@prosopo/types-database 4.0.6 → 4.8.0

package/dist/cjs/types/client.cjs

@@ -3,6 +3,11 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const types = require("@prosopo/types");
 const mongoose = require("mongoose");
 const IPValidationRulesSchema = new mongoose.Schema({
+  enabled: {
+    type: Boolean,
+    default: false,
+    required: true
+  },
   actions: {
     countryChangeAction: {
       type: mongoose.Schema.Types.Mixed,
@@ -61,12 +66,34 @@ const IPValidationRulesSchema = new mongoose.Schema({
   }
 });
 const UserSettingsSchema = new mongoose.Schema({
-  captchaType: String,
-  frictionlessThreshold: Number,
-  powDifficulty: Number,
-  imageThreshold: Number,
+  captchaType: {
+    type: String,
+    enum: types.CaptchaType,
+    default: types.captchaTypeDefault
+  },
+  frictionlessThreshold: {
+    type: Number,
+    default: types.frictionlessThresholdDefault
+  },
+  powDifficulty: { type: Number, default: types.powDifficultyDefault },
+  imageThreshold: {
+    type: Number,
+    default: types.imageThresholdDefault
+  },
+  imageMaxRounds: {
+    type: Number,
+    default: types.imageMaxRoundsDefault,
+    required: false
+  },
+  puzzleTolerance: {
+    type: Number,
+    required: false
+  },
   ipValidationRules: IPValidationRulesSchema,
-  domains: [String],
+  domains: {
+    type: [String],
+    default: types.domainsDefault
+  },
   disallowWebView: {
     type: Boolean,
     default: false
@@ -86,6 +113,51 @@ const UserSettingsSchema = new mongoose.Schema({
         }
       }
     }
+  },
+  spamEmailDomainCheckEnabled: {
+    type: Boolean,
+    default: false,
+    required: false
+  },
+  autoBanScoreThreshold: {
+    type: Number,
+    min: 0,
+    required: false
+  },
+  spamFilter: {
+    enabled: { type: Boolean, default: false },
+    emailRules: {
+      enabled: { type: Boolean, default: false },
+      maxLocalPartDots: { type: Number, required: false },
+      normaliseGmail: { type: Boolean, default: false },
+      useDefaultPatterns: { type: Boolean, default: false },
+      customRegexBlocklist: { type: [String], default: [] }
+    }
+  },
+  trafficFilter: {
+    blockVpn: { type: Boolean, default: false },
+    blockProxy: { type: Boolean, default: false },
+    blockTor: { type: Boolean, default: false },
+    blockAbuser: { type: Boolean, default: true },
+    abuserScoreThreshold: { type: Number, min: 0, max: 1, default: 0 },
+    blockDatacenter: { type: Boolean, default: false },
+    blockMobile: { type: Boolean, default: false },
+    blockSatellite: { type: Boolean, default: false },
+    blockCrawler: { type: Boolean, default: false }
+  },
+  storeMetadata: {
+    type: Boolean,
+    default: false,
+    required: false
+  },
+  honeypot: {
+    enabled: { type: Boolean, default: false },
+    question: { type: String, required: false },
+    encodingType: {
+      type: String,
+      enum: ["morse", "semaphore"],
+      default: "morse"
+    }
   }
 });
 const UserDataSchema = new mongoose.Schema({

package/dist/cjs/types/index.cjs

@@ -5,26 +5,23 @@ const provider = require("./provider.cjs");
 const client = require("./client.cjs");
 const captcha = require("./captcha.cjs");
 require("./userAgent.cjs");
+const spamEmailDomain = require("./spamEmailDomain.cjs");
+const bannedDomain = require("./bannedDomain.cjs");
 exports.CaptchaRecordSchema = provider.CaptchaRecordSchema;
 exports.ClientContextEntropyRecordSchema = provider.ClientContextEntropyRecordSchema;
 exports.ClientRecordSchema = provider.ClientRecordSchema;
 exports.CompositeIpAddressRecordSchemaObj = provider.CompositeIpAddressRecordSchemaObj;
-exports.CompositeIpAddressSchema = provider.CompositeIpAddressSchema;
 exports.DatasetRecordSchema = provider.DatasetRecordSchema;
+exports.DecisionMachineArtifactRecordSchema = provider.DecisionMachineArtifactRecordSchema;
 exports.DetectorRecordSchema = provider.DetectorRecordSchema;
-exports.IpAddressType = provider.IpAddressType;
-exports.PendingRecordSchema = provider.PendingRecordSchema;
 exports.PoWCaptchaRecordSchema = provider.PoWCaptchaRecordSchema;
+exports.PuzzleCaptchaRecordSchema = provider.PuzzleCaptchaRecordSchema;
 exports.ScheduledTaskRecordSchema = provider.ScheduledTaskRecordSchema;
 exports.ScheduledTaskSchema = provider.ScheduledTaskSchema;
 exports.SessionRecordSchema = provider.SessionRecordSchema;
 exports.SolutionRecordSchema = provider.SolutionRecordSchema;
 exports.UserCommitmentRecordSchema = provider.UserCommitmentRecordSchema;
-exports.UserCommitmentSchema = provider.UserCommitmentSchema;
-exports.UserCommitmentWithSolutionsSchema = provider.UserCommitmentWithSolutionsSchema;
 exports.UserSolutionRecordSchema = provider.UserSolutionRecordSchema;
-exports.UserSolutionSchema = provider.UserSolutionSchema;
-exports.parseMongooseCompositeIpAddress = provider.parseMongooseCompositeIpAddress;
 exports.AccountSchema = client.AccountSchema;
 exports.IPValidationRulesSchema = client.IPValidationRulesSchema;
 exports.TableNames = client.TableNames;
@@ -33,3 +30,5 @@ exports.UserSettingsSchema = client.UserSettingsSchema;
 exports.StoredPoWCaptchaRecordSchema = captcha.StoredPoWCaptchaRecordSchema;
 exports.StoredSessionRecordSchema = captcha.StoredSessionRecordSchema;
 exports.StoredUserCommitmentRecordSchema = captcha.StoredUserCommitmentRecordSchema;
+exports.SpamEmailDomainRecordSchema = spamEmailDomain.SpamEmailDomainRecordSchema;
+exports.BannedDomainRecordSchema = bannedDomain.BannedDomainRecordSchema;

package/dist/cjs/types/provider.cjs

@@ -9,23 +9,12 @@ const ONE_HOUR = 60 * 60;
 const ONE_DAY = ONE_HOUR * 24;
 const ONE_WEEK = ONE_DAY * 7;
 const ONE_MONTH = ONE_WEEK * 4;
-const TEN_MINUTES = 10 * 60;
 const ClientRecordSchema = new mongoose.Schema({
   account: String,
   settings: client.UserSettingsSchema,
   tier: { type: String, enum: types.Tier, required: true }
 });
 ClientRecordSchema.index({ account: 1 });
-var IpAddressType = /* @__PURE__ */ ((IpAddressType2) => {
-  IpAddressType2["v4"] = "v4";
-  IpAddressType2["v6"] = "v6";
-  return IpAddressType2;
-})(IpAddressType || {});
-const CompositeIpAddressSchema = zod.object({
-  lower: zod.bigint(),
-  upper: zod.bigint().optional(),
-  type: zod.nativeEnum(IpAddressType)
-});
 const CompositeIpAddressRecordSchemaObj = {
   lower: {
     // INT64 isn't enough capable - it reserves extra bits for the sign bit, etc, so Decimal128 guarantees no overflow
@@ -41,40 +30,8 @@ const CompositeIpAddressRecordSchemaObj = {
     // without casting to string Mongoose not able to set bigint to Decimal128
     set: (value) => "bigint" === typeof value ? value.toString() : value
   },
-  type: { type: String, enum: IpAddressType, required: true }
-};
-const parseMongooseCompositeIpAddress = (ip) => {
-  return {
-    lower: BigInt(ip.lower.$numberDecimal ?? ip.lower),
-    upper: ip.upper ? BigInt(ip.upper?.$numberDecimal ?? ip.upper) : void 0,
-    type: ip.type
-  };
+  type: { type: String, enum: types.IpAddressType, required: true }
 };
-const CaptchaResultSchema = zod.object({
-  status: zod.nativeEnum(types.CaptchaStatus),
-  reason: locale.TranslationKeysSchema.optional(),
-  error: zod.string().optional()
-});
-const UserCommitmentSchema = zod.object({
-  userAccount: zod.string(),
-  dappAccount: zod.string(),
-  datasetId: zod.string(),
-  providerAccount: zod.string(),
-  id: zod.string(),
-  result: CaptchaResultSchema,
-  userSignature: zod.string(),
-  ipAddress: CompositeIpAddressSchema,
-  providedIp: CompositeIpAddressSchema.optional(),
-  headers: zod.object({}).catchall(zod.string()),
-  ja4: zod.string(),
-  userSubmitted: zod.boolean(),
-  serverChecked: zod.boolean(),
-  storedAtTimestamp: zod.date().optional(),
-  requestedAtTimestamp: zod.date(),
-  lastUpdatedTimestamp: zod.date().optional(),
-  sessionId: zod.string().optional(),
-  coords: zod.array(zod.array(zod.array(zod.number()))).optional()
-});
 const CaptchaRecordSchema = new mongoose.Schema({
   captchaId: { type: String, required: true },
   captchaContentId: { type: String, required: true },
@@ -122,26 +79,171 @@ const PoWCaptchaRecordSchema = new mongoose.Schema({
     type: new mongoose.Schema(CompositeIpAddressRecordSchemaObj, { _id: false }),
     required: false
   },
+  metadata: {
+    type: new mongoose.Schema(
+      { email: { type: String, required: false } },
+      { _id: false }
+    ),
+    required: false
+  },
+  clientMetaData: {
+    type: new mongoose.Schema({ hp: { type: String, required: false } }, { _id: false }),
+    required: false
+  },
   headers: { type: Object, required: true },
   ja4: { type: String, required: true },
   userSignature: { type: String, required: false },
   userSubmitted: { type: Boolean, required: true },
   serverChecked: { type: Boolean, required: true },
   storedAtTimestamp: { type: Date, required: false, expires: ONE_MONTH },
-  geolocation: { type: String, required: false },
-  vpn: { type: Boolean, required: false },
+  // See `StoredCaptcha.pendingStage` — `true` while the record has
+  // unstaged changes. Indexed via a tiny partial index so the
+  // StoreCommitmentsExternal sweep scans only pending rows instead of
+  // the whole collection.
+  pendingStage: { type: Boolean, required: false },
+  // Full ipinfo payload. Replaces the flat `vpn`, `countryCode`,
+  // `geolocation` and other per-flag fields — consumers narrow on
+  // `ipInfo.isValid` and read whichever sub-field they need.
+  ipInfo: { type: Object, required: false },
   parsedUserAgentInfo: { type: Object, required: false },
   sessionId: {
     type: String,
     required: false
   },
-  coords: { type: [[[Number]]], required: false }
+  coords: { type: [[[Number]]], required: false },
+  // Current behavioral data storage format (packed)
+  deviceCapability: { type: String, required: false },
+  behavioralDataPacked: {
+    type: {
+      c1: { type: [mongoose.Schema.Types.Mixed], required: true },
+      c2: { type: [mongoose.Schema.Types.Mixed], required: true },
+      c3: { type: [mongoose.Schema.Types.Mixed], required: true },
+      d: { type: String, required: true }
+    },
+    required: false
+  },
+  providerSignature: { type: String, required: true },
+  // Internal ML labelling applied by superadmins via the audit page.
+  label: { type: String, enum: Object.values(types.CaptchaLabel), required: false },
+  labelReason: { type: String, required: false },
+  labelledBy: { type: String, required: false },
+  labelledAt: { type: Date, required: false }
 });
 PoWCaptchaRecordSchema.index({ challenge: 1 });
-PoWCaptchaRecordSchema.index({ storedAtTimestamp: 1, lastUpdatedTimestamp: 1 });
+PoWCaptchaRecordSchema.index({ label: 1, dappAccount: 1 });
+PoWCaptchaRecordSchema.index({ lastUpdatedTimestamp: 1 });
 PoWCaptchaRecordSchema.index({ dappAccount: 1, requestedAtTimestamp: 1 });
 PoWCaptchaRecordSchema.index({ "ipAddress.lower": 1 });
 PoWCaptchaRecordSchema.index({ "ipAddress.upper": 1 });
+PoWCaptchaRecordSchema.index({ "result.reason": 1 });
+PoWCaptchaRecordSchema.index({ "ipInfo.countryCode": 1 });
+PoWCaptchaRecordSchema.index({ "ipInfo.isVPN": 1 });
+PoWCaptchaRecordSchema.index({ ipInfo: 1 });
+PoWCaptchaRecordSchema.index({ parsedUserAgentInfo: 1 });
+PoWCaptchaRecordSchema.index(
+  { pendingStage: 1 },
+  {
+    name: "pendingStage_partial",
+    partialFilterExpression: { pendingStage: true }
+  }
+);
+const PuzzleCaptchaRecordSchema = new mongoose.Schema({
+  challenge: { type: String, required: true },
+  dappAccount: { type: String, required: true },
+  userAccount: { type: String, required: true },
+  requestedAtTimestamp: { type: Date, required: true },
+  lastUpdatedTimestamp: { type: Date, required: false },
+  result: {
+    status: { type: String, enum: types.CaptchaStatus, required: true },
+    reason: {
+      type: String,
+      enum: locale.TranslationKeysSchema.options,
+      required: false
+    },
+    error: { type: String, required: false }
+  },
+  targetX: { type: Number, required: true },
+  targetY: { type: Number, required: true },
+  originX: { type: Number, required: true },
+  originY: { type: Number, required: true },
+  tolerance: { type: Number, required: true },
+  puzzleEvents: {
+    type: [
+      new mongoose.Schema(
+        {
+          x: { type: Number, required: true },
+          y: { type: Number, required: true },
+          t: { type: Number, required: true }
+        },
+        { _id: false }
+      )
+    ],
+    required: false
+  },
+  ipAddress: CompositeIpAddressRecordSchemaObj,
+  providedIp: {
+    type: new mongoose.Schema(CompositeIpAddressRecordSchemaObj, { _id: false }),
+    required: false
+  },
+  metadata: {
+    type: new mongoose.Schema(
+      { email: { type: String, required: false } },
+      { _id: false }
+    ),
+    required: false
+  },
+  clientMetaData: {
+    type: new mongoose.Schema({ hp: { type: String, required: false } }, { _id: false }),
+    required: false
+  },
+  headers: { type: Object, required: true },
+  ja4: { type: String, required: true },
+  userSignature: { type: String, required: false },
+  userSubmitted: { type: Boolean, required: true },
+  serverChecked: { type: Boolean, required: true },
+  storedAtTimestamp: { type: Date, required: false, expires: ONE_MONTH },
+  // See `StoredCaptcha.pendingStage`.
+  pendingStage: { type: Boolean, required: false },
+  // Full ipinfo payload. Replaces the flat `vpn`, `countryCode`,
+  // `geolocation` and other per-flag fields — consumers narrow on
+  // `ipInfo.isValid` and read whichever sub-field they need.
+  ipInfo: { type: Object, required: false },
+  parsedUserAgentInfo: { type: Object, required: false },
+  sessionId: {
+    type: String,
+    required: false
+  },
+  coords: { type: [[[Number]]], required: false },
+  // Current behavioral data storage format (packed)
+  deviceCapability: { type: String, required: false },
+  behavioralDataPacked: {
+    type: {
+      c1: { type: [mongoose.Schema.Types.Mixed], required: true },
+      c2: { type: [mongoose.Schema.Types.Mixed], required: true },
+      c3: { type: [mongoose.Schema.Types.Mixed], required: true },
+      d: { type: String, required: true }
+    },
+    required: false
+  },
+  providerSignature: { type: String, required: true }
+});
+PuzzleCaptchaRecordSchema.index({ challenge: 1 });
+PuzzleCaptchaRecordSchema.index({ lastUpdatedTimestamp: 1 });
+PuzzleCaptchaRecordSchema.index({ dappAccount: 1, requestedAtTimestamp: 1 });
+PuzzleCaptchaRecordSchema.index({ "ipAddress.lower": 1 });
+PuzzleCaptchaRecordSchema.index({ "ipAddress.upper": 1 });
+PuzzleCaptchaRecordSchema.index({ "result.reason": 1 });
+PuzzleCaptchaRecordSchema.index({ "ipInfo.countryCode": 1 });
+PuzzleCaptchaRecordSchema.index({ "ipInfo.isVPN": 1 });
+PuzzleCaptchaRecordSchema.index({ ipInfo: 1 });
+PuzzleCaptchaRecordSchema.index({ parsedUserAgentInfo: 1 });
+PuzzleCaptchaRecordSchema.index(
+  { pendingStage: 1 },
+  {
+    name: "pendingStage_partial",
+    partialFilterExpression: { pendingStage: true }
+  }
+);
 const UserCommitmentRecordSchema = new mongoose.Schema({
   userAccount: { type: String, required: true },
   dappAccount: { type: String, required: true },
@@ -162,6 +264,17 @@ const UserCommitmentRecordSchema = new mongoose.Schema({
     type: new mongoose.Schema(CompositeIpAddressRecordSchemaObj, { _id: false }),
     required: false
   },
+  metadata: {
+    type: new mongoose.Schema(
+      { email: { type: String, required: false } },
+      { _id: false }
+    ),
+    required: false
+  },
+  clientMetaData: {
+    type: new mongoose.Schema({ hp: { type: String, required: false } }, { _id: false }),
+    required: false
+  },
   headers: { type: Object, required: true },
   ja4: { type: String, required: true },
   userSignature: { type: String, required: true },
@@ -170,23 +283,63 @@ const UserCommitmentRecordSchema = new mongoose.Schema({
   storedAtTimestamp: { type: Date, required: false, expires: ONE_MONTH },
   requestedAtTimestamp: { type: Date, required: true },
   lastUpdatedTimestamp: { type: Date, required: false },
-  geolocation: { type: String, required: false },
-  vpn: { type: Boolean, required: false },
+  // See `StoredCaptcha.pendingStage`.
+  pendingStage: { type: Boolean, required: false },
+  // Full ipinfo payload. Replaces the flat `vpn`, `countryCode`,
+  // `geolocation` and other per-flag fields — consumers narrow on
+  // `ipInfo.isValid` and read whichever sub-field they need.
+  ipInfo: { type: Object, required: false },
   parsedUserAgentInfo: { type: Object, required: false },
   sessionId: {
     type: String,
     required: false
   },
-  coords: { type: [[[Number]]], required: false }
+  coords: { type: [[[Number]]], required: false },
+  // Pending request fields for image captcha workflow
+  pending: { type: Boolean, required: true },
+  salt: { type: String, required: true },
+  requestHash: { type: String, required: true },
+  deadlineTimestamp: { type: Date, required: true },
+  threshold: { type: Number, required: true },
+  // Current behavioral data storage format (packed)
+  deviceCapability: { type: String, required: false },
+  behavioralDataPacked: {
+    type: {
+      c1: { type: [mongoose.Schema.Types.Mixed], required: true },
+      c2: { type: [mongoose.Schema.Types.Mixed], required: true },
+      c3: { type: [mongoose.Schema.Types.Mixed], required: true },
+      d: { type: String, required: true }
+    },
+    required: false
+  },
+  // Internal ML labelling applied by superadmins via the audit page.
+  label: { type: String, enum: Object.values(types.CaptchaLabel), required: false },
+  labelReason: { type: String, required: false },
+  labelledBy: { type: String, required: false },
+  labelledAt: { type: Date, required: false }
 });
 UserCommitmentRecordSchema.index({ id: -1 });
+UserCommitmentRecordSchema.index({ label: 1, dappAccount: 1 });
 UserCommitmentRecordSchema.index({
-  storedAtTimestamp: 1,
   lastUpdatedTimestamp: 1
 });
 UserCommitmentRecordSchema.index({ userAccount: 1, dappAccount: 1 });
 UserCommitmentRecordSchema.index({ "ipAddress.lower": 1 });
 UserCommitmentRecordSchema.index({ "ipAddress.upper": 1 });
+UserCommitmentRecordSchema.index({ "result.reason": 1 });
+UserCommitmentRecordSchema.index({ "ipInfo.countryCode": 1 });
+UserCommitmentRecordSchema.index({ "ipInfo.isVPN": 1 });
+UserCommitmentRecordSchema.index({ requestHash: -1 });
+UserCommitmentRecordSchema.index({ pending: 1 });
+UserCommitmentRecordSchema.index({ ipInfo: 1 });
+UserCommitmentRecordSchema.index({ parsedUserAgentInfo: 1 });
+UserCommitmentRecordSchema.index(
+  { pendingStage: 1 },
+  {
+    name: "pendingStage_partial",
+    partialFilterExpression: { pendingStage: true }
+  }
+);
 const DatasetRecordSchema = new mongoose.Schema({
   contentTree: { type: [[String]], required: true },
   datasetContentId: { type: String, required: true },
@@ -204,12 +357,6 @@ const SolutionRecordSchema = new mongoose.Schema({
   solution: { type: [String], required: true }
 });
 SolutionRecordSchema.index({ captchaId: 1 });
-const UserSolutionSchema = types.CaptchaSolutionSchema.extend({
-  processed: zod.boolean(),
-  checked: zod.boolean(),
-  commitmentId: zod.string(),
-  createdAt: zod.date()
-});
 const UserSolutionRecordSchema = new mongoose.Schema(
   {
     captchaId: { type: String, required: true },
@@ -225,25 +372,6 @@ const UserSolutionRecordSchema = new mongoose.Schema(
 );
 UserSolutionRecordSchema.index({ captchaId: 1 });
 UserSolutionRecordSchema.index({ commitmentId: -1 });
-const UserCommitmentWithSolutionsSchema = UserCommitmentSchema.extend({
-  captchas: zod.array(UserSolutionSchema)
-});
-const PendingRecordSchema = new mongoose.Schema({
-  accountId: { type: String, required: true },
-  pending: { type: Boolean, required: true },
-  salt: { type: String, required: true },
-  requestHash: { type: String, required: true },
-  deadlineTimestamp: { type: Number, required: true },
-  // unix timestamp
-  requestedAtTimestamp: { type: Date, required: true, expires: ONE_WEEK },
-  ipAddress: CompositeIpAddressRecordSchemaObj,
-  sessionId: {
-    type: String,
-    required: false
-  },
-  threshold: { type: Number, required: true, default: 0.8 }
-});
-PendingRecordSchema.index({ requestHash: -1 });
 const ScheduledTaskSchema = zod.object({
   processName: zod.nativeEnum(types.ScheduledTaskNames),
   datetime: zod.date(),
@@ -285,28 +413,98 @@ const SessionRecordSchema = new mongoose.Schema({
     timeout: { type: Number, required: false },
     accessPolicy: { type: Number, required: false },
     unverifiedHost: { type: Number, required: false },
-    webView: { type: Number, required: false }
+    webView: { type: Number, required: false },
+    triggeredDetectors: { type: [Number], required: false }
   },
   providerSelectEntropy: { type: Number, required: true },
   ipAddress: CompositeIpAddressRecordSchemaObj,
   captchaType: { type: String, enum: types.CaptchaType, required: true },
+  mode: { type: String, enum: types.ModeEnum, required: false },
   solvedImagesCount: { type: Number, required: false },
   powDifficulty: { type: Number, required: false },
   storedAtTimestamp: { type: Date, required: false, expires: ONE_DAY },
   lastUpdatedTimestamp: { type: Date, required: false },
+  // See `StoredCaptcha.pendingStage` — same semantics on Session records.
+  pendingStage: { type: Boolean, required: false },
   deleted: { type: Boolean, required: false },
   userSitekeyIpHash: { type: String, required: false },
   webView: { type: Boolean, required: true, default: false },
   iFrame: { type: Boolean, required: true, default: false },
   decryptedHeadHash: { type: String, required: false, default: "" },
-  reason: { type: String, required: false }
+  siteKey: { type: String, required: false },
+  reason: { type: String, required: false },
+  blocked: { type: Boolean, required: false },
+  // Full ipinfo payload — replaces flat `countryCode` / `geolocation`
+  // fields. Mirrors the captcha record schemas (PoW / Puzzle /
+  // UserCommitment).
+  ipInfo: { type: Object, required: false },
+  headers: { type: Object, required: false },
+  result: {
+    type: new mongoose.Schema(
+      {
+        status: {
+          type: String,
+          enum: Object.values(types.CaptchaStatus),
+          required: true
+        },
+        reason: { type: String, required: false },
+        error: { type: String, required: false }
+      },
+      { _id: false }
+    ),
+    required: false
+  },
+  userSubmitted: { type: Boolean, required: false },
+  serverChecked: { type: Boolean, required: false },
+  // WASM SIMD CPU fingerprint readings collected by the catcher client.
+  // Stored as a free-form Mixed sub-document because the shape is a
+  // discriminated union and the dataset is still evolving — Zod validates
+  // at the boundary, Mongoose just persists it.
+  simdReadings: { type: mongoose.Schema.Types.Mixed, required: false },
+  // Stage at which the SIMD readings first arrived on this session
+  // (frictionless / challenge / submit). First-hop-wins.
+  simdReadingsStage: { type: String, required: false },
+  // DNS observation merge target. Populated by
+  // POST /v1/prosopo/provider/admin/dns/event from the dns-event
+  // sidecar (see types/provider/database.ts → Session.dnsEvent).
+  dnsEvent: {
+    type: new mongoose.Schema(
+      {
+        resolverIp: { type: String, required: false },
+        peerIp: { type: String, required: false },
+        pathValid: { type: Boolean, required: false },
+        receivedAt: { type: Date, required: true }
+      },
+      { _id: false }
+    ),
+    required: false
+  }
 });
 SessionRecordSchema.index({ createdAt: 1 });
 SessionRecordSchema.index({ deleted: 1 });
+SessionRecordSchema.index({ blocked: 1 });
 SessionRecordSchema.index({ sessionId: 1 }, { unique: true });
 SessionRecordSchema.index({ userSitekeyIpHash: 1 });
 SessionRecordSchema.index({ providerSelectEntropy: 1 });
 SessionRecordSchema.index({ token: 1 });
+SessionRecordSchema.index({ siteKey: 1 }, { background: true, sparse: true });
+SessionRecordSchema.index({
+  createdAt: 1,
+  captchaType: 1,
+  "scoreComponents.baseScore": 1
+});
+SessionRecordSchema.index({ createdAt: 1, deleted: 1 });
+SessionRecordSchema.index(
+  { "result.status": 1 },
+  { background: true, sparse: true }
+);
+SessionRecordSchema.index(
+  { pendingStage: 1 },
+  {
+    name: "pendingStage_partial",
+    partialFilterExpression: { pendingStage: true }
+  }
+);
 const DetectorRecordSchema = new mongoose.Schema({
   createdAt: { type: Date, required: true },
   detectorKey: { type: String, required: true },
@@ -314,6 +512,39 @@ const DetectorRecordSchema = new mongoose.Schema({
 });
 DetectorRecordSchema.index({ createdAt: 1 }, { unique: true });
 DetectorRecordSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
+const DecisionMachineArtifactRecordSchema = new mongoose.Schema({
+  scope: {
+    type: String,
+    enum: Object.values(types.DecisionMachineScope),
+    required: true
+  },
+  dappAccount: { type: String, required: false },
+  runtime: {
+    type: String,
+    enum: Object.values(types.DecisionMachineRuntime),
+    required: true
+  },
+  language: {
+    type: String,
+    enum: Object.values(types.DecisionMachineLanguage),
+    required: false
+  },
+  source: { type: String, required: true },
+  name: { type: String, required: false },
+  version: { type: String, required: false },
+  captchaType: {
+    type: String,
+    enum: [types.CaptchaType.pow, types.CaptchaType.image],
+    required: false
+  },
+  createdAt: { type: Date, required: true },
+  updatedAt: { type: Date, required: true }
+});
+DecisionMachineArtifactRecordSchema.index(
+  { scope: 1, dappAccount: 1 },
+  { unique: true }
+);
+DecisionMachineArtifactRecordSchema.index({ updatedAt: -1 });
 const ClientContextEntropyRecordSchema = new mongoose.Schema(
   {
     account: { type: String, required: true },
@@ -334,19 +565,14 @@ exports.CaptchaRecordSchema = CaptchaRecordSchema;
 exports.ClientContextEntropyRecordSchema = ClientContextEntropyRecordSchema;
 exports.ClientRecordSchema = ClientRecordSchema;
 exports.CompositeIpAddressRecordSchemaObj = CompositeIpAddressRecordSchemaObj;
-exports.CompositeIpAddressSchema = CompositeIpAddressSchema;
 exports.DatasetRecordSchema = DatasetRecordSchema;
+exports.DecisionMachineArtifactRecordSchema = DecisionMachineArtifactRecordSchema;
 exports.DetectorRecordSchema = DetectorRecordSchema;
-exports.IpAddressType = IpAddressType;
-exports.PendingRecordSchema = PendingRecordSchema;
 exports.PoWCaptchaRecordSchema = PoWCaptchaRecordSchema;
+exports.PuzzleCaptchaRecordSchema = PuzzleCaptchaRecordSchema;
 exports.ScheduledTaskRecordSchema = ScheduledTaskRecordSchema;
 exports.ScheduledTaskSchema = ScheduledTaskSchema;
 exports.SessionRecordSchema = SessionRecordSchema;
 exports.SolutionRecordSchema = SolutionRecordSchema;
 exports.UserCommitmentRecordSchema = UserCommitmentRecordSchema;
-exports.UserCommitmentSchema = UserCommitmentSchema;
-exports.UserCommitmentWithSolutionsSchema = UserCommitmentWithSolutionsSchema;
 exports.UserSolutionRecordSchema = UserSolutionRecordSchema;
-exports.UserSolutionSchema = UserSolutionSchema;
-exports.parseMongooseCompositeIpAddress = parseMongooseCompositeIpAddress;

package/dist/cjs/types/spamEmailDomain.cjs

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const mongoose = require("mongoose");
+const SpamEmailDomainRecordSchema = new mongoose.Schema({
+  domain: { type: String, required: true, unique: true }
+});
+SpamEmailDomainRecordSchema.index({ domain: 1 });
+exports.SpamEmailDomainRecordSchema = SpamEmailDomainRecordSchema;

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./types/index.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAaA,cAAc,kBAAkB,CAAC"}