@striae-org/striae 3.2.0 → 3.2.2

package/app/routes/striae/striae.tsx

@@ -1,4 +1,4 @@
-import { User } from 'firebase/auth';
+import type { User } from 'firebase/auth';
 import { useState, useEffect } from 'react';
 import { SidebarContainer } from '~/components/sidebar/sidebar-container';
 import { Toolbar } from '~/components/toolbar/toolbar';
@@ -9,7 +9,7 @@ import { getNotes, saveNotes } from '~/components/actions/notes-manage';
 import { generatePDF } from '~/components/actions/generate-pdf';
 import { getUserApiKey } from '~/utils/auth';
 import { resolveEarliestAnnotationTimestamp } from '~/utils/annotation-timestamp';
-import { AnnotationData, FileData } from '~/types';
+import { type AnnotationData, type FileData } from '~/types';
 import { checkCaseIsReadOnly } from '~/components/actions/case-manage';
 import paths from '~/config/config.json';
 import styles from './striae.module.css';

package/app/services/audit/audit-console-logger.ts

@@ -0,0 +1,46 @@
+import { type ValidationAuditEntry } from '~/types';
+
+export const getAuditSecurityIssuesForConsole = (
+  entry: ValidationAuditEntry
+): string[] => {
+  const checks = entry.details.securityChecks;
+  if (!checks) {
+    return [];
+  }
+
+  const securityIssues = [];
+
+  // For console diagnostics, self-confirmation is relevant for import actions only.
+  if (entry.action === 'import' && checks.selfConfirmationPrevented === true) {
+    securityIssues.push('selfConfirmationPrevented');
+  }
+
+  if (checks.fileIntegrityValid === false) {
+    securityIssues.push('fileIntegrityValid');
+  }
+
+  if (checks.exporterUidValidated === false) {
+    securityIssues.push('exporterUidValidated');
+  }
+
+  return securityIssues;
+};
+
+export const logAuditEntryToConsole = (entry: ValidationAuditEntry): void => {
+  const icon = entry.result === 'success' ? '✅' :
+    entry.result === 'failure' ? '❌' : '⚠️';
+
+  console.log(
+    `${icon} Audit [${entry.action.toUpperCase()}]: ${entry.details.fileName} ` +
+    `(Case: ${entry.details.caseNumber || 'N/A'}) - ${entry.result.toUpperCase()}`
+  );
+
+  if (entry.details.validationErrors.length > 0) {
+    console.log('   Errors:', entry.details.validationErrors);
+  }
+
+  const securityIssues = getAuditSecurityIssuesForConsole(entry);
+  if (securityIssues.length > 0) {
+    console.warn('   Security Issues:', securityIssues);
+  }
+};

package/app/services/audit/audit-export-csv.ts

@@ -0,0 +1,126 @@
+import { type ValidationAuditEntry } from '~/types';
+
+export const AUDIT_CSV_ENTRY_HEADERS = [
+  'Timestamp',
+  'User Email',
+  'Action',
+  'Result',
+  'File Name',
+  'File Type',
+  'Case Number',
+  'Confirmation ID',
+  'Original Examiner UID',
+  'Reviewing Examiner UID',
+  'File ID',
+  'Original Filename',
+  'File Size (MB)',
+  'MIME Type',
+  'Upload Method',
+  'Delete Reason',
+  'Annotation ID',
+  'Annotation Type',
+  'Annotation Tool',
+  'Session ID',
+  'User Agent',
+  'Processing Time (ms)',
+  'Hash Valid',
+  'Validation Errors',
+  'Security Issues',
+  'Workflow Phase',
+  'Profile Field',
+  'Old Value',
+  'New Value',
+  'Total Confirmations In File',
+  'Confirmations Successfully Imported',
+  'Validation Steps Failed',
+  'Case Name',
+  'Total Files',
+  'MFA Method',
+  'Security Incident Type',
+  'Security Severity'
+];
+
+export const formatForCSV = (value?: string | number | null): string => {
+  if (value === undefined || value === null) return '';
+  const str = String(value);
+  if (str.includes(',') || str.includes('"') || str.includes('\n')) {
+    return `"${str.replace(/"/g, '""')}"`;
+  }
+  return str;
+};
+
+const getSecurityIssues = (entry: ValidationAuditEntry): string => {
+  const securityChecks = entry.details.securityChecks;
+  if (!securityChecks) {
+    return '';
+  }
+
+  const issues = [];
+
+  if (securityChecks.selfConfirmationPrevented === true) {
+    issues.push('selfConfirmationPrevented');
+  }
+
+  if (securityChecks.fileIntegrityValid === false) {
+    issues.push('fileIntegrityValid');
+  }
+
+  if (securityChecks.exporterUidValidated === false) {
+    issues.push('exporterUidValidated');
+  }
+
+  return issues.join('; ');
+};
+
+export const entryToCSVRow = (entry: ValidationAuditEntry): string => {
+  const fileDetails = entry.details.fileDetails;
+  const annotationDetails = entry.details.annotationDetails;
+  const sessionDetails = entry.details.sessionDetails;
+  const userProfileDetails = entry.details.userProfileDetails;
+  const caseDetails = entry.details.caseDetails;
+  const performanceMetrics = entry.details.performanceMetrics;
+  const securityDetails = entry.details.securityDetails;
+  const securityIssues = getSecurityIssues(entry);
+
+  const values = [
+    formatForCSV(entry.timestamp),
+    formatForCSV(entry.userEmail),
+    formatForCSV(entry.action),
+    formatForCSV(entry.result),
+    formatForCSV(entry.details.fileName),
+    formatForCSV(entry.details.fileType),
+    formatForCSV(entry.details.caseNumber),
+    formatForCSV(entry.details.confirmationId),
+    formatForCSV(entry.details.originalExaminerUid),
+    formatForCSV(entry.details.reviewingExaminerUid),
+    formatForCSV(fileDetails?.fileId),
+    formatForCSV(fileDetails?.originalFileName),
+    fileDetails?.fileSize ? (fileDetails.fileSize / 1024 / 1024).toFixed(2) : '',
+    formatForCSV(fileDetails?.mimeType),
+    formatForCSV(fileDetails?.uploadMethod),
+    formatForCSV(fileDetails?.deleteReason),
+    formatForCSV(annotationDetails?.annotationId),
+    formatForCSV(annotationDetails?.annotationType),
+    formatForCSV(annotationDetails?.tool),
+    formatForCSV(sessionDetails?.sessionId),
+    formatForCSV(sessionDetails?.userAgent),
+    performanceMetrics?.processingTimeMs || '',
+    entry.details.hashValid !== undefined ? (entry.details.hashValid ? 'Yes' : 'No') : '',
+    formatForCSV(entry.details.validationErrors?.join('; ')),
+    formatForCSV(securityIssues),
+    formatForCSV(entry.details.workflowPhase),
+    formatForCSV(userProfileDetails?.profileField),
+    formatForCSV(userProfileDetails?.oldValue),
+    formatForCSV(userProfileDetails?.newValue),
+    caseDetails?.totalAnnotations?.toString() || '',
+    performanceMetrics?.validationStepsCompleted?.toString() || '',
+    performanceMetrics?.validationStepsFailed?.toString() || '',
+    formatForCSV(caseDetails?.newCaseName || caseDetails?.oldCaseName),
+    caseDetails?.totalFiles?.toString() || '',
+    formatForCSV(securityDetails?.mfaMethod),
+    formatForCSV(securityDetails?.incidentType),
+    formatForCSV(securityDetails?.severity)
+  ];
+
+  return values.join(',');
+};

package/app/services/audit/audit-export-report.ts

@@ -0,0 +1,174 @@
+import { type AuditTrail, type ValidationAuditEntry } from '~/types';
+
+const calculateDuration = (start: string, end: string): string => {
+  const startTime = new Date(start).getTime();
+  const endTime = new Date(end).getTime();
+  const durationMs = endTime - startTime;
+
+  const hours = Math.floor(durationMs / (1000 * 60 * 60));
+  const minutes = Math.floor((durationMs % (1000 * 60 * 60)) / (1000 * 60));
+  const seconds = Math.floor((durationMs % (1000 * 60)) / 1000);
+
+  if (hours > 0) {
+    return `${hours}h ${minutes}m ${seconds}s`;
+  }
+
+  if (minutes > 0) {
+    return `${minutes}m ${seconds}s`;
+  }
+
+  return `${seconds}s`;
+};
+
+const generateSecurityAnalysis = (entries: ValidationAuditEntry[]): string => {
+  const securityEntries = entries.filter(entry => entry.details.securityChecks);
+
+  if (securityEntries.length === 0) {
+    return 'No security-sensitive operations detected.';
+  }
+
+  let selfConfirmationAttempts = 0;
+  let fileIntegrityFailures = 0;
+  let exporterValidationFailures = 0;
+  let legitimateImports = 0;
+
+  securityEntries.forEach(entry => {
+    const checks = entry.details.securityChecks!;
+
+    if (checks.selfConfirmationPrevented === true) {
+      selfConfirmationAttempts++;
+    }
+    if (checks.fileIntegrityValid === false) {
+      fileIntegrityFailures++;
+    }
+    if (checks.exporterUidValidated === false) {
+      exporterValidationFailures++;
+    }
+
+    if (
+      entry.action === 'import' &&
+      entry.details.workflowPhase === 'confirmation' &&
+      entry.result === 'success' &&
+      checks.selfConfirmationPrevented === false
+    ) {
+      legitimateImports++;
+    }
+  });
+
+  return [
+    `Total Security-Sensitive Operations: ${securityEntries.length}`,
+    `Legitimate Confirmation Imports: ${legitimateImports}`,
+    `Self-Confirmation Attempts Blocked: ${selfConfirmationAttempts}`,
+    `File Integrity Failures: ${fileIntegrityFailures}`,
+    `Exporter Validation Failures: ${exporterValidationFailures}`,
+    '',
+    selfConfirmationAttempts === 0 && fileIntegrityFailures === 0 && exporterValidationFailures === 0
+      ? '✅ No security violations detected'
+      : '⚠️ Security violations detected - review required'
+  ].join('\n');
+};
+
+const generateConfirmationSummary = (entries: ValidationAuditEntry[]): string => {
+  const confirmationEntries = entries.filter(entry =>
+    entry.details.workflowPhase === 'confirmation' ||
+    (entry.action === 'import' && entry.details.fileType === 'confirmation-data')
+  );
+
+  if (confirmationEntries.length === 0) {
+    return 'No confirmation workflow operations detected.';
+  }
+
+  const imports = confirmationEntries.filter(entry => entry.action === 'import');
+  const exports = confirmationEntries.filter(entry => entry.action === 'export');
+  const creations = confirmationEntries.filter(entry => entry.action === 'confirm');
+
+  let totalConfirmationsImported = 0;
+  let totalConfirmationsInFiles = 0;
+  const reviewingExaminers = new Set<string>();
+
+  imports.forEach(entry => {
+    const metrics = entry.details.performanceMetrics;
+    const caseDetails = entry.details.caseDetails;
+
+    if (metrics?.validationStepsCompleted) {
+      totalConfirmationsImported += metrics.validationStepsCompleted;
+    }
+    if (caseDetails?.totalAnnotations) {
+      totalConfirmationsInFiles += caseDetails.totalAnnotations;
+    }
+    if (entry.details.reviewingExaminerUid) {
+      reviewingExaminers.add(entry.details.reviewingExaminerUid);
+    }
+  });
+
+  return [
+    `Confirmation Operations: ${confirmationEntries.length}`,
+    `- Imports: ${imports.length}`,
+    `- Exports: ${exports.length}`,
+    `- Creations: ${creations.length}`,
+    '',
+    `Total Confirmations Imported: ${totalConfirmationsImported}`,
+    `Total Confirmations in Import Files: ${totalConfirmationsInFiles}`,
+    `Reviewing Examiners Involved: ${reviewingExaminers.size}`,
+    '',
+    reviewingExaminers.size > 0
+      ? `External Reviewers: ${Array.from(reviewingExaminers).join(', ')}`
+      : 'No external reviewers detected'
+  ].join('\n');
+};
+
+export const buildAuditReportContent = (auditTrail: AuditTrail, generatedAt: string): string => {
+  const summary = auditTrail.summary;
+  const successRate = ((summary.successfulEvents / summary.totalEvents) * 100).toFixed(1);
+
+  return `
+STRIAE AUDIT TRAIL REPORT
+============================
+
+Case Number: ${auditTrail.caseNumber}
+Workflow ID: ${auditTrail.workflowId}
+Report Generated: ${new Date(generatedAt).toLocaleString()}
+
+SUMMARY STATISTICS
+------------------
+Total Events: ${summary.totalEvents}
+Successful Events: ${summary.successfulEvents} (${successRate}%)
+Failed Events: ${summary.failedEvents}
+Warning Events: ${summary.warningEvents}
+Security Incidents: ${summary.securityIncidents}
+
+COMPLIANCE STATUS
+-----------------
+Status: ${summary.complianceStatus.toUpperCase()}
+${summary.complianceStatus === 'compliant'
+    ? '✅ All audit events completed successfully'
+    : '⚠️ Some audit events failed - requires investigation'}
+
+TIMELINE
+--------
+Start Time: ${new Date(summary.startTimestamp).toLocaleString()}
+End Time: ${new Date(summary.endTimestamp).toLocaleString()}
+Duration: ${calculateDuration(summary.startTimestamp, summary.endTimestamp)}
+
+PARTICIPANTS
+------------
+Users Involved: ${summary.participatingUsers.length}
+${summary.participatingUsers.map(uid => `- User ID: ${uid}`).join('\n')}
+
+WORKFLOW PHASES
+---------------
+${summary.workflowPhases.map(phase => `- ${phase}`).join('\n')}
+
+SECURITY ANALYSIS
+-----------------
+${generateSecurityAnalysis(auditTrail.entries)}
+
+CONFIRMATION WORKFLOW DETAILS
+------------------------------
+${generateConfirmationSummary(auditTrail.entries)}
+
+---
+This report contains ${summary.totalEvents} audit entries providing complete forensic accountability.
+Generated by Striae
+    `.trim();
+};

package/app/services/audit/audit-export-signing.ts

@@ -0,0 +1,85 @@
+import type { User } from 'firebase/auth';
+import { signAuditExportData } from '~/utils/data-operations';
+import {
+  AUDIT_EXPORT_SIGNATURE_VERSION,
+  type AuditExportFormat,
+  type AuditExportSigningPayload,
+  type AuditExportType
+} from '~/utils/audit-export-signature';
+
+export interface AuditExportContext {
+  user: User;
+  scopeType: 'case' | 'user';
+  scopeIdentifier: string;
+  caseNumber?: string;
+}
+
+interface SignAuditExportInput {
+  exportFormat: AuditExportFormat;
+  exportType: AuditExportType;
+  generatedAt: string;
+  totalEntries: number;
+  hash: string;
+}
+
+export interface AuditExportSignature {
+  algorithm: string;
+  keyId: string;
+  signedAt: string;
+  value: string;
+}
+
+export interface SignedAuditExportPayload {
+  signatureMetadata: AuditExportSigningPayload;
+  signature: AuditExportSignature;
+}
+
+const buildAuditSignaturePayload = (
+  exportFormat: AuditExportFormat,
+  exportType: AuditExportType,
+  generatedAt: string,
+  totalEntries: number,
+  hash: string,
+  context: AuditExportContext
+): AuditExportSigningPayload => {
+  return {
+    signatureVersion: AUDIT_EXPORT_SIGNATURE_VERSION,
+    exportFormat,
+    exportType,
+    scopeType: context.scopeType,
+    scopeIdentifier: context.scopeIdentifier,
+    generatedAt,
+    totalEntries,
+    hash: hash.toUpperCase()
+  };
+};
+
+export const signAuditExport = async (
+  payload: SignAuditExportInput,
+  context: AuditExportContext
+): Promise<SignedAuditExportPayload> => {
+  const signatureMetadata = buildAuditSignaturePayload(
+    payload.exportFormat,
+    payload.exportType,
+    payload.generatedAt,
+    payload.totalEntries,
+    payload.hash,
+    context
+  );
+
+  const caseNumber =
+    context.scopeType === 'case'
+      ? (context.caseNumber || context.scopeIdentifier)
+      : undefined;
+
+  const signatureResponse = await signAuditExportData(
+    context.user,
+    signatureMetadata,
+    { caseNumber }
+  );
+
+  return {
+    signatureMetadata,
+    signature: signatureResponse.signature
+  };
+};