@ttt-productions/ttt-core 0.19.0 → 0.19.2

package/dist/doc-schemas/ncii/config.d.ts

@@ -0,0 +1,131 @@
+import { z } from 'zod';
+/** Blocked-hash retention policy — indefinite until an appeal reverses it. */
+export declare const NciiBlockedHashRetentionPolicySchema: z.ZodLiteral<"indefiniteUntilReversed">;
+export type NciiBlockedHashRetentionPolicy = z.infer<typeof NciiBlockedHashRetentionPolicySchema>;
+/** `_config/nciiPolicy` = `NciiPolicyConfigV1` — the DJ-approved launch defaults.
+ * Counsel ratifies (`counselApproved`) at the pre-launch gate; uploads stay
+ * blocked until then. Any value missing/placeholder → the launch audit FAILS
+ * CLOSED. */
+export declare const NciiPolicyConfigV1Schema: z.ZodObject<{
+    policyVersion: z.ZodLiteral<"ncii.2026-06-19.v1">;
+    appealWindowDays: z.ZodNumber;
+    requesterPiiRetentionDays: z.ZodNumber;
+    evidenceRetentionDays: z.ZodNumber;
+    statusTokenRetentionDays: z.ZodNumber;
+    blockedHashRetentionPolicy: z.ZodLiteral<"indefiniteUntilReversed">;
+    allowedEvidenceMimeTypes: z.ZodArray<z.ZodString>;
+    maxEvidenceFileBytes: z.ZodNumber;
+    maxEvidenceFilesPerRequest: z.ZodNumber;
+    maxEvidenceTotalBytesPerRequest: z.ZodNumber;
+    uploadReservationMinutes: z.ZodNumber;
+    abandonedUploadCleanupHours: z.ZodNumber;
+    publicRequestsPerIpPerHour: z.ZodNumber;
+    publicUploadsPerIpPerHour: z.ZodNumber;
+    requestsPerDevicePerDay: z.ZodNumber;
+    tempHoldInitialHours: z.ZodNumber;
+    tempHoldPendingValidityExtensionHours: z.ZodNumber;
+    tempHoldMaxTotalHours: z.ZodNumber;
+    incompleteInvalidReleaseDelayHours: z.ZodNumber;
+    statusTokenEntropyBits: z.ZodNumber;
+    statusTokenTtlDays: z.ZodNumber;
+    idempotencyWindowHours: z.ZodNumber;
+    uploaderRemovalAppealWindowDays: z.ZodNumber;
+    maxEvidenceDecodePixels: z.ZodNumber;
+    maxEvidenceImageDimension: z.ZodNumber;
+    maxEvidenceVideoFrames: z.ZodNumber;
+    maxEvidenceVideoDurationSec: z.ZodNumber;
+    evidenceParserTimeoutSec: z.ZodNumber;
+    evidenceScanCpuBudgetMs: z.ZodNumber;
+    evidenceScanMemoryBudgetMb: z.ZodNumber;
+    rejectArchiveAndPolyglotPayloads: z.ZodBoolean;
+    approvedBy: z.ZodLiteral<"operatorLaunchDefault">;
+    counselApproved: z.ZodBoolean;
+}, z.core.$strict>;
+export type NciiPolicyConfigV1 = z.infer<typeof NciiPolicyConfigV1Schema>;
+/** The frozen launch default for `_config/nciiPolicy`. */
+export declare const DEFAULT_NCII_POLICY_CONFIG_V1: NciiPolicyConfigV1;
+/** The phishing-resistant second factor — password-only, SMS, and TOTP are NEVER
+ * sufficient for a privileged capability. */
+export declare const PrivilegedReviewerSecondFactorSchema: z.ZodLiteral<"passkeyWebAuthn">;
+export type PrivilegedReviewerSecondFactor = z.infer<typeof PrivilegedReviewerSecondFactorSchema>;
+/** The capabilities that require the passkey assertion + an explicit typed
+ * confirmation (two-step reauth). */
+export declare const PrivilegedTwoStepReauthCapabilitySchema: z.ZodEnum<{
+    evidenceReveal: "evidenceReveal";
+    ncmecCredentialUse: "ncmecCredentialUse";
+    reinstateContent: "reinstateContent";
+    reverseHashBlock: "reverseHashBlock";
+    legalDisposition: "legalDisposition";
+    falsePositiveCorrection: "falsePositiveCorrection";
+    ncmecManualFallback: "ncmecManualFallback";
+}>;
+export type PrivilegedTwoStepReauthCapability = z.infer<typeof PrivilegedTwoStepReauthCapabilitySchema>;
+/** `_config/privilegedReviewerSecurity` = `PrivilegedReviewerSecurityProfileV1` —
+ * what "fresh reauth" actually means for any privileged-reviewer capability. */
+export declare const PrivilegedReviewerSecurityProfileV1Schema: z.ZodObject<{
+    requiredSecondFactor: z.ZodLiteral<"passkeyWebAuthn">;
+    privilegedReauthTtlSeconds: z.ZodNumber;
+    privilegedSessionDeviceBound: z.ZodBoolean;
+    twoStepReauthCapabilities: z.ZodArray<z.ZodEnum<{
+        evidenceReveal: "evidenceReveal";
+        ncmecCredentialUse: "ncmecCredentialUse";
+        reinstateContent: "reinstateContent";
+        reverseHashBlock: "reverseHashBlock";
+        legalDisposition: "legalDisposition";
+        falsePositiveCorrection: "falsePositiveCorrection";
+        ncmecManualFallback: "ncmecManualFallback";
+    }>>;
+    recoveryCodeCount: z.ZodNumber;
+    recoveryCodeUse: z.ZodLiteral<"auditedHighSeverity+forcesReenroll+criticalAlarm">;
+    allowPrivilegedSessionRevocation: z.ZodBoolean;
+    everyInvocationAudited: z.ZodBoolean;
+}, z.core.$strict>;
+export type PrivilegedReviewerSecurityProfileV1 = z.infer<typeof PrivilegedReviewerSecurityProfileV1Schema>;
+/** The frozen launch default for `_config/privilegedReviewerSecurity`. */
+export declare const DEFAULT_PRIVILEGED_REVIEWER_SECURITY_PROFILE_V1: PrivilegedReviewerSecurityProfileV1;
+/** Human-only steps blocked-pending-operator when the failsafe is active. */
+export declare const OperatorBlockedPendingStepSchema: z.ZodEnum<{
+    ncmecFiling: "ncmecFiling";
+    appealReview: "appealReview";
+    reinstatementReview: "reinstatementReview";
+    leResponse: "leResponse";
+}>;
+export type OperatorBlockedPendingStep = z.infer<typeof OperatorBlockedPendingStepSchema>;
+/** A registered backup-human slot: an enrolled passkey + the explicit privileged
+ * capabilities they hold + a counsel-confirmed training acknowledgement. EMPTY at
+ * launch (solo) — a documented slot to fill post-funding. */
+export declare const OperatorBackupContactV1Schema: z.ZodObject<{
+    contactId: z.ZodString;
+    passkeyEnrolled: z.ZodLiteral<true>;
+    capabilities: z.ZodArray<z.ZodString>;
+    trainingAcknowledgedAt: z.ZodNumber;
+    counselConfirmed: z.ZodBoolean;
+}, z.core.$strict>;
+export type OperatorBackupContactV1 = z.infer<typeof OperatorBackupContactV1Schema>;
+/** `_config/operatorContinuity` = `OperatorContinuityConfigV1` — the
+ * operator-availability continuity failsafe posture. */
+export declare const OperatorContinuityConfigV1Schema: z.ZodObject<{
+    operatorHeartbeatHours: z.ZodNumber;
+    failsafeDisablesNewUploads: z.ZodBoolean;
+    failsafeHoldsAllInFlight: z.ZodBoolean;
+    blockedPendingOperatorSteps: z.ZodArray<z.ZodEnum<{
+        ncmecFiling: "ncmecFiling";
+        appealReview: "appealReview";
+        reinstatementReview: "reinstatementReview";
+        leResponse: "leResponse";
+    }>>;
+    recordDeadlineBreaches: z.ZodBoolean;
+    operatorBackupContacts: z.ZodArray<z.ZodObject<{
+        contactId: z.ZodString;
+        passkeyEnrolled: z.ZodLiteral<true>;
+        capabilities: z.ZodArray<z.ZodString>;
+        trainingAcknowledgedAt: z.ZodNumber;
+        counselConfirmed: z.ZodBoolean;
+    }, z.core.$strict>>;
+    approvedBy: z.ZodLiteral<"operatorLaunchDefault">;
+    counselApproved: z.ZodBoolean;
+}, z.core.$strict>;
+export type OperatorContinuityConfigV1 = z.infer<typeof OperatorContinuityConfigV1Schema>;
+/** The frozen launch default for `_config/operatorContinuity`. */
+export declare const DEFAULT_OPERATOR_CONTINUITY_CONFIG_V1: OperatorContinuityConfigV1;
+//# sourceMappingURL=config.d.ts.map

package/dist/doc-schemas/ncii/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/doc-schemas/ncii/config.ts"],"names":[],"mappings":"AAwBA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,8EAA8E;AAC9E,eAAO,MAAM,oCAAoC,yCAAuC,CAAC;AACzF,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oCAAoC,CAAC,CAAC;AAElG;;;aAGa;AACb,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAuC1B,CAAC;AACZ,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E,0DAA0D;AAC1D,eAAO,MAAM,6BAA6B,EAAE,kBAkC3C,CAAC;AAYF;6CAC6C;AAC7C,eAAO,MAAM,oCAAoC,iCAA+B,CAAC;AACjF,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oCAAoC,CAAC,CAAC;AAElG;qCACqC;AACrC,eAAO,MAAM,uCAAuC;;;;;;;;EAQlD,CAAC;AACH,MAAM,MAAM,iCAAiC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uCAAuC,CAAC,CAAC;AAExG;gFACgF;AAChF,eAAO,MAAM,yCAAyC;;;;;;;;;;;;;;;;;kBAiB3C,CAAC;AACZ,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yCAAyC,CAAC,CAAC;AAE5G,0EAA0E;AAC1E,eAAO,MAAM,+CAA+C,EAAE,mCAiB7D,CAAC;AAWF,6EAA6E;AAC7E,eAAO,MAAM,gCAAgC;;;;;EAK3C,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gCAAgC,CAAC,CAAC;AAE1F;;6DAE6D;AAC7D,eAAO,MAAM,6BAA6B;;;;;;kBAO/B,CAAC;AACZ,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF;wDACwD;AACxD,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;kBAclC,CAAC;AACZ,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gCAAgC,CAAC,CAAC;AAE1F,kEAAkE;AAClE,eAAO,MAAM,qCAAqC,EAAE,0BASnD,CAAC"}

package/dist/doc-schemas/ncii/config.js

@@ -0,0 +1,227 @@
+// Trust & Safety — NCII config singletons (Appendix A §A11 [H6] / [H-17] / [H-18]).
+//
+// Three `_config` singleton documents:
+//   - `_config/nciiPolicy`              → NciiPolicyConfigV1
+//   - `_config/privilegedReviewerSecurity` → PrivilegedReviewerSecurityProfileV1
+//   - `_config/operatorContinuity`      → OperatorContinuityConfigV1
+//
+// These are VERSIONED launch defaults. Qualified counsel must approve them before
+// uploads open and may increase, decrease, or otherwise modify them. Any change
+// increments the policy version and triggers a retention/configuration review. The
+// launch/config audit FAILS CLOSED if any value is missing or a placeholder;
+// uploads stay BLOCKED until `counselApproved` flips true at the pre-launch counsel
+// gate.
+//
+// Every value in the DEFAULT consts below is transcribed verbatim from
+// docs/code_changes_needed/trust-and-safety/IMPLEMENTATION_PLAN.md Appendix A §A11
+// [H6] / [H-17] / [H-18] — no invented values, no placeholders. The schemas pin
+// each literal-defaulted field where the spec fixes a single literal value
+// (`policyVersion`, `approvedBy`, `counselApproved`, the security-profile string
+// literals, etc.) so a config write cannot silently drift from the frozen posture.
+//
+// Collection note: these are `_config` singleton docs; wiring collections.ts /
+// path-builders.ts / registry.ts is deferred to the app leg.
+import { z } from 'zod';
+// ===========================================================================
+// §A11 [H6] — NciiPolicyConfigV1 + DEFAULT_NCII_POLICY_CONFIG_V1
+// `_config/nciiPolicy`
+// ===========================================================================
+/** Blocked-hash retention policy — indefinite until an appeal reverses it. */
+export const NciiBlockedHashRetentionPolicySchema = z.literal('indefiniteUntilReversed');
+/** `_config/nciiPolicy` = `NciiPolicyConfigV1` — the DJ-approved launch defaults.
+ * Counsel ratifies (`counselApproved`) at the pre-launch gate; uploads stay
+ * blocked until then. Any value missing/placeholder → the launch audit FAILS
+ * CLOSED. */
+export const NciiPolicyConfigV1Schema = z.object({
+    policyVersion: z.literal('ncii.2026-06-19.v1'),
+    appealWindowDays: z.number(),
+    requesterPiiRetentionDays: z.number(),
+    evidenceRetentionDays: z.number(),
+    statusTokenRetentionDays: z.number(),
+    blockedHashRetentionPolicy: NciiBlockedHashRetentionPolicySchema,
+    allowedEvidenceMimeTypes: z.array(z.string().min(1)),
+    maxEvidenceFileBytes: z.number(),
+    maxEvidenceFilesPerRequest: z.number(),
+    maxEvidenceTotalBytesPerRequest: z.number(),
+    uploadReservationMinutes: z.number(),
+    abandonedUploadCleanupHours: z.number(),
+    publicRequestsPerIpPerHour: z.number(),
+    publicUploadsPerIpPerHour: z.number(),
+    requestsPerDevicePerDay: z.number(),
+    // [H1/M3] temp-hold + status/supplement token values:
+    tempHoldInitialHours: z.number(),
+    tempHoldPendingValidityExtensionHours: z.number(),
+    tempHoldMaxTotalHours: z.number(),
+    incompleteInvalidReleaseDelayHours: z.number(),
+    statusTokenEntropyBits: z.number(),
+    statusTokenTtlDays: z.number(),
+    // [H-07] dedup window for the deterministic initial-intake idempotency key
+    idempotencyWindowHours: z.number(),
+    // [H-09] per-appeal review SLA for NciiAppealV1.deadlineAt
+    uploaderRemovalAppealWindowDays: z.number(),
+    // [M-10] evidence parser-hardening budgets (attacker-controlled bytes):
+    maxEvidenceDecodePixels: z.number(),
+    maxEvidenceImageDimension: z.number(),
+    maxEvidenceVideoFrames: z.number(),
+    maxEvidenceVideoDurationSec: z.number(),
+    evidenceParserTimeoutSec: z.number(),
+    evidenceScanCpuBudgetMs: z.number(),
+    evidenceScanMemoryBudgetMb: z.number(),
+    rejectArchiveAndPolyglotPayloads: z.boolean(),
+    approvedBy: z.literal('operatorLaunchDefault'),
+    // counselApproved flips true at the pre-launch counsel gate; uploads stay blocked until then
+    counselApproved: z.boolean(),
+}).strict();
+/** The frozen launch default for `_config/nciiPolicy`. */
+export const DEFAULT_NCII_POLICY_CONFIG_V1 = {
+    policyVersion: 'ncii.2026-06-19.v1',
+    appealWindowDays: 30,
+    requesterPiiRetentionDays: 90,
+    evidenceRetentionDays: 60,
+    statusTokenRetentionDays: 180,
+    blockedHashRetentionPolicy: 'indefiniteUntilReversed',
+    allowedEvidenceMimeTypes: ['image/jpeg', 'image/png', 'image/webp', 'image/gif', 'video/mp4', 'video/webm'],
+    maxEvidenceFileBytes: 26214400,
+    maxEvidenceFilesPerRequest: 5,
+    maxEvidenceTotalBytesPerRequest: 104857600,
+    uploadReservationMinutes: 30,
+    abandonedUploadCleanupHours: 24,
+    publicRequestsPerIpPerHour: 5,
+    publicUploadsPerIpPerHour: 10,
+    requestsPerDevicePerDay: 10,
+    tempHoldInitialHours: 72,
+    tempHoldPendingValidityExtensionHours: 48,
+    tempHoldMaxTotalHours: 336,
+    incompleteInvalidReleaseDelayHours: 24,
+    statusTokenEntropyBits: 256,
+    statusTokenTtlDays: 180,
+    idempotencyWindowHours: 72,
+    uploaderRemovalAppealWindowDays: 14,
+    maxEvidenceDecodePixels: 40000000,
+    maxEvidenceImageDimension: 12000,
+    maxEvidenceVideoFrames: 600,
+    maxEvidenceVideoDurationSec: 600,
+    evidenceParserTimeoutSec: 60,
+    evidenceScanCpuBudgetMs: 30000,
+    evidenceScanMemoryBudgetMb: 512,
+    rejectArchiveAndPolyglotPayloads: true,
+    approvedBy: 'operatorLaunchDefault',
+    counselApproved: false,
+};
+// ===========================================================================
+// §A11 [H-17] — PrivilegedReviewerSecurityProfileV1 +
+// DEFAULT_PRIVILEGED_REVIEWER_SECURITY_PROFILE_V1
+// `_config/privilegedReviewerSecurity`
+//
+// "fresh reauth" / "two-step reauth" for ANY privileged-reviewer capability means
+// a reauth that satisfies THIS profile — NEVER a bare password re-prompt. Enforced
+// even though one solo operator holds every capability at launch.
+// ===========================================================================
+/** The phishing-resistant second factor — password-only, SMS, and TOTP are NEVER
+ * sufficient for a privileged capability. */
+export const PrivilegedReviewerSecondFactorSchema = z.literal('passkeyWebAuthn');
+/** The capabilities that require the passkey assertion + an explicit typed
+ * confirmation (two-step reauth). */
+export const PrivilegedTwoStepReauthCapabilitySchema = z.enum([
+    'evidenceReveal',
+    'ncmecCredentialUse',
+    'reinstateContent',
+    'reverseHashBlock',
+    'legalDisposition',
+    'falsePositiveCorrection',
+    'ncmecManualFallback',
+]);
+/** `_config/privilegedReviewerSecurity` = `PrivilegedReviewerSecurityProfileV1` —
+ * what "fresh reauth" actually means for any privileged-reviewer capability. */
+export const PrivilegedReviewerSecurityProfileV1Schema = z.object({
+    // phishing-resistant; password-only, SMS, and TOTP are NEVER sufficient for a privileged capability
+    requiredSecondFactor: PrivilegedReviewerSecondFactorSchema,
+    // a capability invocation needs a WebAuthn assertion at least this fresh; older → re-prompt
+    privilegedReauthTtlSeconds: z.number(),
+    // the privileged session is bound to the enrolled authenticator/device; separate from the ordinary app session
+    privilegedSessionDeviceBound: z.boolean(),
+    // these require the passkey assertion + an explicit typed confirmation
+    twoStepReauthCapabilities: z.array(PrivilegedTwoStepReauthCapabilitySchema),
+    // offline one-time break-glass codes, generated at enrollment, stored physically offline
+    recoveryCodeCount: z.number(),
+    // using one is logged, fires the external critical alarm, and forces enrolling a fresh passkey
+    recoveryCodeUse: z.literal('auditedHighSeverity+forcesReenroll+criticalAlarm'),
+    // lost-device: revoke ALL privileged sessions → forces re-enrollment before any capability works again
+    allowPrivilegedSessionRevocation: z.boolean(),
+    // each privileged-capability use writes an audit event (actor, capability, caseId, reauth method, before/after for evidence reads)
+    everyInvocationAudited: z.boolean(),
+}).strict();
+/** The frozen launch default for `_config/privilegedReviewerSecurity`. */
+export const DEFAULT_PRIVILEGED_REVIEWER_SECURITY_PROFILE_V1 = {
+    requiredSecondFactor: 'passkeyWebAuthn',
+    privilegedReauthTtlSeconds: 300,
+    privilegedSessionDeviceBound: true,
+    twoStepReauthCapabilities: [
+        'evidenceReveal',
+        'ncmecCredentialUse',
+        'reinstateContent',
+        'reverseHashBlock',
+        'legalDisposition',
+        'falsePositiveCorrection',
+        'ncmecManualFallback',
+    ],
+    recoveryCodeCount: 10,
+    recoveryCodeUse: 'auditedHighSeverity+forcesReenroll+criticalAlarm',
+    allowPrivilegedSessionRevocation: true,
+    everyInvocationAudited: true,
+};
+// ===========================================================================
+// §A11 [H-18] — OperatorContinuityConfigV1 + DEFAULT_OPERATOR_CONTINUITY_CONFIG_V1
+// `_config/operatorContinuity`
+//
+// The dead-man heartbeat requires the operator to check in within
+// `operatorHeartbeatHours`; a missed heartbeat trips `operatorUnavailableFailsafe`,
+// fail-safe by construction.
+// ===========================================================================
+/** Human-only steps blocked-pending-operator when the failsafe is active. */
+export const OperatorBlockedPendingStepSchema = z.enum([
+    'ncmecFiling',
+    'appealReview',
+    'reinstatementReview',
+    'leResponse',
+]);
+/** A registered backup-human slot: an enrolled passkey + the explicit privileged
+ * capabilities they hold + a counsel-confirmed training acknowledgement. EMPTY at
+ * launch (solo) — a documented slot to fill post-funding. */
+export const OperatorBackupContactV1Schema = z.object({
+    contactId: z.string().min(1),
+    passkeyEnrolled: z.literal(true),
+    // the explicit matrix capabilities this backup holds (SafetyReviewerCapability values)
+    capabilities: z.array(z.string().min(1)),
+    trainingAcknowledgedAt: z.number(),
+    counselConfirmed: z.boolean(),
+}).strict();
+/** `_config/operatorContinuity` = `OperatorContinuityConfigV1` — the
+ * operator-availability continuity failsafe posture. */
+export const OperatorContinuityConfigV1Schema = z.object({
+    // max time between operator check-ins before the failsafe trips
+    operatorHeartbeatHours: z.number(),
+    failsafeDisablesNewUploads: z.boolean(),
+    // content stays down, holds stay active, NO evidence release/TTL-reap while active
+    failsafeHoldsAllInFlight: z.boolean(),
+    blockedPendingOperatorSteps: z.array(OperatorBlockedPendingStepSchema),
+    // a passed deadline is logged with breachReason + preserved good-faith record, never silent
+    recordDeadlineBreaches: z.boolean(),
+    // EMPTY at launch (solo)
+    operatorBackupContacts: z.array(OperatorBackupContactV1Schema),
+    approvedBy: z.literal('operatorLaunchDefault'),
+    // counsel ratifies the continuity posture at the pre-launch gate
+    counselApproved: z.boolean(),
+}).strict();
+/** The frozen launch default for `_config/operatorContinuity`. */
+export const DEFAULT_OPERATOR_CONTINUITY_CONFIG_V1 = {
+    operatorHeartbeatHours: 24,
+    failsafeDisablesNewUploads: true,
+    failsafeHoldsAllInFlight: true,
+    blockedPendingOperatorSteps: ['ncmecFiling', 'appealReview', 'reinstatementReview', 'leResponse'],
+    recordDeadlineBreaches: true,
+    operatorBackupContacts: [],
+    approvedBy: 'operatorLaunchDefault',
+    counselApproved: false,
+};
+//# sourceMappingURL=config.js.map

package/dist/doc-schemas/ncii/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/doc-schemas/ncii/config.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,EAAE;AACF,uCAAuC;AACvC,6DAA6D;AAC7D,iFAAiF;AACjF,qEAAqE;AACrE,EAAE;AACF,kFAAkF;AAClF,gFAAgF;AAChF,mFAAmF;AACnF,6EAA6E;AAC7E,oFAAoF;AACpF,QAAQ;AACR,EAAE;AACF,uEAAuE;AACvE,mFAAmF;AACnF,gFAAgF;AAChF,2EAA2E;AAC3E,iFAAiF;AACjF,mFAAmF;AACnF,EAAE;AACF,+EAA+E;AAC/E,6DAA6D;AAE7D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,8EAA8E;AAC9E,iEAAiE;AACjE,uBAAuB;AACvB,8EAA8E;AAE9E,8EAA8E;AAC9E,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;AAGzF;;;aAGa;AACb,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC;IAC9C,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC5B,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE;IACrC,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE;IACjC,wBAAwB,EAAE,CAAC,CAAC,MAAM,EAAE;IACpC,0BAA0B,EAAE,oCAAoC;IAChE,wBAAwB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACpD,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE;IAChC,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE;IACtC,+BAA+B,EAAE,CAAC,CAAC,MAAM,EAAE;IAC3C,wBAAwB,EAAE,CAAC,CAAC,MAAM,EAAE;IACpC,2BAA2B,EAAE,CAAC,CAAC,MAAM,EAAE;IACvC,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE;IACtC,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE;IACrC,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE;IACnC,sDAAsD;IACtD,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE;IAChC,qCAAqC,EAAE,CAAC,CAAC,MAAM,EAAE;IACjD,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE;IACjC,kCAAkC,EAAE,CAAC,CAAC,MAAM,EAAE;IAC9C,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE;IAClC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC9B,2EAA2E;IAC3E,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE;IAClC,2DAA2D;IAC3D,+BAA+B,EAAE,CAAC,CAAC,MAAM,EAAE;IAC3C,wEAAwE;IACxE,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE;IACnC,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE;IACrC,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE;IAClC,2BAA2B,EAAE,CAAC,CAAC,MAAM,EAAE;IACvC,wBAAwB,EAAE,CAAC,CAAC,MAAM,EAAE;IACpC,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE;IACnC,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE;IACtC,gCAAgC,EAAE,CAAC,CAAC,OAAO,EAAE;IAC7C,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,uBAAuB,CAAC;IAC9C,6FAA6F;IAC7F,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE;CAC7B,CAAC,CAAC,MAAM,EAAE,CAAC;AAGZ,0DAA0D;AAC1D,MAAM,CAAC,MAAM,6BAA6B,GAAuB;IAC/D,aAAa,EAAE,oBAAoB;IACnC,gBAAgB,EAAE,EAAE;IACpB,yBAAyB,EAAE,EAAE;IAC7B,qBAAqB,EAAE,EAAE;IACzB,wBAAwB,EAAE,GAAG;IAC7B,0BAA0B,EAAE,yBAAyB;IACrD,wBAAwB,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,CAAC;IAC3G,oBAAoB,EAAE,QAAQ;IAC9B,0BAA0B,EAAE,CAAC;IAC7B,+BAA+B,EAAE,SAAS;IAC1C,wBAAwB,EAAE,EAAE;IAC5B,2BAA2B,EAAE,EAAE;IAC/B,0BAA0B,EAAE,CAAC;IAC7B,yBAAyB,EAAE,EAAE;IAC7B,uBAAuB,EAAE,EAAE;IAC3B,oBAAoB,EAAE,EAAE;IACxB,qCAAqC,EAAE,EAAE;IACzC,qBAAqB,EAAE,GAAG;IAC1B,kCAAkC,EAAE,EAAE;IACtC,sBAAsB,EAAE,GAAG;IAC3B,kBAAkB,EAAE,GAAG;IACvB,sBAAsB,EAAE,EAAE;IAC1B,+BAA+B,EAAE,EAAE;IACnC,uBAAuB,EAAE,QAAQ;IACjC,yBAAyB,EAAE,KAAK;IAChC,sBAAsB,EAAE,GAAG;IAC3B,2BAA2B,EAAE,GAAG;IAChC,wBAAwB,EAAE,EAAE;IAC5B,uBAAuB,EAAE,KAAK;IAC9B,0BAA0B,EAAE,GAAG;IAC/B,gCAAgC,EAAE,IAAI;IACtC,UAAU,EAAE,uBAAuB;IACnC,eAAe,EAAE,KAAK;CACvB,CAAC;AAEF,8EAA8E;AAC9E,sDAAsD;AACtD,kDAAkD;AAClD,uCAAuC;AACvC,EAAE;AACF,kFAAkF;AAClF,mFAAmF;AACnF,kEAAkE;AAClE,8EAA8E;AAE9E;6CAC6C;AAC7C,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAGjF;qCACqC;AACrC,MAAM,CAAC,MAAM,uCAAuC,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5D,gBAAgB;IAChB,oBAAoB;IACpB,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,yBAAyB;IACzB,qBAAqB;CACtB,CAAC,CAAC;AAGH;gFACgF;AAChF,MAAM,CAAC,MAAM,yCAAyC,GAAG,CAAC,CAAC,MAAM,CAAC;IAChE,oGAAoG;IACpG,oBAAoB,EAAE,oCAAoC;IAC1D,4FAA4F;IAC5F,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE;IACtC,+GAA+G;IAC/G,4BAA4B,EAAE,CAAC,CAAC,OAAO,EAAE;IACzC,uEAAuE;IACvE,yBAAyB,EAAE,CAAC,CAAC,KAAK,CAAC,uCAAuC,CAAC;IAC3E,yFAAyF;IACzF,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC7B,+FAA+F;IAC/F,eAAe,EAAE,CAAC,CAAC,OAAO,CAAC,kDAAkD,CAAC;IAC9E,uGAAuG;IACvG,gCAAgC,EAAE,CAAC,CAAC,OAAO,EAAE;IAC7C,mIAAmI;IACnI,sBAAsB,EAAE,CAAC,CAAC,OAAO,EAAE;CACpC,CAAC,CAAC,MAAM,EAAE,CAAC;AAGZ,0EAA0E;AAC1E,MAAM,CAAC,MAAM,+CAA+C,GAAwC;IAClG,oBAAoB,EAAE,iBAAiB;IACvC,0BAA0B,EAAE,GAAG;IAC/B,4BAA4B,EAAE,IAAI;IAClC,yBAAyB,EAAE;QACzB,gBAAgB;QAChB,oBAAoB;QACpB,kBAAkB;QAClB,kBAAkB;QAClB,kBAAkB;QAClB,yBAAyB;QACzB,qBAAqB;KACtB;IACD,iBAAiB,EAAE,EAAE;IACrB,eAAe,EAAE,kDAAkD;IACnE,gCAAgC,EAAE,IAAI;IACtC,sBAAsB,EAAE,IAAI;CAC7B,CAAC;AAEF,8EAA8E;AAC9E,mFAAmF;AACnF,+BAA+B;AAC/B,EAAE;AACF,kEAAkE;AAClE,oFAAoF;AACpF,6BAA6B;AAC7B,8EAA8E;AAE9E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,IAAI,CAAC;IACrD,aAAa;IACb,cAAc;IACd,qBAAqB;IACrB,YAAY;CACb,CAAC,CAAC;AAGH;;6DAE6D;AAC7D,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC;IACpD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,eAAe,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IAChC,uFAAuF;IACvF,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACxC,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE;IAClC,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE;CAC9B,CAAC,CAAC,MAAM,EAAE,CAAC;AAGZ;wDACwD;AACxD,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC;IACvD,gEAAgE;IAChE,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE;IAClC,0BAA0B,EAAE,CAAC,CAAC,OAAO,EAAE;IACvC,mFAAmF;IACnF,wBAAwB,EAAE,CAAC,CAAC,OAAO,EAAE;IACrC,2BAA2B,EAAE,CAAC,CAAC,KAAK,CAAC,gCAAgC,CAAC;IACtE,4FAA4F;IAC5F,sBAAsB,EAAE,CAAC,CAAC,OAAO,EAAE;IACnC,yBAAyB;IACzB,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,6BAA6B,CAAC;IAC9D,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,uBAAuB,CAAC;IAC9C,iEAAiE;IACjE,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE;CAC7B,CAAC,CAAC,MAAM,EAAE,CAAC;AAGZ,kEAAkE;AAClE,MAAM,CAAC,MAAM,qCAAqC,GAA+B;IAC/E,sBAAsB,EAAE,EAAE;IAC1B,0BAA0B,EAAE,IAAI;IAChC,wBAAwB,EAAE,IAAI;IAC9B,2BAA2B,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,qBAAqB,EAAE,YAAY,CAAC;IACjG,sBAAsB,EAAE,IAAI;IAC5B,sBAAsB,EAAE,EAAE;IAC1B,UAAU,EAAE,uBAAuB;IACnC,eAAe,EAAE,KAAK;CACvB,CAAC"}

package/dist/doc-schemas/ncii/holds.d.ts

@@ -0,0 +1,84 @@
+import { z } from 'zod';
+/** Temp-hold lifecycle. CAS release runs through the A3 command (no silent TTL on
+ * an `active` ref). Extended while the request is valid/pending. */
+export declare const NciiTemporaryHoldStatusSchema: z.ZodEnum<{
+    active: "active";
+    released: "released";
+    extended: "extended";
+}>;
+export type NciiTemporaryHoldStatus = z.infer<typeof NciiTemporaryHoldStatusSchema>;
+/** `nciiTemporaryHolds/{holdId}` — NON-AUTHORITATIVE workflow/projection of the
+ * authoritative A3 hold (via `safetyHoldRefId`). Doc id `holdId` is a
+ * deterministic/assigned id (z.string().min(1)). */
+export declare const NciiTemporaryHoldV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    holdId: z.ZodString;
+    requestId: z.ZodString;
+    caseId: z.ZodOptional<z.ZodString>;
+    resourceType: z.ZodLiteral<"nciiTemporaryTarget">;
+    safetyHoldRefId: z.ZodString;
+    target: z.ZodDiscriminatedUnion<[z.ZodObject<{
+        kind: z.ZodLiteral<"mediaAsset">;
+        mediaAssetId: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"hallItem">;
+        hallItemId: z.ZodString;
+        subItemId: z.ZodOptional<z.ZodString>;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"squarePost">;
+        postId: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"profileImage">;
+        profileUid: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"username">;
+        profileUid: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"craftSkill">;
+        profileUid: z.ZodString;
+        craftSkillId: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"commissionListing">;
+        commissionListingId: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"audition">;
+        auditionId: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"auditionEntry">;
+        auditionId: z.ZodString;
+        auditionEntryId: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"guildInviteMessage">;
+        channelId: z.ZodString;
+        messageId: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"chatAttachment">;
+        channelId: z.ZodString;
+        messageId: z.ZodString;
+        attachmentId: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"url">;
+        url: z.ZodString;
+    }, z.core.$strict>, z.ZodObject<{
+        kind: z.ZodLiteral<"additionalText">;
+        textRef: z.ZodString;
+    }, z.core.$strict>], "kind">;
+    rootLineageRef: z.ZodOptional<z.ZodString>;
+    contentHashes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    ownerUid: z.ZodOptional<z.ZodString>;
+    capturedRevision: z.ZodOptional<z.ZodNumber>;
+    capturedGeneration: z.ZodOptional<z.ZodString>;
+    snapshotRef: z.ZodString;
+    purpose: z.ZodLiteral<"nciiTemporaryPreservation">;
+    createdAt: z.ZodNumber;
+    expiresAt: z.ZodNumber;
+    status: z.ZodEnum<{
+        active: "active";
+        released: "released";
+        extended: "extended";
+    }>;
+    releasedAt: z.ZodOptional<z.ZodNumber>;
+    releaseReason: z.ZodOptional<z.ZodString>;
+}, z.core.$strict>;
+export type NciiTemporaryHoldV1 = z.infer<typeof NciiTemporaryHoldV1Schema>;
+//# sourceMappingURL=holds.d.ts.map

package/dist/doc-schemas/ncii/holds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"holds.d.ts","sourceRoot":"","sources":["../../../src/doc-schemas/ncii/holds.ts"],"names":[],"mappings":"AA2BA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB;oEACoE;AACpE,eAAO,MAAM,6BAA6B;;;;EAA6C,CAAC;AACxF,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF;;oDAEoD;AACpD,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAwB3B,CAAC;AACZ,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC"}

package/dist/doc-schemas/ncii/holds.js

@@ -0,0 +1,63 @@
+// Trust & Safety — NCII temporary preservation holds (Appendix A §A11, the
+// synchronous public-intake snapshot + temporary NCII hold [H3]).
+//
+// `nciiTemporaryHolds/{holdId}` — a TEMPORARY, minimize-retention preservation
+// reference that BLOCKS destructive cleanup/replacement of a request target while
+// a request is being processed. This is NOT the 1-yr CSAM hold: exact purpose,
+// short expiry, extension rules for valid/pending, release rules for
+// incomplete/invalid, hold-aware deletion.
+//
+// NON-AUTHORITATIVE PROJECTION [H1]: this row is a workflow/projection only.
+// `assertNoBlockingSafetyHold` consults the §A3 `safetyHoldResources` aggregate
+// via `safetyHoldRefId`'s ref — NEVER this row. Expiry/release goes through the
+// A3 CAS release command (no silent TTL on an `active` ref).
+//
+// Every shape here is transcribed verbatim from docs/code_changes_needed/
+// trust-and-safety/IMPLEMENTATION_PLAN.md Appendix A §A11 — no invented values,
+// no placeholders.
+//
+// SHARED enums + the locator come from ../safety/foundation.js (the single source
+// for every cross-cluster enum); they are NEVER redefined here. This cluster
+// IMPORTS TargetLocatorV1Schema.
+//
+// Collection note: this cluster introduces a NEW Firestore collection; wiring
+// collections.ts / path-builders.ts / registry.ts is deferred to the app leg (the
+// orchestrator binds the schema + path builders there); the doc-id shape is
+// documented on the schema below.
+import { z } from 'zod';
+import { TargetLocatorV1Schema } from '../safety/foundation.js';
+// ===========================================================================
+// §A11 [H3] — nciiTemporaryHolds/{holdId}
+// ===========================================================================
+/** Temp-hold lifecycle. CAS release runs through the A3 command (no silent TTL on
+ * an `active` ref). Extended while the request is valid/pending. */
+export const NciiTemporaryHoldStatusSchema = z.enum(['active', 'extended', 'released']);
+/** `nciiTemporaryHolds/{holdId}` — NON-AUTHORITATIVE workflow/projection of the
+ * authoritative A3 hold (via `safetyHoldRefId`). Doc id `holdId` is a
+ * deterministic/assigned id (z.string().min(1)). */
+export const NciiTemporaryHoldV1Schema = z.object({
+    schemaVersion: z.literal(1),
+    holdId: z.string().min(1),
+    requestId: z.string().min(1),
+    caseId: z.string().min(1).optional(),
+    resourceType: z.literal('nciiTemporaryTarget'),
+    // [H1] pointer to the AUTHORITATIVE safetyHoldRefs entry — this row is a NON-AUTHORITATIVE projection
+    safetyHoldRefId: z.string().min(1),
+    // [H4] the discriminated locator — NOT an all-optional contentRef
+    target: TargetLocatorV1Schema,
+    rootLineageRef: z.string().min(1).optional(),
+    contentHashes: z.array(z.string().min(1)).max(16).optional(),
+    ownerUid: z.string().min(1).optional(),
+    capturedRevision: z.number().optional(),
+    capturedGeneration: z.string().min(1).optional(),
+    // pointer to the immutable request-target snapshot
+    snapshotRef: z.string().min(1),
+    purpose: z.literal('nciiTemporaryPreservation'),
+    createdAt: z.number(),
+    // short minimize-retention expiry; extended while request valid/pending
+    expiresAt: z.number(),
+    status: NciiTemporaryHoldStatusSchema,
+    releasedAt: z.number().optional(),
+    releaseReason: z.string().optional(),
+}).strict();
+//# sourceMappingURL=holds.js.map

package/dist/doc-schemas/ncii/holds.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"holds.js","sourceRoot":"","sources":["../../../src/doc-schemas/ncii/holds.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,kEAAkE;AAClE,EAAE;AACF,+EAA+E;AAC/E,kFAAkF;AAClF,+EAA+E;AAC/E,qEAAqE;AACrE,2CAA2C;AAC3C,EAAE;AACF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,6DAA6D;AAC7D,EAAE;AACF,0EAA0E;AAC1E,gFAAgF;AAChF,mBAAmB;AACnB,EAAE;AACF,kFAAkF;AAClF,6EAA6E;AAC7E,iCAAiC;AACjC,EAAE;AACF,8EAA8E;AAC9E,kFAAkF;AAClF,4EAA4E;AAC5E,kCAAkC;AAElC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E;oEACoE;AACpE,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;AAGxF;;oDAEoD;AACpD,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpC,YAAY,EAAE,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC;IAC9C,sGAAsG;IACtG,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAClC,kEAAkE;IAClE,MAAM,EAAE,qBAAqB;IAC7B,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC5C,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5D,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACtC,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAChD,mDAAmD;IACnD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,2BAA2B,CAAC;IAC/C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,wEAAwE;IACxE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,MAAM,EAAE,6BAA6B;IACrC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAC,MAAM,EAAE,CAAC"}

package/dist/doc-schemas/ncii/notices.d.ts

@@ -0,0 +1,109 @@
+import { z } from 'zod';
+/** Notice delivery channel. */
+export declare const NciiUploaderNoticeChannelSchema: z.ZodEnum<{
+    email: "email";
+    inApp: "inApp";
+}>;
+export type NciiUploaderNoticeChannel = z.infer<typeof NciiUploaderNoticeChannelSchema>;
+/** Who the notice is for, snapshotted at decision time (NEVER re-resolved). */
+export declare const NciiUploaderNoticeRecipientSnapshotSchema: z.ZodObject<{
+    uid: z.ZodString;
+    deliveryAddressRef: z.ZodString;
+    capturedAt: z.ZodNumber;
+}, z.core.$strict>;
+export type NciiUploaderNoticeRecipientSnapshot = z.infer<typeof NciiUploaderNoticeRecipientSnapshotSchema>;
+/** Durable retry/dead-letter delivery command on the notice. */
+export declare const NciiUploaderNoticeCommandV1Schema: z.ZodObject<{
+    commandId: z.ZodString;
+    attemptCount: z.ZodNumber;
+    nextAttemptAt: z.ZodOptional<z.ZodNumber>;
+    leaseOwner: z.ZodOptional<z.ZodString>;
+    leaseExpiresAt: z.ZodOptional<z.ZodNumber>;
+    lastErrorCode: z.ZodOptional<z.ZodString>;
+}, z.core.$strict>;
+export type NciiUploaderNoticeCommandV1 = z.infer<typeof NciiUploaderNoticeCommandV1Schema>;
+/** `nciiCases/{caseId}/uploaderNotices/{noticeId}` — durable uploader-notice
+ * delivery record (OWNED by the notices cluster). Doc id `noticeId` is
+ * deterministic:
+ * `sha256('ncii-uploader-notice-v1:' + caseId + ':' + recipientUid + ':' + removalGeneration)`. */
+export declare const NciiUploaderNoticeV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    noticeId: z.ZodString;
+    caseId: z.ZodString;
+    requestIds: z.ZodArray<z.ZodString>;
+    removalGeneration: z.ZodNumber;
+    recipientSnapshot: z.ZodObject<{
+        uid: z.ZodString;
+        deliveryAddressRef: z.ZodString;
+        capturedAt: z.ZodNumber;
+    }, z.core.$strict>;
+    channel: z.ZodEnum<{
+        email: "email";
+        inApp: "inApp";
+    }>;
+    templateId: z.ZodString;
+    templateVersion: z.ZodNumber;
+    status: z.ZodEnum<{
+        pending: "pending";
+        sent: "sent";
+        delayed: "delayed";
+        suppressed: "suppressed";
+        notApplicable: "notApplicable";
+    }>;
+    suppressionReason: z.ZodOptional<z.ZodEnum<{
+        victimSafetyRisk: "victimSafetyRisk";
+        retaliationRisk: "retaliationRisk";
+        extortionRisk: "extortionRisk";
+        lawEnforcementRequest: "lawEnforcementRequest";
+        childSafetyInvestigation: "childSafetyInvestigation";
+        evidencePreservationRisk: "evidencePreservationRisk";
+        legalRestriction: "legalRestriction";
+        otherApproved: "otherApproved";
+    }>>;
+    rationaleRef: z.ZodOptional<z.ZodString>;
+    decidedByUid: z.ZodOptional<z.ZodString>;
+    delayedUntil: z.ZodOptional<z.ZodNumber>;
+    idempotencyKey: z.ZodString;
+    command: z.ZodObject<{
+        commandId: z.ZodString;
+        attemptCount: z.ZodNumber;
+        nextAttemptAt: z.ZodOptional<z.ZodNumber>;
+        leaseOwner: z.ZodOptional<z.ZodString>;
+        leaseExpiresAt: z.ZodOptional<z.ZodNumber>;
+        lastErrorCode: z.ZodOptional<z.ZodString>;
+    }, z.core.$strict>;
+    verifiedDeliveredAt: z.ZodOptional<z.ZodNumber>;
+    createdAt: z.ZodNumber;
+    updatedAt: z.ZodNumber;
+}, z.core.$strict>;
+export type NciiUploaderNoticeV1 = z.infer<typeof NciiUploaderNoticeV1Schema>;
+/** Per-attempt delivery result. */
+export declare const NciiUploaderNoticeAttemptResultSchema: z.ZodEnum<{
+    queued: "queued";
+    failed: "failed";
+    deferred: "deferred";
+    sent: "sent";
+}>;
+export type NciiUploaderNoticeAttemptResult = z.infer<typeof NciiUploaderNoticeAttemptResultSchema>;
+/** `nciiCases/{caseId}/uploaderNotices/{noticeId}/attempts/{attemptId}` —
+ * IMMUTABLE append-only per-attempt ledger. Doc id `attemptId` is a
+ * deterministic/assigned id (z.string().min(1)). */
+export declare const NciiUploaderNoticeAttemptV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    attemptId: z.ZodString;
+    at: z.ZodNumber;
+    channel: z.ZodEnum<{
+        email: "email";
+        inApp: "inApp";
+    }>;
+    result: z.ZodEnum<{
+        queued: "queued";
+        failed: "failed";
+        deferred: "deferred";
+        sent: "sent";
+    }>;
+    providerRef: z.ZodOptional<z.ZodString>;
+    errorCode: z.ZodOptional<z.ZodString>;
+}, z.core.$strict>;
+export type NciiUploaderNoticeAttemptV1 = z.infer<typeof NciiUploaderNoticeAttemptV1Schema>;
+//# sourceMappingURL=notices.d.ts.map

package/dist/doc-schemas/ncii/notices.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"notices.d.ts","sourceRoot":"","sources":["../../../src/doc-schemas/ncii/notices.ts"],"names":[],"mappings":"AAqCA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAUxB,+BAA+B;AAC/B,eAAO,MAAM,+BAA+B;;;EAA6B,CAAC;AAC1E,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AAExF,+EAA+E;AAC/E,eAAO,MAAM,yCAAyC;;;;kBAI3C,CAAC;AACZ,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yCAAyC,CAAC,CAAC;AAE5G,gEAAgE;AAChE,eAAO,MAAM,iCAAiC;;;;;;;kBAOnC,CAAC;AACZ,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC;AAM5F;;;mGAGmG;AACnG,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA6B5B,CAAC;AACZ,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAO9E,mCAAmC;AACnC,eAAO,MAAM,qCAAqC;;;;;EAAmD,CAAC;AACtG,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qCAAqC,CAAC,CAAC;AAEpG;;oDAEoD;AACpD,eAAO,MAAM,iCAAiC;;;;;;;;;;;;;;;;kBAQnC,CAAC;AACZ,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC"}