@prosopo/provider 4.8.1 → 4.9.1

package/.turbo/turbo-build$colon$cjs.log

@@ -1,5 +1,5 @@
 
-> @prosopo/provider@4.8.1 build:cjs
+> @prosopo/provider@4.9.1 build:cjs
 > NODE_ENV=${NODE_ENV:-development}; vite build --config vite.cjs.config.ts --mode $NODE_ENV
 
 ViteCommonJSConfig: .
@@ -53,7 +53,7 @@ ViteCommonJSConfig: .
 Bundle build started
 transforming...
 Build end
-✓ 91 modules transformed.
+✓ 92 modules transformed.
 Entry module "src/tasks/detection/decodeSimd.js" is using named and default exports together. Consumers of your bundle will have to use `..default` to access the default export, which may not be what you want. Use `output.exports: "named"` to disable this warning.
 Entry module "src/tasks/detection/decodeBehavior.js" is using named and default exports together. Consumers of your bundle will have to use `..default` to access the default export, which may not be what you want. Use `output.exports: "named"` to disable this warning.
 rendering chunks...
@@ -75,7 +75,6 @@ rendering chunks...
 dist/cjs/api/captcha/contextAwareValidation.cjs                                0.75 kB
 dist/cjs/tasks/imgCaptcha/imgCaptchaTasksUtils.cjs                             0.84 kB
 dist/cjs/api/validateAddress.cjs                                               0.84 kB
-dist/cjs/pairs.cjs                                                             0.87 kB
 dist/cjs/utils/normalizeRequestIp.cjs                                          0.89 kB
 dist/cjs/api/block.cjs                                                         0.91 kB
 dist/cjs/tasks/dataset/datasetTasks.cjs                                        0.96 kB
@@ -93,6 +92,7 @@ rendering chunks...
 dist/cjs/api/admin/apiUpdateDetectorKeyEndpoint.cjs                            1.31 kB
 dist/cjs/api/admin/apiRemoveDecisionMachineEndpoint.cjs                        1.32 kB
 dist/cjs/api/admin/apiRegisterSiteKeyEndpoint.cjs                              1.34 kB
+dist/cjs/pairs.cjs                                                             1.37 kB
 dist/cjs/api/admin/apiRegisterSiteKeysEndpoint.cjs                             1.46 kB
 dist/cjs/api/admin/apiRemoveSiteKeyEndpoint.cjs                                1.47 kB
 dist/cjs/api/admin/apiRemoveSiteKeysEndpoint.cjs                               1.48 kB
@@ -102,53 +102,54 @@ rendering chunks...
 dist/cjs/schedulers/updateSpamEmailDomains.cjs                                 1.65 kB
 dist/cjs/utils/honeypot/phraseBank.cjs                                         1.71 kB
 dist/cjs/api/admin/apiToggleMaintenanceModeEndpoint.cjs                        1.72 kB
-dist/cjs/tasks/spam/checkTrafficFilter.cjs                                     1.72 kB
 dist/cjs/api/public.cjs                                                        1.74 kB
 dist/cjs/api/admin/apiClearAllCountersEndpoint.cjs                             1.78 kB
 dist/cjs/api/admin/apiUpdateDecisionMachineEndpoint.cjs                        1.79 kB
-dist/cjs/api/captcha/maintenanceModeResponses.cjs                              1.81 kB
 dist/cjs/utils/honeypot/encoders.cjs                                           1.82 kB
 dist/cjs/api/admin/apiRemoveDetectorKeyEndpoint.cjs                            1.84 kB
 dist/cjs/tasks/frictionless/routingMachine.cjs                                 1.86 kB
-dist/cjs/api/captcha/checkSpamEmail.cjs                                        2.10 kB
 dist/cjs/api/captcha/getFrictionlessCaptchaChallenge/shortCircuit.cjs          2.11 kB
-dist/cjs/api/admin/apiDnsEventEndpoint.cjs                                     2.12 kB
 dist/cjs/tasks/spam/updateSpamEmailDomains.cjs                                 2.13 kB
+dist/cjs/tasks/dnsEvent/enrichDnsEvent.cjs                                     2.16 kB
+dist/cjs/api/captcha/maintenanceModeResponses.cjs                              2.20 kB
+dist/cjs/tasks/spam/checkTrafficFilter.cjs                                     2.24 kB
+dist/cjs/api/captcha/checkSpamEmail.cjs                                        2.47 kB
 dist/cjs/api/captcha.cjs                                                       2.66 kB
 dist/cjs/api/ja4Middleware.cjs                                                 2.74 kB
 dist/cjs/api/captcha/submitPuzzleCaptchaSolution.cjs                           2.85 kB
 dist/cjs/tasks/spam/evaluateEmailSpamRules.cjs                                 3.03 kB
+dist/cjs/api/admin/apiDnsEventEndpoint.cjs                                     3.15 kB
 dist/cjs/api/captcha/submitImageCaptchaSolution.cjs                            3.20 kB
 dist/cjs/utils/dns.cjs                                                         3.38 kB
-dist/cjs/api/admin/apiAdminRoutesProvider.cjs                                  3.56 kB
+dist/cjs/api/admin/apiAdminRoutesProvider.cjs                                  3.61 kB
 dist/cjs/api/captcha/getFrictionlessCaptchaChallenge/accessPolicy.cjs          3.78 kB
 dist/cjs/api/domainMiddleware.cjs                                              3.91 kB
 dist/cjs/index.cjs                                                             4.01 kB
 dist/cjs/services/ipComparison.cjs                                             4.10 kB
 dist/cjs/tasks/spam/checkSpamEmail.cjs                                         4.32 kB
 dist/cjs/api/captcha/submitPoWCaptchaSolution.cjs                              5.20 kB
-dist/cjs/tasks/tasks.cjs                                                       5.33 kB
-dist/cjs/util/usageCounters.cjs                                                5.40 kB
-dist/cjs/api/captcha/getImageCaptchaChallenge.cjs                              5.53 kB
-dist/cjs/api/blacklistRequestInspector.cjs                                     6.05 kB
+dist/cjs/tasks/tasks.cjs                                                       5.35 kB
+dist/cjs/util/usageCounters.cjs                                                5.80 kB
+dist/cjs/api/captcha/getImageCaptchaChallenge.cjs                              6.00 kB
+dist/cjs/api/blacklistRequestInspector.cjs                                     6.12 kB
 dist/cjs/api/captcha/getPoWCaptchaChallenge.cjs                                6.23 kB
 dist/cjs/api/captcha/getPuzzleCaptchaChallenge.cjs                             6.42 kB
 dist/cjs/api/startProviderApi.cjs                                              9.53 kB
 dist/cjs/api/captcha/getFrictionlessCaptchaChallenge/decisionMachine.cjs       9.54 kB
 dist/cjs/api/captcha/getFrictionlessCaptchaChallenge/handler.cjs              10.10 kB
 dist/cjs/tasks/decisionMachine/decisionMachineRunner.cjs                      10.19 kB
-dist/cjs/api/verify.cjs                                                       10.85 kB
-dist/cjs/util.cjs                                                             12.22 kB
+dist/cjs/api/verify.cjs                                                       10.86 kB
+dist/cjs/util.cjs                                                             12.59 kB
 dist/cjs/tasks/client/clientTasks.cjs                                         15.63 kB
-dist/cjs/tasks/captchaManager.cjs                                             15.75 kB
+dist/cjs/tasks/captchaManager.cjs                                             16.08 kB
 dist/cjs/tasks/frictionless/frictionlessTasks.cjs                             16.20 kB
 dist/cjs/tasks/detection/decodeSimd.cjs                                       18.20 kB
-dist/cjs/tasks/puzzleCaptcha/puzzleTasks.cjs                                  19.08 kB
 dist/cjs/tasks/detection/decodeBehavior.cjs                                   19.16 kB
-dist/cjs/tasks/powCaptcha/powTasks.cjs                                        21.06 kB
-dist/cjs/tasks/imgCaptcha/imgCaptchaTasks.cjs                                 26.91 kB
+dist/cjs/tasks/puzzleCaptcha/puzzleTasks.cjs                                  20.40 kB
+dist/cjs/tasks/powCaptcha/powTasks.cjs                                        22.39 kB
+dist/cjs/tasks/imgCaptcha/imgCaptchaTasks.cjs                                 28.48 kB
 dist/cjs/tasks/detection/decodePayload.cjs                                    44.26 kB
-✓ built in 750ms
+✓ built in 735ms
 [copy-plugin] copying /home/runner/work/captcha/captcha/packages/provider/src/tasks/detection/decodeBehavior.js to /home/runner/work/captcha/captcha/packages/provider/dist/cjs/tasks/detection/decodeBehavior.js
 [copy-plugin] copying /home/runner/work/captcha/captcha/packages/provider/src/tasks/detection/decodePayload.js to /home/runner/work/captcha/captcha/packages/provider/dist/cjs/tasks/detection/decodePayload.js
 [copy-plugin] copying /home/runner/work/captcha/captcha/packages/provider/src/tasks/detection/decodeSimd.js to /home/runner/work/captcha/captcha/packages/provider/dist/cjs/tasks/detection/decodeSimd.js

package/.turbo/turbo-build$colon$tsc.log

@@ -1,8 +1,8 @@
 
-> @prosopo/provider@4.8.1 build:tsc
+> @prosopo/provider@4.9.1 build:tsc
 > tsc --build --verbose
 
-1:25:10 PM - Projects in this build: 
+11:35:01 AM - Projects in this build: 
     * ../../dev/config/tsconfig.json
     * ../util/tsconfig.json
     * ../logger/tsconfig.json
@@ -25,47 +25,47 @@
     * ../load-balancer/tsconfig.json
     * tsconfig.json
 
-1:25:10 PM - Project '../../dev/config/tsconfig.json' is up to date because newest input '../../dev/config/src/vite/NodejsPolarsNativeFilePlugin.ts' is older than output '../../dev/config/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../../dev/config/tsconfig.json' is up to date because newest input '../../dev/config/src/webpack/webpack.config.ts' is older than output '../../dev/config/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../util/tsconfig.json' is up to date because newest input '../util/src/url.ts' is older than output '../util/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../util/tsconfig.json' is up to date because newest input '../util/src/url.ts' is older than output '../util/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../logger/tsconfig.json' is up to date because newest input '../logger/src/index.ts' is older than output '../logger/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../logger/tsconfig.json' is up to date because newest input '../logger/src/index.ts' is older than output '../logger/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../api-route/tsconfig.json' is up to date because newest input '../api-route/src/apiRoutes.ts' is older than output '../api-route/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../api-route/tsconfig.json' is up to date because newest input '../api-route/src/apiRoutes.ts' is older than output '../api-route/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../locale/tsconfig.json' is up to date because newest input '../locale/src/translationKey.ts' is older than output '../locale/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../locale/tsconfig.json' is up to date because newest input '../locale/src/translationKey.ts' is older than output '../locale/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../util-crypto/tsconfig.json' is up to date because newest input '../util-crypto/src/types.ts' is older than output '../util-crypto/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../util-crypto/tsconfig.json' is up to date because newest input '../util-crypto/src/types.ts' is older than output '../util-crypto/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../types/tsconfig.json' is up to date because newest input '../types/src/provider/api.ts' is older than output '../types/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../types/tsconfig.json' is up to date because newest input '../types/src/procaptcha/api.ts' is older than output '../types/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../common/tsconfig.json' is up to date because newest input '../common/src/error.ts' is older than output '../common/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../common/tsconfig.json' is up to date because newest input '../common/src/tests/utils/batches.unit.test.ts' is older than output '../common/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../ipinfo/tsconfig.json' is up to date because newest input '../ipinfo/src/IpInfoService.ts' is older than output '../ipinfo/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../ipinfo/tsconfig.json' is up to date because newest input '../ipinfo/src/index.ts' is older than output '../ipinfo/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../redis-client/tsconfig.json' is up to date because newest input '../redis-client/src/index.ts' is older than output '../redis-client/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../redis-client/tsconfig.json' is up to date because newest input '../redis-client/src/tests/testRedisConnection.ts' is older than output '../redis-client/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../api/tsconfig.json' is up to date because newest input '../api/src/index.ts' is older than output '../api/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../api/tsconfig.json' is up to date because newest input '../api/src/index.ts' is older than output '../api/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../user-access-policy/tsconfig.json' is up to date because newest input '../user-access-policy/src/ruleRecord.ts' is older than output '../user-access-policy/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../user-access-policy/tsconfig.json' is up to date because newest input '../user-access-policy/src/ruleRecord.ts' is older than output '../user-access-policy/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../types-database/tsconfig.json' is up to date because newest input '../types-database/src/index.ts' is older than output '../types-database/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../types-database/tsconfig.json' is up to date because newest input '../types-database/src/index.ts' is older than output '../types-database/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../database/tsconfig.json' is up to date because newest input '../database/src/tests/integration/ipInfoPersistence.integration.test.ts' is older than output '../database/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../database/tsconfig.json' is up to date because newest input '../database/src/tests/integration/centralStreamingEnrichment.integration.test.ts' is older than output '../database/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../keyring/tsconfig.json' is up to date because newest input '../keyring/src/index.ts' is older than output '../keyring/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../keyring/tsconfig.json' is up to date because newest input '../keyring/src/pair/decode.ts' is older than output '../keyring/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../types-env/tsconfig.json' is up to date because newest input '../types-env/src/env.ts' is older than output '../types-env/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../types-env/tsconfig.json' is up to date because newest input '../types-env/src/env.ts' is older than output '../types-env/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../env/tsconfig.json' is up to date because newest input '../env/src/env.ts' is older than output '../env/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../env/tsconfig.json' is up to date because newest input '../env/src/index.ts' is older than output '../env/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../api-express-router/tsconfig.json' is up to date because newest input '../api-express-router/src/errorHandler.ts' is older than output '../api-express-router/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../api-express-router/tsconfig.json' is up to date because newest input '../api-express-router/src/middlewares/requestLoggerMiddleware.ts' is older than output '../api-express-router/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../datasets/tsconfig.json' is up to date because newest input '../datasets/src/tests/mocks/data/captchas.ts' is older than output '../datasets/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../datasets/tsconfig.json' is up to date because newest input '../datasets/src/tests/dataset.unit.test.ts' is older than output '../datasets/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project '../load-balancer/tsconfig.json' is up to date because newest input '../load-balancer/src/balancer.ts' is older than output '../load-balancer/tsconfig.tsbuildinfo'
+11:35:01 AM - Project '../load-balancer/tsconfig.json' is up to date because newest input '../load-balancer/src/balancer.ts' is older than output '../load-balancer/tsconfig.tsbuildinfo'
 
-1:25:10 PM - Project 'tsconfig.json' is out of date because output file 'tsconfig.tsbuildinfo' does not exist
+11:35:01 AM - Project 'tsconfig.json' is out of date because output file 'tsconfig.tsbuildinfo' does not exist
 
-1:25:10 PM - Building project '/home/runner/work/captcha/captcha/packages/provider/tsconfig.json'...
+11:35:01 AM - Building project '/home/runner/work/captcha/captcha/packages/provider/tsconfig.json'...
 

package/.turbo/turbo-build.log

@@ -1,9 +1,9 @@
 
-> @prosopo/provider@4.8.1 build
+> @prosopo/provider@4.9.1 build
 > npm run build:cross-env -- --mode ${NODE_ENV:-development}
 
 
-> @prosopo/provider@4.8.1 build:cross-env
+> @prosopo/provider@4.9.1 build:cross-env
 > vite build --config vite.esm.config.ts --mode production
 
 ViteEsmConfig: .
@@ -57,7 +57,7 @@ ViteEsmConfig: .
 Bundle build started
 transforming...
 Build end
-✓ 91 modules transformed.
+✓ 92 modules transformed.
 rendering chunks...
 dist/tasks/index.js                                                       0.06 kB
 dist/api/captcha/getFrictionlessCaptchaChallenge.js                       0.12 kB
@@ -76,7 +76,6 @@ rendering chunks...
 dist/api/captcha/getFrictionlessCaptchaChallenge/honeypotResponse.js      0.55 kB
 dist/api/captcha/contextAwareValidation.js                                0.63 kB
 dist/api/validateAddress.js                                               0.71 kB
-dist/pairs.js                                                             0.72 kB
 dist/tasks/imgCaptcha/imgCaptchaTasksUtils.js                             0.74 kB
 dist/api/block.js                                                         0.78 kB
 dist/utils/normalizeRequestIp.js                                          0.79 kB
@@ -95,6 +94,7 @@ rendering chunks...
 dist/schedulers/getClientList.js                                          1.10 kB
 dist/schedulers/setClientEntropy.js                                       1.13 kB
 dist/schedulers/captchaScheduler.js                                       1.16 kB
+dist/pairs.js                                                             1.18 kB
 dist/api/admin/apiUpdateDetectorKeyEndpoint.js                            1.18 kB
 dist/api/admin/apiRemoveAllDecisionMachinesEndpoint.js                    1.19 kB
 dist/api/admin/apiToggleMaintenanceModeEndpoint.js                        1.19 kB
@@ -103,54 +103,55 @@ rendering chunks...
 dist/tasks/dataset/datasetTasksUtils.js                                   1.36 kB
 dist/api/admin/apiGetAllDecisionMachinesEndpoint.js                       1.43 kB
 dist/compositeIpAddress.js                                                1.44 kB
-dist/api/captcha/maintenanceModeResponses.js                              1.47 kB
 dist/schedulers/updateSpamEmailDomains.js                                 1.50 kB
 dist/utils/honeypot/phraseBank.js                                         1.57 kB
 dist/api/public.js                                                        1.60 kB
-dist/tasks/spam/checkTrafficFilter.js                                     1.61 kB
-dist/api/admin/apiDnsEventEndpoint.js                                     1.64 kB
 dist/api/admin/apiClearAllCountersEndpoint.js                             1.66 kB
 dist/api/admin/apiUpdateDecisionMachineEndpoint.js                        1.67 kB
 dist/utils/honeypot/encoders.js                                           1.71 kB
 dist/tasks/frictionless/routingMachine.js                                 1.76 kB
+dist/api/captcha/maintenanceModeResponses.js                              1.78 kB
 dist/api/captcha/getFrictionlessCaptchaChallenge/shortCircuit.js          1.95 kB
+dist/tasks/dnsEvent/enrichDnsEvent.js                                     1.97 kB
 dist/tasks/spam/updateSpamEmailDomains.js                                 2.03 kB
-dist/api/captcha/checkSpamEmail.js                                        2.08 kB
+dist/tasks/spam/checkTrafficFilter.js                                     2.14 kB
 dist/api/ja4Middleware.js                                                 2.19 kB
+dist/api/captcha/checkSpamEmail.js                                        2.39 kB
 dist/api/captcha.js                                                       2.49 kB
 dist/utils/dns.js                                                         2.57 kB
 dist/index.js                                                             2.66 kB
+dist/api/admin/apiDnsEventEndpoint.js                                     2.66 kB
 dist/api/captcha/submitPuzzleCaptchaSolution.js                           2.78 kB
 dist/tasks/spam/evaluateEmailSpamRules.js                                 2.84 kB
-dist/api/admin/apiAdminRoutesProvider.js                                  2.93 kB
+dist/api/admin/apiAdminRoutesProvider.js                                  2.99 kB
 dist/api/captcha/submitImageCaptchaSolution.js                            3.07 kB
 dist/api/captcha/getFrictionlessCaptchaChallenge/accessPolicy.js          3.59 kB
 dist/api/domainMiddleware.js                                              3.71 kB
 dist/services/ipComparison.js                                             4.00 kB
 dist/tasks/spam/checkSpamEmail.js                                         4.26 kB
 dist/api/captcha/submitPoWCaptchaSolution.js                              5.09 kB
-dist/tasks/tasks.js                                                       5.13 kB
-dist/util/usageCounters.js                                                5.29 kB
-dist/api/captcha/getImageCaptchaChallenge.js                              5.41 kB
-dist/api/blacklistRequestInspector.js                                     5.80 kB
+dist/tasks/tasks.js                                                       5.15 kB
+dist/util/usageCounters.js                                                5.69 kB
+dist/api/captcha/getImageCaptchaChallenge.js                              5.81 kB
+dist/api/blacklistRequestInspector.js                                     5.87 kB
 dist/api/captcha/getPoWCaptchaChallenge.js                                6.00 kB
 dist/api/captcha/getPuzzleCaptchaChallenge.js                             6.17 kB
 dist/api/startProviderApi.js                                              7.65 kB
 dist/api/captcha/getFrictionlessCaptchaChallenge/decisionMachine.js       9.17 kB
 dist/api/captcha/getFrictionlessCaptchaChallenge/handler.js               9.76 kB
 dist/tasks/decisionMachine/decisionMachineRunner.js                      10.14 kB
-dist/api/verify.js                                                       10.43 kB
-dist/util.js                                                             11.79 kB
-dist/tasks/captchaManager.js                                             15.10 kB
+dist/api/verify.js                                                       10.44 kB
+dist/util.js                                                             12.17 kB
 dist/tasks/client/clientTasks.js                                         15.37 kB
+dist/tasks/captchaManager.js                                             15.43 kB
 dist/tasks/frictionless/frictionlessTasks.js                             15.89 kB
 dist/tasks/detection/decodeSimd.js                                       18.06 kB
-dist/tasks/puzzleCaptcha/puzzleTasks.js                                  18.83 kB
 dist/tasks/detection/decodeBehavior.js                                   19.03 kB
-dist/tasks/powCaptcha/powTasks.js                                        20.71 kB
-dist/tasks/imgCaptcha/imgCaptchaTasks.js                                 26.52 kB
+dist/tasks/puzzleCaptcha/puzzleTasks.js                                  20.10 kB
+dist/tasks/powCaptcha/powTasks.js                                        21.98 kB
+dist/tasks/imgCaptcha/imgCaptchaTasks.js                                 28.04 kB
 dist/tasks/detection/decodePayload.js                                    44.24 kB
-✓ built in 906ms
+✓ built in 1.27s
 [copy-plugin] copying /home/runner/work/captcha/captcha/packages/provider/src/tasks/detection/decodeBehavior.js to /home/runner/work/captcha/captcha/packages/provider/dist/tasks/detection/decodeBehavior.js
 [copy-plugin] copying /home/runner/work/captcha/captcha/packages/provider/src/tasks/detection/decodePayload.js to /home/runner/work/captcha/captcha/packages/provider/dist/tasks/detection/decodePayload.js
 [copy-plugin] copying /home/runner/work/captcha/captcha/packages/provider/src/tasks/detection/decodeSimd.js to /home/runner/work/captcha/captcha/packages/provider/dist/tasks/detection/decodeSimd.js

package/CHANGELOG.md

@@ -1,5 +1,112 @@
 # @prosopo/provider
 
+## 4.9.1
+### Patch Changes
+
+- 4da8941: Add `deferToVerify` flag on `AccessPolicy` so a Block policy can skip the request-time `blockMiddleware` (no 401 at the captcha endpoint) and fire instead at the verify step. The behaviour mirrors the existing coords-rule deferral pattern: today the middleware blanks out coords from the userScope, so coords-only rules can only ever match in the verify path. `deferToVerify` is the explicit version of that for other signals (ja4Hash, headersHash, etc.) — useful when you want the attacker to pay the captcha-solving cost and the dApp to silently receive `{verified: false}` instead of the bot's frontend seeing a 401.
+  
+  Wiring:
+  
+  - `BlacklistRequestInspector.shouldAbortRequest` filters out matching policies that have `deferToVerify` before picking the top hit. Those policies never short-circuit the middleware.
+  - `CaptchaManager.findHardBlockPolicy` widens its matcher: a Block policy now counts as a hard block when it has either no `captchaType` (existing behaviour) **or** `deferToVerify === true`. The check is invoked from `imgCaptchaTasks.dappUserSolution`, `powTasks.serverVerifyPowCaptcha`, and `puzzleTasks.verifyPuzzleCaptchaSolution`, so the deferral applies to all three captcha types.
+  - Persistence: `deferToVerify` lands on the mongo `accessPolicySchema` (Boolean) and the zod `accessPolicyInput` (with a string→boolean preprocess so the Redis round-trip works).
+  
+  Motivating use case: a set of spoofed-JA4 hard-block rules pushed 2026-06-12. Marking those `deferToVerify: true` would still reject the attacker at verify but force them to complete N image captcha rounds and surface behavioural data on the commitment record before the rejection — useful for both telemetry and operator-side friction.
+- f69724f: Expose `ipInfo` to the verify-phase decision machine. The frictionless DM already gets the full `IPInfoResponse`; the verify-phase DM was only receiving `countryCode`, so rules that need `isDatacenter`, `isVPN`, `isAbuser`, `asnNumber` etc. couldn't run at submission time.
+  
+  `DecisionMachineInput` now carries an optional `ipInfo` field (alongside `countryCode`, which is kept for backwards compatibility). The three verify-phase call sites — `powTasks`, `puzzleTasks`, `imgCaptchaTasks` — forward `challengeRecord.ipInfo` / `solution.ipInfo` into the input.
+  
+  This unblocks rules like:
+  ```
+  if (input.behavioralDataPacked &&
+      !input.behavioralDataPacked.c1.length &&
+      !input.behavioralDataPacked.c2.length &&
+      !input.behavioralDataPacked.c3.length &&
+      input.ipInfo?.isDatacenter) return Deny;
+  ```
+  which catches the datacenter-class bots (Sparkle, Versatel, OVH) that submit empty `behavioralDataPacked` — observed at 100% empty-bDP across a 21-row Sparkle sample, versus 1–3% in genuine traffic.
+- 3973078: Track every lifecycle timestamp on every captcha type, and switch the dapp-verify recency check from issuance→verify to **submit→verify** with the window sourced from per-client settings.
+  
+  ### Lifecycle timestamps
+  
+  `StoredCaptcha` (the base shared by PoW, Puzzle, and Image/UserCommitment) gains three new fields:
+  
+  - `submittedAtTimestamp` — set once on the first user-submission write, never overwritten.
+  - `verifiedAtTimestamp` — set once when the dapp first calls /verify, never overwritten.
+  - `failedAtTimestamp` — set once on the first non-approved terminal state, never overwritten.
+  
+  `lastUpdatedTimestamp` keeps its "last write of any kind" meaning. The new fields use `$ifNull` in aggregation-pipeline updates so the stamp lands only on the first transition — concurrent or repeat writes are no-ops on the lifecycle stamps.
+  
+  ### Submit→verify window
+  
+  The dapp-verify recency check used to be `now - challengeTimestamp <= timeout`. The window was issuance→verify, which gave bots room to stockpile pre-solved solutions and redeem them many seconds (sometimes minutes) later from the time they reached the provider.
+  
+  The check is now `now - challengeRecord.submittedAtTimestamp <= clientSettings.verifiedTimeout`. The window measures from the moment the user's solution actually arrived. Combined with the new lifecycle fields, this measurably tightens the stockpile attack surface — the data showed 1564 records / 21% on Twickets where a correct PoW was submitted but the dapp never verified, p99 issuance→submit of 31s on that cohort, and records up to 1.26 min.
+  
+  ### Settings move
+  
+  `verifiedTimeout` moves to `ClientSettingsSchema` (per-client, operator-set via the portal). Default stays at 120000ms for back-compat; auto-submit dapps (Twickets et al.) should set it to ~10000ms.
+  
+  Removed from request bodies entirely:
+  
+  - `ServerPowCaptchaVerifyRequestBody`
+  - `ServerPuzzleCaptchaVerifyRequestBody`
+  - `SubmitPowCaptchaSolutionBody`
+  - `SubmitPuzzleCaptchaSolutionBody`
+  
+  The client field was client-controlled and unsigned — any caller could raise the recency ceiling. It's now server-determined.
+  
+  `ProviderApiInterface.submitPow/PuzzleCaptchaSolution` lose their `timeout` parameter (no longer forwarded). The verify wrappers keep their `recencyLimit` parameter for caller back-compat but the value is no longer transmitted; server reads from the client settings instead.
+  
+  ### Migration
+  
+  Pre-PR records with `userSubmitted=true` but no `submittedAtTimestamp` will fail the new recency check. The submit window is short (120s default verifiedTimeout) so the migration cliff is naturally bounded — records in flight at deploy time expire within ~2 minutes.
+  
+  348 provider unit tests + 28 database tests pass.
+- 73b9f92: Run the `getMaintenanceMode()` short-circuit before constructing `Tasks` in every captcha and verify handler. The `Tasks` constructor calls `env.getDb()`, which throws synchronously when `env.db` is undefined (the maintenance-mode case), so the existing short-circuits were unreachable and the provider was throwing `db not setup! Please call isReady() first` on every request the moment maintenance mode was toggled on. Also adds a maintenance-mode bypass to `getImageCaptchaChallenge` (empty-captchas response, mirroring the existing `submitImageCaptchaSolution` shape) and `checkSpamEmail` (`isSpam: false`) so those endpoints stay usable while Mongo is unavailable.
+- Updated dependencies [70ef67a]
+- Updated dependencies [4da8941]
+- Updated dependencies [f69724f]
+- Updated dependencies [4226c59]
+- Updated dependencies [3973078]
+  - @prosopo/user-access-policy@3.9.0
+  - @prosopo/types@4.4.1
+  - @prosopo/database@3.13.11
+  - @prosopo/types-database@4.9.1
+  - @prosopo/api@3.4.11
+  - @prosopo/api-express-router@3.1.21
+  - @prosopo/datasets@3.1.31
+  - @prosopo/env@3.5.11
+  - @prosopo/ipinfo@0.2.17
+  - @prosopo/keyring@2.9.37
+  - @prosopo/load-balancer@2.9.13
+  - @prosopo/types-env@2.9.20
+
+## 4.9.0
+### Minor Changes
+
+- bc3813d: Surface dnsEvent observations across the verify and frictionless flows. Each verify path now enriches the session's dnsEvent IPs once and passes the result to the traffic filter, decision machine, IP validation, and usage counters. Adds `scoreComponents.dnsAsymmetry` (Zod + TS interface + mongoose) computed from resolver / peer ipInfo plus path validity, with the score patched onto the session at DNS event ingest time so it weights subsequent reads. Adds `CounterDimension.peerIp` for rate-limit keys keyed on the dnsEvent peer IP.
+- f305c37: Extend `checkTrafficFilter` to accept an optional `extraIpInfos` list and apply the same per-rule checks across additional IPs. Each verify path threads `session.dnsEvent` IPs through `resolveTrafficFilterCheck` so its peer / resolver enrichments are evaluated alongside the primary client IP.
+
+### Patch Changes
+
+- 2d66d8e: Image-captcha widget now forwards the trusted checkbox click `(clientX, clientY)` through `manager.start(x, y)`. `Manager.submit` embeds the pair as a 2-number prefix on the first captcha's solution salt. Provider peels the prefix via length math against `solution.length` (no protocol version flag — older clients keep working unchanged) and prepends it as the first entry of `pairs`, which is written to `UserCommitment.coords`. Adds `peelCheckboxPrefix` helper in `pairs.ts` with round-trip unit tests.
+- Updated dependencies [2972def]
+- Updated dependencies [bc3813d]
+- Updated dependencies [4d05e3f]
+  - @prosopo/types-database@4.9.0
+  - @prosopo/types@4.4.0
+  - @prosopo/database@3.13.10
+  - @prosopo/types-env@2.9.19
+  - @prosopo/api@3.4.10
+  - @prosopo/api-express-router@3.1.20
+  - @prosopo/datasets@3.1.30
+  - @prosopo/env@3.5.10
+  - @prosopo/ipinfo@0.2.16
+  - @prosopo/keyring@2.9.36
+  - @prosopo/load-balancer@2.9.12
+  - @prosopo/user-access-policy@3.8.1
+
 ## 4.8.1
 ### Patch Changes
 

package/dist/api/admin/apiAdminRoutesProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apiAdminRoutesProvider.d.ts","sourceRoot":"","sources":["../../../src/api/admin/apiAdminRoutesProvider.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAEvE,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAgBlD,cAAM,sBAAuB,YAAW,iBAAiB;IACrC,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAL,KAAK,EAAE,KAAK;IAEzC,SAAS,IAAI,SAAS;CAuC7B;AAED,OAAO,EAAE,sBAAsB,EAAE,CAAC"}
+{"version":3,"file":"apiAdminRoutesProvider.d.ts","sourceRoot":"","sources":["../../../src/api/admin/apiAdminRoutesProvider.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAEvE,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAgBlD,cAAM,sBAAuB,YAAW,iBAAiB;IACrC,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAL,KAAK,EAAE,KAAK;IAEzC,SAAS,IAAI,SAAS;CA0C7B;AAED,OAAO,EAAE,sBAAsB,EAAE,CAAC"}

package/dist/api/admin/apiAdminRoutesProvider.js

@@ -48,7 +48,10 @@ class ApiAdminRoutesProvider {
         this.tasks.clientTaskManager
       ),
       [AdminApiPaths.ToggleMaintenanceMode]: new ApiToggleMaintenanceModeEndpoint(),
-      [AdminApiPaths.DnsEvent]: new ApiDnsEventEndpoint(this.tasks.db)
+      [AdminApiPaths.DnsEvent]: new ApiDnsEventEndpoint(
+        this.tasks.db,
+        this.tasks.env.ipInfoService
+      )
     };
   }
 }

package/dist/api/admin/apiAdminRoutesProvider.js.map

@@ -1 +1 @@
-{"version":3,"file":"apiAdminRoutesProvider.js","sourceRoot":"","sources":["../../../src/api/admin/apiAdminRoutesProvider.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/C,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAC3F,OAAO,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,oCAAoC,EAAE,MAAM,2CAA2C,CAAC;AACjG,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAEjF,MAAM,sBAAsB;IAC3B,YAAoC,KAAY;QAAZ,UAAK,GAAL,KAAK,CAAO;IAAG,CAAC;IAE7C,SAAS;QACf,OAAO;YACN,CAAC,aAAa,CAAC,eAAe,CAAC,EAAE,IAAI,0BAA0B,CAC9D,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,gBAAgB,CAAC,EAAE,IAAI,2BAA2B,CAChE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,iBAAiB,CAAC,EAAE,IAAI,4BAA4B,CAClE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,iBAAiB,CAAC,EAAE,IAAI,4BAA4B,CAClE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,qBAAqB,CAAC,EACpC,IAAI,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACnE,CAAC,aAAa,CAAC,sBAAsB,CAAC,EACrC,IAAI,iCAAiC,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACpE,CAAC,aAAa,CAAC,kBAAkB,CAAC,EAAE,IAAI,6BAA6B,CACpE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,qBAAqB,CAAC,EACpC,IAAI,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACnE,CAAC,aAAa,CAAC,yBAAyB,CAAC,EACxC,IAAI,oCAAoC,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACvE,CAAC,aAAa,CAAC,gBAAgB,CAAC,EAAE,IAAI,2BAA2B,CAChE,IAAI,CAAC,KAAK,CAAC,aAAa,CACxB;YACD,CAAC,aAAa,CAAC,aAAa,CAAC,EAAE,IAAI,wBAAwB,CAC1D,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,IAAI,yBAAyB,CAC5D,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,qBAAqB,CAAC,EACpC,IAAI,gCAAgC,EAAE;YACvC,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,IAAI,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;SAChE,CAAC;IACH,CAAC;CACD;AAED,OAAO,EAAE,sBAAsB,EAAE,CAAC"}
+{"version":3,"file":"apiAdminRoutesProvider.js","sourceRoot":"","sources":["../../../src/api/admin/apiAdminRoutesProvider.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/C,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,iCAAiC,EAAE,MAAM,wCAAwC,CAAC;AAC3F,OAAO,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,oCAAoC,EAAE,MAAM,2CAA2C,CAAC;AACjG,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAEjF,MAAM,sBAAsB;IAC3B,YAAoC,KAAY;QAAZ,UAAK,GAAL,KAAK,CAAO;IAAG,CAAC;IAE7C,SAAS;QACf,OAAO;YACN,CAAC,aAAa,CAAC,eAAe,CAAC,EAAE,IAAI,0BAA0B,CAC9D,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,gBAAgB,CAAC,EAAE,IAAI,2BAA2B,CAChE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,iBAAiB,CAAC,EAAE,IAAI,4BAA4B,CAClE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,iBAAiB,CAAC,EAAE,IAAI,4BAA4B,CAClE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,qBAAqB,CAAC,EACpC,IAAI,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACnE,CAAC,aAAa,CAAC,sBAAsB,CAAC,EACrC,IAAI,iCAAiC,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACpE,CAAC,aAAa,CAAC,kBAAkB,CAAC,EAAE,IAAI,6BAA6B,CACpE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,qBAAqB,CAAC,EACpC,IAAI,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACnE,CAAC,aAAa,CAAC,yBAAyB,CAAC,EACxC,IAAI,oCAAoC,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACvE,CAAC,aAAa,CAAC,gBAAgB,CAAC,EAAE,IAAI,2BAA2B,CAChE,IAAI,CAAC,KAAK,CAAC,aAAa,CACxB;YACD,CAAC,aAAa,CAAC,aAAa,CAAC,EAAE,IAAI,wBAAwB,CAC1D,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,cAAc,CAAC,EAAE,IAAI,yBAAyB,CAC5D,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAC5B;YACD,CAAC,aAAa,CAAC,qBAAqB,CAAC,EACpC,IAAI,gCAAgC,EAAE;YACvC,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,IAAI,mBAAmB,CAChD,IAAI,CAAC,KAAK,CAAC,EAAE,EACb,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,CAC5B;SACD,CAAC;IACH,CAAC;CACD;AAED,OAAO,EAAE,sBAAsB,EAAE,CAAC"}

package/dist/api/admin/apiDnsEventEndpoint.d.ts

@@ -1,4 +1,5 @@
 import { type ApiEndpoint, type ApiEndpointResponse } from "@prosopo/api-route";
+import type { IIpInfoService } from "@prosopo/ipinfo";
 import { type Logger } from "@prosopo/logger";
 import { type DnsEvent, DnsEventBatchSchema } from "@prosopo/types";
 import type { IProviderDatabase } from "@prosopo/types-database";
@@ -11,9 +12,11 @@ export declare const dnsEventToFields: (event: DnsEvent) => {
 };
 declare class ApiDnsEventEndpoint implements ApiEndpoint<DnsEventBatchSchemaType> {
     private readonly db;
-    constructor(db: IProviderDatabase);
+    private readonly ipInfoService?;
+    constructor(db: IProviderDatabase, ipInfoService?: IIpInfoService | undefined);
     processRequest(args: z.infer<DnsEventBatchSchemaType>, logger?: Logger): Promise<ApiEndpointResponse>;
     getRequestArgsSchema(): DnsEventBatchSchemaType;
+    private recomputeDnsAsymmetry;
 }
 export { ApiDnsEventEndpoint };
 //# sourceMappingURL=apiDnsEventEndpoint.d.ts.map

package/dist/api/admin/apiDnsEventEndpoint.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apiDnsEventEndpoint.d.ts","sourceRoot":"","sources":["../../../src/api/admin/apiDnsEventEndpoint.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,KAAK,MAAM,EAAa,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,KAAK,QAAQ,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACpE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAE7B,KAAK,uBAAuB,GAAG,OAAO,mBAAmB,CAAC;AAG1D,eAAO,MAAM,gBAAgB,UACrB,QAAQ,KACb;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,OAAO,CAAA;CAW7D,CAAC;AAEF,cAAM,mBAAoB,YAAW,WAAW,CAAC,uBAAuB,CAAC;IACrD,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,iBAAiB;IAEnD,cAAc,CACnB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,EACtC,MAAM,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,mBAAmB,CAAC;IA6CxB,oBAAoB,IAAI,uBAAuB;CAGtD;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
+{"version":3,"file":"apiDnsEventEndpoint.d.ts","sourceRoot":"","sources":["../../../src/api/admin/apiDnsEventEndpoint.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,KAAK,MAAM,EAAa,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,KAAK,QAAQ,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACpE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAM7B,KAAK,uBAAuB,GAAG,OAAO,mBAAmB,CAAC;AAG1D,eAAO,MAAM,gBAAgB,UACrB,QAAQ,KACb;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,OAAO,CAAA;CAW7D,CAAC;AAEF,cAAM,mBAAoB,YAAW,WAAW,CAAC,uBAAuB,CAAC;IAEvE,OAAO,CAAC,QAAQ,CAAC,EAAE;IACnB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;gBADd,EAAE,EAAE,iBAAiB,EACrB,aAAa,CAAC,EAAE,cAAc,YAAA;IAG1C,cAAc,CACnB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,EACtC,MAAM,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,mBAAmB,CAAC;IA8CxB,oBAAoB,IAAI,uBAAuB;YAIxC,qBAAqB;CA8BnC;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}

package/dist/api/admin/apiDnsEventEndpoint.js

@@ -1,6 +1,7 @@
 import { ApiEndpointResponseStatus } from "@prosopo/api-route";
 import { getLogger } from "@prosopo/logger";
 import { DnsEventBatchSchema } from "@prosopo/types";
+import { enrichDnsEvent, computeDnsAsymmetry } from "../../tasks/dnsEvent/enrichDnsEvent.js";
 const dnsEventToFields = (event) => {
   if (event.kind === "dns") {
     return { resolverIp: event.src_ip };
@@ -14,8 +15,9 @@ const dnsEventToFields = (event) => {
   return out;
 };
 class ApiDnsEventEndpoint {
-  constructor(db) {
+  constructor(db, ipInfoService) {
     this.db = db;
+    this.ipInfoService = ipInfoService;
   }
   async processRequest(args, logger) {
     logger = logger || getLogger("info", import.meta.url);
@@ -37,6 +39,7 @@ class ApiDnsEventEndpoint {
         );
         if (matched) {
           stored += 1;
+          await this.recomputeDnsAsymmetry(sessionId, logger);
         }
       } catch (err) {
         errors += 1;
@@ -59,6 +62,33 @@ class ApiDnsEventEndpoint {
   getRequestArgsSchema() {
     return DnsEventBatchSchema;
   }
+  async recomputeDnsAsymmetry(sessionId, logger) {
+    if (!this.ipInfoService) return;
+    try {
+      const session = await this.db.getSessionRecordBySessionId(sessionId);
+      if (!session?.dnsEvent) return;
+      const enriched = await enrichDnsEvent(
+        session.dnsEvent,
+        this.ipInfoService,
+        session.ipInfo?.ip
+      );
+      const dnsAsymmetry = computeDnsAsymmetry(enriched, session.ipInfo);
+      if (dnsAsymmetry > 0) {
+        await this.db.updateSessionRecord(sessionId, {
+          scoreComponents: {
+            ...session.scoreComponents,
+            dnsAsymmetry
+          }
+        });
+      }
+    } catch (err) {
+      logger.warn(() => ({
+        err,
+        data: { sessionId },
+        msg: "Failed to recompute dnsAsymmetry after DNS event merge"
+      }));
+    }
+  }
 }
 export {
   ApiDnsEventEndpoint,

package/dist/api/admin/apiDnsEventEndpoint.js.map

@@ -1 +1 @@
-{"version":3,"file":"apiDnsEventEndpoint.js","sourceRoot":"","sources":["../../../src/api/admin/apiDnsEventEndpoint.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAe,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAiB,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAOpE,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC/B,KAAe,EACiD,EAAE;IAClE,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QAC1B,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;IACrC,CAAC;IACD,MAAM,GAAG,GAA4C;QACpD,MAAM,EAAE,KAAK,CAAC,MAAM;KACpB,CAAC;IACF,IAAI,OAAO,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAC3C,GAAG,CAAC,SAAS,GAAG,KAAK,CAAC,UAAU,CAAC;IAClC,CAAC;IACD,OAAO,GAAG,CAAC;AACZ,CAAC,CAAC;AAEF,MAAM,mBAAmB;IACxB,YAAoC,EAAqB;QAArB,OAAE,GAAF,EAAE,CAAmB;IAAG,CAAC;IAE7D,KAAK,CAAC,cAAc,CACnB,IAAsC,EACtC,MAAe;QAEf,MAAM,GAAG,MAAM,IAAI,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACtD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QAExB,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAEvB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC;YAC5B,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChB,SAAS;YACV,CAAC;YAED,IAAI,CAAC;gBACJ,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,oBAAoB,CACjD,SAAS,EACT,MAAM,EACN,GAAG,CACH,CAAC;gBACF,IAAI,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,CAAC,CAAC;gBACb,CAAC;YACF,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,MAAM,IAAI,CAAC,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;oBAClB,GAAG;oBACH,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE;oBACrC,GAAG,EAAE,wCAAwC;iBAC7C,CAAC,CAAC,CAAC;YACL,CAAC;QACF,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAClB,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE;YACjD,GAAG,EAAE,2BAA2B;SAChC,CAAC,CAAC,CAAC;QAEJ,OAAO;YACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;YACzC,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;SACxB,CAAC;IACH,CAAC;IAEM,oBAAoB;QAC1B,OAAO,mBAAmB,CAAC;IAC5B,CAAC;CACD;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
+{"version":3,"file":"apiDnsEventEndpoint.js","sourceRoot":"","sources":["../../../src/api/admin/apiDnsEventEndpoint.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAe,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAiB,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAGpE,OAAO,EACN,mBAAmB,EACnB,cAAc,GACd,MAAM,wCAAwC,CAAC;AAKhD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC/B,KAAe,EACiD,EAAE;IAClE,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QAC1B,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;IACrC,CAAC;IACD,MAAM,GAAG,GAA4C;QACpD,MAAM,EAAE,KAAK,CAAC,MAAM;KACpB,CAAC;IACF,IAAI,OAAO,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAC3C,GAAG,CAAC,SAAS,GAAG,KAAK,CAAC,UAAU,CAAC;IAClC,CAAC;IACD,OAAO,GAAG,CAAC;AACZ,CAAC,CAAC;AAEF,MAAM,mBAAmB;IACxB,YACkB,EAAqB,EACrB,aAA8B;QAD9B,OAAE,GAAF,EAAE,CAAmB;QACrB,kBAAa,GAAb,aAAa,CAAiB;IAC7C,CAAC;IAEJ,KAAK,CAAC,cAAc,CACnB,IAAsC,EACtC,MAAe;QAEf,MAAM,GAAG,MAAM,IAAI,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACtD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QAExB,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAEvB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC;YAC5B,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChB,SAAS;YACV,CAAC;YAED,IAAI,CAAC;gBACJ,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;gBACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,oBAAoB,CACjD,SAAS,EACT,MAAM,EACN,GAAG,CACH,CAAC;gBACF,IAAI,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,CAAC,CAAC;oBACZ,MAAM,IAAI,CAAC,qBAAqB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;gBACrD,CAAC;YACF,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,MAAM,IAAI,CAAC,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;oBAClB,GAAG;oBACH,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE;oBACrC,GAAG,EAAE,wCAAwC;iBAC7C,CAAC,CAAC,CAAC;YACL,CAAC;QACF,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAClB,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE;YACjD,GAAG,EAAE,2BAA2B;SAChC,CAAC,CAAC,CAAC;QAEJ,OAAO;YACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;YACzC,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;SACxB,CAAC;IACH,CAAC;IAEM,oBAAoB;QAC1B,OAAO,mBAAmB,CAAC;IAC5B,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAClC,SAAiB,EACjB,MAAc;QAEd,IAAI,CAAC,IAAI,CAAC,aAAa;YAAE,OAAO;QAChC,IAAI,CAAC;YACJ,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,2BAA2B,CAAC,SAAS,CAAC,CAAC;YACrE,IAAI,CAAC,OAAO,EAAE,QAAQ;gBAAE,OAAO;YAC/B,MAAM,QAAQ,GAAG,MAAM,cAAc,CACpC,OAAO,CAAC,QAAQ,EAChB,IAAI,CAAC,aAAa,EAClB,OAAO,CAAC,MAAM,EAAE,EAAE,CAClB,CAAC;YACF,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YACnE,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,SAAS,EAAE;oBAC5C,eAAe,EAAE;wBAChB,GAAG,OAAO,CAAC,eAAe;wBAC1B,YAAY;qBACZ;iBACD,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBAClB,GAAG;gBACH,IAAI,EAAE,EAAE,SAAS,EAAE;gBACnB,GAAG,EAAE,wDAAwD;aAC7D,CAAC,CAAC,CAAC;QACL,CAAC;IACF,CAAC;CACD;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}

package/dist/api/admin/apiRemoveDetectorKeyEndpoint.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apiRemoveDetectorKeyEndpoint.d.ts","sourceRoot":"","sources":["../../../src/api/admin/apiRemoveDetectorKeyEndpoint.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,KAAK,MAAM,EAAa,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAE3E,KAAK,yBAAyB,GAAG,OAAO,yBAAyB,CAAC;AAElE,cAAM,4BACL,YAAW,WAAW,CAAC,yBAAyB,CAAC;IAE9B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;gBAAjB,iBAAiB,EAAE,iBAAiB;IAElE,cAAc,CACnB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,EACxC,MAAM,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,mBAAmB,CAAC;IA0BxB,oBAAoB;qBAMu0kG,EAAG,SAAS;;;;;;;;;CAH92kG;AAED,OAAO,EAAE,4BAA4B,EAAE,CAAC"}
+{"version":3,"file":"apiRemoveDetectorKeyEndpoint.d.ts","sourceRoot":"","sources":["../../../src/api/admin/apiRemoveDetectorKeyEndpoint.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,KAAK,MAAM,EAAa,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAE3E,KAAK,yBAAyB,GAAG,OAAO,yBAAyB,CAAC;AAElE,cAAM,4BACL,YAAW,WAAW,CAAC,yBAAyB,CAAC;IAE9B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;gBAAjB,iBAAiB,EAAE,iBAAiB;IAElE,cAAc,CACnB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,EACxC,MAAM,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,mBAAmB,CAAC;IA0BxB,oBAAoB;qBAM6vkG,EAAG,SAAS;;;;;;;;;CAHpykG;AAED,OAAO,EAAE,4BAA4B,EAAE,CAAC"}

package/dist/api/blacklistRequestInspector.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"blacklistRequestInspector.d.ts","sourceRoot":"","sources":["../../src/api/blacklistRequestInspector.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAa,KAAK,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,EAEN,KAAK,UAAU,EACf,KAAK,kBAAkB,EAEvB,KAAK,SAAS,EACd,KAAK,eAAe,EAEpB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE/D,eAAO,MAAM,mBAAmB,mBACf,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,QACjC,MAAM,OACP,MAAM,SACJ,MAAM,aACF,MAAM,WACR,MAAM,gBACD,MAAM,QACd,MAAM,KACV,IAAI,CACN,eAAe,EACb,QAAQ,GACR,SAAS,GACT,WAAW,GACX,IAAI,GACJ,UAAU,GACV,QAAQ,GACR,aAAa,GACb,KAAK,CAgBP,CAAC;AA+FF,eAAO,MAAM,kBAAkB,UACvB,UAAU,EAAE,WACV,SAAS,mBACD,MAAM,GAAG,SAAS,KACjC,UAAU,EAWT,CAAC;AAaL,eAAO,MAAM,wBAAwB,2BACZ,kBAAkB,aAC/B,SAAS,GAAG,eAAe,aAC3B,MAAM,KACf,OAAO,CAAC,UAAU,EAAE,CAqBtB,CAAC;AAEF,qBAAa,yBAAyB;IAEpC,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,0BAA0B;gBAD1B,sBAAsB,EAAE,kBAAkB,EAC1C,0BAA0B,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC;IAGpD,2BAA2B,CACvC,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GAChB,OAAO,CAAC,IAAI,CAAC;IAyBH,kBAAkB,CAC9B,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACpC,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,cAAc,GACrB,OAAO,CAAC,OAAO,CAAC;IAqEnB,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAInD,SAAS,CAAC,qBAAqB,CAC9B,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAClC;QACF,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;QAC3B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;KAC7B;IAcD,SAAS,CAAC,cAAc,CACvB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,GAAG,EAAE,MAAM,GACT,OAAO;CAGV"}
+{"version":3,"file":"blacklistRequestInspector.d.ts","sourceRoot":"","sources":["../../src/api/blacklistRequestInspector.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAa,KAAK,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,EAEN,KAAK,UAAU,EACf,KAAK,kBAAkB,EAEvB,KAAK,SAAS,EACd,KAAK,eAAe,EAEpB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE/D,eAAO,MAAM,mBAAmB,mBACf,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,QACjC,MAAM,OACP,MAAM,SACJ,MAAM,aACF,MAAM,WACR,MAAM,gBACD,MAAM,QACd,MAAM,KACV,IAAI,CACN,eAAe,EACb,QAAQ,GACR,SAAS,GACT,WAAW,GACX,IAAI,GACJ,UAAU,GACV,QAAQ,GACR,aAAa,GACb,KAAK,CAgBP,CAAC;AA+FF,eAAO,MAAM,kBAAkB,UACvB,UAAU,EAAE,WACV,SAAS,mBACD,MAAM,GAAG,SAAS,KACjC,UAAU,EAWT,CAAC;AAaL,eAAO,MAAM,wBAAwB,2BACZ,kBAAkB,aAC/B,SAAS,GAAG,eAAe,aAC3B,MAAM,KACf,OAAO,CAAC,UAAU,EAAE,CAqBtB,CAAC;AAEF,qBAAa,yBAAyB;IAEpC,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,0BAA0B;gBAD1B,sBAAsB,EAAE,kBAAkB,EAC1C,0BAA0B,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC;IAGpD,2BAA2B,CACvC,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GAChB,OAAO,CAAC,IAAI,CAAC;IAyBH,kBAAkB,CAC9B,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACpC,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,cAAc,GACrB,OAAO,CAAC,OAAO,CAAC;IAyEnB,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAInD,SAAS,CAAC,qBAAqB,CAC9B,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAClC;QACF,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;QAC3B,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;KAC7B;IAcD,SAAS,CAAC,cAAc,CACvB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,GAAG,EAAE,MAAM,GACT,OAAO;CAGV"}

package/dist/api/blacklistRequestInspector.js

@@ -157,10 +157,13 @@ class BlacklistRequestInspector {
         ),
         clientId
       );
-      if (!accessPolicies || accessPolicies.length === 0 || !accessPolicies[0]) {
+      const enforceable = (accessPolicies ?? []).filter(
+        (p) => !p.deferToVerify
+      );
+      if (enforceable.length === 0 || !enforceable[0]) {
         return false;
       }
-      const accessPolicy = accessPolicies[0];
+      const accessPolicy = enforceable[0];
       return AccessPolicyType.Block === accessPolicy.type;
     } catch (err) {
       logger.error(() => ({