@nauth-toolkit/core 0.1.13 → 0.1.17

package/dist/entities.d.ts

@@ -1,2 +1,10 @@
+/**
+ * Entities barrel export (shim)
+ *
+ * This file exists to ensure TypeScript's emitted declaration paths (e.g. `./entities.js`)
+ * resolve correctly for consumers.
+ *
+ * See `packages/core/src/dto.ts` for background.
+ */
 export * from './entities/index';
 //# sourceMappingURL=entities.d.ts.map

package/dist/entities.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"entities.d.ts","sourceRoot":"","sources":["../src/entities.ts"],"names":[],"mappings":"AAQA,cAAc,kBAAkB,CAAC"}
+{"version":3,"file":"entities.d.ts","sourceRoot":"","sources":["../src/entities.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,cAAc,kBAAkB,CAAC"}

package/dist/entities.js

@@ -14,5 +14,13 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * Entities barrel export (shim)
+ *
+ * This file exists to ensure TypeScript's emitted declaration paths (e.g. `./entities.js`)
+ * resolve correctly for consumers.
+ *
+ * See `packages/core/src/dto.ts` for background.
+ */
 __exportStar(require("./entities/index"), exports);
 //# sourceMappingURL=entities.js.map

package/dist/entities.js.map

@@ -1 +1 @@
-{"version":3,"file":"entities.js","sourceRoot":"","sources":["../src/entities.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAQA,mDAAiC"}
+{"version":3,"file":"entities.js","sourceRoot":"","sources":["../src/entities.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA;;;;;;;GAOG;AACH,mDAAiC"}

package/dist/enums/auth-audit-event-type.enum.d.ts

@@ -1,55 +1,266 @@
+/**
+ * Authentication Audit Event Types
+ *
+ * Comprehensive enumeration of all authentication and security events
+ * that are recorded in the audit trail.
+ *
+ * **Organization:**
+ * - Login events (success, failure, blocked)
+ * - Session management events
+ * - Password operations
+ * - Multi-Factor Authentication (MFA) events
+ * - Adaptive MFA events (risk-based)
+ * - Verification events (email, phone)
+ * - Account management events
+ * - Profile update events
+ * - Social authentication events
+ * - Challenge flow events
+ * - Security violation events
+ *
+ * **Note:** TOKEN_REFRESHED is intentionally excluded as it occurs too
+ * frequently and would create excessive audit noise. Only security-relevant
+ * token operations are audited.
+ *
+ * @example
+ * ```typescript
+ * await auditService.recordEvent({
+ *   userId: user.id,
+ *   eventType: AuthAuditEventType.LOGIN_SUCCESS,
+ *   eventStatus: 'SUCCESS',
+ *   authMethod: 'password',
+ *   ipAddress: '1.2.3.4',
+ * });
+ * ```
+ */
 export declare enum AuthAuditEventType {
+    /**
+     * Login attempt initiated (credentials validated, risk assessed, MFA evaluated)
+     *
+     * This event is recorded when:
+     * - User credentials are validated successfully
+     * - Adaptive MFA risk evaluation is performed
+     * - Risk factors and MFA requirement status are recorded
+     *
+     * Note: This is logged before the final login outcome (success/failure/challenge).
+     * Use LOGIN_SUCCESS for successful completions, LOGIN_FAILED for failures.
+     */
     LOGIN_ATTEMPT = "LOGIN_ATTEMPT",
+    /**
+     * User successfully authenticated
+     */
     LOGIN_SUCCESS = "LOGIN_SUCCESS",
+    /**
+     * Login attempt failed (invalid credentials, account locked, etc.)
+     */
     LOGIN_FAILED = "LOGIN_FAILED",
+    /**
+     * Login attempt blocked (account locked, IP blocked, etc.)
+     *
+     * Note: This should only be used for actual blocks (IP lockout, account locked).
+     * Do not use for MFA/challenge flows - use LOGIN_ATTEMPT + CHALLENGE_CREATED instead.
+     */
     LOGIN_BLOCKED = "LOGIN_BLOCKED",
+    /**
+     * New session created (after successful authentication)
+     */
     SESSION_CREATED = "SESSION_CREATED",
+    /**
+     * Session revoked (logout, security violation, admin action)
+     */
     SESSION_REVOKED = "SESSION_REVOKED",
+    /**
+     * Global signout performed (all sessions revoked)
+     *
+     * This event is recorded once when a user performs global signout.
+     * Individual SESSION_REVOKED events are also recorded for each revoked session.
+     */
     GLOBAL_SIGNOUT = "GLOBAL_SIGNOUT",
+    /**
+     * User changed their password
+     */
     PASSWORD_CHANGED = "PASSWORD_CHANGED",
+    /**
+     * Password reset requested (email/SMS sent)
+     */
     PASSWORD_RESET_REQUESTED = "PASSWORD_RESET_REQUESTED",
+    /**
+     * Password reset completed successfully
+     */
     PASSWORD_RESET_COMPLETED = "PASSWORD_RESET_COMPLETED",
+    /**
+     * Force password change requirement set (by admin or policy)
+     */
     PASSWORD_FORCE_CHANGE_SET = "PASSWORD_FORCE_CHANGE_SET",
+    /**
+     * Force password change completed
+     */
     PASSWORD_FORCE_CHANGE_COMPLETED = "PASSWORD_FORCE_CHANGE_COMPLETED",
+    /**
+     * MFA enabled for user account
+     */
     MFA_ENABLED = "MFA_ENABLED",
+    /**
+     * MFA disabled for user account
+     */
     MFA_DISABLED = "MFA_DISABLED",
+    /**
+     * New MFA device registered (TOTP, SMS, Passkey)
+     */
     MFA_DEVICE_ADDED = "MFA_DEVICE_ADDED",
+    /**
+     * MFA device removed from account
+     */
     MFA_DEVICE_REMOVED = "MFA_DEVICE_REMOVED",
+    /**
+     * MFA device updated (name changed, primary flag changed, etc.)
+     */
     MFA_DEVICE_UPDATED = "MFA_DEVICE_UPDATED",
+    /**
+     * MFA verification succeeded
+     */
     MFA_VERIFICATION_SUCCESS = "MFA_VERIFICATION_SUCCESS",
+    /**
+     * MFA verification failed (invalid code, expired, etc.)
+     */
     MFA_VERIFICATION_FAILED = "MFA_VERIFICATION_FAILED",
+    /**
+     * MFA exemption granted (admin action)
+     */
     MFA_EXEMPTION_GRANTED = "MFA_EXEMPTION_GRANTED",
+    /**
+     * MFA exemption revoked (admin action)
+     */
     MFA_EXEMPTION_REVOKED = "MFA_EXEMPTION_REVOKED",
+    /**
+     * Backup codes generated for MFA recovery
+     */
     MFA_BACKUP_CODES_GENERATED = "MFA_BACKUP_CODES_GENERATED",
+    /**
+     * Backup code used for MFA verification
+     */
     MFA_BACKUP_CODE_USED = "MFA_BACKUP_CODE_USED",
+    /**
+     * User's preferred MFA method updated
+     */
     MFA_PREFERRED_METHOD_UPDATED = "MFA_PREFERRED_METHOD_UPDATED",
+    /**
+     * Device trusted by user (user opt-in for remember device feature)
+     */
     DEVICE_TRUSTED = "DEVICE_TRUSTED",
+    /**
+     * Trusted device revoked (user untrusted device or device expired)
+     */
     DEVICE_UNTRUSTED = "DEVICE_UNTRUSTED",
+    /**
+     * Risk assessment completed (for future adaptive MFA implementation)
+     *
+     * Note: This is infrastructure for future adaptive MFA. The audit service
+     * records risk data but does not calculate risk scores.
+     */
     ADAPTIVE_MFA_RISK_ASSESSED = "ADAPTIVE_MFA_RISK_ASSESSED",
+    /**
+     * Adaptive MFA triggered due to risk factors (for future implementation)
+     *
+     * Note: This is infrastructure for future adaptive MFA.
+     */
     ADAPTIVE_MFA_TRIGGERED = "ADAPTIVE_MFA_TRIGGERED",
+    /**
+     * Adaptive MFA bypassed due to low risk (for future implementation)
+     *
+     * Note: This is infrastructure for future adaptive MFA.
+     */
     ADAPTIVE_MFA_BYPASSED = "ADAPTIVE_MFA_BYPASSED",
+    /**
+     * Email address verified successfully
+     */
     EMAIL_VERIFIED = "EMAIL_VERIFIED",
+    /**
+     * Email verification code/link requested
+     */
     EMAIL_VERIFICATION_REQUESTED = "EMAIL_VERIFICATION_REQUESTED",
+    /**
+     * Email verification failed (invalid code, expired, etc.)
+     */
     EMAIL_VERIFICATION_FAILED = "EMAIL_VERIFICATION_FAILED",
+    /**
+     * Phone number verified successfully
+     */
     PHONE_VERIFIED = "PHONE_VERIFIED",
+    /**
+     * Phone verification code requested
+     */
     PHONE_VERIFICATION_REQUESTED = "PHONE_VERIFICATION_REQUESTED",
+    /**
+     * Phone verification failed (invalid code, expired, etc.)
+     */
     PHONE_VERIFICATION_FAILED = "PHONE_VERIFICATION_FAILED",
+    /**
+     * New user account created (signup)
+     */
     ACCOUNT_CREATED = "ACCOUNT_CREATED",
+    /**
+     * User account activated
+     */
     ACCOUNT_ACTIVATED = "ACCOUNT_ACTIVATED",
+    /**
+     * User account deactivated
+     */
     ACCOUNT_DEACTIVATED = "ACCOUNT_DEACTIVATED",
+    /**
+     * User account locked (security measure)
+     */
     ACCOUNT_LOCKED = "ACCOUNT_LOCKED",
+    /**
+     * User account unlocked (admin action or auto-unlock)
+     */
     ACCOUNT_UNLOCKED = "ACCOUNT_UNLOCKED",
+    /**
+     * User account deleted
+     */
     ACCOUNT_DELETED = "ACCOUNT_DELETED",
+    /**
+     * User profile updated (general update)
+     */
     PROFILE_UPDATED = "PROFILE_UPDATED",
+    /**
+     * User email address changed
+     */
     EMAIL_CHANGED = "EMAIL_CHANGED",
+    /**
+     * User phone number changed
+     */
     PHONE_CHANGED = "PHONE_CHANGED",
+    /**
+     * User username changed
+     */
     USERNAME_CHANGED = "USERNAME_CHANGED",
+    /**
+     * User authenticated via social provider (Google, Apple, Facebook, etc.)
+     */
     SOCIAL_LOGIN = "SOCIAL_LOGIN",
+    /**
+     * Social account linked to user account
+     */
     SOCIAL_ACCOUNT_LINKED = "SOCIAL_ACCOUNT_LINKED",
+    /**
+     * Social account unlinked from user account
+     */
     SOCIAL_ACCOUNT_UNLINKED = "SOCIAL_ACCOUNT_UNLINKED",
+    /**
+     * Challenge session created (email verification, phone verification, MFA setup, etc.)
+     */
     CHALLENGE_CREATED = "CHALLENGE_CREATED",
+    /**
+     * Challenge completed successfully
+     */
     CHALLENGE_COMPLETED = "CHALLENGE_COMPLETED",
+    /**
+     * Challenge attempt failed (max attempts exceeded)
+     */
     CHALLENGE_ATTEMPT_FAILED = "CHALLENGE_ATTEMPT_FAILED",
+    /**
+     * Suspicious activity detected (token reuse, impossible travel, etc.)
+     */
     SUSPICIOUS_ACTIVITY = "SUSPICIOUS_ACTIVITY"
 }
 //# sourceMappingURL=auth-audit-event-type.enum.d.ts.map

package/dist/enums/auth-audit-event-type.enum.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-audit-event-type.enum.d.ts","sourceRoot":"","sources":["../../src/enums/auth-audit-event-type.enum.ts"],"names":[],"mappings":"AAkCA,oBAAY,kBAAkB;IAgB5B,aAAa,kBAAkB;IAK/B,aAAa,kBAAkB;IAK/B,YAAY,iBAAiB;IAQ7B,aAAa,kBAAkB;IAS/B,eAAe,oBAAoB;IAKnC,eAAe,oBAAoB;IAQnC,cAAc,mBAAmB;IASjC,gBAAgB,qBAAqB;IAKrC,wBAAwB,6BAA6B;IAKrD,wBAAwB,6BAA6B;IAKrD,yBAAyB,8BAA8B;IAKvD,+BAA+B,oCAAoC;IASnE,WAAW,gBAAgB;IAK3B,YAAY,iBAAiB;IAK7B,gBAAgB,qBAAqB;IAKrC,kBAAkB,uBAAuB;IAKzC,kBAAkB,uBAAuB;IAKzC,wBAAwB,6BAA6B;IAKrD,uBAAuB,4BAA4B;IAKnD,qBAAqB,0BAA0B;IAK/C,qBAAqB,0BAA0B;IAK/C,0BAA0B,+BAA+B;IAKzD,oBAAoB,yBAAyB;IAK7C,4BAA4B,iCAAiC;IAK7D,cAAc,mBAAmB;IAKjC,gBAAgB,qBAAqB;IAYrC,0BAA0B,+BAA+B;IAOzD,sBAAsB,2BAA2B;IAOjD,qBAAqB,0BAA0B;IAS/C,cAAc,mBAAmB;IAKjC,4BAA4B,iCAAiC;IAK7D,yBAAyB,8BAA8B;IAKvD,cAAc,mBAAmB;IAKjC,4BAA4B,iCAAiC;IAK7D,yBAAyB,8BAA8B;IASvD,eAAe,oBAAoB;IAKnC,iBAAiB,sBAAsB;IAKvC,mBAAmB,wBAAwB;IAK3C,cAAc,mBAAmB;IAKjC,gBAAgB,qBAAqB;IAKrC,eAAe,oBAAoB;IASnC,eAAe,oBAAoB;IAKnC,aAAa,kBAAkB;IAK/B,aAAa,kBAAkB;IAK/B,gBAAgB,qBAAqB;IASrC,YAAY,iBAAiB;IAK7B,qBAAqB,0BAA0B;IAK/C,uBAAuB,4BAA4B;IASnD,iBAAiB,sBAAsB;IAKvC,mBAAmB,wBAAwB;IAK3C,wBAAwB,6BAA6B;IASrD,mBAAmB,wBAAwB;CAC5C"}
+{"version":3,"file":"auth-audit-event-type.enum.d.ts","sourceRoot":"","sources":["../../src/enums/auth-audit-event-type.enum.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,oBAAY,kBAAkB;IAK5B;;;;;;;;;;OAUG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,YAAY,iBAAiB;IAE7B;;;;;OAKG;IACH,aAAa,kBAAkB;IAM/B;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;;;;OAKG;IACH,cAAc,mBAAmB;IAMjC;;OAEG;IACH,gBAAgB,qBAAqB;IAErC;;OAEG;IACH,wBAAwB,6BAA6B;IAErD;;OAEG;IACH,wBAAwB,6BAA6B;IAErD;;OAEG;IACH,yBAAyB,8BAA8B;IAEvD;;OAEG;IACH,+BAA+B,oCAAoC;IAMnE;;OAEG;IACH,WAAW,gBAAgB;IAE3B;;OAEG;IACH,YAAY,iBAAiB;IAE7B;;OAEG;IACH,gBAAgB,qBAAqB;IAErC;;OAEG;IACH,kBAAkB,uBAAuB;IAEzC;;OAEG;IACH,kBAAkB,uBAAuB;IAEzC;;OAEG;IACH,wBAAwB,6BAA6B;IAErD;;OAEG;IACH,uBAAuB,4BAA4B;IAEnD;;OAEG;IACH,qBAAqB,0BAA0B;IAE/C;;OAEG;IACH,qBAAqB,0BAA0B;IAE/C;;OAEG;IACH,0BAA0B,+BAA+B;IAEzD;;OAEG;IACH,oBAAoB,yBAAyB;IAE7C;;OAEG;IACH,4BAA4B,iCAAiC;IAE7D;;OAEG;IACH,cAAc,mBAAmB;IAEjC;;OAEG;IACH,gBAAgB,qBAAqB;IAMrC;;;;;OAKG;IACH,0BAA0B,+BAA+B;IAEzD;;;;OAIG;IACH,sBAAsB,2BAA2B;IAEjD;;;;OAIG;IACH,qBAAqB,0BAA0B;IAM/C;;OAEG;IACH,cAAc,mBAAmB;IAEjC;;OAEG;IACH,4BAA4B,iCAAiC;IAE7D;;OAEG;IACH,yBAAyB,8BAA8B;IAEvD;;OAEG;IACH,cAAc,mBAAmB;IAEjC;;OAEG;IACH,4BAA4B,iCAAiC;IAE7D;;OAEG;IACH,yBAAyB,8BAA8B;IAMvD;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;OAEG;IACH,iBAAiB,sBAAsB;IAEvC;;OAEG;IACH,mBAAmB,wBAAwB;IAE3C;;OAEG;IACH,cAAc,mBAAmB;IAEjC;;OAEG;IACH,gBAAgB,qBAAqB;IAErC;;OAEG;IACH,eAAe,oBAAoB;IAMnC;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;OAEG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,gBAAgB,qBAAqB;IAMrC;;OAEG;IACH,YAAY,iBAAiB;IAE7B;;OAEG;IACH,qBAAqB,0BAA0B;IAE/C;;OAEG;IACH,uBAAuB,4BAA4B;IAMnD;;OAEG;IACH,iBAAiB,sBAAsB;IAEvC;;OAEG;IACH,mBAAmB,wBAAwB;IAE3C;;OAEG;IACH,wBAAwB,6BAA6B;IAMrD;;OAEG;IACH,mBAAmB,wBAAwB;CAC5C"}

package/dist/enums/auth-audit-event-type.enum.js

@@ -1,59 +1,303 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthAuditEventType = void 0;
+/**
+ * Authentication Audit Event Types
+ *
+ * Comprehensive enumeration of all authentication and security events
+ * that are recorded in the audit trail.
+ *
+ * **Organization:**
+ * - Login events (success, failure, blocked)
+ * - Session management events
+ * - Password operations
+ * - Multi-Factor Authentication (MFA) events
+ * - Adaptive MFA events (risk-based)
+ * - Verification events (email, phone)
+ * - Account management events
+ * - Profile update events
+ * - Social authentication events
+ * - Challenge flow events
+ * - Security violation events
+ *
+ * **Note:** TOKEN_REFRESHED is intentionally excluded as it occurs too
+ * frequently and would create excessive audit noise. Only security-relevant
+ * token operations are audited.
+ *
+ * @example
+ * ```typescript
+ * await auditService.recordEvent({
+ *   userId: user.id,
+ *   eventType: AuthAuditEventType.LOGIN_SUCCESS,
+ *   eventStatus: 'SUCCESS',
+ *   authMethod: 'password',
+ *   ipAddress: '1.2.3.4',
+ * });
+ * ```
+ */
 var AuthAuditEventType;
 (function (AuthAuditEventType) {
+    // ============================================================================
+    // Login Events
+    // ============================================================================
+    /**
+     * Login attempt initiated (credentials validated, risk assessed, MFA evaluated)
+     *
+     * This event is recorded when:
+     * - User credentials are validated successfully
+     * - Adaptive MFA risk evaluation is performed
+     * - Risk factors and MFA requirement status are recorded
+     *
+     * Note: This is logged before the final login outcome (success/failure/challenge).
+     * Use LOGIN_SUCCESS for successful completions, LOGIN_FAILED for failures.
+     */
     AuthAuditEventType["LOGIN_ATTEMPT"] = "LOGIN_ATTEMPT";
+    /**
+     * User successfully authenticated
+     */
     AuthAuditEventType["LOGIN_SUCCESS"] = "LOGIN_SUCCESS";
+    /**
+     * Login attempt failed (invalid credentials, account locked, etc.)
+     */
     AuthAuditEventType["LOGIN_FAILED"] = "LOGIN_FAILED";
+    /**
+     * Login attempt blocked (account locked, IP blocked, etc.)
+     *
+     * Note: This should only be used for actual blocks (IP lockout, account locked).
+     * Do not use for MFA/challenge flows - use LOGIN_ATTEMPT + CHALLENGE_CREATED instead.
+     */
     AuthAuditEventType["LOGIN_BLOCKED"] = "LOGIN_BLOCKED";
+    // ============================================================================
+    // Session Events
+    // ============================================================================
+    /**
+     * New session created (after successful authentication)
+     */
     AuthAuditEventType["SESSION_CREATED"] = "SESSION_CREATED";
+    /**
+     * Session revoked (logout, security violation, admin action)
+     */
     AuthAuditEventType["SESSION_REVOKED"] = "SESSION_REVOKED";
+    /**
+     * Global signout performed (all sessions revoked)
+     *
+     * This event is recorded once when a user performs global signout.
+     * Individual SESSION_REVOKED events are also recorded for each revoked session.
+     */
     AuthAuditEventType["GLOBAL_SIGNOUT"] = "GLOBAL_SIGNOUT";
+    // ============================================================================
+    // Password Events
+    // ============================================================================
+    /**
+     * User changed their password
+     */
     AuthAuditEventType["PASSWORD_CHANGED"] = "PASSWORD_CHANGED";
+    /**
+     * Password reset requested (email/SMS sent)
+     */
     AuthAuditEventType["PASSWORD_RESET_REQUESTED"] = "PASSWORD_RESET_REQUESTED";
+    /**
+     * Password reset completed successfully
+     */
     AuthAuditEventType["PASSWORD_RESET_COMPLETED"] = "PASSWORD_RESET_COMPLETED";
+    /**
+     * Force password change requirement set (by admin or policy)
+     */
     AuthAuditEventType["PASSWORD_FORCE_CHANGE_SET"] = "PASSWORD_FORCE_CHANGE_SET";
+    /**
+     * Force password change completed
+     */
     AuthAuditEventType["PASSWORD_FORCE_CHANGE_COMPLETED"] = "PASSWORD_FORCE_CHANGE_COMPLETED";
+    // ============================================================================
+    // Multi-Factor Authentication (MFA) Events
+    // ============================================================================
+    /**
+     * MFA enabled for user account
+     */
     AuthAuditEventType["MFA_ENABLED"] = "MFA_ENABLED";
+    /**
+     * MFA disabled for user account
+     */
     AuthAuditEventType["MFA_DISABLED"] = "MFA_DISABLED";
+    /**
+     * New MFA device registered (TOTP, SMS, Passkey)
+     */
     AuthAuditEventType["MFA_DEVICE_ADDED"] = "MFA_DEVICE_ADDED";
+    /**
+     * MFA device removed from account
+     */
     AuthAuditEventType["MFA_DEVICE_REMOVED"] = "MFA_DEVICE_REMOVED";
+    /**
+     * MFA device updated (name changed, primary flag changed, etc.)
+     */
     AuthAuditEventType["MFA_DEVICE_UPDATED"] = "MFA_DEVICE_UPDATED";
+    /**
+     * MFA verification succeeded
+     */
     AuthAuditEventType["MFA_VERIFICATION_SUCCESS"] = "MFA_VERIFICATION_SUCCESS";
+    /**
+     * MFA verification failed (invalid code, expired, etc.)
+     */
     AuthAuditEventType["MFA_VERIFICATION_FAILED"] = "MFA_VERIFICATION_FAILED";
+    /**
+     * MFA exemption granted (admin action)
+     */
     AuthAuditEventType["MFA_EXEMPTION_GRANTED"] = "MFA_EXEMPTION_GRANTED";
+    /**
+     * MFA exemption revoked (admin action)
+     */
     AuthAuditEventType["MFA_EXEMPTION_REVOKED"] = "MFA_EXEMPTION_REVOKED";
+    /**
+     * Backup codes generated for MFA recovery
+     */
     AuthAuditEventType["MFA_BACKUP_CODES_GENERATED"] = "MFA_BACKUP_CODES_GENERATED";
+    /**
+     * Backup code used for MFA verification
+     */
     AuthAuditEventType["MFA_BACKUP_CODE_USED"] = "MFA_BACKUP_CODE_USED";
+    /**
+     * User's preferred MFA method updated
+     */
     AuthAuditEventType["MFA_PREFERRED_METHOD_UPDATED"] = "MFA_PREFERRED_METHOD_UPDATED";
+    /**
+     * Device trusted by user (user opt-in for remember device feature)
+     */
     AuthAuditEventType["DEVICE_TRUSTED"] = "DEVICE_TRUSTED";
+    /**
+     * Trusted device revoked (user untrusted device or device expired)
+     */
     AuthAuditEventType["DEVICE_UNTRUSTED"] = "DEVICE_UNTRUSTED";
+    // ============================================================================
+    // Adaptive MFA Events (Risk-Based)
+    // ============================================================================
+    /**
+     * Risk assessment completed (for future adaptive MFA implementation)
+     *
+     * Note: This is infrastructure for future adaptive MFA. The audit service
+     * records risk data but does not calculate risk scores.
+     */
     AuthAuditEventType["ADAPTIVE_MFA_RISK_ASSESSED"] = "ADAPTIVE_MFA_RISK_ASSESSED";
+    /**
+     * Adaptive MFA triggered due to risk factors (for future implementation)
+     *
+     * Note: This is infrastructure for future adaptive MFA.
+     */
     AuthAuditEventType["ADAPTIVE_MFA_TRIGGERED"] = "ADAPTIVE_MFA_TRIGGERED";
+    /**
+     * Adaptive MFA bypassed due to low risk (for future implementation)
+     *
+     * Note: This is infrastructure for future adaptive MFA.
+     */
     AuthAuditEventType["ADAPTIVE_MFA_BYPASSED"] = "ADAPTIVE_MFA_BYPASSED";
+    // ============================================================================
+    // Verification Events
+    // ============================================================================
+    /**
+     * Email address verified successfully
+     */
     AuthAuditEventType["EMAIL_VERIFIED"] = "EMAIL_VERIFIED";
+    /**
+     * Email verification code/link requested
+     */
     AuthAuditEventType["EMAIL_VERIFICATION_REQUESTED"] = "EMAIL_VERIFICATION_REQUESTED";
+    /**
+     * Email verification failed (invalid code, expired, etc.)
+     */
     AuthAuditEventType["EMAIL_VERIFICATION_FAILED"] = "EMAIL_VERIFICATION_FAILED";
+    /**
+     * Phone number verified successfully
+     */
     AuthAuditEventType["PHONE_VERIFIED"] = "PHONE_VERIFIED";
+    /**
+     * Phone verification code requested
+     */
     AuthAuditEventType["PHONE_VERIFICATION_REQUESTED"] = "PHONE_VERIFICATION_REQUESTED";
+    /**
+     * Phone verification failed (invalid code, expired, etc.)
+     */
     AuthAuditEventType["PHONE_VERIFICATION_FAILED"] = "PHONE_VERIFICATION_FAILED";
+    // ============================================================================
+    // Account Management Events
+    // ============================================================================
+    /**
+     * New user account created (signup)
+     */
     AuthAuditEventType["ACCOUNT_CREATED"] = "ACCOUNT_CREATED";
+    /**
+     * User account activated
+     */
     AuthAuditEventType["ACCOUNT_ACTIVATED"] = "ACCOUNT_ACTIVATED";
+    /**
+     * User account deactivated
+     */
     AuthAuditEventType["ACCOUNT_DEACTIVATED"] = "ACCOUNT_DEACTIVATED";
+    /**
+     * User account locked (security measure)
+     */
     AuthAuditEventType["ACCOUNT_LOCKED"] = "ACCOUNT_LOCKED";
+    /**
+     * User account unlocked (admin action or auto-unlock)
+     */
     AuthAuditEventType["ACCOUNT_UNLOCKED"] = "ACCOUNT_UNLOCKED";
+    /**
+     * User account deleted
+     */
     AuthAuditEventType["ACCOUNT_DELETED"] = "ACCOUNT_DELETED";
+    // ============================================================================
+    // Profile Update Events
+    // ============================================================================
+    /**
+     * User profile updated (general update)
+     */
     AuthAuditEventType["PROFILE_UPDATED"] = "PROFILE_UPDATED";
+    /**
+     * User email address changed
+     */
     AuthAuditEventType["EMAIL_CHANGED"] = "EMAIL_CHANGED";
+    /**
+     * User phone number changed
+     */
     AuthAuditEventType["PHONE_CHANGED"] = "PHONE_CHANGED";
+    /**
+     * User username changed
+     */
     AuthAuditEventType["USERNAME_CHANGED"] = "USERNAME_CHANGED";
+    // ============================================================================
+    // Social Authentication Events
+    // ============================================================================
+    /**
+     * User authenticated via social provider (Google, Apple, Facebook, etc.)
+     */
     AuthAuditEventType["SOCIAL_LOGIN"] = "SOCIAL_LOGIN";
+    /**
+     * Social account linked to user account
+     */
     AuthAuditEventType["SOCIAL_ACCOUNT_LINKED"] = "SOCIAL_ACCOUNT_LINKED";
+    /**
+     * Social account unlinked from user account
+     */
     AuthAuditEventType["SOCIAL_ACCOUNT_UNLINKED"] = "SOCIAL_ACCOUNT_UNLINKED";
+    // ============================================================================
+    // Challenge Flow Events
+    // ============================================================================
+    /**
+     * Challenge session created (email verification, phone verification, MFA setup, etc.)
+     */
     AuthAuditEventType["CHALLENGE_CREATED"] = "CHALLENGE_CREATED";
+    /**
+     * Challenge completed successfully
+     */
     AuthAuditEventType["CHALLENGE_COMPLETED"] = "CHALLENGE_COMPLETED";
+    /**
+     * Challenge attempt failed (max attempts exceeded)
+     */
     AuthAuditEventType["CHALLENGE_ATTEMPT_FAILED"] = "CHALLENGE_ATTEMPT_FAILED";
+    // ============================================================================
+    // Security Events
+    // ============================================================================
+    /**
+     * Suspicious activity detected (token reuse, impossible travel, etc.)
+     */
     AuthAuditEventType["SUSPICIOUS_ACTIVITY"] = "SUSPICIOUS_ACTIVITY";
 })(AuthAuditEventType || (exports.AuthAuditEventType = AuthAuditEventType = {}));
 //# sourceMappingURL=auth-audit-event-type.enum.js.map

package/dist/enums/auth-audit-event-type.enum.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-audit-event-type.enum.js","sourceRoot":"","sources":["../../src/enums/auth-audit-event-type.enum.ts"],"names":[],"mappings":";;;AAkCA,IAAY,kBAqUX;AArUD,WAAY,kBAAkB;IAgB5B,qDAA+B,CAAA;IAK/B,qDAA+B,CAAA;IAK/B,mDAA6B,CAAA;IAQ7B,qDAA+B,CAAA;IAS/B,yDAAmC,CAAA;IAKnC,yDAAmC,CAAA;IAQnC,uDAAiC,CAAA;IASjC,2DAAqC,CAAA;IAKrC,2EAAqD,CAAA;IAKrD,2EAAqD,CAAA;IAKrD,6EAAuD,CAAA;IAKvD,yFAAmE,CAAA;IASnE,iDAA2B,CAAA;IAK3B,mDAA6B,CAAA;IAK7B,2DAAqC,CAAA;IAKrC,+DAAyC,CAAA;IAKzC,+DAAyC,CAAA;IAKzC,2EAAqD,CAAA;IAKrD,yEAAmD,CAAA;IAKnD,qEAA+C,CAAA;IAK/C,qEAA+C,CAAA;IAK/C,+EAAyD,CAAA;IAKzD,mEAA6C,CAAA;IAK7C,mFAA6D,CAAA;IAK7D,uDAAiC,CAAA;IAKjC,2DAAqC,CAAA;IAYrC,+EAAyD,CAAA;IAOzD,uEAAiD,CAAA;IAOjD,qEAA+C,CAAA;IAS/C,uDAAiC,CAAA;IAKjC,mFAA6D,CAAA;IAK7D,6EAAuD,CAAA;IAKvD,uDAAiC,CAAA;IAKjC,mFAA6D,CAAA;IAK7D,6EAAuD,CAAA;IASvD,yDAAmC,CAAA;IAKnC,6DAAuC,CAAA;IAKvC,iEAA2C,CAAA;IAK3C,uDAAiC,CAAA;IAKjC,2DAAqC,CAAA;IAKrC,yDAAmC,CAAA;IASnC,yDAAmC,CAAA;IAKnC,qDAA+B,CAAA;IAK/B,qDAA+B,CAAA;IAK/B,2DAAqC,CAAA;IASrC,mDAA6B,CAAA;IAK7B,qEAA+C,CAAA;IAK/C,yEAAmD,CAAA;IASnD,6DAAuC,CAAA;IAKvC,iEAA2C,CAAA;IAK3C,2EAAqD,CAAA;IASrD,iEAA2C,CAAA;AAC7C,CAAC,EArUW,kBAAkB,kCAAlB,kBAAkB,QAqU7B"}
+{"version":3,"file":"auth-audit-event-type.enum.js","sourceRoot":"","sources":["../../src/enums/auth-audit-event-type.enum.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,IAAY,kBAqUX;AArUD,WAAY,kBAAkB;IAC5B,+EAA+E;IAC/E,eAAe;IACf,+EAA+E;IAE/E;;;;;;;;;;OAUG;IACH,qDAA+B,CAAA;IAE/B;;OAEG;IACH,qDAA+B,CAAA;IAE/B;;OAEG;IACH,mDAA6B,CAAA;IAE7B;;;;;OAKG;IACH,qDAA+B,CAAA;IAE/B,+EAA+E;IAC/E,iBAAiB;IACjB,+EAA+E;IAE/E;;OAEG;IACH,yDAAmC,CAAA;IAEnC;;OAEG;IACH,yDAAmC,CAAA;IAEnC;;;;;OAKG;IACH,uDAAiC,CAAA;IAEjC,+EAA+E;IAC/E,kBAAkB;IAClB,+EAA+E;IAE/E;;OAEG;IACH,2DAAqC,CAAA;IAErC;;OAEG;IACH,2EAAqD,CAAA;IAErD;;OAEG;IACH,2EAAqD,CAAA;IAErD;;OAEG;IACH,6EAAuD,CAAA;IAEvD;;OAEG;IACH,yFAAmE,CAAA;IAEnE,+EAA+E;IAC/E,2CAA2C;IAC3C,+EAA+E;IAE/E;;OAEG;IACH,iDAA2B,CAAA;IAE3B;;OAEG;IACH,mDAA6B,CAAA;IAE7B;;OAEG;IACH,2DAAqC,CAAA;IAErC;;OAEG;IACH,+DAAyC,CAAA;IAEzC;;OAEG;IACH,+DAAyC,CAAA;IAEzC;;OAEG;IACH,2EAAqD,CAAA;IAErD;;OAEG;IACH,yEAAmD,CAAA;IAEnD;;OAEG;IACH,qEAA+C,CAAA;IAE/C;;OAEG;IACH,qEAA+C,CAAA;IAE/C;;OAEG;IACH,+EAAyD,CAAA;IAEzD;;OAEG;IACH,mEAA6C,CAAA;IAE7C;;OAEG;IACH,mFAA6D,CAAA;IAE7D;;OAEG;IACH,uDAAiC,CAAA;IAEjC;;OAEG;IACH,2DAAqC,CAAA;IAErC,+EAA+E;IAC/E,mCAAmC;IACnC,+EAA+E;IAE/E;;;;;OAKG;IACH,+EAAyD,CAAA;IAEzD;;;;OAIG;IACH,uEAAiD,CAAA;IAEjD;;;;OAIG;IACH,qEAA+C,CAAA;IAE/C,+EAA+E;IAC/E,sBAAsB;IACtB,+EAA+E;IAE/E;;OAEG;IACH,uDAAiC,CAAA;IAEjC;;OAEG;IACH,mFAA6D,CAAA;IAE7D;;OAEG;IACH,6EAAuD,CAAA;IAEvD;;OAEG;IACH,uDAAiC,CAAA;IAEjC;;OAEG;IACH,mFAA6D,CAAA;IAE7D;;OAEG;IACH,6EAAuD,CAAA;IAEvD,+EAA+E;IAC/E,4BAA4B;IAC5B,+EAA+E;IAE/E;;OAEG;IACH,yDAAmC,CAAA;IAEnC;;OAEG;IACH,6DAAuC,CAAA;IAEvC;;OAEG;IACH,iEAA2C,CAAA;IAE3C;;OAEG;IACH,uDAAiC,CAAA;IAEjC;;OAEG;IACH,2DAAqC,CAAA;IAErC;;OAEG;IACH,yDAAmC,CAAA;IAEnC,+EAA+E;IAC/E,wBAAwB;IACxB,+EAA+E;IAE/E;;OAEG;IACH,yDAAmC,CAAA;IAEnC;;OAEG;IACH,qDAA+B,CAAA;IAE/B;;OAEG;IACH,qDAA+B,CAAA;IAE/B;;OAEG;IACH,2DAAqC,CAAA;IAErC,+EAA+E;IAC/E,+BAA+B;IAC/B,+EAA+E;IAE/E;;OAEG;IACH,mDAA6B,CAAA;IAE7B;;OAEG;IACH,qEAA+C,CAAA;IAE/C;;OAEG;IACH,yEAAmD,CAAA;IAEnD,+EAA+E;IAC/E,wBAAwB;IACxB,+EAA+E;IAE/E;;OAEG;IACH,6DAAuC,CAAA;IAEvC;;OAEG;IACH,iEAA2C,CAAA;IAE3C;;OAEG;IACH,2EAAqD,CAAA;IAErD,+EAA+E;IAC/E,kBAAkB;IAClB,+EAA+E;IAE/E;;OAEG;IACH,iEAA2C,CAAA;AAC7C,CAAC,EArUW,kBAAkB,kCAAlB,kBAAkB,QAqU7B"}