@de-otio/trellis 0.7.1 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1252) hide show
  1. package/LICENSE +661 -0
  2. package/dist/db.js +10 -18
  3. package/dist/db.js.map +1 -1
  4. package/dist/env.d.ts +66 -6
  5. package/dist/env.d.ts.map +1 -1
  6. package/dist/env.js +89 -70
  7. package/dist/env.js.map +1 -1
  8. package/dist/extensions.js +3 -8
  9. package/dist/extensions.js.map +1 -1
  10. package/dist/index.d.ts +2 -2
  11. package/dist/index.d.ts.map +1 -1
  12. package/dist/index.js +2 -9
  13. package/dist/index.js.map +1 -1
  14. package/dist/lambda/cleanup-cron.d.ts.map +1 -1
  15. package/dist/lambda/cleanup-cron.js +20 -24
  16. package/dist/lambda/cleanup-cron.js.map +1 -1
  17. package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
  18. package/dist/lambda/create-auth-challenge.js +17 -19
  19. package/dist/lambda/create-auth-challenge.js.map +1 -1
  20. package/dist/lambda/custom-message.js +1 -5
  21. package/dist/lambda/custom-message.js.map +1 -1
  22. package/dist/lambda/define-auth-challenge.js +1 -5
  23. package/dist/lambda/define-auth-challenge.js.map +1 -1
  24. package/dist/lambda/delete-account-worker.d.ts.map +1 -1
  25. package/dist/lambda/delete-account-worker.js +25 -58
  26. package/dist/lambda/delete-account-worker.js.map +1 -1
  27. package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
  28. package/dist/lambda/diagnostics-proxy.js +14 -49
  29. package/dist/lambda/diagnostics-proxy.js.map +1 -1
  30. package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
  31. package/dist/lambda/e2e-sweeper.js +30 -38
  32. package/dist/lambda/e2e-sweeper.js.map +1 -1
  33. package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
  34. package/dist/lambda/federation-outbox-worker.js +4 -6
  35. package/dist/lambda/federation-outbox-worker.js.map +1 -1
  36. package/dist/lambda/followers-events-worker.d.ts.map +1 -1
  37. package/dist/lambda/followers-events-worker.js +4 -6
  38. package/dist/lambda/followers-events-worker.js.map +1 -1
  39. package/dist/lambda/hourly-cron.d.ts.map +1 -1
  40. package/dist/lambda/hourly-cron.js +100 -32
  41. package/dist/lambda/hourly-cron.js.map +1 -1
  42. package/dist/lambda/link-check-worker.d.ts.map +1 -1
  43. package/dist/lambda/link-check-worker.js +4 -6
  44. package/dist/lambda/link-check-worker.js.map +1 -1
  45. package/dist/lambda/maintenance-cron.d.ts.map +1 -1
  46. package/dist/lambda/maintenance-cron.js +30 -63
  47. package/dist/lambda/maintenance-cron.js.map +1 -1
  48. package/dist/lambda/media-processing-worker.d.ts.map +1 -1
  49. package/dist/lambda/media-processing-worker.js +11 -46
  50. package/dist/lambda/media-processing-worker.js.map +1 -1
  51. package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
  52. package/dist/lambda/media-reconciliation-worker.js +4 -6
  53. package/dist/lambda/media-reconciliation-worker.js.map +1 -1
  54. package/dist/lambda/nightly-cron.d.ts.map +1 -1
  55. package/dist/lambda/nightly-cron.js +67 -112
  56. package/dist/lambda/nightly-cron.js.map +1 -1
  57. package/dist/lambda/post-confirmation.d.ts.map +1 -1
  58. package/dist/lambda/post-confirmation.js +203 -47
  59. package/dist/lambda/post-confirmation.js.map +1 -1
  60. package/dist/lambda/pre-signup.js +7 -11
  61. package/dist/lambda/pre-signup.js.map +1 -1
  62. package/dist/lambda/pre-token-generation.d.ts.map +1 -1
  63. package/dist/lambda/pre-token-generation.js +27 -35
  64. package/dist/lambda/pre-token-generation.js.map +1 -1
  65. package/dist/lambda/tools/check-health.js +1 -5
  66. package/dist/lambda/tools/check-health.js.map +1 -1
  67. package/dist/lambda/tools/describe-services.js +4 -8
  68. package/dist/lambda/tools/describe-services.js.map +1 -1
  69. package/dist/lambda/tools/get-cost-report.js +4 -8
  70. package/dist/lambda/tools/get-cost-report.js.map +1 -1
  71. package/dist/lambda/tools/get-errors.js +5 -9
  72. package/dist/lambda/tools/get-errors.js.map +1 -1
  73. package/dist/lambda/tools/get-feature-flags.js +4 -8
  74. package/dist/lambda/tools/get-feature-flags.js.map +1 -1
  75. package/dist/lambda/tools/get-queue-status.js +5 -9
  76. package/dist/lambda/tools/get-queue-status.js.map +1 -1
  77. package/dist/lambda/tools/search-logs.js +5 -9
  78. package/dist/lambda/tools/search-logs.js.map +1 -1
  79. package/dist/lambda/tools/send-alert.js +4 -8
  80. package/dist/lambda/tools/send-alert.js.map +1 -1
  81. package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
  82. package/dist/lambda/verify-auth-challenge.js +10 -12
  83. package/dist/lambda/verify-auth-challenge.js.map +1 -1
  84. package/dist/lib/abuse-metrics.d.ts.map +1 -1
  85. package/dist/lib/abuse-metrics.js +10 -13
  86. package/dist/lib/abuse-metrics.js.map +1 -1
  87. package/dist/lib/activitypub/activity-processor.d.ts +1 -1
  88. package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
  89. package/dist/lib/activitypub/activity-processor.js +9 -43
  90. package/dist/lib/activitypub/activity-processor.js.map +1 -1
  91. package/dist/lib/activitypub/activity-service.js +1 -5
  92. package/dist/lib/activitypub/activity-service.js.map +1 -1
  93. package/dist/lib/activitypub/actor.d.ts +1 -1
  94. package/dist/lib/activitypub/actor.d.ts.map +1 -1
  95. package/dist/lib/activitypub/actor.js +1 -5
  96. package/dist/lib/activitypub/actor.js.map +1 -1
  97. package/dist/lib/activitypub/audience-service.d.ts +2 -2
  98. package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
  99. package/dist/lib/activitypub/audience-service.js +8 -12
  100. package/dist/lib/activitypub/audience-service.js.map +1 -1
  101. package/dist/lib/activitypub/crypto.d.ts +1 -1
  102. package/dist/lib/activitypub/crypto.d.ts.map +1 -1
  103. package/dist/lib/activitypub/crypto.js +3 -41
  104. package/dist/lib/activitypub/crypto.js.map +1 -1
  105. package/dist/lib/activitypub/delivery-service.d.ts +5 -5
  106. package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
  107. package/dist/lib/activitypub/delivery-service.js +10 -47
  108. package/dist/lib/activitypub/delivery-service.js.map +1 -1
  109. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
  110. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
  111. package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
  112. package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
  113. package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
  114. package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
  115. package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
  116. package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
  117. package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
  118. package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
  119. package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
  120. package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
  121. package/dist/lib/activitypub/dm-service.js +1 -5
  122. package/dist/lib/activitypub/dm-service.js.map +1 -1
  123. package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
  124. package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
  125. package/dist/lib/activitypub/entity-profile-service.js +6 -10
  126. package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
  127. package/dist/lib/activitypub/fedify/config.d.ts +3 -3
  128. package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
  129. package/dist/lib/activitypub/fedify/config.js +5 -8
  130. package/dist/lib/activitypub/fedify/config.js.map +1 -1
  131. package/dist/lib/activitypub/fedify/context.d.ts +1 -1
  132. package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
  133. package/dist/lib/activitypub/fedify/context.js +8 -12
  134. package/dist/lib/activitypub/fedify/context.js.map +1 -1
  135. package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
  136. package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
  137. package/dist/lib/activitypub/fedify/runtime.js +3 -6
  138. package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
  139. package/dist/lib/activitypub/friendship-service.js +1 -5
  140. package/dist/lib/activitypub/friendship-service.js.map +1 -1
  141. package/dist/lib/activitypub/group-service.d.ts +1 -1
  142. package/dist/lib/activitypub/group-service.d.ts.map +1 -1
  143. package/dist/lib/activitypub/group-service.js +9 -46
  144. package/dist/lib/activitypub/group-service.js.map +1 -1
  145. package/dist/lib/activitypub/http-signatures.js +8 -45
  146. package/dist/lib/activitypub/http-signatures.js.map +1 -1
  147. package/dist/lib/activitypub/jsonld.d.ts +1 -1
  148. package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
  149. package/dist/lib/activitypub/jsonld.js +1 -5
  150. package/dist/lib/activitypub/jsonld.js.map +1 -1
  151. package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
  152. package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
  153. package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
  154. package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
  155. package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
  156. package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
  157. package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
  158. package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
  159. package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
  160. package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
  161. package/dist/lib/activitypub/listeners/inbox.js +31 -35
  162. package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
  163. package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
  164. package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
  165. package/dist/lib/activitypub/listeners/outbox.js +17 -20
  166. package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
  167. package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
  168. package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
  169. package/dist/lib/activitypub/remote-fetch-service.js +6 -10
  170. package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
  171. package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
  172. package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
  173. package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
  174. package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
  175. package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
  176. package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
  177. package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
  178. package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
  179. package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
  180. package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
  181. package/dist/lib/activitypub/services/fedify-converters.js +3 -8
  182. package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
  183. package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
  184. package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
  185. package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
  186. package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
  187. package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
  188. package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
  189. package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
  190. package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
  191. package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
  192. package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
  193. package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
  194. package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
  195. package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
  196. package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
  197. package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
  198. package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
  199. package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
  200. package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
  201. package/dist/lib/activitypub/standalone-mode.js +13 -50
  202. package/dist/lib/activitypub/standalone-mode.js.map +1 -1
  203. package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
  204. package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
  205. package/dist/lib/activitypub/webfinger/server.js +18 -54
  206. package/dist/lib/activitypub/webfinger/server.js.map +1 -1
  207. package/dist/lib/age-gate-middleware.d.ts +4 -4
  208. package/dist/lib/age-gate-middleware.d.ts.map +1 -1
  209. package/dist/lib/age-gate-middleware.js +3 -6
  210. package/dist/lib/age-gate-middleware.js.map +1 -1
  211. package/dist/lib/age-gate.js +3 -8
  212. package/dist/lib/age-gate.js.map +1 -1
  213. package/dist/lib/age-tier-transition.d.ts +1 -1
  214. package/dist/lib/age-tier-transition.d.ts.map +1 -1
  215. package/dist/lib/age-tier-transition.js +7 -44
  216. package/dist/lib/age-tier-transition.js.map +1 -1
  217. package/dist/lib/app.d.ts +76 -0
  218. package/dist/lib/app.d.ts.map +1 -0
  219. package/dist/lib/app.js +400 -0
  220. package/dist/lib/app.js.map +1 -0
  221. package/dist/lib/audit/csv-export.js +6 -13
  222. package/dist/lib/audit/csv-export.js.map +1 -1
  223. package/dist/lib/audit/pii-filter.d.ts +9 -0
  224. package/dist/lib/audit/pii-filter.d.ts.map +1 -1
  225. package/dist/lib/audit/pii-filter.js +57 -7
  226. package/dist/lib/audit/pii-filter.js.map +1 -1
  227. package/dist/lib/audit-actions.d.ts +94 -0
  228. package/dist/lib/audit-actions.d.ts.map +1 -0
  229. package/dist/lib/audit-actions.js +107 -0
  230. package/dist/lib/audit-actions.js.map +1 -0
  231. package/dist/lib/audit-composer.d.ts +174 -0
  232. package/dist/lib/audit-composer.d.ts.map +1 -0
  233. package/dist/lib/audit-composer.js +421 -0
  234. package/dist/lib/audit-composer.js.map +1 -0
  235. package/dist/lib/auth/auth-context.d.ts +1 -1
  236. package/dist/lib/auth/auth-context.js +1 -2
  237. package/dist/lib/auth/auth-context.js.map +1 -1
  238. package/dist/lib/auth/auth-middleware.d.ts +16 -2
  239. package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
  240. package/dist/lib/auth/auth-middleware.js +36 -45
  241. package/dist/lib/auth/auth-middleware.js.map +1 -1
  242. package/dist/lib/auth/capabilities.js +2 -5
  243. package/dist/lib/auth/capabilities.js.map +1 -1
  244. package/dist/lib/auth/claims-cache.d.ts +2 -2
  245. package/dist/lib/auth/claims-cache.js +19 -24
  246. package/dist/lib/auth/claims-cache.js.map +1 -1
  247. package/dist/lib/auth/cognito-jwt.d.ts +20 -2
  248. package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
  249. package/dist/lib/auth/cognito-jwt.js +83 -23
  250. package/dist/lib/auth/cognito-jwt.js.map +1 -1
  251. package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
  252. package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
  253. package/dist/lib/auth/idp-redirect-builder.js +4 -10
  254. package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
  255. package/dist/lib/auth/require.d.ts +4 -4
  256. package/dist/lib/auth/require.d.ts.map +1 -1
  257. package/dist/lib/auth/require.js +11 -18
  258. package/dist/lib/auth/require.js.map +1 -1
  259. package/dist/lib/auth/role-grants.d.ts +1 -1
  260. package/dist/lib/auth/role-grants.d.ts.map +1 -1
  261. package/dist/lib/auth/role-grants.js +28 -31
  262. package/dist/lib/auth/role-grants.js.map +1 -1
  263. package/dist/lib/auth-context-manager.js +1 -5
  264. package/dist/lib/auth-context-manager.js.map +1 -1
  265. package/dist/lib/auth-handler.d.ts +5 -5
  266. package/dist/lib/auth-handler.d.ts.map +1 -1
  267. package/dist/lib/auth-handler.js +5 -9
  268. package/dist/lib/auth-handler.js.map +1 -1
  269. package/dist/lib/badge-handler.d.ts +1 -1
  270. package/dist/lib/badge-handler.d.ts.map +1 -1
  271. package/dist/lib/badge-handler.js +14 -52
  272. package/dist/lib/badge-handler.js.map +1 -1
  273. package/dist/lib/circle-handler.d.ts +10 -10
  274. package/dist/lib/circle-handler.d.ts.map +1 -1
  275. package/dist/lib/circle-handler.js +10 -47
  276. package/dist/lib/circle-handler.js.map +1 -1
  277. package/dist/lib/cognito/idp-sdk.js +11 -18
  278. package/dist/lib/cognito/idp-sdk.js.map +1 -1
  279. package/dist/lib/cognito/issuer-probe.js +9 -14
  280. package/dist/lib/cognito/issuer-probe.js.map +1 -1
  281. package/dist/lib/comment-handler.d.ts +10 -10
  282. package/dist/lib/comment-handler.d.ts.map +1 -1
  283. package/dist/lib/comment-handler.js +61 -97
  284. package/dist/lib/comment-handler.js.map +1 -1
  285. package/dist/lib/compliance/baseline.d.ts +2 -2
  286. package/dist/lib/compliance/baseline.d.ts.map +1 -1
  287. package/dist/lib/compliance/baseline.js +15 -18
  288. package/dist/lib/compliance/baseline.js.map +1 -1
  289. package/dist/lib/compliance/tenant-merge.d.ts +1 -1
  290. package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
  291. package/dist/lib/compliance/tenant-merge.js +1 -4
  292. package/dist/lib/compliance/tenant-merge.js.map +1 -1
  293. package/dist/lib/compliance/types.d.ts +1 -1
  294. package/dist/lib/compliance/types.js +2 -3
  295. package/dist/lib/compliance/types.js.map +1 -1
  296. package/dist/lib/connection-code-handler.d.ts +7 -7
  297. package/dist/lib/connection-code-handler.d.ts.map +1 -1
  298. package/dist/lib/connection-code-handler.js +13 -50
  299. package/dist/lib/connection-code-handler.js.map +1 -1
  300. package/dist/lib/content-discovery.d.ts +1 -1
  301. package/dist/lib/content-discovery.d.ts.map +1 -1
  302. package/dist/lib/content-discovery.js +15 -52
  303. package/dist/lib/content-discovery.js.map +1 -1
  304. package/dist/lib/context-aware-data-access.d.ts +1 -1
  305. package/dist/lib/context-aware-data-access.d.ts.map +1 -1
  306. package/dist/lib/context-aware-data-access.js +1 -5
  307. package/dist/lib/context-aware-data-access.js.map +1 -1
  308. package/dist/lib/cors-handler.d.ts +1 -1
  309. package/dist/lib/cors-handler.d.ts.map +1 -1
  310. package/dist/lib/cors-handler.js +13 -17
  311. package/dist/lib/cors-handler.js.map +1 -1
  312. package/dist/lib/cost-accumulator.d.ts.map +1 -1
  313. package/dist/lib/cost-accumulator.js +7 -11
  314. package/dist/lib/cost-accumulator.js.map +1 -1
  315. package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
  316. package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
  317. package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
  318. package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
  319. package/dist/lib/crypto/voting/hash-utils.js +6 -12
  320. package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
  321. package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
  322. package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
  323. package/dist/lib/crypto/voting/index.js +4 -14
  324. package/dist/lib/crypto/voting/index.js.map +1 -1
  325. package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
  326. package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
  327. package/dist/lib/csrf.d.ts +2 -2
  328. package/dist/lib/csrf.d.ts.map +1 -1
  329. package/dist/lib/csrf.js +1 -5
  330. package/dist/lib/csrf.js.map +1 -1
  331. package/dist/lib/data-router.d.ts +5 -4
  332. package/dist/lib/data-router.d.ts.map +1 -1
  333. package/dist/lib/data-router.js +67 -90
  334. package/dist/lib/data-router.js.map +1 -1
  335. package/dist/lib/database-circuit-breaker.d.ts +61 -34
  336. package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
  337. package/dist/lib/database-circuit-breaker.js +102 -109
  338. package/dist/lib/database-circuit-breaker.js.map +1 -1
  339. package/dist/lib/database-config.js +1 -4
  340. package/dist/lib/database-config.js.map +1 -1
  341. package/dist/lib/database-connection-manager.d.ts +42 -2
  342. package/dist/lib/database-connection-manager.d.ts.map +1 -1
  343. package/dist/lib/database-connection-manager.js +178 -74
  344. package/dist/lib/database-connection-manager.js.map +1 -1
  345. package/dist/lib/database-monitor.d.ts +1 -1
  346. package/dist/lib/database-monitor.d.ts.map +1 -1
  347. package/dist/lib/database-monitor.js +5 -9
  348. package/dist/lib/database-monitor.js.map +1 -1
  349. package/dist/lib/database-rate-limiter.d.ts +1 -1
  350. package/dist/lib/database-rate-limiter.d.ts.map +1 -1
  351. package/dist/lib/database-rate-limiter.js +3 -7
  352. package/dist/lib/database-rate-limiter.js.map +1 -1
  353. package/dist/lib/database-wrapper-helper.d.ts +2 -2
  354. package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
  355. package/dist/lib/database-wrapper-helper.js +7 -11
  356. package/dist/lib/database-wrapper-helper.js.map +1 -1
  357. package/dist/lib/database-wrapper.d.ts +1 -1
  358. package/dist/lib/database-wrapper.d.ts.map +1 -1
  359. package/dist/lib/database-wrapper.js +5 -9
  360. package/dist/lib/database-wrapper.js.map +1 -1
  361. package/dist/lib/db-query-helper.d.ts +3 -3
  362. package/dist/lib/db-query-helper.d.ts.map +1 -1
  363. package/dist/lib/db-query-helper.js +4 -9
  364. package/dist/lib/db-query-helper.js.map +1 -1
  365. package/dist/lib/discovery-exposure.d.ts +42 -0
  366. package/dist/lib/discovery-exposure.d.ts.map +1 -0
  367. package/dist/lib/discovery-exposure.js +89 -0
  368. package/dist/lib/discovery-exposure.js.map +1 -0
  369. package/dist/lib/discovery-handler.d.ts +6 -6
  370. package/dist/lib/discovery-handler.d.ts.map +1 -1
  371. package/dist/lib/discovery-handler.js +10 -43
  372. package/dist/lib/discovery-handler.js.map +1 -1
  373. package/dist/lib/domain-reputation-service.d.ts +1 -1
  374. package/dist/lib/domain-reputation-service.d.ts.map +1 -1
  375. package/dist/lib/domain-reputation-service.js +12 -15
  376. package/dist/lib/domain-reputation-service.js.map +1 -1
  377. package/dist/lib/email-privacy.js +4 -8
  378. package/dist/lib/email-privacy.js.map +1 -1
  379. package/dist/lib/email-provider.d.ts +2 -2
  380. package/dist/lib/email-provider.d.ts.map +1 -1
  381. package/dist/lib/email-provider.js +8 -16
  382. package/dist/lib/email-provider.js.map +1 -1
  383. package/dist/lib/entity-handler.d.ts +5 -6
  384. package/dist/lib/entity-handler.d.ts.map +1 -1
  385. package/dist/lib/entity-handler.js +52 -81
  386. package/dist/lib/entity-handler.js.map +1 -1
  387. package/dist/lib/entity-relationship-handler.d.ts +9 -9
  388. package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
  389. package/dist/lib/entity-relationship-handler.js +14 -51
  390. package/dist/lib/entity-relationship-handler.js.map +1 -1
  391. package/dist/lib/entity-tagging-errors.js +4 -11
  392. package/dist/lib/entity-tagging-errors.js.map +1 -1
  393. package/dist/lib/entity-tagging-validator.d.ts +3 -3
  394. package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
  395. package/dist/lib/entity-tagging-validator.js +6 -11
  396. package/dist/lib/entity-tagging-validator.js.map +1 -1
  397. package/dist/lib/exif-stripper.js +1 -4
  398. package/dist/lib/exif-stripper.js.map +1 -1
  399. package/dist/lib/extension-context.d.ts +2 -2
  400. package/dist/lib/extension-context.d.ts.map +1 -1
  401. package/dist/lib/extension-context.js +1 -4
  402. package/dist/lib/extension-context.js.map +1 -1
  403. package/dist/lib/extension-route-wrapper.d.ts +1 -1
  404. package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
  405. package/dist/lib/extension-route-wrapper.js +17 -55
  406. package/dist/lib/extension-route-wrapper.js.map +1 -1
  407. package/dist/lib/extension-validator.js +3 -6
  408. package/dist/lib/extension-validator.js.map +1 -1
  409. package/dist/lib/feature-flags.d.ts +5 -2
  410. package/dist/lib/feature-flags.d.ts.map +1 -1
  411. package/dist/lib/feature-flags.js +15 -48
  412. package/dist/lib/feature-flags.js.map +1 -1
  413. package/dist/lib/feature-toggle-global-client.d.ts +6 -0
  414. package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
  415. package/dist/lib/feature-toggle-global-client.js +73 -0
  416. package/dist/lib/feature-toggle-global-client.js.map +1 -0
  417. package/dist/lib/feature-toggle-service.d.ts +137 -27
  418. package/dist/lib/feature-toggle-service.d.ts.map +1 -1
  419. package/dist/lib/feature-toggle-service.js +302 -119
  420. package/dist/lib/feature-toggle-service.js.map +1 -1
  421. package/dist/lib/feed-handler.d.ts +8 -8
  422. package/dist/lib/feed-handler.d.ts.map +1 -1
  423. package/dist/lib/feed-handler.js +33 -62
  424. package/dist/lib/feed-handler.js.map +1 -1
  425. package/dist/lib/feed-pagination.d.ts +26 -0
  426. package/dist/lib/feed-pagination.d.ts.map +1 -1
  427. package/dist/lib/feed-pagination.js +31 -11
  428. package/dist/lib/feed-pagination.js.map +1 -1
  429. package/dist/lib/feed-personalization.d.ts +1 -1
  430. package/dist/lib/feed-personalization.d.ts.map +1 -1
  431. package/dist/lib/feed-personalization.js +6 -43
  432. package/dist/lib/feed-personalization.js.map +1 -1
  433. package/dist/lib/followers-events.js +8 -13
  434. package/dist/lib/followers-events.js.map +1 -1
  435. package/dist/lib/friends-handler.d.ts +2 -2
  436. package/dist/lib/friends-handler.d.ts.map +1 -1
  437. package/dist/lib/friends-handler.js +9 -46
  438. package/dist/lib/friends-handler.js.map +1 -1
  439. package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
  440. package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
  441. package/dist/lib/geo/entity-geo-repository.js +91 -0
  442. package/dist/lib/geo/entity-geo-repository.js.map +1 -0
  443. package/dist/lib/graph/errors.d.ts.map +1 -1
  444. package/dist/lib/graph/errors.js +13 -18
  445. package/dist/lib/graph/errors.js.map +1 -1
  446. package/dist/lib/graph/graph-factory.d.ts +12 -53
  447. package/dist/lib/graph/graph-factory.d.ts.map +1 -1
  448. package/dist/lib/graph/graph-factory.js +67 -162
  449. package/dist/lib/graph/graph-factory.js.map +1 -1
  450. package/dist/lib/graph/graph-service.d.ts +1 -1
  451. package/dist/lib/graph/graph-service.d.ts.map +1 -1
  452. package/dist/lib/graph/graph-service.js +1 -2
  453. package/dist/lib/graph/graph-service.js.map +1 -1
  454. package/dist/lib/graph/index.d.ts +10 -14
  455. package/dist/lib/graph/index.d.ts.map +1 -1
  456. package/dist/lib/graph/index.js +12 -46
  457. package/dist/lib/graph/index.js.map +1 -1
  458. package/dist/lib/graph/postgres/_shared.d.ts +18 -0
  459. package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
  460. package/dist/lib/graph/postgres/_shared.js +24 -0
  461. package/dist/lib/graph/postgres/_shared.js.map +1 -0
  462. package/dist/lib/graph/postgres/circles.d.ts +66 -0
  463. package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
  464. package/dist/lib/graph/postgres/circles.js +513 -0
  465. package/dist/lib/graph/postgres/circles.js.map +1 -0
  466. package/dist/lib/graph/postgres/discovery.d.ts +165 -0
  467. package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
  468. package/dist/lib/graph/postgres/discovery.js +579 -0
  469. package/dist/lib/graph/postgres/discovery.js.map +1 -0
  470. package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
  471. package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
  472. package/dist/lib/graph/postgres/entity-relationships.js +304 -0
  473. package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
  474. package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
  475. package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
  476. package/dist/lib/graph/postgres/interaction-events.js +162 -0
  477. package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
  478. package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
  479. package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
  480. package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
  481. package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
  482. package/dist/lib/graph/postgres/relationships.d.ts +58 -0
  483. package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
  484. package/dist/lib/graph/postgres/relationships.js +314 -0
  485. package/dist/lib/graph/postgres/relationships.js.map +1 -0
  486. package/dist/lib/graph/postgres/scoring.d.ts +74 -0
  487. package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
  488. package/dist/lib/graph/postgres/scoring.js +297 -0
  489. package/dist/lib/graph/postgres/scoring.js.map +1 -0
  490. package/dist/lib/graph/postgres/sync.d.ts +149 -0
  491. package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
  492. package/dist/lib/graph/postgres/sync.js +269 -0
  493. package/dist/lib/graph/postgres/sync.js.map +1 -0
  494. package/dist/lib/graph/scoring-engine.d.ts +7 -1
  495. package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
  496. package/dist/lib/graph/scoring-engine.js +29 -35
  497. package/dist/lib/graph/scoring-engine.js.map +1 -1
  498. package/dist/lib/graph/types.d.ts +18 -1
  499. package/dist/lib/graph/types.d.ts.map +1 -1
  500. package/dist/lib/graph/types.js +1 -2
  501. package/dist/lib/graph/types.js.map +1 -1
  502. package/dist/lib/hook-dispatcher.d.ts +1 -1
  503. package/dist/lib/hook-dispatcher.d.ts.map +1 -1
  504. package/dist/lib/hook-dispatcher.js +8 -12
  505. package/dist/lib/hook-dispatcher.js.map +1 -1
  506. package/dist/lib/input-sanitizer.js +1 -5
  507. package/dist/lib/input-sanitizer.js.map +1 -1
  508. package/dist/lib/internal-docs-handler.d.ts +2 -2
  509. package/dist/lib/internal-docs-handler.d.ts.map +1 -1
  510. package/dist/lib/internal-docs-handler.js +20 -28
  511. package/dist/lib/internal-docs-handler.js.map +1 -1
  512. package/dist/lib/internal-docs-navigation.js +2 -6
  513. package/dist/lib/internal-docs-navigation.js.map +1 -1
  514. package/dist/lib/invitation-handler.d.ts +2 -2
  515. package/dist/lib/invitation-handler.d.ts.map +1 -1
  516. package/dist/lib/invitation-handler.js +41 -82
  517. package/dist/lib/invitation-handler.js.map +1 -1
  518. package/dist/lib/ip-scrubber.js +3 -8
  519. package/dist/lib/ip-scrubber.js.map +1 -1
  520. package/dist/lib/link-security-handler.d.ts +3 -2
  521. package/dist/lib/link-security-handler.d.ts.map +1 -1
  522. package/dist/lib/link-security-handler.js +8 -44
  523. package/dist/lib/link-security-handler.js.map +1 -1
  524. package/dist/lib/logger.d.ts +31 -82
  525. package/dist/lib/logger.d.ts.map +1 -1
  526. package/dist/lib/logger.js +43 -185
  527. package/dist/lib/logger.js.map +1 -1
  528. package/dist/lib/media-cleanup-handler.d.ts +2 -2
  529. package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
  530. package/dist/lib/media-cleanup-handler.js +7 -11
  531. package/dist/lib/media-cleanup-handler.js.map +1 -1
  532. package/dist/lib/media-handler.d.ts +1 -1
  533. package/dist/lib/media-handler.d.ts.map +1 -1
  534. package/dist/lib/media-handler.js +36 -73
  535. package/dist/lib/media-handler.js.map +1 -1
  536. package/dist/lib/media-metadata-extractor.d.ts +1 -1
  537. package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
  538. package/dist/lib/media-metadata-extractor.js +3 -7
  539. package/dist/lib/media-metadata-extractor.js.map +1 -1
  540. package/dist/lib/media-metrics.d.ts +2 -2
  541. package/dist/lib/media-metrics.d.ts.map +1 -1
  542. package/dist/lib/media-metrics.js +3 -7
  543. package/dist/lib/media-metrics.js.map +1 -1
  544. package/dist/lib/metadata/index.d.ts +5 -5
  545. package/dist/lib/metadata/index.d.ts.map +1 -1
  546. package/dist/lib/metadata/index.js +5 -21
  547. package/dist/lib/metadata/index.js.map +1 -1
  548. package/dist/lib/metadata/metadata-config.js +2 -5
  549. package/dist/lib/metadata/metadata-config.js.map +1 -1
  550. package/dist/lib/metadata/metadata-errors.js +2 -7
  551. package/dist/lib/metadata/metadata-errors.js.map +1 -1
  552. package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
  553. package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
  554. package/dist/lib/metadata/metadata-extractor.js +42 -82
  555. package/dist/lib/metadata/metadata-extractor.js.map +1 -1
  556. package/dist/lib/metadata/metadata-sanitizer.js +17 -24
  557. package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
  558. package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
  559. package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
  560. package/dist/lib/metadata/metadata-schemas.js +31 -34
  561. package/dist/lib/metadata/metadata-schemas.js.map +1 -1
  562. package/dist/lib/mfa/mfa-handler.d.ts +1 -1
  563. package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
  564. package/dist/lib/mfa/mfa-handler.js +13 -17
  565. package/dist/lib/mfa/mfa-handler.js.map +1 -1
  566. package/dist/lib/mfa/totp-service.js +8 -18
  567. package/dist/lib/mfa/totp-service.js.map +1 -1
  568. package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
  569. package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
  570. package/dist/lib/middleware/comment-rate-limit.js +7 -10
  571. package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
  572. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
  573. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
  574. package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
  575. package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
  576. package/dist/lib/middleware/idempotency-store.js +20 -26
  577. package/dist/lib/middleware/idempotency-store.js.map +1 -1
  578. package/dist/lib/middleware/idempotency.d.ts +2 -2
  579. package/dist/lib/middleware/idempotency.d.ts.map +1 -1
  580. package/dist/lib/middleware/idempotency.js +12 -50
  581. package/dist/lib/middleware/idempotency.js.map +1 -1
  582. package/dist/lib/middleware.d.ts +22 -9
  583. package/dist/lib/middleware.d.ts.map +1 -1
  584. package/dist/lib/middleware.js +72 -153
  585. package/dist/lib/middleware.js.map +1 -1
  586. package/dist/lib/moderation-handler.d.ts +1 -1
  587. package/dist/lib/moderation-handler.d.ts.map +1 -1
  588. package/dist/lib/moderation-handler.js +15 -54
  589. package/dist/lib/moderation-handler.js.map +1 -1
  590. package/dist/lib/net/trusted-client-ip.d.ts +8 -30
  591. package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
  592. package/dist/lib/net/trusted-client-ip.js +13 -94
  593. package/dist/lib/net/trusted-client-ip.js.map +1 -1
  594. package/dist/lib/notification-handler.d.ts +1 -1
  595. package/dist/lib/notification-handler.d.ts.map +1 -1
  596. package/dist/lib/notification-handler.js +10 -15
  597. package/dist/lib/notification-handler.js.map +1 -1
  598. package/dist/lib/notification-preferences-handler.d.ts +1 -1
  599. package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
  600. package/dist/lib/notification-preferences-handler.js +7 -11
  601. package/dist/lib/notification-preferences-handler.js.map +1 -1
  602. package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
  603. package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
  604. package/dist/lib/oauth/cognito-issuer.js +5 -10
  605. package/dist/lib/oauth/cognito-issuer.js.map +1 -1
  606. package/dist/lib/oauth/device-authorization.d.ts +1 -1
  607. package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
  608. package/dist/lib/oauth/device-authorization.js +62 -77
  609. package/dist/lib/oauth/device-authorization.js.map +1 -1
  610. package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
  611. package/dist/lib/oauth/envelope-crypto.js +22 -34
  612. package/dist/lib/oauth/envelope-crypto.js.map +1 -1
  613. package/dist/lib/oauth/refresh-detection.js +42 -52
  614. package/dist/lib/oauth/refresh-detection.js.map +1 -1
  615. package/dist/lib/openai-budget.d.ts.map +1 -1
  616. package/dist/lib/openai-budget.js +7 -44
  617. package/dist/lib/openai-budget.js.map +1 -1
  618. package/dist/lib/openapi/generator.d.ts +1 -1
  619. package/dist/lib/openapi/generator.d.ts.map +1 -1
  620. package/dist/lib/openapi/generator.js +2 -6
  621. package/dist/lib/openapi/generator.js.map +1 -1
  622. package/dist/lib/orphaned-media-handler.d.ts +1 -1
  623. package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
  624. package/dist/lib/orphaned-media-handler.js +9 -46
  625. package/dist/lib/orphaned-media-handler.js.map +1 -1
  626. package/dist/lib/parental-control-handler.d.ts +2 -2
  627. package/dist/lib/parental-control-handler.d.ts.map +1 -1
  628. package/dist/lib/parental-control-handler.js +18 -55
  629. package/dist/lib/parental-control-handler.js.map +1 -1
  630. package/dist/lib/parental-link-handler.d.ts +8 -8
  631. package/dist/lib/parental-link-handler.d.ts.map +1 -1
  632. package/dist/lib/parental-link-handler.js +10 -14
  633. package/dist/lib/parental-link-handler.js.map +1 -1
  634. package/dist/lib/performance-metrics.d.ts +1 -1
  635. package/dist/lib/performance-metrics.d.ts.map +1 -1
  636. package/dist/lib/performance-metrics.js +3 -6
  637. package/dist/lib/performance-metrics.js.map +1 -1
  638. package/dist/lib/post-handler.d.ts +9 -9
  639. package/dist/lib/post-handler.d.ts.map +1 -1
  640. package/dist/lib/post-handler.js +67 -101
  641. package/dist/lib/post-handler.js.map +1 -1
  642. package/dist/lib/privacy-defaults.js +3 -8
  643. package/dist/lib/privacy-defaults.js.map +1 -1
  644. package/dist/lib/privacy-handler.d.ts +2 -2
  645. package/dist/lib/privacy-handler.d.ts.map +1 -1
  646. package/dist/lib/privacy-handler.js +6 -10
  647. package/dist/lib/privacy-handler.js.map +1 -1
  648. package/dist/lib/pseudonym.d.ts +56 -0
  649. package/dist/lib/pseudonym.d.ts.map +1 -0
  650. package/dist/lib/pseudonym.js +85 -0
  651. package/dist/lib/pseudonym.js.map +1 -0
  652. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
  653. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
  654. package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
  655. package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
  656. package/dist/lib/quiet-hours.js +2 -6
  657. package/dist/lib/quiet-hours.js.map +1 -1
  658. package/dist/lib/rate-limit.d.ts +58 -47
  659. package/dist/lib/rate-limit.d.ts.map +1 -1
  660. package/dist/lib/rate-limit.js +168 -157
  661. package/dist/lib/rate-limit.js.map +1 -1
  662. package/dist/lib/reaction-handler.d.ts +10 -10
  663. package/dist/lib/reaction-handler.d.ts.map +1 -1
  664. package/dist/lib/reaction-handler.js +44 -80
  665. package/dist/lib/reaction-handler.js.map +1 -1
  666. package/dist/lib/recaptcha.js +6 -9
  667. package/dist/lib/recaptcha.js.map +1 -1
  668. package/dist/lib/redirect-resolver.d.ts +2 -2
  669. package/dist/lib/redirect-resolver.d.ts.map +1 -1
  670. package/dist/lib/redirect-resolver.js +5 -9
  671. package/dist/lib/redirect-resolver.js.map +1 -1
  672. package/dist/lib/region-config.d.ts +3 -3
  673. package/dist/lib/region-config.d.ts.map +1 -1
  674. package/dist/lib/region-config.js +15 -58
  675. package/dist/lib/region-config.js.map +1 -1
  676. package/dist/lib/region-detection.d.ts +55 -24
  677. package/dist/lib/region-detection.d.ts.map +1 -1
  678. package/dist/lib/region-detection.js +140 -199
  679. package/dist/lib/region-detection.js.map +1 -1
  680. package/dist/lib/region-registry.d.ts +49 -0
  681. package/dist/lib/region-registry.d.ts.map +1 -0
  682. package/dist/lib/region-registry.js +112 -0
  683. package/dist/lib/region-registry.js.map +1 -0
  684. package/dist/lib/relationship-handler.d.ts +9 -9
  685. package/dist/lib/relationship-handler.d.ts.map +1 -1
  686. package/dist/lib/relationship-handler.js +12 -49
  687. package/dist/lib/relationship-handler.js.map +1 -1
  688. package/dist/lib/request-context.d.ts +16 -16
  689. package/dist/lib/request-context.d.ts.map +1 -1
  690. package/dist/lib/request-context.js +14 -22
  691. package/dist/lib/request-context.js.map +1 -1
  692. package/dist/lib/route-helpers.d.ts +3 -4
  693. package/dist/lib/route-helpers.d.ts.map +1 -1
  694. package/dist/lib/route-helpers.js +20 -75
  695. package/dist/lib/route-helpers.js.map +1 -1
  696. package/dist/lib/routes/activitypub/actor.d.ts +1 -1
  697. package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
  698. package/dist/lib/routes/activitypub/actor.js +20 -23
  699. package/dist/lib/routes/activitypub/actor.js.map +1 -1
  700. package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
  701. package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
  702. package/dist/lib/routes/activitypub/audiences.js +76 -80
  703. package/dist/lib/routes/activitypub/audiences.js.map +1 -1
  704. package/dist/lib/routes/activitypub/collections.d.ts +1 -1
  705. package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
  706. package/dist/lib/routes/activitypub/collections.js +24 -26
  707. package/dist/lib/routes/activitypub/collections.js.map +1 -1
  708. package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
  709. package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
  710. package/dist/lib/routes/activitypub/entity-profile.js +36 -39
  711. package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
  712. package/dist/lib/routes/activitypub/friends.d.ts +1 -1
  713. package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
  714. package/dist/lib/routes/activitypub/friends.js +9 -12
  715. package/dist/lib/routes/activitypub/friends.js.map +1 -1
  716. package/dist/lib/routes/activitypub/group.d.ts +1 -1
  717. package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
  718. package/dist/lib/routes/activitypub/group.js +91 -94
  719. package/dist/lib/routes/activitypub/group.js.map +1 -1
  720. package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
  721. package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
  722. package/dist/lib/routes/activitypub/inbox.js +30 -33
  723. package/dist/lib/routes/activitypub/inbox.js.map +1 -1
  724. package/dist/lib/routes/activitypub/messages.d.ts +1 -1
  725. package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
  726. package/dist/lib/routes/activitypub/messages.js +79 -83
  727. package/dist/lib/routes/activitypub/messages.js.map +1 -1
  728. package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
  729. package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
  730. package/dist/lib/routes/activitypub/outbox.js +9 -12
  731. package/dist/lib/routes/activitypub/outbox.js.map +1 -1
  732. package/dist/lib/routes/activitypub/post.d.ts +1 -1
  733. package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
  734. package/dist/lib/routes/activitypub/post.js +32 -35
  735. package/dist/lib/routes/activitypub/post.js.map +1 -1
  736. package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
  737. package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
  738. package/dist/lib/routes/activitypub/webfinger.js +5 -8
  739. package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
  740. package/dist/lib/routes/admin-costs.d.ts +1 -1
  741. package/dist/lib/routes/admin-costs.d.ts.map +1 -1
  742. package/dist/lib/routes/admin-costs.js +22 -26
  743. package/dist/lib/routes/admin-costs.js.map +1 -1
  744. package/dist/lib/routes/admin.d.ts +1 -1
  745. package/dist/lib/routes/admin.d.ts.map +1 -1
  746. package/dist/lib/routes/admin.js +290 -269
  747. package/dist/lib/routes/admin.js.map +1 -1
  748. package/dist/lib/routes/agent-authorize.d.ts +5 -5
  749. package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
  750. package/dist/lib/routes/agent-authorize.js +68 -74
  751. package/dist/lib/routes/agent-authorize.js.map +1 -1
  752. package/dist/lib/routes/agent-sessions.d.ts +4 -4
  753. package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
  754. package/dist/lib/routes/agent-sessions.js +30 -35
  755. package/dist/lib/routes/agent-sessions.js.map +1 -1
  756. package/dist/lib/routes/agent-surface.d.ts +2 -2
  757. package/dist/lib/routes/agent-surface.d.ts.map +1 -1
  758. package/dist/lib/routes/agent-surface.js +20 -24
  759. package/dist/lib/routes/agent-surface.js.map +1 -1
  760. package/dist/lib/routes/auth-discover.d.ts +1 -1
  761. package/dist/lib/routes/auth-discover.d.ts.map +1 -1
  762. package/dist/lib/routes/auth-discover.js +20 -56
  763. package/dist/lib/routes/auth-discover.js.map +1 -1
  764. package/dist/lib/routes/auth.d.ts +1 -1
  765. package/dist/lib/routes/auth.d.ts.map +1 -1
  766. package/dist/lib/routes/auth.js +13 -16
  767. package/dist/lib/routes/auth.js.map +1 -1
  768. package/dist/lib/routes/badges.d.ts +1 -1
  769. package/dist/lib/routes/badges.d.ts.map +1 -1
  770. package/dist/lib/routes/badges.js +20 -23
  771. package/dist/lib/routes/badges.js.map +1 -1
  772. package/dist/lib/routes/circles.d.ts +1 -1
  773. package/dist/lib/routes/circles.d.ts.map +1 -1
  774. package/dist/lib/routes/circles.js +40 -44
  775. package/dist/lib/routes/circles.js.map +1 -1
  776. package/dist/lib/routes/comments.d.ts +1 -1
  777. package/dist/lib/routes/comments.d.ts.map +1 -1
  778. package/dist/lib/routes/comments.js +67 -71
  779. package/dist/lib/routes/comments.js.map +1 -1
  780. package/dist/lib/routes/connection-codes.d.ts +1 -1
  781. package/dist/lib/routes/connection-codes.d.ts.map +1 -1
  782. package/dist/lib/routes/connection-codes.js +30 -34
  783. package/dist/lib/routes/connection-codes.js.map +1 -1
  784. package/dist/lib/routes/content-discovery.d.ts +1 -1
  785. package/dist/lib/routes/content-discovery.d.ts.map +1 -1
  786. package/dist/lib/routes/content-discovery.js +31 -34
  787. package/dist/lib/routes/content-discovery.js.map +1 -1
  788. package/dist/lib/routes/dashboard.d.ts +1 -1
  789. package/dist/lib/routes/dashboard.d.ts.map +1 -1
  790. package/dist/lib/routes/dashboard.js +251 -288
  791. package/dist/lib/routes/dashboard.js.map +1 -1
  792. package/dist/lib/routes/deletion.d.ts +1 -1
  793. package/dist/lib/routes/deletion.d.ts.map +1 -1
  794. package/dist/lib/routes/deletion.js +37 -74
  795. package/dist/lib/routes/deletion.js.map +1 -1
  796. package/dist/lib/routes/discovery.d.ts +1 -1
  797. package/dist/lib/routes/discovery.d.ts.map +1 -1
  798. package/dist/lib/routes/discovery.js +20 -24
  799. package/dist/lib/routes/discovery.js.map +1 -1
  800. package/dist/lib/routes/employees.d.ts +1 -1
  801. package/dist/lib/routes/employees.d.ts.map +1 -1
  802. package/dist/lib/routes/employees.js +15 -52
  803. package/dist/lib/routes/employees.js.map +1 -1
  804. package/dist/lib/routes/entities.d.ts +1 -1
  805. package/dist/lib/routes/entities.d.ts.map +1 -1
  806. package/dist/lib/routes/entities.js +133 -137
  807. package/dist/lib/routes/entities.js.map +1 -1
  808. package/dist/lib/routes/entity-relationships.d.ts +1 -1
  809. package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
  810. package/dist/lib/routes/entity-relationships.js +35 -39
  811. package/dist/lib/routes/entity-relationships.js.map +1 -1
  812. package/dist/lib/routes/errors.d.ts +1 -1
  813. package/dist/lib/routes/errors.d.ts.map +1 -1
  814. package/dist/lib/routes/errors.js +4 -10
  815. package/dist/lib/routes/errors.js.map +1 -1
  816. package/dist/lib/routes/export.d.ts +1 -1
  817. package/dist/lib/routes/export.d.ts.map +1 -1
  818. package/dist/lib/routes/export.js +31 -35
  819. package/dist/lib/routes/export.js.map +1 -1
  820. package/dist/lib/routes/feature-flags.d.ts +1 -1
  821. package/dist/lib/routes/feature-flags.d.ts.map +1 -1
  822. package/dist/lib/routes/feature-flags.js +20 -23
  823. package/dist/lib/routes/feature-flags.js.map +1 -1
  824. package/dist/lib/routes/feeds.d.ts +1 -1
  825. package/dist/lib/routes/feeds.d.ts.map +1 -1
  826. package/dist/lib/routes/feeds.js +42 -46
  827. package/dist/lib/routes/feeds.js.map +1 -1
  828. package/dist/lib/routes/friends.d.ts +1 -1
  829. package/dist/lib/routes/friends.d.ts.map +1 -1
  830. package/dist/lib/routes/friends.js +35 -39
  831. package/dist/lib/routes/friends.js.map +1 -1
  832. package/dist/lib/routes/health.d.ts +1 -1
  833. package/dist/lib/routes/health.d.ts.map +1 -1
  834. package/dist/lib/routes/health.js +23 -27
  835. package/dist/lib/routes/health.js.map +1 -1
  836. package/dist/lib/routes/index.d.ts +2 -7
  837. package/dist/lib/routes/index.d.ts.map +1 -1
  838. package/dist/lib/routes/index.js +137 -158
  839. package/dist/lib/routes/index.js.map +1 -1
  840. package/dist/lib/routes/internal-docs.d.ts +1 -1
  841. package/dist/lib/routes/internal-docs.d.ts.map +1 -1
  842. package/dist/lib/routes/internal-docs.js +13 -16
  843. package/dist/lib/routes/internal-docs.js.map +1 -1
  844. package/dist/lib/routes/invitations.d.ts +1 -1
  845. package/dist/lib/routes/invitations.d.ts.map +1 -1
  846. package/dist/lib/routes/invitations.js +19 -22
  847. package/dist/lib/routes/invitations.js.map +1 -1
  848. package/dist/lib/routes/link-reports.d.ts +2 -2
  849. package/dist/lib/routes/link-reports.d.ts.map +1 -1
  850. package/dist/lib/routes/link-reports.js +86 -48
  851. package/dist/lib/routes/link-reports.js.map +1 -1
  852. package/dist/lib/routes/map.d.ts +1 -1
  853. package/dist/lib/routes/map.d.ts.map +1 -1
  854. package/dist/lib/routes/map.js +5 -8
  855. package/dist/lib/routes/map.js.map +1 -1
  856. package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
  857. package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
  858. package/dist/lib/routes/media-metadata-visibility.js +30 -67
  859. package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
  860. package/dist/lib/routes/media.d.ts +1 -1
  861. package/dist/lib/routes/media.d.ts.map +1 -1
  862. package/dist/lib/routes/media.js +156 -193
  863. package/dist/lib/routes/media.js.map +1 -1
  864. package/dist/lib/routes/mfa.d.ts +1 -1
  865. package/dist/lib/routes/mfa.d.ts.map +1 -1
  866. package/dist/lib/routes/mfa.js +60 -64
  867. package/dist/lib/routes/mfa.js.map +1 -1
  868. package/dist/lib/routes/notifications.d.ts +1 -1
  869. package/dist/lib/routes/notifications.d.ts.map +1 -1
  870. package/dist/lib/routes/notifications.js +68 -72
  871. package/dist/lib/routes/notifications.js.map +1 -1
  872. package/dist/lib/routes/oauth.d.ts +1 -1
  873. package/dist/lib/routes/oauth.d.ts.map +1 -1
  874. package/dist/lib/routes/oauth.js +20 -23
  875. package/dist/lib/routes/oauth.js.map +1 -1
  876. package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
  877. package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
  878. package/dist/lib/routes/orphaned-media-health.js +10 -13
  879. package/dist/lib/routes/orphaned-media-health.js.map +1 -1
  880. package/dist/lib/routes/orphaned-media.d.ts +1 -1
  881. package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
  882. package/dist/lib/routes/orphaned-media.js +20 -57
  883. package/dist/lib/routes/orphaned-media.js.map +1 -1
  884. package/dist/lib/routes/out.d.ts +1 -1
  885. package/dist/lib/routes/out.d.ts.map +1 -1
  886. package/dist/lib/routes/out.js +21 -24
  887. package/dist/lib/routes/out.js.map +1 -1
  888. package/dist/lib/routes/parental-controls.d.ts +1 -1
  889. package/dist/lib/routes/parental-controls.d.ts.map +1 -1
  890. package/dist/lib/routes/parental-controls.js +91 -95
  891. package/dist/lib/routes/parental-controls.js.map +1 -1
  892. package/dist/lib/routes/posts.d.ts +1 -1
  893. package/dist/lib/routes/posts.d.ts.map +1 -1
  894. package/dist/lib/routes/posts.js +101 -105
  895. package/dist/lib/routes/posts.js.map +1 -1
  896. package/dist/lib/routes/privacy.d.ts +1 -1
  897. package/dist/lib/routes/privacy.d.ts.map +1 -1
  898. package/dist/lib/routes/privacy.js +21 -25
  899. package/dist/lib/routes/privacy.js.map +1 -1
  900. package/dist/lib/routes/products.d.ts +1 -1
  901. package/dist/lib/routes/products.d.ts.map +1 -1
  902. package/dist/lib/routes/products.js +44 -48
  903. package/dist/lib/routes/products.js.map +1 -1
  904. package/dist/lib/routes/relationships.d.ts +1 -1
  905. package/dist/lib/routes/relationships.d.ts.map +1 -1
  906. package/dist/lib/routes/relationships.js +35 -39
  907. package/dist/lib/routes/relationships.js.map +1 -1
  908. package/dist/lib/routes/sentiments.d.ts +1 -1
  909. package/dist/lib/routes/sentiments.d.ts.map +1 -1
  910. package/dist/lib/routes/sentiments.js +71 -75
  911. package/dist/lib/routes/sentiments.js.map +1 -1
  912. package/dist/lib/routes/setup-status.d.ts +1 -1
  913. package/dist/lib/routes/setup-status.d.ts.map +1 -1
  914. package/dist/lib/routes/setup-status.js +17 -20
  915. package/dist/lib/routes/setup-status.js.map +1 -1
  916. package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
  917. package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
  918. package/dist/lib/routes/taxonomy-analytics.js +29 -33
  919. package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
  920. package/dist/lib/routes/taxonomy.d.ts +1 -1
  921. package/dist/lib/routes/taxonomy.d.ts.map +1 -1
  922. package/dist/lib/routes/taxonomy.js +48 -51
  923. package/dist/lib/routes/taxonomy.js.map +1 -1
  924. package/dist/lib/routes/tenant-audit.d.ts +1 -1
  925. package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
  926. package/dist/lib/routes/tenant-audit.js +35 -92
  927. package/dist/lib/routes/tenant-audit.js.map +1 -1
  928. package/dist/lib/routes/tenant-compliance.d.ts +1 -1
  929. package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
  930. package/dist/lib/routes/tenant-compliance.js +16 -52
  931. package/dist/lib/routes/tenant-compliance.js.map +1 -1
  932. package/dist/lib/routes/tenant-domains.d.ts +1 -1
  933. package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
  934. package/dist/lib/routes/tenant-domains.js +27 -30
  935. package/dist/lib/routes/tenant-domains.js.map +1 -1
  936. package/dist/lib/routes/tenant-idp.d.ts +1 -1
  937. package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
  938. package/dist/lib/routes/tenant-idp.js +27 -30
  939. package/dist/lib/routes/tenant-idp.js.map +1 -1
  940. package/dist/lib/routes/tenant-members.d.ts +1 -1
  941. package/dist/lib/routes/tenant-members.d.ts.map +1 -1
  942. package/dist/lib/routes/tenant-members.js +21 -24
  943. package/dist/lib/routes/tenant-members.js.map +1 -1
  944. package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
  945. package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
  946. package/dist/lib/routes/tenant-role-mappings.js +27 -30
  947. package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
  948. package/dist/lib/routes/tenants.d.ts +1 -1
  949. package/dist/lib/routes/tenants.d.ts.map +1 -1
  950. package/dist/lib/routes/tenants.js +37 -40
  951. package/dist/lib/routes/tenants.js.map +1 -1
  952. package/dist/lib/routes/types.d.ts +10 -5
  953. package/dist/lib/routes/types.d.ts.map +1 -1
  954. package/dist/lib/routes/types.js +1 -2
  955. package/dist/lib/routes/types.js.map +1 -1
  956. package/dist/lib/routes/upload-sessions.d.ts +1 -1
  957. package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
  958. package/dist/lib/routes/upload-sessions.js +57 -94
  959. package/dist/lib/routes/upload-sessions.js.map +1 -1
  960. package/dist/lib/routes/user.d.ts +1 -1
  961. package/dist/lib/routes/user.d.ts.map +1 -1
  962. package/dist/lib/routes/user.js +137 -85
  963. package/dist/lib/routes/user.js.map +1 -1
  964. package/dist/lib/routes.d.ts +2 -2
  965. package/dist/lib/routes.d.ts.map +1 -1
  966. package/dist/lib/routes.js +2 -7
  967. package/dist/lib/routes.js.map +1 -1
  968. package/dist/lib/scaling-health.d.ts.map +1 -1
  969. package/dist/lib/scaling-health.js +6 -9
  970. package/dist/lib/scaling-health.js.map +1 -1
  971. package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
  972. package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
  973. package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
  974. package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
  975. package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
  976. package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
  977. package/dist/lib/schemas.d.ts +85 -204
  978. package/dist/lib/schemas.d.ts.map +1 -1
  979. package/dist/lib/schemas.js +71 -74
  980. package/dist/lib/schemas.js.map +1 -1
  981. package/dist/lib/secrets/idp-secrets.d.ts +1 -1
  982. package/dist/lib/secrets/idp-secrets.js +13 -19
  983. package/dist/lib/secrets/idp-secrets.js.map +1 -1
  984. package/dist/lib/security-event-cleaner.js +1 -5
  985. package/dist/lib/security-event-cleaner.js.map +1 -1
  986. package/dist/lib/security-headers.js +1 -5
  987. package/dist/lib/security-headers.js.map +1 -1
  988. package/dist/lib/security-monitor.d.ts +4 -2
  989. package/dist/lib/security-monitor.d.ts.map +1 -1
  990. package/dist/lib/security-monitor.js +16 -18
  991. package/dist/lib/security-monitor.js.map +1 -1
  992. package/dist/lib/sentiment-digest.d.ts +1 -1
  993. package/dist/lib/sentiment-digest.d.ts.map +1 -1
  994. package/dist/lib/sentiment-digest.js +5 -8
  995. package/dist/lib/sentiment-digest.js.map +1 -1
  996. package/dist/lib/sentiment-display.js +3 -7
  997. package/dist/lib/sentiment-display.js.map +1 -1
  998. package/dist/lib/services/image-normalizer.js +1 -5
  999. package/dist/lib/services/image-normalizer.js.map +1 -1
  1000. package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
  1001. package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
  1002. package/dist/lib/services/media-reconciliation-service.js +7 -11
  1003. package/dist/lib/services/media-reconciliation-service.js.map +1 -1
  1004. package/dist/lib/services/media-upload-service.d.ts +1 -1
  1005. package/dist/lib/services/media-upload-service.d.ts.map +1 -1
  1006. package/dist/lib/services/media-upload-service.js +4 -8
  1007. package/dist/lib/services/media-upload-service.js.map +1 -1
  1008. package/dist/lib/services/user-data-deletion.d.ts +45 -2
  1009. package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
  1010. package/dist/lib/services/user-data-deletion.js +87 -9
  1011. package/dist/lib/services/user-data-deletion.js.map +1 -1
  1012. package/dist/lib/session-awareness.js +2 -6
  1013. package/dist/lib/session-awareness.js.map +1 -1
  1014. package/dist/lib/session-config.js +8 -17
  1015. package/dist/lib/session-config.js.map +1 -1
  1016. package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
  1017. package/dist/lib/session-cookie.d.ts.map +1 -0
  1018. package/dist/lib/session-cookie.js +0 -0
  1019. package/dist/lib/session-cookie.js.map +1 -0
  1020. package/dist/lib/signup-metadata.d.ts +129 -0
  1021. package/dist/lib/signup-metadata.d.ts.map +1 -0
  1022. package/dist/lib/signup-metadata.js +127 -0
  1023. package/dist/lib/signup-metadata.js.map +1 -0
  1024. package/dist/lib/sso-auth-handler.js +1 -5
  1025. package/dist/lib/sso-auth-handler.js.map +1 -1
  1026. package/dist/lib/tag-suggestions-handler.d.ts +1 -1
  1027. package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
  1028. package/dist/lib/tag-suggestions-handler.js +1 -5
  1029. package/dist/lib/tag-suggestions-handler.js.map +1 -1
  1030. package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
  1031. package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
  1032. package/dist/lib/taxonomy-handler-factory.js +7 -10
  1033. package/dist/lib/taxonomy-handler-factory.js.map +1 -1
  1034. package/dist/lib/taxonomy-handler.d.ts +2 -2
  1035. package/dist/lib/taxonomy-handler.d.ts.map +1 -1
  1036. package/dist/lib/taxonomy-handler.js +8 -8
  1037. package/dist/lib/taxonomy-handler.js.map +1 -1
  1038. package/dist/lib/taxonomy-metrics.js +5 -9
  1039. package/dist/lib/taxonomy-metrics.js.map +1 -1
  1040. package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
  1041. package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
  1042. package/dist/lib/taxonomy-search-metrics.js +3 -7
  1043. package/dist/lib/taxonomy-search-metrics.js.map +1 -1
  1044. package/dist/lib/tenant/audit-emit.d.ts +18 -8
  1045. package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
  1046. package/dist/lib/tenant/audit-emit.js +50 -11
  1047. package/dist/lib/tenant/audit-emit.js.map +1 -1
  1048. package/dist/lib/tenant/derive-domain.js +1 -4
  1049. package/dist/lib/tenant/derive-domain.js.map +1 -1
  1050. package/dist/lib/tenant/domain-handler.d.ts +2 -2
  1051. package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
  1052. package/dist/lib/tenant/domain-handler.js +50 -62
  1053. package/dist/lib/tenant/domain-handler.js.map +1 -1
  1054. package/dist/lib/tenant/domain-validator.d.ts +1 -1
  1055. package/dist/lib/tenant/domain-validator.js +10 -13
  1056. package/dist/lib/tenant/domain-validator.js.map +1 -1
  1057. package/dist/lib/tenant/domain-verifier.d.ts +3 -3
  1058. package/dist/lib/tenant/domain-verifier.js +8 -11
  1059. package/dist/lib/tenant/domain-verifier.js.map +1 -1
  1060. package/dist/lib/tenant/idp-handler.d.ts +4 -4
  1061. package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
  1062. package/dist/lib/tenant/idp-handler.js +45 -82
  1063. package/dist/lib/tenant/idp-handler.js.map +1 -1
  1064. package/dist/lib/tenant/idp-name.js +1 -4
  1065. package/dist/lib/tenant/idp-name.js.map +1 -1
  1066. package/dist/lib/tenant/member-handler.d.ts +2 -2
  1067. package/dist/lib/tenant/member-handler.d.ts.map +1 -1
  1068. package/dist/lib/tenant/member-handler.js +30 -67
  1069. package/dist/lib/tenant/member-handler.js.map +1 -1
  1070. package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
  1071. package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
  1072. package/dist/lib/tenant/reserved-slugs.js +8 -14
  1073. package/dist/lib/tenant/reserved-slugs.js.map +1 -1
  1074. package/dist/lib/tenant/resolve-role.js +1 -4
  1075. package/dist/lib/tenant/resolve-role.js.map +1 -1
  1076. package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
  1077. package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
  1078. package/dist/lib/tenant/role-mapping-handler.js +24 -61
  1079. package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
  1080. package/dist/lib/tenant/setup-status.d.ts +1 -1
  1081. package/dist/lib/tenant/setup-status.d.ts.map +1 -1
  1082. package/dist/lib/tenant/setup-status.js +3 -40
  1083. package/dist/lib/tenant/setup-status.js.map +1 -1
  1084. package/dist/lib/tenant/slug-validator.js +3 -6
  1085. package/dist/lib/tenant/slug-validator.js.map +1 -1
  1086. package/dist/lib/tenant/tenant-handler.d.ts +2 -2
  1087. package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
  1088. package/dist/lib/tenant/tenant-handler.js +31 -68
  1089. package/dist/lib/tenant/tenant-handler.js.map +1 -1
  1090. package/dist/lib/tenant/transfer-ownership.js +2 -6
  1091. package/dist/lib/tenant/transfer-ownership.js.map +1 -1
  1092. package/dist/lib/tenant-scope.d.ts +97 -0
  1093. package/dist/lib/tenant-scope.d.ts.map +1 -0
  1094. package/dist/lib/tenant-scope.js +270 -0
  1095. package/dist/lib/tenant-scope.js.map +1 -0
  1096. package/dist/lib/terminology.d.ts.map +1 -1
  1097. package/dist/lib/terminology.js +7 -9
  1098. package/dist/lib/terminology.js.map +1 -1
  1099. package/dist/lib/theme.js +2 -6
  1100. package/dist/lib/theme.js.map +1 -1
  1101. package/dist/lib/threat-intel-service.d.ts +2 -2
  1102. package/dist/lib/threat-intel-service.d.ts.map +1 -1
  1103. package/dist/lib/threat-intel-service.js +3 -7
  1104. package/dist/lib/threat-intel-service.js.map +1 -1
  1105. package/dist/lib/types/media-reconciliation.js +1 -2
  1106. package/dist/lib/types/media-reconciliation.js.map +1 -1
  1107. package/dist/lib/upload-session-handler.d.ts +1 -1
  1108. package/dist/lib/upload-session-handler.d.ts.map +1 -1
  1109. package/dist/lib/upload-session-handler.js +13 -50
  1110. package/dist/lib/upload-session-handler.js.map +1 -1
  1111. package/dist/lib/user/derive-handle.d.ts +22 -0
  1112. package/dist/lib/user/derive-handle.d.ts.map +1 -1
  1113. package/dist/lib/user/derive-handle.js +18 -6
  1114. package/dist/lib/user/derive-handle.js.map +1 -1
  1115. package/dist/lib/user-badge.js +6 -14
  1116. package/dist/lib/user-badge.js.map +1 -1
  1117. package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
  1118. package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
  1119. package/dist/lib/user-deletion-handler-enhanced.js +16 -53
  1120. package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
  1121. package/dist/lib/user-deprovisioning.d.ts +1 -1
  1122. package/dist/lib/user-deprovisioning.d.ts.map +1 -1
  1123. package/dist/lib/user-deprovisioning.js +16 -20
  1124. package/dist/lib/user-deprovisioning.js.map +1 -1
  1125. package/dist/lib/user-export-handler.d.ts +4 -4
  1126. package/dist/lib/user-export-handler.d.ts.map +1 -1
  1127. package/dist/lib/user-export-handler.js +11 -15
  1128. package/dist/lib/user-export-handler.js.map +1 -1
  1129. package/dist/lib/validate-request.js +8 -13
  1130. package/dist/lib/validate-request.js.map +1 -1
  1131. package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
  1132. package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
  1133. package/dist/lib/validation/feature-toggle-schemas.js +50 -59
  1134. package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
  1135. package/dist/lib/validation/validate-request.d.ts.map +1 -1
  1136. package/dist/lib/validation/validate-request.js +12 -23
  1137. package/dist/lib/validation/validate-request.js.map +1 -1
  1138. package/dist/lib/validation.js +1 -5
  1139. package/dist/lib/validation.js.map +1 -1
  1140. package/dist/lib/version.js +3 -8
  1141. package/dist/lib/version.js.map +1 -1
  1142. package/dist/server.d.ts +1 -1
  1143. package/dist/server.d.ts.map +1 -1
  1144. package/dist/server.js +29 -69
  1145. package/dist/server.js.map +1 -1
  1146. package/dist/types/cloudflare-compat.d.ts +3 -93
  1147. package/dist/types/cloudflare-compat.d.ts.map +1 -1
  1148. package/dist/types/cloudflare-compat.js +1 -2
  1149. package/dist/types/cloudflare-compat.js.map +1 -1
  1150. package/dist/worker.d.ts +6 -6
  1151. package/dist/worker.d.ts.map +1 -1
  1152. package/dist/worker.js +6 -13
  1153. package/dist/worker.js.map +1 -1
  1154. package/package.json +28 -15
  1155. package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
  1156. package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
  1157. package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
  1158. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
  1159. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
  1160. package/prisma/migrations/20260606000000_handle_canonical_identity/migration.sql +18 -0
  1161. package/prisma/schema.prisma +426 -68
  1162. package/src/lambda/cleanup-cron.ts +10 -7
  1163. package/src/lambda/create-auth-challenge.ts +6 -3
  1164. package/src/lambda/delete-account-worker.ts +17 -12
  1165. package/src/lambda/diagnostics-proxy.ts +9 -6
  1166. package/src/lambda/e2e-sweeper.ts +17 -23
  1167. package/src/lambda/federation-outbox-worker.ts +4 -1
  1168. package/src/lambda/followers-events-worker.ts +4 -1
  1169. package/src/lambda/hourly-cron.ts +112 -20
  1170. package/src/lambda/link-check-worker.ts +4 -1
  1171. package/src/lambda/maintenance-cron.ts +24 -13
  1172. package/src/lambda/media-processing-worker.ts +5 -2
  1173. package/src/lambda/media-reconciliation-worker.ts +4 -1
  1174. package/src/lambda/nightly-cron.ts +53 -54
  1175. package/src/lambda/post-confirmation.ts +262 -76
  1176. package/src/lambda/pre-token-generation.ts +39 -44
  1177. package/src/lambda/verify-auth-challenge.ts +4 -1
  1178. package/dist/lib/audit/emit.d.ts +0 -56
  1179. package/dist/lib/audit/emit.d.ts.map +0 -1
  1180. package/dist/lib/audit/emit.js +0 -124
  1181. package/dist/lib/audit/emit.js.map +0 -1
  1182. package/dist/lib/audit/event-types.d.ts +0 -36
  1183. package/dist/lib/audit/event-types.d.ts.map +0 -1
  1184. package/dist/lib/audit/event-types.js +0 -69
  1185. package/dist/lib/audit/event-types.js.map +0 -1
  1186. package/dist/lib/audit-logger.d.ts +0 -142
  1187. package/dist/lib/audit-logger.d.ts.map +0 -1
  1188. package/dist/lib/audit-logger.js +0 -326
  1189. package/dist/lib/audit-logger.js.map +0 -1
  1190. package/dist/lib/circuit-breaker.d.ts +0 -27
  1191. package/dist/lib/circuit-breaker.d.ts.map +0 -1
  1192. package/dist/lib/circuit-breaker.js +0 -63
  1193. package/dist/lib/circuit-breaker.js.map +0 -1
  1194. package/dist/lib/graph/dual-write-service.d.ts +0 -116
  1195. package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
  1196. package/dist/lib/graph/dual-write-service.js +0 -332
  1197. package/dist/lib/graph/dual-write-service.js.map +0 -1
  1198. package/dist/lib/graph/dual-write.d.ts +0 -396
  1199. package/dist/lib/graph/dual-write.d.ts.map +0 -1
  1200. package/dist/lib/graph/dual-write.js +0 -53
  1201. package/dist/lib/graph/dual-write.js.map +0 -1
  1202. package/dist/lib/graph/graph-schema-init.d.ts +0 -31
  1203. package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
  1204. package/dist/lib/graph/graph-schema-init.js +0 -105
  1205. package/dist/lib/graph/graph-schema-init.js.map +0 -1
  1206. package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
  1207. package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
  1208. package/dist/lib/graph/neo4j-graph-service.js +0 -1625
  1209. package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
  1210. package/dist/lib/graph/reconciliation-service.d.ts +0 -113
  1211. package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
  1212. package/dist/lib/graph/reconciliation-service.js +0 -533
  1213. package/dist/lib/graph/reconciliation-service.js.map +0 -1
  1214. package/dist/lib/id-generator.d.ts +0 -29
  1215. package/dist/lib/id-generator.d.ts.map +0 -1
  1216. package/dist/lib/id-generator.js +0 -51
  1217. package/dist/lib/id-generator.js.map +0 -1
  1218. package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
  1219. package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
  1220. package/dist/lib/kv/dynamodb-kv.js +0 -239
  1221. package/dist/lib/kv/dynamodb-kv.js.map +0 -1
  1222. package/dist/lib/queue/sqs-queue.d.ts +0 -16
  1223. package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
  1224. package/dist/lib/queue/sqs-queue.js +0 -39
  1225. package/dist/lib/queue/sqs-queue.js.map +0 -1
  1226. package/dist/lib/route-matcher.d.ts +0 -24
  1227. package/dist/lib/route-matcher.d.ts.map +0 -1
  1228. package/dist/lib/route-matcher.js +0 -96
  1229. package/dist/lib/route-matcher.js.map +0 -1
  1230. package/dist/lib/router.d.ts +0 -26
  1231. package/dist/lib/router.d.ts.map +0 -1
  1232. package/dist/lib/router.js +0 -90
  1233. package/dist/lib/router.js.map +0 -1
  1234. package/dist/lib/routes-all.d.ts +0 -9
  1235. package/dist/lib/routes-all.d.ts.map +0 -1
  1236. package/dist/lib/routes-all.js +0 -170
  1237. package/dist/lib/routes-all.js.map +0 -1
  1238. package/dist/lib/secret-resolver.d.ts +0 -88
  1239. package/dist/lib/secret-resolver.d.ts.map +0 -1
  1240. package/dist/lib/secret-resolver.js +0 -183
  1241. package/dist/lib/secret-resolver.js.map +0 -1
  1242. package/dist/lib/session-manager.d.ts.map +0 -1
  1243. package/dist/lib/session-manager.js +0 -492
  1244. package/dist/lib/session-manager.js.map +0 -1
  1245. package/dist/lib/storage/s3-storage.d.ts +0 -29
  1246. package/dist/lib/storage/s3-storage.d.ts.map +0 -1
  1247. package/dist/lib/storage/s3-storage.js +0 -135
  1248. package/dist/lib/storage/s3-storage.js.map +0 -1
  1249. package/dist/lib/tenant-context.d.ts +0 -35
  1250. package/dist/lib/tenant-context.d.ts.map +0 -1
  1251. package/dist/lib/tenant-context.js +0 -54
  1252. package/dist/lib/tenant-context.js.map +0 -1
@@ -0,0 +1,421 @@
1
+ /**
2
+ * Audit composer (phase 1.C.2).
3
+ *
4
+ * Trellis-side facade over `@de-otio/saas-foundation/audit`. Replaces
5
+ * the old `AuditLogger` (data lifecycle) and `AuditEventEmitter`
6
+ * (tenant / IdP) with a single composition point that:
7
+ *
8
+ * 1. Applies trellis's default-DENY allowlist (`filterPayload`) +
9
+ * IP anonymisation (`anonymizeIp`) to event metadata BEFORE the
10
+ * event reaches foundation. (LOCKED: keep the allowlist.)
11
+ * 2. Hands the scrubbed event to foundation's `AuditLog`, which is
12
+ * configured with foundation's `PiiFilter` (denylist) as a
13
+ * SECOND, additive layer. (LOCKED: denylist is additive, not a
14
+ * replacement.)
15
+ * 3. Persists via `PostgresAuditStore` over a region-resolved Prisma
16
+ * client. Retention tiers: info=30, warning=90, error=365 days.
17
+ * (LOCKED.)
18
+ *
19
+ * Frozen-type crossing: this module is the first trellis consumer of
20
+ * the frozen `AuditEvent` / `AuditAction` vocabulary. Future changes to
21
+ * the emitted shape go through the frozen-type RFC process.
22
+ *
23
+ * Severity collapse (trellis 4-tier -> foundation 3-tier):
24
+ * low + medium -> info (30d)
25
+ * high -> warning (90d)
26
+ * critical -> error (365d)
27
+ *
28
+ * ── SECURITY-SENSITIVE READ CONVENTION ───────────────────────────────
29
+ *
30
+ * Any BULK, CROSS-USER, or EXPORT read of user data MUST emit an audit
31
+ * event. An audit trail cannot be backfilled — if the read is not
32
+ * recorded at the time it occurs, it is permanently invisible to
33
+ * compliance reviews.
34
+ *
35
+ * Worked example — admin bulk-export of user records:
36
+ *
37
+ * await auditLogger.logDataAccess({
38
+ * action: DATA_READ,
39
+ * resource: "user",
40
+ * resourceId: `bulk:${requestedCount}`,
41
+ * userId: session.userId, // the requesting admin's ID
42
+ * region: detectedRegion,
43
+ * success: true,
44
+ * metadata: {
45
+ * targetType: "user_export",
46
+ * reason: "compliance_request",
47
+ * },
48
+ * }, env);
49
+ *
50
+ * Scope of the rule:
51
+ * - Covered NOW: mutations (data.create / update / delete), auth,
52
+ * feature_toggle.changed, tenant / IdP events.
53
+ * - Deferred: individual single-user reads (low priority).
54
+ * - IN SCOPE for the research platform: any research.query,
55
+ * research.extract, experiment.assign operation.
56
+ *
57
+ * See doc/02-technical/development/audit-and-toggle-conventions.md for
58
+ * naming conventions, prefix rules, and the research.query PII rule.
59
+ */
60
+ import { AuditLog, PiiFilter } from "@de-otio/saas-foundation/audit";
61
+ import { PostgresAuditStore } from "@de-otio/saas-foundation/audit/prisma";
62
+ import { createPrismaForRegion } from "../db.js";
63
+ import { getLogger } from "./logger.js";
64
+ import { isValidRegion } from "./region-detection.js";
65
+ import { filterPayload, anonymizeIp } from "./audit/pii-filter.js";
66
+ import { DATA_READ, DATA_CREATE, DATA_UPDATE, DATA_DELETE, AUTHZ_DENIED, } from "./audit-actions.js";
67
+ /** Retention tiers (LOCKED): collapse trellis intent onto foundation's. */
68
+ const RETENTION_DAYS = { info: 30, warning: 90, error: 365 };
69
+ function mapSeverity(severity) {
70
+ switch (severity) {
71
+ case "low":
72
+ case "medium":
73
+ return "info";
74
+ case "high":
75
+ return "warning";
76
+ case "critical":
77
+ return "error";
78
+ }
79
+ }
80
+ function toJsonSafe(value) {
81
+ if (value === null || value === undefined)
82
+ return null;
83
+ const t = typeof value;
84
+ if (t === "string" || t === "number" || t === "boolean")
85
+ return value;
86
+ if (Array.isArray(value))
87
+ return value.map(toJsonSafe);
88
+ if (t === "object") {
89
+ const out = {};
90
+ for (const [k, v] of Object.entries(value)) {
91
+ out[k] = toJsonSafe(v);
92
+ }
93
+ return out;
94
+ }
95
+ return String(value);
96
+ }
97
+ /**
98
+ * Apply trellis's allowlist to a raw metadata object and coerce to a
99
+ * JSON-safe record. Returns `undefined` for an empty input so we don't
100
+ * emit an empty `metadata: {}`.
101
+ */
102
+ function scrubMetadata(metadata) {
103
+ if (!metadata || Object.keys(metadata).length === 0)
104
+ return undefined;
105
+ const { filtered } = filterPayload(metadata);
106
+ const out = {};
107
+ for (const [k, v] of Object.entries(filtered)) {
108
+ out[k] = toJsonSafe(v);
109
+ }
110
+ return out;
111
+ }
112
+ // ── AuditLog cache (per region-resolved Prisma client) ────────────────
113
+ // One AuditLog per Prisma client. The DatabaseConnectionManager already
114
+ // caches the underlying pool per region, so this just avoids rebuilding
115
+ // the foundation wrapper on every emit.
116
+ const auditLogByClient = new WeakMap();
117
+ function getAuditLog(prisma) {
118
+ const existing = auditLogByClient.get(prisma);
119
+ if (existing)
120
+ return existing;
121
+ const log = new AuditLog(new PostgresAuditStore(prisma), {
122
+ retentionDays: RETENTION_DAYS,
123
+ // Foundation's denylist as the additive second PII layer.
124
+ piiFilter: new PiiFilter(),
125
+ });
126
+ auditLogByClient.set(prisma, log);
127
+ return log;
128
+ }
129
+ /**
130
+ * Map a trellis event `type` to a frozen `AuditAction`. The trellis
131
+ * `action` string (e.g. "user_accessed") is preserved in metadata; the
132
+ * coarse foundation action keeps the open-union dotted convention.
133
+ */
134
+ function actionFor(type) {
135
+ switch (type) {
136
+ case "data_access":
137
+ return DATA_READ;
138
+ case "data_create":
139
+ return DATA_CREATE;
140
+ case "data_update":
141
+ return DATA_UPDATE;
142
+ case "data_delete":
143
+ return DATA_DELETE;
144
+ case "region_change":
145
+ return "system.region_change";
146
+ case "authentication":
147
+ return "auth.login";
148
+ case "authorization":
149
+ return AUTHZ_DENIED;
150
+ case "user_action":
151
+ return DATA_UPDATE;
152
+ }
153
+ }
154
+ /**
155
+ * `TrellisAuditLogger` — drop-in for the old `AuditLogger`. Region-aware
156
+ * (resolves a Prisma client per region), best-effort (never throws into
157
+ * the caller), and validates region before emitting (invalid-region
158
+ * events are dropped, as before).
159
+ */
160
+ export class TrellisAuditLogger {
161
+ requestId;
162
+ // Constructor kept signature-compatible with old `new AuditLogger(env)`
163
+ // / `new AuditLogger(env, requestId)`; env is unused (region drives the
164
+ // client) but accepted so call sites don't change.
165
+ constructor(_env, requestId) {
166
+ this.requestId = requestId;
167
+ }
168
+ withRequestId(requestId) {
169
+ return new TrellisAuditLogger(undefined, requestId);
170
+ }
171
+ async logDataAccess(event, env) {
172
+ return this.emit({ ...event, type: event.type ?? "data_access", severity: event.severity ?? "low" }, env);
173
+ }
174
+ async logUserAction(event, env) {
175
+ return this.emit({ ...event, type: event.type ?? "user_action", severity: event.severity ?? "medium" }, env);
176
+ }
177
+ async logAuthentication(event, env) {
178
+ return this.emit({
179
+ ...event,
180
+ resource: event.resource || "user",
181
+ type: event.type ?? "authentication",
182
+ severity: event.severity ?? (event.success ? "low" : "high"),
183
+ }, env);
184
+ }
185
+ async logAuthorization(event, env) {
186
+ return this.emit({
187
+ ...event,
188
+ type: event.type ?? "authorization",
189
+ severity: event.severity ?? (event.success ? "low" : "high"),
190
+ }, env);
191
+ }
192
+ /** Generic entry point — accepts a full trellis event. */
193
+ async log(event, env) {
194
+ const type = event.type ?? "user_action";
195
+ const defaultSeverity = type === "authentication" || type === "authorization"
196
+ ? event.success
197
+ ? "low"
198
+ : "high"
199
+ : type === "data_access"
200
+ ? "low"
201
+ : "medium";
202
+ return this.emit({ ...event, type, severity: event.severity ?? defaultSeverity }, env);
203
+ }
204
+ /**
205
+ * Emit a system-level event where the `action` string is passed directly
206
+ * to the foundation audit log (bypassing the coarse `actionFor()` mapping).
207
+ *
208
+ * Use for platform-control actions like `feature_toggle.changed`,
209
+ * `consent.changed`, `experiment.assign` that have their own dedicated
210
+ * action constant and should not be collapsed to a coarse `data.*` label.
211
+ *
212
+ * The `action` parameter MUST be a known `AuditAction` constant from
213
+ * `audit-actions.ts`; do not pass free-form strings.
214
+ *
215
+ * Best-effort — never throws into the caller.
216
+ */
217
+ async logSystemAction(action, event, env) {
218
+ return this.emitDirect(action, { ...event, severity: event.severity ?? "medium" }, env);
219
+ }
220
+ async emitDirect(action, event, env) {
221
+ const logger = getLogger();
222
+ try {
223
+ if (!isValidRegion(event.region)) {
224
+ logger.error("[Audit] Invalid region in system audit event", {
225
+ region: event.region,
226
+ action,
227
+ });
228
+ return;
229
+ }
230
+ const severity = mapSeverity(event.severity);
231
+ const rawMetadata = {
232
+ action,
233
+ resource: event.resource,
234
+ ...(event.region !== undefined && { region: event.region }),
235
+ ...(event.dataRegion !== undefined && { dataRegion: event.dataRegion }),
236
+ ...event.metadata,
237
+ };
238
+ const metadata = scrubMetadata(rawMetadata);
239
+ const anonIp = event.ipAddress ? anonymizeIp(event.ipAddress) : undefined;
240
+ const prisma = createPrismaForRegion(event.region, env);
241
+ const auditLog = getAuditLog(prisma);
242
+ await auditLog.emitAwait({
243
+ actor: event.userId
244
+ ? { kind: "user", userSub: event.userId }
245
+ : { kind: "anonymous" },
246
+ action,
247
+ ...(event.resource && event.resourceId
248
+ ? { resource: { kind: event.resource, id: event.resourceId } }
249
+ : {}),
250
+ outcome: event.success ? "success" : "failure",
251
+ severity,
252
+ ...(this.requestId !== undefined && { requestId: this.requestId }),
253
+ ...(anonIp !== undefined && { ipAddress: anonIp }),
254
+ ...(event.userAgent !== undefined && { userAgent: event.userAgent }),
255
+ ...(metadata !== undefined && { metadata }),
256
+ });
257
+ logger.info(`[Audit] ${String(action)} on ${event.resource}${event.resourceId ? ` (${event.resourceId})` : ""} in region ${event.region}`, {
258
+ action,
259
+ resource: event.resource,
260
+ region: event.region,
261
+ userId: event.userId,
262
+ });
263
+ }
264
+ catch (error) {
265
+ // Best-effort: never block the in-flight request.
266
+ // eslint-disable-next-line no-console -- audit-fallback line for ops grep
267
+ console.error(JSON.stringify({
268
+ auditEmitFailure: true,
269
+ action: String(action),
270
+ resource: event.resource,
271
+ userId: event.userId,
272
+ error: error instanceof Error ? error.message : String(error),
273
+ }));
274
+ logger.error("[Audit] Failed to emit system audit event", {
275
+ error,
276
+ action,
277
+ resource: event.resource,
278
+ });
279
+ }
280
+ }
281
+ async emit(event, env) {
282
+ const logger = getLogger();
283
+ try {
284
+ // Region validation — drop invalid-region events (preserved).
285
+ if (!isValidRegion(event.region)) {
286
+ logger.error("[Audit] Invalid region in audit event", {
287
+ region: event.region,
288
+ action: event.action,
289
+ });
290
+ return;
291
+ }
292
+ const type = event.type ?? "user_action";
293
+ const severity = mapSeverity(event.severity ?? "low");
294
+ // Build the metadata: carry the trellis action / resource /
295
+ // region context, then scrub through the allowlist. The IP is
296
+ // anonymised and lives on the frozen `ipAddress` field (not
297
+ // metadata) so foundation persists it verbatim.
298
+ const rawMetadata = {
299
+ action: event.action,
300
+ resource: event.resource,
301
+ ...(event.region !== undefined && { region: event.region }),
302
+ ...(event.dataRegion !== undefined && { dataRegion: event.dataRegion }),
303
+ ...event.metadata,
304
+ };
305
+ const metadata = scrubMetadata(rawMetadata);
306
+ const anonIp = event.ipAddress ? anonymizeIp(event.ipAddress) : undefined;
307
+ const prisma = createPrismaForRegion(event.region, env);
308
+ const auditLog = getAuditLog(prisma);
309
+ const failureReason = !event.success && typeof event.metadata?.error === "string"
310
+ ? event.metadata.error
311
+ : undefined;
312
+ await auditLog.emitAwait({
313
+ actor: event.userId
314
+ ? { kind: "user", userSub: event.userId }
315
+ : { kind: "anonymous" },
316
+ action: actionFor(type),
317
+ ...(event.resource && event.resourceId
318
+ ? { resource: { kind: event.resource, id: event.resourceId } }
319
+ : {}),
320
+ outcome: event.success ? "success" : "failure",
321
+ ...(failureReason !== undefined && { failureReason }),
322
+ severity,
323
+ ...(this.requestId !== undefined && { requestId: this.requestId }),
324
+ ...(anonIp !== undefined && { ipAddress: anonIp }),
325
+ ...(event.userAgent !== undefined && { userAgent: event.userAgent }),
326
+ ...(metadata !== undefined && { metadata }),
327
+ });
328
+ // Operator-facing audit line (preserved contract).
329
+ const message = `[Audit] ${event.action} on ${event.resource}${event.resourceId ? ` (${event.resourceId})` : ""} in region ${event.region}${event.dataRegion ? ` (dataRegion: ${event.dataRegion})` : ""}`;
330
+ const logFields = {
331
+ type,
332
+ action: event.action,
333
+ resource: event.resource,
334
+ region: event.region,
335
+ dataRegion: event.dataRegion,
336
+ userId: event.userId,
337
+ };
338
+ if (event.success) {
339
+ logger.info(message, logFields);
340
+ }
341
+ else {
342
+ logger.warn(message, { ...logFields, error: event.metadata?.error });
343
+ }
344
+ }
345
+ catch (error) {
346
+ // Best-effort: never block the in-flight request on an audit
347
+ // failure. Emit a structured stderr line so the event is
348
+ // recoverable by a compliance grep. Full durable (SQS
349
+ // at-least-once) delivery is a deferred follow-up.
350
+ // eslint-disable-next-line no-console -- audit-fallback line for ops grep
351
+ console.error(JSON.stringify({
352
+ auditEmitFailure: true,
353
+ action: event.action,
354
+ resource: event.resource,
355
+ userId: event.userId,
356
+ error: error instanceof Error ? error.message : String(error),
357
+ }));
358
+ logger.error("[Audit] Failed to log audit event", {
359
+ error,
360
+ action: event.action,
361
+ resource: event.resource,
362
+ });
363
+ }
364
+ }
365
+ }
366
+ /** Factory — drop-in for the old `createAuditLogger`. */
367
+ export function createAuditLogger(env, requestId) {
368
+ return new TrellisAuditLogger(env, requestId);
369
+ }
370
+ /**
371
+ * `TenantAuditEmitter` — replaces the CloudWatch+Postgres
372
+ * `AuditEventEmitter`. CloudWatch is dropped (foundation owns the sink);
373
+ * the Postgres write now goes through foundation's `AuditLog` /
374
+ * `PostgresAuditStore`. Signature `emit(input, prismaClient)` is
375
+ * preserved so the four consumers change only their import.
376
+ *
377
+ * Tenant/IdP events are tenant-scoped (`actor.kind = "user"`,
378
+ * `tenantId` set) and default to `info` severity (matching the old
379
+ * "medium" -> info collapse).
380
+ */
381
+ export class TenantAuditEmitter {
382
+ async emit(input, prisma) {
383
+ try {
384
+ const auditLog = getAuditLog(prisma);
385
+ const anonIp = input.sourceIp ? anonymizeIp(input.sourceIp) : "unknown";
386
+ const rawMetadata = {
387
+ ...input.payload,
388
+ tenantId: input.tenantId,
389
+ actorUserId: input.actorUserId,
390
+ sourceIp: anonIp,
391
+ ...(input.agentSessionId ? { agentSessionId: input.agentSessionId } : {}),
392
+ };
393
+ const metadata = scrubMetadata(rawMetadata);
394
+ await auditLog.emitAwait({
395
+ // `tenantId` is validated against `TenantIdSchema` inside
396
+ // foundation's `AuditLog.emit`; cast to the branded type to
397
+ // satisfy `EmitInput` (runtime check is the source of truth).
398
+ tenantId: input.tenantId,
399
+ actor: { kind: "user", userSub: input.actorUserId },
400
+ action: input.type,
401
+ outcome: "success",
402
+ severity: "info",
403
+ ...(anonIp !== "unknown" ? { ipAddress: anonIp } : {}),
404
+ ...(metadata !== undefined && { metadata }),
405
+ });
406
+ }
407
+ catch (err) {
408
+ // Best-effort: audit failures must not block the mutation.
409
+ // eslint-disable-next-line no-console -- audit-fallback line for ops grep
410
+ console.error(JSON.stringify({
411
+ level: "error",
412
+ tag: "audit-fallback",
413
+ type: input.type,
414
+ tenantId: input.tenantId,
415
+ actorUserId: input.actorUserId,
416
+ error: err instanceof Error ? err.message : String(err),
417
+ }));
418
+ }
419
+ }
420
+ }
421
+ //# sourceMappingURL=audit-composer.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"audit-composer.js","sourceRoot":"","sources":["../../src/lib/audit-composer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0DG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAErE,OAAO,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAI3E,OAAO,EAAE,qBAAqB,EAAkB,MAAM,UAAU,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,aAAa,EAAe,MAAM,uBAAuB,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACnE,OAAO,EACL,SAAS,EACT,WAAW,EACX,WAAW,EACX,WAAW,EACX,YAAY,GACb,MAAM,oBAAoB,CAAC;AAE5B,2EAA2E;AAC3E,MAAM,cAAc,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAW,CAAC;AAMtE,SAAS,WAAW,CAAC,QAAyB;IAC5C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,KAAK,CAAC;QACX,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC;QAChB,KAAK,MAAM;YACT,OAAO,SAAS,CAAC;QACnB,KAAK,UAAU;YACb,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC;AAUD,SAAS,UAAU,CAAC,KAAc;IAChC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,CAAC,GAAG,OAAO,KAAK,CAAC;IACvB,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,KAAiB,CAAC;IAClF,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvD,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnB,MAAM,GAAG,GAA8B,EAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACvB,CAAC;AAED;;;;GAIG;AACH,SAAS,aAAa,CACpB,QAA6C;IAE7C,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACtE,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,GAAG,GAA6B,EAAE,CAAC;IACzC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9C,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAgBD,yEAAyE;AACzE,wEAAwE;AACxE,wEAAwE;AACxE,wCAAwC;AACxC,MAAM,gBAAgB,GAAG,IAAI,OAAO,EAAoB,CAAC;AAEzD,SAAS,WAAW,CAAC,MAA6B;IAChD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC9C,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,IAAI,kBAAkB,CAAC,MAAsC,CAAC,EAAE;QACvF,aAAa,EAAE,cAAc;QAC7B,0DAA0D;QAC1D,SAAS,EAAE,IAAI,SAAS,EAAE;KAC3B,CAAC,CAAC;IACH,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAClC,OAAO,GAAG,CAAC;AACb,CAAC;AAgCD;;;;GAIG;AACH,SAAS,SAAS,CAAC,IAA2B;IAC5C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;QACnB,KAAK,aAAa;YAChB,OAAO,WAAW,CAAC;QACrB,KAAK,aAAa;YAChB,OAAO,WAAW,CAAC;QACrB,KAAK,aAAa;YAChB,OAAO,WAAW,CAAC;QACrB,KAAK,eAAe;YAClB,OAAO,sBAAsB,CAAC;QAChC,KAAK,gBAAgB;YACnB,OAAO,YAAY,CAAC;QACtB,KAAK,eAAe;YAClB,OAAO,YAAY,CAAC;QACtB,KAAK,aAAa;YAChB,OAAO,WAAW,CAAC;IACvB,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,kBAAkB;IAMV;IALnB,wEAAwE;IACxE,wEAAwE;IACxE,mDAAmD;IACnD,YACE,IAA4B,EACX,SAAkB;QAAlB,cAAS,GAAT,SAAS,CAAS;IAClC,CAAC;IAEG,aAAa,CAAC,SAAiB;QACpC,OAAO,IAAI,kBAAkB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IACtD,CAAC;IAEM,KAAK,CAAC,aAAa,CACxB,KAGC,EACD,GAA0B;QAE1B,OAAO,IAAI,CAAC,IAAI,CACd,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,aAAa,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,KAAK,EAAE,EAClF,GAAG,CACJ,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,aAAa,CACxB,KAGC,EACD,GAA0B;QAE1B,OAAO,IAAI,CAAC,IAAI,CACd,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,aAAa,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,QAAQ,EAAE,EACrF,GAAG,CACJ,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAC5B,KAGC,EACD,GAA0B;QAE1B,OAAO,IAAI,CAAC,IAAI,CACd;YACE,GAAG,KAAK;YACR,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,MAAM;YAClC,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,gBAAgB;YACpC,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;SAC7D,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAC3B,KAGC,EACD,GAA0B;QAE1B,OAAO,IAAI,CAAC,IAAI,CACd;YACE,GAAG,KAAK;YACR,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,eAAe;YACnC,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;SAC7D,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,0DAA0D;IACnD,KAAK,CAAC,GAAG,CACd,KAA2E,EAC3E,GAA0B;QAE1B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,aAAa,CAAC;QACzC,MAAM,eAAe,GACnB,IAAI,KAAK,gBAAgB,IAAI,IAAI,KAAK,eAAe;YACnD,CAAC,CAAC,KAAK,CAAC,OAAO;gBACb,CAAC,CAAC,KAAK;gBACP,CAAC,CAAC,MAAM;YACV,CAAC,CAAC,IAAI,KAAK,aAAa;gBACtB,CAAC,CAAC,KAAK;gBACP,CAAC,CAAC,QAAQ,CAAC;QACjB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC;IACzF,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,KAAK,CAAC,eAAe,CAC1B,MAAmB,EACnB,KAEC,EACD,GAA0B;QAE1B,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,GAAG,KAAK,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;IAC1F,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,MAAmB,EACnB,KAAiF,EACjF,GAA0B;QAE1B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,MAAM,CAAC,KAAK,CAAC,8CAA8C,EAAE;oBAC3D,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,MAAM;iBACP,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC7C,MAAM,WAAW,GAA4B;gBAC3C,MAAM;gBACN,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;gBAC3D,GAAG,CAAC,KAAK,CAAC,UAAU,KAAK,SAAS,IAAI,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC;gBACvE,GAAG,KAAK,CAAC,QAAQ;aAClB,CAAC;YACF,MAAM,QAAQ,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;YAC5C,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAE1E,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAA0B,CAAC;YACjF,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;YAErC,MAAM,QAAQ,CAAC,SAAS,CAAC;gBACvB,KAAK,EAAE,KAAK,CAAC,MAAM;oBACjB,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,MAAM,EAAE;oBACzC,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE;gBACzB,MAAM;gBACN,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,UAAU;oBACpC,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,EAAE,EAAE,KAAK,CAAC,UAAU,EAAE,EAAE;oBAC9D,CAAC,CAAC,EAAE,CAAC;gBACP,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;gBAC9C,QAAQ;gBACR,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;gBAClE,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;gBAClD,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC;gBACpE,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,CAAC;aAC5C,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,MAAM,CAAC,OAAO,KAAK,CAAC,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAAE,cAAc,KAAK,CAAC,MAAM,EAAE,EAAE;gBACzI,MAAM;gBACN,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,MAAM,EAAE,KAAK,CAAC,MAAM;aACrB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,kDAAkD;YAClD,0EAA0E;YAC1E,OAAO,CAAC,KAAK,CACX,IAAI,CAAC,SAAS,CAAC;gBACb,gBAAgB,EAAE,IAAI;gBACtB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC;gBACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CACH,CAAC;YACF,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE;gBACxD,KAAK;gBACL,MAAM;gBACN,QAAQ,EAAE,KAAK,CAAC,QAAQ;aACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,IAAI,CAAC,KAAwB,EAAE,GAA0B;QACrE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,8DAA8D;YAC9D,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;oBACpD,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,MAAM,EAAE,KAAK,CAAC,MAAM;iBACrB,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,aAAa,CAAC;YACzC,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC;YAEtD,4DAA4D;YAC5D,8DAA8D;YAC9D,4DAA4D;YAC5D,gDAAgD;YAChD,MAAM,WAAW,GAA4B;gBAC3C,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;gBAC3D,GAAG,CAAC,KAAK,CAAC,UAAU,KAAK,SAAS,IAAI,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC;gBACvE,GAAG,KAAK,CAAC,QAAQ;aAClB,CAAC;YACF,MAAM,QAAQ,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;YAC5C,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAE1E,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAA0B,CAAC;YACjF,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;YAErC,MAAM,aAAa,GACjB,CAAC,KAAK,CAAC,OAAO,IAAI,OAAO,KAAK,CAAC,QAAQ,EAAE,KAAK,KAAK,QAAQ;gBACzD,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK;gBACtB,CAAC,CAAC,SAAS,CAAC;YAEhB,MAAM,QAAQ,CAAC,SAAS,CAAC;gBACvB,KAAK,EAAE,KAAK,CAAC,MAAM;oBACjB,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,MAAM,EAAE;oBACzC,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE;gBACzB,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC;gBACvB,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,UAAU;oBACpC,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,EAAE,EAAE,KAAK,CAAC,UAAU,EAAE,EAAE;oBAC9D,CAAC,CAAC,EAAE,CAAC;gBACP,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;gBAC9C,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,EAAE,aAAa,EAAE,CAAC;gBACrD,QAAQ;gBACR,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;gBAClE,GAAG,CAAC,MAAM,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;gBAClD,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC;gBACpE,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,CAAC;aAC5C,CAAC,CAAC;YAEH,mDAAmD;YACnD,MAAM,OAAO,GAAG,WAAW,KAAK,CAAC,MAAM,OAAO,KAAK,CAAC,QAAQ,GAC1D,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAChD,cAAc,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,iBAAiB,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;YAC5F,MAAM,SAAS,GAAG;gBAChB,IAAI;gBACJ,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,MAAM,EAAE,KAAK,CAAC,MAAM;aACrB,CAAC;YACF,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,GAAG,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,6DAA6D;YAC7D,yDAAyD;YACzD,sDAAsD;YACtD,mDAAmD;YACnD,0EAA0E;YAC1E,OAAO,CAAC,KAAK,CACX,IAAI,CAAC,SAAS,CAAC;gBACb,gBAAgB,EAAE,IAAI;gBACtB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CACH,CAAC;YACF,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;gBAChD,KAAK;gBACL,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;aACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;CACF;AAED,yDAAyD;AACzD,MAAM,UAAU,iBAAiB,CAC/B,GAA2B,EAC3B,SAAkB;IAElB,OAAO,IAAI,kBAAkB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC;AAgBD;;;;;;;;;;GAUG;AACH,MAAM,OAAO,kBAAkB;IACtB,KAAK,CAAC,IAAI,CAAC,KAA2B,EAAE,MAA6B;QAC1E,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAExE,MAAM,WAAW,GAA4B;gBAC3C,GAAG,KAAK,CAAC,OAAO;gBAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,QAAQ,EAAE,MAAM;gBAChB,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC1E,CAAC;YACF,MAAM,QAAQ,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;YAE5C,MAAM,QAAQ,CAAC,SAAS,CAAC;gBACvB,0DAA0D;gBAC1D,4DAA4D;gBAC5D,8DAA8D;gBAC9D,QAAQ,EAAE,KAAK,CAAC,QAAoB;gBACpC,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,WAAW,EAAE;gBACnD,MAAM,EAAE,KAAK,CAAC,IAAI;gBAClB,OAAO,EAAE,SAAS;gBAClB,QAAQ,EAAE,MAAM;gBAChB,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtD,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,CAAC;aAC5C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,2DAA2D;YAC3D,0EAA0E;YAC1E,OAAO,CAAC,KAAK,CACX,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,OAAO;gBACd,GAAG,EAAE,gBAAgB;gBACrB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
@@ -10,7 +10,7 @@ import type { TenantRole, UserRole, TenantMember, Tenant } from "@prisma/client"
10
10
  export interface AuthContext {
11
11
  /** Cognito user pool sub (UUID). Stable identifier used for cache keys. */
12
12
  cognitoSub: string;
13
- /** Skybber `User.id` (cuid). */
13
+ /** Trellis `User.id` (cuid). */
14
14
  userId: string;
15
15
  /** Platform-wide role from `users.role`. */
16
16
  globalRole: UserRole;
@@ -1,4 +1,3 @@
1
- "use strict";
2
1
  /**
3
2
  * AuthContext — the resolved identity for one authenticated request.
4
3
  *
@@ -6,5 +5,5 @@
6
5
  * handler that needs auth information receives this rather than the raw
7
6
  * token payload.
8
7
  */
9
- Object.defineProperty(exports, "__esModule", { value: true });
8
+ export {};
10
9
  //# sourceMappingURL=auth-context.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"auth-context.js","sourceRoot":"","sources":["../../../src/lib/auth/auth-context.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}
1
+ {"version":3,"file":"auth-context.js","sourceRoot":"","sources":["../../../src/lib/auth/auth-context.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}
@@ -6,8 +6,8 @@
6
6
  *
7
7
  * Requires COGNITO_USER_POOL_ID and COGNITO_APP_CLIENT_ID in env.
8
8
  */
9
- import type { Env } from "../../env";
10
- import type { AuthContext } from "./auth-context";
9
+ import type { Env } from "../../env.js";
10
+ import type { AuthContext } from "./auth-context.js";
11
11
  /**
12
12
  * Extract and verify the Bearer token from the request, then assemble an
13
13
  * AuthContext from the JWT claims written by the pre-token-generation Lambda.
@@ -18,6 +18,20 @@ import type { AuthContext } from "./auth-context";
18
18
  * - Required claims are missing (userId, activeTenantId).
19
19
  */
20
20
  export declare function authMiddleware(request: Request, env: Env): Promise<AuthContext | null>;
21
+ /**
22
+ * Extract and verify the active tenant id from a request's Bearer token,
23
+ * returning the validated cuid or `null` (no/invalid token, missing/malformed
24
+ * claim). Used by the tenant-context middleware (WS1, doc/14) to establish the
25
+ * ambient tenant via `runWithTenantContext` — which propagates through the
26
+ * whole downstream, unlike setting it from inside the per-handler
27
+ * `authMiddleware` (whose `enterWith` would not survive the `await` back to the
28
+ * caller).
29
+ *
30
+ * This re-verifies the JWT; it runs only when TENANT_SCOPE_MODE != "off", so
31
+ * there is no cost on the default path. (A future optimization can verify once
32
+ * and share the claims with `authMiddleware`.)
33
+ */
34
+ export declare function extractVerifiedTenantId(request: Request, _env: Env): Promise<string | null>;
21
35
  /**
22
36
  * Assert that the caller's active tenant matches the tenant referenced by
23
37
  * the path parameter.
@@ -1 +1 @@
1
- {"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAOlD;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAsD7B;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,WAAW,EACjB,gBAAgB,EAAE,MAAM,GACvB,QAAQ,GAAG,IAAI,CAOjB;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,WAAW,EACjB,gBAAgB,EAAE,MAAM,GACvB,QAAQ,GAAG,IAAI,CAOjB"}
1
+ {"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAOrD;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAsD7B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,GAAG,GACR,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAcxB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,WAAW,EACjB,gBAAgB,EAAE,MAAM,GACvB,QAAQ,GAAG,IAAI,CAOjB;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,WAAW,EACjB,gBAAgB,EAAE,MAAM,GACvB,QAAQ,GAAG,IAAI,CAOjB"}
@@ -1,4 +1,3 @@
1
- "use strict";
2
1
  /**
3
2
  * Auth Middleware
4
3
  *
@@ -7,44 +6,7 @@
7
6
  *
8
7
  * Requires COGNITO_USER_POOL_ID and COGNITO_APP_CLIENT_ID in env.
9
8
  */
10
- var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
11
- if (k2 === undefined) k2 = k;
12
- var desc = Object.getOwnPropertyDescriptor(m, k);
13
- if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
14
- desc = { enumerable: true, get: function() { return m[k]; } };
15
- }
16
- Object.defineProperty(o, k2, desc);
17
- }) : (function(o, m, k, k2) {
18
- if (k2 === undefined) k2 = k;
19
- o[k2] = m[k];
20
- }));
21
- var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
22
- Object.defineProperty(o, "default", { enumerable: true, value: v });
23
- }) : function(o, v) {
24
- o["default"] = v;
25
- });
26
- var __importStar = (this && this.__importStar) || (function () {
27
- var ownKeys = function(o) {
28
- ownKeys = Object.getOwnPropertyNames || function (o) {
29
- var ar = [];
30
- for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
31
- return ar;
32
- };
33
- return ownKeys(o);
34
- };
35
- return function (mod) {
36
- if (mod && mod.__esModule) return mod;
37
- var result = {};
38
- if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
39
- __setModuleDefault(result, mod);
40
- return result;
41
- };
42
- })();
43
- Object.defineProperty(exports, "__esModule", { value: true });
44
- exports.authMiddleware = authMiddleware;
45
- exports.requireActiveTenant = requireActiveTenant;
46
- exports.requireOwnTenant = requireOwnTenant;
47
- const cognito_jwt_1 = require("./cognito-jwt");
9
+ import { extractBearerToken, verifyCognitoJwt } from "./cognito-jwt.js";
48
10
  // cuid v1 is `c[a-z0-9]{24}`. Allow up to 40 chars to absorb future widening
49
11
  // and any cuid v2 / nanoid variants without re-issuing every JWT.
50
12
  const CUID_RE = /^c[a-z0-9]{24,40}$/;
@@ -57,13 +19,13 @@ const CUID_RE = /^c[a-z0-9]{24,40}$/;
57
19
  * - The token fails verification (expired, bad signature, wrong pool/client).
58
20
  * - Required claims are missing (userId, activeTenantId).
59
21
  */
60
- async function authMiddleware(request, env) {
61
- const token = (0, cognito_jwt_1.extractBearerToken)(request.headers.get("Authorization"));
22
+ export async function authMiddleware(request, env) {
23
+ const token = extractBearerToken(request.headers.get("Authorization"));
62
24
  if (!token)
63
25
  return null;
64
26
  let claims;
65
27
  try {
66
- claims = await (0, cognito_jwt_1.verifyCognitoJwt)(token);
28
+ claims = await verifyCognitoJwt(token);
67
29
  }
68
30
  catch {
69
31
  return null;
@@ -90,7 +52,7 @@ async function authMiddleware(request, env) {
90
52
  const membershipsLoader = async () => {
91
53
  if (membershipsCache)
92
54
  return membershipsCache;
93
- const { createPrisma } = await Promise.resolve().then(() => __importStar(require("../../db")));
55
+ const { createPrisma } = await import("../../db.js");
94
56
  const db = createPrisma(env);
95
57
  membershipsCache = await db.tenantMember.findMany({
96
58
  where: { userId, status: "ACTIVE" },
@@ -109,6 +71,35 @@ async function authMiddleware(request, env) {
109
71
  membershipsLoader,
110
72
  };
111
73
  }
74
+ /**
75
+ * Extract and verify the active tenant id from a request's Bearer token,
76
+ * returning the validated cuid or `null` (no/invalid token, missing/malformed
77
+ * claim). Used by the tenant-context middleware (WS1, doc/14) to establish the
78
+ * ambient tenant via `runWithTenantContext` — which propagates through the
79
+ * whole downstream, unlike setting it from inside the per-handler
80
+ * `authMiddleware` (whose `enterWith` would not survive the `await` back to the
81
+ * caller).
82
+ *
83
+ * This re-verifies the JWT; it runs only when TENANT_SCOPE_MODE != "off", so
84
+ * there is no cost on the default path. (A future optimization can verify once
85
+ * and share the claims with `authMiddleware`.)
86
+ */
87
+ export async function extractVerifiedTenantId(request, _env) {
88
+ const token = extractBearerToken(request.headers.get("Authorization"));
89
+ if (!token)
90
+ return null;
91
+ let claims;
92
+ try {
93
+ claims = await verifyCognitoJwt(token);
94
+ }
95
+ catch {
96
+ return null;
97
+ }
98
+ const activeTenantId = claims["custom:activeTenantId"];
99
+ if (!activeTenantId || !CUID_RE.test(activeTenantId))
100
+ return null;
101
+ return activeTenantId;
102
+ }
112
103
  /**
113
104
  * Assert that the caller's active tenant matches the tenant referenced by
114
105
  * the path parameter.
@@ -130,7 +121,7 @@ async function authMiddleware(request, env) {
130
121
  * tenant reads should use `requireOwnTenant` (404 for both conditions)
131
122
  * instead.
132
123
  */
133
- function requireActiveTenant(auth, tenantIdFromPath) {
124
+ export function requireActiveTenant(auth, tenantIdFromPath) {
134
125
  if (auth.globalRole === "SUPER_ADMIN")
135
126
  return null;
136
127
  if (auth.activeTenantId === tenantIdFromPath)
@@ -143,7 +134,7 @@ function requireActiveTenant(auth, tenantIdFromPath) {
143
134
  * does not exist". Use this for DATA endpoints (GET /api/tenants/:id and
144
135
  * any cross-tenant resource lookup) where existence-leak is the concern.
145
136
  */
146
- function requireOwnTenant(auth, tenantIdFromPath) {
137
+ export function requireOwnTenant(auth, tenantIdFromPath) {
147
138
  if (auth.globalRole === "SUPER_ADMIN")
148
139
  return null;
149
140
  if (auth.activeTenantId === tenantIdFromPath)
@@ -1 +1 @@
1
- {"version":3,"file":"auth-middleware.js","sourceRoot":"","sources":["../../../src/lib/auth/auth-middleware.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBH,wCAyDC;AAuBD,kDAUC;AAQD,4CAUC;AA3HD,+CAAqE;AAErE,6EAA6E;AAC7E,kEAAkE;AAClE,MAAM,OAAO,GAAG,oBAAoB,CAAC;AAErC;;;;;;;;GAQG;AACI,KAAK,UAAU,cAAc,CAClC,OAAgB,EAChB,GAAQ;IAER,MAAM,KAAK,GAAG,IAAA,gCAAkB,EAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;IACvE,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,IAAA,8BAAgB,EAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IACvC,MAAM,cAAc,GAAG,MAAM,CAAC,uBAAuB,CAAC,CAAC;IAEvD,qEAAqE;IACrE,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc;QAAE,OAAO,IAAI,CAAC;IAE5C,wEAAwE;IACxE,sEAAsE;IACtE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC;QAAE,OAAO,IAAI,CAAC;IAExE,gFAAgF;IAChF,MAAM,UAAU,GAAG,CAAC,MAAM,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,UAAU,CAAa,CAAC;IACpG,2EAA2E;IAC3E,mEAAmE;IACnE,MAAM,UAAU,GAAG,CAAC,MAAM,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAe,CAAC;IAC1E,MAAM,UAAU,GAAG,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC;IAE9B,0EAA0E;IAC1E,IAAI,gBAAgB,GAAiD,IAAI,CAAC;IAE1E,MAAM,iBAAiB,GAAG,KAAK,IAAoD,EAAE;QACnF,IAAI,gBAAgB;YAAE,OAAO,gBAAgB,CAAC;QAC9C,MAAM,EAAE,YAAY,EAAE,GAAG,wDAAa,UAAU,GAAC,CAAC;QAClD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAC7B,gBAAgB,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAChD,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;YACnC,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;SAC1B,CAA0C,CAAC;QAC5C,OAAO,gBAAgB,CAAC;IAC1B,CAAC,CAAC;IAEF,OAAO;QACL,UAAU;QACV,MAAM;QACN,UAAU;QACV,cAAc;QACd,UAAU;QACV,UAAU;QACV,MAAM;QACN,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,mBAAmB,CACjC,IAAiB,EACjB,gBAAwB;IAExB,IAAI,IAAI,CAAC,UAAU,KAAK,aAAa;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,IAAI,CAAC,cAAc,KAAK,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAC1D,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,iDAAiD,EAAE,CAAC,EAClG,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,gBAAgB,CAC9B,IAAiB,EACjB,gBAAwB;IAExB,IAAI,IAAI,CAAC,UAAU,KAAK,aAAa;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,IAAI,CAAC,cAAc,KAAK,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAC1D,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,EACnE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"auth-middleware.js","sourceRoot":"","sources":["../../../src/lib/auth/auth-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAExE,6EAA6E;AAC7E,kEAAkE;AAClE,MAAM,OAAO,GAAG,oBAAoB,CAAC;AAErC;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAgB,EAChB,GAAQ;IAER,MAAM,KAAK,GAAG,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;IACvE,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IACvC,MAAM,cAAc,GAAG,MAAM,CAAC,uBAAuB,CAAC,CAAC;IAEvD,qEAAqE;IACrE,IAAI,CAAC,MAAM,IAAI,CAAC,cAAc;QAAE,OAAO,IAAI,CAAC;IAE5C,wEAAwE;IACxE,sEAAsE;IACtE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC;QAAE,OAAO,IAAI,CAAC;IAExE,gFAAgF;IAChF,MAAM,UAAU,GAAG,CAAC,MAAM,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,UAAU,CAAa,CAAC;IACpG,2EAA2E;IAC3E,mEAAmE;IACnE,MAAM,UAAU,GAAG,CAAC,MAAM,CAAC,mBAAmB,CAAC,IAAI,OAAO,CAAe,CAAC;IAC1E,MAAM,UAAU,GAAG,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC;IAE9B,0EAA0E;IAC1E,IAAI,gBAAgB,GAAiD,IAAI,CAAC;IAE1E,MAAM,iBAAiB,GAAG,KAAK,IAAoD,EAAE;QACnF,IAAI,gBAAgB;YAAE,OAAO,gBAAgB,CAAC;QAC9C,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACrD,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAC7B,gBAAgB,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAChD,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;YACnC,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;SAC1B,CAA0C,CAAC;QAC5C,OAAO,gBAAgB,CAAC;IAC1B,CAAC,CAAC;IAEF,OAAO;QACL,UAAU;QACV,MAAM;QACN,UAAU;QACV,cAAc;QACd,UAAU;QACV,UAAU;QACV,MAAM;QACN,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAgB,EAChB,IAAS;IAET,MAAM,KAAK,GAAG,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;IACvE,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,uBAAuB,CAAC,CAAC;IACvD,IAAI,CAAC,cAAc,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,mBAAmB,CACjC,IAAiB,EACjB,gBAAwB;IAExB,IAAI,IAAI,CAAC,UAAU,KAAK,aAAa;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,IAAI,CAAC,cAAc,KAAK,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAC1D,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,iDAAiD,EAAE,CAAC,EAClG,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAC9B,IAAiB,EACjB,gBAAwB;IAExB,IAAI,IAAI,CAAC,UAAU,KAAK,aAAa;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,IAAI,CAAC,cAAc,KAAK,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAC1D,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,EACnE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;AACJ,CAAC"}