@striae-org/striae 4.1.0 → 4.2.0

package/app/services/audit/audit.service.ts

@@ -9,6 +9,7 @@ import type {
   AuditResult,
   PerformanceMetrics
 } from '~/types';
+import { getCaseData, getUserData } from '~/utils/data';
 import { generateWorkflowId } from '~/utils/common';
 import {
   fetchAuditEntriesForUser,
@@ -26,6 +27,7 @@ import {
   buildAnnotationCreateAuditParams,
   buildAnnotationDeleteAuditParams,
   buildAnnotationEditAuditParams,
+  buildCaseArchiveAuditParams,
   buildCaseCreationAuditParams,
   buildCaseDeletionAuditParams,
   buildCaseExportAuditParams,
@@ -137,6 +139,67 @@ export class AuditService {
     }
   }
 
+  private normalizeBadgeId(badgeId?: string): string | undefined {
+    const normalized = badgeId?.trim();
+    return normalized ? normalized : undefined;
+  }
+
+  private applyBadgeIdToParams(
+    params: CreateAuditEntryParams,
+    badgeId?: string
+  ): CreateAuditEntryParams {
+    const normalizedBadgeId = this.normalizeBadgeId(badgeId);
+    if (!normalizedBadgeId) {
+      return params;
+    }
+
+    return {
+      ...params,
+      userProfileDetails: {
+        ...(params.userProfileDetails || {}),
+        badgeId: normalizedBadgeId
+      }
+    };
+  }
+
+  private async resolveBadgeIdForUser(user: User): Promise<string | undefined> {
+    const cachedBadgeId = this.userBadgeIdByUserId.get(user.uid);
+    if (cachedBadgeId) {
+      return cachedBadgeId;
+    }
+
+    try {
+      const userData = await getUserData(user);
+      const resolvedBadgeId = this.normalizeBadgeId(userData?.badgeId);
+
+      if (resolvedBadgeId) {
+        this.userBadgeIdByUserId.set(user.uid, resolvedBadgeId);
+      }
+
+      return resolvedBadgeId;
+    } catch (error) {
+      console.error('🚨 Audit: Failed to resolve badge ID for user:', error);
+      return undefined;
+    }
+  }
+
+  private async logEventForUser(user: User, params: CreateAuditEntryParams): Promise<void> {
+    const resolvedBadgeId = await this.resolveBadgeIdForUser(user);
+    await this.logEvent(this.applyBadgeIdToParams(params, resolvedBadgeId));
+  }
+
+  private async logEventForOptionalUser(
+    user: User | null,
+    params: CreateAuditEntryParams
+  ): Promise<void> {
+    if (!user) {
+      await this.logEvent(params);
+      return;
+    }
+
+    await this.logEventForUser(user, params);
+  }
+
   /**
    * Log case export event
    */
@@ -155,7 +218,7 @@ export class AuditService {
       keyId?: string;
     }
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildCaseExportAuditParams({
         user,
         caseNumber,
@@ -188,7 +251,7 @@ export class AuditService {
       keyId?: string;
     }
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildCaseImportAuditParams({
         user,
         caseNumber,
@@ -219,7 +282,7 @@ export class AuditService {
     originalImageFileName?: string,
     badgeId?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildConfirmationCreationAuditParams({
         user,
         caseNumber,
@@ -253,7 +316,7 @@ export class AuditService {
       keyId?: string;
     }
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildConfirmationExportAuditParams({
         user,
         caseNumber,
@@ -286,9 +349,10 @@ export class AuditService {
       present: boolean;
       valid: boolean;
       keyId?: string;
-    }
+    },
+    reviewerBadgeId?: string // Badge/ID number of the reviewing examiner who exported the file
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildConfirmationImportAuditParams({
         user,
         caseNumber,
@@ -298,6 +362,7 @@ export class AuditService {
         confirmationsImported,
         errors,
         reviewingExaminerUid,
+        reviewerBadgeId,
         performanceMetrics,
         exporterUidValidated,
         totalConfirmationsInFile,
@@ -318,7 +383,7 @@ export class AuditService {
     caseNumber: string,
     caseName: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildCaseCreationAuditParams({
         user,
         caseNumber,
@@ -336,7 +401,7 @@ export class AuditService {
     oldName: string,
     newName: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildCaseRenameAuditParams({
         user,
         caseNumber,
@@ -356,7 +421,7 @@ export class AuditService {
     deleteReason: string,
     backupCreated: boolean = false
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildCaseDeletionAuditParams({
         user,
         caseNumber,
@@ -367,6 +432,35 @@ export class AuditService {
     );
   }
 
+  /**
+   * Log case archive event
+   */
+  public async logCaseArchive(
+    user: User,
+    caseNumber: string,
+    caseName: string,
+    archiveReason: string,
+    result: AuditResult = 'success',
+    errors: string[] = [],
+    totalFiles?: number,
+    archivedAt?: string,
+    processingTimeMs?: number
+  ): Promise<void> {
+    await this.logEventForUser(user,
+      buildCaseArchiveAuditParams({
+        user,
+        caseNumber,
+        caseName,
+        archiveReason,
+        result,
+        errors,
+        totalFiles,
+        archivedAt,
+        processingTimeMs
+      })
+    );
+  }
+
   /**
    * Log file upload event
    */
@@ -381,7 +475,7 @@ export class AuditService {
     processingTime?: number,
     fileId?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildFileUploadAuditParams({
         user,
         fileName,
@@ -408,7 +502,7 @@ export class AuditService {
     fileId?: string,
     originalFileName?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildFileDeletionAuditParams({
         user,
         fileName,
@@ -435,7 +529,7 @@ export class AuditService {
     accessReason?: string,
     originalFileName?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildFileAccessAuditParams({
         user,
         fileName,
@@ -463,7 +557,7 @@ export class AuditService {
     imageFileId?: string,
     originalImageFileName?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildAnnotationCreateAuditParams({
         user,
         annotationId,
@@ -490,7 +584,7 @@ export class AuditService {
     imageFileId?: string,
     originalImageFileName?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildAnnotationEditAuditParams({
         user,
         annotationId,
@@ -516,7 +610,7 @@ export class AuditService {
     imageFileId?: string,
     originalImageFileName?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildAnnotationDeleteAuditParams({
         user,
         annotationId,
@@ -538,7 +632,7 @@ export class AuditService {
     loginMethod: 'firebase' | 'sso' | 'api-key' | 'manual',
     userAgent?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildUserLoginAuditParams({
         user,
         sessionId,
@@ -557,7 +651,7 @@ export class AuditService {
     sessionDuration: number,
     logoutReason: 'user-initiated' | 'timeout' | 'security' | 'error'
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildUserLogoutAuditParams({
         user,
         sessionId,
@@ -580,7 +674,7 @@ export class AuditService {
     errors: string[] = [],
     badgeId?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildUserProfileUpdateAuditParams({
         user,
         profileField,
@@ -701,7 +795,7 @@ export class AuditService {
     userAgent?: string,
     sessionId?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildUserRegistrationAuditParams({
         user,
         firstName,
@@ -727,7 +821,7 @@ export class AuditService {
     userAgent?: string,
     errors: string[] = []
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildMfaEnrollmentAuditParams({
         user,
         phoneNumber,
@@ -753,7 +847,7 @@ export class AuditService {
     userAgent?: string,
     errors: string[] = []
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildMfaAuthenticationAuditParams({
         user,
         mfaMethod,
@@ -778,7 +872,7 @@ export class AuditService {
     userAgent?: string,
     errors: string[] = []
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildEmailVerificationAuditParams({
         user,
         result,
@@ -828,7 +922,7 @@ export class AuditService {
     sessionId?: string,
     userAgent?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildMarkEmailVerificationSuccessfulAuditParams({
         user,
         reason,
@@ -852,7 +946,7 @@ export class AuditService {
     sourceFileId?: string,
     sourceFileName?: string
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForUser(user,
       buildPDFGenerationAuditParams({
         user,
         fileName,
@@ -878,7 +972,7 @@ export class AuditService {
     targetResource?: string,
     blockedBySystem: boolean = true
   ): Promise<void> {
-    await this.logEvent(
+    await this.logEventForOptionalUser(user,
       buildSecurityViolationAuditParams({
         user,
         incidentType,
@@ -898,6 +992,7 @@ export class AuditService {
    * Get audit entries for display (public method for components)
    */
   public async getAuditEntriesForUser(userId: string, params?: {
+    requestingUser?: User;
     startDate?: string;
     endDate?: string;
     caseNumber?: string;
@@ -911,7 +1006,7 @@ export class AuditService {
       userId,
       ...params
     };
-    return await this.getAuditEntries(queryParams);
+    return await this.getAuditEntries(queryParams, params?.requestingUser);
   }
 
   /**
@@ -943,8 +1038,59 @@ export class AuditService {
   /**
    * Get audit entries based on query parameters
    */
-  private async getAuditEntries(params: AuditQueryParams): Promise<ValidationAuditEntry[]> {
+  private applyDateRangeFilter(
+    entries: ValidationAuditEntry[],
+    startDate?: string,
+    endDate?: string
+  ): ValidationAuditEntry[] {
+    const startMs = startDate ? new Date(startDate).getTime() : Number.NEGATIVE_INFINITY;
+    const endMs = endDate ? new Date(endDate).getTime() : Number.POSITIVE_INFINITY;
+
+    return entries.filter((entry) => {
+      const timestampMs = new Date(entry.timestamp).getTime();
+      return timestampMs >= startMs && timestampMs <= endMs;
+    });
+  }
+
+  private async getBundledArchivedCaseAuditEntries(
+    params: AuditQueryParams,
+    requestingUser?: User
+  ): Promise<ValidationAuditEntry[] | null> {
+    if (!requestingUser || !params.caseNumber) {
+      return null;
+    }
+
+    const caseData = await getCaseData(requestingUser, params.caseNumber);
+    if (!caseData?.isReadOnly || caseData.archived !== true) {
+      return null;
+    }
+
+    const bundledEntries = caseData.bundledAuditTrail?.entries;
+    if (!Array.isArray(bundledEntries)) {
+      return [];
+    }
+
+    const sortedEntries = sortAuditEntriesNewestFirst(bundledEntries);
+    const dateFilteredEntries = this.applyDateRangeFilter(
+      sortedEntries,
+      params.startDate,
+      params.endDate
+    );
+    const filteredEntries = applyAuditEntryFilters(dateFilteredEntries, {
+      ...params,
+      userId: undefined
+    });
+
+    return applyAuditPagination(filteredEntries, params);
+  }
+
+  private async getAuditEntries(params: AuditQueryParams, requestingUser?: User): Promise<ValidationAuditEntry[]> {
     try {
+      const bundledArchivedEntries = await this.getBundledArchivedCaseAuditEntries(params, requestingUser);
+      if (bundledArchivedEntries) {
+        return bundledArchivedEntries;
+      }
+
       // If userId is provided, fetch from server
       if (params.userId) {
         const serverEntries = await fetchAuditEntriesForUser({

package/app/services/audit/builders/audit-event-builders-case-file.ts

@@ -88,6 +88,49 @@ export const buildCaseDeletionAuditParams = (
   };
 };
 
+interface BuildCaseArchiveAuditParamsInput {
+  user: User;
+  caseNumber: string;
+  caseName: string;
+  archiveReason: string;
+  result?: AuditResult;
+  errors?: string[];
+  totalFiles?: number;
+  archivedAt?: string;
+  processingTimeMs?: number;
+}
+
+export const buildCaseArchiveAuditParams = (
+  input: BuildCaseArchiveAuditParamsInput
+): CreateAuditEntryParams => {
+  const result = input.result || 'success';
+  const archivedAt = input.archivedAt || new Date().toISOString();
+
+  return {
+    userId: input.user.uid,
+    userEmail: input.user.email || '',
+    action: 'case-archive',
+    result,
+    fileName: `${input.caseNumber}.case`,
+    fileType: 'case-package',
+    validationErrors: input.errors || [],
+    caseNumber: input.caseNumber,
+    workflowPhase: 'casework',
+    caseDetails: {
+      newCaseName: input.caseName,
+      deleteReason: input.archiveReason,
+      totalFiles: input.totalFiles,
+      lastModified: archivedAt,
+    },
+    performanceMetrics: input.processingTimeMs
+      ? {
+          processingTimeMs: input.processingTimeMs,
+          fileSizeBytes: 0,
+        }
+      : undefined,
+  };
+};
+
 interface BuildFileUploadAuditParamsInput {
   user: User;
   fileName: string;

package/app/services/audit/builders/audit-event-builders-workflow.ts

@@ -220,6 +220,7 @@ interface BuildConfirmationImportAuditParamsInput {
   confirmationsImported: number;
   errors?: string[];
   reviewingExaminerUid?: string;
+  reviewerBadgeId?: string;
   performanceMetrics?: PerformanceMetrics;
   exporterUidValidated?: boolean;
   totalConfirmationsInFile?: number;
@@ -269,6 +270,7 @@ export const buildConfirmationImportAuditParams = (
         },
     originalExaminerUid: input.user.uid,
     reviewingExaminerUid: input.reviewingExaminerUid,
+    reviewerBadgeId: input.reviewerBadgeId,
     caseDetails: input.totalConfirmationsInFile !== undefined
       ? {
           totalAnnotations: input.totalConfirmationsInFile

package/app/services/audit/builders/index.ts

@@ -9,6 +9,7 @@ export {
 } from './audit-event-builders-workflow';
 
 export {
+  buildCaseArchiveAuditParams,
   buildCaseCreationAuditParams,
   buildCaseDeletionAuditParams,
   buildCaseRenameAuditParams,

package/app/types/audit.ts

@@ -3,7 +3,7 @@
 
 export type AuditAction = 
   // Case Management Actions
-  | 'case-create' | 'case-rename' | 'case-delete'
+  | 'case-create' | 'case-rename' | 'case-delete' | 'case-archive'
   // Confirmation Workflow Actions  
   | 'case-export' | 'case-import' | 'confirmation-create' | 'confirmation-export' | 'confirmation-import'
   // File Operations
@@ -59,6 +59,7 @@ export interface AuditDetails {
   // Context & Workflow
   originalExaminerUid?: string;
   reviewingExaminerUid?: string;
+  reviewerBadgeId?: string;
   workflowPhase?: WorkflowPhase;
   
   // Performance & Metrics
@@ -160,6 +161,7 @@ export interface CreateAuditEntryParams {
   performanceMetrics?: PerformanceMetrics;
   originalExaminerUid?: string;
   reviewingExaminerUid?: string;
+  reviewerBadgeId?: string;
   // Extended detail fields
   caseDetails?: CaseAuditDetails;
   fileDetails?: FileAuditDetails;

package/app/types/case.ts

@@ -1,14 +1,30 @@
 import { type FileData } from './file';
 import { type AnnotationData, type ConfirmationData } from './annotations';
+import { type ValidationAuditEntry } from './audit';
 
 // Case-related types and interfaces
 
 export type CaseActionType = 'loaded' | 'created' | 'deleted' | null;
 
+export interface BundledAuditTrailData {
+  source: 'archive-bundle';
+  importedAt: string;
+  exportTimestamp?: string;
+  totalEntries?: number;
+  entries: ValidationAuditEntry[];
+}
+
 export interface CaseData {
   createdAt: string;
   caseNumber: string;
   files: FileData[];
+  isReadOnly?: boolean;
+  archived?: boolean;
+  archivedAt?: string;
+  archivedBy?: string;
+  archivedByDisplay?: string;
+  archiveReason?: string;
+  bundledAuditTrail?: BundledAuditTrailData;
 }
 
 export interface ReadOnlyCaseData extends CaseData {
@@ -23,11 +39,17 @@ export interface CaseExportData {
   metadata: {
     caseNumber: string;
     caseCreatedDate: string;
+    archived?: boolean;
+    archivedAt?: string;
+    archivedBy?: string;
+    archivedByDisplay?: string;
+    archiveReason?: string;
     exportDate: string;
     exportedBy: string | null;
     exportedByUid: string;
     exportedByName: string;
     exportedByCompany: string;
+    exportedByBadgeId?: string;
     striaeExportSchemaVersion: string;
     totalFiles: number;
   };
@@ -56,6 +78,7 @@ export interface AllCasesExportData {
     exportedByUid: string;
     exportedByName: string;
     exportedByCompany: string;
+    exportedByBadgeId?: string;
     striaeExportSchemaVersion: string;
     totalCases: number;
     totalFiles: number;
@@ -84,7 +107,13 @@ export interface CaseDataWithConfirmations {
   caseNumber: string;
   files: FileData[];
   isReadOnly?: boolean;
+  archived?: boolean;
+  archivedAt?: string;
+  archivedBy?: string;
+  archivedByDisplay?: string;
+  archiveReason?: string;
   importedAt?: string;
   originalImageIds?: { [originalId: string]: string };
   confirmations?: CaseConfirmations;
+  bundledAuditTrail?: BundledAuditTrailData;
 }

package/app/types/import.ts

@@ -51,6 +51,7 @@ export interface ConfirmationImportData {
     exportedByUid: string;
     exportedByName: string;
     exportedByCompany: string;
+    exportedByBadgeId?: string;
     totalConfirmations: number;
     version: string;
     hash: string;
@@ -79,9 +80,11 @@ export interface ConfirmationImportData {
 
 export interface CaseImportPreview {
   caseNumber: string;
+  archived?: boolean;
   exportedBy: string | null;
   exportedByName: string | null;
   exportedByCompany: string | null;
+  exportedByBadgeId?: string | null;
   exportDate: string;
   totalFiles: number;
   caseCreatedDate?: string;

package/app/utils/data/permissions.ts

@@ -1,7 +1,7 @@
 import type { User } from 'firebase/auth';
 import type { UserData, ExtendedUserData, UserLimits, ReadOnlyCaseMetadata } from '~/types';
 import paths from '~/config/config.json';
-import { fetchUserApi } from '../api';
+import { fetchDataApi, fetchUserApi } from '../api';
 
 const MAX_CASES_REVIEW = paths.max_cases_review;
 const MAX_FILES_PER_CASE_REVIEW = paths.max_files_per_case_review;
@@ -403,6 +403,21 @@ export const canModifyCase = async (user: User, caseNumber: string): Promise<Per
       return { allowed: false, reason: 'User data not found' };
     }
 
+    const archiveCheckResponse = await fetchDataApi(
+      user,
+      `/${encodeURIComponent(user.uid)}/${encodeURIComponent(caseNumber)}/data.json`,
+      {
+        method: 'GET'
+      }
+    );
+
+    if (archiveCheckResponse.ok) {
+      const caseData = await archiveCheckResponse.json() as { archived?: boolean };
+      if (caseData.archived) {
+        return { allowed: false, reason: 'Archived cases are immutable and read-only' };
+      }
+    }
+
     // Check if user owns the case (regular cases)
     if (userData.cases && userData.cases.some(c => c.caseNumber === caseNumber)) {
       // For owned cases, user must be permitted

package/app/utils/forensics/audit-export-signature.ts

@@ -83,7 +83,8 @@ export function createAuditExportSigningPayload(payload: AuditExportSigningPaylo
 
 export async function verifyAuditExportSignature(
   payload: Partial<AuditExportSigningPayload>,
-  signature?: ForensicManifestSignature
+  signature?: ForensicManifestSignature,
+  verificationPublicKeyPem?: string
 ): Promise<ManifestSignatureVerificationResult> {
   if (!signature) {
     return {
@@ -112,6 +113,9 @@ export async function verifyAuditExportSignature(
       noVerificationKeyPrefix: 'No verification key configured for key ID',
       invalidPublicKeyError: 'Audit export signature verification failed: invalid public key',
       verificationFailedError: 'Audit export signature verification failed'
+    },
+    {
+      verificationPublicKeyPem
     }
   );
 }

package/app/utils/forensics/confirmation-signature.ts

@@ -134,6 +134,9 @@ export function createConfirmationSigningPayload(
       exportedByUid: confirmationData.metadata.exportedByUid,
       exportedByName: confirmationData.metadata.exportedByName,
       exportedByCompany: confirmationData.metadata.exportedByCompany,
+      ...(confirmationData.metadata.exportedByBadgeId
+        ? { exportedByBadgeId: confirmationData.metadata.exportedByBadgeId }
+        : {}),
       totalConfirmations: confirmationData.metadata.totalConfirmations,
       version: confirmationData.metadata.version,
       hash: confirmationData.metadata.hash.toUpperCase(),