npm - @striae-org/striae - Versions diffs - 3.2.1 → 3.3.0 - Mend

@striae-org/striae 3.2.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (104) hide show

package/app/components/actions/case-export/core-export.ts +2 -2
package/app/components/actions/case-export/data-processing.ts +19 -4
package/app/components/actions/case-export/download-handlers.ts +57 -8
package/app/components/actions/case-export/metadata-helpers.ts +1 -1
package/app/components/actions/case-import/annotation-import.ts +2 -2
package/app/components/actions/case-import/confirmation-import.ts +44 -20
package/app/components/actions/case-import/confirmation-package.ts +86 -0
package/app/components/actions/case-import/image-operations.ts +1 -1
package/app/components/actions/case-import/index.ts +1 -0
package/app/components/actions/case-import/orchestrator.ts +16 -6
package/app/components/actions/case-import/storage-operations.ts +7 -7
package/app/components/actions/case-import/validation.ts +7 -100
package/app/components/actions/case-import/zip-processing.ts +47 -5
package/app/components/actions/case-manage.ts +3 -3
package/app/components/actions/confirm-export.ts +47 -16
package/app/components/actions/generate-pdf.ts +3 -3
package/app/components/actions/image-manage.ts +3 -3
package/app/components/actions/notes-manage.ts +3 -3
package/app/components/actions/signout.tsx +1 -1
package/app/components/audit/user-audit-viewer.tsx +2 -3
package/app/components/auth/auth-provider.tsx +2 -2
package/app/components/auth/mfa-enrollment.tsx +3 -3
package/app/components/auth/mfa-verification.tsx +4 -4
package/app/components/canvas/box-annotations/box-annotations.tsx +2 -2
package/app/components/canvas/canvas.tsx +1 -1
package/app/components/canvas/confirmation/confirmation.tsx +1 -1
package/app/components/form/form-button.tsx +1 -1
package/app/components/form/form.module.css +9 -0
package/app/components/public-signing-key-modal/public-signing-key-modal.module.css +163 -49
package/app/components/public-signing-key-modal/public-signing-key-modal.tsx +365 -88
package/app/components/sidebar/case-export/case-export.tsx +2 -54
package/app/components/sidebar/case-import/case-import.tsx +20 -8
package/app/components/sidebar/case-import/components/CasePreviewSection.tsx +1 -1
package/app/components/sidebar/case-import/components/ConfirmationDialog.tsx +1 -1
package/app/components/sidebar/case-import/hooks/useFilePreview.ts +9 -7
package/app/components/sidebar/case-import/hooks/useImportExecution.ts +2 -2
package/app/components/sidebar/case-import/utils/file-validation.ts +57 -2
package/app/components/sidebar/cases/case-sidebar.tsx +106 -50
package/app/components/sidebar/cases/cases-modal.tsx +1 -1
package/app/components/sidebar/cases/cases.module.css +101 -18
package/app/components/sidebar/files/files-modal.tsx +3 -2
package/app/components/sidebar/notes/notes-sidebar.tsx +3 -3
package/app/components/sidebar/notes/notes.module.css +33 -13
package/app/components/sidebar/sidebar-container.tsx +4 -3
package/app/components/sidebar/sidebar.tsx +2 -2
package/app/components/sidebar/upload/image-upload-zone.tsx +2 -2
package/app/components/theme-provider/theme-provider.tsx +1 -1
package/app/components/user/delete-account.tsx +1 -1
package/app/components/user/manage-profile.tsx +3 -3
package/app/components/user/mfa-phone-update.tsx +17 -14
package/app/contexts/auth.context.ts +1 -1
package/app/root.tsx +2 -2
package/app/routes/auth/emailActionHandler.tsx +2 -2
package/app/routes/auth/emailVerification.tsx +2 -2
package/app/routes/auth/login.tsx +134 -11
package/app/routes/auth/passwordReset.tsx +2 -2
package/app/routes/striae/striae.tsx +2 -2
package/app/services/audit/audit-console-logger.ts +46 -0
package/app/services/audit/audit-export-csv.ts +126 -0
package/app/services/audit/audit-export-report.ts +174 -0
package/app/services/audit/audit-export-signing.ts +85 -0
package/app/services/audit/audit-export.service.ts +334 -0
package/app/services/audit/audit-file-type.ts +13 -0
package/app/services/audit/audit-query-helpers.ts +88 -0
package/app/services/audit/audit-worker-client.ts +95 -0
package/app/services/audit/audit.service.ts +990 -0
package/app/services/audit/builders/audit-entry-builder.ts +32 -0
package/app/services/audit/builders/audit-event-builders-annotation.ts +150 -0
package/app/services/audit/builders/audit-event-builders-case-file.ts +249 -0
package/app/services/audit/builders/audit-event-builders-user-security.ts +449 -0
package/app/services/audit/builders/audit-event-builders-workflow.ts +272 -0
package/app/services/audit/builders/index.ts +40 -0
package/app/services/audit/index.ts +2 -0
package/app/types/case.ts +2 -2
package/app/types/exceljs-bare.d.ts +3 -1
package/app/types/user.ts +1 -1
package/app/utils/SHA256.ts +5 -1
package/app/utils/audit-export-signature.ts +2 -2
package/app/utils/confirmation-signature.ts +8 -4
package/app/utils/data-operations.ts +5 -5
package/app/utils/export-verification.ts +353 -0
package/app/utils/mfa-phone.ts +1 -1
package/app/utils/mfa.ts +1 -1
package/app/utils/permissions.ts +2 -2
package/app/utils/signature-utils.ts +74 -4
package/package.json +11 -9
package/public/favicon.ico +0 -0
package/public/icon-256.png +0 -0
package/public/icon-512.png +0 -0
package/public/manifest.json +39 -0
package/public/shortcut.png +0 -0
package/public/social-image.png +0 -0
package/react-router.config.ts +5 -0
package/worker-configuration.d.ts +4435 -562
package/workers/data-worker/src/data-worker.example.ts +3 -3
package/workers/pdf-worker/scripts/generate-assets.js +94 -0
package/workers/pdf-worker/src/{generated-assets.ts → assets/generated-assets.ts} +117 -117
package/workers/pdf-worker/src/{format-striae.ts → formats/format-striae.ts} +535 -535
package/workers/pdf-worker/src/pdf-worker.example.ts +1 -1
package/app/services/audit-export.service.ts +0 -755
package/app/services/audit.service.ts +0 -1474
package/public/favicon.svg +0 -9
/package/app/services/{firebase-errors.ts → firebase/errors.ts} +0 -0
/package/app/services/{firebase.ts → firebase/index.ts} +0 -0

package/app/services/audit/audit-export-report.ts ADDED Viewed

@@ -0,0 +1,174 @@
+import { type AuditTrail, type ValidationAuditEntry } from '~/types';
+const calculateDuration = (start: string, end: string): string => {
+  const startTime = new Date(start).getTime();
+  const endTime = new Date(end).getTime();
+  const durationMs = endTime - startTime;
+  const hours = Math.floor(durationMs / (1000 * 60 * 60));
+  const minutes = Math.floor((durationMs % (1000 * 60 * 60)) / (1000 * 60));
+  const seconds = Math.floor((durationMs % (1000 * 60)) / 1000);
+  if (hours > 0) {
+    return `${hours}h ${minutes}m ${seconds}s`;
+  }
+  if (minutes > 0) {
+    return `${minutes}m ${seconds}s`;
+  }
+  return `${seconds}s`;
+};
+const generateSecurityAnalysis = (entries: ValidationAuditEntry[]): string => {
+  const securityEntries = entries.filter(entry => entry.details.securityChecks);
+  if (securityEntries.length === 0) {
+    return 'No security-sensitive operations detected.';
+  }
+  let selfConfirmationAttempts = 0;
+  let fileIntegrityFailures = 0;
+  let exporterValidationFailures = 0;
+  let legitimateImports = 0;
+  securityEntries.forEach(entry => {
+    const checks = entry.details.securityChecks!;
+    if (checks.selfConfirmationPrevented === true) {
+      selfConfirmationAttempts++;
+    }
+    if (checks.fileIntegrityValid === false) {
+      fileIntegrityFailures++;
+    }
+    if (checks.exporterUidValidated === false) {
+      exporterValidationFailures++;
+    }
+    if (
+      entry.action === 'import' &&
+      entry.details.workflowPhase === 'confirmation' &&
+      entry.result === 'success' &&
+      checks.selfConfirmationPrevented === false
+    ) {
+      legitimateImports++;
+    }
+  });
+  return [
+    `Total Security-Sensitive Operations: ${securityEntries.length}`,
+    `Legitimate Confirmation Imports: ${legitimateImports}`,
+    `Self-Confirmation Attempts Blocked: ${selfConfirmationAttempts}`,
+    `File Integrity Failures: ${fileIntegrityFailures}`,
+    `Exporter Validation Failures: ${exporterValidationFailures}`,
+    '',
+    selfConfirmationAttempts === 0 && fileIntegrityFailures === 0 && exporterValidationFailures === 0
+      ? '✅ No security violations detected'
+      : '⚠️ Security violations detected - review required'
+  ].join('\n');
+};
+const generateConfirmationSummary = (entries: ValidationAuditEntry[]): string => {
+  const confirmationEntries = entries.filter(entry =>
+    entry.details.workflowPhase === 'confirmation' ||
+    (entry.action === 'import' && entry.details.fileType === 'confirmation-data')
+  );
+  if (confirmationEntries.length === 0) {
+    return 'No confirmation workflow operations detected.';
+  }
+  const imports = confirmationEntries.filter(entry => entry.action === 'import');
+  const exports = confirmationEntries.filter(entry => entry.action === 'export');
+  const creations = confirmationEntries.filter(entry => entry.action === 'confirm');
+  let totalConfirmationsImported = 0;
+  let totalConfirmationsInFiles = 0;
+  const reviewingExaminers = new Set<string>();
+  imports.forEach(entry => {
+    const metrics = entry.details.performanceMetrics;
+    const caseDetails = entry.details.caseDetails;
+    if (metrics?.validationStepsCompleted) {
+      totalConfirmationsImported += metrics.validationStepsCompleted;
+    }
+    if (caseDetails?.totalAnnotations) {
+      totalConfirmationsInFiles += caseDetails.totalAnnotations;
+    }
+    if (entry.details.reviewingExaminerUid) {
+      reviewingExaminers.add(entry.details.reviewingExaminerUid);
+    }
+  });
+  return [
+    `Confirmation Operations: ${confirmationEntries.length}`,
+    `- Imports: ${imports.length}`,
+    `- Exports: ${exports.length}`,
+    `- Creations: ${creations.length}`,
+    '',
+    `Total Confirmations Imported: ${totalConfirmationsImported}`,
+    `Total Confirmations in Import Files: ${totalConfirmationsInFiles}`,
+    `Reviewing Examiners Involved: ${reviewingExaminers.size}`,
+    '',
+    reviewingExaminers.size > 0
+      ? `External Reviewers: ${Array.from(reviewingExaminers).join(', ')}`
+      : 'No external reviewers detected'
+  ].join('\n');
+};
+export const buildAuditReportContent = (auditTrail: AuditTrail, generatedAt: string): string => {
+  const summary = auditTrail.summary;
+  const successRate = ((summary.successfulEvents / summary.totalEvents) * 100).toFixed(1);
+  return `
+STRIAE AUDIT TRAIL REPORT
+============================
+Case Number: ${auditTrail.caseNumber}
+Workflow ID: ${auditTrail.workflowId}
+Report Generated: ${new Date(generatedAt).toLocaleString()}
+SUMMARY STATISTICS
+------------------
+Total Events: ${summary.totalEvents}
+Successful Events: ${summary.successfulEvents} (${successRate}%)
+Failed Events: ${summary.failedEvents}
+Warning Events: ${summary.warningEvents}
+Security Incidents: ${summary.securityIncidents}
+COMPLIANCE STATUS
+-----------------
+Status: ${summary.complianceStatus.toUpperCase()}
+${summary.complianceStatus === 'compliant'
+    ? '✅ All audit events completed successfully'
+    : '⚠️ Some audit events failed - requires investigation'}
+TIMELINE
+--------
+Start Time: ${new Date(summary.startTimestamp).toLocaleString()}
+End Time: ${new Date(summary.endTimestamp).toLocaleString()}
+Duration: ${calculateDuration(summary.startTimestamp, summary.endTimestamp)}
+PARTICIPANTS
+------------
+Users Involved: ${summary.participatingUsers.length}
+${summary.participatingUsers.map(uid => `- User ID: ${uid}`).join('\n')}
+WORKFLOW PHASES
+---------------
+${summary.workflowPhases.map(phase => `- ${phase}`).join('\n')}
+SECURITY ANALYSIS
+-----------------
+${generateSecurityAnalysis(auditTrail.entries)}
+CONFIRMATION WORKFLOW DETAILS
+------------------------------
+${generateConfirmationSummary(auditTrail.entries)}
+---
+This report contains ${summary.totalEvents} audit entries providing complete forensic accountability.
+Generated by Striae
+    `.trim();
+};

package/app/services/audit/audit-export-signing.ts ADDED Viewed

@@ -0,0 +1,85 @@
+import type { User } from 'firebase/auth';
+import { signAuditExportData } from '~/utils/data-operations';
+import {
+  AUDIT_EXPORT_SIGNATURE_VERSION,
+  type AuditExportFormat,
+  type AuditExportSigningPayload,
+  type AuditExportType
+} from '~/utils/audit-export-signature';
+export interface AuditExportContext {
+  user: User;
+  scopeType: 'case' | 'user';
+  scopeIdentifier: string;
+  caseNumber?: string;
+}
+interface SignAuditExportInput {
+  exportFormat: AuditExportFormat;
+  exportType: AuditExportType;
+  generatedAt: string;
+  totalEntries: number;
+  hash: string;
+}
+export interface AuditExportSignature {
+  algorithm: string;
+  keyId: string;
+  signedAt: string;
+  value: string;
+}
+export interface SignedAuditExportPayload {
+  signatureMetadata: AuditExportSigningPayload;
+  signature: AuditExportSignature;
+}
+const buildAuditSignaturePayload = (
+  exportFormat: AuditExportFormat,
+  exportType: AuditExportType,
+  generatedAt: string,
+  totalEntries: number,
+  hash: string,
+  context: AuditExportContext
+): AuditExportSigningPayload => {
+  return {
+    signatureVersion: AUDIT_EXPORT_SIGNATURE_VERSION,
+    exportFormat,
+    exportType,
+    scopeType: context.scopeType,
+    scopeIdentifier: context.scopeIdentifier,
+    generatedAt,
+    totalEntries,
+    hash: hash.toUpperCase()
+  };
+};
+export const signAuditExport = async (
+  payload: SignAuditExportInput,
+  context: AuditExportContext
+): Promise<SignedAuditExportPayload> => {
+  const signatureMetadata = buildAuditSignaturePayload(
+    payload.exportFormat,
+    payload.exportType,
+    payload.generatedAt,
+    payload.totalEntries,
+    payload.hash,
+    context
+  );
+  const caseNumber =
+    context.scopeType === 'case'
+      ? (context.caseNumber || context.scopeIdentifier)
+      : undefined;
+  const signatureResponse = await signAuditExportData(
+    context.user,
+    signatureMetadata,
+    { caseNumber }
+  );
+  return {
+    signatureMetadata,
+    signature: signatureResponse.signature
+  };
+};

package/app/services/audit/audit-export.service.ts ADDED Viewed

@@ -0,0 +1,334 @@
+import { type ValidationAuditEntry, type AuditTrail } from '~/types';
+import { calculateSHA256Secure } from '~/utils/SHA256';
+import { type AuditExportType } from '~/utils/audit-export-signature';
+import { AUDIT_CSV_ENTRY_HEADERS, entryToCSVRow } from './audit-export-csv';
+import { buildAuditReportContent } from './audit-export-report';
+import { type AuditExportContext, signAuditExport } from './audit-export-signing';
+/**
+ * Audit Export Service
+ * Handles exporting audit trails to various formats for compliance and forensic analysis
+ */
+export class AuditExportService {
+  private static instance: AuditExportService;
+  private constructor() {}
+  public static getInstance(): AuditExportService {
+    if (!AuditExportService.instance) {
+      AuditExportService.instance = new AuditExportService();
+    }
+    return AuditExportService.instance;
+  }
+  /**
+   * Export audit entries to CSV format
+   */
+  public async exportToCSV(
+    entries: ValidationAuditEntry[],
+    filename: string,
+    context: AuditExportContext
+  ): Promise<void> {
+    const csvData = [
+      AUDIT_CSV_ENTRY_HEADERS.join(','),
+      ...entries.map(entry => entryToCSVRow(entry))
+    ].join('\n');
+    const generatedAt = new Date().toISOString();
+    const hash = await calculateSHA256Secure(csvData);
+    const signaturePayload = await signAuditExport(
+      {
+        exportFormat: 'csv',
+        exportType: 'entries',
+        generatedAt,
+        totalEntries: entries.length,
+        hash: hash.toUpperCase()
+      },
+      context
+    );
+    // Add hash metadata header
+    const csvContent = [
+      `# Striae Audit Export - Generated: ${generatedAt}`,
+      `# Total Entries: ${entries.length}`,
+      `# SHA-256 Hash: ${hash.toUpperCase()}`,
+      `# Audit Signature Metadata: ${JSON.stringify(signaturePayload.signatureMetadata)}`,
+      `# Audit Signature: ${JSON.stringify(signaturePayload.signature)}`,
+      `# Verification: Recalculate SHA-256 of data rows only (excluding these comment lines)`,
+      '',
+      csvData
+    ].join('\n');
+    this.downloadFile(csvContent, filename, 'text/csv');
+  }
+  /**
+   * Export audit trail to detailed CSV with summary
+   */
+  public async exportAuditTrailToCSV(
+    auditTrail: AuditTrail,
+    filename: string,
+    context: AuditExportContext
+  ): Promise<void> {
+    const summaryHeaders = [
+      'Case Number',
+      'Workflow ID',
+      'Total Events',
+      'Successful Events',
+      'Failed Events',
+      'Warning Events',
+      'Compliance Status',
+      'Security Incidents',
+      'Start Time',
+      'End Time',
+      'Participating Users'
+    ];
+    const summaryRow = [
+      auditTrail.caseNumber,
+      auditTrail.workflowId,
+      auditTrail.summary.totalEvents,
+      auditTrail.summary.successfulEvents,
+      auditTrail.summary.failedEvents,
+      auditTrail.summary.warningEvents,
+      auditTrail.summary.complianceStatus.toUpperCase(),
+      auditTrail.summary.securityIncidents,
+      auditTrail.summary.startTimestamp,
+      auditTrail.summary.endTimestamp,
+      auditTrail.summary.participatingUsers.join('; ')
+    ].join(',');
+    const csvData = [
+      summaryHeaders.join(','),
+      summaryRow,
+      '',
+      AUDIT_CSV_ENTRY_HEADERS.join(','),
+      ...auditTrail.entries.map(entry => entryToCSVRow(entry))
+    ].join('\n');
+    const generatedAt = new Date().toISOString();
+    const hash = await calculateSHA256Secure(csvData);
+    const signaturePayload = await signAuditExport(
+      {
+        exportFormat: 'csv',
+        exportType: 'trail',
+        generatedAt,
+        totalEntries: auditTrail.summary.totalEvents,
+        hash: hash.toUpperCase()
+      },
+      context
+    );
+    const csvContent = [
+      '# Striae Audit Trail Export - Generated: ' + generatedAt,
+      `# Case: ${auditTrail.caseNumber} | Workflow: ${auditTrail.workflowId}`,
+      `# Total Events: ${auditTrail.summary.totalEvents}`,
+      `# SHA-256 Hash: ${hash.toUpperCase()}`,
+      `# Audit Signature Metadata: ${JSON.stringify(signaturePayload.signatureMetadata)}`,
+      `# Audit Signature: ${JSON.stringify(signaturePayload.signature)}`,
+      '# Verification: Recalculate SHA-256 of data rows only (excluding these comment lines)',
+      '',
+      '# AUDIT TRAIL SUMMARY',
+      csvData
+    ].join('\n');
+    this.downloadFile(csvContent, filename, 'text/csv');
+  }
+  /**
+   * Generate filename with timestamp
+   */
+  public generateFilename(type: 'case' | 'user', identifier: string, format: 'csv' | 'json'): string {
+    const timestamp = new Date().toISOString().slice(0, 19).replace(/[:.]/g, '-');
+    const sanitizedId = identifier.replace(/[^a-zA-Z0-9-_]/g, '_');
+    return `striae-audit-${type}-${sanitizedId}-${timestamp}.${format}`;
+  }
+  /**
+   * Download file helper
+   */
+  private downloadFile(content: string, filename: string, mimeType: string): void {
+    const blob = new Blob([content], { type: mimeType });
+    const url = URL.createObjectURL(blob);
+    const link = document.createElement('a');
+    link.href = url;
+    link.download = filename;
+    link.style.display = 'none';
+    document.body.appendChild(link);
+    link.click();
+    document.body.removeChild(link);
+    // Clean up the URL object
+    setTimeout(() => URL.revokeObjectURL(url), 100);
+  }
+  /**
+   * Export audit entries to JSON format (for technical analysis)
+   */
+  public async exportToJSON(
+    entries: ValidationAuditEntry[],
+    filename: string,
+    context: AuditExportContext
+  ): Promise<void> {
+    const generatedAt = new Date().toISOString();
+    const exportData = {
+      metadata: {
+        exportTimestamp: generatedAt,
+        exportVersion: '1.0',
+        totalEntries: entries.length,
+        application: 'Striae',
+        exportType: 'entries' as AuditExportType,
+        scopeType: context.scopeType,
+        scopeIdentifier: context.scopeIdentifier
+      },
+      auditEntries: entries
+    };
+    const jsonContent = JSON.stringify(exportData, null, 2);
+    // Calculate hash for integrity verification
+    const hash = await calculateSHA256Secure(jsonContent);
+    const signaturePayload = await signAuditExport(
+      {
+        exportFormat: 'json',
+        exportType: exportData.metadata.exportType,
+        generatedAt,
+        totalEntries: entries.length,
+        hash: hash.toUpperCase()
+      },
+      context
+    );
+    // Create final export with hash included
+    const finalExportData = {
+      metadata: {
+        ...exportData.metadata,
+        hash: hash.toUpperCase(),
+        integrityNote: 'Verify hash and signature before trusting this export',
+        signatureVersion: signaturePayload.signatureMetadata.signatureVersion,
+        signature: signaturePayload.signature
+      },
+      auditEntries: entries
+    };
+    const finalJsonContent = JSON.stringify(finalExportData, null, 2);
+    this.downloadFile(finalJsonContent, filename.replace('.csv', '.json'), 'application/json');
+  }
+  /**
+   * Export full audit trail to JSON
+   */
+  public async exportAuditTrailToJSON(
+    auditTrail: AuditTrail,
+    filename: string,
+    context: AuditExportContext
+  ): Promise<void> {
+    const generatedAt = new Date().toISOString();
+    const exportData = {
+      metadata: {
+        exportTimestamp: generatedAt,
+        exportVersion: '1.0',
+        totalEntries: auditTrail.summary.totalEvents,
+        application: 'Striae',
+        exportType: 'trail' as AuditExportType,
+        scopeType: context.scopeType,
+        scopeIdentifier: context.scopeIdentifier
+      },
+      auditTrail
+    };
+    const jsonContent = JSON.stringify(exportData, null, 2);
+    // Calculate hash for integrity verification
+    const hash = await calculateSHA256Secure(jsonContent);
+    const signaturePayload = await signAuditExport(
+      {
+        exportFormat: 'json',
+        exportType: exportData.metadata.exportType,
+        generatedAt,
+        totalEntries: auditTrail.summary.totalEvents,
+        hash: hash.toUpperCase()
+      },
+      context
+    );
+    // Create final export with hash included
+    const finalExportData = {
+      metadata: {
+        ...exportData.metadata,
+        hash: hash.toUpperCase(),
+        integrityNote: 'Verify hash and signature before trusting this export',
+        signatureVersion: signaturePayload.signatureMetadata.signatureVersion,
+        signature: signaturePayload.signature
+      },
+      auditTrail
+    };
+    const finalJsonContent = JSON.stringify(finalExportData, null, 2);
+    this.downloadFile(finalJsonContent, filename.replace('.csv', '.json'), 'application/json');
+  }
+  /**
+   * Generate audit report summary text
+   */
+  public async generateReportSummary(auditTrail: AuditTrail, context: AuditExportContext): Promise<string> {
+    const summary = auditTrail.summary;
+    const generatedAt = new Date().toISOString();
+    const reportContent = buildAuditReportContent(auditTrail, generatedAt);
+    return this.appendSignedReportIntegrity(
+      reportContent,
+      context,
+      summary.totalEvents,
+      generatedAt
+    );
+  }
+  /**
+   * Append signed integrity metadata to a plain-text audit report.
+   */
+  public async appendSignedReportIntegrity(
+    reportContent: string,
+    context: AuditExportContext,
+    totalEntries: number,
+    generatedAt: string = new Date().toISOString()
+  ): Promise<string> {
+    const hash = await calculateSHA256Secure(reportContent);
+    const signaturePayload = await signAuditExport(
+      {
+        exportFormat: 'txt',
+        exportType: 'report',
+        generatedAt,
+        totalEntries,
+        hash: hash.toUpperCase()
+      },
+      context
+    );
+    return reportContent + `
+============================
+INTEGRITY VERIFICATION
+============================
+Report Content SHA-256 Hash: ${hash.toUpperCase()}
+Audit Signature Metadata: ${JSON.stringify(signaturePayload.signatureMetadata)}
+Audit Signature: ${JSON.stringify(signaturePayload.signature)}
+Verification Instructions:
+1. Copy the entire report content above the "INTEGRITY VERIFICATION" section
+2. Calculate SHA256 hash of that content (excluding this verification section)
+3. Validate audit signature metadata and signature with your signature verification workflow (for example OpenSSL or an internal verifier)
+4. Confirm both hash and signature validation pass before relying on this report
+This report requires both hash and signature validation for tamper detection.
+Generated by Striae`;
+  }
+}
+// Export singleton instance
+export const auditExportService = AuditExportService.getInstance();

package/app/services/audit/audit-file-type.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { type AuditFileType } from '~/types';
+export const getAuditFileTypeFromMime = (mimeType: string): AuditFileType => {
+  if (mimeType.startsWith('image/')) return 'image-file';
+  if (mimeType === 'application/pdf') return 'pdf-document';
+  if (mimeType === 'application/json') return 'json-data';
+  if (mimeType === 'text/csv') return 'csv-export';
+  return 'unknown';
+};
+export const isImageMimeType = (mimeType: string): boolean => {
+  return mimeType.startsWith('image/');
+};

package/app/services/audit/audit-query-helpers.ts ADDED Viewed

@@ -0,0 +1,88 @@
+import {
+  type AuditQueryParams,
+  type AuditSummary,
+  type ValidationAuditEntry,
+  type WorkflowPhase
+} from '~/types';
+export const applyAuditEntryFilters = (
+  entries: ValidationAuditEntry[],
+  params: AuditQueryParams
+): ValidationAuditEntry[] => {
+  let filtered = entries;
+  if (params.caseNumber) {
+    filtered = filtered.filter(entry => entry.details.caseNumber === params.caseNumber);
+  }
+  if (params.userId) {
+    filtered = filtered.filter(entry => entry.userId === params.userId);
+  }
+  if (params.action) {
+    filtered = filtered.filter(entry => entry.action === params.action);
+  }
+  if (params.result) {
+    filtered = filtered.filter(entry => entry.result === params.result);
+  }
+  if (params.workflowPhase) {
+    filtered = filtered.filter(entry => entry.details.workflowPhase === params.workflowPhase);
+  }
+  return filtered;
+};
+export const applyAuditPagination = (
+  entries: ValidationAuditEntry[],
+  params: Pick<AuditQueryParams, 'offset' | 'limit'>
+): ValidationAuditEntry[] => {
+  if (params.offset || params.limit) {
+    const offset = params.offset || 0;
+    const limit = params.limit || 100;
+    return entries.slice(offset, offset + limit);
+  }
+  return entries;
+};
+export const sortAuditEntriesNewestFirst = (
+  entries: ValidationAuditEntry[]
+): ValidationAuditEntry[] => {
+  const sorted = [...entries];
+  sorted.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+  return sorted;
+};
+export const generateAuditSummary = (entries: ValidationAuditEntry[]): AuditSummary => {
+  const successCount = entries.filter(entry => entry.result === 'success').length;
+  const failureCount = entries.filter(entry => entry.result === 'failure').length;
+  const warningCount = entries.filter(entry => entry.result === 'warning').length;
+  const phases = [...new Set(entries
+    .map(entry => entry.details.workflowPhase)
+    .filter(Boolean))] as WorkflowPhase[];
+  const users = [...new Set(entries.map(entry => entry.userId))];
+  const timestamps = entries.map(entry => entry.timestamp).sort();
+  const securityIncidents = entries.filter(entry =>
+    entry.result === 'failure' &&
+    (entry.details.securityChecks?.selfConfirmationPrevented === true ||
+      !entry.details.securityChecks?.fileIntegrityValid)
+  ).length;
+  return {
+    totalEvents: entries.length,
+    successfulEvents: successCount,
+    failedEvents: failureCount,
+    warningEvents: warningCount,
+    workflowPhases: phases,
+    participatingUsers: users,
+    startTimestamp: timestamps[0] || new Date().toISOString(),
+    endTimestamp: timestamps[timestamps.length - 1] || new Date().toISOString(),
+    complianceStatus: failureCount === 0 ? 'compliant' : 'non-compliant',
+    securityIncidents
+  };
+};