npm - @striae-org/striae - Versions diffs - 5.5.1 → 6.0.0 - Mend

@striae-org/striae 5.5.1 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/.env.example +9 -1
package/app/components/actions/case-export/download-handlers.ts +130 -62
package/app/components/actions/case-manage/archive-package-builder.ts +299 -0
package/app/components/actions/case-manage/delete-helpers.ts +61 -0
package/app/components/actions/case-manage/index.ts +2 -0
package/app/components/actions/case-manage/operations.ts +714 -0
package/app/components/actions/case-manage/types.ts +21 -0
package/app/components/actions/case-manage/utils.ts +34 -0
package/app/components/actions/case-manage.ts +1 -1079
package/app/components/navbar/case-import/case-import.module.css +2 -2
package/app/components/navbar/case-import/case-import.tsx +0 -8
package/app/components/navbar/case-import/components/CasePreviewSection.tsx +1 -1
package/app/components/navbar/case-modals/all-cases-modal.tsx +13 -1
package/app/components/navbar/navbar.tsx +8 -5
package/app/components/sidebar/cases/case-sidebar.tsx +3 -2
package/app/routes/auth/login.example.tsx +17 -5
package/app/routes/striae/striae.tsx +36 -11
package/app/types/export.ts +1 -0
package/app/utils/forensics/SHA256.ts +2 -2
package/app/utils/forensics/audit-export-signature.ts +1 -1
package/app/utils/forensics/confirmation-signature.ts +1 -1
package/app/utils/forensics/signature-utils.ts +7 -2
package/functions/api/_shared/registration-allowlist.ts +38 -0
package/functions/api/auth/can-register.ts +59 -0
package/functions/api/user/[[path]].ts +34 -0
package/members.emails.example +11 -0
package/package.json +9 -9
package/scripts/deploy-all.sh +2 -2
package/scripts/deploy-members-emails.sh +102 -0
package/scripts/deploy-pages-secrets.sh +13 -70
package/scripts/deploy-primershear-emails.sh +7 -73
package/worker-configuration.d.ts +2 -1
package/workers/audit-worker/package.json +1 -5
package/workers/audit-worker/wrangler.jsonc.example +1 -1
package/workers/data-worker/package.json +1 -5
package/workers/data-worker/src/signature-utils.ts +7 -2
package/workers/data-worker/src/signing-payload-utils.ts +4 -4
package/workers/data-worker/wrangler.jsonc.example +1 -1
package/workers/image-worker/package.json +1 -5
package/workers/image-worker/wrangler.jsonc.example +1 -1
package/workers/pdf-worker/package.json +1 -5
package/workers/pdf-worker/wrangler.jsonc.example +1 -1
package/workers/user-worker/package.json +1 -5
package/workers/user-worker/wrangler.jsonc.example +1 -1
package/wrangler.toml.example +1 -1

package/scripts/deploy-members-emails.sh ADDED Viewed

@@ -0,0 +1,102 @@
+#!/bin/bash
+# ============================================
+# MEMBERS EMAIL LIST DEPLOYMENT SCRIPT
+# ============================================
+# Reads members.emails, updates REGISTRATION_EMAILS in .env,
+# then deploys that secret directly to Cloudflare Pages (production).
+set -e
+set -o pipefail
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+echo -e "${BLUE}👥 Members Email List Deployment${NC}"
+echo "=================================="
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+cd "$PROJECT_ROOT"
+trap 'echo -e "\n${RED}❌ deploy-members-emails.sh failed near line ${LINENO}${NC}"' ERR
+# ── Read emails file ──────────────────────────────────────────────────────────
+EMAILS_FILE="$PROJECT_ROOT/members.emails"
+if [ ! -f "$EMAILS_FILE" ]; then
+    echo -e "${RED}❌ members.emails not found at: $EMAILS_FILE${NC}"
+    echo -e "${YELLOW}   Create it with one email address or @domain.com wildcard per line.${NC}"
+    echo -e "${YELLOW}   See members.emails.example for the format.${NC}"
+    exit 1
+fi
+# Strip comment lines and blank lines, then join with commas
+# Use || true to avoid failure if paste gets no input (handles empty file gracefully)
+REGISTRATION_EMAILS=$(grep -v '^[[:space:]]*#' "$EMAILS_FILE" | grep -v '^[[:space:]]*$' | paste -sd ',' - || true)
+if [ -z "$REGISTRATION_EMAILS" ]; then
+    echo -e "${YELLOW}⚠️  members.emails contains no active entries.${NC}"
+    echo -e "${YELLOW}   The secret will be set to an empty string, disabling the gateway (open registration).${NC}"
+fi
+ENTRY_COUNT=$(echo "$REGISTRATION_EMAILS" | tr ',' '\n' | grep -c '[^[:space:]]' || true)
+echo -e "${GREEN}✅ Loaded $ENTRY_COUNT entry(ies) from members.emails${NC}"
+# ── Update .env ───────────────────────────────────────────────────────────────
+ENV_FILE="$PROJECT_ROOT/.env"
+if [ ! -f "$ENV_FILE" ]; then
+    echo -e "${RED}❌ .env not found. Run deploy-config first.${NC}"
+    exit 1
+fi
+# Replace the REGISTRATION_EMAILS= line in .env (handles both empty and populated values)
+if grep -q '^REGISTRATION_EMAILS=' "$ENV_FILE"; then
+    # Use a temp file to avoid sed -i portability issues across macOS/Linux
+    local_tmp=$(mktemp)
+    sed "s|^REGISTRATION_EMAILS=.*|REGISTRATION_EMAILS=${REGISTRATION_EMAILS}|" "$ENV_FILE" > "$local_tmp"
+    mv "$local_tmp" "$ENV_FILE"
+    echo -e "${GREEN}✅ Updated REGISTRATION_EMAILS in .env${NC}"
+else
+    echo "" >> "$ENV_FILE"
+    echo "REGISTRATION_EMAILS=${REGISTRATION_EMAILS}" >> "$ENV_FILE"
+    echo -e "${GREEN}✅ Appended REGISTRATION_EMAILS to .env${NC}"
+fi
+# ── Deploy to Cloudflare Pages ────────────────────────────────────────────────
+if ! command -v wrangler > /dev/null 2>&1; then
+    echo -e "${RED}❌ wrangler is not installed or not in PATH${NC}"
+    exit 1
+fi
+source "$ENV_FILE"
+PAGES_PROJECT_NAME=$(echo "$PAGES_PROJECT_NAME" | tr -d '\r')
+if [ -z "$PAGES_PROJECT_NAME" ]; then
+    echo -e "${RED}❌ PAGES_PROJECT_NAME is missing from .env${NC}"
+    exit 1
+fi
+echo -e "${YELLOW}  Setting REGISTRATION_EMAILS for production...${NC}"
+printf '%s' "$REGISTRATION_EMAILS" | wrangler pages secret put REGISTRATION_EMAILS \
+    --project-name "$PAGES_PROJECT_NAME"
+echo -e "${GREEN}✅ REGISTRATION_EMAILS deployed to production${NC}"
+# Deploy Pages so the new secret takes effect immediately
+echo -e "\n${YELLOW}🚀 Building and deploying Pages to activate new secret...${NC}"
+if ! npm run deploy-pages; then
+    echo -e "${RED}❌ Pages deployment failed${NC}"
+    exit 1
+fi
+echo -e "${GREEN}✅ Pages deployment complete${NC}"
+echo -e "\n${GREEN}🎉 Members email list deployment complete!${NC}"

package/scripts/deploy-pages-secrets.sh CHANGED Viewed

@@ -24,46 +24,6 @@ cd "$PROJECT_ROOT"
 trap 'echo -e "\n${RED}❌ deploy-pages-secrets.sh failed near line ${LINENO}${NC}"' ERR
-show_help=false
-deploy_production=true
-deploy_preview=true
-for arg in "$@"; do
-    case "$arg" in
-        -h|--help)
-            show_help=true
-            ;;
-        --production-only)
-            deploy_production=true
-            deploy_preview=false
-            ;;
-        --preview-only)
-            deploy_production=false
-            deploy_preview=true
-            ;;
-        *)
-            echo -e "${RED}❌ Unknown option: $arg${NC}"
-            echo "Use --help to see supported options."
-            exit 1
-            ;;
-    esac
-done
-if [ "$show_help" = "true" ]; then
-    echo "Usage: bash ./scripts/deploy-pages-secrets.sh [--production-only|--preview-only]"
-    echo ""
-    echo "Options:"
-    echo "  --production-only  Deploy secrets only to the production Pages environment"
-    echo "  --preview-only     Deploy secrets only to the preview Pages environment"
-    echo "  -h, --help         Show this help message"
-    exit 0
-fi
-if [ "$deploy_production" != "true" ] && [ "$deploy_preview" != "true" ]; then
-    echo -e "${RED}❌ No target environment selected${NC}"
-    exit 1
-fi
 require_command() {
     local cmd=$1
     if ! command -v "$cmd" > /dev/null 2>&1; then
@@ -145,40 +105,29 @@ get_optional_value() {
     printf '%s' "$value"
 }
-set_pages_secret() {
-    local secret_name=$1
-    local secret_value=$2
-    local pages_env=$3
-    echo -e "${YELLOW}  Setting $secret_name for $pages_env...${NC}"
-    if [ "$pages_env" = "production" ]; then
-        printf '%s' "$secret_value" | wrangler pages secret put "$secret_name" --project-name "$PAGES_PROJECT_NAME"
-        return 0
-    fi
-    printf '%s' "$secret_value" | wrangler pages secret put "$secret_name" --project-name "$PAGES_PROJECT_NAME" --env "$pages_env"
-}
-deploy_pages_environment_secrets() {
-    local pages_env=$1
+deploy_pages_secrets() {
     local secret
     local secret_value
-    echo -e "\n${BLUE}🔧 Deploying Pages secrets to $pages_env...${NC}"
+    echo -e "\n${BLUE}🔧 Deploying Pages secrets to production...${NC}"
     for secret in "${required_pages_secrets[@]}"; do
         secret_value=$(get_required_value "$secret")
-        set_pages_secret "$secret" "$secret_value" "$pages_env"
+        echo -e "${YELLOW}  Setting $secret...${NC}"
+        printf '%s' "$secret_value" | wrangler pages secret put "$secret" --project-name "$PAGES_PROJECT_NAME"
     done
     local optional_primershear_emails
     optional_primershear_emails=$(get_optional_value "PRIMERSHEAR_EMAILS")
-    if [ -n "$optional_primershear_emails" ]; then
-        set_pages_secret "PRIMERSHEAR_EMAILS" "$optional_primershear_emails" "$pages_env"
-    fi
+    echo -e "${YELLOW}  Setting PRIMERSHEAR_EMAILS...${NC}"
+    printf '%s' "$optional_primershear_emails" | wrangler pages secret put "PRIMERSHEAR_EMAILS" --project-name "$PAGES_PROJECT_NAME"
-    echo -e "${GREEN}✅ Pages secrets deployed to $pages_env${NC}"
+    local optional_registration_emails
+    optional_registration_emails=$(get_optional_value "REGISTRATION_EMAILS")
+    echo -e "${YELLOW}  Setting REGISTRATION_EMAILS...${NC}"
+    printf '%s' "$optional_registration_emails" | wrangler pages secret put "REGISTRATION_EMAILS" --project-name "$PAGES_PROJECT_NAME"
+    echo -e "${GREEN}✅ Pages secrets deployed to production${NC}"
 }
 require_command wrangler
@@ -220,12 +169,6 @@ for secret in "${required_pages_secrets[@]}"; do
 done
 echo -e "${GREEN}✅ Required Pages secret values found${NC}"
-if [ "$deploy_production" = "true" ]; then
-    deploy_pages_environment_secrets "production"
-fi
-if [ "$deploy_preview" = "true" ]; then
-    deploy_pages_environment_secrets "preview"
-fi
+deploy_pages_secrets
 echo -e "\n${GREEN}🎉 Pages secrets deployment completed!${NC}"

package/scripts/deploy-primershear-emails.sh CHANGED Viewed

@@ -4,16 +4,7 @@
 # PRIMERSHEAR EMAIL LIST DEPLOYMENT SCRIPT
 # ============================================
 # Reads primershear.emails, updates PRIMERSHEAR_EMAILS in .env,
-# then deploys that secret directly to Cloudflare Pages.
-#
-# Usage:
-#   bash ./scripts/deploy-primershear-emails.sh [--production-only|--preview-only|--env-only]
-#
-# Options:
-#   --production-only  Deploy to production Pages environment only
-#   --preview-only     Deploy to preview Pages environment only
-#   --env-only         Update .env only; do not deploy to Cloudflare
-#   -h, --help         Show this help message
+# then deploys that secret directly to Cloudflare Pages (production).
 set -e
 set -o pipefail
@@ -33,43 +24,6 @@ cd "$PROJECT_ROOT"
 trap 'echo -e "\n${RED}❌ deploy-primershear-emails.sh failed near line ${LINENO}${NC}"' ERR
-# ── Argument parsing ─────────────────────────────────────────────────────────
-deploy_production=true
-deploy_preview=true
-env_only=false
-for arg in "$@"; do
-    case "$arg" in
-        -h|--help)
-            echo "Usage: bash ./scripts/deploy-primershear-emails.sh [--production-only|--preview-only|--env-only]"
-            echo ""
-            echo "Options:"
-            echo "  --production-only  Deploy to production Pages environment only"
-            echo "  --preview-only     Deploy to preview Pages environment only"
-            echo "  --env-only         Update .env only; do not deploy to Cloudflare"
-            echo "  -h, --help         Show this help message"
-            exit 0
-            ;;
-        --production-only)
-            deploy_production=true
-            deploy_preview=false
-            ;;
-        --preview-only)
-            deploy_production=false
-            deploy_preview=true
-            ;;
-        --env-only)
-            env_only=true
-            ;;
-        *)
-            echo -e "${RED}❌ Unknown option: $arg${NC}"
-            echo "Use --help to see supported options."
-            exit 1
-            ;;
-    esac
-done
 # ── Read emails file ──────────────────────────────────────────────────────────
 EMAILS_FILE="$PROJECT_ROOT/primershear.emails"
@@ -114,11 +68,6 @@ else
     echo -e "${GREEN}✅ Appended PRIMERSHEAR_EMAILS to .env${NC}"
 fi
-if [ "$env_only" = "true" ]; then
-    echo -e "\n${GREEN}🎉 .env updated. Skipping Cloudflare deployment (--env-only).${NC}"
-    exit 0
-fi
 # ── Deploy to Cloudflare Pages ────────────────────────────────────────────────
 if ! command -v wrangler > /dev/null 2>&1; then
@@ -134,31 +83,16 @@ if [ -z "$PAGES_PROJECT_NAME" ]; then
     exit 1
 fi
-set_secret() {
-    local pages_env=$1
-    echo -e "${YELLOW}  Setting PRIMERSHEAR_EMAILS for $pages_env...${NC}"
-    if [ "$pages_env" = "production" ]; then
-        printf '%s' "$PRIMERSHEAR_EMAILS" | wrangler pages secret put PRIMERSHEAR_EMAILS \
-            --project-name "$PAGES_PROJECT_NAME"
-    else
-        printf '%s' "$PRIMERSHEAR_EMAILS" | wrangler pages secret put PRIMERSHEAR_EMAILS \
-            --project-name "$PAGES_PROJECT_NAME" --env "$pages_env"
-    fi
-}
-if [ "$deploy_production" = "true" ]; then
-    set_secret "production"
-    echo -e "${GREEN}✅ PRIMERSHEAR_EMAILS deployed to production${NC}"
-fi
+echo -e "${YELLOW}  Setting PRIMERSHEAR_EMAILS for production...${NC}"
+printf '%s' "$PRIMERSHEAR_EMAILS" | wrangler pages secret put PRIMERSHEAR_EMAILS \
+    --project-name "$PAGES_PROJECT_NAME"
-if [ "$deploy_preview" = "true" ]; then
-    set_secret "preview"
-    echo -e "${GREEN}✅ PRIMERSHEAR_EMAILS deployed to preview${NC}"
-fi
+echo -e "${GREEN}✅ PRIMERSHEAR_EMAILS deployed to production${NC}"
 # Deploy Pages so the new secret takes effect immediately
 echo -e "\n${YELLOW}🚀 Building and deploying Pages to activate new secret...${NC}"
-if ! npm run deploy; then
+if ! npm run deploy-pages; then
     echo -e "${RED}❌ Pages deployment failed${NC}"
     exit 1
 fi

package/worker-configuration.d.ts CHANGED Viewed

@@ -58,6 +58,7 @@ declare namespace Cloudflare {
 		PDF_WORKER_AUTH: string;
 		BROWSER_API_TOKEN: string;
 		PRIMERSHEAR_EMAILS: string;
+		REGISTRATION_EMAILS: string;
 	}
 }
 interface Env extends Cloudflare.Env {}
@@ -65,7 +66,7 @@ type StringifyValues<EnvType extends Record<string, unknown>> = {
 	[Binding in keyof EnvType]: EnvType[Binding] extends string ? EnvType[Binding] : string;
 };
 declare namespace NodeJS {
-	interface ProcessEnv extends StringifyValues<Pick<Cloudflare.Env, "ACCOUNT_ID" | "USER_DB_AUTH" | "R2_KEY_SECRET" | "IMAGES_API_TOKEN" | "API_KEY" | "AUTH_DOMAIN" | "PROJECT_ID" | "STORAGE_BUCKET" | "MESSAGING_SENDER_ID" | "APP_ID" | "MEASUREMENT_ID" | "FIREBASE_SERVICE_ACCOUNT_EMAIL" | "FIREBASE_SERVICE_ACCOUNT_PRIVATE_KEY" | "USER_KV_ENCRYPTION_PRIVATE_KEY" | "USER_KV_ENCRYPTION_KEY_ID" | "USER_KV_ENCRYPTION_PUBLIC_KEY" | "USER_KV_WRITE_ENDPOINTS_ENABLED" | "USER_KV_ENCRYPTION_KEYS_JSON" | "USER_KV_ENCRYPTION_ACTIVE_KEY_ID" | "MANIFEST_SIGNING_PRIVATE_KEY" | "MANIFEST_SIGNING_KEY_ID" | "MANIFEST_SIGNING_PUBLIC_KEY" | "EXPORT_ENCRYPTION_PRIVATE_KEY" | "EXPORT_ENCRYPTION_KEY_ID" | "EXPORT_ENCRYPTION_PUBLIC_KEY" | "EXPORT_ENCRYPTION_KEYS_JSON" | "EXPORT_ENCRYPTION_ACTIVE_KEY_ID" | "DATA_AT_REST_ENCRYPTION_ENABLED" | "DATA_AT_REST_ENCRYPTION_PRIVATE_KEY" | "DATA_AT_REST_ENCRYPTION_KEY_ID" | "DATA_AT_REST_ENCRYPTION_PUBLIC_KEY" | "DATA_AT_REST_ENCRYPTION_KEYS_JSON" | "DATA_AT_REST_ENCRYPTION_ACTIVE_KEY_ID" | "PAGES_PROJECT_NAME" | "PAGES_CUSTOM_DOMAIN" | "USER_WORKER_NAME" | "USER_WORKER_DOMAIN" | "KV_STORE_ID" | "DATA_WORKER_NAME" | "DATA_BUCKET_NAME" | "FILES_BUCKET_NAME" | "DATA_WORKER_DOMAIN" | "AUDIT_WORKER_NAME" | "AUDIT_BUCKET_NAME" | "AUDIT_WORKER_DOMAIN" | "IMAGES_WORKER_NAME" | "IMAGES_WORKER_DOMAIN" | "IMAGE_SIGNED_URL_SECRET" | "IMAGE_SIGNED_URL_TTL_SECONDS" | "IMAGE_SIGNED_URL_BASE_URL" | "PDF_WORKER_NAME" | "PDF_WORKER_DOMAIN" | "PDF_WORKER_AUTH" | "BROWSER_API_TOKEN" | "PRIMERSHEAR_EMAILS">> {}
+	interface ProcessEnv extends StringifyValues<Pick<Cloudflare.Env, "ACCOUNT_ID" | "USER_DB_AUTH" | "R2_KEY_SECRET" | "IMAGES_API_TOKEN" | "API_KEY" | "AUTH_DOMAIN" | "PROJECT_ID" | "STORAGE_BUCKET" | "MESSAGING_SENDER_ID" | "APP_ID" | "MEASUREMENT_ID" | "FIREBASE_SERVICE_ACCOUNT_EMAIL" | "FIREBASE_SERVICE_ACCOUNT_PRIVATE_KEY" | "USER_KV_ENCRYPTION_PRIVATE_KEY" | "USER_KV_ENCRYPTION_KEY_ID" | "USER_KV_ENCRYPTION_PUBLIC_KEY" | "USER_KV_WRITE_ENDPOINTS_ENABLED" | "USER_KV_ENCRYPTION_KEYS_JSON" | "USER_KV_ENCRYPTION_ACTIVE_KEY_ID" | "MANIFEST_SIGNING_PRIVATE_KEY" | "MANIFEST_SIGNING_KEY_ID" | "MANIFEST_SIGNING_PUBLIC_KEY" | "EXPORT_ENCRYPTION_PRIVATE_KEY" | "EXPORT_ENCRYPTION_KEY_ID" | "EXPORT_ENCRYPTION_PUBLIC_KEY" | "EXPORT_ENCRYPTION_KEYS_JSON" | "EXPORT_ENCRYPTION_ACTIVE_KEY_ID" | "DATA_AT_REST_ENCRYPTION_ENABLED" | "DATA_AT_REST_ENCRYPTION_PRIVATE_KEY" | "DATA_AT_REST_ENCRYPTION_KEY_ID" | "DATA_AT_REST_ENCRYPTION_PUBLIC_KEY" | "DATA_AT_REST_ENCRYPTION_KEYS_JSON" | "DATA_AT_REST_ENCRYPTION_ACTIVE_KEY_ID" | "PAGES_PROJECT_NAME" | "PAGES_CUSTOM_DOMAIN" | "USER_WORKER_NAME" | "USER_WORKER_DOMAIN" | "KV_STORE_ID" | "DATA_WORKER_NAME" | "DATA_BUCKET_NAME" | "FILES_BUCKET_NAME" | "DATA_WORKER_DOMAIN" | "AUDIT_WORKER_NAME" | "AUDIT_BUCKET_NAME" | "AUDIT_WORKER_DOMAIN" | "IMAGES_WORKER_NAME" | "IMAGES_WORKER_DOMAIN" | "IMAGE_SIGNED_URL_SECRET" | "IMAGE_SIGNED_URL_TTL_SECONDS" | "IMAGE_SIGNED_URL_BASE_URL" | "PDF_WORKER_NAME" | "PDF_WORKER_DOMAIN" | "PDF_WORKER_AUTH" | "BROWSER_API_TOKEN" | "PRIMERSHEAR_EMAILS" | "REGISTRATION_EMAILS">> {}
 }
 // Begin runtime types

package/workers/audit-worker/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "audit-worker",
-  "version": "5.5.1",
+  "version": "6.0.0",
   "private": true,
   "scripts": {
     "deploy": "wrangler deploy",
@@ -9,9 +9,5 @@
   },
   "devDependencies": {
     "wrangler": "^4.81.1"
-  },
-  "overrides": {
-    "undici": "7.24.1",
-    "yauzl": "3.2.1"
   }
 }

package/workers/audit-worker/wrangler.jsonc.example CHANGED Viewed

@@ -7,7 +7,7 @@
   "name": "AUDIT_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/audit-worker.ts",
-  "compatibility_date": "2026-04-09",
+  "compatibility_date": "2026-04-11",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/data-worker/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "data-worker",
-  "version": "5.5.1",
+  "version": "6.0.0",
   "private": true,
   "scripts": {
     "deploy": "wrangler deploy",
@@ -9,9 +9,5 @@
   },
   "devDependencies": {
     "wrangler": "^4.81.1"
-  },
-  "overrides": {
-    "undici": "7.24.1",
-    "yauzl": "3.2.1"
   }
 }

package/workers/data-worker/src/signature-utils.ts CHANGED Viewed

@@ -5,6 +5,8 @@ export interface WorkerSignatureEnvelope {
   value: string;
 }
+const RSA_PSS_SALT_LENGTH = 32;
 function base64UrlEncode(value: Uint8Array): string {
   let binary = '';
   for (const byte of value) {
@@ -57,7 +59,7 @@ export async function signPayload(
     'pkcs8',
     parsePkcs8PrivateKey(privateKey),
     {
-      name: 'RSASSA-PKCS1-v1_5',
+      name: 'RSA-PSS',
       hash: 'SHA-256'
     },
     false,
@@ -65,7 +67,10 @@ export async function signPayload(
   );
   const signature = await crypto.subtle.sign(
-    { name: 'RSASSA-PKCS1-v1_5' },
+    {
+      name: 'RSA-PSS',
+      saltLength: RSA_PSS_SALT_LENGTH
+    },
     signingKey,
     new TextEncoder().encode(payload)
   );

package/workers/data-worker/src/signing-payload-utils.ts CHANGED Viewed

@@ -52,10 +52,10 @@ export interface AuditExportSigningPayload {
   hash: string;
 }
-export const FORENSIC_MANIFEST_VERSION = '2.0';
-export const CONFIRMATION_SIGNATURE_VERSION = '2.0';
-export const AUDIT_EXPORT_SIGNATURE_VERSION = '1.0';
-export const FORENSIC_MANIFEST_SIGNATURE_ALGORITHM = 'RSASSA-PKCS1-v1_5-SHA-256';
+export const FORENSIC_MANIFEST_VERSION = '3.0';
+export const CONFIRMATION_SIGNATURE_VERSION = '3.0';
+export const AUDIT_EXPORT_SIGNATURE_VERSION = '2.0';
+export const FORENSIC_MANIFEST_SIGNATURE_ALGORITHM = 'RSASSA-PSS-SHA-256';
 const SHA256_HEX_REGEX = /^[a-f0-9]{64}$/i;

package/workers/data-worker/wrangler.jsonc.example CHANGED Viewed

@@ -5,7 +5,7 @@
   "name": "DATA_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/data-worker.ts",
-  "compatibility_date": "2026-04-09",
+  "compatibility_date": "2026-04-11",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/image-worker/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "image-worker",
-  "version": "5.5.1",
+  "version": "6.0.0",
   "private": true,
   "scripts": {
     "deploy": "wrangler deploy",
@@ -9,9 +9,5 @@
   },
   "devDependencies": {
     "wrangler": "^4.81.1"
-  },
-  "overrides": {
-    "undici": "7.24.1",
-    "yauzl": "3.2.1"
   }
 }

package/workers/image-worker/wrangler.jsonc.example CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "IMAGES_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/image-worker.ts",
-  "compatibility_date": "2026-04-09",
+  "compatibility_date": "2026-04-11",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/pdf-worker/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pdf-worker",
-  "version": "5.5.1",
+  "version": "6.0.0",
   "private": true,
   "scripts": {
     "generate:assets": "node scripts/generate-assets.js",
@@ -10,9 +10,5 @@
   },
   "devDependencies": {
     "wrangler": "^4.81.1"
-  },
-  "overrides": {
-    "undici": "7.24.1",
-    "yauzl": "3.2.1"
   }
 }

package/workers/pdf-worker/wrangler.jsonc.example CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "PDF_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/pdf-worker.ts",
-  "compatibility_date": "2026-04-09",
+  "compatibility_date": "2026-04-11",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/workers/user-worker/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "user-worker",
-  "version": "5.5.1",
+  "version": "6.0.0",
   "private": true,
   "scripts": {
     "deploy": "wrangler deploy",
@@ -9,9 +9,5 @@
   },
   "devDependencies": {
     "wrangler": "^4.81.1"
-  },
-  "overrides": {
-    "undici": "7.24.1",
-    "yauzl": "3.2.1"
   }
 }

package/workers/user-worker/wrangler.jsonc.example CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "USER_WORKER_NAME",
   "account_id": "ACCOUNT_ID",
   "main": "src/user-worker.ts",
-  "compatibility_date": "2026-04-09",
+  "compatibility_date": "2026-04-11",
   "compatibility_flags": [
     "nodejs_compat"
   ],

package/wrangler.toml.example CHANGED Viewed

@@ -1,6 +1,6 @@
 #:schema node_modules/wrangler/config-schema.json
 name = "PAGES_PROJECT_NAME"
-compatibility_date = "2026-04-09"
+compatibility_date = "2026-04-11"
 compatibility_flags = ["nodejs_compat"]
 pages_build_output_dir = "./build/client"