@de-otio/trellis 0.7.1 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -0
- package/dist/db.js +10 -18
- package/dist/db.js.map +1 -1
- package/dist/env.d.ts +66 -6
- package/dist/env.d.ts.map +1 -1
- package/dist/env.js +89 -70
- package/dist/env.js.map +1 -1
- package/dist/extensions.js +3 -8
- package/dist/extensions.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -9
- package/dist/index.js.map +1 -1
- package/dist/lambda/cleanup-cron.d.ts.map +1 -1
- package/dist/lambda/cleanup-cron.js +20 -24
- package/dist/lambda/cleanup-cron.js.map +1 -1
- package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/create-auth-challenge.js +17 -19
- package/dist/lambda/create-auth-challenge.js.map +1 -1
- package/dist/lambda/custom-message.js +1 -5
- package/dist/lambda/custom-message.js.map +1 -1
- package/dist/lambda/define-auth-challenge.js +1 -5
- package/dist/lambda/define-auth-challenge.js.map +1 -1
- package/dist/lambda/delete-account-worker.d.ts.map +1 -1
- package/dist/lambda/delete-account-worker.js +25 -58
- package/dist/lambda/delete-account-worker.js.map +1 -1
- package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
- package/dist/lambda/diagnostics-proxy.js +14 -49
- package/dist/lambda/diagnostics-proxy.js.map +1 -1
- package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
- package/dist/lambda/e2e-sweeper.js +30 -38
- package/dist/lambda/e2e-sweeper.js.map +1 -1
- package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
- package/dist/lambda/federation-outbox-worker.js +4 -6
- package/dist/lambda/federation-outbox-worker.js.map +1 -1
- package/dist/lambda/followers-events-worker.d.ts.map +1 -1
- package/dist/lambda/followers-events-worker.js +4 -6
- package/dist/lambda/followers-events-worker.js.map +1 -1
- package/dist/lambda/hourly-cron.d.ts.map +1 -1
- package/dist/lambda/hourly-cron.js +100 -32
- package/dist/lambda/hourly-cron.js.map +1 -1
- package/dist/lambda/link-check-worker.d.ts.map +1 -1
- package/dist/lambda/link-check-worker.js +4 -6
- package/dist/lambda/link-check-worker.js.map +1 -1
- package/dist/lambda/maintenance-cron.d.ts.map +1 -1
- package/dist/lambda/maintenance-cron.js +30 -63
- package/dist/lambda/maintenance-cron.js.map +1 -1
- package/dist/lambda/media-processing-worker.d.ts.map +1 -1
- package/dist/lambda/media-processing-worker.js +11 -46
- package/dist/lambda/media-processing-worker.js.map +1 -1
- package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
- package/dist/lambda/media-reconciliation-worker.js +4 -6
- package/dist/lambda/media-reconciliation-worker.js.map +1 -1
- package/dist/lambda/nightly-cron.d.ts.map +1 -1
- package/dist/lambda/nightly-cron.js +67 -112
- package/dist/lambda/nightly-cron.js.map +1 -1
- package/dist/lambda/post-confirmation.d.ts.map +1 -1
- package/dist/lambda/post-confirmation.js +203 -47
- package/dist/lambda/post-confirmation.js.map +1 -1
- package/dist/lambda/pre-signup.js +7 -11
- package/dist/lambda/pre-signup.js.map +1 -1
- package/dist/lambda/pre-token-generation.d.ts.map +1 -1
- package/dist/lambda/pre-token-generation.js +27 -35
- package/dist/lambda/pre-token-generation.js.map +1 -1
- package/dist/lambda/tools/check-health.js +1 -5
- package/dist/lambda/tools/check-health.js.map +1 -1
- package/dist/lambda/tools/describe-services.js +4 -8
- package/dist/lambda/tools/describe-services.js.map +1 -1
- package/dist/lambda/tools/get-cost-report.js +4 -8
- package/dist/lambda/tools/get-cost-report.js.map +1 -1
- package/dist/lambda/tools/get-errors.js +5 -9
- package/dist/lambda/tools/get-errors.js.map +1 -1
- package/dist/lambda/tools/get-feature-flags.js +4 -8
- package/dist/lambda/tools/get-feature-flags.js.map +1 -1
- package/dist/lambda/tools/get-queue-status.js +5 -9
- package/dist/lambda/tools/get-queue-status.js.map +1 -1
- package/dist/lambda/tools/search-logs.js +5 -9
- package/dist/lambda/tools/search-logs.js.map +1 -1
- package/dist/lambda/tools/send-alert.js +4 -8
- package/dist/lambda/tools/send-alert.js.map +1 -1
- package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/verify-auth-challenge.js +10 -12
- package/dist/lambda/verify-auth-challenge.js.map +1 -1
- package/dist/lib/abuse-metrics.d.ts.map +1 -1
- package/dist/lib/abuse-metrics.js +10 -13
- package/dist/lib/abuse-metrics.js.map +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
- package/dist/lib/activitypub/activity-processor.js +9 -43
- package/dist/lib/activitypub/activity-processor.js.map +1 -1
- package/dist/lib/activitypub/activity-service.js +1 -5
- package/dist/lib/activitypub/activity-service.js.map +1 -1
- package/dist/lib/activitypub/actor.d.ts +1 -1
- package/dist/lib/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/activitypub/actor.js +1 -5
- package/dist/lib/activitypub/actor.js.map +1 -1
- package/dist/lib/activitypub/audience-service.d.ts +2 -2
- package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
- package/dist/lib/activitypub/audience-service.js +8 -12
- package/dist/lib/activitypub/audience-service.js.map +1 -1
- package/dist/lib/activitypub/crypto.d.ts +1 -1
- package/dist/lib/activitypub/crypto.d.ts.map +1 -1
- package/dist/lib/activitypub/crypto.js +3 -41
- package/dist/lib/activitypub/crypto.js.map +1 -1
- package/dist/lib/activitypub/delivery-service.d.ts +5 -5
- package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
- package/dist/lib/activitypub/delivery-service.js +10 -47
- package/dist/lib/activitypub/delivery-service.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
- package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
- package/dist/lib/activitypub/dm-service.js +1 -5
- package/dist/lib/activitypub/dm-service.js.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.js +6 -10
- package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
- package/dist/lib/activitypub/fedify/config.d.ts +3 -3
- package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/config.js +5 -8
- package/dist/lib/activitypub/fedify/config.js.map +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/context.js +8 -12
- package/dist/lib/activitypub/fedify/context.js.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.js +3 -6
- package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
- package/dist/lib/activitypub/friendship-service.js +1 -5
- package/dist/lib/activitypub/friendship-service.js.map +1 -1
- package/dist/lib/activitypub/group-service.d.ts +1 -1
- package/dist/lib/activitypub/group-service.d.ts.map +1 -1
- package/dist/lib/activitypub/group-service.js +9 -46
- package/dist/lib/activitypub/group-service.js.map +1 -1
- package/dist/lib/activitypub/http-signatures.js +8 -45
- package/dist/lib/activitypub/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/jsonld.d.ts +1 -1
- package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
- package/dist/lib/activitypub/jsonld.js +1 -5
- package/dist/lib/activitypub/jsonld.js.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
- package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
- package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
- package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.js +31 -35
- package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.js +17 -20
- package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
- package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.js +6 -10
- package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
- package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
- package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.js +3 -8
- package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
- package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
- package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
- package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
- package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
- package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
- package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
- package/dist/lib/activitypub/standalone-mode.js +13 -50
- package/dist/lib/activitypub/standalone-mode.js.map +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
- package/dist/lib/activitypub/webfinger/server.js +18 -54
- package/dist/lib/activitypub/webfinger/server.js.map +1 -1
- package/dist/lib/age-gate-middleware.d.ts +4 -4
- package/dist/lib/age-gate-middleware.d.ts.map +1 -1
- package/dist/lib/age-gate-middleware.js +3 -6
- package/dist/lib/age-gate-middleware.js.map +1 -1
- package/dist/lib/age-gate.js +3 -8
- package/dist/lib/age-gate.js.map +1 -1
- package/dist/lib/age-tier-transition.d.ts +1 -1
- package/dist/lib/age-tier-transition.d.ts.map +1 -1
- package/dist/lib/age-tier-transition.js +7 -44
- package/dist/lib/age-tier-transition.js.map +1 -1
- package/dist/lib/app.d.ts +76 -0
- package/dist/lib/app.d.ts.map +1 -0
- package/dist/lib/app.js +400 -0
- package/dist/lib/app.js.map +1 -0
- package/dist/lib/audit/csv-export.js +6 -13
- package/dist/lib/audit/csv-export.js.map +1 -1
- package/dist/lib/audit/pii-filter.d.ts +9 -0
- package/dist/lib/audit/pii-filter.d.ts.map +1 -1
- package/dist/lib/audit/pii-filter.js +57 -7
- package/dist/lib/audit/pii-filter.js.map +1 -1
- package/dist/lib/audit-actions.d.ts +94 -0
- package/dist/lib/audit-actions.d.ts.map +1 -0
- package/dist/lib/audit-actions.js +107 -0
- package/dist/lib/audit-actions.js.map +1 -0
- package/dist/lib/audit-composer.d.ts +174 -0
- package/dist/lib/audit-composer.d.ts.map +1 -0
- package/dist/lib/audit-composer.js +421 -0
- package/dist/lib/audit-composer.js.map +1 -0
- package/dist/lib/auth/auth-context.d.ts +1 -1
- package/dist/lib/auth/auth-context.js +1 -2
- package/dist/lib/auth/auth-context.js.map +1 -1
- package/dist/lib/auth/auth-middleware.d.ts +16 -2
- package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
- package/dist/lib/auth/auth-middleware.js +36 -45
- package/dist/lib/auth/auth-middleware.js.map +1 -1
- package/dist/lib/auth/capabilities.js +2 -5
- package/dist/lib/auth/capabilities.js.map +1 -1
- package/dist/lib/auth/claims-cache.d.ts +2 -2
- package/dist/lib/auth/claims-cache.js +19 -24
- package/dist/lib/auth/claims-cache.js.map +1 -1
- package/dist/lib/auth/cognito-jwt.d.ts +20 -2
- package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
- package/dist/lib/auth/cognito-jwt.js +83 -23
- package/dist/lib/auth/cognito-jwt.js.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.js +4 -10
- package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
- package/dist/lib/auth/require.d.ts +4 -4
- package/dist/lib/auth/require.d.ts.map +1 -1
- package/dist/lib/auth/require.js +11 -18
- package/dist/lib/auth/require.js.map +1 -1
- package/dist/lib/auth/role-grants.d.ts +1 -1
- package/dist/lib/auth/role-grants.d.ts.map +1 -1
- package/dist/lib/auth/role-grants.js +28 -31
- package/dist/lib/auth/role-grants.js.map +1 -1
- package/dist/lib/auth-context-manager.js +1 -5
- package/dist/lib/auth-context-manager.js.map +1 -1
- package/dist/lib/auth-handler.d.ts +5 -5
- package/dist/lib/auth-handler.d.ts.map +1 -1
- package/dist/lib/auth-handler.js +5 -9
- package/dist/lib/auth-handler.js.map +1 -1
- package/dist/lib/badge-handler.d.ts +1 -1
- package/dist/lib/badge-handler.d.ts.map +1 -1
- package/dist/lib/badge-handler.js +14 -52
- package/dist/lib/badge-handler.js.map +1 -1
- package/dist/lib/circle-handler.d.ts +10 -10
- package/dist/lib/circle-handler.d.ts.map +1 -1
- package/dist/lib/circle-handler.js +10 -47
- package/dist/lib/circle-handler.js.map +1 -1
- package/dist/lib/cognito/idp-sdk.js +11 -18
- package/dist/lib/cognito/idp-sdk.js.map +1 -1
- package/dist/lib/cognito/issuer-probe.js +9 -14
- package/dist/lib/cognito/issuer-probe.js.map +1 -1
- package/dist/lib/comment-handler.d.ts +10 -10
- package/dist/lib/comment-handler.d.ts.map +1 -1
- package/dist/lib/comment-handler.js +61 -97
- package/dist/lib/comment-handler.js.map +1 -1
- package/dist/lib/compliance/baseline.d.ts +2 -2
- package/dist/lib/compliance/baseline.d.ts.map +1 -1
- package/dist/lib/compliance/baseline.js +15 -18
- package/dist/lib/compliance/baseline.js.map +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
- package/dist/lib/compliance/tenant-merge.js +1 -4
- package/dist/lib/compliance/tenant-merge.js.map +1 -1
- package/dist/lib/compliance/types.d.ts +1 -1
- package/dist/lib/compliance/types.js +2 -3
- package/dist/lib/compliance/types.js.map +1 -1
- package/dist/lib/connection-code-handler.d.ts +7 -7
- package/dist/lib/connection-code-handler.d.ts.map +1 -1
- package/dist/lib/connection-code-handler.js +13 -50
- package/dist/lib/connection-code-handler.js.map +1 -1
- package/dist/lib/content-discovery.d.ts +1 -1
- package/dist/lib/content-discovery.d.ts.map +1 -1
- package/dist/lib/content-discovery.js +15 -52
- package/dist/lib/content-discovery.js.map +1 -1
- package/dist/lib/context-aware-data-access.d.ts +1 -1
- package/dist/lib/context-aware-data-access.d.ts.map +1 -1
- package/dist/lib/context-aware-data-access.js +1 -5
- package/dist/lib/context-aware-data-access.js.map +1 -1
- package/dist/lib/cors-handler.d.ts +1 -1
- package/dist/lib/cors-handler.d.ts.map +1 -1
- package/dist/lib/cors-handler.js +13 -17
- package/dist/lib/cors-handler.js.map +1 -1
- package/dist/lib/cost-accumulator.d.ts.map +1 -1
- package/dist/lib/cost-accumulator.js +7 -11
- package/dist/lib/cost-accumulator.js.map +1 -1
- package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
- package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
- package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
- package/dist/lib/crypto/voting/hash-utils.js +6 -12
- package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
- package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
- package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/index.js +4 -14
- package/dist/lib/crypto/voting/index.js.map +1 -1
- package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
- package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
- package/dist/lib/csrf.d.ts +2 -2
- package/dist/lib/csrf.d.ts.map +1 -1
- package/dist/lib/csrf.js +1 -5
- package/dist/lib/csrf.js.map +1 -1
- package/dist/lib/data-router.d.ts +5 -4
- package/dist/lib/data-router.d.ts.map +1 -1
- package/dist/lib/data-router.js +67 -90
- package/dist/lib/data-router.js.map +1 -1
- package/dist/lib/database-circuit-breaker.d.ts +61 -34
- package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
- package/dist/lib/database-circuit-breaker.js +102 -109
- package/dist/lib/database-circuit-breaker.js.map +1 -1
- package/dist/lib/database-config.js +1 -4
- package/dist/lib/database-config.js.map +1 -1
- package/dist/lib/database-connection-manager.d.ts +42 -2
- package/dist/lib/database-connection-manager.d.ts.map +1 -1
- package/dist/lib/database-connection-manager.js +178 -74
- package/dist/lib/database-connection-manager.js.map +1 -1
- package/dist/lib/database-monitor.d.ts +1 -1
- package/dist/lib/database-monitor.d.ts.map +1 -1
- package/dist/lib/database-monitor.js +5 -9
- package/dist/lib/database-monitor.js.map +1 -1
- package/dist/lib/database-rate-limiter.d.ts +1 -1
- package/dist/lib/database-rate-limiter.d.ts.map +1 -1
- package/dist/lib/database-rate-limiter.js +3 -7
- package/dist/lib/database-rate-limiter.js.map +1 -1
- package/dist/lib/database-wrapper-helper.d.ts +2 -2
- package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
- package/dist/lib/database-wrapper-helper.js +7 -11
- package/dist/lib/database-wrapper-helper.js.map +1 -1
- package/dist/lib/database-wrapper.d.ts +1 -1
- package/dist/lib/database-wrapper.d.ts.map +1 -1
- package/dist/lib/database-wrapper.js +5 -9
- package/dist/lib/database-wrapper.js.map +1 -1
- package/dist/lib/db-query-helper.d.ts +3 -3
- package/dist/lib/db-query-helper.d.ts.map +1 -1
- package/dist/lib/db-query-helper.js +4 -9
- package/dist/lib/db-query-helper.js.map +1 -1
- package/dist/lib/discovery-exposure.d.ts +42 -0
- package/dist/lib/discovery-exposure.d.ts.map +1 -0
- package/dist/lib/discovery-exposure.js +89 -0
- package/dist/lib/discovery-exposure.js.map +1 -0
- package/dist/lib/discovery-handler.d.ts +6 -6
- package/dist/lib/discovery-handler.d.ts.map +1 -1
- package/dist/lib/discovery-handler.js +10 -43
- package/dist/lib/discovery-handler.js.map +1 -1
- package/dist/lib/domain-reputation-service.d.ts +1 -1
- package/dist/lib/domain-reputation-service.d.ts.map +1 -1
- package/dist/lib/domain-reputation-service.js +12 -15
- package/dist/lib/domain-reputation-service.js.map +1 -1
- package/dist/lib/email-privacy.js +4 -8
- package/dist/lib/email-privacy.js.map +1 -1
- package/dist/lib/email-provider.d.ts +2 -2
- package/dist/lib/email-provider.d.ts.map +1 -1
- package/dist/lib/email-provider.js +8 -16
- package/dist/lib/email-provider.js.map +1 -1
- package/dist/lib/entity-handler.d.ts +5 -6
- package/dist/lib/entity-handler.d.ts.map +1 -1
- package/dist/lib/entity-handler.js +52 -81
- package/dist/lib/entity-handler.js.map +1 -1
- package/dist/lib/entity-relationship-handler.d.ts +9 -9
- package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
- package/dist/lib/entity-relationship-handler.js +14 -51
- package/dist/lib/entity-relationship-handler.js.map +1 -1
- package/dist/lib/entity-tagging-errors.js +4 -11
- package/dist/lib/entity-tagging-errors.js.map +1 -1
- package/dist/lib/entity-tagging-validator.d.ts +3 -3
- package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
- package/dist/lib/entity-tagging-validator.js +6 -11
- package/dist/lib/entity-tagging-validator.js.map +1 -1
- package/dist/lib/exif-stripper.js +1 -4
- package/dist/lib/exif-stripper.js.map +1 -1
- package/dist/lib/extension-context.d.ts +2 -2
- package/dist/lib/extension-context.d.ts.map +1 -1
- package/dist/lib/extension-context.js +1 -4
- package/dist/lib/extension-context.js.map +1 -1
- package/dist/lib/extension-route-wrapper.d.ts +1 -1
- package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
- package/dist/lib/extension-route-wrapper.js +17 -55
- package/dist/lib/extension-route-wrapper.js.map +1 -1
- package/dist/lib/extension-validator.js +3 -6
- package/dist/lib/extension-validator.js.map +1 -1
- package/dist/lib/feature-flags.d.ts +5 -2
- package/dist/lib/feature-flags.d.ts.map +1 -1
- package/dist/lib/feature-flags.js +15 -48
- package/dist/lib/feature-flags.js.map +1 -1
- package/dist/lib/feature-toggle-global-client.d.ts +6 -0
- package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
- package/dist/lib/feature-toggle-global-client.js +73 -0
- package/dist/lib/feature-toggle-global-client.js.map +1 -0
- package/dist/lib/feature-toggle-service.d.ts +137 -27
- package/dist/lib/feature-toggle-service.d.ts.map +1 -1
- package/dist/lib/feature-toggle-service.js +302 -119
- package/dist/lib/feature-toggle-service.js.map +1 -1
- package/dist/lib/feed-handler.d.ts +8 -8
- package/dist/lib/feed-handler.d.ts.map +1 -1
- package/dist/lib/feed-handler.js +33 -62
- package/dist/lib/feed-handler.js.map +1 -1
- package/dist/lib/feed-pagination.d.ts +26 -0
- package/dist/lib/feed-pagination.d.ts.map +1 -1
- package/dist/lib/feed-pagination.js +31 -11
- package/dist/lib/feed-pagination.js.map +1 -1
- package/dist/lib/feed-personalization.d.ts +1 -1
- package/dist/lib/feed-personalization.d.ts.map +1 -1
- package/dist/lib/feed-personalization.js +6 -43
- package/dist/lib/feed-personalization.js.map +1 -1
- package/dist/lib/followers-events.js +8 -13
- package/dist/lib/followers-events.js.map +1 -1
- package/dist/lib/friends-handler.d.ts +2 -2
- package/dist/lib/friends-handler.d.ts.map +1 -1
- package/dist/lib/friends-handler.js +9 -46
- package/dist/lib/friends-handler.js.map +1 -1
- package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
- package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
- package/dist/lib/geo/entity-geo-repository.js +91 -0
- package/dist/lib/geo/entity-geo-repository.js.map +1 -0
- package/dist/lib/graph/errors.d.ts.map +1 -1
- package/dist/lib/graph/errors.js +13 -18
- package/dist/lib/graph/errors.js.map +1 -1
- package/dist/lib/graph/graph-factory.d.ts +12 -53
- package/dist/lib/graph/graph-factory.d.ts.map +1 -1
- package/dist/lib/graph/graph-factory.js +67 -162
- package/dist/lib/graph/graph-factory.js.map +1 -1
- package/dist/lib/graph/graph-service.d.ts +1 -1
- package/dist/lib/graph/graph-service.d.ts.map +1 -1
- package/dist/lib/graph/graph-service.js +1 -2
- package/dist/lib/graph/graph-service.js.map +1 -1
- package/dist/lib/graph/index.d.ts +10 -14
- package/dist/lib/graph/index.d.ts.map +1 -1
- package/dist/lib/graph/index.js +12 -46
- package/dist/lib/graph/index.js.map +1 -1
- package/dist/lib/graph/postgres/_shared.d.ts +18 -0
- package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
- package/dist/lib/graph/postgres/_shared.js +24 -0
- package/dist/lib/graph/postgres/_shared.js.map +1 -0
- package/dist/lib/graph/postgres/circles.d.ts +66 -0
- package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
- package/dist/lib/graph/postgres/circles.js +513 -0
- package/dist/lib/graph/postgres/circles.js.map +1 -0
- package/dist/lib/graph/postgres/discovery.d.ts +165 -0
- package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
- package/dist/lib/graph/postgres/discovery.js +579 -0
- package/dist/lib/graph/postgres/discovery.js.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.js +304 -0
- package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.js +162 -0
- package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
- package/dist/lib/graph/postgres/relationships.d.ts +58 -0
- package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/relationships.js +314 -0
- package/dist/lib/graph/postgres/relationships.js.map +1 -0
- package/dist/lib/graph/postgres/scoring.d.ts +74 -0
- package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
- package/dist/lib/graph/postgres/scoring.js +297 -0
- package/dist/lib/graph/postgres/scoring.js.map +1 -0
- package/dist/lib/graph/postgres/sync.d.ts +149 -0
- package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
- package/dist/lib/graph/postgres/sync.js +269 -0
- package/dist/lib/graph/postgres/sync.js.map +1 -0
- package/dist/lib/graph/scoring-engine.d.ts +7 -1
- package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
- package/dist/lib/graph/scoring-engine.js +29 -35
- package/dist/lib/graph/scoring-engine.js.map +1 -1
- package/dist/lib/graph/types.d.ts +18 -1
- package/dist/lib/graph/types.d.ts.map +1 -1
- package/dist/lib/graph/types.js +1 -2
- package/dist/lib/graph/types.js.map +1 -1
- package/dist/lib/hook-dispatcher.d.ts +1 -1
- package/dist/lib/hook-dispatcher.d.ts.map +1 -1
- package/dist/lib/hook-dispatcher.js +8 -12
- package/dist/lib/hook-dispatcher.js.map +1 -1
- package/dist/lib/input-sanitizer.js +1 -5
- package/dist/lib/input-sanitizer.js.map +1 -1
- package/dist/lib/internal-docs-handler.d.ts +2 -2
- package/dist/lib/internal-docs-handler.d.ts.map +1 -1
- package/dist/lib/internal-docs-handler.js +20 -28
- package/dist/lib/internal-docs-handler.js.map +1 -1
- package/dist/lib/internal-docs-navigation.js +2 -6
- package/dist/lib/internal-docs-navigation.js.map +1 -1
- package/dist/lib/invitation-handler.d.ts +2 -2
- package/dist/lib/invitation-handler.d.ts.map +1 -1
- package/dist/lib/invitation-handler.js +41 -82
- package/dist/lib/invitation-handler.js.map +1 -1
- package/dist/lib/ip-scrubber.js +3 -8
- package/dist/lib/ip-scrubber.js.map +1 -1
- package/dist/lib/link-security-handler.d.ts +3 -2
- package/dist/lib/link-security-handler.d.ts.map +1 -1
- package/dist/lib/link-security-handler.js +8 -44
- package/dist/lib/link-security-handler.js.map +1 -1
- package/dist/lib/logger.d.ts +31 -82
- package/dist/lib/logger.d.ts.map +1 -1
- package/dist/lib/logger.js +43 -185
- package/dist/lib/logger.js.map +1 -1
- package/dist/lib/media-cleanup-handler.d.ts +2 -2
- package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
- package/dist/lib/media-cleanup-handler.js +7 -11
- package/dist/lib/media-cleanup-handler.js.map +1 -1
- package/dist/lib/media-handler.d.ts +1 -1
- package/dist/lib/media-handler.d.ts.map +1 -1
- package/dist/lib/media-handler.js +36 -73
- package/dist/lib/media-handler.js.map +1 -1
- package/dist/lib/media-metadata-extractor.d.ts +1 -1
- package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
- package/dist/lib/media-metadata-extractor.js +3 -7
- package/dist/lib/media-metadata-extractor.js.map +1 -1
- package/dist/lib/media-metrics.d.ts +2 -2
- package/dist/lib/media-metrics.d.ts.map +1 -1
- package/dist/lib/media-metrics.js +3 -7
- package/dist/lib/media-metrics.js.map +1 -1
- package/dist/lib/metadata/index.d.ts +5 -5
- package/dist/lib/metadata/index.d.ts.map +1 -1
- package/dist/lib/metadata/index.js +5 -21
- package/dist/lib/metadata/index.js.map +1 -1
- package/dist/lib/metadata/metadata-config.js +2 -5
- package/dist/lib/metadata/metadata-config.js.map +1 -1
- package/dist/lib/metadata/metadata-errors.js +2 -7
- package/dist/lib/metadata/metadata-errors.js.map +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-extractor.js +42 -82
- package/dist/lib/metadata/metadata-extractor.js.map +1 -1
- package/dist/lib/metadata/metadata-sanitizer.js +17 -24
- package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
- package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
- package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-schemas.js +31 -34
- package/dist/lib/metadata/metadata-schemas.js.map +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
- package/dist/lib/mfa/mfa-handler.js +13 -17
- package/dist/lib/mfa/mfa-handler.js.map +1 -1
- package/dist/lib/mfa/totp-service.js +8 -18
- package/dist/lib/mfa/totp-service.js.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.js +7 -10
- package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
- package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
- package/dist/lib/middleware/idempotency-store.js +20 -26
- package/dist/lib/middleware/idempotency-store.js.map +1 -1
- package/dist/lib/middleware/idempotency.d.ts +2 -2
- package/dist/lib/middleware/idempotency.d.ts.map +1 -1
- package/dist/lib/middleware/idempotency.js +12 -50
- package/dist/lib/middleware/idempotency.js.map +1 -1
- package/dist/lib/middleware.d.ts +22 -9
- package/dist/lib/middleware.d.ts.map +1 -1
- package/dist/lib/middleware.js +72 -153
- package/dist/lib/middleware.js.map +1 -1
- package/dist/lib/moderation-handler.d.ts +1 -1
- package/dist/lib/moderation-handler.d.ts.map +1 -1
- package/dist/lib/moderation-handler.js +15 -54
- package/dist/lib/moderation-handler.js.map +1 -1
- package/dist/lib/net/trusted-client-ip.d.ts +8 -30
- package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
- package/dist/lib/net/trusted-client-ip.js +13 -94
- package/dist/lib/net/trusted-client-ip.js.map +1 -1
- package/dist/lib/notification-handler.d.ts +1 -1
- package/dist/lib/notification-handler.d.ts.map +1 -1
- package/dist/lib/notification-handler.js +10 -15
- package/dist/lib/notification-handler.js.map +1 -1
- package/dist/lib/notification-preferences-handler.d.ts +1 -1
- package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
- package/dist/lib/notification-preferences-handler.js +7 -11
- package/dist/lib/notification-preferences-handler.js.map +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
- package/dist/lib/oauth/cognito-issuer.js +5 -10
- package/dist/lib/oauth/cognito-issuer.js.map +1 -1
- package/dist/lib/oauth/device-authorization.d.ts +1 -1
- package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
- package/dist/lib/oauth/device-authorization.js +62 -77
- package/dist/lib/oauth/device-authorization.js.map +1 -1
- package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
- package/dist/lib/oauth/envelope-crypto.js +22 -34
- package/dist/lib/oauth/envelope-crypto.js.map +1 -1
- package/dist/lib/oauth/refresh-detection.js +42 -52
- package/dist/lib/oauth/refresh-detection.js.map +1 -1
- package/dist/lib/openai-budget.d.ts.map +1 -1
- package/dist/lib/openai-budget.js +7 -44
- package/dist/lib/openai-budget.js.map +1 -1
- package/dist/lib/openapi/generator.d.ts +1 -1
- package/dist/lib/openapi/generator.d.ts.map +1 -1
- package/dist/lib/openapi/generator.js +2 -6
- package/dist/lib/openapi/generator.js.map +1 -1
- package/dist/lib/orphaned-media-handler.d.ts +1 -1
- package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
- package/dist/lib/orphaned-media-handler.js +9 -46
- package/dist/lib/orphaned-media-handler.js.map +1 -1
- package/dist/lib/parental-control-handler.d.ts +2 -2
- package/dist/lib/parental-control-handler.d.ts.map +1 -1
- package/dist/lib/parental-control-handler.js +18 -55
- package/dist/lib/parental-control-handler.js.map +1 -1
- package/dist/lib/parental-link-handler.d.ts +8 -8
- package/dist/lib/parental-link-handler.d.ts.map +1 -1
- package/dist/lib/parental-link-handler.js +10 -14
- package/dist/lib/parental-link-handler.js.map +1 -1
- package/dist/lib/performance-metrics.d.ts +1 -1
- package/dist/lib/performance-metrics.d.ts.map +1 -1
- package/dist/lib/performance-metrics.js +3 -6
- package/dist/lib/performance-metrics.js.map +1 -1
- package/dist/lib/post-handler.d.ts +9 -9
- package/dist/lib/post-handler.d.ts.map +1 -1
- package/dist/lib/post-handler.js +67 -101
- package/dist/lib/post-handler.js.map +1 -1
- package/dist/lib/privacy-defaults.js +3 -8
- package/dist/lib/privacy-defaults.js.map +1 -1
- package/dist/lib/privacy-handler.d.ts +2 -2
- package/dist/lib/privacy-handler.d.ts.map +1 -1
- package/dist/lib/privacy-handler.js +6 -10
- package/dist/lib/privacy-handler.js.map +1 -1
- package/dist/lib/pseudonym.d.ts +56 -0
- package/dist/lib/pseudonym.d.ts.map +1 -0
- package/dist/lib/pseudonym.js +85 -0
- package/dist/lib/pseudonym.js.map +1 -0
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
- package/dist/lib/quiet-hours.js +2 -6
- package/dist/lib/quiet-hours.js.map +1 -1
- package/dist/lib/rate-limit.d.ts +58 -47
- package/dist/lib/rate-limit.d.ts.map +1 -1
- package/dist/lib/rate-limit.js +168 -157
- package/dist/lib/rate-limit.js.map +1 -1
- package/dist/lib/reaction-handler.d.ts +10 -10
- package/dist/lib/reaction-handler.d.ts.map +1 -1
- package/dist/lib/reaction-handler.js +44 -80
- package/dist/lib/reaction-handler.js.map +1 -1
- package/dist/lib/recaptcha.js +6 -9
- package/dist/lib/recaptcha.js.map +1 -1
- package/dist/lib/redirect-resolver.d.ts +2 -2
- package/dist/lib/redirect-resolver.d.ts.map +1 -1
- package/dist/lib/redirect-resolver.js +5 -9
- package/dist/lib/redirect-resolver.js.map +1 -1
- package/dist/lib/region-config.d.ts +3 -3
- package/dist/lib/region-config.d.ts.map +1 -1
- package/dist/lib/region-config.js +15 -58
- package/dist/lib/region-config.js.map +1 -1
- package/dist/lib/region-detection.d.ts +55 -24
- package/dist/lib/region-detection.d.ts.map +1 -1
- package/dist/lib/region-detection.js +140 -199
- package/dist/lib/region-detection.js.map +1 -1
- package/dist/lib/region-registry.d.ts +49 -0
- package/dist/lib/region-registry.d.ts.map +1 -0
- package/dist/lib/region-registry.js +112 -0
- package/dist/lib/region-registry.js.map +1 -0
- package/dist/lib/relationship-handler.d.ts +9 -9
- package/dist/lib/relationship-handler.d.ts.map +1 -1
- package/dist/lib/relationship-handler.js +12 -49
- package/dist/lib/relationship-handler.js.map +1 -1
- package/dist/lib/request-context.d.ts +16 -16
- package/dist/lib/request-context.d.ts.map +1 -1
- package/dist/lib/request-context.js +14 -22
- package/dist/lib/request-context.js.map +1 -1
- package/dist/lib/route-helpers.d.ts +3 -4
- package/dist/lib/route-helpers.d.ts.map +1 -1
- package/dist/lib/route-helpers.js +20 -75
- package/dist/lib/route-helpers.js.map +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/actor.js +20 -23
- package/dist/lib/routes/activitypub/actor.js.map +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/audiences.js +76 -80
- package/dist/lib/routes/activitypub/audiences.js.map +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/collections.js +24 -26
- package/dist/lib/routes/activitypub/collections.js.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.js +36 -39
- package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/friends.js +9 -12
- package/dist/lib/routes/activitypub/friends.js.map +1 -1
- package/dist/lib/routes/activitypub/group.d.ts +1 -1
- package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/group.js +91 -94
- package/dist/lib/routes/activitypub/group.js.map +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/inbox.js +30 -33
- package/dist/lib/routes/activitypub/inbox.js.map +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/messages.js +79 -83
- package/dist/lib/routes/activitypub/messages.js.map +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/outbox.js +9 -12
- package/dist/lib/routes/activitypub/outbox.js.map +1 -1
- package/dist/lib/routes/activitypub/post.d.ts +1 -1
- package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/post.js +32 -35
- package/dist/lib/routes/activitypub/post.js.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.js +5 -8
- package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
- package/dist/lib/routes/admin-costs.d.ts +1 -1
- package/dist/lib/routes/admin-costs.d.ts.map +1 -1
- package/dist/lib/routes/admin-costs.js +22 -26
- package/dist/lib/routes/admin-costs.js.map +1 -1
- package/dist/lib/routes/admin.d.ts +1 -1
- package/dist/lib/routes/admin.d.ts.map +1 -1
- package/dist/lib/routes/admin.js +290 -269
- package/dist/lib/routes/admin.js.map +1 -1
- package/dist/lib/routes/agent-authorize.d.ts +5 -5
- package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
- package/dist/lib/routes/agent-authorize.js +68 -74
- package/dist/lib/routes/agent-authorize.js.map +1 -1
- package/dist/lib/routes/agent-sessions.d.ts +4 -4
- package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
- package/dist/lib/routes/agent-sessions.js +30 -35
- package/dist/lib/routes/agent-sessions.js.map +1 -1
- package/dist/lib/routes/agent-surface.d.ts +2 -2
- package/dist/lib/routes/agent-surface.d.ts.map +1 -1
- package/dist/lib/routes/agent-surface.js +20 -24
- package/dist/lib/routes/agent-surface.js.map +1 -1
- package/dist/lib/routes/auth-discover.d.ts +1 -1
- package/dist/lib/routes/auth-discover.d.ts.map +1 -1
- package/dist/lib/routes/auth-discover.js +20 -56
- package/dist/lib/routes/auth-discover.js.map +1 -1
- package/dist/lib/routes/auth.d.ts +1 -1
- package/dist/lib/routes/auth.d.ts.map +1 -1
- package/dist/lib/routes/auth.js +13 -16
- package/dist/lib/routes/auth.js.map +1 -1
- package/dist/lib/routes/badges.d.ts +1 -1
- package/dist/lib/routes/badges.d.ts.map +1 -1
- package/dist/lib/routes/badges.js +20 -23
- package/dist/lib/routes/badges.js.map +1 -1
- package/dist/lib/routes/circles.d.ts +1 -1
- package/dist/lib/routes/circles.d.ts.map +1 -1
- package/dist/lib/routes/circles.js +40 -44
- package/dist/lib/routes/circles.js.map +1 -1
- package/dist/lib/routes/comments.d.ts +1 -1
- package/dist/lib/routes/comments.d.ts.map +1 -1
- package/dist/lib/routes/comments.js +67 -71
- package/dist/lib/routes/comments.js.map +1 -1
- package/dist/lib/routes/connection-codes.d.ts +1 -1
- package/dist/lib/routes/connection-codes.d.ts.map +1 -1
- package/dist/lib/routes/connection-codes.js +30 -34
- package/dist/lib/routes/connection-codes.js.map +1 -1
- package/dist/lib/routes/content-discovery.d.ts +1 -1
- package/dist/lib/routes/content-discovery.d.ts.map +1 -1
- package/dist/lib/routes/content-discovery.js +31 -34
- package/dist/lib/routes/content-discovery.js.map +1 -1
- package/dist/lib/routes/dashboard.d.ts +1 -1
- package/dist/lib/routes/dashboard.d.ts.map +1 -1
- package/dist/lib/routes/dashboard.js +251 -288
- package/dist/lib/routes/dashboard.js.map +1 -1
- package/dist/lib/routes/deletion.d.ts +1 -1
- package/dist/lib/routes/deletion.d.ts.map +1 -1
- package/dist/lib/routes/deletion.js +37 -74
- package/dist/lib/routes/deletion.js.map +1 -1
- package/dist/lib/routes/discovery.d.ts +1 -1
- package/dist/lib/routes/discovery.d.ts.map +1 -1
- package/dist/lib/routes/discovery.js +20 -24
- package/dist/lib/routes/discovery.js.map +1 -1
- package/dist/lib/routes/employees.d.ts +1 -1
- package/dist/lib/routes/employees.d.ts.map +1 -1
- package/dist/lib/routes/employees.js +15 -52
- package/dist/lib/routes/employees.js.map +1 -1
- package/dist/lib/routes/entities.d.ts +1 -1
- package/dist/lib/routes/entities.d.ts.map +1 -1
- package/dist/lib/routes/entities.js +133 -137
- package/dist/lib/routes/entities.js.map +1 -1
- package/dist/lib/routes/entity-relationships.d.ts +1 -1
- package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
- package/dist/lib/routes/entity-relationships.js +35 -39
- package/dist/lib/routes/entity-relationships.js.map +1 -1
- package/dist/lib/routes/errors.d.ts +1 -1
- package/dist/lib/routes/errors.d.ts.map +1 -1
- package/dist/lib/routes/errors.js +4 -10
- package/dist/lib/routes/errors.js.map +1 -1
- package/dist/lib/routes/export.d.ts +1 -1
- package/dist/lib/routes/export.d.ts.map +1 -1
- package/dist/lib/routes/export.js +31 -35
- package/dist/lib/routes/export.js.map +1 -1
- package/dist/lib/routes/feature-flags.d.ts +1 -1
- package/dist/lib/routes/feature-flags.d.ts.map +1 -1
- package/dist/lib/routes/feature-flags.js +20 -23
- package/dist/lib/routes/feature-flags.js.map +1 -1
- package/dist/lib/routes/feeds.d.ts +1 -1
- package/dist/lib/routes/feeds.d.ts.map +1 -1
- package/dist/lib/routes/feeds.js +42 -46
- package/dist/lib/routes/feeds.js.map +1 -1
- package/dist/lib/routes/friends.d.ts +1 -1
- package/dist/lib/routes/friends.d.ts.map +1 -1
- package/dist/lib/routes/friends.js +35 -39
- package/dist/lib/routes/friends.js.map +1 -1
- package/dist/lib/routes/health.d.ts +1 -1
- package/dist/lib/routes/health.d.ts.map +1 -1
- package/dist/lib/routes/health.js +23 -27
- package/dist/lib/routes/health.js.map +1 -1
- package/dist/lib/routes/index.d.ts +2 -7
- package/dist/lib/routes/index.d.ts.map +1 -1
- package/dist/lib/routes/index.js +137 -158
- package/dist/lib/routes/index.js.map +1 -1
- package/dist/lib/routes/internal-docs.d.ts +1 -1
- package/dist/lib/routes/internal-docs.d.ts.map +1 -1
- package/dist/lib/routes/internal-docs.js +13 -16
- package/dist/lib/routes/internal-docs.js.map +1 -1
- package/dist/lib/routes/invitations.d.ts +1 -1
- package/dist/lib/routes/invitations.d.ts.map +1 -1
- package/dist/lib/routes/invitations.js +19 -22
- package/dist/lib/routes/invitations.js.map +1 -1
- package/dist/lib/routes/link-reports.d.ts +2 -2
- package/dist/lib/routes/link-reports.d.ts.map +1 -1
- package/dist/lib/routes/link-reports.js +86 -48
- package/dist/lib/routes/link-reports.js.map +1 -1
- package/dist/lib/routes/map.d.ts +1 -1
- package/dist/lib/routes/map.d.ts.map +1 -1
- package/dist/lib/routes/map.js +5 -8
- package/dist/lib/routes/map.js.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.js +30 -67
- package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
- package/dist/lib/routes/media.d.ts +1 -1
- package/dist/lib/routes/media.d.ts.map +1 -1
- package/dist/lib/routes/media.js +156 -193
- package/dist/lib/routes/media.js.map +1 -1
- package/dist/lib/routes/mfa.d.ts +1 -1
- package/dist/lib/routes/mfa.d.ts.map +1 -1
- package/dist/lib/routes/mfa.js +60 -64
- package/dist/lib/routes/mfa.js.map +1 -1
- package/dist/lib/routes/notifications.d.ts +1 -1
- package/dist/lib/routes/notifications.d.ts.map +1 -1
- package/dist/lib/routes/notifications.js +68 -72
- package/dist/lib/routes/notifications.js.map +1 -1
- package/dist/lib/routes/oauth.d.ts +1 -1
- package/dist/lib/routes/oauth.d.ts.map +1 -1
- package/dist/lib/routes/oauth.js +20 -23
- package/dist/lib/routes/oauth.js.map +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media-health.js +10 -13
- package/dist/lib/routes/orphaned-media-health.js.map +1 -1
- package/dist/lib/routes/orphaned-media.d.ts +1 -1
- package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media.js +20 -57
- package/dist/lib/routes/orphaned-media.js.map +1 -1
- package/dist/lib/routes/out.d.ts +1 -1
- package/dist/lib/routes/out.d.ts.map +1 -1
- package/dist/lib/routes/out.js +21 -24
- package/dist/lib/routes/out.js.map +1 -1
- package/dist/lib/routes/parental-controls.d.ts +1 -1
- package/dist/lib/routes/parental-controls.d.ts.map +1 -1
- package/dist/lib/routes/parental-controls.js +91 -95
- package/dist/lib/routes/parental-controls.js.map +1 -1
- package/dist/lib/routes/posts.d.ts +1 -1
- package/dist/lib/routes/posts.d.ts.map +1 -1
- package/dist/lib/routes/posts.js +101 -105
- package/dist/lib/routes/posts.js.map +1 -1
- package/dist/lib/routes/privacy.d.ts +1 -1
- package/dist/lib/routes/privacy.d.ts.map +1 -1
- package/dist/lib/routes/privacy.js +21 -25
- package/dist/lib/routes/privacy.js.map +1 -1
- package/dist/lib/routes/products.d.ts +1 -1
- package/dist/lib/routes/products.d.ts.map +1 -1
- package/dist/lib/routes/products.js +44 -48
- package/dist/lib/routes/products.js.map +1 -1
- package/dist/lib/routes/relationships.d.ts +1 -1
- package/dist/lib/routes/relationships.d.ts.map +1 -1
- package/dist/lib/routes/relationships.js +35 -39
- package/dist/lib/routes/relationships.js.map +1 -1
- package/dist/lib/routes/sentiments.d.ts +1 -1
- package/dist/lib/routes/sentiments.d.ts.map +1 -1
- package/dist/lib/routes/sentiments.js +71 -75
- package/dist/lib/routes/sentiments.js.map +1 -1
- package/dist/lib/routes/setup-status.d.ts +1 -1
- package/dist/lib/routes/setup-status.d.ts.map +1 -1
- package/dist/lib/routes/setup-status.js +17 -20
- package/dist/lib/routes/setup-status.js.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.js +29 -33
- package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
- package/dist/lib/routes/taxonomy.d.ts +1 -1
- package/dist/lib/routes/taxonomy.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy.js +48 -51
- package/dist/lib/routes/taxonomy.js.map +1 -1
- package/dist/lib/routes/tenant-audit.d.ts +1 -1
- package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
- package/dist/lib/routes/tenant-audit.js +35 -92
- package/dist/lib/routes/tenant-audit.js.map +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
- package/dist/lib/routes/tenant-compliance.js +16 -52
- package/dist/lib/routes/tenant-compliance.js.map +1 -1
- package/dist/lib/routes/tenant-domains.d.ts +1 -1
- package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
- package/dist/lib/routes/tenant-domains.js +27 -30
- package/dist/lib/routes/tenant-domains.js.map +1 -1
- package/dist/lib/routes/tenant-idp.d.ts +1 -1
- package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
- package/dist/lib/routes/tenant-idp.js +27 -30
- package/dist/lib/routes/tenant-idp.js.map +1 -1
- package/dist/lib/routes/tenant-members.d.ts +1 -1
- package/dist/lib/routes/tenant-members.d.ts.map +1 -1
- package/dist/lib/routes/tenant-members.js +21 -24
- package/dist/lib/routes/tenant-members.js.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.js +27 -30
- package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
- package/dist/lib/routes/tenants.d.ts +1 -1
- package/dist/lib/routes/tenants.d.ts.map +1 -1
- package/dist/lib/routes/tenants.js +37 -40
- package/dist/lib/routes/tenants.js.map +1 -1
- package/dist/lib/routes/types.d.ts +10 -5
- package/dist/lib/routes/types.d.ts.map +1 -1
- package/dist/lib/routes/types.js +1 -2
- package/dist/lib/routes/types.js.map +1 -1
- package/dist/lib/routes/upload-sessions.d.ts +1 -1
- package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
- package/dist/lib/routes/upload-sessions.js +57 -94
- package/dist/lib/routes/upload-sessions.js.map +1 -1
- package/dist/lib/routes/user.d.ts +1 -1
- package/dist/lib/routes/user.d.ts.map +1 -1
- package/dist/lib/routes/user.js +137 -85
- package/dist/lib/routes/user.js.map +1 -1
- package/dist/lib/routes.d.ts +2 -2
- package/dist/lib/routes.d.ts.map +1 -1
- package/dist/lib/routes.js +2 -7
- package/dist/lib/routes.js.map +1 -1
- package/dist/lib/scaling-health.d.ts.map +1 -1
- package/dist/lib/scaling-health.js +6 -9
- package/dist/lib/scaling-health.js.map +1 -1
- package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
- package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
- package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
- package/dist/lib/schemas.d.ts +85 -204
- package/dist/lib/schemas.d.ts.map +1 -1
- package/dist/lib/schemas.js +71 -74
- package/dist/lib/schemas.js.map +1 -1
- package/dist/lib/secrets/idp-secrets.d.ts +1 -1
- package/dist/lib/secrets/idp-secrets.js +13 -19
- package/dist/lib/secrets/idp-secrets.js.map +1 -1
- package/dist/lib/security-event-cleaner.js +1 -5
- package/dist/lib/security-event-cleaner.js.map +1 -1
- package/dist/lib/security-headers.js +1 -5
- package/dist/lib/security-headers.js.map +1 -1
- package/dist/lib/security-monitor.d.ts +4 -2
- package/dist/lib/security-monitor.d.ts.map +1 -1
- package/dist/lib/security-monitor.js +16 -18
- package/dist/lib/security-monitor.js.map +1 -1
- package/dist/lib/sentiment-digest.d.ts +1 -1
- package/dist/lib/sentiment-digest.d.ts.map +1 -1
- package/dist/lib/sentiment-digest.js +5 -8
- package/dist/lib/sentiment-digest.js.map +1 -1
- package/dist/lib/sentiment-display.js +3 -7
- package/dist/lib/sentiment-display.js.map +1 -1
- package/dist/lib/services/image-normalizer.js +1 -5
- package/dist/lib/services/image-normalizer.js.map +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
- package/dist/lib/services/media-reconciliation-service.js +7 -11
- package/dist/lib/services/media-reconciliation-service.js.map +1 -1
- package/dist/lib/services/media-upload-service.d.ts +1 -1
- package/dist/lib/services/media-upload-service.d.ts.map +1 -1
- package/dist/lib/services/media-upload-service.js +4 -8
- package/dist/lib/services/media-upload-service.js.map +1 -1
- package/dist/lib/services/user-data-deletion.d.ts +45 -2
- package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
- package/dist/lib/services/user-data-deletion.js +87 -9
- package/dist/lib/services/user-data-deletion.js.map +1 -1
- package/dist/lib/session-awareness.js +2 -6
- package/dist/lib/session-awareness.js.map +1 -1
- package/dist/lib/session-config.js +8 -17
- package/dist/lib/session-config.js.map +1 -1
- package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
- package/dist/lib/session-cookie.d.ts.map +1 -0
- package/dist/lib/session-cookie.js +0 -0
- package/dist/lib/session-cookie.js.map +1 -0
- package/dist/lib/signup-metadata.d.ts +129 -0
- package/dist/lib/signup-metadata.d.ts.map +1 -0
- package/dist/lib/signup-metadata.js +127 -0
- package/dist/lib/signup-metadata.js.map +1 -0
- package/dist/lib/sso-auth-handler.js +1 -5
- package/dist/lib/sso-auth-handler.js.map +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
- package/dist/lib/tag-suggestions-handler.js +1 -5
- package/dist/lib/tag-suggestions-handler.js.map +1 -1
- package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
- package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler-factory.js +7 -10
- package/dist/lib/taxonomy-handler-factory.js.map +1 -1
- package/dist/lib/taxonomy-handler.d.ts +2 -2
- package/dist/lib/taxonomy-handler.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler.js +8 -8
- package/dist/lib/taxonomy-handler.js.map +1 -1
- package/dist/lib/taxonomy-metrics.js +5 -9
- package/dist/lib/taxonomy-metrics.js.map +1 -1
- package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
- package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
- package/dist/lib/taxonomy-search-metrics.js +3 -7
- package/dist/lib/taxonomy-search-metrics.js.map +1 -1
- package/dist/lib/tenant/audit-emit.d.ts +18 -8
- package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
- package/dist/lib/tenant/audit-emit.js +50 -11
- package/dist/lib/tenant/audit-emit.js.map +1 -1
- package/dist/lib/tenant/derive-domain.js +1 -4
- package/dist/lib/tenant/derive-domain.js.map +1 -1
- package/dist/lib/tenant/domain-handler.d.ts +2 -2
- package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
- package/dist/lib/tenant/domain-handler.js +50 -62
- package/dist/lib/tenant/domain-handler.js.map +1 -1
- package/dist/lib/tenant/domain-validator.d.ts +1 -1
- package/dist/lib/tenant/domain-validator.js +10 -13
- package/dist/lib/tenant/domain-validator.js.map +1 -1
- package/dist/lib/tenant/domain-verifier.d.ts +3 -3
- package/dist/lib/tenant/domain-verifier.js +8 -11
- package/dist/lib/tenant/domain-verifier.js.map +1 -1
- package/dist/lib/tenant/idp-handler.d.ts +4 -4
- package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
- package/dist/lib/tenant/idp-handler.js +45 -82
- package/dist/lib/tenant/idp-handler.js.map +1 -1
- package/dist/lib/tenant/idp-name.js +1 -4
- package/dist/lib/tenant/idp-name.js.map +1 -1
- package/dist/lib/tenant/member-handler.d.ts +2 -2
- package/dist/lib/tenant/member-handler.d.ts.map +1 -1
- package/dist/lib/tenant/member-handler.js +30 -67
- package/dist/lib/tenant/member-handler.js.map +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
- package/dist/lib/tenant/reserved-slugs.js +8 -14
- package/dist/lib/tenant/reserved-slugs.js.map +1 -1
- package/dist/lib/tenant/resolve-role.js +1 -4
- package/dist/lib/tenant/resolve-role.js.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
- package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.js +24 -61
- package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
- package/dist/lib/tenant/setup-status.d.ts +1 -1
- package/dist/lib/tenant/setup-status.d.ts.map +1 -1
- package/dist/lib/tenant/setup-status.js +3 -40
- package/dist/lib/tenant/setup-status.js.map +1 -1
- package/dist/lib/tenant/slug-validator.js +3 -6
- package/dist/lib/tenant/slug-validator.js.map +1 -1
- package/dist/lib/tenant/tenant-handler.d.ts +2 -2
- package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
- package/dist/lib/tenant/tenant-handler.js +31 -68
- package/dist/lib/tenant/tenant-handler.js.map +1 -1
- package/dist/lib/tenant/transfer-ownership.js +2 -6
- package/dist/lib/tenant/transfer-ownership.js.map +1 -1
- package/dist/lib/tenant-scope.d.ts +97 -0
- package/dist/lib/tenant-scope.d.ts.map +1 -0
- package/dist/lib/tenant-scope.js +270 -0
- package/dist/lib/tenant-scope.js.map +1 -0
- package/dist/lib/terminology.d.ts.map +1 -1
- package/dist/lib/terminology.js +7 -9
- package/dist/lib/terminology.js.map +1 -1
- package/dist/lib/theme.js +2 -6
- package/dist/lib/theme.js.map +1 -1
- package/dist/lib/threat-intel-service.d.ts +2 -2
- package/dist/lib/threat-intel-service.d.ts.map +1 -1
- package/dist/lib/threat-intel-service.js +3 -7
- package/dist/lib/threat-intel-service.js.map +1 -1
- package/dist/lib/types/media-reconciliation.js +1 -2
- package/dist/lib/types/media-reconciliation.js.map +1 -1
- package/dist/lib/upload-session-handler.d.ts +1 -1
- package/dist/lib/upload-session-handler.d.ts.map +1 -1
- package/dist/lib/upload-session-handler.js +13 -50
- package/dist/lib/upload-session-handler.js.map +1 -1
- package/dist/lib/user/derive-handle.d.ts +22 -0
- package/dist/lib/user/derive-handle.d.ts.map +1 -1
- package/dist/lib/user/derive-handle.js +18 -6
- package/dist/lib/user/derive-handle.js.map +1 -1
- package/dist/lib/user-badge.js +6 -14
- package/dist/lib/user-badge.js.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
- package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.js +16 -53
- package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
- package/dist/lib/user-deprovisioning.d.ts +1 -1
- package/dist/lib/user-deprovisioning.d.ts.map +1 -1
- package/dist/lib/user-deprovisioning.js +16 -20
- package/dist/lib/user-deprovisioning.js.map +1 -1
- package/dist/lib/user-export-handler.d.ts +4 -4
- package/dist/lib/user-export-handler.d.ts.map +1 -1
- package/dist/lib/user-export-handler.js +11 -15
- package/dist/lib/user-export-handler.js.map +1 -1
- package/dist/lib/validate-request.js +8 -13
- package/dist/lib/validate-request.js.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
- package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.js +50 -59
- package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
- package/dist/lib/validation/validate-request.d.ts.map +1 -1
- package/dist/lib/validation/validate-request.js +12 -23
- package/dist/lib/validation/validate-request.js.map +1 -1
- package/dist/lib/validation.js +1 -5
- package/dist/lib/validation.js.map +1 -1
- package/dist/lib/version.js +3 -8
- package/dist/lib/version.js.map +1 -1
- package/dist/server.d.ts +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +29 -69
- package/dist/server.js.map +1 -1
- package/dist/types/cloudflare-compat.d.ts +3 -93
- package/dist/types/cloudflare-compat.d.ts.map +1 -1
- package/dist/types/cloudflare-compat.js +1 -2
- package/dist/types/cloudflare-compat.js.map +1 -1
- package/dist/worker.d.ts +6 -6
- package/dist/worker.d.ts.map +1 -1
- package/dist/worker.js +6 -13
- package/dist/worker.js.map +1 -1
- package/package.json +28 -15
- package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
- package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
- package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
- package/prisma/migrations/20260606000000_handle_canonical_identity/migration.sql +18 -0
- package/prisma/schema.prisma +426 -68
- package/src/lambda/cleanup-cron.ts +10 -7
- package/src/lambda/create-auth-challenge.ts +6 -3
- package/src/lambda/delete-account-worker.ts +17 -12
- package/src/lambda/diagnostics-proxy.ts +9 -6
- package/src/lambda/e2e-sweeper.ts +17 -23
- package/src/lambda/federation-outbox-worker.ts +4 -1
- package/src/lambda/followers-events-worker.ts +4 -1
- package/src/lambda/hourly-cron.ts +112 -20
- package/src/lambda/link-check-worker.ts +4 -1
- package/src/lambda/maintenance-cron.ts +24 -13
- package/src/lambda/media-processing-worker.ts +5 -2
- package/src/lambda/media-reconciliation-worker.ts +4 -1
- package/src/lambda/nightly-cron.ts +53 -54
- package/src/lambda/post-confirmation.ts +262 -76
- package/src/lambda/pre-token-generation.ts +39 -44
- package/src/lambda/verify-auth-challenge.ts +4 -1
- package/dist/lib/audit/emit.d.ts +0 -56
- package/dist/lib/audit/emit.d.ts.map +0 -1
- package/dist/lib/audit/emit.js +0 -124
- package/dist/lib/audit/emit.js.map +0 -1
- package/dist/lib/audit/event-types.d.ts +0 -36
- package/dist/lib/audit/event-types.d.ts.map +0 -1
- package/dist/lib/audit/event-types.js +0 -69
- package/dist/lib/audit/event-types.js.map +0 -1
- package/dist/lib/audit-logger.d.ts +0 -142
- package/dist/lib/audit-logger.d.ts.map +0 -1
- package/dist/lib/audit-logger.js +0 -326
- package/dist/lib/audit-logger.js.map +0 -1
- package/dist/lib/circuit-breaker.d.ts +0 -27
- package/dist/lib/circuit-breaker.d.ts.map +0 -1
- package/dist/lib/circuit-breaker.js +0 -63
- package/dist/lib/circuit-breaker.js.map +0 -1
- package/dist/lib/graph/dual-write-service.d.ts +0 -116
- package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
- package/dist/lib/graph/dual-write-service.js +0 -332
- package/dist/lib/graph/dual-write-service.js.map +0 -1
- package/dist/lib/graph/dual-write.d.ts +0 -396
- package/dist/lib/graph/dual-write.d.ts.map +0 -1
- package/dist/lib/graph/dual-write.js +0 -53
- package/dist/lib/graph/dual-write.js.map +0 -1
- package/dist/lib/graph/graph-schema-init.d.ts +0 -31
- package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
- package/dist/lib/graph/graph-schema-init.js +0 -105
- package/dist/lib/graph/graph-schema-init.js.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
- package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.js +0 -1625
- package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
- package/dist/lib/graph/reconciliation-service.d.ts +0 -113
- package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
- package/dist/lib/graph/reconciliation-service.js +0 -533
- package/dist/lib/graph/reconciliation-service.js.map +0 -1
- package/dist/lib/id-generator.d.ts +0 -29
- package/dist/lib/id-generator.d.ts.map +0 -1
- package/dist/lib/id-generator.js +0 -51
- package/dist/lib/id-generator.js.map +0 -1
- package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
- package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
- package/dist/lib/kv/dynamodb-kv.js +0 -239
- package/dist/lib/kv/dynamodb-kv.js.map +0 -1
- package/dist/lib/queue/sqs-queue.d.ts +0 -16
- package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
- package/dist/lib/queue/sqs-queue.js +0 -39
- package/dist/lib/queue/sqs-queue.js.map +0 -1
- package/dist/lib/route-matcher.d.ts +0 -24
- package/dist/lib/route-matcher.d.ts.map +0 -1
- package/dist/lib/route-matcher.js +0 -96
- package/dist/lib/route-matcher.js.map +0 -1
- package/dist/lib/router.d.ts +0 -26
- package/dist/lib/router.d.ts.map +0 -1
- package/dist/lib/router.js +0 -90
- package/dist/lib/router.js.map +0 -1
- package/dist/lib/routes-all.d.ts +0 -9
- package/dist/lib/routes-all.d.ts.map +0 -1
- package/dist/lib/routes-all.js +0 -170
- package/dist/lib/routes-all.js.map +0 -1
- package/dist/lib/secret-resolver.d.ts +0 -88
- package/dist/lib/secret-resolver.d.ts.map +0 -1
- package/dist/lib/secret-resolver.js +0 -183
- package/dist/lib/secret-resolver.js.map +0 -1
- package/dist/lib/session-manager.d.ts.map +0 -1
- package/dist/lib/session-manager.js +0 -492
- package/dist/lib/session-manager.js.map +0 -1
- package/dist/lib/storage/s3-storage.d.ts +0 -29
- package/dist/lib/storage/s3-storage.d.ts.map +0 -1
- package/dist/lib/storage/s3-storage.js +0 -135
- package/dist/lib/storage/s3-storage.js.map +0 -1
- package/dist/lib/tenant-context.d.ts +0 -35
- package/dist/lib/tenant-context.d.ts.map +0 -1
- package/dist/lib/tenant-context.js +0 -54
- package/dist/lib/tenant-context.js.map +0 -1
|
@@ -1,14 +1,9 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* Privacy Defaults
|
|
4
3
|
*
|
|
5
4
|
* Age-tier-aware privacy defaults and enforcement for child safety.
|
|
6
5
|
* Locked fields cannot be overridden by the user or guardian to a less restrictive value.
|
|
7
6
|
*/
|
|
8
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
-
exports.getPrivacyDefaults = getPrivacyDefaults;
|
|
10
|
-
exports.applyPrivacyLocks = applyPrivacyLocks;
|
|
11
|
-
exports.isFieldLocked = isFieldLocked;
|
|
12
7
|
/**
|
|
13
8
|
* Fields that are locked (enforced) per age tier — cannot be overridden to less restrictive values.
|
|
14
9
|
*/
|
|
@@ -60,14 +55,14 @@ const DEFAULTS = {
|
|
|
60
55
|
/**
|
|
61
56
|
* Get the privacy defaults for a given age tier.
|
|
62
57
|
*/
|
|
63
|
-
function getPrivacyDefaults(ageTier) {
|
|
58
|
+
export function getPrivacyDefaults(ageTier) {
|
|
64
59
|
return { ...DEFAULTS[ageTier] };
|
|
65
60
|
}
|
|
66
61
|
/**
|
|
67
62
|
* Apply privacy locks for a given age tier.
|
|
68
63
|
* Locked fields are overridden with the default value; unlocked fields pass through unchanged.
|
|
69
64
|
*/
|
|
70
|
-
function applyPrivacyLocks(settings, ageTier) {
|
|
65
|
+
export function applyPrivacyLocks(settings, ageTier) {
|
|
71
66
|
const defaults = DEFAULTS[ageTier];
|
|
72
67
|
const locked = LOCKED_FIELDS[ageTier];
|
|
73
68
|
const result = { ...settings };
|
|
@@ -79,7 +74,7 @@ function applyPrivacyLocks(settings, ageTier) {
|
|
|
79
74
|
/**
|
|
80
75
|
* Returns true if the given field is locked (enforced) for the given age tier.
|
|
81
76
|
*/
|
|
82
|
-
function isFieldLocked(field, ageTier) {
|
|
77
|
+
export function isFieldLocked(field, ageTier) {
|
|
83
78
|
return LOCKED_FIELDS[ageTier][field] === true;
|
|
84
79
|
}
|
|
85
80
|
//# sourceMappingURL=privacy-defaults.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"privacy-defaults.js","sourceRoot":"","sources":["../../src/lib/privacy-defaults.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"privacy-defaults.js","sourceRoot":"","sources":["../../src/lib/privacy-defaults.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAgBH;;GAEG;AACH,MAAM,aAAa,GAAkE;IACnF,KAAK,EAAE;QACL,uBAAuB,EAAE,IAAI;QAC7B,0BAA0B,EAAE,IAAI;QAChC,eAAe,EAAE,IAAI;QACrB,QAAQ,EAAE,IAAI;KACf;IACD,IAAI,EAAE,EAAE;IACR,KAAK,EAAE,EAAE;CACV,CAAC;AAEF,MAAM,QAAQ,GAAqC;IACjD,KAAK,EAAE;QACL,WAAW,EAAE,IAAI;QACjB,gBAAgB,EAAE,KAAK;QACvB,mBAAmB,EAAE,KAAK;QAC1B,YAAY,EAAE,KAAK;QACnB,uBAAuB,EAAE,KAAK;QAC9B,0BAA0B,EAAE,CAAC;QAC7B,eAAe,EAAE,IAAI;QACrB,iBAAiB,EAAE,SAAS;QAC5B,QAAQ,EAAE,QAAQ;KACnB;IACD,IAAI,EAAE;QACJ,WAAW,EAAE,KAAK;QAClB,gBAAgB,EAAE,KAAK;QACvB,mBAAmB,EAAE,IAAI;QACzB,YAAY,EAAE,KAAK;QACnB,uBAAuB,EAAE,KAAK;QAC9B,0BAA0B,EAAE,CAAC;QAC7B,eAAe,EAAE,IAAI;QACrB,iBAAiB,EAAE,aAAa;QAChC,QAAQ,EAAE,aAAa;KACxB;IACD,KAAK,EAAE;QACL,WAAW,EAAE,KAAK;QAClB,gBAAgB,EAAE,IAAI;QACtB,mBAAmB,EAAE,IAAI;QACzB,YAAY,EAAE,IAAI;QAClB,uBAAuB,EAAE,KAAK;QAC9B,0BAA0B,EAAE,CAAC;QAC7B,eAAe,EAAE,KAAK;QACtB,iBAAiB,EAAE,QAAQ;QAC3B,QAAQ,EAAE,aAAa;KACxB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAgB;IACjD,OAAO,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAyB,EAAE,OAAgB;IAC3E,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;IAE/B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAA8B,EAAE,CAAC;QACpE,MAAc,CAAC,KAAK,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAA4B,EAAE,OAAgB;IAC1E,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC;AAChD,CAAC"}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
import type { KVNamespace } from "../types/cloudflare-compat";
|
|
1
|
+
import type { KVNamespace } from "../types/cloudflare-compat.js";
|
|
2
2
|
/**
|
|
3
3
|
* Privacy Handler class for managing user privacy preferences
|
|
4
4
|
*
|
|
5
5
|
* This handler manages GDPR-compliant privacy preferences.
|
|
6
6
|
* Currently uses KV for storage, but can be extended to use Salesforce Individual object.
|
|
7
7
|
*/
|
|
8
|
-
import { Session } from "./session-
|
|
8
|
+
import { Session } from "./session-cookie.js";
|
|
9
9
|
export interface PrivacyPreferences {
|
|
10
10
|
hasOptedOutTracking: boolean;
|
|
11
11
|
hasOptedOutProcessing: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"privacy-handler.d.ts","sourceRoot":"","sources":["../../src/lib/privacy-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAA6B,MAAM,
|
|
1
|
+
{"version":3,"file":"privacy-handler.d.ts","sourceRoot":"","sources":["../../src/lib/privacy-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAA6B,MAAM,+BAA+B,CAAC;AAC5F;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAG9C,MAAM,WAAW,kBAAkB;IACjC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,CAAC;IACnD,cAAc,EAAE,QAAQ,GAAG,cAAc,GAAG,SAAS,CAAC;CACvD;AAED,MAAM,WAAW,GAAG;IAClB,sBAAsB,CAAC,EAAE,WAAW,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAE/B;AAED,qBAAa,cAAc;IACzB;;OAEG;IACG,cAAc,CAClB,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAsBrC;;OAEG;IACG,iBAAiB,CACrB,OAAO,EAAE,OAAO,EAChB,WAAW,EAAE,kBAAkB,EAC/B,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,IAAI,CAAC;IAyBhB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmC3B;;OAEG;IACG,oBAAoB,CACxB,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,QAAQ,CAAC;IA+BpB;;OAEG;IACG,uBAAuB,CAC3B,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,QAAQ,CAAC;CA4BrB"}
|
|
@@ -1,8 +1,5 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
exports.PrivacyHandler = void 0;
|
|
4
|
-
const logger_1 = require("./logger");
|
|
5
|
-
class PrivacyHandler {
|
|
1
|
+
import { getLogger } from "./logger.js";
|
|
2
|
+
export class PrivacyHandler {
|
|
6
3
|
/**
|
|
7
4
|
* Get privacy preferences for a user
|
|
8
5
|
*/
|
|
@@ -20,7 +17,7 @@ class PrivacyHandler {
|
|
|
20
17
|
return null;
|
|
21
18
|
}
|
|
22
19
|
catch (error) {
|
|
23
|
-
|
|
20
|
+
getLogger().error("Error getting privacy preferences:", error);
|
|
24
21
|
return null;
|
|
25
22
|
}
|
|
26
23
|
}
|
|
@@ -43,7 +40,7 @@ class PrivacyHandler {
|
|
|
43
40
|
// functions from the GDPR documentation
|
|
44
41
|
}
|
|
45
42
|
catch (error) {
|
|
46
|
-
|
|
43
|
+
getLogger().error("Error updating privacy preferences:", error);
|
|
47
44
|
throw error;
|
|
48
45
|
}
|
|
49
46
|
}
|
|
@@ -89,7 +86,7 @@ class PrivacyHandler {
|
|
|
89
86
|
});
|
|
90
87
|
}
|
|
91
88
|
catch (error) {
|
|
92
|
-
|
|
89
|
+
getLogger().error("Error handling get preferences:", error);
|
|
93
90
|
return new Response(JSON.stringify({ error: "Failed to get privacy preferences" }), {
|
|
94
91
|
status: 500,
|
|
95
92
|
headers: { "content-type": "application/json" },
|
|
@@ -110,7 +107,7 @@ class PrivacyHandler {
|
|
|
110
107
|
});
|
|
111
108
|
}
|
|
112
109
|
catch (error) {
|
|
113
|
-
|
|
110
|
+
getLogger().error("Error handling update preferences:", error);
|
|
114
111
|
return new Response(JSON.stringify({
|
|
115
112
|
error: error.message || "Failed to update privacy preferences",
|
|
116
113
|
}), {
|
|
@@ -120,5 +117,4 @@ class PrivacyHandler {
|
|
|
120
117
|
}
|
|
121
118
|
}
|
|
122
119
|
}
|
|
123
|
-
exports.PrivacyHandler = PrivacyHandler;
|
|
124
120
|
//# sourceMappingURL=privacy-handler.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"privacy-handler.js","sourceRoot":"","sources":["../../src/lib/privacy-handler.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"privacy-handler.js","sourceRoot":"","sources":["../../src/lib/privacy-handler.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,SAAS,EAA0B,MAAM,aAAa,CAAC;AAiBhE,MAAM,OAAO,cAAc;IACzB;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,OAAgB,EAChB,GAAQ;QAER,IAAI,CAAC;YACH,kCAAkC;YAClC,IAAI,GAAG,CAAC,sBAAsB,EAAE,CAAC;gBAC/B,MAAM,GAAG,GAAG,WAAW,OAAO,CAAC,MAAM,EAAE,CAAC;gBACxC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;gBACjE,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,MAA4B,CAAC;gBACtC,CAAC;YACH,CAAC;YAED,mEAAmE;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,EAAE,CAAC,KAAK,CACf,oCAAoC,EACpC,KAAK,CACN,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CACrB,OAAgB,EAChB,WAA+B,EAC/B,GAAQ;QAER,IAAI,CAAC;YACH,uBAAuB;YACvB,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YACjD,CAAC;YAED,2BAA2B;YAC3B,IAAI,GAAG,CAAC,sBAAsB,EAAE,CAAC;gBAC/B,MAAM,GAAG,GAAG,WAAW,OAAO,CAAC,MAAM,EAAE,CAAC;gBACxC,MAAM,GAAG,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;YACzE,CAAC;YAED,qEAAqE;YACrE,8EAA8E;YAC9E,wCAAwC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,EAAE,CAAC,KAAK,CACf,qCAAqC,EACrC,KAAK,CACN,CAAC;YACF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB,CACzB,WAAgB;QAEhB,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,wBAAwB;QACxB,IACE,OAAO,WAAW,CAAC,mBAAmB,KAAK,SAAS;YACpD,OAAO,WAAW,CAAC,qBAAqB,KAAK,SAAS;YACtD,OAAO,WAAW,CAAC,gBAAgB,KAAK,SAAS,EACjD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,4BAA4B;QAC5B,IACE,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,cAAc,CAAC,EACxE,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,4BAA4B;QAC5B,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC,QAAQ,CAC7C,WAAW,CAAC,cAAc,CAC3B,EACD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CACxB,OAAgB,EAChB,OAAgB,EAChB,GAAQ;QAER,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAE5D,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,kEAAkE;gBAClE,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,EAClD;oBACE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CACF,CAAC;YACJ,CAAC;YAED,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE;gBAC/C,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,SAAS,EAAE,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;YAC5D,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,EAC9D;gBACE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB,CAC3B,OAAgB,EAChB,OAAgB,EAChB,GAAQ;QAER,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,WAAW,GAAG,IAA0B,CAAC;YAE/C,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;YAExD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE;gBACrD,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,SAAS,EAAE,CAAC,KAAK,CACf,oCAAoC,EACpC,KAAK,CACN,CAAC;YACF,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,KAAK,CAAC,OAAO,IAAI,sCAAsC;aAC/D,CAAC,EACF;gBACE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CACF,CAAC;QACJ,CAAC;IACH,CAAC;CAEF"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Research pseudonym derivation.
|
|
3
|
+
*
|
|
4
|
+
* Computes `User.anonymousId`, a KEYED pseudonym derived from the user's
|
|
5
|
+
* immutable primary key. See `PSEUDONYM.md` (same directory) for the full
|
|
6
|
+
* design, rotation protocol, and security caveats. Summary:
|
|
7
|
+
*
|
|
8
|
+
* anonymousId = base64( HMAC-SHA256( key, "trellis.user.pseudonym:" + userId ) )
|
|
9
|
+
*
|
|
10
|
+
* - DOMAIN SEPARATION: the constant prefix `trellis.user.pseudonym:` scopes
|
|
11
|
+
* the MAC so the same KMS key reused for another purpose can never collide
|
|
12
|
+
* with a user pseudonym.
|
|
13
|
+
* - INPUT is `user.id` (the immutable cuid PK) ONLY. We NEVER hash PII
|
|
14
|
+
* (email / cognitoSub / handle) — those are mutable and dictionary-
|
|
15
|
+
* reversible.
|
|
16
|
+
* - KEY is a KMS HMAC key (HMAC_SHA_256). The key lives in a FIPS HSM and
|
|
17
|
+
* never leaves KMS; we call `GenerateMac` so plaintext key material is
|
|
18
|
+
* never in this process. SSM SecureString is only a documented fallback
|
|
19
|
+
* (see PSEUDONYM.md) — we do NOT default to it here.
|
|
20
|
+
* - FAIL-SAFE: if no KMS HMAC key id is configured, this THROWS. Callers
|
|
21
|
+
* that populate anonymousId opportunistically (e.g. account creation)
|
|
22
|
+
* should catch + skip population rather than fall back to an unkeyed hash.
|
|
23
|
+
* An unkeyed SHA-256 of the PK would be trivially recomputable by anyone
|
|
24
|
+
* with the (public-ish) cuid, defeating pseudonymisation.
|
|
25
|
+
*/
|
|
26
|
+
/** Domain-separation prefix. Changing this re-keys every pseudonym. */
|
|
27
|
+
export declare const PSEUDONYM_DOMAIN = "trellis.user.pseudonym:";
|
|
28
|
+
/** Minimal env shape this helper needs. */
|
|
29
|
+
export interface PseudonymEnv {
|
|
30
|
+
PSEUDONYM_HMAC_KMS_KEY_ID?: string;
|
|
31
|
+
AWS_REGION?: string;
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Injectable MAC computer. Defaults to the AWS-SDK-backed implementation
|
|
35
|
+
* (dynamic import so the API bundle has no hard `@aws-sdk/client-kms` dep —
|
|
36
|
+
* same pattern as `oauth/envelope-crypto.ts`). Tests override via
|
|
37
|
+
* `setMacComputer`.
|
|
38
|
+
*
|
|
39
|
+
* @returns the raw MAC bytes for `message` under KMS key `kmsKeyId`.
|
|
40
|
+
*/
|
|
41
|
+
export type MacComputer = (kmsKeyId: string, region: string, message: Uint8Array) => Promise<Uint8Array>;
|
|
42
|
+
/** Wire a custom MAC computer (production override / tests). */
|
|
43
|
+
export declare function setMacComputer(fn: MacComputer): void;
|
|
44
|
+
/** Reset to the default AWS-SDK-backed computer (test-only). */
|
|
45
|
+
export declare function _resetMacComputerForTest(): void;
|
|
46
|
+
/**
|
|
47
|
+
* Compute the keyed pseudonym for a user.
|
|
48
|
+
*
|
|
49
|
+
* @param userId the immutable `User.id` (cuid) PK. NEVER pass PII.
|
|
50
|
+
* @param env resolves the KMS HMAC key id + region.
|
|
51
|
+
* @returns base64 of the HMAC-SHA256 MAC.
|
|
52
|
+
* @throws if no KMS HMAC key id is configured (fail-safe; do not fall back to
|
|
53
|
+
* an unkeyed hash).
|
|
54
|
+
*/
|
|
55
|
+
export declare function computeAnonymousId(userId: string, env: PseudonymEnv): Promise<string>;
|
|
56
|
+
//# sourceMappingURL=pseudonym.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pseudonym.d.ts","sourceRoot":"","sources":["../../src/lib/pseudonym.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,uEAAuE;AACvE,eAAO,MAAM,gBAAgB,4BAA4B,CAAC;AAE1D,2CAA2C;AAC3C,MAAM,WAAW,YAAY;IAC3B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,WAAW,GAAG,CACxB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,UAAU,KAChB,OAAO,CAAC,UAAU,CAAC,CAAC;AAmBzB,gEAAgE;AAChE,wBAAgB,cAAc,CAAC,EAAE,EAAE,WAAW,GAAG,IAAI,CAEpD;AAED,gEAAgE;AAChE,wBAAgB,wBAAwB,IAAI,IAAI,CAc/C;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,YAAY,GAChB,OAAO,CAAC,MAAM,CAAC,CAgBjB"}
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Research pseudonym derivation.
|
|
3
|
+
*
|
|
4
|
+
* Computes `User.anonymousId`, a KEYED pseudonym derived from the user's
|
|
5
|
+
* immutable primary key. See `PSEUDONYM.md` (same directory) for the full
|
|
6
|
+
* design, rotation protocol, and security caveats. Summary:
|
|
7
|
+
*
|
|
8
|
+
* anonymousId = base64( HMAC-SHA256( key, "trellis.user.pseudonym:" + userId ) )
|
|
9
|
+
*
|
|
10
|
+
* - DOMAIN SEPARATION: the constant prefix `trellis.user.pseudonym:` scopes
|
|
11
|
+
* the MAC so the same KMS key reused for another purpose can never collide
|
|
12
|
+
* with a user pseudonym.
|
|
13
|
+
* - INPUT is `user.id` (the immutable cuid PK) ONLY. We NEVER hash PII
|
|
14
|
+
* (email / cognitoSub / handle) — those are mutable and dictionary-
|
|
15
|
+
* reversible.
|
|
16
|
+
* - KEY is a KMS HMAC key (HMAC_SHA_256). The key lives in a FIPS HSM and
|
|
17
|
+
* never leaves KMS; we call `GenerateMac` so plaintext key material is
|
|
18
|
+
* never in this process. SSM SecureString is only a documented fallback
|
|
19
|
+
* (see PSEUDONYM.md) — we do NOT default to it here.
|
|
20
|
+
* - FAIL-SAFE: if no KMS HMAC key id is configured, this THROWS. Callers
|
|
21
|
+
* that populate anonymousId opportunistically (e.g. account creation)
|
|
22
|
+
* should catch + skip population rather than fall back to an unkeyed hash.
|
|
23
|
+
* An unkeyed SHA-256 of the PK would be trivially recomputable by anyone
|
|
24
|
+
* with the (public-ish) cuid, defeating pseudonymisation.
|
|
25
|
+
*/
|
|
26
|
+
/** Domain-separation prefix. Changing this re-keys every pseudonym. */
|
|
27
|
+
export const PSEUDONYM_DOMAIN = "trellis.user.pseudonym:";
|
|
28
|
+
let macComputer = async (kmsKeyId, region, message) => {
|
|
29
|
+
// Dynamic import: only loaded when a KMS key is actually configured.
|
|
30
|
+
const { KMSClient, GenerateMacCommand } = await import("@aws-sdk/client-kms");
|
|
31
|
+
const client = new KMSClient({ region });
|
|
32
|
+
const out = await client.send(new GenerateMacCommand({
|
|
33
|
+
KeyId: kmsKeyId,
|
|
34
|
+
MacAlgorithm: "HMAC_SHA_256",
|
|
35
|
+
Message: message,
|
|
36
|
+
}));
|
|
37
|
+
if (!out.Mac) {
|
|
38
|
+
throw new Error("KMS GenerateMac returned no MAC");
|
|
39
|
+
}
|
|
40
|
+
return out.Mac;
|
|
41
|
+
};
|
|
42
|
+
/** Wire a custom MAC computer (production override / tests). */
|
|
43
|
+
export function setMacComputer(fn) {
|
|
44
|
+
macComputer = fn;
|
|
45
|
+
}
|
|
46
|
+
/** Reset to the default AWS-SDK-backed computer (test-only). */
|
|
47
|
+
export function _resetMacComputerForTest() {
|
|
48
|
+
macComputer = async (kmsKeyId, region, message) => {
|
|
49
|
+
const { KMSClient, GenerateMacCommand } = await import("@aws-sdk/client-kms");
|
|
50
|
+
const client = new KMSClient({ region });
|
|
51
|
+
const out = await client.send(new GenerateMacCommand({
|
|
52
|
+
KeyId: kmsKeyId,
|
|
53
|
+
MacAlgorithm: "HMAC_SHA_256",
|
|
54
|
+
Message: message,
|
|
55
|
+
}));
|
|
56
|
+
if (!out.Mac)
|
|
57
|
+
throw new Error("KMS GenerateMac returned no MAC");
|
|
58
|
+
return out.Mac;
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Compute the keyed pseudonym for a user.
|
|
63
|
+
*
|
|
64
|
+
* @param userId the immutable `User.id` (cuid) PK. NEVER pass PII.
|
|
65
|
+
* @param env resolves the KMS HMAC key id + region.
|
|
66
|
+
* @returns base64 of the HMAC-SHA256 MAC.
|
|
67
|
+
* @throws if no KMS HMAC key id is configured (fail-safe; do not fall back to
|
|
68
|
+
* an unkeyed hash).
|
|
69
|
+
*/
|
|
70
|
+
export async function computeAnonymousId(userId, env) {
|
|
71
|
+
if (!userId || typeof userId !== "string") {
|
|
72
|
+
throw new Error("computeAnonymousId: userId must be a non-empty string");
|
|
73
|
+
}
|
|
74
|
+
const kmsKeyId = env.PSEUDONYM_HMAC_KMS_KEY_ID;
|
|
75
|
+
if (!kmsKeyId) {
|
|
76
|
+
// Fail-safe: never derive an unkeyed pseudonym.
|
|
77
|
+
throw new Error("PSEUDONYM_HMAC_KMS_KEY_ID not configured: cannot derive a keyed " +
|
|
78
|
+
"anonymousId. Refusing to fall back to an unkeyed hash.");
|
|
79
|
+
}
|
|
80
|
+
const region = env.AWS_REGION || process.env.AWS_REGION || "us-east-1";
|
|
81
|
+
const message = new TextEncoder().encode(PSEUDONYM_DOMAIN + userId);
|
|
82
|
+
const mac = await macComputer(kmsKeyId, region, message);
|
|
83
|
+
return Buffer.from(mac).toString("base64");
|
|
84
|
+
}
|
|
85
|
+
//# sourceMappingURL=pseudonym.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pseudonym.js","sourceRoot":"","sources":["../../src/lib/pseudonym.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,uEAAuE;AACvE,MAAM,CAAC,MAAM,gBAAgB,GAAG,yBAAyB,CAAC;AAsB1D,IAAI,WAAW,GAAgB,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE;IACjE,qEAAqE;IACrE,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC9E,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,CAC3B,IAAI,kBAAkB,CAAC;QACrB,KAAK,EAAE,QAAQ;QACf,YAAY,EAAE,cAAc;QAC5B,OAAO,EAAE,OAAO;KACjB,CAAC,CACH,CAAC;IACF,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,GAAG,CAAC,GAAG,CAAC;AACjB,CAAC,CAAC;AAEF,gEAAgE;AAChE,MAAM,UAAU,cAAc,CAAC,EAAe;IAC5C,WAAW,GAAG,EAAE,CAAC;AACnB,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,wBAAwB;IACtC,WAAW,GAAG,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE;QAChD,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,CAC3B,IAAI,kBAAkB,CAAC;YACrB,KAAK,EAAE,QAAQ;YACf,YAAY,EAAE,cAAc;YAC5B,OAAO,EAAE,OAAO;SACjB,CAAC,CACH,CAAC;QACF,IAAI,CAAC,GAAG,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACjE,OAAO,GAAG,CAAC,GAAG,CAAC;IACjB,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAAc,EACd,GAAiB;IAEjB,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,CAAC,yBAAyB,CAAC;IAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,gDAAgD;QAChD,MAAM,IAAI,KAAK,CACb,kEAAkE;YAChE,wDAAwD,CAC3D,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IACvE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,GAAG,MAAM,CAAC,CAAC;IACpE,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACzD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC7C,CAAC"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Processes media reconciliation messages from the queue
|
|
5
5
|
*/
|
|
6
|
-
import type { MessageBatch } from "../../types/cloudflare-compat";
|
|
7
|
-
import type { MediaReconciliationMessage } from "../types/media-reconciliation";
|
|
6
|
+
import type { MessageBatch } from "../../types/cloudflare-compat.js";
|
|
7
|
+
import type { MediaReconciliationMessage } from "../types/media-reconciliation.js";
|
|
8
8
|
export declare function handleMediaReconciliation(batch: MessageBatch<MediaReconciliationMessage>, env: any): Promise<void>;
|
|
9
9
|
//# sourceMappingURL=media-reconciliation-consumer.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"media-reconciliation-consumer.d.ts","sourceRoot":"","sources":["../../../src/lib/queue-consumers/media-reconciliation-consumer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM
|
|
1
|
+
{"version":3,"file":"media-reconciliation-consumer.d.ts","sourceRoot":"","sources":["../../../src/lib/queue-consumers/media-reconciliation-consumer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAGrE,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAEnF,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,YAAY,CAAC,0BAA0B,CAAC,EAC/C,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,IAAI,CAAC,CA8Bf"}
|
|
@@ -1,19 +1,16 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* Media Reconciliation Queue Consumer
|
|
4
3
|
*
|
|
5
4
|
* Processes media reconciliation messages from the queue
|
|
6
5
|
*/
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
const
|
|
11
|
-
async function handleMediaReconciliation(batch, env) {
|
|
12
|
-
const logger = logger_1.Logger.getInstance(env);
|
|
6
|
+
import { getLogger } from "../logger.js";
|
|
7
|
+
import { MediaReconciliationService } from "../services/media-reconciliation-service.js";
|
|
8
|
+
export async function handleMediaReconciliation(batch, env) {
|
|
9
|
+
const logger = getLogger();
|
|
13
10
|
logger.info("[MediaReconciliationConsumer] Processing batch", {
|
|
14
11
|
batchSize: batch.messages.length,
|
|
15
12
|
});
|
|
16
|
-
const service = new
|
|
13
|
+
const service = new MediaReconciliationService(env);
|
|
17
14
|
try {
|
|
18
15
|
// Process all messages in batch
|
|
19
16
|
const messages = batch.messages.map((m) => m.body);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"media-reconciliation-consumer.js","sourceRoot":"","sources":["../../../src/lib/queue-consumers/media-reconciliation-consumer.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"media-reconciliation-consumer.js","sourceRoot":"","sources":["../../../src/lib/queue-consumers/media-reconciliation-consumer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,SAAS,EAAU,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAGzF,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,KAA+C,EAC/C,GAAQ;IAER,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,MAAM,CAAC,IAAI,CAAC,gDAAgD,EAAE;QAC5D,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAC,MAAM;KACjC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,0BAA0B,CAAC,GAAG,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,gCAAgC;QAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAEvC,mBAAmB;QACnB,KAAK,CAAC,MAAM,EAAE,CAAC;QAEf,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;YAC3D,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAC,MAAM;SACjC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CAAC,4CAA4C,EAAE;YACzD,KAAK,EAAE,KAAK,CAAC,OAAO;YACpB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAC,MAAM;SACjC,CAAC,CAAC;QAEH,wDAAwD;QACxD,KAAK,CAAC,QAAQ,EAAE,CAAC;IACnB,CAAC;AACH,CAAC"}
|
package/dist/lib/quiet-hours.js
CHANGED
|
@@ -1,13 +1,9 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* Quiet Hours Module
|
|
4
3
|
*
|
|
5
4
|
* Determines whether the current time falls within a user's quiet hours window.
|
|
6
5
|
* Provides age-tier-based defaults for quiet hours configuration.
|
|
7
6
|
*/
|
|
8
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
-
exports.isInQuietHours = isInQuietHours;
|
|
10
|
-
exports.getDefaultQuietHours = getDefaultQuietHours;
|
|
11
7
|
/**
|
|
12
8
|
* Returns true if nowMinutes falls within the quiet hours window.
|
|
13
9
|
*
|
|
@@ -15,7 +11,7 @@ exports.getDefaultQuietHours = getDefaultQuietHours;
|
|
|
15
11
|
* quiet hours are active when nowMinutes >= start OR nowMinutes < end.
|
|
16
12
|
* Normal range (start < end): active when start <= nowMinutes < end.
|
|
17
13
|
*/
|
|
18
|
-
function isInQuietHours(user, nowMinutes) {
|
|
14
|
+
export function isInQuietHours(user, nowMinutes) {
|
|
19
15
|
if (!user.quietHoursEnabled) {
|
|
20
16
|
return false;
|
|
21
17
|
}
|
|
@@ -38,7 +34,7 @@ function isInQuietHours(user, nowMinutes) {
|
|
|
38
34
|
* TEEN: 22:00-07:00, enabled by default
|
|
39
35
|
* ADULT: 23:00-06:00, disabled by default
|
|
40
36
|
*/
|
|
41
|
-
function getDefaultQuietHours(ageTier) {
|
|
37
|
+
export function getDefaultQuietHours(ageTier) {
|
|
42
38
|
switch (ageTier) {
|
|
43
39
|
case "CHILD":
|
|
44
40
|
return { start: 1200, end: 420, enabled: true };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"quiet-hours.js","sourceRoot":"","sources":["../../src/lib/quiet-hours.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"quiet-hours.js","sourceRoot":"","sources":["../../src/lib/quiet-hours.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAC5B,IAAsB,EACtB,UAAkB;IAElB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,IAAI,CAAC,eAAe,KAAK,IAAI,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;QACjE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC;IAE/B,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;QAChB,0DAA0D;QAC1D,OAAO,UAAU,IAAI,KAAK,IAAI,UAAU,GAAG,GAAG,CAAC;IACjD,CAAC;IAED,iDAAiD;IACjD,OAAO,UAAU,IAAI,KAAK,IAAI,UAAU,GAAG,GAAG,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IAKnD,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,OAAO;YACV,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAClD,KAAK,MAAM;YACT,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAClD,KAAK,OAAO;YACV,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACrD,CAAC;AACH,CAAC"}
|
package/dist/lib/rate-limit.d.ts
CHANGED
|
@@ -1,93 +1,104 @@
|
|
|
1
|
-
import type { KVNamespace } from "../types/cloudflare-compat";
|
|
1
|
+
import type { KVNamespace } from "../types/cloudflare-compat.js";
|
|
2
|
+
import { type LoggerEnv } from "./logger.js";
|
|
2
3
|
/**
|
|
3
|
-
*
|
|
4
|
+
* Environment for the async (KV/Dynamo) path.
|
|
4
5
|
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
* -
|
|
9
|
-
* - Not shared across worker instances (DDoS vulnerability)
|
|
10
|
-
* - Memory leak potential with no cleanup
|
|
11
|
-
*
|
|
12
|
-
* For production, migrate to:
|
|
13
|
-
* - Cloudflare KV (recommended for distributed rate limiting)
|
|
14
|
-
* - Durable Objects (for strict per-key rate limiting)
|
|
6
|
+
* `RATE_LIMIT_KV` is retained for backward compatibility with call sites and
|
|
7
|
+
* other consumers (e.g. user-deletion-handler-enhanced) that still reference
|
|
8
|
+
* the binding directly; it is no longer used by this limiter. The new
|
|
9
|
+
* token-bucket store is selected from `RATE_LIMIT_TABLE` / `RATE_LIMIT_NAMESPACE`.
|
|
15
10
|
*/
|
|
16
|
-
import { type LoggerEnv } from "./logger";
|
|
17
11
|
interface RateLimitEnv {
|
|
18
12
|
RATE_LIMIT_KV?: KVNamespace;
|
|
13
|
+
/** DynamoDB table backing the token-bucket limiter. When absent, an in-memory limiter is used (dev/test). */
|
|
14
|
+
RATE_LIMIT_TABLE?: string;
|
|
15
|
+
/** Namespace prefix for token-bucket keys within the table. Defaults to "ratelimit". */
|
|
16
|
+
RATE_LIMIT_NAMESPACE?: string;
|
|
17
|
+
AWS_REGION?: string;
|
|
19
18
|
}
|
|
19
|
+
/** Test seam: reset the memoized module-level limiter between tests. */
|
|
20
|
+
export declare function __resetRateLimiterForTests(): void;
|
|
21
|
+
/**
|
|
22
|
+
* Build the canonical 429 Response. Shared by `RateLimiter` and
|
|
23
|
+
* `rateLimitMiddleware` so every rate-limited surface returns the same shape
|
|
24
|
+
* and headers (single source of truth after the limiter consolidation).
|
|
25
|
+
*/
|
|
26
|
+
export declare function buildRateLimitResponse(limit: number, retryAfter: number, resetAt: number): Response;
|
|
20
27
|
/**
|
|
21
|
-
* Rate Limiter class for managing rate limiting
|
|
28
|
+
* Rate Limiter class for managing rate limiting.
|
|
29
|
+
*
|
|
30
|
+
* Surface preserved for ~18 consumers: `checkRateLimit`, `applyRateLimit`,
|
|
31
|
+
* `checkRateLimitKV`, `applyRateLimitKV`, and the `getRateLimitKey`
|
|
32
|
+
* IP/user/email/endpoint composition.
|
|
22
33
|
*/
|
|
23
34
|
export declare class RateLimiter {
|
|
24
35
|
private rateLimitStore;
|
|
25
36
|
/**
|
|
26
|
-
* Get identifier for rate limiting
|
|
27
|
-
*
|
|
28
|
-
* PREPARATORY CHANGE: Enhanced to prefer user ID over IP address for better privacy.
|
|
29
|
-
* This makes future privacy-preserving rate limiting easier to implement.
|
|
37
|
+
* Get identifier for rate limiting.
|
|
30
38
|
*
|
|
31
39
|
* Priority order (most privacy-preserving first):
|
|
32
|
-
* 1. User ID (if provided)
|
|
40
|
+
* 1. User ID (if provided) — most privacy-preserving for authenticated users
|
|
33
41
|
* 2. Session ID (if authenticated)
|
|
34
42
|
* 3. Email (for email-based endpoints like magic links)
|
|
35
43
|
* 4. IP address (fallback for unauthenticated requests)
|
|
44
|
+
*
|
|
45
|
+
* NOTE: this composition is domain logic and is preserved verbatim from the
|
|
46
|
+
* fixed-window implementation. When no identity header is present the key
|
|
47
|
+
* collapses to "...:ip:unknown", which the foundation limiters treat via
|
|
48
|
+
* their `unknownKeyStrategy` ('shared-bucket' here).
|
|
36
49
|
*/
|
|
37
50
|
private getRateLimitKey;
|
|
38
51
|
/**
|
|
39
|
-
* Check rate limit (in-memory)
|
|
40
|
-
*
|
|
41
|
-
* PREPARATORY CHANGE: Added userId parameter for future privacy-preserving rate limiting.
|
|
52
|
+
* Check rate limit (synchronous, in-memory token bucket).
|
|
42
53
|
*
|
|
43
54
|
* @param request Request object
|
|
44
55
|
* @param endpoint Endpoint identifier (e.g., '/auth/authorize')
|
|
45
|
-
* @param limit Maximum requests
|
|
46
|
-
* @param windowSeconds Time window in seconds
|
|
56
|
+
* @param limit Maximum requests (token-bucket capacity)
|
|
57
|
+
* @param windowSeconds Time window in seconds (sets refillRate = limit/window)
|
|
47
58
|
* @param sessionId Optional session ID for authenticated users
|
|
48
59
|
* @param email Optional email for email-based endpoints
|
|
49
|
-
* @param userId Optional user ID (
|
|
60
|
+
* @param userId Optional user ID (preferred key)
|
|
50
61
|
* @returns Rate limit result
|
|
51
62
|
*/
|
|
52
63
|
checkRateLimit(request: Request, endpoint: string, limit: number, windowSeconds: number, sessionId?: string, email?: string, userId?: string): {
|
|
53
64
|
allowed: boolean;
|
|
54
65
|
remaining: number;
|
|
55
66
|
resetAt: number;
|
|
67
|
+
retryAfter?: number;
|
|
56
68
|
};
|
|
57
69
|
/**
|
|
58
|
-
* Apply rate limiting to a response (in-memory)
|
|
59
|
-
* Returns 429 if
|
|
60
|
-
*
|
|
61
|
-
* PREPARATORY CHANGE: Added userId parameter for future privacy-preserving rate limiting.
|
|
70
|
+
* Apply rate limiting to a response (synchronous, in-memory).
|
|
71
|
+
* Returns a 429 Response if the limit is exceeded, else null.
|
|
62
72
|
*/
|
|
63
73
|
applyRateLimit(request: Request, endpoint: string, limit: number, windowSeconds: number, sessionId?: string, email?: string, userId?: string): Response | null;
|
|
64
74
|
/**
|
|
65
|
-
* Check rate limit using
|
|
66
|
-
* Falls back to in-memory implementation if KV not available (dev mode)
|
|
75
|
+
* Check rate limit using the distributed token-bucket store (async).
|
|
67
76
|
*
|
|
68
|
-
*
|
|
69
|
-
*
|
|
70
|
-
*
|
|
71
|
-
* @param request Request object
|
|
72
|
-
* @param endpoint Endpoint identifier (e.g., '/auth/authorize')
|
|
73
|
-
* @param limit Maximum requests allowed
|
|
74
|
-
* @param windowSeconds Time window in seconds
|
|
75
|
-
* @param sessionId Optional session ID for authenticated users
|
|
76
|
-
* @param email Optional email for email-based endpoints
|
|
77
|
-
* @param userId Optional user ID (PREPARATORY: for future privacy-preserving rate limiting)
|
|
78
|
-
* @returns Rate limit result
|
|
77
|
+
* Selects a `DynamoTokenBucketLimiter` when `RATE_LIMIT_TABLE` is configured,
|
|
78
|
+
* otherwise a `MemoryTokenBucketLimiter` (dev/test). On limiter failure it
|
|
79
|
+
* falls back to the synchronous in-memory path (graceful degradation).
|
|
79
80
|
*/
|
|
80
81
|
checkRateLimitKV(env: RateLimitEnv, request: Request, endpoint: string, limit: number, windowSeconds: number, sessionId?: string, email?: string, userId?: string): Promise<{
|
|
81
82
|
allowed: boolean;
|
|
82
83
|
remaining: number;
|
|
83
84
|
resetAt: number;
|
|
85
|
+
retryAfter?: number;
|
|
84
86
|
}>;
|
|
85
87
|
/**
|
|
86
|
-
*
|
|
87
|
-
*
|
|
88
|
-
*
|
|
89
|
-
*
|
|
90
|
-
|
|
88
|
+
* Distributed token-bucket check that **propagates** limiter errors instead
|
|
89
|
+
* of degrading to the in-memory path. For callers that implement their own
|
|
90
|
+
* failure policy — e.g. `rateLimitMiddleware`, which fails CLOSED on
|
|
91
|
+
* sensitive routes (S4.2) and OPEN elsewhere when the limiter is unreachable.
|
|
92
|
+
*/
|
|
93
|
+
checkRateLimitKVStrict(env: RateLimitEnv, request: Request, endpoint: string, limit: number, windowSeconds: number, sessionId?: string, email?: string, userId?: string): Promise<{
|
|
94
|
+
allowed: boolean;
|
|
95
|
+
remaining: number;
|
|
96
|
+
resetAt: number;
|
|
97
|
+
retryAfter?: number;
|
|
98
|
+
}>;
|
|
99
|
+
/**
|
|
100
|
+
* Apply rate limiting with the distributed store (async).
|
|
101
|
+
* Returns a 429 Response if the limit is exceeded, else null.
|
|
91
102
|
*/
|
|
92
103
|
applyRateLimitKV(env: RateLimitEnv & LoggerEnv, request: Request, endpoint: string, limit: number, windowSeconds: number, sessionId?: string, email?: string, userId?: string): Promise<Response | null>;
|
|
93
104
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/lib/rate-limit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,
|
|
1
|
+
{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/lib/rate-limit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AA0CjE,OAAO,EAAa,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAMxD;;;;;;;GAOG;AACH,UAAU,YAAY;IACpB,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,6GAA6G;IAC7G,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,wFAAwF;IACxF,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAwED,wEAAwE;AACxE,wBAAgB,0BAA0B,IAAI,IAAI,CAGjD;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,GACd,QAAQ,CAiBV;AAED;;;;;;GAMG;AACH,qBAAa,WAAW;IAEtB,OAAO,CAAC,cAAc,CAAsB;IAE5C;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,eAAe;IAwCvB;;;;;;;;;;;OAWG;IACH,cAAc,CACZ,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,EACrB,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GACd;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE;IA6BhF;;;OAGG;IACH,cAAc,CACZ,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,EACrB,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GACd,QAAQ,GAAG,IAAI;IAwBlB;;;;;;OAMG;IACG,gBAAgB,CACpB,GAAG,EAAE,YAAY,EACjB,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,EACrB,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA8BzF;;;;;OAKG;IACG,sBAAsB,CAC1B,GAAG,EAAE,YAAY,EACjB,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,EACrB,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAkBzF;;;OAGG;IACG,gBAAgB,CACpB,GAAG,EAAE,YAAY,GAAG,SAAS,EAC7B,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,EACrB,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;CAsC5B"}
|