@striae-org/striae 4.3.3 → 5.0.0

package/app/services/audit/audit-console-logger.ts

@@ -1,6 +1,6 @@
 import { type ValidationAuditEntry } from '~/types';
 
-export const getAuditSecurityIssuesForConsole = (
+const getAuditSecurityIssuesForConsole = (
   entry: ValidationAuditEntry
 ): string[] => {
   const checks = entry.details.securityChecks;

package/app/services/audit/audit-export-csv.ts

@@ -42,7 +42,7 @@ export const AUDIT_CSV_ENTRY_HEADERS = [
   'Confirmed Files'
 ];
 
-export const formatForCSV = (value?: string | number | null): string => {
+const formatForCSV = (value?: string | number | null): string => {
   if (value === undefined || value === null) return '';
   const str = String(value);
   if (str.includes(',') || str.includes('"') || str.includes('\n')) {

package/app/services/audit/audit-export-signing.ts

@@ -22,14 +22,14 @@ interface SignAuditExportInput {
   hash: string;
 }
 
-export interface AuditExportSignature {
+interface AuditExportSignature {
   algorithm: string;
   keyId: string;
   signedAt: string;
   value: string;
 }
 
-export interface SignedAuditExportPayload {
+interface SignedAuditExportPayload {
   signatureMetadata: AuditExportSigningPayload;
   signature: AuditExportSignature;
 }

package/app/services/audit/audit-export.service.ts

@@ -8,7 +8,7 @@ import { type AuditExportContext, signAuditExport } from './audit-export-signing
  * Audit Export Service
  * Handles exporting audit trails to various formats for compliance and forensic analysis
  */
-export class AuditExportService {
+class AuditExportService {
   private static instance: AuditExportService;
 
   private constructor() {}

package/app/services/audit/audit-worker-client.ts

@@ -18,7 +18,7 @@ interface PersistAuditEntryResponse {
   filename: string;
 }
 
-export type PersistAuditEntryResult =
+type PersistAuditEntryResult =
   | {
       ok: true;
       entryCount: number;

package/app/services/audit/audit.service.ts

@@ -2,7 +2,6 @@ import type { User } from 'firebase/auth';
 import type {
   ValidationAuditEntry, 
   CreateAuditEntryParams, 
-  AuditTrail, 
   AuditQueryParams,
   WorkflowPhase,
   AuditAction,
@@ -18,7 +17,6 @@ import {
 import {
   applyAuditEntryFilters,
   applyAuditPagination,
-  generateAuditSummary,
   sortAuditEntriesNewestFirst
 } from './audit-query-helpers';
 import { logAuditEntryToConsole } from './audit-console-logger';
@@ -58,7 +56,7 @@ import {
  * Audit Service for ValidationAuditEntry system
  * Provides comprehensive audit logging throughout the confirmation workflow
  */
-export class AuditService {
+class AuditService {
   private static instance: AuditService;
   private auditBuffer: ValidationAuditEntry[] = [];
   private workflowId: string | null = null;
@@ -383,13 +381,15 @@ export class AuditService {
   public async logCaseCreation(
     user: User,
     caseNumber: string,
-    caseName: string
+    caseName: string,
+    renamedFromCaseNumber?: string
   ): Promise<void> {
     await this.logEventForUser(user,
       buildCaseCreationAuditParams({
         user,
         caseNumber,
-        caseName
+        caseName,
+        renamedFromCaseNumber
       })
     );
   }
@@ -721,37 +721,6 @@ export class AuditService {
     );
   }
 
-  /**
-   * Log user account deletion event
-   */
-  public async logAccountDeletion(
-    user: User,
-    result: AuditResult,
-    deletionReason: 'user-requested' | 'admin-initiated' | 'policy-violation' | 'inactive-account' = 'user-requested',
-    confirmationMethod: 'uid-email' | 'password' | 'admin-override' = 'uid-email',
-    casesCount?: number,
-    filesCount?: number,
-    dataRetentionPeriod?: number,
-    emailNotificationSent?: boolean,
-    sessionId?: string,
-    errors: string[] = []
-  ): Promise<void> {
-    // Wrapper that extracts user data and calls the simplified version
-    return this.logAccountDeletionSimple(
-      user.uid,
-      user.email || '',
-      result,
-      deletionReason,
-      confirmationMethod,
-      casesCount,
-      filesCount,
-      dataRetentionPeriod,
-      emailNotificationSent,
-      sessionId,
-      errors
-    );
-  }
-
   /**
    * Log user account deletion event with simplified user data
    */
@@ -1011,32 +980,6 @@ export class AuditService {
     return await this.getAuditEntries(queryParams, params?.requestingUser);
   }
 
-  /**
-   * Get audit trail for a case
-   */
-  public async getAuditTrail(caseNumber: string): Promise<AuditTrail | null> {
-    try {
-      // Implement retrieval from storage
-      const entries = await this.getAuditEntries({ caseNumber });
-      if (!entries || entries.length === 0) {
-        return null;
-      }
-
-      const summary = generateAuditSummary(entries);
-      const workflowId = this.workflowId || `${caseNumber}-archived`;
-
-      return {
-        caseNumber,
-        workflowId,
-        entries,
-        summary
-      };
-    } catch (error) {
-      console.error('🚨 Audit: Failed to get audit trail:', error);
-      return null;
-    }
-  }
-
   /**
    * Get audit entries based on query parameters
    */
@@ -1143,19 +1086,6 @@ export class AuditService {
     }
   }
 
-  /**
-   * Clear audit buffer (for testing)
-   */
-  public clearBuffer(): void {
-    this.auditBuffer = [];
-  }
-
-  /**
-   * Get current buffer size (for monitoring)
-   */
-  public getBufferSize(): number {
-    return this.auditBuffer.length;
-  }
 }
 
 // Export singleton instance

package/app/services/audit/builders/audit-event-builders-case-file.ts

@@ -6,6 +6,7 @@ interface BuildCaseCreationAuditParamsInput {
   user: User;
   caseNumber: string;
   caseName: string;
+  renamedFromCaseNumber?: string;
 }
 
 export const buildCaseCreationAuditParams = (
@@ -22,7 +23,9 @@ export const buildCaseCreationAuditParams = (
     caseNumber: input.caseNumber,
     workflowPhase: 'casework',
     caseDetails: {
+      oldCaseName: input.renamedFromCaseNumber,
       newCaseName: input.caseName,
+      createdByRename: Boolean(input.renamedFromCaseNumber),
       createdDate: new Date().toISOString(),
       totalFiles: 0,
       totalAnnotations: 0

package/app/services/audit/index.ts

@@ -1,2 +1,2 @@
-export { AuditService, auditService } from './audit.service';
-export { AuditExportService, auditExportService } from './audit-export.service';
+export { auditService } from './audit.service';
+export { auditExportService } from './audit-export.service';

package/app/types/audit.ts

@@ -44,7 +44,7 @@ export interface ValidationAuditEntry {
  * Detailed information for each audit entry
  * Contains action-specific data and metadata
  */
-export interface AuditDetails {
+interface AuditDetails {
   // Core identification
   fileName?: string;
   fileType?: AuditFileType;
@@ -194,9 +194,10 @@ export interface AuditQueryParams {
 /**
  * Case management specific audit details
  */
-export interface CaseAuditDetails {
+interface CaseAuditDetails {
   oldCaseName?: string;
   newCaseName?: string;
+  createdByRename?: boolean;
   totalFiles?: number;
   totalAnnotations?: number;
   confirmedFileNames?: string[];
@@ -210,7 +211,7 @@ export interface CaseAuditDetails {
 /**
  * File operation specific audit details
  */
-export interface FileAuditDetails {
+interface FileAuditDetails {
   fileId?: string;
   originalFileName?: string;
   fileSize: number;
@@ -225,7 +226,7 @@ export interface FileAuditDetails {
 /**
  * Annotation operation specific audit details
  */
-export interface AnnotationAuditDetails {
+interface AnnotationAuditDetails {
   annotationId?: string;
   annotationType?: 'measurement' | 'identification' | 'comparison' | 'note' | 'region';
   annotationData?: unknown; // The actual annotation data structure
@@ -238,7 +239,7 @@ export interface AnnotationAuditDetails {
 /**
  * User session specific audit details
  */
-export interface SessionAuditDetails {
+interface SessionAuditDetails {
   sessionId?: string;
   userAgent?: string;
   sessionDuration?: number;
@@ -249,7 +250,7 @@ export interface SessionAuditDetails {
 /**
  * Security incident specific audit details
  */
-export interface SecurityAuditDetails {
+interface SecurityAuditDetails {
   incidentType?: 'unauthorized-access' | 'data-breach' | 'malware' | 'injection' | 'brute-force' | 'privilege-escalation';
   severity?: 'low' | 'medium' | 'high' | 'critical';
   targetResource?: string;
@@ -272,7 +273,7 @@ export interface SecurityAuditDetails {
 /**
  * User profile and authentication specific audit details
  */
-export interface UserProfileAuditDetails {
+interface UserProfileAuditDetails {
   profileField?: 'displayName' | 'email' | 'organization' | 'role' | 'preferences' | 'avatar' | 'badgeId';
   oldValue?: string;
   newValue?: string;

package/app/utils/data/operations/signing-operations.ts

@@ -13,6 +13,7 @@ import {
   type ForensicManifestSignature,
   FORENSIC_MANIFEST_VERSION
 } from '../../forensics/SHA256';
+import type { EncryptionManifest } from '../../forensics/export-encryption';
 import { canAccessCase, validateUserSession } from '../permissions';
 import type {
   AuditExportSigningResponse,
@@ -223,3 +224,95 @@ export const signAuditExportData = async (
     throw error;
   }
 };
+
+/**
+ * Request batch decryption of export data file and images from the data worker
+ */
+export const decryptExportBatch = async (
+  user: User,
+  encryptionManifest: EncryptionManifest,
+  encryptedDataBase64: string,
+  encryptedImageMap: Record<string, string>
+): Promise<{ plaintext: string; decryptedImages: Record<string, Blob> }> => {
+  try {
+    const sessionValidation = await validateUserSession(user);
+    if (!sessionValidation.valid) {
+      throw new Error(`Session validation failed: ${sessionValidation.reason}`);
+    }
+
+    // Convert encryptedImageMap to array format expected by worker, including per-image IV from manifest
+    const encryptedImages = Object.entries(encryptedImageMap).map(([filename, encryptedData]) => {
+      const manifestEntry = encryptionManifest.encryptedImages.find(e => e.filename === filename);
+      return {
+        filename,
+        encryptedData,
+        iv: manifestEntry?.iv
+      };
+    });
+
+    const response = await fetchDataApi(user, '/api/forensic/decrypt-export', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify({
+        userId: user.uid,
+        wrappedKey: encryptionManifest.wrappedKey,
+        dataIv: encryptionManifest.dataIv,
+        encryptedData: encryptedDataBase64,
+        encryptedImages,
+        keyId: encryptionManifest.keyId
+      })
+    });
+
+    const responseData = await response.json().catch(() => null) as {
+      success?: boolean;
+      error?: string;
+      plaintext?: string;
+      decryptedImages?: Array<{ filename: string; data: string }>;
+    } | null;
+
+    if (!response.ok) {
+      const errorMessage = responseData?.error || `Failed to decrypt export: ${response.status} ${response.statusText}`;
+      
+      // Special handling for encrypted exports without configured key
+      if (response.status === 400 && errorMessage.includes('not configured')) {
+        throw new Error(
+          'This export is encrypted. To import it, your Striae instance must have EXPORT_ENCRYPTION_PRIVATE_KEY configured.'
+        );
+      }
+
+      throw new Error(errorMessage);
+    }
+
+    if (!responseData?.success || !responseData.plaintext) {
+      throw new Error('Invalid decrypt response from data worker');
+    }
+
+    // Convert decrypted image base64 data back to Blobs
+    const decryptedImages: Record<string, Blob> = {};
+    if (Array.isArray(responseData.decryptedImages)) {
+      for (const imageEntry of responseData.decryptedImages) {
+        try {
+          const binaryString = atob(imageEntry.data);
+          const bytes = new Uint8Array(binaryString.length);
+          for (let i = 0; i < binaryString.length; i++) {
+            bytes[i] = binaryString.charCodeAt(i);
+          }
+          decryptedImages[imageEntry.filename] = new Blob([bytes]);
+        } catch (error) {
+          console.error(`Failed to convert decrypted image ${imageEntry.filename}:`, error);
+          throw new Error(`Failed to convert decrypted image: ${imageEntry.filename}`);
+        }
+      }
+    }
+
+    return {
+      plaintext: responseData.plaintext,
+      decryptedImages
+    };
+  } catch (error) {
+    console.error('Error decrypting export batch:', error);
+    throw error;
+  }
+};

package/app/utils/data/operations/types.ts

@@ -39,4 +39,10 @@ export interface AuditExportSigningResponse {
   signature: ForensicManifestSignature;
 }
 
+export interface DecryptExportBatchResponse {
+  success: boolean;
+  plaintext: string;
+  decryptedImages: Array<{ filename: string; data: string }>;
+}
+
 export type DataOperation<T> = (user: User, ...args: unknown[]) => Promise<T>;