ export const AUTH_AGENT_SESSION_APPROVED = "auth.agent_session.approved";
52
+ export const AUTH_AGENT_SESSION_REVOKED = "auth.agent_session.revoked";
53
+ export const AUTH_REFRESH_REPLAY = "auth.refresh_replay";
54
+ // ── Research / Experiment / Platform-control actions ─────────────────
55
+ //
56
+ // CONVENTION — research.query events MUST NEVER store raw query text in
57
+ // metadata; query text may contain PII. Store a hash or template string
58
+ // with parameters redacted. See doc/02-technical/development/audit-and-toggle-conventions.md.
59
+ export const RESEARCH_QUERY = "research.query";
60
+ export const RESEARCH_EXTRACT = "research.extract";
61
+ export const EXPERIMENT_ASSIGN = "experiment.assign";
62
+ // FEATURE_TOGGLE_CHANGED: emitted by FeatureToggleService.setToggle on
63
+ // every toggle write. Metadata: { key, oldEnabled, newEnabled, changedBy }
64
+ // where changedBy is the admin's USER ID (not email).
65
+ export const FEATURE_TOGGLE_CHANGED = "feature_toggle.changed";
66
+ // CONSENT_CHANGED: canonical action for user consent mutations emitted
67
+ // by the consent-management layer (another agent owns the emit sites).
68
+ export const CONSENT_CHANGED = "consent.changed";
69
+ /**
70
+ * Old tenant/IdP `AuditEventType` string -> `AuditAction` constant.
71
+ * The values are identical (preserved verbatim), so this is an identity
72
+ * map at runtime; it exists so the four `AuditEventEmitter` consumers
73
+ * (idp-handler, tenant-handler, agent-authorize, agent-sessions) can
74
+ * keep referencing `AuditEventType.TENANT_*` symbolically via a single
75
+ * re-exported object.
76
+ */
77
+ export const AuditEventType = {
78
+ TENANT_CREATED,
79
+ TENANT_UPDATED,
80
+ TENANT_OWNERSHIP_TRANSFERRED,
81
+ TENANT_MEMBER_INVITED,
82
+ TENANT_MEMBER_JOINED,
83
+ TENANT_MEMBER_ROLE_CHANGED,
84
+ TENANT_MEMBER_REMOVED,
85
+ TENANT_DOMAIN_ADDED,
86
+ TENANT_DOMAIN_VERIFIED,
87
+ TENANT_DOMAIN_REMOVED,
88
+ TENANT_IDP_CONNECTED,
89
+ TENANT_IDP_MODIFIED,
90
+ TENANT_IDP_DISABLED,
91
+ TENANT_IDP_DELETED,
92
+ TENANT_ROLE_MAPPING_ADDED,
93
+ TENANT_ROLE_MAPPING_REMOVED,
94
+ TENANT_FEDERATED_LOGIN_SUCCESS,
95
+ TENANT_FEDERATED_LOGIN_DENIED,
96
+ TENANT_ROLE_REFRESHED_JIT,
97
+ AUTH_AGENT_SESSION_APPROVED,
98
+ AUTH_AGENT_SESSION_REVOKED,
99
+ AUTH_REFRESH_REPLAY,
100
+ // Research / Experiment / Platform-control
101
+ RESEARCH_QUERY,
102
+ RESEARCH_EXTRACT,
103
+ EXPERIMENT_ASSIGN,
104
+ FEATURE_TOGGLE_CHANGED,
105
+ CONSENT_CHANGED,
106
+ };
107
+ //# sourceMappingURL=audit-actions.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"audit-actions.js","sourceRoot":"","sources":["../../src/lib/audit-actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,wEAAwE;AACxE,MAAM,CAAC,MAAM,SAAS,GAAgB,WAAW,CAAC;AAClD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AAEtD,MAAM,CAAC,MAAM,UAAU,GAAgB,YAAY,CAAC;AACpD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,YAAY,GAAgB,cAAc,CAAC;AACxD,MAAM,CAAC,MAAM,aAAa,GAAgB,eAAe,CAAC;AAE1D,MAAM,CAAC,MAAM,oBAAoB,GAAgB,sBAAsB,CAAC;AAExE,yEAAyE;AACzE,mEAAmE;AACnE,MAAM,CAAC,MAAM,cAAc,GAAgB,gBAAgB,CAAC;AAC5D,MAAM,CAAC,MAAM,cAAc,GAAgB,gBAAgB,CAAC;AAC5D,MAAM,CAAC,MAAM,4BAA4B,GAAgB,8BAA8B,CAAC;AACxF,MAAM,CAAC,MAAM,qBAAqB,GAAgB,uBAAuB,CAAC;AAC1E,MAAM,CAAC,MAAM,oBAAoB,GAAgB,sBAAsB,CAAC;AACxE,MAAM,CAAC,MAAM,0BAA0B,GAAgB,4BAA4B,CAAC;AACpF,MAAM,CAAC,MAAM,qBAAqB,GAAgB,uBAAuB,CAAC;AAC1E,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AACtE,MAAM,CAAC,MAAM,sBAAsB,GAAgB,wBAAwB,CAAC;AAC5E,MAAM,CAAC,MAAM,qBAAqB,GAAgB,uBAAuB,CAAC;AAC1E,MAAM,CAAC,MAAM,oBAAoB,GAAgB,sBAAsB,CAAC;AACxE,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AACtE,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AACtE,MAAM,CAAC,MAAM,kBAAkB,GAAgB,oBAAoB,CAAC;AACpE,MAAM,CAAC,MAAM,yBAAyB,GAAgB,2BAA2B,CAAC;AAClF,MAAM,CAAC,MAAM,2BAA2B,GAAgB,6BAA6B,CAAC;AACtF,MAAM,CAAC,MAAM,8BAA8B,GAAgB,gCAAgC,CAAC;AAC5F,MAAM,CAAC,MAAM,6BAA6B,GAAgB,+BAA+B,CAAC;AAC1F,MAAM,CAAC,MAAM,yBAAyB,GAAgB,2BAA2B,CAAC;AAElF,MAAM,CAAC,MAAM,2BAA2B,GAAgB,6BAA6B,CAAC;AACtF,MAAM,CAAC,MAAM,0BAA0B,GAAgB,4BAA4B,CAAC;AACpF,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AAEtE,wEAAwE;AACxE,EAAE;AACF,wEAAwE;AACxE,wEAAwE;AACxE,8FAA8F;AAC9F,MAAM,CAAC,MAAM,cAAc,GAAgB,gBAAgB,CAAC;AAC5D,MAAM,CAAC,MAAM,gBAAgB,GAAgB,kBAAkB,CAAC;AAChE,MAAM,CAAC,MAAM,iBAAiB,GAAgB,mBAAmB,CAAC;AAElE,uEAAuE;AACvE,2EAA2E;AAC3E,sDAAsD;AACtD,MAAM,CAAC,MAAM,sBAAsB,GAAgB,wBAAwB,CAAC;AAE5E,uEAAuE;AACvE,uEAAuE;AACvE,MAAM,CAAC,MAAM,eAAe,GAAgB,iBAAiB,CAAC;AAE9D;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,cAAc;IACd,cAAc;IACd,4BAA4B;IAC5B,qBAAqB;IACrB,oBAAoB;IACpB,0BAA0B;IAC1B,qBAAqB;IACrB,mBAAmB;IACnB,sBAAsB;IACtB,qBAAqB;IACrB,oBAAoB;IACpB,mBAAmB;IACnB,mBAAmB;IACnB,kBAAkB;IAClB,yBAAyB;IACzB,2BAA2B;IAC3B,8BAA8B;IAC9B,6BAA6B;IAC7B,yBAAyB;IACzB,2BAA2B;IAC3B,0BAA0B;IAC1B,mBAAmB;IACnB,2CAA2C;IAC3C,cAAc;IACd,gBAAgB;IAChB,iBAAiB;IACjB,sBAAsB;IACtB,eAAe;CACP,CAAC"}
@@ -0,0 +1,174 @@
1
+ /**
2
+ * Audit composer (phase 1.C.2).
3
+ *
4
+ * Trellis-side facade over `@de-otio/saas-foundation/audit`. Replaces
5
+ * the old `AuditLogger` (data lifecycle) and `AuditEventEmitter`
6
+ * (tenant / IdP) with a single composition point that:
7
+ *
8
+ * 1. Applies trellis's default-DENY allowlist (`filterPayload`) +
9
+ * IP anonymisation (`anonymizeIp`) to event metadata BEFORE the
10
+ * event reaches foundation. (LOCKED: keep the allowlist.)
11
+ * 2. Hands the scrubbed event to foundation's `AuditLog`, which is
12
+ * configured with foundation's `PiiFilter` (denylist) as a
13
+ * SECOND, additive layer. (LOCKED: denylist is additive, not a
14
+ * replacement.)
15
+ * 3. Persists via `PostgresAuditStore` over a region-resolved Prisma
16
+ * client. Retention tiers: info=30, warning=90, error=365 days.
17
+ * (LOCKED.)
18
+ *
19
+ * Frozen-type crossing: this module is the first trellis consumer of
20
+ * the frozen `AuditEvent` / `AuditAction` vocabulary. Future changes to
21
+ * the emitted shape go through the frozen-type RFC process.
22
+ *
23
+ * Severity collapse (trellis 4-tier -> foundation 3-tier):
24
+ * low + medium -> info (30d)
25
+ * high -> warning (90d)
26
+ * critical -> error (365d)
27
+ *
28
+ * ── SECURITY-SENSITIVE READ CONVENTION ───────────────────────────────
29
+ *
30
+ * Any BULK, CROSS-USER, or EXPORT read of user data MUST emit an audit
31
+ * event. An audit trail cannot be backfilled — if the read is not
32
+ * recorded at the time it occurs, it is permanently invisible to
33
+ * compliance reviews.
34
+ *
35
+ * Worked example — admin bulk-export of user records:
36
+ *
37
+ * await auditLogger.logDataAccess({
38
+ * action: DATA_READ,
39
+ * resource: "user",
40
+ * resourceId: `bulk:${requestedCount}`,
41
+ * userId: session.userId, // the requesting admin's ID
42
+ * region: detectedRegion,
43
+ * success: true,
44
+ * metadata: {
45
+ * targetType: "user_export",
46
+ * reason: "compliance_request",
47
+ * },
48
+ * }, env);
49
+ *
50
+ * Scope of the rule:
51
+ * - Covered NOW: mutations (data.create / update / delete), auth,
52
+ * feature_toggle.changed, tenant / IdP events.
53
+ * - Deferred: individual single-user reads (low priority).
54
+ * - IN SCOPE for the research platform: any research.query,
55
+ * research.extract, experiment.assign operation.
56
+ *
57
+ * See doc/02-technical/development/audit-and-toggle-conventions.md for
58
+ * naming conventions, prefix rules, and the research.query PII rule.
59
+ */
60
+ import type { AuditAction, AuditEvent } from "@de-otio/saas-foundation/audit";
61
+ import { type EnvWithDb } from "../db.js";
62
+ import { type Region } from "./region-detection.js";
63
+ export type TrellisSeverity = "low" | "medium" | "high" | "critical";
64
+ /**
65
+ * Anything with an `auditEvent.create` method. The real Prisma client
66
+ * (`ManagedPrismaClient`), the structural `PrismaAuditClient`, and test
67
+ * mocks all satisfy this. Foundation's `PostgresAuditStore` requires the
68
+ * narrower `PrismaAuditClient`; Prisma's generated `create` is more
69
+ * generic than (and so not structurally assignable to) foundation's
70
+ * narrow shape, so we accept the broad type at the boundary and cast
71
+ * once inside `getAuditLog`. The cast is runtime-safe — the column
72
+ * names foundation writes match the generated `AuditEvent` model.
73
+ */
74
+ export type AuditPrismaClientLike = {
75
+ readonly auditEvent: {
76
+ create: (...args: never[]) => unknown;
77
+ };
78
+ };
79
+ export type TrellisAuditEventType = "data_access" | "data_create" | "data_update" | "data_delete" | "user_action" | "authentication" | "authorization" | "region_change";
80
+ export interface TrellisAuditEvent {
81
+ type?: TrellisAuditEventType;
82
+ action: string;
83
+ resource: string;
84
+ resourceId?: string;
85
+ userId?: string;
86
+ region: Region;
87
+ dataRegion?: string;
88
+ ipAddress?: string;
89
+ userAgent?: string;
90
+ metadata?: Record<string, unknown>;
91
+ severity?: TrellisSeverity;
92
+ success: boolean;
93
+ }
94
+ export interface TrellisAuditLoggerEnv extends EnvWithDb {
95
+ DEFAULT_REGION?: string;
96
+ }
97
+ /**
98
+ * `TrellisAuditLogger` — drop-in for the old `AuditLogger`. Region-aware
99
+ * (resolves a Prisma client per region), best-effort (never throws into
100
+ * the caller), and validates region before emitting (invalid-region
101
+ * events are dropped, as before).
102
+ */
103
+ export declare class TrellisAuditLogger {
104
+ private readonly requestId?;
105
+ constructor(_env?: TrellisAuditLoggerEnv, requestId?: string | undefined);
106
+ withRequestId(requestId: string): TrellisAuditLogger;
107
+ logDataAccess(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
108
+ type?: TrellisAuditEventType;
109
+ severity?: TrellisSeverity;
110
+ }, env: TrellisAuditLoggerEnv): Promise<void>;
111
+ logUserAction(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
112
+ type?: TrellisAuditEventType;
113
+ severity?: TrellisSeverity;
114
+ }, env: TrellisAuditLoggerEnv): Promise<void>;
115
+ logAuthentication(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
116
+ type?: TrellisAuditEventType;
117
+ severity?: TrellisSeverity;
118
+ }, env: TrellisAuditLoggerEnv): Promise<void>;
119
+ logAuthorization(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
120
+ type?: TrellisAuditEventType;
121
+ severity?: TrellisSeverity;
122
+ }, env: TrellisAuditLoggerEnv): Promise<void>;
123
+ /** Generic entry point — accepts a full trellis event. */
124
+ log(event: Omit<TrellisAuditEvent, "severity"> & {
125
+ severity?: TrellisSeverity;
126
+ }, env: TrellisAuditLoggerEnv): Promise<void>;
127
+ /**
128
+ * Emit a system-level event where the `action` string is passed directly
129
+ * to the foundation audit log (bypassing the coarse `actionFor()` mapping).
130
+ *
131
+ * Use for platform-control actions like `feature_toggle.changed`,
132
+ * `consent.changed`, `experiment.assign` that have their own dedicated
133
+ * action constant and should not be collapsed to a coarse `data.*` label.
134
+ *
135
+ * The `action` parameter MUST be a known `AuditAction` constant from
136
+ * `audit-actions.ts`; do not pass free-form strings.
137
+ *
138
+ * Best-effort — never throws into the caller.
139
+ */
140
+ logSystemAction(action: AuditAction, event: Omit<TrellisAuditEvent, "type" | "action" | "severity"> & {
141
+ severity?: TrellisSeverity;
142
+ }, env: TrellisAuditLoggerEnv): Promise<void>;
143
+ private emitDirect;
144
+ private emit;
145
+ }
146
+ /** Factory — drop-in for the old `createAuditLogger`. */
147
+ export declare function createAuditLogger(env?: TrellisAuditLoggerEnv, requestId?: string): TrellisAuditLogger;
148
+ /** Input shape preserved from the old `AuditEventEmitter.emit`. */
149
+ export interface TenantAuditEmitInput {
150
+ type: AuditAction;
151
+ tenantId: string;
152
+ actorUserId: string;
153
+ payload: Record<string, unknown>;
154
+ /** Source IP — anonymised to /24 (v4) or /64 (v6) before storage. */
155
+ sourceIp?: string;
156
+ /** Present when made through an agent session. */
157
+ agentSessionId?: string;
158
+ }
159
+ /**
160
+ * `TenantAuditEmitter` — replaces the CloudWatch+Postgres
161
+ * `AuditEventEmitter`. CloudWatch is dropped (foundation owns the sink);
162
+ * the Postgres write now goes through foundation's `AuditLog` /
163
+ * `PostgresAuditStore`. Signature `emit(input, prismaClient)` is
164
+ * preserved so the four consumers change only their import.
165
+ *
166
+ * Tenant/IdP events are tenant-scoped (`actor.kind = "user"`,
167
+ * `tenantId` set) and default to `info` severity (matching the old
168
+ * "medium" -> info collapse).
169
+ */
170
+ export declare class TenantAuditEmitter {
171
+ emit(input: TenantAuditEmitInput, prisma: AuditPrismaClientLike): Promise<void>;
172
+ }
173
+ export type { AuditEvent };
174
+ //# sourceMappingURL=audit-composer.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"audit-composer.d.ts","sourceRoot":"","sources":["../../src/lib/audit-composer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0DG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAK9E,OAAO,EAAyB,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAiB,KAAK,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAcnE,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAuDrE;;;;;;;;;GASG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,OAAO,CAAA;KAAE,CAAC;CAChE,CAAC;AAqBF,MAAM,MAAM,qBAAqB,GAC7B,aAAa,GACb,aAAa,GACb,aAAa,GACb,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,eAAe,GACf,eAAe,CAAC;AAEpB,MAAM,WAAW,iBAAiB;IAChC,IAAI,CAAC,EAAE,qBAAqB,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,qBAAsB,SAAQ,SAAS;IACtD,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AA4BD;;;;;GAKG;AACH,qBAAa,kBAAkB;IAM3B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAD3B,IAAI,CAAC,EAAE,qBAAqB,EACX,SAAS,CAAC,EAAE,MAAM,YAAA;IAG9B,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,kBAAkB;IAI9C,aAAa,CACxB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAOH,aAAa,CACxB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAOH,iBAAiB,CAC5B,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAYH,gBAAgB,CAC3B,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAWhB,0DAA0D;IAC7C,GAAG,CACd,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,eAAe,CAAA;KAAE,EAC3E,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAahB;;;;;;;;;;;;OAYG;IACU,eAAe,CAC1B,MAAM,EAAE,WAAW,EACnB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,QAAQ,GAAG,UAAU,CAAC,GAAG;QAC/D,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;YAIF,UAAU;YAuEV,IAAI;CA6FnB;AAED,yDAAyD;AACzD,wBAAgB,iBAAiB,CAC/B,GAAG,CAAC,EAAE,qBAAqB,EAC3B,SAAS,CAAC,EAAE,MAAM,GACjB,kBAAkB,CAEpB;AAID,mEAAmE;AACnE,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,WAAW,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,kBAAkB;IAChB,IAAI,CAAC,KAAK,EAAE,oBAAoB,EAAE,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;CAyC7F;AAED,YAAY,EAAE,UAAU,EAAE,CAAC"}