@de-otio/trellis 0.7.1 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -0
- package/dist/db.js +10 -18
- package/dist/db.js.map +1 -1
- package/dist/env.d.ts +66 -6
- package/dist/env.d.ts.map +1 -1
- package/dist/env.js +89 -70
- package/dist/env.js.map +1 -1
- package/dist/extensions.js +3 -8
- package/dist/extensions.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -9
- package/dist/index.js.map +1 -1
- package/dist/lambda/cleanup-cron.d.ts.map +1 -1
- package/dist/lambda/cleanup-cron.js +20 -24
- package/dist/lambda/cleanup-cron.js.map +1 -1
- package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/create-auth-challenge.js +17 -19
- package/dist/lambda/create-auth-challenge.js.map +1 -1
- package/dist/lambda/custom-message.js +1 -5
- package/dist/lambda/custom-message.js.map +1 -1
- package/dist/lambda/define-auth-challenge.js +1 -5
- package/dist/lambda/define-auth-challenge.js.map +1 -1
- package/dist/lambda/delete-account-worker.d.ts.map +1 -1
- package/dist/lambda/delete-account-worker.js +25 -58
- package/dist/lambda/delete-account-worker.js.map +1 -1
- package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
- package/dist/lambda/diagnostics-proxy.js +14 -49
- package/dist/lambda/diagnostics-proxy.js.map +1 -1
- package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
- package/dist/lambda/e2e-sweeper.js +30 -38
- package/dist/lambda/e2e-sweeper.js.map +1 -1
- package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
- package/dist/lambda/federation-outbox-worker.js +4 -6
- package/dist/lambda/federation-outbox-worker.js.map +1 -1
- package/dist/lambda/followers-events-worker.d.ts.map +1 -1
- package/dist/lambda/followers-events-worker.js +4 -6
- package/dist/lambda/followers-events-worker.js.map +1 -1
- package/dist/lambda/hourly-cron.d.ts.map +1 -1
- package/dist/lambda/hourly-cron.js +100 -32
- package/dist/lambda/hourly-cron.js.map +1 -1
- package/dist/lambda/link-check-worker.d.ts.map +1 -1
- package/dist/lambda/link-check-worker.js +4 -6
- package/dist/lambda/link-check-worker.js.map +1 -1
- package/dist/lambda/maintenance-cron.d.ts.map +1 -1
- package/dist/lambda/maintenance-cron.js +30 -63
- package/dist/lambda/maintenance-cron.js.map +1 -1
- package/dist/lambda/media-processing-worker.d.ts.map +1 -1
- package/dist/lambda/media-processing-worker.js +11 -46
- package/dist/lambda/media-processing-worker.js.map +1 -1
- package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
- package/dist/lambda/media-reconciliation-worker.js +4 -6
- package/dist/lambda/media-reconciliation-worker.js.map +1 -1
- package/dist/lambda/nightly-cron.d.ts.map +1 -1
- package/dist/lambda/nightly-cron.js +67 -112
- package/dist/lambda/nightly-cron.js.map +1 -1
- package/dist/lambda/post-confirmation.d.ts.map +1 -1
- package/dist/lambda/post-confirmation.js +203 -47
- package/dist/lambda/post-confirmation.js.map +1 -1
- package/dist/lambda/pre-signup.js +7 -11
- package/dist/lambda/pre-signup.js.map +1 -1
- package/dist/lambda/pre-token-generation.d.ts.map +1 -1
- package/dist/lambda/pre-token-generation.js +27 -35
- package/dist/lambda/pre-token-generation.js.map +1 -1
- package/dist/lambda/tools/check-health.js +1 -5
- package/dist/lambda/tools/check-health.js.map +1 -1
- package/dist/lambda/tools/describe-services.js +4 -8
- package/dist/lambda/tools/describe-services.js.map +1 -1
- package/dist/lambda/tools/get-cost-report.js +4 -8
- package/dist/lambda/tools/get-cost-report.js.map +1 -1
- package/dist/lambda/tools/get-errors.js +5 -9
- package/dist/lambda/tools/get-errors.js.map +1 -1
- package/dist/lambda/tools/get-feature-flags.js +4 -8
- package/dist/lambda/tools/get-feature-flags.js.map +1 -1
- package/dist/lambda/tools/get-queue-status.js +5 -9
- package/dist/lambda/tools/get-queue-status.js.map +1 -1
- package/dist/lambda/tools/search-logs.js +5 -9
- package/dist/lambda/tools/search-logs.js.map +1 -1
- package/dist/lambda/tools/send-alert.js +4 -8
- package/dist/lambda/tools/send-alert.js.map +1 -1
- package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/verify-auth-challenge.js +10 -12
- package/dist/lambda/verify-auth-challenge.js.map +1 -1
- package/dist/lib/abuse-metrics.d.ts.map +1 -1
- package/dist/lib/abuse-metrics.js +10 -13
- package/dist/lib/abuse-metrics.js.map +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
- package/dist/lib/activitypub/activity-processor.js +9 -43
- package/dist/lib/activitypub/activity-processor.js.map +1 -1
- package/dist/lib/activitypub/activity-service.js +1 -5
- package/dist/lib/activitypub/activity-service.js.map +1 -1
- package/dist/lib/activitypub/actor.d.ts +1 -1
- package/dist/lib/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/activitypub/actor.js +1 -5
- package/dist/lib/activitypub/actor.js.map +1 -1
- package/dist/lib/activitypub/audience-service.d.ts +2 -2
- package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
- package/dist/lib/activitypub/audience-service.js +8 -12
- package/dist/lib/activitypub/audience-service.js.map +1 -1
- package/dist/lib/activitypub/crypto.d.ts +1 -1
- package/dist/lib/activitypub/crypto.d.ts.map +1 -1
- package/dist/lib/activitypub/crypto.js +3 -41
- package/dist/lib/activitypub/crypto.js.map +1 -1
- package/dist/lib/activitypub/delivery-service.d.ts +5 -5
- package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
- package/dist/lib/activitypub/delivery-service.js +10 -47
- package/dist/lib/activitypub/delivery-service.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
- package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
- package/dist/lib/activitypub/dm-service.js +1 -5
- package/dist/lib/activitypub/dm-service.js.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.js +6 -10
- package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
- package/dist/lib/activitypub/fedify/config.d.ts +3 -3
- package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/config.js +5 -8
- package/dist/lib/activitypub/fedify/config.js.map +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/context.js +8 -12
- package/dist/lib/activitypub/fedify/context.js.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.js +3 -6
- package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
- package/dist/lib/activitypub/friendship-service.js +1 -5
- package/dist/lib/activitypub/friendship-service.js.map +1 -1
- package/dist/lib/activitypub/group-service.d.ts +1 -1
- package/dist/lib/activitypub/group-service.d.ts.map +1 -1
- package/dist/lib/activitypub/group-service.js +9 -46
- package/dist/lib/activitypub/group-service.js.map +1 -1
- package/dist/lib/activitypub/http-signatures.js +8 -45
- package/dist/lib/activitypub/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/jsonld.d.ts +1 -1
- package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
- package/dist/lib/activitypub/jsonld.js +1 -5
- package/dist/lib/activitypub/jsonld.js.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
- package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
- package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
- package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.js +31 -35
- package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.js +17 -20
- package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
- package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.js +6 -10
- package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
- package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
- package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.js +3 -8
- package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
- package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
- package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
- package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
- package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
- package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
- package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
- package/dist/lib/activitypub/standalone-mode.js +13 -50
- package/dist/lib/activitypub/standalone-mode.js.map +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
- package/dist/lib/activitypub/webfinger/server.js +18 -54
- package/dist/lib/activitypub/webfinger/server.js.map +1 -1
- package/dist/lib/age-gate-middleware.d.ts +4 -4
- package/dist/lib/age-gate-middleware.d.ts.map +1 -1
- package/dist/lib/age-gate-middleware.js +3 -6
- package/dist/lib/age-gate-middleware.js.map +1 -1
- package/dist/lib/age-gate.js +3 -8
- package/dist/lib/age-gate.js.map +1 -1
- package/dist/lib/age-tier-transition.d.ts +1 -1
- package/dist/lib/age-tier-transition.d.ts.map +1 -1
- package/dist/lib/age-tier-transition.js +7 -44
- package/dist/lib/age-tier-transition.js.map +1 -1
- package/dist/lib/app.d.ts +76 -0
- package/dist/lib/app.d.ts.map +1 -0
- package/dist/lib/app.js +400 -0
- package/dist/lib/app.js.map +1 -0
- package/dist/lib/audit/csv-export.js +6 -13
- package/dist/lib/audit/csv-export.js.map +1 -1
- package/dist/lib/audit/pii-filter.d.ts +9 -0
- package/dist/lib/audit/pii-filter.d.ts.map +1 -1
- package/dist/lib/audit/pii-filter.js +57 -7
- package/dist/lib/audit/pii-filter.js.map +1 -1
- package/dist/lib/audit-actions.d.ts +94 -0
- package/dist/lib/audit-actions.d.ts.map +1 -0
- package/dist/lib/audit-actions.js +107 -0
- package/dist/lib/audit-actions.js.map +1 -0
- package/dist/lib/audit-composer.d.ts +174 -0
- package/dist/lib/audit-composer.d.ts.map +1 -0
- package/dist/lib/audit-composer.js +421 -0
- package/dist/lib/audit-composer.js.map +1 -0
- package/dist/lib/auth/auth-context.d.ts +1 -1
- package/dist/lib/auth/auth-context.js +1 -2
- package/dist/lib/auth/auth-context.js.map +1 -1
- package/dist/lib/auth/auth-middleware.d.ts +16 -2
- package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
- package/dist/lib/auth/auth-middleware.js +36 -45
- package/dist/lib/auth/auth-middleware.js.map +1 -1
- package/dist/lib/auth/capabilities.js +2 -5
- package/dist/lib/auth/capabilities.js.map +1 -1
- package/dist/lib/auth/claims-cache.d.ts +2 -2
- package/dist/lib/auth/claims-cache.js +19 -24
- package/dist/lib/auth/claims-cache.js.map +1 -1
- package/dist/lib/auth/cognito-jwt.d.ts +20 -2
- package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
- package/dist/lib/auth/cognito-jwt.js +83 -23
- package/dist/lib/auth/cognito-jwt.js.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.js +4 -10
- package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
- package/dist/lib/auth/require.d.ts +4 -4
- package/dist/lib/auth/require.d.ts.map +1 -1
- package/dist/lib/auth/require.js +11 -18
- package/dist/lib/auth/require.js.map +1 -1
- package/dist/lib/auth/role-grants.d.ts +1 -1
- package/dist/lib/auth/role-grants.d.ts.map +1 -1
- package/dist/lib/auth/role-grants.js +28 -31
- package/dist/lib/auth/role-grants.js.map +1 -1
- package/dist/lib/auth-context-manager.js +1 -5
- package/dist/lib/auth-context-manager.js.map +1 -1
- package/dist/lib/auth-handler.d.ts +5 -5
- package/dist/lib/auth-handler.d.ts.map +1 -1
- package/dist/lib/auth-handler.js +5 -9
- package/dist/lib/auth-handler.js.map +1 -1
- package/dist/lib/badge-handler.d.ts +1 -1
- package/dist/lib/badge-handler.d.ts.map +1 -1
- package/dist/lib/badge-handler.js +14 -52
- package/dist/lib/badge-handler.js.map +1 -1
- package/dist/lib/circle-handler.d.ts +10 -10
- package/dist/lib/circle-handler.d.ts.map +1 -1
- package/dist/lib/circle-handler.js +10 -47
- package/dist/lib/circle-handler.js.map +1 -1
- package/dist/lib/cognito/idp-sdk.js +11 -18
- package/dist/lib/cognito/idp-sdk.js.map +1 -1
- package/dist/lib/cognito/issuer-probe.js +9 -14
- package/dist/lib/cognito/issuer-probe.js.map +1 -1
- package/dist/lib/comment-handler.d.ts +10 -10
- package/dist/lib/comment-handler.d.ts.map +1 -1
- package/dist/lib/comment-handler.js +61 -97
- package/dist/lib/comment-handler.js.map +1 -1
- package/dist/lib/compliance/baseline.d.ts +2 -2
- package/dist/lib/compliance/baseline.d.ts.map +1 -1
- package/dist/lib/compliance/baseline.js +15 -18
- package/dist/lib/compliance/baseline.js.map +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
- package/dist/lib/compliance/tenant-merge.js +1 -4
- package/dist/lib/compliance/tenant-merge.js.map +1 -1
- package/dist/lib/compliance/types.d.ts +1 -1
- package/dist/lib/compliance/types.js +2 -3
- package/dist/lib/compliance/types.js.map +1 -1
- package/dist/lib/connection-code-handler.d.ts +7 -7
- package/dist/lib/connection-code-handler.d.ts.map +1 -1
- package/dist/lib/connection-code-handler.js +13 -50
- package/dist/lib/connection-code-handler.js.map +1 -1
- package/dist/lib/content-discovery.d.ts +1 -1
- package/dist/lib/content-discovery.d.ts.map +1 -1
- package/dist/lib/content-discovery.js +15 -52
- package/dist/lib/content-discovery.js.map +1 -1
- package/dist/lib/context-aware-data-access.d.ts +1 -1
- package/dist/lib/context-aware-data-access.d.ts.map +1 -1
- package/dist/lib/context-aware-data-access.js +1 -5
- package/dist/lib/context-aware-data-access.js.map +1 -1
- package/dist/lib/cors-handler.d.ts +1 -1
- package/dist/lib/cors-handler.d.ts.map +1 -1
- package/dist/lib/cors-handler.js +13 -17
- package/dist/lib/cors-handler.js.map +1 -1
- package/dist/lib/cost-accumulator.d.ts.map +1 -1
- package/dist/lib/cost-accumulator.js +7 -11
- package/dist/lib/cost-accumulator.js.map +1 -1
- package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
- package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
- package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
- package/dist/lib/crypto/voting/hash-utils.js +6 -12
- package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
- package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
- package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/index.js +4 -14
- package/dist/lib/crypto/voting/index.js.map +1 -1
- package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
- package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
- package/dist/lib/csrf.d.ts +2 -2
- package/dist/lib/csrf.d.ts.map +1 -1
- package/dist/lib/csrf.js +1 -5
- package/dist/lib/csrf.js.map +1 -1
- package/dist/lib/data-router.d.ts +5 -4
- package/dist/lib/data-router.d.ts.map +1 -1
- package/dist/lib/data-router.js +67 -90
- package/dist/lib/data-router.js.map +1 -1
- package/dist/lib/database-circuit-breaker.d.ts +61 -34
- package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
- package/dist/lib/database-circuit-breaker.js +102 -109
- package/dist/lib/database-circuit-breaker.js.map +1 -1
- package/dist/lib/database-config.js +1 -4
- package/dist/lib/database-config.js.map +1 -1
- package/dist/lib/database-connection-manager.d.ts +42 -2
- package/dist/lib/database-connection-manager.d.ts.map +1 -1
- package/dist/lib/database-connection-manager.js +178 -74
- package/dist/lib/database-connection-manager.js.map +1 -1
- package/dist/lib/database-monitor.d.ts +1 -1
- package/dist/lib/database-monitor.d.ts.map +1 -1
- package/dist/lib/database-monitor.js +5 -9
- package/dist/lib/database-monitor.js.map +1 -1
- package/dist/lib/database-rate-limiter.d.ts +1 -1
- package/dist/lib/database-rate-limiter.d.ts.map +1 -1
- package/dist/lib/database-rate-limiter.js +3 -7
- package/dist/lib/database-rate-limiter.js.map +1 -1
- package/dist/lib/database-wrapper-helper.d.ts +2 -2
- package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
- package/dist/lib/database-wrapper-helper.js +7 -11
- package/dist/lib/database-wrapper-helper.js.map +1 -1
- package/dist/lib/database-wrapper.d.ts +1 -1
- package/dist/lib/database-wrapper.d.ts.map +1 -1
- package/dist/lib/database-wrapper.js +5 -9
- package/dist/lib/database-wrapper.js.map +1 -1
- package/dist/lib/db-query-helper.d.ts +3 -3
- package/dist/lib/db-query-helper.d.ts.map +1 -1
- package/dist/lib/db-query-helper.js +4 -9
- package/dist/lib/db-query-helper.js.map +1 -1
- package/dist/lib/discovery-exposure.d.ts +42 -0
- package/dist/lib/discovery-exposure.d.ts.map +1 -0
- package/dist/lib/discovery-exposure.js +89 -0
- package/dist/lib/discovery-exposure.js.map +1 -0
- package/dist/lib/discovery-handler.d.ts +6 -6
- package/dist/lib/discovery-handler.d.ts.map +1 -1
- package/dist/lib/discovery-handler.js +10 -43
- package/dist/lib/discovery-handler.js.map +1 -1
- package/dist/lib/domain-reputation-service.d.ts +1 -1
- package/dist/lib/domain-reputation-service.d.ts.map +1 -1
- package/dist/lib/domain-reputation-service.js +12 -15
- package/dist/lib/domain-reputation-service.js.map +1 -1
- package/dist/lib/email-privacy.js +4 -8
- package/dist/lib/email-privacy.js.map +1 -1
- package/dist/lib/email-provider.d.ts +2 -2
- package/dist/lib/email-provider.d.ts.map +1 -1
- package/dist/lib/email-provider.js +8 -16
- package/dist/lib/email-provider.js.map +1 -1
- package/dist/lib/entity-handler.d.ts +5 -6
- package/dist/lib/entity-handler.d.ts.map +1 -1
- package/dist/lib/entity-handler.js +52 -81
- package/dist/lib/entity-handler.js.map +1 -1
- package/dist/lib/entity-relationship-handler.d.ts +9 -9
- package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
- package/dist/lib/entity-relationship-handler.js +14 -51
- package/dist/lib/entity-relationship-handler.js.map +1 -1
- package/dist/lib/entity-tagging-errors.js +4 -11
- package/dist/lib/entity-tagging-errors.js.map +1 -1
- package/dist/lib/entity-tagging-validator.d.ts +3 -3
- package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
- package/dist/lib/entity-tagging-validator.js +6 -11
- package/dist/lib/entity-tagging-validator.js.map +1 -1
- package/dist/lib/exif-stripper.js +1 -4
- package/dist/lib/exif-stripper.js.map +1 -1
- package/dist/lib/extension-context.d.ts +2 -2
- package/dist/lib/extension-context.d.ts.map +1 -1
- package/dist/lib/extension-context.js +1 -4
- package/dist/lib/extension-context.js.map +1 -1
- package/dist/lib/extension-route-wrapper.d.ts +1 -1
- package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
- package/dist/lib/extension-route-wrapper.js +17 -55
- package/dist/lib/extension-route-wrapper.js.map +1 -1
- package/dist/lib/extension-validator.js +3 -6
- package/dist/lib/extension-validator.js.map +1 -1
- package/dist/lib/feature-flags.d.ts +5 -2
- package/dist/lib/feature-flags.d.ts.map +1 -1
- package/dist/lib/feature-flags.js +15 -48
- package/dist/lib/feature-flags.js.map +1 -1
- package/dist/lib/feature-toggle-global-client.d.ts +6 -0
- package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
- package/dist/lib/feature-toggle-global-client.js +73 -0
- package/dist/lib/feature-toggle-global-client.js.map +1 -0
- package/dist/lib/feature-toggle-service.d.ts +137 -27
- package/dist/lib/feature-toggle-service.d.ts.map +1 -1
- package/dist/lib/feature-toggle-service.js +302 -119
- package/dist/lib/feature-toggle-service.js.map +1 -1
- package/dist/lib/feed-handler.d.ts +8 -8
- package/dist/lib/feed-handler.d.ts.map +1 -1
- package/dist/lib/feed-handler.js +33 -62
- package/dist/lib/feed-handler.js.map +1 -1
- package/dist/lib/feed-pagination.d.ts +26 -0
- package/dist/lib/feed-pagination.d.ts.map +1 -1
- package/dist/lib/feed-pagination.js +31 -11
- package/dist/lib/feed-pagination.js.map +1 -1
- package/dist/lib/feed-personalization.d.ts +1 -1
- package/dist/lib/feed-personalization.d.ts.map +1 -1
- package/dist/lib/feed-personalization.js +6 -43
- package/dist/lib/feed-personalization.js.map +1 -1
- package/dist/lib/followers-events.js +8 -13
- package/dist/lib/followers-events.js.map +1 -1
- package/dist/lib/friends-handler.d.ts +2 -2
- package/dist/lib/friends-handler.d.ts.map +1 -1
- package/dist/lib/friends-handler.js +9 -46
- package/dist/lib/friends-handler.js.map +1 -1
- package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
- package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
- package/dist/lib/geo/entity-geo-repository.js +91 -0
- package/dist/lib/geo/entity-geo-repository.js.map +1 -0
- package/dist/lib/graph/errors.d.ts.map +1 -1
- package/dist/lib/graph/errors.js +13 -18
- package/dist/lib/graph/errors.js.map +1 -1
- package/dist/lib/graph/graph-factory.d.ts +12 -53
- package/dist/lib/graph/graph-factory.d.ts.map +1 -1
- package/dist/lib/graph/graph-factory.js +67 -162
- package/dist/lib/graph/graph-factory.js.map +1 -1
- package/dist/lib/graph/graph-service.d.ts +1 -1
- package/dist/lib/graph/graph-service.d.ts.map +1 -1
- package/dist/lib/graph/graph-service.js +1 -2
- package/dist/lib/graph/graph-service.js.map +1 -1
- package/dist/lib/graph/index.d.ts +10 -14
- package/dist/lib/graph/index.d.ts.map +1 -1
- package/dist/lib/graph/index.js +12 -46
- package/dist/lib/graph/index.js.map +1 -1
- package/dist/lib/graph/postgres/_shared.d.ts +18 -0
- package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
- package/dist/lib/graph/postgres/_shared.js +24 -0
- package/dist/lib/graph/postgres/_shared.js.map +1 -0
- package/dist/lib/graph/postgres/circles.d.ts +66 -0
- package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
- package/dist/lib/graph/postgres/circles.js +513 -0
- package/dist/lib/graph/postgres/circles.js.map +1 -0
- package/dist/lib/graph/postgres/discovery.d.ts +165 -0
- package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
- package/dist/lib/graph/postgres/discovery.js +579 -0
- package/dist/lib/graph/postgres/discovery.js.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.js +304 -0
- package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.js +162 -0
- package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
- package/dist/lib/graph/postgres/relationships.d.ts +58 -0
- package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/relationships.js +314 -0
- package/dist/lib/graph/postgres/relationships.js.map +1 -0
- package/dist/lib/graph/postgres/scoring.d.ts +74 -0
- package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
- package/dist/lib/graph/postgres/scoring.js +297 -0
- package/dist/lib/graph/postgres/scoring.js.map +1 -0
- package/dist/lib/graph/postgres/sync.d.ts +149 -0
- package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
- package/dist/lib/graph/postgres/sync.js +269 -0
- package/dist/lib/graph/postgres/sync.js.map +1 -0
- package/dist/lib/graph/scoring-engine.d.ts +7 -1
- package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
- package/dist/lib/graph/scoring-engine.js +29 -35
- package/dist/lib/graph/scoring-engine.js.map +1 -1
- package/dist/lib/graph/types.d.ts +18 -1
- package/dist/lib/graph/types.d.ts.map +1 -1
- package/dist/lib/graph/types.js +1 -2
- package/dist/lib/graph/types.js.map +1 -1
- package/dist/lib/hook-dispatcher.d.ts +1 -1
- package/dist/lib/hook-dispatcher.d.ts.map +1 -1
- package/dist/lib/hook-dispatcher.js +8 -12
- package/dist/lib/hook-dispatcher.js.map +1 -1
- package/dist/lib/input-sanitizer.js +1 -5
- package/dist/lib/input-sanitizer.js.map +1 -1
- package/dist/lib/internal-docs-handler.d.ts +2 -2
- package/dist/lib/internal-docs-handler.d.ts.map +1 -1
- package/dist/lib/internal-docs-handler.js +20 -28
- package/dist/lib/internal-docs-handler.js.map +1 -1
- package/dist/lib/internal-docs-navigation.js +2 -6
- package/dist/lib/internal-docs-navigation.js.map +1 -1
- package/dist/lib/invitation-handler.d.ts +2 -2
- package/dist/lib/invitation-handler.d.ts.map +1 -1
- package/dist/lib/invitation-handler.js +41 -82
- package/dist/lib/invitation-handler.js.map +1 -1
- package/dist/lib/ip-scrubber.js +3 -8
- package/dist/lib/ip-scrubber.js.map +1 -1
- package/dist/lib/link-security-handler.d.ts +3 -2
- package/dist/lib/link-security-handler.d.ts.map +1 -1
- package/dist/lib/link-security-handler.js +8 -44
- package/dist/lib/link-security-handler.js.map +1 -1
- package/dist/lib/logger.d.ts +31 -82
- package/dist/lib/logger.d.ts.map +1 -1
- package/dist/lib/logger.js +43 -185
- package/dist/lib/logger.js.map +1 -1
- package/dist/lib/media-cleanup-handler.d.ts +2 -2
- package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
- package/dist/lib/media-cleanup-handler.js +7 -11
- package/dist/lib/media-cleanup-handler.js.map +1 -1
- package/dist/lib/media-handler.d.ts +1 -1
- package/dist/lib/media-handler.d.ts.map +1 -1
- package/dist/lib/media-handler.js +36 -73
- package/dist/lib/media-handler.js.map +1 -1
- package/dist/lib/media-metadata-extractor.d.ts +1 -1
- package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
- package/dist/lib/media-metadata-extractor.js +3 -7
- package/dist/lib/media-metadata-extractor.js.map +1 -1
- package/dist/lib/media-metrics.d.ts +2 -2
- package/dist/lib/media-metrics.d.ts.map +1 -1
- package/dist/lib/media-metrics.js +3 -7
- package/dist/lib/media-metrics.js.map +1 -1
- package/dist/lib/metadata/index.d.ts +5 -5
- package/dist/lib/metadata/index.d.ts.map +1 -1
- package/dist/lib/metadata/index.js +5 -21
- package/dist/lib/metadata/index.js.map +1 -1
- package/dist/lib/metadata/metadata-config.js +2 -5
- package/dist/lib/metadata/metadata-config.js.map +1 -1
- package/dist/lib/metadata/metadata-errors.js +2 -7
- package/dist/lib/metadata/metadata-errors.js.map +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-extractor.js +42 -82
- package/dist/lib/metadata/metadata-extractor.js.map +1 -1
- package/dist/lib/metadata/metadata-sanitizer.js +17 -24
- package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
- package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
- package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-schemas.js +31 -34
- package/dist/lib/metadata/metadata-schemas.js.map +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
- package/dist/lib/mfa/mfa-handler.js +13 -17
- package/dist/lib/mfa/mfa-handler.js.map +1 -1
- package/dist/lib/mfa/totp-service.js +8 -18
- package/dist/lib/mfa/totp-service.js.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.js +7 -10
- package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
- package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
- package/dist/lib/middleware/idempotency-store.js +20 -26
- package/dist/lib/middleware/idempotency-store.js.map +1 -1
- package/dist/lib/middleware/idempotency.d.ts +2 -2
- package/dist/lib/middleware/idempotency.d.ts.map +1 -1
- package/dist/lib/middleware/idempotency.js +12 -50
- package/dist/lib/middleware/idempotency.js.map +1 -1
- package/dist/lib/middleware.d.ts +22 -9
- package/dist/lib/middleware.d.ts.map +1 -1
- package/dist/lib/middleware.js +72 -153
- package/dist/lib/middleware.js.map +1 -1
- package/dist/lib/moderation-handler.d.ts +1 -1
- package/dist/lib/moderation-handler.d.ts.map +1 -1
- package/dist/lib/moderation-handler.js +15 -54
- package/dist/lib/moderation-handler.js.map +1 -1
- package/dist/lib/net/trusted-client-ip.d.ts +8 -30
- package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
- package/dist/lib/net/trusted-client-ip.js +13 -94
- package/dist/lib/net/trusted-client-ip.js.map +1 -1
- package/dist/lib/notification-handler.d.ts +1 -1
- package/dist/lib/notification-handler.d.ts.map +1 -1
- package/dist/lib/notification-handler.js +10 -15
- package/dist/lib/notification-handler.js.map +1 -1
- package/dist/lib/notification-preferences-handler.d.ts +1 -1
- package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
- package/dist/lib/notification-preferences-handler.js +7 -11
- package/dist/lib/notification-preferences-handler.js.map +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
- package/dist/lib/oauth/cognito-issuer.js +5 -10
- package/dist/lib/oauth/cognito-issuer.js.map +1 -1
- package/dist/lib/oauth/device-authorization.d.ts +1 -1
- package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
- package/dist/lib/oauth/device-authorization.js +62 -77
- package/dist/lib/oauth/device-authorization.js.map +1 -1
- package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
- package/dist/lib/oauth/envelope-crypto.js +22 -34
- package/dist/lib/oauth/envelope-crypto.js.map +1 -1
- package/dist/lib/oauth/refresh-detection.js +42 -52
- package/dist/lib/oauth/refresh-detection.js.map +1 -1
- package/dist/lib/openai-budget.d.ts.map +1 -1
- package/dist/lib/openai-budget.js +7 -44
- package/dist/lib/openai-budget.js.map +1 -1
- package/dist/lib/openapi/generator.d.ts +1 -1
- package/dist/lib/openapi/generator.d.ts.map +1 -1
- package/dist/lib/openapi/generator.js +2 -6
- package/dist/lib/openapi/generator.js.map +1 -1
- package/dist/lib/orphaned-media-handler.d.ts +1 -1
- package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
- package/dist/lib/orphaned-media-handler.js +9 -46
- package/dist/lib/orphaned-media-handler.js.map +1 -1
- package/dist/lib/parental-control-handler.d.ts +2 -2
- package/dist/lib/parental-control-handler.d.ts.map +1 -1
- package/dist/lib/parental-control-handler.js +18 -55
- package/dist/lib/parental-control-handler.js.map +1 -1
- package/dist/lib/parental-link-handler.d.ts +8 -8
- package/dist/lib/parental-link-handler.d.ts.map +1 -1
- package/dist/lib/parental-link-handler.js +10 -14
- package/dist/lib/parental-link-handler.js.map +1 -1
- package/dist/lib/performance-metrics.d.ts +1 -1
- package/dist/lib/performance-metrics.d.ts.map +1 -1
- package/dist/lib/performance-metrics.js +3 -6
- package/dist/lib/performance-metrics.js.map +1 -1
- package/dist/lib/post-handler.d.ts +9 -9
- package/dist/lib/post-handler.d.ts.map +1 -1
- package/dist/lib/post-handler.js +67 -101
- package/dist/lib/post-handler.js.map +1 -1
- package/dist/lib/privacy-defaults.js +3 -8
- package/dist/lib/privacy-defaults.js.map +1 -1
- package/dist/lib/privacy-handler.d.ts +2 -2
- package/dist/lib/privacy-handler.d.ts.map +1 -1
- package/dist/lib/privacy-handler.js +6 -10
- package/dist/lib/privacy-handler.js.map +1 -1
- package/dist/lib/pseudonym.d.ts +56 -0
- package/dist/lib/pseudonym.d.ts.map +1 -0
- package/dist/lib/pseudonym.js +85 -0
- package/dist/lib/pseudonym.js.map +1 -0
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
- package/dist/lib/quiet-hours.js +2 -6
- package/dist/lib/quiet-hours.js.map +1 -1
- package/dist/lib/rate-limit.d.ts +58 -47
- package/dist/lib/rate-limit.d.ts.map +1 -1
- package/dist/lib/rate-limit.js +168 -157
- package/dist/lib/rate-limit.js.map +1 -1
- package/dist/lib/reaction-handler.d.ts +10 -10
- package/dist/lib/reaction-handler.d.ts.map +1 -1
- package/dist/lib/reaction-handler.js +44 -80
- package/dist/lib/reaction-handler.js.map +1 -1
- package/dist/lib/recaptcha.js +6 -9
- package/dist/lib/recaptcha.js.map +1 -1
- package/dist/lib/redirect-resolver.d.ts +2 -2
- package/dist/lib/redirect-resolver.d.ts.map +1 -1
- package/dist/lib/redirect-resolver.js +5 -9
- package/dist/lib/redirect-resolver.js.map +1 -1
- package/dist/lib/region-config.d.ts +3 -3
- package/dist/lib/region-config.d.ts.map +1 -1
- package/dist/lib/region-config.js +15 -58
- package/dist/lib/region-config.js.map +1 -1
- package/dist/lib/region-detection.d.ts +55 -24
- package/dist/lib/region-detection.d.ts.map +1 -1
- package/dist/lib/region-detection.js +140 -199
- package/dist/lib/region-detection.js.map +1 -1
- package/dist/lib/region-registry.d.ts +49 -0
- package/dist/lib/region-registry.d.ts.map +1 -0
- package/dist/lib/region-registry.js +112 -0
- package/dist/lib/region-registry.js.map +1 -0
- package/dist/lib/relationship-handler.d.ts +9 -9
- package/dist/lib/relationship-handler.d.ts.map +1 -1
- package/dist/lib/relationship-handler.js +12 -49
- package/dist/lib/relationship-handler.js.map +1 -1
- package/dist/lib/request-context.d.ts +16 -16
- package/dist/lib/request-context.d.ts.map +1 -1
- package/dist/lib/request-context.js +14 -22
- package/dist/lib/request-context.js.map +1 -1
- package/dist/lib/route-helpers.d.ts +3 -4
- package/dist/lib/route-helpers.d.ts.map +1 -1
- package/dist/lib/route-helpers.js +20 -75
- package/dist/lib/route-helpers.js.map +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/actor.js +20 -23
- package/dist/lib/routes/activitypub/actor.js.map +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/audiences.js +76 -80
- package/dist/lib/routes/activitypub/audiences.js.map +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/collections.js +24 -26
- package/dist/lib/routes/activitypub/collections.js.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.js +36 -39
- package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/friends.js +9 -12
- package/dist/lib/routes/activitypub/friends.js.map +1 -1
- package/dist/lib/routes/activitypub/group.d.ts +1 -1
- package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/group.js +91 -94
- package/dist/lib/routes/activitypub/group.js.map +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/inbox.js +30 -33
- package/dist/lib/routes/activitypub/inbox.js.map +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/messages.js +79 -83
- package/dist/lib/routes/activitypub/messages.js.map +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/outbox.js +9 -12
- package/dist/lib/routes/activitypub/outbox.js.map +1 -1
- package/dist/lib/routes/activitypub/post.d.ts +1 -1
- package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/post.js +32 -35
- package/dist/lib/routes/activitypub/post.js.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.js +5 -8
- package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
- package/dist/lib/routes/admin-costs.d.ts +1 -1
- package/dist/lib/routes/admin-costs.d.ts.map +1 -1
- package/dist/lib/routes/admin-costs.js +22 -26
- package/dist/lib/routes/admin-costs.js.map +1 -1
- package/dist/lib/routes/admin.d.ts +1 -1
- package/dist/lib/routes/admin.d.ts.map +1 -1
- package/dist/lib/routes/admin.js +290 -269
- package/dist/lib/routes/admin.js.map +1 -1
- package/dist/lib/routes/agent-authorize.d.ts +5 -5
- package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
- package/dist/lib/routes/agent-authorize.js +68 -74
- package/dist/lib/routes/agent-authorize.js.map +1 -1
- package/dist/lib/routes/agent-sessions.d.ts +4 -4
- package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
- package/dist/lib/routes/agent-sessions.js +30 -35
- package/dist/lib/routes/agent-sessions.js.map +1 -1
- package/dist/lib/routes/agent-surface.d.ts +2 -2
- package/dist/lib/routes/agent-surface.d.ts.map +1 -1
- package/dist/lib/routes/agent-surface.js +20 -24
- package/dist/lib/routes/agent-surface.js.map +1 -1
- package/dist/lib/routes/auth-discover.d.ts +1 -1
- package/dist/lib/routes/auth-discover.d.ts.map +1 -1
- package/dist/lib/routes/auth-discover.js +20 -56
- package/dist/lib/routes/auth-discover.js.map +1 -1
- package/dist/lib/routes/auth.d.ts +1 -1
- package/dist/lib/routes/auth.d.ts.map +1 -1
- package/dist/lib/routes/auth.js +13 -16
- package/dist/lib/routes/auth.js.map +1 -1
- package/dist/lib/routes/badges.d.ts +1 -1
- package/dist/lib/routes/badges.d.ts.map +1 -1
- package/dist/lib/routes/badges.js +20 -23
- package/dist/lib/routes/badges.js.map +1 -1
- package/dist/lib/routes/circles.d.ts +1 -1
- package/dist/lib/routes/circles.d.ts.map +1 -1
- package/dist/lib/routes/circles.js +40 -44
- package/dist/lib/routes/circles.js.map +1 -1
- package/dist/lib/routes/comments.d.ts +1 -1
- package/dist/lib/routes/comments.d.ts.map +1 -1
- package/dist/lib/routes/comments.js +67 -71
- package/dist/lib/routes/comments.js.map +1 -1
- package/dist/lib/routes/connection-codes.d.ts +1 -1
- package/dist/lib/routes/connection-codes.d.ts.map +1 -1
- package/dist/lib/routes/connection-codes.js +30 -34
- package/dist/lib/routes/connection-codes.js.map +1 -1
- package/dist/lib/routes/content-discovery.d.ts +1 -1
- package/dist/lib/routes/content-discovery.d.ts.map +1 -1
- package/dist/lib/routes/content-discovery.js +31 -34
- package/dist/lib/routes/content-discovery.js.map +1 -1
- package/dist/lib/routes/dashboard.d.ts +1 -1
- package/dist/lib/routes/dashboard.d.ts.map +1 -1
- package/dist/lib/routes/dashboard.js +251 -288
- package/dist/lib/routes/dashboard.js.map +1 -1
- package/dist/lib/routes/deletion.d.ts +1 -1
- package/dist/lib/routes/deletion.d.ts.map +1 -1
- package/dist/lib/routes/deletion.js +37 -74
- package/dist/lib/routes/deletion.js.map +1 -1
- package/dist/lib/routes/discovery.d.ts +1 -1
- package/dist/lib/routes/discovery.d.ts.map +1 -1
- package/dist/lib/routes/discovery.js +20 -24
- package/dist/lib/routes/discovery.js.map +1 -1
- package/dist/lib/routes/employees.d.ts +1 -1
- package/dist/lib/routes/employees.d.ts.map +1 -1
- package/dist/lib/routes/employees.js +15 -52
- package/dist/lib/routes/employees.js.map +1 -1
- package/dist/lib/routes/entities.d.ts +1 -1
- package/dist/lib/routes/entities.d.ts.map +1 -1
- package/dist/lib/routes/entities.js +133 -137
- package/dist/lib/routes/entities.js.map +1 -1
- package/dist/lib/routes/entity-relationships.d.ts +1 -1
- package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
- package/dist/lib/routes/entity-relationships.js +35 -39
- package/dist/lib/routes/entity-relationships.js.map +1 -1
- package/dist/lib/routes/errors.d.ts +1 -1
- package/dist/lib/routes/errors.d.ts.map +1 -1
- package/dist/lib/routes/errors.js +4 -10
- package/dist/lib/routes/errors.js.map +1 -1
- package/dist/lib/routes/export.d.ts +1 -1
- package/dist/lib/routes/export.d.ts.map +1 -1
- package/dist/lib/routes/export.js +31 -35
- package/dist/lib/routes/export.js.map +1 -1
- package/dist/lib/routes/feature-flags.d.ts +1 -1
- package/dist/lib/routes/feature-flags.d.ts.map +1 -1
- package/dist/lib/routes/feature-flags.js +20 -23
- package/dist/lib/routes/feature-flags.js.map +1 -1
- package/dist/lib/routes/feeds.d.ts +1 -1
- package/dist/lib/routes/feeds.d.ts.map +1 -1
- package/dist/lib/routes/feeds.js +42 -46
- package/dist/lib/routes/feeds.js.map +1 -1
- package/dist/lib/routes/friends.d.ts +1 -1
- package/dist/lib/routes/friends.d.ts.map +1 -1
- package/dist/lib/routes/friends.js +35 -39
- package/dist/lib/routes/friends.js.map +1 -1
- package/dist/lib/routes/health.d.ts +1 -1
- package/dist/lib/routes/health.d.ts.map +1 -1
- package/dist/lib/routes/health.js +23 -27
- package/dist/lib/routes/health.js.map +1 -1
- package/dist/lib/routes/index.d.ts +2 -7
- package/dist/lib/routes/index.d.ts.map +1 -1
- package/dist/lib/routes/index.js +137 -158
- package/dist/lib/routes/index.js.map +1 -1
- package/dist/lib/routes/internal-docs.d.ts +1 -1
- package/dist/lib/routes/internal-docs.d.ts.map +1 -1
- package/dist/lib/routes/internal-docs.js +13 -16
- package/dist/lib/routes/internal-docs.js.map +1 -1
- package/dist/lib/routes/invitations.d.ts +1 -1
- package/dist/lib/routes/invitations.d.ts.map +1 -1
- package/dist/lib/routes/invitations.js +19 -22
- package/dist/lib/routes/invitations.js.map +1 -1
- package/dist/lib/routes/link-reports.d.ts +2 -2
- package/dist/lib/routes/link-reports.d.ts.map +1 -1
- package/dist/lib/routes/link-reports.js +86 -48
- package/dist/lib/routes/link-reports.js.map +1 -1
- package/dist/lib/routes/map.d.ts +1 -1
- package/dist/lib/routes/map.d.ts.map +1 -1
- package/dist/lib/routes/map.js +5 -8
- package/dist/lib/routes/map.js.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.js +30 -67
- package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
- package/dist/lib/routes/media.d.ts +1 -1
- package/dist/lib/routes/media.d.ts.map +1 -1
- package/dist/lib/routes/media.js +156 -193
- package/dist/lib/routes/media.js.map +1 -1
- package/dist/lib/routes/mfa.d.ts +1 -1
- package/dist/lib/routes/mfa.d.ts.map +1 -1
- package/dist/lib/routes/mfa.js +60 -64
- package/dist/lib/routes/mfa.js.map +1 -1
- package/dist/lib/routes/notifications.d.ts +1 -1
- package/dist/lib/routes/notifications.d.ts.map +1 -1
- package/dist/lib/routes/notifications.js +68 -72
- package/dist/lib/routes/notifications.js.map +1 -1
- package/dist/lib/routes/oauth.d.ts +1 -1
- package/dist/lib/routes/oauth.d.ts.map +1 -1
- package/dist/lib/routes/oauth.js +20 -23
- package/dist/lib/routes/oauth.js.map +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media-health.js +10 -13
- package/dist/lib/routes/orphaned-media-health.js.map +1 -1
- package/dist/lib/routes/orphaned-media.d.ts +1 -1
- package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media.js +20 -57
- package/dist/lib/routes/orphaned-media.js.map +1 -1
- package/dist/lib/routes/out.d.ts +1 -1
- package/dist/lib/routes/out.d.ts.map +1 -1
- package/dist/lib/routes/out.js +21 -24
- package/dist/lib/routes/out.js.map +1 -1
- package/dist/lib/routes/parental-controls.d.ts +1 -1
- package/dist/lib/routes/parental-controls.d.ts.map +1 -1
- package/dist/lib/routes/parental-controls.js +91 -95
- package/dist/lib/routes/parental-controls.js.map +1 -1
- package/dist/lib/routes/posts.d.ts +1 -1
- package/dist/lib/routes/posts.d.ts.map +1 -1
- package/dist/lib/routes/posts.js +101 -105
- package/dist/lib/routes/posts.js.map +1 -1
- package/dist/lib/routes/privacy.d.ts +1 -1
- package/dist/lib/routes/privacy.d.ts.map +1 -1
- package/dist/lib/routes/privacy.js +21 -25
- package/dist/lib/routes/privacy.js.map +1 -1
- package/dist/lib/routes/products.d.ts +1 -1
- package/dist/lib/routes/products.d.ts.map +1 -1
- package/dist/lib/routes/products.js +44 -48
- package/dist/lib/routes/products.js.map +1 -1
- package/dist/lib/routes/relationships.d.ts +1 -1
- package/dist/lib/routes/relationships.d.ts.map +1 -1
- package/dist/lib/routes/relationships.js +35 -39
- package/dist/lib/routes/relationships.js.map +1 -1
- package/dist/lib/routes/sentiments.d.ts +1 -1
- package/dist/lib/routes/sentiments.d.ts.map +1 -1
- package/dist/lib/routes/sentiments.js +71 -75
- package/dist/lib/routes/sentiments.js.map +1 -1
- package/dist/lib/routes/setup-status.d.ts +1 -1
- package/dist/lib/routes/setup-status.d.ts.map +1 -1
- package/dist/lib/routes/setup-status.js +17 -20
- package/dist/lib/routes/setup-status.js.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.js +29 -33
- package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
- package/dist/lib/routes/taxonomy.d.ts +1 -1
- package/dist/lib/routes/taxonomy.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy.js +48 -51
- package/dist/lib/routes/taxonomy.js.map +1 -1
- package/dist/lib/routes/tenant-audit.d.ts +1 -1
- package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
- package/dist/lib/routes/tenant-audit.js +35 -92
- package/dist/lib/routes/tenant-audit.js.map +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
- package/dist/lib/routes/tenant-compliance.js +16 -52
- package/dist/lib/routes/tenant-compliance.js.map +1 -1
- package/dist/lib/routes/tenant-domains.d.ts +1 -1
- package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
- package/dist/lib/routes/tenant-domains.js +27 -30
- package/dist/lib/routes/tenant-domains.js.map +1 -1
- package/dist/lib/routes/tenant-idp.d.ts +1 -1
- package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
- package/dist/lib/routes/tenant-idp.js +27 -30
- package/dist/lib/routes/tenant-idp.js.map +1 -1
- package/dist/lib/routes/tenant-members.d.ts +1 -1
- package/dist/lib/routes/tenant-members.d.ts.map +1 -1
- package/dist/lib/routes/tenant-members.js +21 -24
- package/dist/lib/routes/tenant-members.js.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.js +27 -30
- package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
- package/dist/lib/routes/tenants.d.ts +1 -1
- package/dist/lib/routes/tenants.d.ts.map +1 -1
- package/dist/lib/routes/tenants.js +37 -40
- package/dist/lib/routes/tenants.js.map +1 -1
- package/dist/lib/routes/types.d.ts +10 -5
- package/dist/lib/routes/types.d.ts.map +1 -1
- package/dist/lib/routes/types.js +1 -2
- package/dist/lib/routes/types.js.map +1 -1
- package/dist/lib/routes/upload-sessions.d.ts +1 -1
- package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
- package/dist/lib/routes/upload-sessions.js +57 -94
- package/dist/lib/routes/upload-sessions.js.map +1 -1
- package/dist/lib/routes/user.d.ts +1 -1
- package/dist/lib/routes/user.d.ts.map +1 -1
- package/dist/lib/routes/user.js +137 -85
- package/dist/lib/routes/user.js.map +1 -1
- package/dist/lib/routes.d.ts +2 -2
- package/dist/lib/routes.d.ts.map +1 -1
- package/dist/lib/routes.js +2 -7
- package/dist/lib/routes.js.map +1 -1
- package/dist/lib/scaling-health.d.ts.map +1 -1
- package/dist/lib/scaling-health.js +6 -9
- package/dist/lib/scaling-health.js.map +1 -1
- package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
- package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
- package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
- package/dist/lib/schemas.d.ts +85 -204
- package/dist/lib/schemas.d.ts.map +1 -1
- package/dist/lib/schemas.js +71 -74
- package/dist/lib/schemas.js.map +1 -1
- package/dist/lib/secrets/idp-secrets.d.ts +1 -1
- package/dist/lib/secrets/idp-secrets.js +13 -19
- package/dist/lib/secrets/idp-secrets.js.map +1 -1
- package/dist/lib/security-event-cleaner.js +1 -5
- package/dist/lib/security-event-cleaner.js.map +1 -1
- package/dist/lib/security-headers.js +1 -5
- package/dist/lib/security-headers.js.map +1 -1
- package/dist/lib/security-monitor.d.ts +4 -2
- package/dist/lib/security-monitor.d.ts.map +1 -1
- package/dist/lib/security-monitor.js +16 -18
- package/dist/lib/security-monitor.js.map +1 -1
- package/dist/lib/sentiment-digest.d.ts +1 -1
- package/dist/lib/sentiment-digest.d.ts.map +1 -1
- package/dist/lib/sentiment-digest.js +5 -8
- package/dist/lib/sentiment-digest.js.map +1 -1
- package/dist/lib/sentiment-display.js +3 -7
- package/dist/lib/sentiment-display.js.map +1 -1
- package/dist/lib/services/image-normalizer.js +1 -5
- package/dist/lib/services/image-normalizer.js.map +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
- package/dist/lib/services/media-reconciliation-service.js +7 -11
- package/dist/lib/services/media-reconciliation-service.js.map +1 -1
- package/dist/lib/services/media-upload-service.d.ts +1 -1
- package/dist/lib/services/media-upload-service.d.ts.map +1 -1
- package/dist/lib/services/media-upload-service.js +4 -8
- package/dist/lib/services/media-upload-service.js.map +1 -1
- package/dist/lib/services/user-data-deletion.d.ts +45 -2
- package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
- package/dist/lib/services/user-data-deletion.js +87 -9
- package/dist/lib/services/user-data-deletion.js.map +1 -1
- package/dist/lib/session-awareness.js +2 -6
- package/dist/lib/session-awareness.js.map +1 -1
- package/dist/lib/session-config.js +8 -17
- package/dist/lib/session-config.js.map +1 -1
- package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
- package/dist/lib/session-cookie.d.ts.map +1 -0
- package/dist/lib/session-cookie.js +0 -0
- package/dist/lib/session-cookie.js.map +1 -0
- package/dist/lib/signup-metadata.d.ts +129 -0
- package/dist/lib/signup-metadata.d.ts.map +1 -0
- package/dist/lib/signup-metadata.js +127 -0
- package/dist/lib/signup-metadata.js.map +1 -0
- package/dist/lib/sso-auth-handler.js +1 -5
- package/dist/lib/sso-auth-handler.js.map +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
- package/dist/lib/tag-suggestions-handler.js +1 -5
- package/dist/lib/tag-suggestions-handler.js.map +1 -1
- package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
- package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler-factory.js +7 -10
- package/dist/lib/taxonomy-handler-factory.js.map +1 -1
- package/dist/lib/taxonomy-handler.d.ts +2 -2
- package/dist/lib/taxonomy-handler.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler.js +8 -8
- package/dist/lib/taxonomy-handler.js.map +1 -1
- package/dist/lib/taxonomy-metrics.js +5 -9
- package/dist/lib/taxonomy-metrics.js.map +1 -1
- package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
- package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
- package/dist/lib/taxonomy-search-metrics.js +3 -7
- package/dist/lib/taxonomy-search-metrics.js.map +1 -1
- package/dist/lib/tenant/audit-emit.d.ts +18 -8
- package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
- package/dist/lib/tenant/audit-emit.js +50 -11
- package/dist/lib/tenant/audit-emit.js.map +1 -1
- package/dist/lib/tenant/derive-domain.js +1 -4
- package/dist/lib/tenant/derive-domain.js.map +1 -1
- package/dist/lib/tenant/domain-handler.d.ts +2 -2
- package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
- package/dist/lib/tenant/domain-handler.js +50 -62
- package/dist/lib/tenant/domain-handler.js.map +1 -1
- package/dist/lib/tenant/domain-validator.d.ts +1 -1
- package/dist/lib/tenant/domain-validator.js +10 -13
- package/dist/lib/tenant/domain-validator.js.map +1 -1
- package/dist/lib/tenant/domain-verifier.d.ts +3 -3
- package/dist/lib/tenant/domain-verifier.js +8 -11
- package/dist/lib/tenant/domain-verifier.js.map +1 -1
- package/dist/lib/tenant/idp-handler.d.ts +4 -4
- package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
- package/dist/lib/tenant/idp-handler.js +45 -82
- package/dist/lib/tenant/idp-handler.js.map +1 -1
- package/dist/lib/tenant/idp-name.js +1 -4
- package/dist/lib/tenant/idp-name.js.map +1 -1
- package/dist/lib/tenant/member-handler.d.ts +2 -2
- package/dist/lib/tenant/member-handler.d.ts.map +1 -1
- package/dist/lib/tenant/member-handler.js +30 -67
- package/dist/lib/tenant/member-handler.js.map +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
- package/dist/lib/tenant/reserved-slugs.js +8 -14
- package/dist/lib/tenant/reserved-slugs.js.map +1 -1
- package/dist/lib/tenant/resolve-role.js +1 -4
- package/dist/lib/tenant/resolve-role.js.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
- package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.js +24 -61
- package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
- package/dist/lib/tenant/setup-status.d.ts +1 -1
- package/dist/lib/tenant/setup-status.d.ts.map +1 -1
- package/dist/lib/tenant/setup-status.js +3 -40
- package/dist/lib/tenant/setup-status.js.map +1 -1
- package/dist/lib/tenant/slug-validator.js +3 -6
- package/dist/lib/tenant/slug-validator.js.map +1 -1
- package/dist/lib/tenant/tenant-handler.d.ts +2 -2
- package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
- package/dist/lib/tenant/tenant-handler.js +31 -68
- package/dist/lib/tenant/tenant-handler.js.map +1 -1
- package/dist/lib/tenant/transfer-ownership.js +2 -6
- package/dist/lib/tenant/transfer-ownership.js.map +1 -1
- package/dist/lib/tenant-scope.d.ts +97 -0
- package/dist/lib/tenant-scope.d.ts.map +1 -0
- package/dist/lib/tenant-scope.js +270 -0
- package/dist/lib/tenant-scope.js.map +1 -0
- package/dist/lib/terminology.d.ts.map +1 -1
- package/dist/lib/terminology.js +7 -9
- package/dist/lib/terminology.js.map +1 -1
- package/dist/lib/theme.js +2 -6
- package/dist/lib/theme.js.map +1 -1
- package/dist/lib/threat-intel-service.d.ts +2 -2
- package/dist/lib/threat-intel-service.d.ts.map +1 -1
- package/dist/lib/threat-intel-service.js +3 -7
- package/dist/lib/threat-intel-service.js.map +1 -1
- package/dist/lib/types/media-reconciliation.js +1 -2
- package/dist/lib/types/media-reconciliation.js.map +1 -1
- package/dist/lib/upload-session-handler.d.ts +1 -1
- package/dist/lib/upload-session-handler.d.ts.map +1 -1
- package/dist/lib/upload-session-handler.js +13 -50
- package/dist/lib/upload-session-handler.js.map +1 -1
- package/dist/lib/user/derive-handle.d.ts +22 -0
- package/dist/lib/user/derive-handle.d.ts.map +1 -1
- package/dist/lib/user/derive-handle.js +18 -6
- package/dist/lib/user/derive-handle.js.map +1 -1
- package/dist/lib/user-badge.js +6 -14
- package/dist/lib/user-badge.js.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
- package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.js +16 -53
- package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
- package/dist/lib/user-deprovisioning.d.ts +1 -1
- package/dist/lib/user-deprovisioning.d.ts.map +1 -1
- package/dist/lib/user-deprovisioning.js +16 -20
- package/dist/lib/user-deprovisioning.js.map +1 -1
- package/dist/lib/user-export-handler.d.ts +4 -4
- package/dist/lib/user-export-handler.d.ts.map +1 -1
- package/dist/lib/user-export-handler.js +11 -15
- package/dist/lib/user-export-handler.js.map +1 -1
- package/dist/lib/validate-request.js +8 -13
- package/dist/lib/validate-request.js.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
- package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.js +50 -59
- package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
- package/dist/lib/validation/validate-request.d.ts.map +1 -1
- package/dist/lib/validation/validate-request.js +12 -23
- package/dist/lib/validation/validate-request.js.map +1 -1
- package/dist/lib/validation.js +1 -5
- package/dist/lib/validation.js.map +1 -1
- package/dist/lib/version.js +3 -8
- package/dist/lib/version.js.map +1 -1
- package/dist/server.d.ts +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +29 -69
- package/dist/server.js.map +1 -1
- package/dist/types/cloudflare-compat.d.ts +3 -93
- package/dist/types/cloudflare-compat.d.ts.map +1 -1
- package/dist/types/cloudflare-compat.js +1 -2
- package/dist/types/cloudflare-compat.js.map +1 -1
- package/dist/worker.d.ts +6 -6
- package/dist/worker.d.ts.map +1 -1
- package/dist/worker.js +6 -13
- package/dist/worker.js.map +1 -1
- package/package.json +28 -15
- package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
- package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
- package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
- package/prisma/migrations/20260606000000_handle_canonical_identity/migration.sql +18 -0
- package/prisma/schema.prisma +426 -68
- package/src/lambda/cleanup-cron.ts +10 -7
- package/src/lambda/create-auth-challenge.ts +6 -3
- package/src/lambda/delete-account-worker.ts +17 -12
- package/src/lambda/diagnostics-proxy.ts +9 -6
- package/src/lambda/e2e-sweeper.ts +17 -23
- package/src/lambda/federation-outbox-worker.ts +4 -1
- package/src/lambda/followers-events-worker.ts +4 -1
- package/src/lambda/hourly-cron.ts +112 -20
- package/src/lambda/link-check-worker.ts +4 -1
- package/src/lambda/maintenance-cron.ts +24 -13
- package/src/lambda/media-processing-worker.ts +5 -2
- package/src/lambda/media-reconciliation-worker.ts +4 -1
- package/src/lambda/nightly-cron.ts +53 -54
- package/src/lambda/post-confirmation.ts +262 -76
- package/src/lambda/pre-token-generation.ts +39 -44
- package/src/lambda/verify-auth-challenge.ts +4 -1
- package/dist/lib/audit/emit.d.ts +0 -56
- package/dist/lib/audit/emit.d.ts.map +0 -1
- package/dist/lib/audit/emit.js +0 -124
- package/dist/lib/audit/emit.js.map +0 -1
- package/dist/lib/audit/event-types.d.ts +0 -36
- package/dist/lib/audit/event-types.d.ts.map +0 -1
- package/dist/lib/audit/event-types.js +0 -69
- package/dist/lib/audit/event-types.js.map +0 -1
- package/dist/lib/audit-logger.d.ts +0 -142
- package/dist/lib/audit-logger.d.ts.map +0 -1
- package/dist/lib/audit-logger.js +0 -326
- package/dist/lib/audit-logger.js.map +0 -1
- package/dist/lib/circuit-breaker.d.ts +0 -27
- package/dist/lib/circuit-breaker.d.ts.map +0 -1
- package/dist/lib/circuit-breaker.js +0 -63
- package/dist/lib/circuit-breaker.js.map +0 -1
- package/dist/lib/graph/dual-write-service.d.ts +0 -116
- package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
- package/dist/lib/graph/dual-write-service.js +0 -332
- package/dist/lib/graph/dual-write-service.js.map +0 -1
- package/dist/lib/graph/dual-write.d.ts +0 -396
- package/dist/lib/graph/dual-write.d.ts.map +0 -1
- package/dist/lib/graph/dual-write.js +0 -53
- package/dist/lib/graph/dual-write.js.map +0 -1
- package/dist/lib/graph/graph-schema-init.d.ts +0 -31
- package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
- package/dist/lib/graph/graph-schema-init.js +0 -105
- package/dist/lib/graph/graph-schema-init.js.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
- package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.js +0 -1625
- package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
- package/dist/lib/graph/reconciliation-service.d.ts +0 -113
- package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
- package/dist/lib/graph/reconciliation-service.js +0 -533
- package/dist/lib/graph/reconciliation-service.js.map +0 -1
- package/dist/lib/id-generator.d.ts +0 -29
- package/dist/lib/id-generator.d.ts.map +0 -1
- package/dist/lib/id-generator.js +0 -51
- package/dist/lib/id-generator.js.map +0 -1
- package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
- package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
- package/dist/lib/kv/dynamodb-kv.js +0 -239
- package/dist/lib/kv/dynamodb-kv.js.map +0 -1
- package/dist/lib/queue/sqs-queue.d.ts +0 -16
- package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
- package/dist/lib/queue/sqs-queue.js +0 -39
- package/dist/lib/queue/sqs-queue.js.map +0 -1
- package/dist/lib/route-matcher.d.ts +0 -24
- package/dist/lib/route-matcher.d.ts.map +0 -1
- package/dist/lib/route-matcher.js +0 -96
- package/dist/lib/route-matcher.js.map +0 -1
- package/dist/lib/router.d.ts +0 -26
- package/dist/lib/router.d.ts.map +0 -1
- package/dist/lib/router.js +0 -90
- package/dist/lib/router.js.map +0 -1
- package/dist/lib/routes-all.d.ts +0 -9
- package/dist/lib/routes-all.d.ts.map +0 -1
- package/dist/lib/routes-all.js +0 -170
- package/dist/lib/routes-all.js.map +0 -1
- package/dist/lib/secret-resolver.d.ts +0 -88
- package/dist/lib/secret-resolver.d.ts.map +0 -1
- package/dist/lib/secret-resolver.js +0 -183
- package/dist/lib/secret-resolver.js.map +0 -1
- package/dist/lib/session-manager.d.ts.map +0 -1
- package/dist/lib/session-manager.js +0 -492
- package/dist/lib/session-manager.js.map +0 -1
- package/dist/lib/storage/s3-storage.d.ts +0 -29
- package/dist/lib/storage/s3-storage.d.ts.map +0 -1
- package/dist/lib/storage/s3-storage.js +0 -135
- package/dist/lib/storage/s3-storage.js.map +0 -1
- package/dist/lib/tenant-context.d.ts +0 -35
- package/dist/lib/tenant-context.d.ts.map +0 -1
- package/dist/lib/tenant-context.js +0 -54
- package/dist/lib/tenant-context.js.map +0 -1
|
@@ -1,17 +1,10 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* CSV Export for Audit Events (RFC 4180)
|
|
4
3
|
*
|
|
5
4
|
* Fields that contain commas, double-quotes, or newlines are enclosed in
|
|
6
5
|
* double-quotes. Inner double-quotes are doubled per RFC 4180 §2.7.
|
|
7
6
|
*/
|
|
8
|
-
|
|
9
|
-
exports.CSV_HEADERS = void 0;
|
|
10
|
-
exports.escapeCsvField = escapeCsvField;
|
|
11
|
-
exports.renderCsvRow = renderCsvRow;
|
|
12
|
-
exports.renderCsvHeader = renderCsvHeader;
|
|
13
|
-
exports.renderCsv = renderCsv;
|
|
14
|
-
exports.CSV_HEADERS = [
|
|
7
|
+
export const CSV_HEADERS = [
|
|
15
8
|
"eventId",
|
|
16
9
|
"type",
|
|
17
10
|
"tenantId",
|
|
@@ -21,22 +14,22 @@ exports.CSV_HEADERS = [
|
|
|
21
14
|
"payload",
|
|
22
15
|
];
|
|
23
16
|
/** Escape a single CSV field per RFC 4180. */
|
|
24
|
-
function escapeCsvField(value) {
|
|
17
|
+
export function escapeCsvField(value) {
|
|
25
18
|
if (value.includes(",") || value.includes('"') || value.includes("\n") || value.includes("\r")) {
|
|
26
19
|
return `"${value.replace(/"/g, '""')}"`;
|
|
27
20
|
}
|
|
28
21
|
return value;
|
|
29
22
|
}
|
|
30
23
|
/** Render one CSV row from an array of string values. */
|
|
31
|
-
function renderCsvRow(fields) {
|
|
24
|
+
export function renderCsvRow(fields) {
|
|
32
25
|
return fields.map(escapeCsvField).join(",");
|
|
33
26
|
}
|
|
34
27
|
/** Render the header row. */
|
|
35
|
-
function renderCsvHeader() {
|
|
36
|
-
return renderCsvRow([...
|
|
28
|
+
export function renderCsvHeader() {
|
|
29
|
+
return renderCsvRow([...CSV_HEADERS]);
|
|
37
30
|
}
|
|
38
31
|
/** Render a complete CSV document (header + rows) from an array of row objects. */
|
|
39
|
-
function renderCsv(rows) {
|
|
32
|
+
export function renderCsv(rows) {
|
|
40
33
|
const lines = [renderCsvHeader()];
|
|
41
34
|
for (const row of rows) {
|
|
42
35
|
lines.push(renderCsvRow([
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csv-export.js","sourceRoot":"","sources":["../../../src/lib/audit/csv-export.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"csv-export.js","sourceRoot":"","sources":["../../../src/lib/audit/csv-export.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,SAAS;IACT,MAAM;IACN,UAAU;IACV,aAAa;IACb,WAAW;IACX,UAAU;IACV,SAAS;CACD,CAAC;AAYX,8CAA8C;AAC9C,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/F,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;IAC1C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,YAAY,CAAC,MAAgB;IAC3C,OAAO,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9C,CAAC;AAED,6BAA6B;AAC7B,MAAM,UAAU,eAAe;IAC7B,OAAO,YAAY,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;AACxC,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,SAAS,CAAC,IAAc;IACtC,MAAM,KAAK,GAAa,CAAC,eAAe,EAAE,CAAC,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,YAAY,CAAC;YACX,GAAG,CAAC,OAAO;YACX,GAAG,CAAC,IAAI;YACR,GAAG,CAAC,QAAQ;YACZ,GAAG,CAAC,WAAW;YACf,GAAG,CAAC,SAAS;YACb,GAAG,CAAC,QAAQ;YACZ,GAAG,CAAC,OAAO;SACZ,CAAC,CACH,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC"}
|
|
@@ -5,6 +5,15 @@
|
|
|
5
5
|
* with the literal string "<redacted>" and a drop counter is incremented.
|
|
6
6
|
* Claim *names* are fine to store; claim *values* must never appear.
|
|
7
7
|
*/
|
|
8
|
+
/**
|
|
9
|
+
* Per-key allowlist for audit metadata. Anything outside this set is
|
|
10
|
+
* replaced with "<redacted>". Migrated here from the now-deleted
|
|
11
|
+
* `event-types.ts` (phase 1.C.2) so the allowlist lives next to the
|
|
12
|
+
* filter that consumes it.
|
|
13
|
+
*
|
|
14
|
+
* Claim *names* are fine to store; claim *values* must never appear.
|
|
15
|
+
*/
|
|
16
|
+
export declare const PII_ALLOWED_FIELDS: Set<string>;
|
|
8
17
|
export interface FilterResult {
|
|
9
18
|
filtered: Record<string, unknown>;
|
|
10
19
|
droppedCount: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pii-filter.d.ts","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"pii-filter.d.ts","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,aA8C7B,CAAC;AAEH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAiB9C;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,aAAa,GAAE,GAAG,CAAC,MAAM,CAAsB,GAC9C,YAAY,CAcd"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* PII Filter for Audit Payloads
|
|
4
3
|
*
|
|
@@ -6,15 +5,66 @@
|
|
|
6
5
|
* with the literal string "<redacted>" and a drop counter is incremented.
|
|
7
6
|
* Claim *names* are fine to store; claim *values* must never appear.
|
|
8
7
|
*/
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
8
|
+
/**
|
|
9
|
+
* Per-key allowlist for audit metadata. Anything outside this set is
|
|
10
|
+
* replaced with "<redacted>". Migrated here from the now-deleted
|
|
11
|
+
* `event-types.ts` (phase 1.C.2) so the allowlist lives next to the
|
|
12
|
+
* filter that consumes it.
|
|
13
|
+
*
|
|
14
|
+
* Claim *names* are fine to store; claim *values* must never appear.
|
|
15
|
+
*/
|
|
16
|
+
export const PII_ALLOWED_FIELDS = new Set([
|
|
17
|
+
"tenantId",
|
|
18
|
+
"actorUserId",
|
|
19
|
+
"targetUserId",
|
|
20
|
+
"targetType",
|
|
21
|
+
"oldRole",
|
|
22
|
+
"newRole",
|
|
23
|
+
"domain",
|
|
24
|
+
"idpStatus",
|
|
25
|
+
"idpKind",
|
|
26
|
+
"issuer",
|
|
27
|
+
"idpGroup",
|
|
28
|
+
"role",
|
|
29
|
+
"source",
|
|
30
|
+
"reason",
|
|
31
|
+
"verificationMethod",
|
|
32
|
+
"changedAttributes",
|
|
33
|
+
"sourceIp",
|
|
34
|
+
"agentSessionId",
|
|
35
|
+
"slug",
|
|
36
|
+
"displayName",
|
|
37
|
+
"type",
|
|
38
|
+
"agentLabel",
|
|
39
|
+
"userAgent",
|
|
40
|
+
// G4 MEDIUM-6/N2: `deviceCodeHash` was previously written into
|
|
41
|
+
// AUTH_AGENT_SESSION_APPROVED audit payloads and could act as a
|
|
42
|
+
// confirmation oracle if a raw device_code ever leaked elsewhere.
|
|
43
|
+
// Kept OFF the allow-list so a future regression that re-adds the
|
|
44
|
+
// field would fail the audit-emit allow-list check.
|
|
45
|
+
"refreshJti",
|
|
46
|
+
"cognitoUserId",
|
|
47
|
+
// Region codes are NOT PII (US/EU/CN); they are data-residency
|
|
48
|
+
// compliance signals carried by the data-lifecycle audit events.
|
|
49
|
+
// Added in phase 1.C.2 so the data-router region context survives
|
|
50
|
+
// the allowlist instead of being redacted away. See migration note.
|
|
51
|
+
"region",
|
|
52
|
+
"dataRegion",
|
|
53
|
+
"requestedRegion",
|
|
54
|
+
"actualDataRegion",
|
|
55
|
+
// Feature-toggle audit fields (feature_toggle.changed events).
|
|
56
|
+
// key is a system identifier (no PII); oldEnabled/newEnabled are booleans;
|
|
57
|
+
// changedBy carries the admin's USER ID (never email — see convention doc).
|
|
58
|
+
"key",
|
|
59
|
+
"oldEnabled",
|
|
60
|
+
"newEnabled",
|
|
61
|
+
"changedBy",
|
|
62
|
+
]);
|
|
13
63
|
/**
|
|
14
64
|
* Redact IPv4 to /24 and IPv6 to /64 for GDPR-compliant storage.
|
|
15
65
|
* "1.2.3.4" → "1.2.3.0/24", "2001:db8::1" → "2001:db8::/64"
|
|
16
66
|
*/
|
|
17
|
-
function anonymizeIp(ip) {
|
|
67
|
+
export function anonymizeIp(ip) {
|
|
18
68
|
if (!ip || ip === "unknown")
|
|
19
69
|
return ip;
|
|
20
70
|
if (ip.includes(".")) {
|
|
@@ -34,7 +84,7 @@ function anonymizeIp(ip) {
|
|
|
34
84
|
* Filter a raw payload object against the PII allowlist.
|
|
35
85
|
* Returns the cleaned object and the number of dropped fields.
|
|
36
86
|
*/
|
|
37
|
-
function filterPayload(payload, allowedFields =
|
|
87
|
+
export function filterPayload(payload, allowedFields = PII_ALLOWED_FIELDS) {
|
|
38
88
|
const filtered = {};
|
|
39
89
|
let droppedCount = 0;
|
|
40
90
|
for (const [key, value] of Object.entries(payload)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pii-filter.js","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"pii-filter.js","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAS;IAChD,UAAU;IACV,aAAa;IACb,cAAc;IACd,YAAY;IACZ,SAAS;IACT,SAAS;IACT,QAAQ;IACR,WAAW;IACX,SAAS;IACT,QAAQ;IACR,UAAU;IACV,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,oBAAoB;IACpB,mBAAmB;IACnB,UAAU;IACV,gBAAgB;IAChB,MAAM;IACN,aAAa;IACb,MAAM;IACN,YAAY;IACZ,WAAW;IACX,+DAA+D;IAC/D,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,oDAAoD;IACpD,YAAY;IACZ,eAAe;IACf,+DAA+D;IAC/D,iEAAiE;IACjE,kEAAkE;IAClE,oEAAoE;IACpE,QAAQ;IACR,YAAY;IACZ,iBAAiB;IACjB,kBAAkB;IAClB,+DAA+D;IAC/D,2EAA2E;IAC3E,4EAA4E;IAC5E,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,WAAW;CACZ,CAAC,CAAC;AAOH;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,EAAU;IACpC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAEvC,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3C,OAAO,GAAG,MAAM,OAAO,CAAC;IAC1B,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAC3B,OAAgC,EAChC,gBAA6B,kBAAkB;IAE/C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAC7B,YAAY,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AACpC,CAAC"}
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Trellis audit-action constants (phase 1.C.2).
|
|
3
|
+
*
|
|
4
|
+
* These are the canonical `action` strings trellis writes to the
|
|
5
|
+
* foundation audit log. `AuditAction` is an OPEN string union (frozen
|
|
6
|
+
* type) — well-known foundation values get autocomplete; consumers
|
|
7
|
+
* extend with their own dotted names without an API bump. We therefore
|
|
8
|
+
* declare these as `AuditAction`-typed constants (NOT an enum) so the
|
|
9
|
+
* call sites read symbolically while the values stay plain strings.
|
|
10
|
+
*
|
|
11
|
+
* Naming follows foundation's dotted convention. Two families:
|
|
12
|
+
* - data lifecycle (data.*, auth.*, system.region_change)
|
|
13
|
+
* - tenant / IdP (tenant.*, auth.agent_session.*, auth.refresh_replay)
|
|
14
|
+
*
|
|
15
|
+
* The tenant/IdP set is the migration of the old
|
|
16
|
+
* `lib/audit/event-types.ts` `AuditEventType` catalog; the string
|
|
17
|
+
* VALUES are preserved exactly so existing rows / dashboards keep
|
|
18
|
+
* matching.
|
|
19
|
+
*/
|
|
20
|
+
import type { AuditAction } from "@de-otio/saas-foundation/audit";
|
|
21
|
+
export declare const DATA_READ: AuditAction;
|
|
22
|
+
export declare const DATA_CREATE: AuditAction;
|
|
23
|
+
export declare const DATA_UPDATE: AuditAction;
|
|
24
|
+
export declare const DATA_DELETE: AuditAction;
|
|
25
|
+
export declare const AUTH_LOGIN: AuditAction;
|
|
26
|
+
export declare const AUTH_LOGOUT: AuditAction;
|
|
27
|
+
export declare const AUTHZ_DENIED: AuditAction;
|
|
28
|
+
export declare const AUTHZ_GRANTED: AuditAction;
|
|
29
|
+
export declare const SYSTEM_REGION_CHANGE: AuditAction;
|
|
30
|
+
export declare const TENANT_CREATED: AuditAction;
|
|
31
|
+
export declare const TENANT_UPDATED: AuditAction;
|
|
32
|
+
export declare const TENANT_OWNERSHIP_TRANSFERRED: AuditAction;
|
|
33
|
+
export declare const TENANT_MEMBER_INVITED: AuditAction;
|
|
34
|
+
export declare const TENANT_MEMBER_JOINED: AuditAction;
|
|
35
|
+
export declare const TENANT_MEMBER_ROLE_CHANGED: AuditAction;
|
|
36
|
+
export declare const TENANT_MEMBER_REMOVED: AuditAction;
|
|
37
|
+
export declare const TENANT_DOMAIN_ADDED: AuditAction;
|
|
38
|
+
export declare const TENANT_DOMAIN_VERIFIED: AuditAction;
|
|
39
|
+
export declare const TENANT_DOMAIN_REMOVED: AuditAction;
|
|
40
|
+
export declare const TENANT_IDP_CONNECTED: AuditAction;
|
|
41
|
+
export declare const TENANT_IDP_MODIFIED: AuditAction;
|
|
42
|
+
export declare const TENANT_IDP_DISABLED: AuditAction;
|
|
43
|
+
export declare const TENANT_IDP_DELETED: AuditAction;
|
|
44
|
+
export declare const TENANT_ROLE_MAPPING_ADDED: AuditAction;
|
|
45
|
+
export declare const TENANT_ROLE_MAPPING_REMOVED: AuditAction;
|
|
46
|
+
export declare const TENANT_FEDERATED_LOGIN_SUCCESS: AuditAction;
|
|
47
|
+
export declare const TENANT_FEDERATED_LOGIN_DENIED: AuditAction;
|
|
48
|
+
export declare const TENANT_ROLE_REFRESHED_JIT: AuditAction;
|
|
49
|
+
export declare const AUTH_AGENT_SESSION_APPROVED: AuditAction;
|
|
50
|
+
export declare const AUTH_AGENT_SESSION_REVOKED: AuditAction;
|
|
51
|
+
export declare const AUTH_REFRESH_REPLAY: AuditAction;
|
|
52
|
+
export declare const RESEARCH_QUERY: AuditAction;
|
|
53
|
+
export declare const RESEARCH_EXTRACT: AuditAction;
|
|
54
|
+
export declare const EXPERIMENT_ASSIGN: AuditAction;
|
|
55
|
+
export declare const FEATURE_TOGGLE_CHANGED: AuditAction;
|
|
56
|
+
export declare const CONSENT_CHANGED: AuditAction;
|
|
57
|
+
/**
|
|
58
|
+
* Old tenant/IdP `AuditEventType` string -> `AuditAction` constant.
|
|
59
|
+
* The values are identical (preserved verbatim), so this is an identity
|
|
60
|
+
* map at runtime; it exists so the four `AuditEventEmitter` consumers
|
|
61
|
+
* (idp-handler, tenant-handler, agent-authorize, agent-sessions) can
|
|
62
|
+
* keep referencing `AuditEventType.TENANT_*` symbolically via a single
|
|
63
|
+
* re-exported object.
|
|
64
|
+
*/
|
|
65
|
+
export declare const AuditEventType: {
|
|
66
|
+
readonly TENANT_CREATED: string & {};
|
|
67
|
+
readonly TENANT_UPDATED: string & {};
|
|
68
|
+
readonly TENANT_OWNERSHIP_TRANSFERRED: string & {};
|
|
69
|
+
readonly TENANT_MEMBER_INVITED: string & {};
|
|
70
|
+
readonly TENANT_MEMBER_JOINED: string & {};
|
|
71
|
+
readonly TENANT_MEMBER_ROLE_CHANGED: string & {};
|
|
72
|
+
readonly TENANT_MEMBER_REMOVED: string & {};
|
|
73
|
+
readonly TENANT_DOMAIN_ADDED: string & {};
|
|
74
|
+
readonly TENANT_DOMAIN_VERIFIED: string & {};
|
|
75
|
+
readonly TENANT_DOMAIN_REMOVED: string & {};
|
|
76
|
+
readonly TENANT_IDP_CONNECTED: string & {};
|
|
77
|
+
readonly TENANT_IDP_MODIFIED: string & {};
|
|
78
|
+
readonly TENANT_IDP_DISABLED: string & {};
|
|
79
|
+
readonly TENANT_IDP_DELETED: string & {};
|
|
80
|
+
readonly TENANT_ROLE_MAPPING_ADDED: string & {};
|
|
81
|
+
readonly TENANT_ROLE_MAPPING_REMOVED: string & {};
|
|
82
|
+
readonly TENANT_FEDERATED_LOGIN_SUCCESS: string & {};
|
|
83
|
+
readonly TENANT_FEDERATED_LOGIN_DENIED: string & {};
|
|
84
|
+
readonly TENANT_ROLE_REFRESHED_JIT: string & {};
|
|
85
|
+
readonly AUTH_AGENT_SESSION_APPROVED: string & {};
|
|
86
|
+
readonly AUTH_AGENT_SESSION_REVOKED: string & {};
|
|
87
|
+
readonly AUTH_REFRESH_REPLAY: string & {};
|
|
88
|
+
readonly RESEARCH_QUERY: string & {};
|
|
89
|
+
readonly RESEARCH_EXTRACT: string & {};
|
|
90
|
+
readonly EXPERIMENT_ASSIGN: string & {};
|
|
91
|
+
readonly FEATURE_TOGGLE_CHANGED: string & {};
|
|
92
|
+
readonly CONSENT_CHANGED: string & {};
|
|
93
|
+
};
|
|
94
|
+
//# sourceMappingURL=audit-actions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-actions.d.ts","sourceRoot":"","sources":["../../src/lib/audit-actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAGlE,eAAO,MAAM,SAAS,EAAE,WAAyB,CAAC;AAClD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AACtD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AACtD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AAEtD,eAAO,MAAM,UAAU,EAAE,WAA0B,CAAC;AACpD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AACtD,eAAO,MAAM,YAAY,EAAE,WAA4B,CAAC;AACxD,eAAO,MAAM,aAAa,EAAE,WAA6B,CAAC;AAE1D,eAAO,MAAM,oBAAoB,EAAE,WAAoC,CAAC;AAIxE,eAAO,MAAM,cAAc,EAAE,WAA8B,CAAC;AAC5D,eAAO,MAAM,cAAc,EAAE,WAA8B,CAAC;AAC5D,eAAO,MAAM,4BAA4B,EAAE,WAA4C,CAAC;AACxF,eAAO,MAAM,qBAAqB,EAAE,WAAqC,CAAC;AAC1E,eAAO,MAAM,oBAAoB,EAAE,WAAoC,CAAC;AACxE,eAAO,MAAM,0BAA0B,EAAE,WAA0C,CAAC;AACpF,eAAO,MAAM,qBAAqB,EAAE,WAAqC,CAAC;AAC1E,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AACtE,eAAO,MAAM,sBAAsB,EAAE,WAAsC,CAAC;AAC5E,eAAO,MAAM,qBAAqB,EAAE,WAAqC,CAAC;AAC1E,eAAO,MAAM,oBAAoB,EAAE,WAAoC,CAAC;AACxE,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AACtE,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AACtE,eAAO,MAAM,kBAAkB,EAAE,WAAkC,CAAC;AACpE,eAAO,MAAM,yBAAyB,EAAE,WAAyC,CAAC;AAClF,eAAO,MAAM,2BAA2B,EAAE,WAA2C,CAAC;AACtF,eAAO,MAAM,8BAA8B,EAAE,WAA8C,CAAC;AAC5F,eAAO,MAAM,6BAA6B,EAAE,WAA6C,CAAC;AAC1F,eAAO,MAAM,yBAAyB,EAAE,WAAyC,CAAC;AAElF,eAAO,MAAM,2BAA2B,EAAE,WAA2C,CAAC;AACtF,eAAO,MAAM,0BAA0B,EAAE,WAA0C,CAAC;AACpF,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AAOtE,eAAO,MAAM,cAAc,EAAE,WAA8B,CAAC;AAC5D,eAAO,MAAM,gBAAgB,EAAE,WAAgC,CAAC;AAChE,eAAO,MAAM,iBAAiB,EAAE,WAAiC,CAAC;AAKlE,eAAO,MAAM,sBAAsB,EAAE,WAAsC,CAAC;AAI5E,eAAO,MAAM,eAAe,EAAE,WAA+B,CAAC;AAE9D;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6BjB,CAAC"}
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Trellis audit-action constants (phase 1.C.2).
|
|
3
|
+
*
|
|
4
|
+
* These are the canonical `action` strings trellis writes to the
|
|
5
|
+
* foundation audit log. `AuditAction` is an OPEN string union (frozen
|
|
6
|
+
* type) — well-known foundation values get autocomplete; consumers
|
|
7
|
+
* extend with their own dotted names without an API bump. We therefore
|
|
8
|
+
* declare these as `AuditAction`-typed constants (NOT an enum) so the
|
|
9
|
+
* call sites read symbolically while the values stay plain strings.
|
|
10
|
+
*
|
|
11
|
+
* Naming follows foundation's dotted convention. Two families:
|
|
12
|
+
* - data lifecycle (data.*, auth.*, system.region_change)
|
|
13
|
+
* - tenant / IdP (tenant.*, auth.agent_session.*, auth.refresh_replay)
|
|
14
|
+
*
|
|
15
|
+
* The tenant/IdP set is the migration of the old
|
|
16
|
+
* `lib/audit/event-types.ts` `AuditEventType` catalog; the string
|
|
17
|
+
* VALUES are preserved exactly so existing rows / dashboards keep
|
|
18
|
+
* matching.
|
|
19
|
+
*/
|
|
20
|
+
// ── Data-lifecycle actions ───────────────────────────────────────────
|
|
21
|
+
export const DATA_READ = "data.read";
|
|
22
|
+
export const DATA_CREATE = "data.create";
|
|
23
|
+
export const DATA_UPDATE = "data.update";
|
|
24
|
+
export const DATA_DELETE = "data.delete";
|
|
25
|
+
export const AUTH_LOGIN = "auth.login";
|
|
26
|
+
export const AUTH_LOGOUT = "auth.logout";
|
|
27
|
+
export const AUTHZ_DENIED = "authz.denied";
|
|
28
|
+
export const AUTHZ_GRANTED = "authz.granted";
|
|
29
|
+
export const SYSTEM_REGION_CHANGE = "system.region_change";
|
|
30
|
+
// ── Tenant / IdP actions (migrated from lib/audit/event-types.ts) ─────
|
|
31
|
+
// VALUES preserved verbatim from the old `AuditEventType` catalog.
|
|
32
|
+
export const TENANT_CREATED = "tenant.created";
|
|
33
|
+
export const TENANT_UPDATED = "tenant.updated";
|
|
34
|
+
export const TENANT_OWNERSHIP_TRANSFERRED = "tenant.ownership_transferred";
|
|
35
|
+
export const TENANT_MEMBER_INVITED = "tenant.member.invited";
|
|
36
|
+
export const TENANT_MEMBER_JOINED = "tenant.member.joined";
|
|
37
|
+
export const TENANT_MEMBER_ROLE_CHANGED = "tenant.member.role_changed";
|
|
38
|
+
export const TENANT_MEMBER_REMOVED = "tenant.member.removed";
|
|
39
|
+
export const TENANT_DOMAIN_ADDED = "tenant.domain.added";
|
|
40
|
+
export const TENANT_DOMAIN_VERIFIED = "tenant.domain.verified";
|
|
41
|
+
export const TENANT_DOMAIN_REMOVED = "tenant.domain.removed";
|
|
42
|
+
export const TENANT_IDP_CONNECTED = "tenant.idp.connected";
|
|
43
|
+
export const TENANT_IDP_MODIFIED = "tenant.idp.modified";
|
|
44
|
+
export const TENANT_IDP_DISABLED = "tenant.idp.disabled";
|
|
45
|
+
export const TENANT_IDP_DELETED = "tenant.idp.deleted";
|
|
46
|
+
export const TENANT_ROLE_MAPPING_ADDED = "tenant.role_mapping.added";
|
|
47
|
+
export const TENANT_ROLE_MAPPING_REMOVED = "tenant.role_mapping.removed";
|
|
48
|
+
export const TENANT_FEDERATED_LOGIN_SUCCESS = "tenant.federated_login.success";
|
|
49
|
+
export const TENANT_FEDERATED_LOGIN_DENIED = "tenant.federated_login.denied";
|
|
50
|
+
export const TENANT_ROLE_REFRESHED_JIT = "tenant.role.refreshed_jit";
|
|
51
|
+
export const AUTH_AGENT_SESSION_APPROVED = "auth.agent_session.approved";
|
|
52
|
+
export const AUTH_AGENT_SESSION_REVOKED = "auth.agent_session.revoked";
|
|
53
|
+
export const AUTH_REFRESH_REPLAY = "auth.refresh_replay";
|
|
54
|
+
// ── Research / Experiment / Platform-control actions ─────────────────
|
|
55
|
+
//
|
|
56
|
+
// CONVENTION — research.query events MUST NEVER store raw query text in
|
|
57
|
+
// metadata; query text may contain PII. Store a hash or template string
|
|
58
|
+
// with parameters redacted. See doc/02-technical/development/audit-and-toggle-conventions.md.
|
|
59
|
+
export const RESEARCH_QUERY = "research.query";
|
|
60
|
+
export const RESEARCH_EXTRACT = "research.extract";
|
|
61
|
+
export const EXPERIMENT_ASSIGN = "experiment.assign";
|
|
62
|
+
// FEATURE_TOGGLE_CHANGED: emitted by FeatureToggleService.setToggle on
|
|
63
|
+
// every toggle write. Metadata: { key, oldEnabled, newEnabled, changedBy }
|
|
64
|
+
// where changedBy is the admin's USER ID (not email).
|
|
65
|
+
export const FEATURE_TOGGLE_CHANGED = "feature_toggle.changed";
|
|
66
|
+
// CONSENT_CHANGED: canonical action for user consent mutations emitted
|
|
67
|
+
// by the consent-management layer (another agent owns the emit sites).
|
|
68
|
+
export const CONSENT_CHANGED = "consent.changed";
|
|
69
|
+
/**
|
|
70
|
+
* Old tenant/IdP `AuditEventType` string -> `AuditAction` constant.
|
|
71
|
+
* The values are identical (preserved verbatim), so this is an identity
|
|
72
|
+
* map at runtime; it exists so the four `AuditEventEmitter` consumers
|
|
73
|
+
* (idp-handler, tenant-handler, agent-authorize, agent-sessions) can
|
|
74
|
+
* keep referencing `AuditEventType.TENANT_*` symbolically via a single
|
|
75
|
+
* re-exported object.
|
|
76
|
+
*/
|
|
77
|
+
export const AuditEventType = {
|
|
78
|
+
TENANT_CREATED,
|
|
79
|
+
TENANT_UPDATED,
|
|
80
|
+
TENANT_OWNERSHIP_TRANSFERRED,
|
|
81
|
+
TENANT_MEMBER_INVITED,
|
|
82
|
+
TENANT_MEMBER_JOINED,
|
|
83
|
+
TENANT_MEMBER_ROLE_CHANGED,
|
|
84
|
+
TENANT_MEMBER_REMOVED,
|
|
85
|
+
TENANT_DOMAIN_ADDED,
|
|
86
|
+
TENANT_DOMAIN_VERIFIED,
|
|
87
|
+
TENANT_DOMAIN_REMOVED,
|
|
88
|
+
TENANT_IDP_CONNECTED,
|
|
89
|
+
TENANT_IDP_MODIFIED,
|
|
90
|
+
TENANT_IDP_DISABLED,
|
|
91
|
+
TENANT_IDP_DELETED,
|
|
92
|
+
TENANT_ROLE_MAPPING_ADDED,
|
|
93
|
+
TENANT_ROLE_MAPPING_REMOVED,
|
|
94
|
+
TENANT_FEDERATED_LOGIN_SUCCESS,
|
|
95
|
+
TENANT_FEDERATED_LOGIN_DENIED,
|
|
96
|
+
TENANT_ROLE_REFRESHED_JIT,
|
|
97
|
+
AUTH_AGENT_SESSION_APPROVED,
|
|
98
|
+
AUTH_AGENT_SESSION_REVOKED,
|
|
99
|
+
AUTH_REFRESH_REPLAY,
|
|
100
|
+
// Research / Experiment / Platform-control
|
|
101
|
+
RESEARCH_QUERY,
|
|
102
|
+
RESEARCH_EXTRACT,
|
|
103
|
+
EXPERIMENT_ASSIGN,
|
|
104
|
+
FEATURE_TOGGLE_CHANGED,
|
|
105
|
+
CONSENT_CHANGED,
|
|
106
|
+
};
|
|
107
|
+
//# sourceMappingURL=audit-actions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-actions.js","sourceRoot":"","sources":["../../src/lib/audit-actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,wEAAwE;AACxE,MAAM,CAAC,MAAM,SAAS,GAAgB,WAAW,CAAC;AAClD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AAEtD,MAAM,CAAC,MAAM,UAAU,GAAgB,YAAY,CAAC;AACpD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,YAAY,GAAgB,cAAc,CAAC;AACxD,MAAM,CAAC,MAAM,aAAa,GAAgB,eAAe,CAAC;AAE1D,MAAM,CAAC,MAAM,oBAAoB,GAAgB,sBAAsB,CAAC;AAExE,yEAAyE;AACzE,mEAAmE;AACnE,MAAM,CAAC,MAAM,cAAc,GAAgB,gBAAgB,CAAC;AAC5D,MAAM,CAAC,MAAM,cAAc,GAAgB,gBAAgB,CAAC;AAC5D,MAAM,CAAC,MAAM,4BAA4B,GAAgB,8BAA8B,CAAC;AACxF,MAAM,CAAC,MAAM,qBAAqB,GAAgB,uBAAuB,CAAC;AAC1E,MAAM,CAAC,MAAM,oBAAoB,GAAgB,sBAAsB,CAAC;AACxE,MAAM,CAAC,MAAM,0BAA0B,GAAgB,4BAA4B,CAAC;AACpF,MAAM,CAAC,MAAM,qBAAqB,GAAgB,uBAAuB,CAAC;AAC1E,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AACtE,MAAM,CAAC,MAAM,sBAAsB,GAAgB,wBAAwB,CAAC;AAC5E,MAAM,CAAC,MAAM,qBAAqB,GAAgB,uBAAuB,CAAC;AAC1E,MAAM,CAAC,MAAM,oBAAoB,GAAgB,sBAAsB,CAAC;AACxE,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AACtE,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AACtE,MAAM,CAAC,MAAM,kBAAkB,GAAgB,oBAAoB,CAAC;AACpE,MAAM,CAAC,MAAM,yBAAyB,GAAgB,2BAA2B,CAAC;AAClF,MAAM,CAAC,MAAM,2BAA2B,GAAgB,6BAA6B,CAAC;AACtF,MAAM,CAAC,MAAM,8BAA8B,GAAgB,gCAAgC,CAAC;AAC5F,MAAM,CAAC,MAAM,6BAA6B,GAAgB,+BAA+B,CAAC;AAC1F,MAAM,CAAC,MAAM,yBAAyB,GAAgB,2BAA2B,CAAC;AAElF,MAAM,CAAC,MAAM,2BAA2B,GAAgB,6BAA6B,CAAC;AACtF,MAAM,CAAC,MAAM,0BAA0B,GAAgB,4BAA4B,CAAC;AACpF,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AAEtE,wEAAwE;AACxE,EAAE;AACF,wEAAwE;AACxE,wEAAwE;AACxE,8FAA8F;AAC9F,MAAM,CAAC,MAAM,cAAc,GAAgB,gBAAgB,CAAC;AAC5D,MAAM,CAAC,MAAM,gBAAgB,GAAgB,kBAAkB,CAAC;AAChE,MAAM,CAAC,MAAM,iBAAiB,GAAgB,mBAAmB,CAAC;AAElE,uEAAuE;AACvE,2EAA2E;AAC3E,sDAAsD;AACtD,MAAM,CAAC,MAAM,sBAAsB,GAAgB,wBAAwB,CAAC;AAE5E,uEAAuE;AACvE,uEAAuE;AACvE,MAAM,CAAC,MAAM,eAAe,GAAgB,iBAAiB,CAAC;AAE9D;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,cAAc;IACd,cAAc;IACd,4BAA4B;IAC5B,qBAAqB;IACrB,oBAAoB;IACpB,0BAA0B;IAC1B,qBAAqB;IACrB,mBAAmB;IACnB,sBAAsB;IACtB,qBAAqB;IACrB,oBAAoB;IACpB,mBAAmB;IACnB,mBAAmB;IACnB,kBAAkB;IAClB,yBAAyB;IACzB,2BAA2B;IAC3B,8BAA8B;IAC9B,6BAA6B;IAC7B,yBAAyB;IACzB,2BAA2B;IAC3B,0BAA0B;IAC1B,mBAAmB;IACnB,2CAA2C;IAC3C,cAAc;IACd,gBAAgB;IAChB,iBAAiB;IACjB,sBAAsB;IACtB,eAAe;CACP,CAAC"}
|
|
@@ -0,0 +1,174 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit composer (phase 1.C.2).
|
|
3
|
+
*
|
|
4
|
+
* Trellis-side facade over `@de-otio/saas-foundation/audit`. Replaces
|
|
5
|
+
* the old `AuditLogger` (data lifecycle) and `AuditEventEmitter`
|
|
6
|
+
* (tenant / IdP) with a single composition point that:
|
|
7
|
+
*
|
|
8
|
+
* 1. Applies trellis's default-DENY allowlist (`filterPayload`) +
|
|
9
|
+
* IP anonymisation (`anonymizeIp`) to event metadata BEFORE the
|
|
10
|
+
* event reaches foundation. (LOCKED: keep the allowlist.)
|
|
11
|
+
* 2. Hands the scrubbed event to foundation's `AuditLog`, which is
|
|
12
|
+
* configured with foundation's `PiiFilter` (denylist) as a
|
|
13
|
+
* SECOND, additive layer. (LOCKED: denylist is additive, not a
|
|
14
|
+
* replacement.)
|
|
15
|
+
* 3. Persists via `PostgresAuditStore` over a region-resolved Prisma
|
|
16
|
+
* client. Retention tiers: info=30, warning=90, error=365 days.
|
|
17
|
+
* (LOCKED.)
|
|
18
|
+
*
|
|
19
|
+
* Frozen-type crossing: this module is the first trellis consumer of
|
|
20
|
+
* the frozen `AuditEvent` / `AuditAction` vocabulary. Future changes to
|
|
21
|
+
* the emitted shape go through the frozen-type RFC process.
|
|
22
|
+
*
|
|
23
|
+
* Severity collapse (trellis 4-tier -> foundation 3-tier):
|
|
24
|
+
* low + medium -> info (30d)
|
|
25
|
+
* high -> warning (90d)
|
|
26
|
+
* critical -> error (365d)
|
|
27
|
+
*
|
|
28
|
+
* ── SECURITY-SENSITIVE READ CONVENTION ───────────────────────────────
|
|
29
|
+
*
|
|
30
|
+
* Any BULK, CROSS-USER, or EXPORT read of user data MUST emit an audit
|
|
31
|
+
* event. An audit trail cannot be backfilled — if the read is not
|
|
32
|
+
* recorded at the time it occurs, it is permanently invisible to
|
|
33
|
+
* compliance reviews.
|
|
34
|
+
*
|
|
35
|
+
* Worked example — admin bulk-export of user records:
|
|
36
|
+
*
|
|
37
|
+
* await auditLogger.logDataAccess({
|
|
38
|
+
* action: DATA_READ,
|
|
39
|
+
* resource: "user",
|
|
40
|
+
* resourceId: `bulk:${requestedCount}`,
|
|
41
|
+
* userId: session.userId, // the requesting admin's ID
|
|
42
|
+
* region: detectedRegion,
|
|
43
|
+
* success: true,
|
|
44
|
+
* metadata: {
|
|
45
|
+
* targetType: "user_export",
|
|
46
|
+
* reason: "compliance_request",
|
|
47
|
+
* },
|
|
48
|
+
* }, env);
|
|
49
|
+
*
|
|
50
|
+
* Scope of the rule:
|
|
51
|
+
* - Covered NOW: mutations (data.create / update / delete), auth,
|
|
52
|
+
* feature_toggle.changed, tenant / IdP events.
|
|
53
|
+
* - Deferred: individual single-user reads (low priority).
|
|
54
|
+
* - IN SCOPE for the research platform: any research.query,
|
|
55
|
+
* research.extract, experiment.assign operation.
|
|
56
|
+
*
|
|
57
|
+
* See doc/02-technical/development/audit-and-toggle-conventions.md for
|
|
58
|
+
* naming conventions, prefix rules, and the research.query PII rule.
|
|
59
|
+
*/
|
|
60
|
+
import type { AuditAction, AuditEvent } from "@de-otio/saas-foundation/audit";
|
|
61
|
+
import { type EnvWithDb } from "../db.js";
|
|
62
|
+
import { type Region } from "./region-detection.js";
|
|
63
|
+
export type TrellisSeverity = "low" | "medium" | "high" | "critical";
|
|
64
|
+
/**
|
|
65
|
+
* Anything with an `auditEvent.create` method. The real Prisma client
|
|
66
|
+
* (`ManagedPrismaClient`), the structural `PrismaAuditClient`, and test
|
|
67
|
+
* mocks all satisfy this. Foundation's `PostgresAuditStore` requires the
|
|
68
|
+
* narrower `PrismaAuditClient`; Prisma's generated `create` is more
|
|
69
|
+
* generic than (and so not structurally assignable to) foundation's
|
|
70
|
+
* narrow shape, so we accept the broad type at the boundary and cast
|
|
71
|
+
* once inside `getAuditLog`. The cast is runtime-safe — the column
|
|
72
|
+
* names foundation writes match the generated `AuditEvent` model.
|
|
73
|
+
*/
|
|
74
|
+
export type AuditPrismaClientLike = {
|
|
75
|
+
readonly auditEvent: {
|
|
76
|
+
create: (...args: never[]) => unknown;
|
|
77
|
+
};
|
|
78
|
+
};
|
|
79
|
+
export type TrellisAuditEventType = "data_access" | "data_create" | "data_update" | "data_delete" | "user_action" | "authentication" | "authorization" | "region_change";
|
|
80
|
+
export interface TrellisAuditEvent {
|
|
81
|
+
type?: TrellisAuditEventType;
|
|
82
|
+
action: string;
|
|
83
|
+
resource: string;
|
|
84
|
+
resourceId?: string;
|
|
85
|
+
userId?: string;
|
|
86
|
+
region: Region;
|
|
87
|
+
dataRegion?: string;
|
|
88
|
+
ipAddress?: string;
|
|
89
|
+
userAgent?: string;
|
|
90
|
+
metadata?: Record<string, unknown>;
|
|
91
|
+
severity?: TrellisSeverity;
|
|
92
|
+
success: boolean;
|
|
93
|
+
}
|
|
94
|
+
export interface TrellisAuditLoggerEnv extends EnvWithDb {
|
|
95
|
+
DEFAULT_REGION?: string;
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* `TrellisAuditLogger` — drop-in for the old `AuditLogger`. Region-aware
|
|
99
|
+
* (resolves a Prisma client per region), best-effort (never throws into
|
|
100
|
+
* the caller), and validates region before emitting (invalid-region
|
|
101
|
+
* events are dropped, as before).
|
|
102
|
+
*/
|
|
103
|
+
export declare class TrellisAuditLogger {
|
|
104
|
+
private readonly requestId?;
|
|
105
|
+
constructor(_env?: TrellisAuditLoggerEnv, requestId?: string | undefined);
|
|
106
|
+
withRequestId(requestId: string): TrellisAuditLogger;
|
|
107
|
+
logDataAccess(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
|
|
108
|
+
type?: TrellisAuditEventType;
|
|
109
|
+
severity?: TrellisSeverity;
|
|
110
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
111
|
+
logUserAction(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
|
|
112
|
+
type?: TrellisAuditEventType;
|
|
113
|
+
severity?: TrellisSeverity;
|
|
114
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
115
|
+
logAuthentication(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
|
|
116
|
+
type?: TrellisAuditEventType;
|
|
117
|
+
severity?: TrellisSeverity;
|
|
118
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
119
|
+
logAuthorization(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
|
|
120
|
+
type?: TrellisAuditEventType;
|
|
121
|
+
severity?: TrellisSeverity;
|
|
122
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
123
|
+
/** Generic entry point — accepts a full trellis event. */
|
|
124
|
+
log(event: Omit<TrellisAuditEvent, "severity"> & {
|
|
125
|
+
severity?: TrellisSeverity;
|
|
126
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
127
|
+
/**
|
|
128
|
+
* Emit a system-level event where the `action` string is passed directly
|
|
129
|
+
* to the foundation audit log (bypassing the coarse `actionFor()` mapping).
|
|
130
|
+
*
|
|
131
|
+
* Use for platform-control actions like `feature_toggle.changed`,
|
|
132
|
+
* `consent.changed`, `experiment.assign` that have their own dedicated
|
|
133
|
+
* action constant and should not be collapsed to a coarse `data.*` label.
|
|
134
|
+
*
|
|
135
|
+
* The `action` parameter MUST be a known `AuditAction` constant from
|
|
136
|
+
* `audit-actions.ts`; do not pass free-form strings.
|
|
137
|
+
*
|
|
138
|
+
* Best-effort — never throws into the caller.
|
|
139
|
+
*/
|
|
140
|
+
logSystemAction(action: AuditAction, event: Omit<TrellisAuditEvent, "type" | "action" | "severity"> & {
|
|
141
|
+
severity?: TrellisSeverity;
|
|
142
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
143
|
+
private emitDirect;
|
|
144
|
+
private emit;
|
|
145
|
+
}
|
|
146
|
+
/** Factory — drop-in for the old `createAuditLogger`. */
|
|
147
|
+
export declare function createAuditLogger(env?: TrellisAuditLoggerEnv, requestId?: string): TrellisAuditLogger;
|
|
148
|
+
/** Input shape preserved from the old `AuditEventEmitter.emit`. */
|
|
149
|
+
export interface TenantAuditEmitInput {
|
|
150
|
+
type: AuditAction;
|
|
151
|
+
tenantId: string;
|
|
152
|
+
actorUserId: string;
|
|
153
|
+
payload: Record<string, unknown>;
|
|
154
|
+
/** Source IP — anonymised to /24 (v4) or /64 (v6) before storage. */
|
|
155
|
+
sourceIp?: string;
|
|
156
|
+
/** Present when made through an agent session. */
|
|
157
|
+
agentSessionId?: string;
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* `TenantAuditEmitter` — replaces the CloudWatch+Postgres
|
|
161
|
+
* `AuditEventEmitter`. CloudWatch is dropped (foundation owns the sink);
|
|
162
|
+
* the Postgres write now goes through foundation's `AuditLog` /
|
|
163
|
+
* `PostgresAuditStore`. Signature `emit(input, prismaClient)` is
|
|
164
|
+
* preserved so the four consumers change only their import.
|
|
165
|
+
*
|
|
166
|
+
* Tenant/IdP events are tenant-scoped (`actor.kind = "user"`,
|
|
167
|
+
* `tenantId` set) and default to `info` severity (matching the old
|
|
168
|
+
* "medium" -> info collapse).
|
|
169
|
+
*/
|
|
170
|
+
export declare class TenantAuditEmitter {
|
|
171
|
+
emit(input: TenantAuditEmitInput, prisma: AuditPrismaClientLike): Promise<void>;
|
|
172
|
+
}
|
|
173
|
+
export type { AuditEvent };
|
|
174
|
+
//# sourceMappingURL=audit-composer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-composer.d.ts","sourceRoot":"","sources":["../../src/lib/audit-composer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0DG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAK9E,OAAO,EAAyB,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAiB,KAAK,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAcnE,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAuDrE;;;;;;;;;GASG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,OAAO,CAAA;KAAE,CAAC;CAChE,CAAC;AAqBF,MAAM,MAAM,qBAAqB,GAC7B,aAAa,GACb,aAAa,GACb,aAAa,GACb,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,eAAe,GACf,eAAe,CAAC;AAEpB,MAAM,WAAW,iBAAiB;IAChC,IAAI,CAAC,EAAE,qBAAqB,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,qBAAsB,SAAQ,SAAS;IACtD,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AA4BD;;;;;GAKG;AACH,qBAAa,kBAAkB;IAM3B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAD3B,IAAI,CAAC,EAAE,qBAAqB,EACX,SAAS,CAAC,EAAE,MAAM,YAAA;IAG9B,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,kBAAkB;IAI9C,aAAa,CACxB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAOH,aAAa,CACxB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAOH,iBAAiB,CAC5B,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAYH,gBAAgB,CAC3B,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAWhB,0DAA0D;IAC7C,GAAG,CACd,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,eAAe,CAAA;KAAE,EAC3E,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAahB;;;;;;;;;;;;OAYG;IACU,eAAe,CAC1B,MAAM,EAAE,WAAW,EACnB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,QAAQ,GAAG,UAAU,CAAC,GAAG;QAC/D,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;YAIF,UAAU;YAuEV,IAAI;CA6FnB;AAED,yDAAyD;AACzD,wBAAgB,iBAAiB,CAC/B,GAAG,CAAC,EAAE,qBAAqB,EAC3B,SAAS,CAAC,EAAE,MAAM,GACjB,kBAAkB,CAEpB;AAID,mEAAmE;AACnE,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,WAAW,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,kBAAkB;IAChB,IAAI,CAAC,KAAK,EAAE,oBAAoB,EAAE,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;CAyC7F;AAED,YAAY,EAAE,UAAU,EAAE,CAAC"}
|