@de-otio/trellis 0.7.1 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -0
- package/dist/db.js +10 -18
- package/dist/db.js.map +1 -1
- package/dist/env.d.ts +66 -6
- package/dist/env.d.ts.map +1 -1
- package/dist/env.js +89 -70
- package/dist/env.js.map +1 -1
- package/dist/extensions.js +3 -8
- package/dist/extensions.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -9
- package/dist/index.js.map +1 -1
- package/dist/lambda/cleanup-cron.d.ts.map +1 -1
- package/dist/lambda/cleanup-cron.js +20 -24
- package/dist/lambda/cleanup-cron.js.map +1 -1
- package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/create-auth-challenge.js +17 -19
- package/dist/lambda/create-auth-challenge.js.map +1 -1
- package/dist/lambda/custom-message.js +1 -5
- package/dist/lambda/custom-message.js.map +1 -1
- package/dist/lambda/define-auth-challenge.js +1 -5
- package/dist/lambda/define-auth-challenge.js.map +1 -1
- package/dist/lambda/delete-account-worker.d.ts.map +1 -1
- package/dist/lambda/delete-account-worker.js +25 -58
- package/dist/lambda/delete-account-worker.js.map +1 -1
- package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
- package/dist/lambda/diagnostics-proxy.js +14 -49
- package/dist/lambda/diagnostics-proxy.js.map +1 -1
- package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
- package/dist/lambda/e2e-sweeper.js +30 -38
- package/dist/lambda/e2e-sweeper.js.map +1 -1
- package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
- package/dist/lambda/federation-outbox-worker.js +4 -6
- package/dist/lambda/federation-outbox-worker.js.map +1 -1
- package/dist/lambda/followers-events-worker.d.ts.map +1 -1
- package/dist/lambda/followers-events-worker.js +4 -6
- package/dist/lambda/followers-events-worker.js.map +1 -1
- package/dist/lambda/hourly-cron.d.ts.map +1 -1
- package/dist/lambda/hourly-cron.js +100 -32
- package/dist/lambda/hourly-cron.js.map +1 -1
- package/dist/lambda/link-check-worker.d.ts.map +1 -1
- package/dist/lambda/link-check-worker.js +4 -6
- package/dist/lambda/link-check-worker.js.map +1 -1
- package/dist/lambda/maintenance-cron.d.ts.map +1 -1
- package/dist/lambda/maintenance-cron.js +30 -63
- package/dist/lambda/maintenance-cron.js.map +1 -1
- package/dist/lambda/media-processing-worker.d.ts.map +1 -1
- package/dist/lambda/media-processing-worker.js +11 -46
- package/dist/lambda/media-processing-worker.js.map +1 -1
- package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
- package/dist/lambda/media-reconciliation-worker.js +4 -6
- package/dist/lambda/media-reconciliation-worker.js.map +1 -1
- package/dist/lambda/nightly-cron.d.ts.map +1 -1
- package/dist/lambda/nightly-cron.js +67 -112
- package/dist/lambda/nightly-cron.js.map +1 -1
- package/dist/lambda/post-confirmation.d.ts.map +1 -1
- package/dist/lambda/post-confirmation.js +147 -45
- package/dist/lambda/post-confirmation.js.map +1 -1
- package/dist/lambda/pre-signup.js +7 -11
- package/dist/lambda/pre-signup.js.map +1 -1
- package/dist/lambda/pre-token-generation.d.ts.map +1 -1
- package/dist/lambda/pre-token-generation.js +27 -35
- package/dist/lambda/pre-token-generation.js.map +1 -1
- package/dist/lambda/tools/check-health.js +1 -5
- package/dist/lambda/tools/check-health.js.map +1 -1
- package/dist/lambda/tools/describe-services.js +4 -8
- package/dist/lambda/tools/describe-services.js.map +1 -1
- package/dist/lambda/tools/get-cost-report.js +4 -8
- package/dist/lambda/tools/get-cost-report.js.map +1 -1
- package/dist/lambda/tools/get-errors.js +5 -9
- package/dist/lambda/tools/get-errors.js.map +1 -1
- package/dist/lambda/tools/get-feature-flags.js +4 -8
- package/dist/lambda/tools/get-feature-flags.js.map +1 -1
- package/dist/lambda/tools/get-queue-status.js +5 -9
- package/dist/lambda/tools/get-queue-status.js.map +1 -1
- package/dist/lambda/tools/search-logs.js +5 -9
- package/dist/lambda/tools/search-logs.js.map +1 -1
- package/dist/lambda/tools/send-alert.js +4 -8
- package/dist/lambda/tools/send-alert.js.map +1 -1
- package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/verify-auth-challenge.js +10 -12
- package/dist/lambda/verify-auth-challenge.js.map +1 -1
- package/dist/lib/abuse-metrics.d.ts.map +1 -1
- package/dist/lib/abuse-metrics.js +10 -13
- package/dist/lib/abuse-metrics.js.map +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
- package/dist/lib/activitypub/activity-processor.js +9 -43
- package/dist/lib/activitypub/activity-processor.js.map +1 -1
- package/dist/lib/activitypub/activity-service.js +1 -5
- package/dist/lib/activitypub/activity-service.js.map +1 -1
- package/dist/lib/activitypub/actor.d.ts +1 -1
- package/dist/lib/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/activitypub/actor.js +1 -5
- package/dist/lib/activitypub/actor.js.map +1 -1
- package/dist/lib/activitypub/audience-service.d.ts +2 -2
- package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
- package/dist/lib/activitypub/audience-service.js +8 -12
- package/dist/lib/activitypub/audience-service.js.map +1 -1
- package/dist/lib/activitypub/crypto.d.ts +1 -1
- package/dist/lib/activitypub/crypto.d.ts.map +1 -1
- package/dist/lib/activitypub/crypto.js +3 -41
- package/dist/lib/activitypub/crypto.js.map +1 -1
- package/dist/lib/activitypub/delivery-service.d.ts +5 -5
- package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
- package/dist/lib/activitypub/delivery-service.js +10 -47
- package/dist/lib/activitypub/delivery-service.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
- package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
- package/dist/lib/activitypub/dm-service.js +1 -5
- package/dist/lib/activitypub/dm-service.js.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.js +6 -10
- package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
- package/dist/lib/activitypub/fedify/config.d.ts +3 -3
- package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/config.js +5 -8
- package/dist/lib/activitypub/fedify/config.js.map +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/context.js +8 -12
- package/dist/lib/activitypub/fedify/context.js.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.js +3 -6
- package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
- package/dist/lib/activitypub/friendship-service.js +1 -5
- package/dist/lib/activitypub/friendship-service.js.map +1 -1
- package/dist/lib/activitypub/group-service.d.ts +1 -1
- package/dist/lib/activitypub/group-service.d.ts.map +1 -1
- package/dist/lib/activitypub/group-service.js +9 -46
- package/dist/lib/activitypub/group-service.js.map +1 -1
- package/dist/lib/activitypub/http-signatures.js +8 -45
- package/dist/lib/activitypub/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/jsonld.d.ts +1 -1
- package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
- package/dist/lib/activitypub/jsonld.js +1 -5
- package/dist/lib/activitypub/jsonld.js.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
- package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
- package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
- package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.js +31 -35
- package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.js +17 -20
- package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
- package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.js +6 -10
- package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
- package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
- package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.js +3 -8
- package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
- package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
- package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
- package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
- package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
- package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
- package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
- package/dist/lib/activitypub/standalone-mode.js +13 -50
- package/dist/lib/activitypub/standalone-mode.js.map +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
- package/dist/lib/activitypub/webfinger/server.js +18 -54
- package/dist/lib/activitypub/webfinger/server.js.map +1 -1
- package/dist/lib/age-gate-middleware.d.ts +4 -4
- package/dist/lib/age-gate-middleware.d.ts.map +1 -1
- package/dist/lib/age-gate-middleware.js +3 -6
- package/dist/lib/age-gate-middleware.js.map +1 -1
- package/dist/lib/age-gate.js +3 -8
- package/dist/lib/age-gate.js.map +1 -1
- package/dist/lib/age-tier-transition.d.ts +1 -1
- package/dist/lib/age-tier-transition.d.ts.map +1 -1
- package/dist/lib/age-tier-transition.js +7 -44
- package/dist/lib/age-tier-transition.js.map +1 -1
- package/dist/lib/app.d.ts +76 -0
- package/dist/lib/app.d.ts.map +1 -0
- package/dist/lib/app.js +400 -0
- package/dist/lib/app.js.map +1 -0
- package/dist/lib/audit/csv-export.js +6 -13
- package/dist/lib/audit/csv-export.js.map +1 -1
- package/dist/lib/audit/pii-filter.d.ts +9 -0
- package/dist/lib/audit/pii-filter.d.ts.map +1 -1
- package/dist/lib/audit/pii-filter.js +57 -7
- package/dist/lib/audit/pii-filter.js.map +1 -1
- package/dist/lib/audit-actions.d.ts +94 -0
- package/dist/lib/audit-actions.d.ts.map +1 -0
- package/dist/lib/audit-actions.js +107 -0
- package/dist/lib/audit-actions.js.map +1 -0
- package/dist/lib/audit-composer.d.ts +174 -0
- package/dist/lib/audit-composer.d.ts.map +1 -0
- package/dist/lib/audit-composer.js +421 -0
- package/dist/lib/audit-composer.js.map +1 -0
- package/dist/lib/auth/auth-context.d.ts +1 -1
- package/dist/lib/auth/auth-context.js +1 -2
- package/dist/lib/auth/auth-context.js.map +1 -1
- package/dist/lib/auth/auth-middleware.d.ts +16 -2
- package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
- package/dist/lib/auth/auth-middleware.js +36 -45
- package/dist/lib/auth/auth-middleware.js.map +1 -1
- package/dist/lib/auth/capabilities.js +2 -5
- package/dist/lib/auth/capabilities.js.map +1 -1
- package/dist/lib/auth/claims-cache.d.ts +2 -2
- package/dist/lib/auth/claims-cache.js +19 -24
- package/dist/lib/auth/claims-cache.js.map +1 -1
- package/dist/lib/auth/cognito-jwt.d.ts +20 -2
- package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
- package/dist/lib/auth/cognito-jwt.js +83 -23
- package/dist/lib/auth/cognito-jwt.js.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.js +4 -10
- package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
- package/dist/lib/auth/require.d.ts +4 -4
- package/dist/lib/auth/require.d.ts.map +1 -1
- package/dist/lib/auth/require.js +11 -18
- package/dist/lib/auth/require.js.map +1 -1
- package/dist/lib/auth/role-grants.d.ts +1 -1
- package/dist/lib/auth/role-grants.d.ts.map +1 -1
- package/dist/lib/auth/role-grants.js +28 -31
- package/dist/lib/auth/role-grants.js.map +1 -1
- package/dist/lib/auth-context-manager.js +1 -5
- package/dist/lib/auth-context-manager.js.map +1 -1
- package/dist/lib/auth-handler.d.ts +5 -5
- package/dist/lib/auth-handler.d.ts.map +1 -1
- package/dist/lib/auth-handler.js +5 -9
- package/dist/lib/auth-handler.js.map +1 -1
- package/dist/lib/badge-handler.d.ts +1 -1
- package/dist/lib/badge-handler.d.ts.map +1 -1
- package/dist/lib/badge-handler.js +14 -52
- package/dist/lib/badge-handler.js.map +1 -1
- package/dist/lib/circle-handler.d.ts +10 -10
- package/dist/lib/circle-handler.d.ts.map +1 -1
- package/dist/lib/circle-handler.js +10 -47
- package/dist/lib/circle-handler.js.map +1 -1
- package/dist/lib/cognito/idp-sdk.js +11 -18
- package/dist/lib/cognito/idp-sdk.js.map +1 -1
- package/dist/lib/cognito/issuer-probe.js +9 -14
- package/dist/lib/cognito/issuer-probe.js.map +1 -1
- package/dist/lib/comment-handler.d.ts +10 -10
- package/dist/lib/comment-handler.d.ts.map +1 -1
- package/dist/lib/comment-handler.js +61 -97
- package/dist/lib/comment-handler.js.map +1 -1
- package/dist/lib/compliance/baseline.d.ts +2 -2
- package/dist/lib/compliance/baseline.d.ts.map +1 -1
- package/dist/lib/compliance/baseline.js +15 -18
- package/dist/lib/compliance/baseline.js.map +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
- package/dist/lib/compliance/tenant-merge.js +1 -4
- package/dist/lib/compliance/tenant-merge.js.map +1 -1
- package/dist/lib/compliance/types.d.ts +1 -1
- package/dist/lib/compliance/types.js +2 -3
- package/dist/lib/compliance/types.js.map +1 -1
- package/dist/lib/connection-code-handler.d.ts +7 -7
- package/dist/lib/connection-code-handler.d.ts.map +1 -1
- package/dist/lib/connection-code-handler.js +13 -50
- package/dist/lib/connection-code-handler.js.map +1 -1
- package/dist/lib/content-discovery.d.ts +1 -1
- package/dist/lib/content-discovery.d.ts.map +1 -1
- package/dist/lib/content-discovery.js +15 -52
- package/dist/lib/content-discovery.js.map +1 -1
- package/dist/lib/context-aware-data-access.d.ts +1 -1
- package/dist/lib/context-aware-data-access.d.ts.map +1 -1
- package/dist/lib/context-aware-data-access.js +1 -5
- package/dist/lib/context-aware-data-access.js.map +1 -1
- package/dist/lib/cors-handler.d.ts +1 -1
- package/dist/lib/cors-handler.d.ts.map +1 -1
- package/dist/lib/cors-handler.js +13 -17
- package/dist/lib/cors-handler.js.map +1 -1
- package/dist/lib/cost-accumulator.d.ts.map +1 -1
- package/dist/lib/cost-accumulator.js +7 -11
- package/dist/lib/cost-accumulator.js.map +1 -1
- package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
- package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
- package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
- package/dist/lib/crypto/voting/hash-utils.js +6 -12
- package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
- package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
- package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/index.js +4 -14
- package/dist/lib/crypto/voting/index.js.map +1 -1
- package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
- package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
- package/dist/lib/csrf.d.ts +2 -2
- package/dist/lib/csrf.d.ts.map +1 -1
- package/dist/lib/csrf.js +1 -5
- package/dist/lib/csrf.js.map +1 -1
- package/dist/lib/data-router.d.ts +5 -4
- package/dist/lib/data-router.d.ts.map +1 -1
- package/dist/lib/data-router.js +60 -90
- package/dist/lib/data-router.js.map +1 -1
- package/dist/lib/database-circuit-breaker.d.ts +61 -34
- package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
- package/dist/lib/database-circuit-breaker.js +102 -109
- package/dist/lib/database-circuit-breaker.js.map +1 -1
- package/dist/lib/database-config.js +1 -4
- package/dist/lib/database-config.js.map +1 -1
- package/dist/lib/database-connection-manager.d.ts +42 -2
- package/dist/lib/database-connection-manager.d.ts.map +1 -1
- package/dist/lib/database-connection-manager.js +178 -74
- package/dist/lib/database-connection-manager.js.map +1 -1
- package/dist/lib/database-monitor.d.ts +1 -1
- package/dist/lib/database-monitor.d.ts.map +1 -1
- package/dist/lib/database-monitor.js +5 -9
- package/dist/lib/database-monitor.js.map +1 -1
- package/dist/lib/database-rate-limiter.d.ts +1 -1
- package/dist/lib/database-rate-limiter.d.ts.map +1 -1
- package/dist/lib/database-rate-limiter.js +3 -7
- package/dist/lib/database-rate-limiter.js.map +1 -1
- package/dist/lib/database-wrapper-helper.d.ts +2 -2
- package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
- package/dist/lib/database-wrapper-helper.js +7 -11
- package/dist/lib/database-wrapper-helper.js.map +1 -1
- package/dist/lib/database-wrapper.d.ts +1 -1
- package/dist/lib/database-wrapper.d.ts.map +1 -1
- package/dist/lib/database-wrapper.js +5 -9
- package/dist/lib/database-wrapper.js.map +1 -1
- package/dist/lib/db-query-helper.d.ts +3 -3
- package/dist/lib/db-query-helper.d.ts.map +1 -1
- package/dist/lib/db-query-helper.js +4 -9
- package/dist/lib/db-query-helper.js.map +1 -1
- package/dist/lib/discovery-exposure.d.ts +42 -0
- package/dist/lib/discovery-exposure.d.ts.map +1 -0
- package/dist/lib/discovery-exposure.js +89 -0
- package/dist/lib/discovery-exposure.js.map +1 -0
- package/dist/lib/discovery-handler.d.ts +6 -6
- package/dist/lib/discovery-handler.d.ts.map +1 -1
- package/dist/lib/discovery-handler.js +10 -43
- package/dist/lib/discovery-handler.js.map +1 -1
- package/dist/lib/domain-reputation-service.d.ts +1 -1
- package/dist/lib/domain-reputation-service.d.ts.map +1 -1
- package/dist/lib/domain-reputation-service.js +12 -15
- package/dist/lib/domain-reputation-service.js.map +1 -1
- package/dist/lib/email-privacy.js +4 -8
- package/dist/lib/email-privacy.js.map +1 -1
- package/dist/lib/email-provider.d.ts +2 -2
- package/dist/lib/email-provider.d.ts.map +1 -1
- package/dist/lib/email-provider.js +8 -16
- package/dist/lib/email-provider.js.map +1 -1
- package/dist/lib/entity-handler.d.ts +5 -6
- package/dist/lib/entity-handler.d.ts.map +1 -1
- package/dist/lib/entity-handler.js +45 -80
- package/dist/lib/entity-handler.js.map +1 -1
- package/dist/lib/entity-relationship-handler.d.ts +9 -9
- package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
- package/dist/lib/entity-relationship-handler.js +14 -51
- package/dist/lib/entity-relationship-handler.js.map +1 -1
- package/dist/lib/entity-tagging-errors.js +4 -11
- package/dist/lib/entity-tagging-errors.js.map +1 -1
- package/dist/lib/entity-tagging-validator.d.ts +3 -3
- package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
- package/dist/lib/entity-tagging-validator.js +6 -11
- package/dist/lib/entity-tagging-validator.js.map +1 -1
- package/dist/lib/exif-stripper.js +1 -4
- package/dist/lib/exif-stripper.js.map +1 -1
- package/dist/lib/extension-context.d.ts +2 -2
- package/dist/lib/extension-context.d.ts.map +1 -1
- package/dist/lib/extension-context.js +1 -4
- package/dist/lib/extension-context.js.map +1 -1
- package/dist/lib/extension-route-wrapper.d.ts +1 -1
- package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
- package/dist/lib/extension-route-wrapper.js +17 -55
- package/dist/lib/extension-route-wrapper.js.map +1 -1
- package/dist/lib/extension-validator.js +3 -6
- package/dist/lib/extension-validator.js.map +1 -1
- package/dist/lib/feature-flags.d.ts +5 -2
- package/dist/lib/feature-flags.d.ts.map +1 -1
- package/dist/lib/feature-flags.js +15 -48
- package/dist/lib/feature-flags.js.map +1 -1
- package/dist/lib/feature-toggle-global-client.d.ts +6 -0
- package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
- package/dist/lib/feature-toggle-global-client.js +73 -0
- package/dist/lib/feature-toggle-global-client.js.map +1 -0
- package/dist/lib/feature-toggle-service.d.ts +137 -27
- package/dist/lib/feature-toggle-service.d.ts.map +1 -1
- package/dist/lib/feature-toggle-service.js +302 -119
- package/dist/lib/feature-toggle-service.js.map +1 -1
- package/dist/lib/feed-handler.d.ts +8 -8
- package/dist/lib/feed-handler.d.ts.map +1 -1
- package/dist/lib/feed-handler.js +33 -62
- package/dist/lib/feed-handler.js.map +1 -1
- package/dist/lib/feed-pagination.d.ts +26 -0
- package/dist/lib/feed-pagination.d.ts.map +1 -1
- package/dist/lib/feed-pagination.js +31 -11
- package/dist/lib/feed-pagination.js.map +1 -1
- package/dist/lib/feed-personalization.d.ts +1 -1
- package/dist/lib/feed-personalization.d.ts.map +1 -1
- package/dist/lib/feed-personalization.js +6 -43
- package/dist/lib/feed-personalization.js.map +1 -1
- package/dist/lib/followers-events.js +8 -13
- package/dist/lib/followers-events.js.map +1 -1
- package/dist/lib/friends-handler.d.ts +2 -2
- package/dist/lib/friends-handler.d.ts.map +1 -1
- package/dist/lib/friends-handler.js +9 -46
- package/dist/lib/friends-handler.js.map +1 -1
- package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
- package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
- package/dist/lib/geo/entity-geo-repository.js +91 -0
- package/dist/lib/geo/entity-geo-repository.js.map +1 -0
- package/dist/lib/graph/errors.d.ts.map +1 -1
- package/dist/lib/graph/errors.js +13 -18
- package/dist/lib/graph/errors.js.map +1 -1
- package/dist/lib/graph/graph-factory.d.ts +12 -53
- package/dist/lib/graph/graph-factory.d.ts.map +1 -1
- package/dist/lib/graph/graph-factory.js +67 -162
- package/dist/lib/graph/graph-factory.js.map +1 -1
- package/dist/lib/graph/graph-service.d.ts +1 -1
- package/dist/lib/graph/graph-service.d.ts.map +1 -1
- package/dist/lib/graph/graph-service.js +1 -2
- package/dist/lib/graph/graph-service.js.map +1 -1
- package/dist/lib/graph/index.d.ts +10 -14
- package/dist/lib/graph/index.d.ts.map +1 -1
- package/dist/lib/graph/index.js +12 -46
- package/dist/lib/graph/index.js.map +1 -1
- package/dist/lib/graph/postgres/_shared.d.ts +18 -0
- package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
- package/dist/lib/graph/postgres/_shared.js +24 -0
- package/dist/lib/graph/postgres/_shared.js.map +1 -0
- package/dist/lib/graph/postgres/circles.d.ts +66 -0
- package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
- package/dist/lib/graph/postgres/circles.js +513 -0
- package/dist/lib/graph/postgres/circles.js.map +1 -0
- package/dist/lib/graph/postgres/discovery.d.ts +165 -0
- package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
- package/dist/lib/graph/postgres/discovery.js +579 -0
- package/dist/lib/graph/postgres/discovery.js.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.js +304 -0
- package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.js +162 -0
- package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
- package/dist/lib/graph/postgres/relationships.d.ts +58 -0
- package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/relationships.js +314 -0
- package/dist/lib/graph/postgres/relationships.js.map +1 -0
- package/dist/lib/graph/postgres/scoring.d.ts +74 -0
- package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
- package/dist/lib/graph/postgres/scoring.js +297 -0
- package/dist/lib/graph/postgres/scoring.js.map +1 -0
- package/dist/lib/graph/postgres/sync.d.ts +149 -0
- package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
- package/dist/lib/graph/postgres/sync.js +269 -0
- package/dist/lib/graph/postgres/sync.js.map +1 -0
- package/dist/lib/graph/scoring-engine.d.ts +7 -1
- package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
- package/dist/lib/graph/scoring-engine.js +29 -35
- package/dist/lib/graph/scoring-engine.js.map +1 -1
- package/dist/lib/graph/types.d.ts +18 -1
- package/dist/lib/graph/types.d.ts.map +1 -1
- package/dist/lib/graph/types.js +1 -2
- package/dist/lib/graph/types.js.map +1 -1
- package/dist/lib/hook-dispatcher.d.ts +1 -1
- package/dist/lib/hook-dispatcher.d.ts.map +1 -1
- package/dist/lib/hook-dispatcher.js +8 -12
- package/dist/lib/hook-dispatcher.js.map +1 -1
- package/dist/lib/input-sanitizer.js +1 -5
- package/dist/lib/input-sanitizer.js.map +1 -1
- package/dist/lib/internal-docs-handler.d.ts +2 -2
- package/dist/lib/internal-docs-handler.d.ts.map +1 -1
- package/dist/lib/internal-docs-handler.js +20 -28
- package/dist/lib/internal-docs-handler.js.map +1 -1
- package/dist/lib/internal-docs-navigation.js +2 -6
- package/dist/lib/internal-docs-navigation.js.map +1 -1
- package/dist/lib/invitation-handler.d.ts +2 -2
- package/dist/lib/invitation-handler.d.ts.map +1 -1
- package/dist/lib/invitation-handler.js +41 -82
- package/dist/lib/invitation-handler.js.map +1 -1
- package/dist/lib/ip-scrubber.js +3 -8
- package/dist/lib/ip-scrubber.js.map +1 -1
- package/dist/lib/link-security-handler.d.ts +3 -2
- package/dist/lib/link-security-handler.d.ts.map +1 -1
- package/dist/lib/link-security-handler.js +8 -44
- package/dist/lib/link-security-handler.js.map +1 -1
- package/dist/lib/logger.d.ts +31 -82
- package/dist/lib/logger.d.ts.map +1 -1
- package/dist/lib/logger.js +43 -185
- package/dist/lib/logger.js.map +1 -1
- package/dist/lib/media-cleanup-handler.d.ts +2 -2
- package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
- package/dist/lib/media-cleanup-handler.js +7 -11
- package/dist/lib/media-cleanup-handler.js.map +1 -1
- package/dist/lib/media-handler.d.ts +1 -1
- package/dist/lib/media-handler.d.ts.map +1 -1
- package/dist/lib/media-handler.js +36 -73
- package/dist/lib/media-handler.js.map +1 -1
- package/dist/lib/media-metadata-extractor.d.ts +1 -1
- package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
- package/dist/lib/media-metadata-extractor.js +3 -7
- package/dist/lib/media-metadata-extractor.js.map +1 -1
- package/dist/lib/media-metrics.d.ts +2 -2
- package/dist/lib/media-metrics.d.ts.map +1 -1
- package/dist/lib/media-metrics.js +3 -7
- package/dist/lib/media-metrics.js.map +1 -1
- package/dist/lib/metadata/index.d.ts +5 -5
- package/dist/lib/metadata/index.d.ts.map +1 -1
- package/dist/lib/metadata/index.js +5 -21
- package/dist/lib/metadata/index.js.map +1 -1
- package/dist/lib/metadata/metadata-config.js +2 -5
- package/dist/lib/metadata/metadata-config.js.map +1 -1
- package/dist/lib/metadata/metadata-errors.js +2 -7
- package/dist/lib/metadata/metadata-errors.js.map +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-extractor.js +42 -82
- package/dist/lib/metadata/metadata-extractor.js.map +1 -1
- package/dist/lib/metadata/metadata-sanitizer.js +17 -24
- package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
- package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
- package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-schemas.js +31 -34
- package/dist/lib/metadata/metadata-schemas.js.map +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
- package/dist/lib/mfa/mfa-handler.js +13 -17
- package/dist/lib/mfa/mfa-handler.js.map +1 -1
- package/dist/lib/mfa/totp-service.js +8 -18
- package/dist/lib/mfa/totp-service.js.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.js +7 -10
- package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
- package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
- package/dist/lib/middleware/idempotency-store.js +20 -26
- package/dist/lib/middleware/idempotency-store.js.map +1 -1
- package/dist/lib/middleware/idempotency.d.ts +2 -2
- package/dist/lib/middleware/idempotency.d.ts.map +1 -1
- package/dist/lib/middleware/idempotency.js +12 -50
- package/dist/lib/middleware/idempotency.js.map +1 -1
- package/dist/lib/middleware.d.ts +22 -9
- package/dist/lib/middleware.d.ts.map +1 -1
- package/dist/lib/middleware.js +72 -153
- package/dist/lib/middleware.js.map +1 -1
- package/dist/lib/moderation-handler.d.ts +1 -1
- package/dist/lib/moderation-handler.d.ts.map +1 -1
- package/dist/lib/moderation-handler.js +15 -54
- package/dist/lib/moderation-handler.js.map +1 -1
- package/dist/lib/net/trusted-client-ip.d.ts +8 -30
- package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
- package/dist/lib/net/trusted-client-ip.js +13 -94
- package/dist/lib/net/trusted-client-ip.js.map +1 -1
- package/dist/lib/notification-handler.d.ts +1 -1
- package/dist/lib/notification-handler.d.ts.map +1 -1
- package/dist/lib/notification-handler.js +10 -15
- package/dist/lib/notification-handler.js.map +1 -1
- package/dist/lib/notification-preferences-handler.d.ts +1 -1
- package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
- package/dist/lib/notification-preferences-handler.js +7 -11
- package/dist/lib/notification-preferences-handler.js.map +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
- package/dist/lib/oauth/cognito-issuer.js +5 -10
- package/dist/lib/oauth/cognito-issuer.js.map +1 -1
- package/dist/lib/oauth/device-authorization.d.ts +1 -1
- package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
- package/dist/lib/oauth/device-authorization.js +62 -77
- package/dist/lib/oauth/device-authorization.js.map +1 -1
- package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
- package/dist/lib/oauth/envelope-crypto.js +22 -34
- package/dist/lib/oauth/envelope-crypto.js.map +1 -1
- package/dist/lib/oauth/refresh-detection.js +42 -52
- package/dist/lib/oauth/refresh-detection.js.map +1 -1
- package/dist/lib/openai-budget.d.ts.map +1 -1
- package/dist/lib/openai-budget.js +7 -44
- package/dist/lib/openai-budget.js.map +1 -1
- package/dist/lib/openapi/generator.d.ts +1 -1
- package/dist/lib/openapi/generator.d.ts.map +1 -1
- package/dist/lib/openapi/generator.js +2 -6
- package/dist/lib/openapi/generator.js.map +1 -1
- package/dist/lib/orphaned-media-handler.d.ts +1 -1
- package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
- package/dist/lib/orphaned-media-handler.js +9 -46
- package/dist/lib/orphaned-media-handler.js.map +1 -1
- package/dist/lib/parental-control-handler.d.ts +2 -2
- package/dist/lib/parental-control-handler.d.ts.map +1 -1
- package/dist/lib/parental-control-handler.js +18 -55
- package/dist/lib/parental-control-handler.js.map +1 -1
- package/dist/lib/parental-link-handler.d.ts +8 -8
- package/dist/lib/parental-link-handler.d.ts.map +1 -1
- package/dist/lib/parental-link-handler.js +10 -14
- package/dist/lib/parental-link-handler.js.map +1 -1
- package/dist/lib/performance-metrics.d.ts +1 -1
- package/dist/lib/performance-metrics.d.ts.map +1 -1
- package/dist/lib/performance-metrics.js +3 -6
- package/dist/lib/performance-metrics.js.map +1 -1
- package/dist/lib/post-handler.d.ts +9 -9
- package/dist/lib/post-handler.d.ts.map +1 -1
- package/dist/lib/post-handler.js +67 -101
- package/dist/lib/post-handler.js.map +1 -1
- package/dist/lib/privacy-defaults.js +3 -8
- package/dist/lib/privacy-defaults.js.map +1 -1
- package/dist/lib/privacy-handler.d.ts +2 -2
- package/dist/lib/privacy-handler.d.ts.map +1 -1
- package/dist/lib/privacy-handler.js +6 -10
- package/dist/lib/privacy-handler.js.map +1 -1
- package/dist/lib/pseudonym.d.ts +56 -0
- package/dist/lib/pseudonym.d.ts.map +1 -0
- package/dist/lib/pseudonym.js +85 -0
- package/dist/lib/pseudonym.js.map +1 -0
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
- package/dist/lib/quiet-hours.js +2 -6
- package/dist/lib/quiet-hours.js.map +1 -1
- package/dist/lib/rate-limit.d.ts +58 -47
- package/dist/lib/rate-limit.d.ts.map +1 -1
- package/dist/lib/rate-limit.js +168 -157
- package/dist/lib/rate-limit.js.map +1 -1
- package/dist/lib/reaction-handler.d.ts +10 -10
- package/dist/lib/reaction-handler.d.ts.map +1 -1
- package/dist/lib/reaction-handler.js +44 -80
- package/dist/lib/reaction-handler.js.map +1 -1
- package/dist/lib/recaptcha.js +6 -9
- package/dist/lib/recaptcha.js.map +1 -1
- package/dist/lib/redirect-resolver.d.ts +2 -2
- package/dist/lib/redirect-resolver.d.ts.map +1 -1
- package/dist/lib/redirect-resolver.js +5 -9
- package/dist/lib/redirect-resolver.js.map +1 -1
- package/dist/lib/region-config.d.ts +3 -3
- package/dist/lib/region-config.d.ts.map +1 -1
- package/dist/lib/region-config.js +15 -58
- package/dist/lib/region-config.js.map +1 -1
- package/dist/lib/region-detection.d.ts +55 -24
- package/dist/lib/region-detection.d.ts.map +1 -1
- package/dist/lib/region-detection.js +140 -199
- package/dist/lib/region-detection.js.map +1 -1
- package/dist/lib/region-registry.d.ts +49 -0
- package/dist/lib/region-registry.d.ts.map +1 -0
- package/dist/lib/region-registry.js +112 -0
- package/dist/lib/region-registry.js.map +1 -0
- package/dist/lib/relationship-handler.d.ts +9 -9
- package/dist/lib/relationship-handler.d.ts.map +1 -1
- package/dist/lib/relationship-handler.js +12 -49
- package/dist/lib/relationship-handler.js.map +1 -1
- package/dist/lib/request-context.d.ts +16 -16
- package/dist/lib/request-context.d.ts.map +1 -1
- package/dist/lib/request-context.js +14 -22
- package/dist/lib/request-context.js.map +1 -1
- package/dist/lib/route-helpers.d.ts +3 -4
- package/dist/lib/route-helpers.d.ts.map +1 -1
- package/dist/lib/route-helpers.js +20 -75
- package/dist/lib/route-helpers.js.map +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/actor.js +20 -23
- package/dist/lib/routes/activitypub/actor.js.map +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/audiences.js +76 -80
- package/dist/lib/routes/activitypub/audiences.js.map +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/collections.js +24 -26
- package/dist/lib/routes/activitypub/collections.js.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.js +36 -39
- package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/friends.js +9 -12
- package/dist/lib/routes/activitypub/friends.js.map +1 -1
- package/dist/lib/routes/activitypub/group.d.ts +1 -1
- package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/group.js +91 -94
- package/dist/lib/routes/activitypub/group.js.map +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/inbox.js +30 -33
- package/dist/lib/routes/activitypub/inbox.js.map +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/messages.js +79 -83
- package/dist/lib/routes/activitypub/messages.js.map +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/outbox.js +9 -12
- package/dist/lib/routes/activitypub/outbox.js.map +1 -1
- package/dist/lib/routes/activitypub/post.d.ts +1 -1
- package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/post.js +32 -35
- package/dist/lib/routes/activitypub/post.js.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.js +5 -8
- package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
- package/dist/lib/routes/admin-costs.d.ts +1 -1
- package/dist/lib/routes/admin-costs.d.ts.map +1 -1
- package/dist/lib/routes/admin-costs.js +22 -26
- package/dist/lib/routes/admin-costs.js.map +1 -1
- package/dist/lib/routes/admin.d.ts +1 -1
- package/dist/lib/routes/admin.d.ts.map +1 -1
- package/dist/lib/routes/admin.js +290 -269
- package/dist/lib/routes/admin.js.map +1 -1
- package/dist/lib/routes/agent-authorize.d.ts +5 -5
- package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
- package/dist/lib/routes/agent-authorize.js +68 -74
- package/dist/lib/routes/agent-authorize.js.map +1 -1
- package/dist/lib/routes/agent-sessions.d.ts +4 -4
- package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
- package/dist/lib/routes/agent-sessions.js +30 -35
- package/dist/lib/routes/agent-sessions.js.map +1 -1
- package/dist/lib/routes/agent-surface.d.ts +2 -2
- package/dist/lib/routes/agent-surface.d.ts.map +1 -1
- package/dist/lib/routes/agent-surface.js +20 -24
- package/dist/lib/routes/agent-surface.js.map +1 -1
- package/dist/lib/routes/auth-discover.d.ts +1 -1
- package/dist/lib/routes/auth-discover.d.ts.map +1 -1
- package/dist/lib/routes/auth-discover.js +20 -56
- package/dist/lib/routes/auth-discover.js.map +1 -1
- package/dist/lib/routes/auth.d.ts +1 -1
- package/dist/lib/routes/auth.d.ts.map +1 -1
- package/dist/lib/routes/auth.js +13 -16
- package/dist/lib/routes/auth.js.map +1 -1
- package/dist/lib/routes/badges.d.ts +1 -1
- package/dist/lib/routes/badges.d.ts.map +1 -1
- package/dist/lib/routes/badges.js +20 -23
- package/dist/lib/routes/badges.js.map +1 -1
- package/dist/lib/routes/circles.d.ts +1 -1
- package/dist/lib/routes/circles.d.ts.map +1 -1
- package/dist/lib/routes/circles.js +40 -44
- package/dist/lib/routes/circles.js.map +1 -1
- package/dist/lib/routes/comments.d.ts +1 -1
- package/dist/lib/routes/comments.d.ts.map +1 -1
- package/dist/lib/routes/comments.js +67 -71
- package/dist/lib/routes/comments.js.map +1 -1
- package/dist/lib/routes/connection-codes.d.ts +1 -1
- package/dist/lib/routes/connection-codes.d.ts.map +1 -1
- package/dist/lib/routes/connection-codes.js +30 -34
- package/dist/lib/routes/connection-codes.js.map +1 -1
- package/dist/lib/routes/content-discovery.d.ts +1 -1
- package/dist/lib/routes/content-discovery.d.ts.map +1 -1
- package/dist/lib/routes/content-discovery.js +31 -34
- package/dist/lib/routes/content-discovery.js.map +1 -1
- package/dist/lib/routes/dashboard.d.ts +1 -1
- package/dist/lib/routes/dashboard.d.ts.map +1 -1
- package/dist/lib/routes/dashboard.js +251 -288
- package/dist/lib/routes/dashboard.js.map +1 -1
- package/dist/lib/routes/deletion.d.ts +1 -1
- package/dist/lib/routes/deletion.d.ts.map +1 -1
- package/dist/lib/routes/deletion.js +37 -74
- package/dist/lib/routes/deletion.js.map +1 -1
- package/dist/lib/routes/discovery.d.ts +1 -1
- package/dist/lib/routes/discovery.d.ts.map +1 -1
- package/dist/lib/routes/discovery.js +20 -24
- package/dist/lib/routes/discovery.js.map +1 -1
- package/dist/lib/routes/employees.d.ts +1 -1
- package/dist/lib/routes/employees.d.ts.map +1 -1
- package/dist/lib/routes/employees.js +15 -52
- package/dist/lib/routes/employees.js.map +1 -1
- package/dist/lib/routes/entities.d.ts +1 -1
- package/dist/lib/routes/entities.d.ts.map +1 -1
- package/dist/lib/routes/entities.js +133 -137
- package/dist/lib/routes/entities.js.map +1 -1
- package/dist/lib/routes/entity-relationships.d.ts +1 -1
- package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
- package/dist/lib/routes/entity-relationships.js +35 -39
- package/dist/lib/routes/entity-relationships.js.map +1 -1
- package/dist/lib/routes/errors.d.ts +1 -1
- package/dist/lib/routes/errors.d.ts.map +1 -1
- package/dist/lib/routes/errors.js +4 -10
- package/dist/lib/routes/errors.js.map +1 -1
- package/dist/lib/routes/export.d.ts +1 -1
- package/dist/lib/routes/export.d.ts.map +1 -1
- package/dist/lib/routes/export.js +31 -35
- package/dist/lib/routes/export.js.map +1 -1
- package/dist/lib/routes/feature-flags.d.ts +1 -1
- package/dist/lib/routes/feature-flags.d.ts.map +1 -1
- package/dist/lib/routes/feature-flags.js +20 -23
- package/dist/lib/routes/feature-flags.js.map +1 -1
- package/dist/lib/routes/feeds.d.ts +1 -1
- package/dist/lib/routes/feeds.d.ts.map +1 -1
- package/dist/lib/routes/feeds.js +42 -46
- package/dist/lib/routes/feeds.js.map +1 -1
- package/dist/lib/routes/friends.d.ts +1 -1
- package/dist/lib/routes/friends.d.ts.map +1 -1
- package/dist/lib/routes/friends.js +35 -39
- package/dist/lib/routes/friends.js.map +1 -1
- package/dist/lib/routes/health.d.ts +1 -1
- package/dist/lib/routes/health.d.ts.map +1 -1
- package/dist/lib/routes/health.js +23 -27
- package/dist/lib/routes/health.js.map +1 -1
- package/dist/lib/routes/index.d.ts +2 -7
- package/dist/lib/routes/index.d.ts.map +1 -1
- package/dist/lib/routes/index.js +137 -158
- package/dist/lib/routes/index.js.map +1 -1
- package/dist/lib/routes/internal-docs.d.ts +1 -1
- package/dist/lib/routes/internal-docs.d.ts.map +1 -1
- package/dist/lib/routes/internal-docs.js +13 -16
- package/dist/lib/routes/internal-docs.js.map +1 -1
- package/dist/lib/routes/invitations.d.ts +1 -1
- package/dist/lib/routes/invitations.d.ts.map +1 -1
- package/dist/lib/routes/invitations.js +19 -22
- package/dist/lib/routes/invitations.js.map +1 -1
- package/dist/lib/routes/link-reports.d.ts +2 -2
- package/dist/lib/routes/link-reports.d.ts.map +1 -1
- package/dist/lib/routes/link-reports.js +86 -48
- package/dist/lib/routes/link-reports.js.map +1 -1
- package/dist/lib/routes/map.d.ts +1 -1
- package/dist/lib/routes/map.d.ts.map +1 -1
- package/dist/lib/routes/map.js +5 -8
- package/dist/lib/routes/map.js.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.js +30 -67
- package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
- package/dist/lib/routes/media.d.ts +1 -1
- package/dist/lib/routes/media.d.ts.map +1 -1
- package/dist/lib/routes/media.js +156 -193
- package/dist/lib/routes/media.js.map +1 -1
- package/dist/lib/routes/mfa.d.ts +1 -1
- package/dist/lib/routes/mfa.d.ts.map +1 -1
- package/dist/lib/routes/mfa.js +60 -64
- package/dist/lib/routes/mfa.js.map +1 -1
- package/dist/lib/routes/notifications.d.ts +1 -1
- package/dist/lib/routes/notifications.d.ts.map +1 -1
- package/dist/lib/routes/notifications.js +68 -72
- package/dist/lib/routes/notifications.js.map +1 -1
- package/dist/lib/routes/oauth.d.ts +1 -1
- package/dist/lib/routes/oauth.d.ts.map +1 -1
- package/dist/lib/routes/oauth.js +20 -23
- package/dist/lib/routes/oauth.js.map +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media-health.js +10 -13
- package/dist/lib/routes/orphaned-media-health.js.map +1 -1
- package/dist/lib/routes/orphaned-media.d.ts +1 -1
- package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media.js +20 -57
- package/dist/lib/routes/orphaned-media.js.map +1 -1
- package/dist/lib/routes/out.d.ts +1 -1
- package/dist/lib/routes/out.d.ts.map +1 -1
- package/dist/lib/routes/out.js +21 -24
- package/dist/lib/routes/out.js.map +1 -1
- package/dist/lib/routes/parental-controls.d.ts +1 -1
- package/dist/lib/routes/parental-controls.d.ts.map +1 -1
- package/dist/lib/routes/parental-controls.js +91 -95
- package/dist/lib/routes/parental-controls.js.map +1 -1
- package/dist/lib/routes/posts.d.ts +1 -1
- package/dist/lib/routes/posts.d.ts.map +1 -1
- package/dist/lib/routes/posts.js +101 -105
- package/dist/lib/routes/posts.js.map +1 -1
- package/dist/lib/routes/privacy.d.ts +1 -1
- package/dist/lib/routes/privacy.d.ts.map +1 -1
- package/dist/lib/routes/privacy.js +21 -25
- package/dist/lib/routes/privacy.js.map +1 -1
- package/dist/lib/routes/products.d.ts +1 -1
- package/dist/lib/routes/products.d.ts.map +1 -1
- package/dist/lib/routes/products.js +44 -48
- package/dist/lib/routes/products.js.map +1 -1
- package/dist/lib/routes/relationships.d.ts +1 -1
- package/dist/lib/routes/relationships.d.ts.map +1 -1
- package/dist/lib/routes/relationships.js +35 -39
- package/dist/lib/routes/relationships.js.map +1 -1
- package/dist/lib/routes/sentiments.d.ts +1 -1
- package/dist/lib/routes/sentiments.d.ts.map +1 -1
- package/dist/lib/routes/sentiments.js +71 -75
- package/dist/lib/routes/sentiments.js.map +1 -1
- package/dist/lib/routes/setup-status.d.ts +1 -1
- package/dist/lib/routes/setup-status.d.ts.map +1 -1
- package/dist/lib/routes/setup-status.js +17 -20
- package/dist/lib/routes/setup-status.js.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.js +29 -33
- package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
- package/dist/lib/routes/taxonomy.d.ts +1 -1
- package/dist/lib/routes/taxonomy.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy.js +48 -51
- package/dist/lib/routes/taxonomy.js.map +1 -1
- package/dist/lib/routes/tenant-audit.d.ts +1 -1
- package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
- package/dist/lib/routes/tenant-audit.js +35 -92
- package/dist/lib/routes/tenant-audit.js.map +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
- package/dist/lib/routes/tenant-compliance.js +16 -52
- package/dist/lib/routes/tenant-compliance.js.map +1 -1
- package/dist/lib/routes/tenant-domains.d.ts +1 -1
- package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
- package/dist/lib/routes/tenant-domains.js +27 -30
- package/dist/lib/routes/tenant-domains.js.map +1 -1
- package/dist/lib/routes/tenant-idp.d.ts +1 -1
- package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
- package/dist/lib/routes/tenant-idp.js +27 -30
- package/dist/lib/routes/tenant-idp.js.map +1 -1
- package/dist/lib/routes/tenant-members.d.ts +1 -1
- package/dist/lib/routes/tenant-members.d.ts.map +1 -1
- package/dist/lib/routes/tenant-members.js +21 -24
- package/dist/lib/routes/tenant-members.js.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.js +27 -30
- package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
- package/dist/lib/routes/tenants.d.ts +1 -1
- package/dist/lib/routes/tenants.d.ts.map +1 -1
- package/dist/lib/routes/tenants.js +37 -40
- package/dist/lib/routes/tenants.js.map +1 -1
- package/dist/lib/routes/types.d.ts +10 -5
- package/dist/lib/routes/types.d.ts.map +1 -1
- package/dist/lib/routes/types.js +1 -2
- package/dist/lib/routes/types.js.map +1 -1
- package/dist/lib/routes/upload-sessions.d.ts +1 -1
- package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
- package/dist/lib/routes/upload-sessions.js +57 -94
- package/dist/lib/routes/upload-sessions.js.map +1 -1
- package/dist/lib/routes/user.d.ts +1 -1
- package/dist/lib/routes/user.d.ts.map +1 -1
- package/dist/lib/routes/user.js +137 -85
- package/dist/lib/routes/user.js.map +1 -1
- package/dist/lib/routes.d.ts +2 -2
- package/dist/lib/routes.d.ts.map +1 -1
- package/dist/lib/routes.js +2 -7
- package/dist/lib/routes.js.map +1 -1
- package/dist/lib/scaling-health.d.ts.map +1 -1
- package/dist/lib/scaling-health.js +6 -9
- package/dist/lib/scaling-health.js.map +1 -1
- package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
- package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
- package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
- package/dist/lib/schemas.d.ts +85 -204
- package/dist/lib/schemas.d.ts.map +1 -1
- package/dist/lib/schemas.js +71 -74
- package/dist/lib/schemas.js.map +1 -1
- package/dist/lib/secrets/idp-secrets.d.ts +1 -1
- package/dist/lib/secrets/idp-secrets.js +13 -19
- package/dist/lib/secrets/idp-secrets.js.map +1 -1
- package/dist/lib/security-event-cleaner.js +1 -5
- package/dist/lib/security-event-cleaner.js.map +1 -1
- package/dist/lib/security-headers.js +1 -5
- package/dist/lib/security-headers.js.map +1 -1
- package/dist/lib/security-monitor.d.ts +4 -2
- package/dist/lib/security-monitor.d.ts.map +1 -1
- package/dist/lib/security-monitor.js +16 -18
- package/dist/lib/security-monitor.js.map +1 -1
- package/dist/lib/sentiment-digest.d.ts +1 -1
- package/dist/lib/sentiment-digest.d.ts.map +1 -1
- package/dist/lib/sentiment-digest.js +5 -8
- package/dist/lib/sentiment-digest.js.map +1 -1
- package/dist/lib/sentiment-display.js +3 -7
- package/dist/lib/sentiment-display.js.map +1 -1
- package/dist/lib/services/image-normalizer.js +1 -5
- package/dist/lib/services/image-normalizer.js.map +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
- package/dist/lib/services/media-reconciliation-service.js +7 -11
- package/dist/lib/services/media-reconciliation-service.js.map +1 -1
- package/dist/lib/services/media-upload-service.d.ts +1 -1
- package/dist/lib/services/media-upload-service.d.ts.map +1 -1
- package/dist/lib/services/media-upload-service.js +4 -8
- package/dist/lib/services/media-upload-service.js.map +1 -1
- package/dist/lib/services/user-data-deletion.d.ts +45 -2
- package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
- package/dist/lib/services/user-data-deletion.js +87 -9
- package/dist/lib/services/user-data-deletion.js.map +1 -1
- package/dist/lib/session-awareness.js +2 -6
- package/dist/lib/session-awareness.js.map +1 -1
- package/dist/lib/session-config.js +8 -17
- package/dist/lib/session-config.js.map +1 -1
- package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
- package/dist/lib/session-cookie.d.ts.map +1 -0
- package/dist/lib/session-cookie.js +0 -0
- package/dist/lib/session-cookie.js.map +1 -0
- package/dist/lib/signup-metadata.d.ts +129 -0
- package/dist/lib/signup-metadata.d.ts.map +1 -0
- package/dist/lib/signup-metadata.js +127 -0
- package/dist/lib/signup-metadata.js.map +1 -0
- package/dist/lib/sso-auth-handler.js +1 -5
- package/dist/lib/sso-auth-handler.js.map +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
- package/dist/lib/tag-suggestions-handler.js +1 -5
- package/dist/lib/tag-suggestions-handler.js.map +1 -1
- package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
- package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler-factory.js +7 -10
- package/dist/lib/taxonomy-handler-factory.js.map +1 -1
- package/dist/lib/taxonomy-handler.d.ts +2 -2
- package/dist/lib/taxonomy-handler.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler.js +8 -8
- package/dist/lib/taxonomy-handler.js.map +1 -1
- package/dist/lib/taxonomy-metrics.js +5 -9
- package/dist/lib/taxonomy-metrics.js.map +1 -1
- package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
- package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
- package/dist/lib/taxonomy-search-metrics.js +3 -7
- package/dist/lib/taxonomy-search-metrics.js.map +1 -1
- package/dist/lib/tenant/audit-emit.d.ts +18 -8
- package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
- package/dist/lib/tenant/audit-emit.js +50 -11
- package/dist/lib/tenant/audit-emit.js.map +1 -1
- package/dist/lib/tenant/derive-domain.js +1 -4
- package/dist/lib/tenant/derive-domain.js.map +1 -1
- package/dist/lib/tenant/domain-handler.d.ts +2 -2
- package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
- package/dist/lib/tenant/domain-handler.js +50 -62
- package/dist/lib/tenant/domain-handler.js.map +1 -1
- package/dist/lib/tenant/domain-validator.d.ts +1 -1
- package/dist/lib/tenant/domain-validator.js +10 -13
- package/dist/lib/tenant/domain-validator.js.map +1 -1
- package/dist/lib/tenant/domain-verifier.d.ts +3 -3
- package/dist/lib/tenant/domain-verifier.js +8 -11
- package/dist/lib/tenant/domain-verifier.js.map +1 -1
- package/dist/lib/tenant/idp-handler.d.ts +4 -4
- package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
- package/dist/lib/tenant/idp-handler.js +45 -82
- package/dist/lib/tenant/idp-handler.js.map +1 -1
- package/dist/lib/tenant/idp-name.js +1 -4
- package/dist/lib/tenant/idp-name.js.map +1 -1
- package/dist/lib/tenant/member-handler.d.ts +2 -2
- package/dist/lib/tenant/member-handler.d.ts.map +1 -1
- package/dist/lib/tenant/member-handler.js +30 -67
- package/dist/lib/tenant/member-handler.js.map +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
- package/dist/lib/tenant/reserved-slugs.js +8 -14
- package/dist/lib/tenant/reserved-slugs.js.map +1 -1
- package/dist/lib/tenant/resolve-role.js +1 -4
- package/dist/lib/tenant/resolve-role.js.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
- package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.js +24 -61
- package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
- package/dist/lib/tenant/setup-status.d.ts +1 -1
- package/dist/lib/tenant/setup-status.d.ts.map +1 -1
- package/dist/lib/tenant/setup-status.js +3 -40
- package/dist/lib/tenant/setup-status.js.map +1 -1
- package/dist/lib/tenant/slug-validator.js +3 -6
- package/dist/lib/tenant/slug-validator.js.map +1 -1
- package/dist/lib/tenant/tenant-handler.d.ts +2 -2
- package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
- package/dist/lib/tenant/tenant-handler.js +31 -68
- package/dist/lib/tenant/tenant-handler.js.map +1 -1
- package/dist/lib/tenant/transfer-ownership.js +2 -6
- package/dist/lib/tenant/transfer-ownership.js.map +1 -1
- package/dist/lib/tenant-scope.d.ts +97 -0
- package/dist/lib/tenant-scope.d.ts.map +1 -0
- package/dist/lib/tenant-scope.js +270 -0
- package/dist/lib/tenant-scope.js.map +1 -0
- package/dist/lib/terminology.d.ts.map +1 -1
- package/dist/lib/terminology.js +7 -9
- package/dist/lib/terminology.js.map +1 -1
- package/dist/lib/theme.js +2 -6
- package/dist/lib/theme.js.map +1 -1
- package/dist/lib/threat-intel-service.d.ts +2 -2
- package/dist/lib/threat-intel-service.d.ts.map +1 -1
- package/dist/lib/threat-intel-service.js +3 -7
- package/dist/lib/threat-intel-service.js.map +1 -1
- package/dist/lib/types/media-reconciliation.js +1 -2
- package/dist/lib/types/media-reconciliation.js.map +1 -1
- package/dist/lib/upload-session-handler.d.ts +1 -1
- package/dist/lib/upload-session-handler.d.ts.map +1 -1
- package/dist/lib/upload-session-handler.js +13 -50
- package/dist/lib/upload-session-handler.js.map +1 -1
- package/dist/lib/user/derive-handle.js +2 -6
- package/dist/lib/user/derive-handle.js.map +1 -1
- package/dist/lib/user-badge.js +6 -14
- package/dist/lib/user-badge.js.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
- package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.js +16 -53
- package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
- package/dist/lib/user-deprovisioning.d.ts +1 -1
- package/dist/lib/user-deprovisioning.d.ts.map +1 -1
- package/dist/lib/user-deprovisioning.js +16 -20
- package/dist/lib/user-deprovisioning.js.map +1 -1
- package/dist/lib/user-export-handler.d.ts +4 -4
- package/dist/lib/user-export-handler.d.ts.map +1 -1
- package/dist/lib/user-export-handler.js +11 -15
- package/dist/lib/user-export-handler.js.map +1 -1
- package/dist/lib/validate-request.js +8 -13
- package/dist/lib/validate-request.js.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
- package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.js +50 -59
- package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
- package/dist/lib/validation/validate-request.d.ts.map +1 -1
- package/dist/lib/validation/validate-request.js +12 -23
- package/dist/lib/validation/validate-request.js.map +1 -1
- package/dist/lib/validation.js +1 -5
- package/dist/lib/validation.js.map +1 -1
- package/dist/lib/version.js +3 -8
- package/dist/lib/version.js.map +1 -1
- package/dist/server.d.ts +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +29 -69
- package/dist/server.js.map +1 -1
- package/dist/types/cloudflare-compat.d.ts +3 -93
- package/dist/types/cloudflare-compat.d.ts.map +1 -1
- package/dist/types/cloudflare-compat.js +1 -2
- package/dist/types/cloudflare-compat.js.map +1 -1
- package/dist/worker.d.ts +6 -6
- package/dist/worker.d.ts.map +1 -1
- package/dist/worker.js +6 -13
- package/dist/worker.js.map +1 -1
- package/package.json +28 -15
- package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
- package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
- package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
- package/prisma/schema.prisma +419 -68
- package/src/lambda/cleanup-cron.ts +10 -7
- package/src/lambda/create-auth-challenge.ts +6 -3
- package/src/lambda/delete-account-worker.ts +17 -12
- package/src/lambda/diagnostics-proxy.ts +9 -6
- package/src/lambda/e2e-sweeper.ts +17 -23
- package/src/lambda/federation-outbox-worker.ts +4 -1
- package/src/lambda/followers-events-worker.ts +4 -1
- package/src/lambda/hourly-cron.ts +112 -20
- package/src/lambda/link-check-worker.ts +4 -1
- package/src/lambda/maintenance-cron.ts +24 -13
- package/src/lambda/media-processing-worker.ts +5 -2
- package/src/lambda/media-reconciliation-worker.ts +4 -1
- package/src/lambda/nightly-cron.ts +53 -54
- package/src/lambda/post-confirmation.ts +188 -62
- package/src/lambda/pre-token-generation.ts +39 -44
- package/src/lambda/verify-auth-challenge.ts +4 -1
- package/dist/lib/audit/emit.d.ts +0 -56
- package/dist/lib/audit/emit.d.ts.map +0 -1
- package/dist/lib/audit/emit.js +0 -124
- package/dist/lib/audit/emit.js.map +0 -1
- package/dist/lib/audit/event-types.d.ts +0 -36
- package/dist/lib/audit/event-types.d.ts.map +0 -1
- package/dist/lib/audit/event-types.js +0 -69
- package/dist/lib/audit/event-types.js.map +0 -1
- package/dist/lib/audit-logger.d.ts +0 -142
- package/dist/lib/audit-logger.d.ts.map +0 -1
- package/dist/lib/audit-logger.js +0 -326
- package/dist/lib/audit-logger.js.map +0 -1
- package/dist/lib/circuit-breaker.d.ts +0 -27
- package/dist/lib/circuit-breaker.d.ts.map +0 -1
- package/dist/lib/circuit-breaker.js +0 -63
- package/dist/lib/circuit-breaker.js.map +0 -1
- package/dist/lib/graph/dual-write-service.d.ts +0 -116
- package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
- package/dist/lib/graph/dual-write-service.js +0 -332
- package/dist/lib/graph/dual-write-service.js.map +0 -1
- package/dist/lib/graph/dual-write.d.ts +0 -396
- package/dist/lib/graph/dual-write.d.ts.map +0 -1
- package/dist/lib/graph/dual-write.js +0 -53
- package/dist/lib/graph/dual-write.js.map +0 -1
- package/dist/lib/graph/graph-schema-init.d.ts +0 -31
- package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
- package/dist/lib/graph/graph-schema-init.js +0 -105
- package/dist/lib/graph/graph-schema-init.js.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
- package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.js +0 -1625
- package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
- package/dist/lib/graph/reconciliation-service.d.ts +0 -113
- package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
- package/dist/lib/graph/reconciliation-service.js +0 -533
- package/dist/lib/graph/reconciliation-service.js.map +0 -1
- package/dist/lib/id-generator.d.ts +0 -29
- package/dist/lib/id-generator.d.ts.map +0 -1
- package/dist/lib/id-generator.js +0 -51
- package/dist/lib/id-generator.js.map +0 -1
- package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
- package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
- package/dist/lib/kv/dynamodb-kv.js +0 -239
- package/dist/lib/kv/dynamodb-kv.js.map +0 -1
- package/dist/lib/queue/sqs-queue.d.ts +0 -16
- package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
- package/dist/lib/queue/sqs-queue.js +0 -39
- package/dist/lib/queue/sqs-queue.js.map +0 -1
- package/dist/lib/route-matcher.d.ts +0 -24
- package/dist/lib/route-matcher.d.ts.map +0 -1
- package/dist/lib/route-matcher.js +0 -96
- package/dist/lib/route-matcher.js.map +0 -1
- package/dist/lib/router.d.ts +0 -26
- package/dist/lib/router.d.ts.map +0 -1
- package/dist/lib/router.js +0 -90
- package/dist/lib/router.js.map +0 -1
- package/dist/lib/routes-all.d.ts +0 -9
- package/dist/lib/routes-all.d.ts.map +0 -1
- package/dist/lib/routes-all.js +0 -170
- package/dist/lib/routes-all.js.map +0 -1
- package/dist/lib/secret-resolver.d.ts +0 -88
- package/dist/lib/secret-resolver.d.ts.map +0 -1
- package/dist/lib/secret-resolver.js +0 -183
- package/dist/lib/secret-resolver.js.map +0 -1
- package/dist/lib/session-manager.d.ts.map +0 -1
- package/dist/lib/session-manager.js +0 -492
- package/dist/lib/session-manager.js.map +0 -1
- package/dist/lib/storage/s3-storage.d.ts +0 -29
- package/dist/lib/storage/s3-storage.d.ts.map +0 -1
- package/dist/lib/storage/s3-storage.js +0 -135
- package/dist/lib/storage/s3-storage.js.map +0 -1
- package/dist/lib/tenant-context.d.ts +0 -35
- package/dist/lib/tenant-context.d.ts.map +0 -1
- package/dist/lib/tenant-context.js +0 -54
- package/dist/lib/tenant-context.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csv-export.js","sourceRoot":"","sources":["../../../src/lib/audit/csv-export.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"csv-export.js","sourceRoot":"","sources":["../../../src/lib/audit/csv-export.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,SAAS;IACT,MAAM;IACN,UAAU;IACV,aAAa;IACb,WAAW;IACX,UAAU;IACV,SAAS;CACD,CAAC;AAYX,8CAA8C;AAC9C,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/F,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;IAC1C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,YAAY,CAAC,MAAgB;IAC3C,OAAO,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9C,CAAC;AAED,6BAA6B;AAC7B,MAAM,UAAU,eAAe;IAC7B,OAAO,YAAY,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC;AACxC,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,SAAS,CAAC,IAAc;IACtC,MAAM,KAAK,GAAa,CAAC,eAAe,EAAE,CAAC,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,YAAY,CAAC;YACX,GAAG,CAAC,OAAO;YACX,GAAG,CAAC,IAAI;YACR,GAAG,CAAC,QAAQ;YACZ,GAAG,CAAC,WAAW;YACf,GAAG,CAAC,SAAS;YACb,GAAG,CAAC,QAAQ;YACZ,GAAG,CAAC,OAAO;SACZ,CAAC,CACH,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC"}
|
|
@@ -5,6 +5,15 @@
|
|
|
5
5
|
* with the literal string "<redacted>" and a drop counter is incremented.
|
|
6
6
|
* Claim *names* are fine to store; claim *values* must never appear.
|
|
7
7
|
*/
|
|
8
|
+
/**
|
|
9
|
+
* Per-key allowlist for audit metadata. Anything outside this set is
|
|
10
|
+
* replaced with "<redacted>". Migrated here from the now-deleted
|
|
11
|
+
* `event-types.ts` (phase 1.C.2) so the allowlist lives next to the
|
|
12
|
+
* filter that consumes it.
|
|
13
|
+
*
|
|
14
|
+
* Claim *names* are fine to store; claim *values* must never appear.
|
|
15
|
+
*/
|
|
16
|
+
export declare const PII_ALLOWED_FIELDS: Set<string>;
|
|
8
17
|
export interface FilterResult {
|
|
9
18
|
filtered: Record<string, unknown>;
|
|
10
19
|
droppedCount: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pii-filter.d.ts","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"pii-filter.d.ts","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,aA8C7B,CAAC;AAEH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAiB9C;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,aAAa,GAAE,GAAG,CAAC,MAAM,CAAsB,GAC9C,YAAY,CAcd"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* PII Filter for Audit Payloads
|
|
4
3
|
*
|
|
@@ -6,15 +5,66 @@
|
|
|
6
5
|
* with the literal string "<redacted>" and a drop counter is incremented.
|
|
7
6
|
* Claim *names* are fine to store; claim *values* must never appear.
|
|
8
7
|
*/
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
8
|
+
/**
|
|
9
|
+
* Per-key allowlist for audit metadata. Anything outside this set is
|
|
10
|
+
* replaced with "<redacted>". Migrated here from the now-deleted
|
|
11
|
+
* `event-types.ts` (phase 1.C.2) so the allowlist lives next to the
|
|
12
|
+
* filter that consumes it.
|
|
13
|
+
*
|
|
14
|
+
* Claim *names* are fine to store; claim *values* must never appear.
|
|
15
|
+
*/
|
|
16
|
+
export const PII_ALLOWED_FIELDS = new Set([
|
|
17
|
+
"tenantId",
|
|
18
|
+
"actorUserId",
|
|
19
|
+
"targetUserId",
|
|
20
|
+
"targetType",
|
|
21
|
+
"oldRole",
|
|
22
|
+
"newRole",
|
|
23
|
+
"domain",
|
|
24
|
+
"idpStatus",
|
|
25
|
+
"idpKind",
|
|
26
|
+
"issuer",
|
|
27
|
+
"idpGroup",
|
|
28
|
+
"role",
|
|
29
|
+
"source",
|
|
30
|
+
"reason",
|
|
31
|
+
"verificationMethod",
|
|
32
|
+
"changedAttributes",
|
|
33
|
+
"sourceIp",
|
|
34
|
+
"agentSessionId",
|
|
35
|
+
"slug",
|
|
36
|
+
"displayName",
|
|
37
|
+
"type",
|
|
38
|
+
"agentLabel",
|
|
39
|
+
"userAgent",
|
|
40
|
+
// G4 MEDIUM-6/N2: `deviceCodeHash` was previously written into
|
|
41
|
+
// AUTH_AGENT_SESSION_APPROVED audit payloads and could act as a
|
|
42
|
+
// confirmation oracle if a raw device_code ever leaked elsewhere.
|
|
43
|
+
// Kept OFF the allow-list so a future regression that re-adds the
|
|
44
|
+
// field would fail the audit-emit allow-list check.
|
|
45
|
+
"refreshJti",
|
|
46
|
+
"cognitoUserId",
|
|
47
|
+
// Region codes are NOT PII (US/EU/CN); they are data-residency
|
|
48
|
+
// compliance signals carried by the data-lifecycle audit events.
|
|
49
|
+
// Added in phase 1.C.2 so the data-router region context survives
|
|
50
|
+
// the allowlist instead of being redacted away. See migration note.
|
|
51
|
+
"region",
|
|
52
|
+
"dataRegion",
|
|
53
|
+
"requestedRegion",
|
|
54
|
+
"actualDataRegion",
|
|
55
|
+
// Feature-toggle audit fields (feature_toggle.changed events).
|
|
56
|
+
// key is a system identifier (no PII); oldEnabled/newEnabled are booleans;
|
|
57
|
+
// changedBy carries the admin's USER ID (never email — see convention doc).
|
|
58
|
+
"key",
|
|
59
|
+
"oldEnabled",
|
|
60
|
+
"newEnabled",
|
|
61
|
+
"changedBy",
|
|
62
|
+
]);
|
|
13
63
|
/**
|
|
14
64
|
* Redact IPv4 to /24 and IPv6 to /64 for GDPR-compliant storage.
|
|
15
65
|
* "1.2.3.4" → "1.2.3.0/24", "2001:db8::1" → "2001:db8::/64"
|
|
16
66
|
*/
|
|
17
|
-
function anonymizeIp(ip) {
|
|
67
|
+
export function anonymizeIp(ip) {
|
|
18
68
|
if (!ip || ip === "unknown")
|
|
19
69
|
return ip;
|
|
20
70
|
if (ip.includes(".")) {
|
|
@@ -34,7 +84,7 @@ function anonymizeIp(ip) {
|
|
|
34
84
|
* Filter a raw payload object against the PII allowlist.
|
|
35
85
|
* Returns the cleaned object and the number of dropped fields.
|
|
36
86
|
*/
|
|
37
|
-
function filterPayload(payload, allowedFields =
|
|
87
|
+
export function filterPayload(payload, allowedFields = PII_ALLOWED_FIELDS) {
|
|
38
88
|
const filtered = {};
|
|
39
89
|
let droppedCount = 0;
|
|
40
90
|
for (const [key, value] of Object.entries(payload)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pii-filter.js","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"pii-filter.js","sourceRoot":"","sources":["../../../src/lib/audit/pii-filter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAS;IAChD,UAAU;IACV,aAAa;IACb,cAAc;IACd,YAAY;IACZ,SAAS;IACT,SAAS;IACT,QAAQ;IACR,WAAW;IACX,SAAS;IACT,QAAQ;IACR,UAAU;IACV,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,oBAAoB;IACpB,mBAAmB;IACnB,UAAU;IACV,gBAAgB;IAChB,MAAM;IACN,aAAa;IACb,MAAM;IACN,YAAY;IACZ,WAAW;IACX,+DAA+D;IAC/D,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,oDAAoD;IACpD,YAAY;IACZ,eAAe;IACf,+DAA+D;IAC/D,iEAAiE;IACjE,kEAAkE;IAClE,oEAAoE;IACpE,QAAQ;IACR,YAAY;IACZ,iBAAiB;IACjB,kBAAkB;IAClB,+DAA+D;IAC/D,2EAA2E;IAC3E,4EAA4E;IAC5E,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,WAAW;CACZ,CAAC,CAAC;AAOH;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,EAAU;IACpC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAEvC,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3C,OAAO,GAAG,MAAM,OAAO,CAAC;IAC1B,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAC3B,OAAgC,EAChC,gBAA6B,kBAAkB;IAE/C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAC7B,YAAY,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AACpC,CAAC"}
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Trellis audit-action constants (phase 1.C.2).
|
|
3
|
+
*
|
|
4
|
+
* These are the canonical `action` strings trellis writes to the
|
|
5
|
+
* foundation audit log. `AuditAction` is an OPEN string union (frozen
|
|
6
|
+
* type) — well-known foundation values get autocomplete; consumers
|
|
7
|
+
* extend with their own dotted names without an API bump. We therefore
|
|
8
|
+
* declare these as `AuditAction`-typed constants (NOT an enum) so the
|
|
9
|
+
* call sites read symbolically while the values stay plain strings.
|
|
10
|
+
*
|
|
11
|
+
* Naming follows foundation's dotted convention. Two families:
|
|
12
|
+
* - data lifecycle (data.*, auth.*, system.region_change)
|
|
13
|
+
* - tenant / IdP (tenant.*, auth.agent_session.*, auth.refresh_replay)
|
|
14
|
+
*
|
|
15
|
+
* The tenant/IdP set is the migration of the old
|
|
16
|
+
* `lib/audit/event-types.ts` `AuditEventType` catalog; the string
|
|
17
|
+
* VALUES are preserved exactly so existing rows / dashboards keep
|
|
18
|
+
* matching.
|
|
19
|
+
*/
|
|
20
|
+
import type { AuditAction } from "@de-otio/saas-foundation/audit";
|
|
21
|
+
export declare const DATA_READ: AuditAction;
|
|
22
|
+
export declare const DATA_CREATE: AuditAction;
|
|
23
|
+
export declare const DATA_UPDATE: AuditAction;
|
|
24
|
+
export declare const DATA_DELETE: AuditAction;
|
|
25
|
+
export declare const AUTH_LOGIN: AuditAction;
|
|
26
|
+
export declare const AUTH_LOGOUT: AuditAction;
|
|
27
|
+
export declare const AUTHZ_DENIED: AuditAction;
|
|
28
|
+
export declare const AUTHZ_GRANTED: AuditAction;
|
|
29
|
+
export declare const SYSTEM_REGION_CHANGE: AuditAction;
|
|
30
|
+
export declare const TENANT_CREATED: AuditAction;
|
|
31
|
+
export declare const TENANT_UPDATED: AuditAction;
|
|
32
|
+
export declare const TENANT_OWNERSHIP_TRANSFERRED: AuditAction;
|
|
33
|
+
export declare const TENANT_MEMBER_INVITED: AuditAction;
|
|
34
|
+
export declare const TENANT_MEMBER_JOINED: AuditAction;
|
|
35
|
+
export declare const TENANT_MEMBER_ROLE_CHANGED: AuditAction;
|
|
36
|
+
export declare const TENANT_MEMBER_REMOVED: AuditAction;
|
|
37
|
+
export declare const TENANT_DOMAIN_ADDED: AuditAction;
|
|
38
|
+
export declare const TENANT_DOMAIN_VERIFIED: AuditAction;
|
|
39
|
+
export declare const TENANT_DOMAIN_REMOVED: AuditAction;
|
|
40
|
+
export declare const TENANT_IDP_CONNECTED: AuditAction;
|
|
41
|
+
export declare const TENANT_IDP_MODIFIED: AuditAction;
|
|
42
|
+
export declare const TENANT_IDP_DISABLED: AuditAction;
|
|
43
|
+
export declare const TENANT_IDP_DELETED: AuditAction;
|
|
44
|
+
export declare const TENANT_ROLE_MAPPING_ADDED: AuditAction;
|
|
45
|
+
export declare const TENANT_ROLE_MAPPING_REMOVED: AuditAction;
|
|
46
|
+
export declare const TENANT_FEDERATED_LOGIN_SUCCESS: AuditAction;
|
|
47
|
+
export declare const TENANT_FEDERATED_LOGIN_DENIED: AuditAction;
|
|
48
|
+
export declare const TENANT_ROLE_REFRESHED_JIT: AuditAction;
|
|
49
|
+
export declare const AUTH_AGENT_SESSION_APPROVED: AuditAction;
|
|
50
|
+
export declare const AUTH_AGENT_SESSION_REVOKED: AuditAction;
|
|
51
|
+
export declare const AUTH_REFRESH_REPLAY: AuditAction;
|
|
52
|
+
export declare const RESEARCH_QUERY: AuditAction;
|
|
53
|
+
export declare const RESEARCH_EXTRACT: AuditAction;
|
|
54
|
+
export declare const EXPERIMENT_ASSIGN: AuditAction;
|
|
55
|
+
export declare const FEATURE_TOGGLE_CHANGED: AuditAction;
|
|
56
|
+
export declare const CONSENT_CHANGED: AuditAction;
|
|
57
|
+
/**
|
|
58
|
+
* Old tenant/IdP `AuditEventType` string -> `AuditAction` constant.
|
|
59
|
+
* The values are identical (preserved verbatim), so this is an identity
|
|
60
|
+
* map at runtime; it exists so the four `AuditEventEmitter` consumers
|
|
61
|
+
* (idp-handler, tenant-handler, agent-authorize, agent-sessions) can
|
|
62
|
+
* keep referencing `AuditEventType.TENANT_*` symbolically via a single
|
|
63
|
+
* re-exported object.
|
|
64
|
+
*/
|
|
65
|
+
export declare const AuditEventType: {
|
|
66
|
+
readonly TENANT_CREATED: string & {};
|
|
67
|
+
readonly TENANT_UPDATED: string & {};
|
|
68
|
+
readonly TENANT_OWNERSHIP_TRANSFERRED: string & {};
|
|
69
|
+
readonly TENANT_MEMBER_INVITED: string & {};
|
|
70
|
+
readonly TENANT_MEMBER_JOINED: string & {};
|
|
71
|
+
readonly TENANT_MEMBER_ROLE_CHANGED: string & {};
|
|
72
|
+
readonly TENANT_MEMBER_REMOVED: string & {};
|
|
73
|
+
readonly TENANT_DOMAIN_ADDED: string & {};
|
|
74
|
+
readonly TENANT_DOMAIN_VERIFIED: string & {};
|
|
75
|
+
readonly TENANT_DOMAIN_REMOVED: string & {};
|
|
76
|
+
readonly TENANT_IDP_CONNECTED: string & {};
|
|
77
|
+
readonly TENANT_IDP_MODIFIED: string & {};
|
|
78
|
+
readonly TENANT_IDP_DISABLED: string & {};
|
|
79
|
+
readonly TENANT_IDP_DELETED: string & {};
|
|
80
|
+
readonly TENANT_ROLE_MAPPING_ADDED: string & {};
|
|
81
|
+
readonly TENANT_ROLE_MAPPING_REMOVED: string & {};
|
|
82
|
+
readonly TENANT_FEDERATED_LOGIN_SUCCESS: string & {};
|
|
83
|
+
readonly TENANT_FEDERATED_LOGIN_DENIED: string & {};
|
|
84
|
+
readonly TENANT_ROLE_REFRESHED_JIT: string & {};
|
|
85
|
+
readonly AUTH_AGENT_SESSION_APPROVED: string & {};
|
|
86
|
+
readonly AUTH_AGENT_SESSION_REVOKED: string & {};
|
|
87
|
+
readonly AUTH_REFRESH_REPLAY: string & {};
|
|
88
|
+
readonly RESEARCH_QUERY: string & {};
|
|
89
|
+
readonly RESEARCH_EXTRACT: string & {};
|
|
90
|
+
readonly EXPERIMENT_ASSIGN: string & {};
|
|
91
|
+
readonly FEATURE_TOGGLE_CHANGED: string & {};
|
|
92
|
+
readonly CONSENT_CHANGED: string & {};
|
|
93
|
+
};
|
|
94
|
+
//# sourceMappingURL=audit-actions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-actions.d.ts","sourceRoot":"","sources":["../../src/lib/audit-actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAGlE,eAAO,MAAM,SAAS,EAAE,WAAyB,CAAC;AAClD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AACtD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AACtD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AAEtD,eAAO,MAAM,UAAU,EAAE,WAA0B,CAAC;AACpD,eAAO,MAAM,WAAW,EAAE,WAA2B,CAAC;AACtD,eAAO,MAAM,YAAY,EAAE,WAA4B,CAAC;AACxD,eAAO,MAAM,aAAa,EAAE,WAA6B,CAAC;AAE1D,eAAO,MAAM,oBAAoB,EAAE,WAAoC,CAAC;AAIxE,eAAO,MAAM,cAAc,EAAE,WAA8B,CAAC;AAC5D,eAAO,MAAM,cAAc,EAAE,WAA8B,CAAC;AAC5D,eAAO,MAAM,4BAA4B,EAAE,WAA4C,CAAC;AACxF,eAAO,MAAM,qBAAqB,EAAE,WAAqC,CAAC;AAC1E,eAAO,MAAM,oBAAoB,EAAE,WAAoC,CAAC;AACxE,eAAO,MAAM,0BAA0B,EAAE,WAA0C,CAAC;AACpF,eAAO,MAAM,qBAAqB,EAAE,WAAqC,CAAC;AAC1E,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AACtE,eAAO,MAAM,sBAAsB,EAAE,WAAsC,CAAC;AAC5E,eAAO,MAAM,qBAAqB,EAAE,WAAqC,CAAC;AAC1E,eAAO,MAAM,oBAAoB,EAAE,WAAoC,CAAC;AACxE,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AACtE,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AACtE,eAAO,MAAM,kBAAkB,EAAE,WAAkC,CAAC;AACpE,eAAO,MAAM,yBAAyB,EAAE,WAAyC,CAAC;AAClF,eAAO,MAAM,2BAA2B,EAAE,WAA2C,CAAC;AACtF,eAAO,MAAM,8BAA8B,EAAE,WAA8C,CAAC;AAC5F,eAAO,MAAM,6BAA6B,EAAE,WAA6C,CAAC;AAC1F,eAAO,MAAM,yBAAyB,EAAE,WAAyC,CAAC;AAElF,eAAO,MAAM,2BAA2B,EAAE,WAA2C,CAAC;AACtF,eAAO,MAAM,0BAA0B,EAAE,WAA0C,CAAC;AACpF,eAAO,MAAM,mBAAmB,EAAE,WAAmC,CAAC;AAOtE,eAAO,MAAM,cAAc,EAAE,WAA8B,CAAC;AAC5D,eAAO,MAAM,gBAAgB,EAAE,WAAgC,CAAC;AAChE,eAAO,MAAM,iBAAiB,EAAE,WAAiC,CAAC;AAKlE,eAAO,MAAM,sBAAsB,EAAE,WAAsC,CAAC;AAI5E,eAAO,MAAM,eAAe,EAAE,WAA+B,CAAC;AAE9D;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6BjB,CAAC"}
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Trellis audit-action constants (phase 1.C.2).
|
|
3
|
+
*
|
|
4
|
+
* These are the canonical `action` strings trellis writes to the
|
|
5
|
+
* foundation audit log. `AuditAction` is an OPEN string union (frozen
|
|
6
|
+
* type) — well-known foundation values get autocomplete; consumers
|
|
7
|
+
* extend with their own dotted names without an API bump. We therefore
|
|
8
|
+
* declare these as `AuditAction`-typed constants (NOT an enum) so the
|
|
9
|
+
* call sites read symbolically while the values stay plain strings.
|
|
10
|
+
*
|
|
11
|
+
* Naming follows foundation's dotted convention. Two families:
|
|
12
|
+
* - data lifecycle (data.*, auth.*, system.region_change)
|
|
13
|
+
* - tenant / IdP (tenant.*, auth.agent_session.*, auth.refresh_replay)
|
|
14
|
+
*
|
|
15
|
+
* The tenant/IdP set is the migration of the old
|
|
16
|
+
* `lib/audit/event-types.ts` `AuditEventType` catalog; the string
|
|
17
|
+
* VALUES are preserved exactly so existing rows / dashboards keep
|
|
18
|
+
* matching.
|
|
19
|
+
*/
|
|
20
|
+
// ── Data-lifecycle actions ───────────────────────────────────────────
|
|
21
|
+
export const DATA_READ = "data.read";
|
|
22
|
+
export const DATA_CREATE = "data.create";
|
|
23
|
+
export const DATA_UPDATE = "data.update";
|
|
24
|
+
export const DATA_DELETE = "data.delete";
|
|
25
|
+
export const AUTH_LOGIN = "auth.login";
|
|
26
|
+
export const AUTH_LOGOUT = "auth.logout";
|
|
27
|
+
export const AUTHZ_DENIED = "authz.denied";
|
|
28
|
+
export const AUTHZ_GRANTED = "authz.granted";
|
|
29
|
+
export const SYSTEM_REGION_CHANGE = "system.region_change";
|
|
30
|
+
// ── Tenant / IdP actions (migrated from lib/audit/event-types.ts) ─────
|
|
31
|
+
// VALUES preserved verbatim from the old `AuditEventType` catalog.
|
|
32
|
+
export const TENANT_CREATED = "tenant.created";
|
|
33
|
+
export const TENANT_UPDATED = "tenant.updated";
|
|
34
|
+
export const TENANT_OWNERSHIP_TRANSFERRED = "tenant.ownership_transferred";
|
|
35
|
+
export const TENANT_MEMBER_INVITED = "tenant.member.invited";
|
|
36
|
+
export const TENANT_MEMBER_JOINED = "tenant.member.joined";
|
|
37
|
+
export const TENANT_MEMBER_ROLE_CHANGED = "tenant.member.role_changed";
|
|
38
|
+
export const TENANT_MEMBER_REMOVED = "tenant.member.removed";
|
|
39
|
+
export const TENANT_DOMAIN_ADDED = "tenant.domain.added";
|
|
40
|
+
export const TENANT_DOMAIN_VERIFIED = "tenant.domain.verified";
|
|
41
|
+
export const TENANT_DOMAIN_REMOVED = "tenant.domain.removed";
|
|
42
|
+
export const TENANT_IDP_CONNECTED = "tenant.idp.connected";
|
|
43
|
+
export const TENANT_IDP_MODIFIED = "tenant.idp.modified";
|
|
44
|
+
export const TENANT_IDP_DISABLED = "tenant.idp.disabled";
|
|
45
|
+
export const TENANT_IDP_DELETED = "tenant.idp.deleted";
|
|
46
|
+
export const TENANT_ROLE_MAPPING_ADDED = "tenant.role_mapping.added";
|
|
47
|
+
export const TENANT_ROLE_MAPPING_REMOVED = "tenant.role_mapping.removed";
|
|
48
|
+
export const TENANT_FEDERATED_LOGIN_SUCCESS = "tenant.federated_login.success";
|
|
49
|
+
export const TENANT_FEDERATED_LOGIN_DENIED = "tenant.federated_login.denied";
|
|
50
|
+
export const TENANT_ROLE_REFRESHED_JIT = "tenant.role.refreshed_jit";
|
|
51
|
+
export const AUTH_AGENT_SESSION_APPROVED = "auth.agent_session.approved";
|
|
52
|
+
export const AUTH_AGENT_SESSION_REVOKED = "auth.agent_session.revoked";
|
|
53
|
+
export const AUTH_REFRESH_REPLAY = "auth.refresh_replay";
|
|
54
|
+
// ── Research / Experiment / Platform-control actions ─────────────────
|
|
55
|
+
//
|
|
56
|
+
// CONVENTION — research.query events MUST NEVER store raw query text in
|
|
57
|
+
// metadata; query text may contain PII. Store a hash or template string
|
|
58
|
+
// with parameters redacted. See doc/02-technical/development/audit-and-toggle-conventions.md.
|
|
59
|
+
export const RESEARCH_QUERY = "research.query";
|
|
60
|
+
export const RESEARCH_EXTRACT = "research.extract";
|
|
61
|
+
export const EXPERIMENT_ASSIGN = "experiment.assign";
|
|
62
|
+
// FEATURE_TOGGLE_CHANGED: emitted by FeatureToggleService.setToggle on
|
|
63
|
+
// every toggle write. Metadata: { key, oldEnabled, newEnabled, changedBy }
|
|
64
|
+
// where changedBy is the admin's USER ID (not email).
|
|
65
|
+
export const FEATURE_TOGGLE_CHANGED = "feature_toggle.changed";
|
|
66
|
+
// CONSENT_CHANGED: canonical action for user consent mutations emitted
|
|
67
|
+
// by the consent-management layer (another agent owns the emit sites).
|
|
68
|
+
export const CONSENT_CHANGED = "consent.changed";
|
|
69
|
+
/**
|
|
70
|
+
* Old tenant/IdP `AuditEventType` string -> `AuditAction` constant.
|
|
71
|
+
* The values are identical (preserved verbatim), so this is an identity
|
|
72
|
+
* map at runtime; it exists so the four `AuditEventEmitter` consumers
|
|
73
|
+
* (idp-handler, tenant-handler, agent-authorize, agent-sessions) can
|
|
74
|
+
* keep referencing `AuditEventType.TENANT_*` symbolically via a single
|
|
75
|
+
* re-exported object.
|
|
76
|
+
*/
|
|
77
|
+
export const AuditEventType = {
|
|
78
|
+
TENANT_CREATED,
|
|
79
|
+
TENANT_UPDATED,
|
|
80
|
+
TENANT_OWNERSHIP_TRANSFERRED,
|
|
81
|
+
TENANT_MEMBER_INVITED,
|
|
82
|
+
TENANT_MEMBER_JOINED,
|
|
83
|
+
TENANT_MEMBER_ROLE_CHANGED,
|
|
84
|
+
TENANT_MEMBER_REMOVED,
|
|
85
|
+
TENANT_DOMAIN_ADDED,
|
|
86
|
+
TENANT_DOMAIN_VERIFIED,
|
|
87
|
+
TENANT_DOMAIN_REMOVED,
|
|
88
|
+
TENANT_IDP_CONNECTED,
|
|
89
|
+
TENANT_IDP_MODIFIED,
|
|
90
|
+
TENANT_IDP_DISABLED,
|
|
91
|
+
TENANT_IDP_DELETED,
|
|
92
|
+
TENANT_ROLE_MAPPING_ADDED,
|
|
93
|
+
TENANT_ROLE_MAPPING_REMOVED,
|
|
94
|
+
TENANT_FEDERATED_LOGIN_SUCCESS,
|
|
95
|
+
TENANT_FEDERATED_LOGIN_DENIED,
|
|
96
|
+
TENANT_ROLE_REFRESHED_JIT,
|
|
97
|
+
AUTH_AGENT_SESSION_APPROVED,
|
|
98
|
+
AUTH_AGENT_SESSION_REVOKED,
|
|
99
|
+
AUTH_REFRESH_REPLAY,
|
|
100
|
+
// Research / Experiment / Platform-control
|
|
101
|
+
RESEARCH_QUERY,
|
|
102
|
+
RESEARCH_EXTRACT,
|
|
103
|
+
EXPERIMENT_ASSIGN,
|
|
104
|
+
FEATURE_TOGGLE_CHANGED,
|
|
105
|
+
CONSENT_CHANGED,
|
|
106
|
+
};
|
|
107
|
+
//# sourceMappingURL=audit-actions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-actions.js","sourceRoot":"","sources":["../../src/lib/audit-actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,wEAAwE;AACxE,MAAM,CAAC,MAAM,SAAS,GAAgB,WAAW,CAAC;AAClD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AAEtD,MAAM,CAAC,MAAM,UAAU,GAAgB,YAAY,CAAC;AACpD,MAAM,CAAC,MAAM,WAAW,GAAgB,aAAa,CAAC;AACtD,MAAM,CAAC,MAAM,YAAY,GAAgB,cAAc,CAAC;AACxD,MAAM,CAAC,MAAM,aAAa,GAAgB,eAAe,CAAC;AAE1D,MAAM,CAAC,MAAM,oBAAoB,GAAgB,sBAAsB,CAAC;AAExE,yEAAyE;AACzE,mEAAmE;AACnE,MAAM,CAAC,MAAM,cAAc,GAAgB,gBAAgB,CAAC;AAC5D,MAAM,CAAC,MAAM,cAAc,GAAgB,gBAAgB,CAAC;AAC5D,MAAM,CAAC,MAAM,4BAA4B,GAAgB,8BAA8B,CAAC;AACxF,MAAM,CAAC,MAAM,qBAAqB,GAAgB,uBAAuB,CAAC;AAC1E,MAAM,CAAC,MAAM,oBAAoB,GAAgB,sBAAsB,CAAC;AACxE,MAAM,CAAC,MAAM,0BAA0B,GAAgB,4BAA4B,CAAC;AACpF,MAAM,CAAC,MAAM,qBAAqB,GAAgB,uBAAuB,CAAC;AAC1E,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AACtE,MAAM,CAAC,MAAM,sBAAsB,GAAgB,wBAAwB,CAAC;AAC5E,MAAM,CAAC,MAAM,qBAAqB,GAAgB,uBAAuB,CAAC;AAC1E,MAAM,CAAC,MAAM,oBAAoB,GAAgB,sBAAsB,CAAC;AACxE,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AACtE,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AACtE,MAAM,CAAC,MAAM,kBAAkB,GAAgB,oBAAoB,CAAC;AACpE,MAAM,CAAC,MAAM,yBAAyB,GAAgB,2BAA2B,CAAC;AAClF,MAAM,CAAC,MAAM,2BAA2B,GAAgB,6BAA6B,CAAC;AACtF,MAAM,CAAC,MAAM,8BAA8B,GAAgB,gCAAgC,CAAC;AAC5F,MAAM,CAAC,MAAM,6BAA6B,GAAgB,+BAA+B,CAAC;AAC1F,MAAM,CAAC,MAAM,yBAAyB,GAAgB,2BAA2B,CAAC;AAElF,MAAM,CAAC,MAAM,2BAA2B,GAAgB,6BAA6B,CAAC;AACtF,MAAM,CAAC,MAAM,0BAA0B,GAAgB,4BAA4B,CAAC;AACpF,MAAM,CAAC,MAAM,mBAAmB,GAAgB,qBAAqB,CAAC;AAEtE,wEAAwE;AACxE,EAAE;AACF,wEAAwE;AACxE,wEAAwE;AACxE,8FAA8F;AAC9F,MAAM,CAAC,MAAM,cAAc,GAAgB,gBAAgB,CAAC;AAC5D,MAAM,CAAC,MAAM,gBAAgB,GAAgB,kBAAkB,CAAC;AAChE,MAAM,CAAC,MAAM,iBAAiB,GAAgB,mBAAmB,CAAC;AAElE,uEAAuE;AACvE,2EAA2E;AAC3E,sDAAsD;AACtD,MAAM,CAAC,MAAM,sBAAsB,GAAgB,wBAAwB,CAAC;AAE5E,uEAAuE;AACvE,uEAAuE;AACvE,MAAM,CAAC,MAAM,eAAe,GAAgB,iBAAiB,CAAC;AAE9D;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,cAAc;IACd,cAAc;IACd,4BAA4B;IAC5B,qBAAqB;IACrB,oBAAoB;IACpB,0BAA0B;IAC1B,qBAAqB;IACrB,mBAAmB;IACnB,sBAAsB;IACtB,qBAAqB;IACrB,oBAAoB;IACpB,mBAAmB;IACnB,mBAAmB;IACnB,kBAAkB;IAClB,yBAAyB;IACzB,2BAA2B;IAC3B,8BAA8B;IAC9B,6BAA6B;IAC7B,yBAAyB;IACzB,2BAA2B;IAC3B,0BAA0B;IAC1B,mBAAmB;IACnB,2CAA2C;IAC3C,cAAc;IACd,gBAAgB;IAChB,iBAAiB;IACjB,sBAAsB;IACtB,eAAe;CACP,CAAC"}
|
|
@@ -0,0 +1,174 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit composer (phase 1.C.2).
|
|
3
|
+
*
|
|
4
|
+
* Trellis-side facade over `@de-otio/saas-foundation/audit`. Replaces
|
|
5
|
+
* the old `AuditLogger` (data lifecycle) and `AuditEventEmitter`
|
|
6
|
+
* (tenant / IdP) with a single composition point that:
|
|
7
|
+
*
|
|
8
|
+
* 1. Applies trellis's default-DENY allowlist (`filterPayload`) +
|
|
9
|
+
* IP anonymisation (`anonymizeIp`) to event metadata BEFORE the
|
|
10
|
+
* event reaches foundation. (LOCKED: keep the allowlist.)
|
|
11
|
+
* 2. Hands the scrubbed event to foundation's `AuditLog`, which is
|
|
12
|
+
* configured with foundation's `PiiFilter` (denylist) as a
|
|
13
|
+
* SECOND, additive layer. (LOCKED: denylist is additive, not a
|
|
14
|
+
* replacement.)
|
|
15
|
+
* 3. Persists via `PostgresAuditStore` over a region-resolved Prisma
|
|
16
|
+
* client. Retention tiers: info=30, warning=90, error=365 days.
|
|
17
|
+
* (LOCKED.)
|
|
18
|
+
*
|
|
19
|
+
* Frozen-type crossing: this module is the first trellis consumer of
|
|
20
|
+
* the frozen `AuditEvent` / `AuditAction` vocabulary. Future changes to
|
|
21
|
+
* the emitted shape go through the frozen-type RFC process.
|
|
22
|
+
*
|
|
23
|
+
* Severity collapse (trellis 4-tier -> foundation 3-tier):
|
|
24
|
+
* low + medium -> info (30d)
|
|
25
|
+
* high -> warning (90d)
|
|
26
|
+
* critical -> error (365d)
|
|
27
|
+
*
|
|
28
|
+
* ── SECURITY-SENSITIVE READ CONVENTION ───────────────────────────────
|
|
29
|
+
*
|
|
30
|
+
* Any BULK, CROSS-USER, or EXPORT read of user data MUST emit an audit
|
|
31
|
+
* event. An audit trail cannot be backfilled — if the read is not
|
|
32
|
+
* recorded at the time it occurs, it is permanently invisible to
|
|
33
|
+
* compliance reviews.
|
|
34
|
+
*
|
|
35
|
+
* Worked example — admin bulk-export of user records:
|
|
36
|
+
*
|
|
37
|
+
* await auditLogger.logDataAccess({
|
|
38
|
+
* action: DATA_READ,
|
|
39
|
+
* resource: "user",
|
|
40
|
+
* resourceId: `bulk:${requestedCount}`,
|
|
41
|
+
* userId: session.userId, // the requesting admin's ID
|
|
42
|
+
* region: detectedRegion,
|
|
43
|
+
* success: true,
|
|
44
|
+
* metadata: {
|
|
45
|
+
* targetType: "user_export",
|
|
46
|
+
* reason: "compliance_request",
|
|
47
|
+
* },
|
|
48
|
+
* }, env);
|
|
49
|
+
*
|
|
50
|
+
* Scope of the rule:
|
|
51
|
+
* - Covered NOW: mutations (data.create / update / delete), auth,
|
|
52
|
+
* feature_toggle.changed, tenant / IdP events.
|
|
53
|
+
* - Deferred: individual single-user reads (low priority).
|
|
54
|
+
* - IN SCOPE for the research platform: any research.query,
|
|
55
|
+
* research.extract, experiment.assign operation.
|
|
56
|
+
*
|
|
57
|
+
* See doc/02-technical/development/audit-and-toggle-conventions.md for
|
|
58
|
+
* naming conventions, prefix rules, and the research.query PII rule.
|
|
59
|
+
*/
|
|
60
|
+
import type { AuditAction, AuditEvent } from "@de-otio/saas-foundation/audit";
|
|
61
|
+
import { type EnvWithDb } from "../db.js";
|
|
62
|
+
import { type Region } from "./region-detection.js";
|
|
63
|
+
export type TrellisSeverity = "low" | "medium" | "high" | "critical";
|
|
64
|
+
/**
|
|
65
|
+
* Anything with an `auditEvent.create` method. The real Prisma client
|
|
66
|
+
* (`ManagedPrismaClient`), the structural `PrismaAuditClient`, and test
|
|
67
|
+
* mocks all satisfy this. Foundation's `PostgresAuditStore` requires the
|
|
68
|
+
* narrower `PrismaAuditClient`; Prisma's generated `create` is more
|
|
69
|
+
* generic than (and so not structurally assignable to) foundation's
|
|
70
|
+
* narrow shape, so we accept the broad type at the boundary and cast
|
|
71
|
+
* once inside `getAuditLog`. The cast is runtime-safe — the column
|
|
72
|
+
* names foundation writes match the generated `AuditEvent` model.
|
|
73
|
+
*/
|
|
74
|
+
export type AuditPrismaClientLike = {
|
|
75
|
+
readonly auditEvent: {
|
|
76
|
+
create: (...args: never[]) => unknown;
|
|
77
|
+
};
|
|
78
|
+
};
|
|
79
|
+
export type TrellisAuditEventType = "data_access" | "data_create" | "data_update" | "data_delete" | "user_action" | "authentication" | "authorization" | "region_change";
|
|
80
|
+
export interface TrellisAuditEvent {
|
|
81
|
+
type?: TrellisAuditEventType;
|
|
82
|
+
action: string;
|
|
83
|
+
resource: string;
|
|
84
|
+
resourceId?: string;
|
|
85
|
+
userId?: string;
|
|
86
|
+
region: Region;
|
|
87
|
+
dataRegion?: string;
|
|
88
|
+
ipAddress?: string;
|
|
89
|
+
userAgent?: string;
|
|
90
|
+
metadata?: Record<string, unknown>;
|
|
91
|
+
severity?: TrellisSeverity;
|
|
92
|
+
success: boolean;
|
|
93
|
+
}
|
|
94
|
+
export interface TrellisAuditLoggerEnv extends EnvWithDb {
|
|
95
|
+
DEFAULT_REGION?: string;
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* `TrellisAuditLogger` — drop-in for the old `AuditLogger`. Region-aware
|
|
99
|
+
* (resolves a Prisma client per region), best-effort (never throws into
|
|
100
|
+
* the caller), and validates region before emitting (invalid-region
|
|
101
|
+
* events are dropped, as before).
|
|
102
|
+
*/
|
|
103
|
+
export declare class TrellisAuditLogger {
|
|
104
|
+
private readonly requestId?;
|
|
105
|
+
constructor(_env?: TrellisAuditLoggerEnv, requestId?: string | undefined);
|
|
106
|
+
withRequestId(requestId: string): TrellisAuditLogger;
|
|
107
|
+
logDataAccess(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
|
|
108
|
+
type?: TrellisAuditEventType;
|
|
109
|
+
severity?: TrellisSeverity;
|
|
110
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
111
|
+
logUserAction(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
|
|
112
|
+
type?: TrellisAuditEventType;
|
|
113
|
+
severity?: TrellisSeverity;
|
|
114
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
115
|
+
logAuthentication(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
|
|
116
|
+
type?: TrellisAuditEventType;
|
|
117
|
+
severity?: TrellisSeverity;
|
|
118
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
119
|
+
logAuthorization(event: Omit<TrellisAuditEvent, "type" | "severity"> & {
|
|
120
|
+
type?: TrellisAuditEventType;
|
|
121
|
+
severity?: TrellisSeverity;
|
|
122
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
123
|
+
/** Generic entry point — accepts a full trellis event. */
|
|
124
|
+
log(event: Omit<TrellisAuditEvent, "severity"> & {
|
|
125
|
+
severity?: TrellisSeverity;
|
|
126
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
127
|
+
/**
|
|
128
|
+
* Emit a system-level event where the `action` string is passed directly
|
|
129
|
+
* to the foundation audit log (bypassing the coarse `actionFor()` mapping).
|
|
130
|
+
*
|
|
131
|
+
* Use for platform-control actions like `feature_toggle.changed`,
|
|
132
|
+
* `consent.changed`, `experiment.assign` that have their own dedicated
|
|
133
|
+
* action constant and should not be collapsed to a coarse `data.*` label.
|
|
134
|
+
*
|
|
135
|
+
* The `action` parameter MUST be a known `AuditAction` constant from
|
|
136
|
+
* `audit-actions.ts`; do not pass free-form strings.
|
|
137
|
+
*
|
|
138
|
+
* Best-effort — never throws into the caller.
|
|
139
|
+
*/
|
|
140
|
+
logSystemAction(action: AuditAction, event: Omit<TrellisAuditEvent, "type" | "action" | "severity"> & {
|
|
141
|
+
severity?: TrellisSeverity;
|
|
142
|
+
}, env: TrellisAuditLoggerEnv): Promise<void>;
|
|
143
|
+
private emitDirect;
|
|
144
|
+
private emit;
|
|
145
|
+
}
|
|
146
|
+
/** Factory — drop-in for the old `createAuditLogger`. */
|
|
147
|
+
export declare function createAuditLogger(env?: TrellisAuditLoggerEnv, requestId?: string): TrellisAuditLogger;
|
|
148
|
+
/** Input shape preserved from the old `AuditEventEmitter.emit`. */
|
|
149
|
+
export interface TenantAuditEmitInput {
|
|
150
|
+
type: AuditAction;
|
|
151
|
+
tenantId: string;
|
|
152
|
+
actorUserId: string;
|
|
153
|
+
payload: Record<string, unknown>;
|
|
154
|
+
/** Source IP — anonymised to /24 (v4) or /64 (v6) before storage. */
|
|
155
|
+
sourceIp?: string;
|
|
156
|
+
/** Present when made through an agent session. */
|
|
157
|
+
agentSessionId?: string;
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* `TenantAuditEmitter` — replaces the CloudWatch+Postgres
|
|
161
|
+
* `AuditEventEmitter`. CloudWatch is dropped (foundation owns the sink);
|
|
162
|
+
* the Postgres write now goes through foundation's `AuditLog` /
|
|
163
|
+
* `PostgresAuditStore`. Signature `emit(input, prismaClient)` is
|
|
164
|
+
* preserved so the four consumers change only their import.
|
|
165
|
+
*
|
|
166
|
+
* Tenant/IdP events are tenant-scoped (`actor.kind = "user"`,
|
|
167
|
+
* `tenantId` set) and default to `info` severity (matching the old
|
|
168
|
+
* "medium" -> info collapse).
|
|
169
|
+
*/
|
|
170
|
+
export declare class TenantAuditEmitter {
|
|
171
|
+
emit(input: TenantAuditEmitInput, prisma: AuditPrismaClientLike): Promise<void>;
|
|
172
|
+
}
|
|
173
|
+
export type { AuditEvent };
|
|
174
|
+
//# sourceMappingURL=audit-composer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-composer.d.ts","sourceRoot":"","sources":["../../src/lib/audit-composer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0DG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAK9E,OAAO,EAAyB,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAiB,KAAK,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAcnE,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAuDrE;;;;;;;;;GASG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,CAAC,UAAU,EAAE;QAAE,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,OAAO,CAAA;KAAE,CAAC;CAChE,CAAC;AAqBF,MAAM,MAAM,qBAAqB,GAC7B,aAAa,GACb,aAAa,GACb,aAAa,GACb,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,eAAe,GACf,eAAe,CAAC;AAEpB,MAAM,WAAW,iBAAiB;IAChC,IAAI,CAAC,EAAE,qBAAqB,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,qBAAsB,SAAQ,SAAS;IACtD,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AA4BD;;;;;GAKG;AACH,qBAAa,kBAAkB;IAM3B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAD3B,IAAI,CAAC,EAAE,qBAAqB,EACX,SAAS,CAAC,EAAE,MAAM,YAAA;IAG9B,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,kBAAkB;IAI9C,aAAa,CACxB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAOH,aAAa,CACxB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAOH,iBAAiB,CAC5B,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAYH,gBAAgB,CAC3B,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,UAAU,CAAC,GAAG;QACpD,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAWhB,0DAA0D;IAC7C,GAAG,CACd,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,eAAe,CAAA;KAAE,EAC3E,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;IAahB;;;;;;;;;;;;OAYG;IACU,eAAe,CAC1B,MAAM,EAAE,WAAW,EACnB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,QAAQ,GAAG,UAAU,CAAC,GAAG;QAC/D,QAAQ,CAAC,EAAE,eAAe,CAAC;KAC5B,EACD,GAAG,EAAE,qBAAqB,GACzB,OAAO,CAAC,IAAI,CAAC;YAIF,UAAU;YAuEV,IAAI;CA6FnB;AAED,yDAAyD;AACzD,wBAAgB,iBAAiB,CAC/B,GAAG,CAAC,EAAE,qBAAqB,EAC3B,SAAS,CAAC,EAAE,MAAM,GACjB,kBAAkB,CAEpB;AAID,mEAAmE;AACnE,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,WAAW,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,kBAAkB;IAChB,IAAI,CAAC,KAAK,EAAE,oBAAoB,EAAE,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;CAyC7F;AAED,YAAY,EAAE,UAAU,EAAE,CAAC"}
|