@striae-org/striae 4.3.3 → 5.0.0

package/app/components/actions/case-manage.ts

@@ -14,7 +14,7 @@ import {
   signForensicManifest,
   removeCaseConfirmationSummary
 } from '~/utils/data';
-import { type CaseData, type ReadOnlyCaseData, type FileData, type AuditTrail, type CaseExportData } from '~/types';
+import { type CaseData, type ReadOnlyCaseData, type FileData, type AuditTrail, type CaseExportData, type ValidationAuditEntry } from '~/types';
 import { auditService } from '~/services/audit';
 import { fetchImageApi } from '~/utils/api';
 import { exportCaseData, formatDateForFilename } from '~/components/actions/case-export';
@@ -22,12 +22,14 @@ import { getImageUrl } from './image-manage';
 import {
   calculateSHA256Secure,
   createPublicSigningKeyFileName,
+  encryptExportDataWithAllImages,
   generateForensicManifestSecure,
+  getCurrentEncryptionPublicKeyDetails,
   getCurrentPublicSigningKeyDetails,
   getVerificationPublicKey,
 } from '~/utils/forensics';
 import { signAuditExport } from '~/services/audit/audit-export-signing';
-import { generateAuditSummary } from '~/services/audit/audit-query-helpers';
+import { generateAuditSummary, sortAuditEntriesNewestFirst } from '~/services/audit/audit-query-helpers';
 
 /**
  * Delete a file without individual audit logging (for bulk operations)
@@ -393,15 +395,23 @@ export const renameCase = async (
     // 5) Delete old case number in user's KV entry
     await removeUserCase(user, oldCaseNumber);
 
-    // Log successful case rename
+    // Log successful case rename under the original case number context
     const endTime = Date.now();
     await auditService.logCaseRename(
       user,
-      newCaseNumber, // Use new case number as the current context
+      oldCaseNumber,
       oldCaseNumber,
       newCaseNumber
     );
 
+    // Log creation of the new case number as a rename-derived case
+    await auditService.logCaseCreation(
+      user,
+      newCaseNumber,
+      newCaseNumber,
+      oldCaseNumber
+    );
+
     console.log(`✅ Case renamed: ${oldCaseNumber} → ${newCaseNumber} (${endTime - startTime}ms)`);
     
   } catch (error) {
@@ -808,11 +818,43 @@ export const archiveCase = async (
       startDate: caseData.createdAt,
       endDate: archivedAt,
     });
+
+    // Ensure the bundled archive trail includes the archival event itself.
+    const archiveAuditEntry: ValidationAuditEntry = {
+      timestamp: archivedAt,
+      userId: user.uid,
+      userEmail: user.email || '',
+      action: 'case-archive',
+      result: 'success',
+      details: {
+        fileName: `${caseNumber}.case`,
+        fileType: 'case-package',
+        validationErrors: [],
+        caseNumber,
+        workflowPhase: 'casework',
+        caseDetails: {
+          newCaseName: caseNumber,
+          archiveReason: archiveReason?.trim() || 'No reason provided',
+          totalFiles: archiveData.files?.length || 0,
+          lastModified: archivedAt,
+        },
+        performanceMetrics: {
+          processingTimeMs: Date.now() - startTime,
+          fileSizeBytes: 0,
+        },
+      },
+    };
+
+    const auditEntriesWithArchive = sortAuditEntriesNewestFirst([
+      ...auditEntries,
+      archiveAuditEntry,
+    ]);
+
     const auditTrail: AuditTrail = {
       caseNumber,
       workflowId: `${caseNumber}-archive-${Date.now()}`,
-      entries: auditEntries,
-      summary: generateAuditSummary(auditEntries),
+      entries: auditEntriesWithArchive,
+      summary: generateAuditSummary(auditEntriesWithArchive),
     };
 
     const auditTrailPayload = {
@@ -857,8 +899,64 @@ export const archiveCase = async (
       auditTrail,
     };
 
-    zip.file('audit/case-audit-trail.json', JSON.stringify(signedAuditTrail, null, 2));
-    zip.file('audit/case-audit-signature.json', JSON.stringify(signedAuditExportPayload, null, 2));
+    const auditTrailJson = JSON.stringify(signedAuditTrail, null, 2);
+    const auditSignatureJson = JSON.stringify(signedAuditExportPayload, null, 2);
+    zip.file('audit/case-audit-trail.json', auditTrailJson);
+    zip.file('audit/case-audit-signature.json', auditSignatureJson);
+
+    const encryptionKeyDetails = getCurrentEncryptionPublicKeyDetails();
+
+    if (!encryptionKeyDetails.publicKeyPem || !encryptionKeyDetails.keyId) {
+      throw new Error(
+        'Archive encryption is mandatory. Your Striae instance does not have a configured encryption public key. ' +
+        'Please contact your administrator to set up export encryption.'
+      );
+    }
+
+    try {
+      const filesToEncrypt: Array<{ filename: string; blob: Blob }> = [
+        ...Object.entries(imageBlobs).map(([filename, blob]) => ({
+          filename,
+          blob
+        })),
+        {
+          filename: 'audit/case-audit-trail.json',
+          blob: new Blob([auditTrailJson], { type: 'application/json' })
+        },
+        {
+          filename: 'audit/case-audit-signature.json',
+          blob: new Blob([auditSignatureJson], { type: 'application/json' })
+        }
+      ];
+
+      const encryptionResult = await encryptExportDataWithAllImages(
+        caseJsonContent,
+        filesToEncrypt,
+        encryptionKeyDetails.publicKeyPem,
+        encryptionKeyDetails.keyId
+      );
+
+      zip.file(`${caseNumber}_data.json`, encryptionResult.ciphertext);
+
+      for (let index = 0; index < filesToEncrypt.length; index += 1) {
+        const originalFilename = filesToEncrypt[index].filename;
+        const encryptedContent = encryptionResult.encryptedImages[index];
+
+        if (originalFilename.startsWith('audit/')) {
+          zip.file(originalFilename, encryptedContent);
+          continue;
+        }
+
+        if (imageFolder) {
+          imageFolder.file(originalFilename, encryptedContent);
+        }
+      }
+
+      zip.file('ENCRYPTION_MANIFEST.json', JSON.stringify(encryptionResult.encryptionManifest, null, 2));
+    } catch (error) {
+      console.error('Archive encryption failed:', error);
+      throw new Error(`Failed to encrypt archive package: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
 
     zip.file(
       'README.txt',
@@ -873,12 +971,14 @@ export const archiveCase = async (
         '',
         'Package Contents',
         '- Case data JSON export with all image references',
-        '- images/ folder with exported image files',
+        '- images/ folder with exported image files (encrypted)',
         '- Full case audit trail export and signed audit metadata',
         '- Forensic manifest with server-side signature',
+        '- ENCRYPTION_MANIFEST.json with encryption metadata and encrypted image hashes',
         `- ${publicKeyFileName} for verification`,
         '',
         'This package is intended for read-only review and verification workflows.',
+        'This package is encrypted. Only Striae can decrypt and re-import it.',
       ].join('\n')
     );
 
@@ -910,7 +1010,7 @@ export const archiveCase = async (
     );
 
     const downloadUrl = URL.createObjectURL(zipBlob);
-    const archiveFileName = `striae-case-${caseNumber}-archive-${formatDateForFilename(new Date())}.zip`;
+    const archiveFileName = `striae-case-${caseNumber}-archive-${formatDateForFilename(new Date())}-encrypted.zip`;
     const anchor = document.createElement('a');
     anchor.href = downloadUrl;
     anchor.download = archiveFileName;

package/app/components/actions/confirm-export.ts

@@ -3,7 +3,9 @@ import {
   calculateSHA256Secure,
   createPublicSigningKeyFileName,
   getCurrentPublicSigningKeyDetails,
-  getVerificationPublicKey
+  getVerificationPublicKey,
+  getCurrentEncryptionPublicKeyDetails,
+  encryptExportDataWithAllImages
 } from '~/utils/forensics';
 import { getUserData, getCaseData, updateCaseData, signConfirmationData, upsertFileConfirmationSummary } from '~/utils/data';
 import { type AnnotationData, type ConfirmationData, type CaseConfirmations, type CaseDataWithConfirmations, type ConfirmationImportData } from '~/types';
@@ -318,8 +320,35 @@ export async function exportConfirmationData(
     const zip = new JSZip();
     const normalizedPem = publicKeyPem.endsWith('\n') ? publicKeyPem : `${publicKeyPem}\n`;
 
-    zip.file(confirmationFileName, finalJsonString);
+    const encKeyDetails = getCurrentEncryptionPublicKeyDetails();
+    if (!encKeyDetails.publicKeyPem || !encKeyDetails.keyId) {
+      throw new Error(
+        'Confirmation export encryption is mandatory. Your Striae instance does not have a configured encryption public key. ' +
+        'Please contact your administrator to set up export encryption.'
+      );
+    }
+
+    let encryptedConfirmationContent: string | Uint8Array;
+    let encryptionManifestJson: string;
+
+    try {
+      const encryptionResult = await encryptExportDataWithAllImages(
+        finalJsonString,
+        [],
+        encKeyDetails.publicKeyPem,
+        encKeyDetails.keyId
+      );
+
+      encryptedConfirmationContent = encryptionResult.ciphertext;
+      encryptionManifestJson = JSON.stringify(encryptionResult.encryptionManifest, null, 2);
+    } catch (error) {
+      console.error('Confirmation export encryption failed:', error);
+      throw new Error(`Failed to encrypt confirmation export: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+
+    zip.file(confirmationFileName, encryptedConfirmationContent);
     zip.file(publicKeyFileName, normalizedPem);
+    zip.file('ENCRYPTION_MANIFEST.json', encryptionManifestJson);
 
     const zipBlob = await zip.generateAsync({
       type: 'blob',
@@ -327,7 +356,7 @@ export async function exportConfirmationData(
       compressionOptions: { level: 6 }
     });
 
-    const exportFileName = `confirmation-export-${caseNumber}-${timestampString}.zip`;
+    const exportFileName = `confirmation-export-${caseNumber}-${timestampString}-encrypted.zip`;
 
     // Create download
     const url = URL.createObjectURL(zipBlob);

package/app/components/audit/user-audit.module.css

@@ -522,11 +522,60 @@
   white-space: nowrap;
 }
 
+.entryHeaderActions {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  margin-left: auto;
+}
+
+.entryDetailsToggle {
+  background: color-mix(in lab, var(--primary) 10%, transparent);
+  color: color-mix(in lab, var(--primary) 65%, var(--text));
+  border: 1px solid color-mix(in lab, var(--primary) 30%, transparent);
+  padding: 4px 8px;
+  border-radius: 999px;
+  font-size: 0.75rem;
+  font-weight: var(--fontWeightMedium);
+  cursor: pointer;
+  transition: background-color var(--durationS) var(--bezierFastoutSlowin);
+}
+
+.entryDetailsToggle:hover {
+  background: color-mix(in lab, var(--primary) 16%, transparent);
+}
+
+.entryDetailsToggle:focus-visible {
+  outline: 2px solid color-mix(in lab, var(--primary) 45%, transparent);
+  outline-offset: 2px;
+}
+
 /* Entry Details */
 .entryDetails {
   padding: 12px 14px;
 }
 
+.expandedDetails {
+  margin-top: 10px;
+  padding-top: 10px;
+  border-top: 1px dashed color-mix(in lab, var(--textLight) 25%, transparent);
+}
+
+.expandedDetailsCode {
+  margin: 4px 0 0;
+  padding: 10px;
+  border-radius: 6px;
+  border: 1px solid color-mix(in lab, var(--textLight) 20%, transparent);
+  background: color-mix(in lab, var(--backgroundLight) 75%, transparent);
+  color: var(--text);
+  font-size: 0.78rem;
+  line-height: 1.4;
+  white-space: pre-wrap;
+  word-break: break-word;
+  max-height: 280px;
+  overflow: auto;
+}
+
 .detailRow {
   display: flex;
   align-items: center;

package/app/components/audit/viewer/audit-entries-list.tsx

@@ -1,3 +1,4 @@
+import { useMemo, useState, type MouseEvent } from 'react';
 import { type ValidationAuditEntry } from '~/types';
 import { formatAuditTimestamp, getAuditActionIcon, getAuditStatusIcon } from './audit-viewer-utils';
 import styles from '../user-audit.module.css';
@@ -13,7 +14,57 @@ const isConfirmationImportEntry = (entry: ValidationAuditEntry): boolean => {
   );
 };
 
+const isConfirmationEvent = (entry: ValidationAuditEntry): boolean => {
+  return (
+    entry.action === 'confirmation-create' ||
+    entry.action === 'confirmation-export' ||
+    entry.action === 'confirmation-import' ||
+    entry.action === 'confirm' ||
+    (entry.action === 'import' && entry.details.workflowPhase === 'confirmation') ||
+    (entry.action === 'export' && entry.details.workflowPhase === 'confirmation')
+  );
+};
+
+const supportsFullDetailsToggle = (entry: ValidationAuditEntry): boolean => {
+  return (
+    entry.action === 'annotation-create' ||
+    entry.action === 'annotation-edit' ||
+    entry.action === 'annotation-delete' ||
+    isConfirmationEvent(entry)
+  );
+};
+
+const getEntryKey = (entry: ValidationAuditEntry): string => {
+  return `${entry.timestamp}-${entry.userId}-${entry.action}-${entry.details.fileName || ''}-${entry.details.confirmationId || ''}`;
+};
+
 export const AuditEntriesList = ({ entries }: AuditEntriesListProps) => {
+  const [expandedEntryKeys, setExpandedEntryKeys] = useState<Set<string>>(new Set());
+
+  const expandableEntries = useMemo(() => {
+    return new Set(entries.filter(supportsFullDetailsToggle).map(getEntryKey));
+  }, [entries]);
+
+  const toggleExpanded = (entryKey: string) => {
+    setExpandedEntryKeys((current) => {
+      const next = new Set(current);
+
+      if (next.has(entryKey)) {
+        next.delete(entryKey);
+      } else {
+        next.add(entryKey);
+      }
+
+      return next;
+    });
+  };
+
+  const handleToggleClick = (event: MouseEvent<HTMLButtonElement>, entryKey: string) => {
+    event.preventDefault();
+    event.stopPropagation();
+    toggleExpanded(entryKey);
+  };
+
   return (
     <div className={styles.entriesList}>
       <h3>Activity Log ({entries.length} entries)</h3>
@@ -22,30 +73,49 @@ export const AuditEntriesList = ({ entries }: AuditEntriesListProps) => {
           <p>No activities match the current filters.</p>
         </div>
       ) : (
-        entries.map((entry) => (
-          <div
-            key={`${entry.timestamp}-${entry.userId}-${entry.action}-${entry.details.fileName || ''}`}
-            className={`${styles.entry} ${styles[entry.result]}`}
-          >
-            <div className={styles.entryHeader}>
-              <div className={styles.entryIcons}>
-                <span className={styles.actionIcon}>{getAuditActionIcon(entry.action)}</span>
-                <span className={styles.statusIcon}>{getAuditStatusIcon(entry.result)}</span>
-              </div>
-              <div className={styles.entryTitle}>
-                <span className={styles.action}>{entry.action.toUpperCase().replace(/-/g, ' ')}</span>
-                <span className={styles.fileName}>{entry.details.fileName}</span>
-              </div>
-              <div className={styles.entryTimestamp}>{formatAuditTimestamp(entry.timestamp)}</div>
-            </div>
+        entries.map((entry) => {
+          const entryKey = getEntryKey(entry);
+          const isExpandable = expandableEntries.has(entryKey);
+          const isExpanded = expandedEntryKeys.has(entryKey);
 
-            <div className={styles.entryDetails}>
-              {entry.details.caseNumber && (
-                <div className={styles.detailRow}>
-                  <span className={styles.detailLabel}>Case:</span>
-                  <span className={styles.detailValue}>{entry.details.caseNumber}</span>
+          return (
+            <div
+              key={entryKey}
+              className={`${styles.entry} ${styles[entry.result]}`}
+            >
+              <div className={styles.entryHeader}>
+                <div className={styles.entryIcons}>
+                  <span className={styles.actionIcon}>{getAuditActionIcon(entry.action)}</span>
+                  <span className={styles.statusIcon}>{getAuditStatusIcon(entry.result)}</span>
                 </div>
-              )}
+                <div className={styles.entryTitle}>
+                  <span className={styles.action}>{entry.action.toUpperCase().replace(/-/g, ' ')}</span>
+                  <span className={styles.fileName}>{entry.details.fileName}</span>
+                </div>
+
+                <div className={styles.entryHeaderActions}>
+                  <div className={styles.entryTimestamp}>{formatAuditTimestamp(entry.timestamp)}</div>
+                  {isExpandable && (
+                    <button
+                      type="button"
+                      className={styles.entryDetailsToggle}
+                      aria-expanded={isExpanded}
+                      aria-label={isExpanded ? 'Hide full entry details' : 'Show full entry details'}
+                      onClick={(event) => handleToggleClick(event, entryKey)}
+                    >
+                      {isExpanded ? 'Hide details' : 'Show details'}
+                    </button>
+                  )}
+                </div>
+              </div>
+
+              <div className={styles.entryDetails}>
+                {entry.details.caseNumber && (
+                  <div className={styles.detailRow}>
+                    <span className={styles.detailLabel}>Case:</span>
+                    <span className={styles.detailValue}>{entry.details.caseNumber}</span>
+                  </div>
+                )}
 
               {entry.details.userProfileDetails?.badgeId && (
                 <div className={styles.detailRow}>
@@ -191,37 +261,49 @@ export const AuditEntriesList = ({ entries }: AuditEntriesListProps) => {
                 </>
               )}
 
-              {(entry.action === 'pdf-generate' || entry.action === 'confirm') && entry.details.fileDetails && (
-                <>
-                  {entry.details.fileDetails.fileId && (
-                    <div className={styles.detailRow}>
-                      <span className={styles.detailLabel}>
-                        {entry.action === 'pdf-generate' ? 'Source File ID:' : 'Original Image ID:'}
-                      </span>
-                      <span className={styles.detailValue}>{entry.details.fileDetails.fileId}</span>
-                    </div>
-                  )}
+                {(entry.action === 'pdf-generate' || entry.action === 'confirm') && entry.details.fileDetails && (
+                  <>
+                    {entry.details.fileDetails.fileId && (
+                      <div className={styles.detailRow}>
+                        <span className={styles.detailLabel}>
+                          {entry.action === 'pdf-generate' ? 'Source File ID:' : 'Original Image ID:'}
+                        </span>
+                        <span className={styles.detailValue}>{entry.details.fileDetails.fileId}</span>
+                      </div>
+                    )}
 
-                  {entry.details.fileDetails.originalFileName && (
-                    <div className={styles.detailRow}>
-                      <span className={styles.detailLabel}>
-                        {entry.action === 'pdf-generate' ? 'Source Filename:' : 'Original Filename:'}
-                      </span>
-                      <span className={styles.detailValue}>{entry.details.fileDetails.originalFileName}</span>
-                    </div>
-                  )}
+                    {entry.details.fileDetails.originalFileName && (
+                      <div className={styles.detailRow}>
+                        <span className={styles.detailLabel}>
+                          {entry.action === 'pdf-generate' ? 'Source Filename:' : 'Original Filename:'}
+                        </span>
+                        <span className={styles.detailValue}>{entry.details.fileDetails.originalFileName}</span>
+                      </div>
+                    )}
+
+                    {entry.action === 'confirm' && entry.details.confirmationId && (
+                      <div className={styles.detailRow}>
+                        <span className={styles.detailLabel}>Confirmation ID:</span>
+                        <span className={styles.detailValue}>{entry.details.confirmationId}</span>
+                      </div>
+                    )}
+                  </>
+                )}
 
-                  {entry.action === 'confirm' && entry.details.confirmationId && (
+                {isExpandable && isExpanded && (
+                  <div className={styles.expandedDetails}>
                     <div className={styles.detailRow}>
-                      <span className={styles.detailLabel}>Confirmation ID:</span>
-                      <span className={styles.detailValue}>{entry.details.confirmationId}</span>
+                      <span className={styles.detailLabel}>Full Entry Details:</span>
                     </div>
-                  )}
-                </>
-              )}
+                    <pre className={styles.expandedDetailsCode}>
+                      {JSON.stringify(entry, null, 2)}
+                    </pre>
+                  </div>
+                )}
+              </div>
             </div>
-          </div>
-        ))
+          );
+        })
       )}
     </div>
   );

package/app/components/navbar/navbar.module.css

@@ -374,16 +374,6 @@
   background: color-mix(in lab, #6c757d 21%, #ffffff);
 }
 
-.caseMenuItemKey {
-  background: color-mix(in lab, #0d9488 14%, #ffffff);
-  color: #0f766e;
-  border-color: color-mix(in lab, #0d9488 28%, transparent);
-}
-
-.caseMenuItemKey:hover {
-  background: color-mix(in lab, #0d9488 20%, #ffffff);
-}
-
 .caseMenuItemClearRO {
   background: color-mix(in lab, #fd7e14 16%, #ffffff);
   color: #7c3f00;

package/app/components/navbar/navbar.tsx

@@ -3,8 +3,6 @@ import styles from './navbar.module.css';
 import { SignOut } from '../actions/signout';
 import { ManageProfile } from '../user/manage-profile';
 import { CaseImport } from '../sidebar/case-import/case-import';
-import { PublicSigningKeyModal } from '~/components/public-signing-key-modal/public-signing-key-modal';
-import { getCurrentPublicSigningKeyDetails } from '~/utils/forensics';
 import { AuthContext } from '~/contexts/auth.context';
 import { getUserData } from '~/utils/data';
 import { type ImportResult, type ConfirmationImportResult } from '~/types';
@@ -68,10 +66,8 @@ export const Navbar = ({
   const [userBadgeId, setUserBadgeId] = useState<string>('');
   const [isProfileModalOpen, setIsProfileModalOpen] = useState(false);
   const [isImportModalOpen, setIsImportModalOpen] = useState(false);
-  const [isPublicKeyModalOpen, setIsPublicKeyModalOpen] = useState(false);
   const [isCaseMenuOpen, setIsCaseMenuOpen] = useState(false);
   const [isFileMenuOpen, setIsFileMenuOpen] = useState(false);
-  const { keyId: publicSigningKeyId, publicKeyPem } = getCurrentPublicSigningKeyDetails();
   const caseMenuRef = useRef<HTMLDivElement>(null);
   const fileMenuRef = useRef<HTMLDivElement>(null);
 
@@ -292,18 +288,6 @@ export const Navbar = ({
                     Archive Case
                   </button>
                 )}
-                <div className={styles.caseMenuSectionLabel}>Verification</div>
-                <button
-                  type="button"
-                  role="menuitem"
-                  className={`${styles.caseMenuItem} ${styles.caseMenuItemKey}`}
-                  onClick={() => {
-                    setIsPublicKeyModalOpen(true);
-                    setIsCaseMenuOpen(false);
-                  }}
-                >
-                  Verify Exports
-                </button>
                 {currentCase && (
                   <div className={styles.caseMenuCaption}>Case: {currentCase}</div>
                 )}
@@ -423,12 +407,6 @@ export const Navbar = ({
         isOpen={isProfileModalOpen}
         onClose={() => setIsProfileModalOpen(false)}
       />
-      <PublicSigningKeyModal
-        isOpen={isPublicKeyModalOpen}
-        onClose={() => setIsPublicKeyModalOpen(false)}
-        publicSigningKeyId={publicSigningKeyId}
-        publicKeyPem={publicKeyPem}
-      />
     </>
   );
 };