@ttt-productions/ttt-core 0.19.0 → 0.19.2

package/dist/doc-schemas/ncii/requests.d.ts

@@ -0,0 +1,372 @@
+import { z } from 'zod';
+import { type TakeItDownFieldCode, type TakeItDownRequesterRole } from '../safety/foundation.js';
+export declare const TakeItDownRequestRootV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    requestId: z.ZodString;
+    caseId: z.ZodOptional<z.ZodString>;
+    requesterRole: z.ZodEnum<{
+        depictedPerson: "depictedPerson";
+        authorizedRepresentative: "authorizedRepresentative";
+    }>;
+    targetLocatorSummary: z.ZodObject<{
+        kind: z.ZodEnum<{
+            username: "username";
+            audition: "audition";
+            mediaAsset: "mediaAsset";
+            hallItem: "hallItem";
+            squarePost: "squarePost";
+            profileImage: "profileImage";
+            craftSkill: "craftSkill";
+            commissionListing: "commissionListing";
+            auditionEntry: "auditionEntry";
+            guildInviteMessage: "guildInviteMessage";
+            chatAttachment: "chatAttachment";
+            url: "url";
+            additionalText: "additionalText";
+        }>;
+        surfaceLabel: z.ZodString;
+        hasResolvedTarget: z.ZodBoolean;
+    }, z.core.$strict>;
+    receivedAt: z.ZodNumber;
+    completenessStatus: z.ZodEnum<{
+        incomplete: "incomplete";
+        complete: "complete";
+    }>;
+    validityStatus: z.ZodEnum<{
+        pending: "pending";
+        valid: "valid";
+        invalid: "invalid";
+        unableToLocate: "unableToLocate";
+    }>;
+    invalidReasonCode: z.ZodOptional<z.ZodEnum<{
+        missingSignature: "missingSignature";
+        missingLocator: "missingLocator";
+        missingNonconsentStatement: "missingNonconsentStatement";
+        missingContactInformation: "missingContactInformation";
+        requesterNotDepictedPersonOrAuthorizedRepresentative: "requesterNotDepictedPersonOrAuthorizedRepresentative";
+        authorityNotEstablished: "authorityNotEstablished";
+        locatorNotResolvableAfterReasonableEffort: "locatorNotResolvableAfterReasonableEffort";
+        requestOutsideCoveredDepiction: "requestOutsideCoveredDepiction";
+        duplicateSuperseded: "duplicateSuperseded";
+        fraudulentOrBadFaith: "fraudulentOrBadFaith";
+        otherCounselApproved: "otherCounselApproved";
+    }>>;
+    completenessDeterminedAt: z.ZodOptional<z.ZodNumber>;
+    validityDeterminedAt: z.ZodOptional<z.ZodNumber>;
+    completedBySubmissionId: z.ZodOptional<z.ZodString>;
+    validRequestReceivedAt: z.ZodOptional<z.ZodNumber>;
+    removalDeadlineAt: z.ZodOptional<z.ZodNumber>;
+    publicStatus: z.ZodEnum<{
+        completed: "completed";
+        unableToLocate: "unableToLocate";
+        received: "received";
+        needsMoreInfo: "needsMoreInfo";
+        validInProgress: "validInProgress";
+        invalidGeneralReason: "invalidGeneralReason";
+        appealedCorrected: "appealedCorrected";
+    }>;
+    statusTokenHash: z.ZodString;
+    statusTokenVersion: z.ZodNumber;
+    statusTokenRevokedAt: z.ZodOptional<z.ZodNumber>;
+    statusTokenExpiresAt: z.ZodOptional<z.ZodNumber>;
+    requestClosedAt: z.ZodOptional<z.ZodNumber>;
+    removalCompletionAt: z.ZodOptional<z.ZodNumber>;
+    verifiedRemovalNoticeSentAt: z.ZodOptional<z.ZodNumber>;
+    appealWindowStartsAt: z.ZodOptional<z.ZodNumber>;
+    finalClosedAt: z.ZodOptional<z.ZodNumber>;
+    removalCompletionOutcome: z.ZodOptional<z.ZodEnum<{
+        completed: "completed";
+        completedWithApprovedException: "completedWithApprovedException";
+        unableToComplete: "unableToComplete";
+    }>>;
+    createdAt: z.ZodNumber;
+    updatedAt: z.ZodNumber;
+}, z.core.$strict>;
+export type TakeItDownRequestRootV1 = z.infer<typeof TakeItDownRequestRootV1Schema>;
+/** electronicSignature.signatureMethod — typed vs drawn signature. */
+export declare const TakeItDownSignatureMethodSchema: z.ZodEnum<{
+    typedName: "typedName";
+    drawnSignature: "drawnSignature";
+}>;
+export type TakeItDownSignatureMethod = z.infer<typeof TakeItDownSignatureMethodSchema>;
+/** The statutory electronic signature block (embedded on the restricted subdoc). */
+export declare const TakeItDownElectronicSignatureV1Schema: z.ZodObject<{
+    signedName: z.ZodString;
+    signedAt: z.ZodNumber;
+    signatureMethod: z.ZodEnum<{
+        typedName: "typedName";
+        drawnSignature: "drawnSignature";
+    }>;
+}, z.core.$strict>;
+export type TakeItDownElectronicSignatureV1 = z.infer<typeof TakeItDownElectronicSignatureV1Schema>;
+/** The authorized-representative block — present only for an
+ * `authorizedRepresentative` requester. */
+export declare const TakeItDownAuthorizedRepresentativeV1Schema: z.ZodObject<{
+    representedPersonName: z.ZodString;
+    authorityBasis: z.ZodString;
+    authorityEvidenceRef: z.ZodOptional<z.ZodString>;
+}, z.core.$strict>;
+export type TakeItDownAuthorizedRepresentativeV1 = z.infer<typeof TakeItDownAuthorizedRepresentativeV1Schema>;
+/** `takeItDownRequests/{requestId}/private/requester` = TakeItDownRequesterPrivateV1.
+ * RESTRICTED — nciiRequestReviewer / nciiEvidenceReviewer only. Fixed doc id
+ * `requester`. */
+export declare const TakeItDownRequesterPrivateV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    requesterName: z.ZodString;
+    contactEmail: z.ZodString;
+    contactPhone: z.ZodOptional<z.ZodString>;
+    electronicSignature: z.ZodObject<{
+        signedName: z.ZodString;
+        signedAt: z.ZodNumber;
+        signatureMethod: z.ZodEnum<{
+            typedName: "typedName";
+            drawnSignature: "drawnSignature";
+        }>;
+    }, z.core.$strict>;
+    authorizedRepresentative: z.ZodOptional<z.ZodObject<{
+        representedPersonName: z.ZodString;
+        authorityBasis: z.ZodString;
+        authorityEvidenceRef: z.ZodOptional<z.ZodString>;
+    }, z.core.$strict>>;
+    nonconsentStatement: z.ZodString;
+    supportingFacts: z.ZodString;
+    goodFaithCertification: z.ZodBoolean;
+    accuracyCertification: z.ZodOptional<z.ZodBoolean>;
+    authorityCertification: z.ZodOptional<z.ZodBoolean>;
+    createdAt: z.ZodNumber;
+    updatedAt: z.ZodNumber;
+}, z.core.$strict>;
+export type TakeItDownRequesterPrivateV1 = z.infer<typeof TakeItDownRequesterPrivateV1Schema>;
+/** Who created a submission. */
+export declare const TakeItDownSubmissionCreatedBySchema: z.ZodEnum<{
+    system: "system";
+    requester: "requester";
+    operator: "operator";
+}>;
+export type TakeItDownSubmissionCreatedBy = z.infer<typeof TakeItDownSubmissionCreatedBySchema>;
+/** `takeItDownRequests/{requestId}/submissions/{submissionId}` = TakeItDownSubmissionV1
+ * — IMMUTABLE append-only. Doc id `submissionId` is a deterministic/assigned id. */
+export declare const TakeItDownSubmissionV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    submissionId: z.ZodString;
+    sequence: z.ZodNumber;
+    receivedAt: z.ZodNumber;
+    suppliedFieldCodes: z.ZodArray<z.ZodEnum<{
+        requesterName: "requesterName";
+        contactEmail: "contactEmail";
+        contactPhone: "contactPhone";
+        requesterRole: "requesterRole";
+        electronicSignature: "electronicSignature";
+        authorityBasis: "authorityBasis";
+        authorityEvidence: "authorityEvidence";
+        targetLocator: "targetLocator";
+        nonconsentStatement: "nonconsentStatement";
+        supportingFacts: "supportingFacts";
+        goodFaithCertification: "goodFaithCertification";
+    }>>;
+    evidenceIds: z.ZodArray<z.ZodString>;
+    cumulativeRequestSnapshotHash: z.ZodString;
+    cumulativeCompleteness: z.ZodEnum<{
+        incomplete: "incomplete";
+        complete: "complete";
+    }>;
+    firstCompletedRequest: z.ZodBoolean;
+    supersedesSubmissionId: z.ZodOptional<z.ZodString>;
+    createdBy: z.ZodEnum<{
+        system: "system";
+        requester: "requester";
+        operator: "operator";
+    }>;
+}, z.core.$strict>;
+export type TakeItDownSubmissionV1 = z.infer<typeof TakeItDownSubmissionV1Schema>;
+/** The validity-decision result. `incomplete` is a COMPLETENESS state, NEVER a
+ * validity result. */
+export declare const TakeItDownValidityDecisionResultSchema: z.ZodEnum<{
+    valid: "valid";
+    invalid: "invalid";
+    unableToLocate: "unableToLocate";
+}>;
+export type TakeItDownValidityDecisionResult = z.infer<typeof TakeItDownValidityDecisionResultSchema>;
+/** `takeItDownRequests/{requestId}/validityDecisions/{decisionId}` =
+ * TakeItDownValidityDecisionV1 — IMMUTABLE append-only. Doc id `decisionId` is a
+ * deterministic/assigned id. */
+export declare const TakeItDownValidityDecisionV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    decisionId: z.ZodString;
+    requestId: z.ZodString;
+    result: z.ZodEnum<{
+        valid: "valid";
+        invalid: "invalid";
+        unableToLocate: "unableToLocate";
+    }>;
+    basisSubmissionIds: z.ZodArray<z.ZodString>;
+    validFromSubmissionId: z.ZodOptional<z.ZodString>;
+    validRequestReceivedAt: z.ZodOptional<z.ZodNumber>;
+    reasonCode: z.ZodOptional<z.ZodEnum<{
+        missingSignature: "missingSignature";
+        missingLocator: "missingLocator";
+        missingNonconsentStatement: "missingNonconsentStatement";
+        missingContactInformation: "missingContactInformation";
+        requesterNotDepictedPersonOrAuthorizedRepresentative: "requesterNotDepictedPersonOrAuthorizedRepresentative";
+        authorityNotEstablished: "authorityNotEstablished";
+        locatorNotResolvableAfterReasonableEffort: "locatorNotResolvableAfterReasonableEffort";
+        requestOutsideCoveredDepiction: "requestOutsideCoveredDepiction";
+        duplicateSuperseded: "duplicateSuperseded";
+        fraudulentOrBadFaith: "fraudulentOrBadFaith";
+        otherCounselApproved: "otherCounselApproved";
+    }>>;
+    rationaleRef: z.ZodString;
+    decidedByUid: z.ZodString;
+    decidedAt: z.ZodNumber;
+}, z.core.$strict>;
+export type TakeItDownValidityDecisionV1 = z.infer<typeof TakeItDownValidityDecisionV1Schema>;
+/** `takeItDownRequests/{requestId}/actions/{actionId}` — the [L1] closed-enum +
+ * detailRef row. Doc id `actionId` is a deterministic/assigned id. */
+export declare const TakeItDownRequestActionV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    actionId: z.ZodString;
+    at: z.ZodNumber;
+    actorId: z.ZodString;
+    capability: z.ZodEnum<{
+        nciiRequestReviewer: "nciiRequestReviewer";
+        nciiEvidenceReviewer: "nciiEvidenceReviewer";
+        nciiAppealReviewer: "nciiAppealReviewer";
+        childSafetyReviewer: "childSafetyReviewer";
+        legalDispositionAuthority: "legalDispositionAuthority";
+    }>;
+    actionType: z.ZodEnum<{
+        intakeReceived: "intakeReceived";
+        completenessDecided: "completenessDecided";
+        validityDecided: "validityDecided";
+        tempHoldPlaced: "tempHoldPlaced";
+        tempHoldReleased: "tempHoldReleased";
+        removalStarted: "removalStarted";
+        removalCompleted: "removalCompleted";
+        uploaderNoticeSent: "uploaderNoticeSent";
+        uploaderNoticeDelayed: "uploaderNoticeDelayed";
+        uploaderNoticeNotApplicable: "uploaderNoticeNotApplicable";
+        uploaderNoticeSuppressed: "uploaderNoticeSuppressed";
+        appealReceived: "appealReceived";
+        appealDecided: "appealDecided";
+        contentReinstated: "contentReinstated";
+        hashBlockReversed: "hashBlockReversed";
+        childSafetyCaseLinked: "childSafetyCaseLinked";
+        legalDispositionRecorded: "legalDispositionRecorded";
+    }>;
+    result: z.ZodEnum<{
+        succeeded: "succeeded";
+        failed: "failed";
+        deferred: "deferred";
+        rejected: "rejected";
+    }>;
+    summary: z.ZodString;
+    detailRef: z.ZodString;
+}, z.core.$strict>;
+export type TakeItDownRequestActionV1 = z.infer<typeof TakeItDownRequestActionV1Schema>;
+/** The public status page's `nextAction` hint. */
+export declare const TakeItDownPublicNextActionSchema: z.ZodEnum<{
+    none: "none";
+    submitSupplement: "submitSupplement";
+    checkLater: "checkLater";
+    appealAvailable: "appealAvailable";
+}>;
+export type TakeItDownPublicNextAction = z.infer<typeof TakeItDownPublicNextActionSchema>;
+/** `takeItDownRequests/{requestId}/statusProjection/current` =
+ * TakeItDownPublicStatusV1. Fixed doc id `current`. */
+export declare const TakeItDownPublicStatusV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    requestReference: z.ZodString;
+    publicStatus: z.ZodEnum<{
+        completed: "completed";
+        unableToLocate: "unableToLocate";
+        received: "received";
+        needsMoreInfo: "needsMoreInfo";
+        validInProgress: "validInProgress";
+        invalidGeneralReason: "invalidGeneralReason";
+        appealedCorrected: "appealedCorrected";
+    }>;
+    publicReasonCode: z.ZodOptional<z.ZodEnum<{
+        needMoreInformation: "needMoreInformation";
+        couldNotVerifyRequesterRole: "couldNotVerifyRequesterRole";
+        couldNotLocateContent: "couldNotLocateContent";
+        outsideCoveredScope: "outsideCoveredScope";
+        duplicateOfExistingRequest: "duplicateOfExistingRequest";
+        removedSuccessfully: "removedSuccessfully";
+        underReview: "underReview";
+        closedSeeNotice: "closedSeeNotice";
+    }>>;
+    missingFieldCodes: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+        requesterName: "requesterName";
+        contactEmail: "contactEmail";
+        contactPhone: "contactPhone";
+        requesterRole: "requesterRole";
+        electronicSignature: "electronicSignature";
+        authorityBasis: "authorityBasis";
+        authorityEvidence: "authorityEvidence";
+        targetLocator: "targetLocator";
+        nonconsentStatement: "nonconsentStatement";
+        supportingFacts: "supportingFacts";
+        goodFaithCertification: "goodFaithCertification";
+    }>>>;
+    nextAction: z.ZodOptional<z.ZodEnum<{
+        none: "none";
+        submitSupplement: "submitSupplement";
+        checkLater: "checkLater";
+        appealAvailable: "appealAvailable";
+    }>>;
+    removalDeadlineAt: z.ZodOptional<z.ZodNumber>;
+    updatedAt: z.ZodNumber;
+}, z.core.$strict>;
+export type TakeItDownPublicStatusV1 = z.infer<typeof TakeItDownPublicStatusV1Schema>;
+/** `takeItDownRequests/{requestId}/evidence/{evidenceId}` — the [F10] public
+ * evidence-upload record. Doc id `evidenceId` is a deterministic/assigned id.
+ * INVARIANT: this record NEVER sets `originatingUploaderUid` — enforcement / NCMEC
+ * attribution targets the ORIGINAL content's originatingUploaderUid (perpetrator)
+ * via MediaOriginLineageV1 (a correlation, not a merge). */
+export declare const TakeItDownEvidenceV1Schema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    evidenceId: z.ZodString;
+    requestId: z.ZodString;
+    uploadContext: z.ZodLiteral<"takeItDownEvidence">;
+    submitterUid: z.ZodOptional<z.ZodString>;
+    bucket: z.ZodString;
+    key: z.ZodString;
+    generation: z.ZodString;
+    contentType: z.ZodString;
+    sizeBytes: z.ZodNumber;
+    sha256: z.ZodString;
+    md5: z.ZodString;
+    capturedAt: z.ZodNumber;
+    createdAt: z.ZodNumber;
+}, z.core.$strict>;
+export type TakeItDownEvidenceV1 = z.infer<typeof TakeItDownEvidenceV1Schema>;
+/** [C-02] Required field codes for a `depictedPerson` request (counsel-ratified). */
+export declare const REQUIRED_FIELD_CODES_DEPICTED_PERSON: readonly ["requesterName", "requesterRole", "electronicSignature", "targetLocator", "nonconsentStatement", "goodFaithCertification"];
+/** [C-02] Required field codes for an `authorizedRepresentative` request =
+ * depicted-person set ∪ { authorityBasis, authorityEvidence } (counsel-ratified). */
+export declare const REQUIRED_FIELD_CODES_AUTHORIZED_REPRESENTATIVE: readonly ["requesterName", "requesterRole", "electronicSignature", "targetLocator", "nonconsentStatement", "goodFaithCertification", "authorityBasis", "authorityEvidence"];
+/** [C-02] The contact one-of: at least ONE of these must be present (neither is
+ * individually required; either alone satisfies it). */
+export declare const CONTACT_ONE_OF_FIELD_CODES: readonly ["contactEmail", "contactPhone"];
+/** [C-02] `requiredFieldCodes(requesterRole)` — the counsel-ratified required set.
+ * `supportingFacts` is collected but is NOT a completeness gate; `contactEmail` /
+ * `contactPhone` are governed by the contact one-of (see CONTACT_ONE_OF_FIELD_CODES),
+ * never individually required. The implementer uses EXACTLY this set and never
+ * hard-requires `contactPhone` or the authorizedRepresentative block on a
+ * depicted-person request. */
+export declare function requiredFieldCodes(requesterRole: TakeItDownRequesterRole): readonly TakeItDownFieldCode[];
+/** [C-02] `computeCompleteness` — returns `complete` iff every code in
+ * `requiredFieldCodes(requesterRole)` is supplied AND the contact one-of holds;
+ * otherwise `incomplete` with the missing codes surfaced (those become
+ * `TakeItDownPublicStatusV1.missingFieldCodes`). The missing-set lists the role's
+ * unmet required codes, plus a `contactEmail`/`contactPhone` representative for an
+ * unmet contact one-of (the implementer/UI decides which contact code to surface;
+ * here we surface `contactEmail` as the canonical missing-contact marker). */
+export declare function computeCompleteness(input: {
+    requesterRole: TakeItDownRequesterRole;
+    suppliedFieldCodes: readonly TakeItDownFieldCode[];
+}): {
+    status: 'incomplete' | 'complete';
+    missingFieldCodes: TakeItDownFieldCode[];
+};
+//# sourceMappingURL=requests.d.ts.map

package/dist/doc-schemas/ncii/requests.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"requests.d.ts","sourceRoot":"","sources":["../../../src/doc-schemas/ncii/requests.ts"],"names":[],"mappings":"AAiCA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAaL,KAAK,mBAAmB,EACxB,KAAK,uBAAuB,EAC7B,MAAM,yBAAyB,CAAC;AASjC,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA6B/B,CAAC;AACZ,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAQpF,sEAAsE;AACtE,eAAO,MAAM,+BAA+B;;;EAA0C,CAAC;AACvF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AAExF,oFAAoF;AACpF,eAAO,MAAM,qCAAqC;;;;;;;kBAIvC,CAAC;AACZ,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qCAAqC,CAAC,CAAC;AAEpG;2CAC2C;AAC3C,eAAO,MAAM,0CAA0C;;;;kBAI5C,CAAC;AACZ,MAAM,MAAM,oCAAoC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0CAA0C,CAAC,CAAC;AAE9G;;kBAEkB;AAClB,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;;;;;;;;kBAcpC,CAAC;AACZ,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kCAAkC,CAAC,CAAC;AAQ9F,gCAAgC;AAChC,eAAO,MAAM,mCAAmC;;;;EAA8C,CAAC;AAC/F,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mCAAmC,CAAC,CAAC;AAEhG;oFACoF;AACpF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAY9B,CAAC;AACZ,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AASlF;sBACsB;AACtB,eAAO,MAAM,sCAAsC;;;;EAAiD,CAAC;AACrG,MAAM,MAAM,gCAAgC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sCAAsC,CAAC,CAAC;AAEtG;;gCAEgC;AAChC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAYpC,CAAC;AACZ,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kCAAkC,CAAC,CAAC;AAQ9F;sEACsE;AACtE,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAUjC,CAAC;AACZ,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AAQxF,kDAAkD;AAClD,eAAO,MAAM,gCAAgC;;;;;EAK3C,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gCAAgC,CAAC,CAAC;AAE1F;uDACuD;AACvD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAShC,CAAC;AACZ,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAUtF;;;;4DAI4D;AAC5D,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;kBAe5B,CAAC;AACZ,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAS9E,qFAAqF;AACrF,eAAO,MAAM,oCAAoC,sIAOE,CAAC;AAEpD;qFACqF;AACrF,eAAO,MAAM,8CAA8C,6KAIR,CAAC;AAEpD;wDACwD;AACxD,eAAO,MAAM,0BAA0B,2CAGY,CAAC;AAEpD;;;;;8BAK8B;AAC9B,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,uBAAuB,GACrC,SAAS,mBAAmB,EAAE,CAIhC;AAED;;;;;;8EAM8E;AAC9E,wBAAgB,mBAAmB,CAAC,KAAK,EAAE;IACzC,aAAa,EAAE,uBAAuB,CAAC;IACvC,kBAAkB,EAAE,SAAS,mBAAmB,EAAE,CAAC;CACpD,GAAG;IAAE,MAAM,EAAE,YAAY,GAAG,UAAU,CAAC;IAAC,iBAAiB,EAAE,mBAAmB,EAAE,CAAA;CAAE,CAelF"}

package/dist/doc-schemas/ncii/requests.js

@@ -0,0 +1,287 @@
+// Trust & Safety — NCII statutory TAKE IT DOWN requests (Appendix A §A11, concept
+// (2)) — the SPLIT model: a PII-free root + a restricted requester-PII subdoc +
+// immutable submissions/validityDecisions + operator actions + a public-safe
+// status projection + isolated public evidence uploads.
+//
+// Only a COMPLETE + VALID request can arm the 48h clock. The public no-login form
+// CANNOT submit a "valid request" without the required fields; validation
+// failures use the enumerated TakeItDownInvalidReasonCode. The root holds NO
+// requester PII / narrative / signature / authority — those live in the restricted
+// `/private/requester` subdoc. Status is shown publicly via an unguessable
+// status-token hash (rotatable + revocable) + a public-safe projection — never via
+// the root or any queue projection.
+//
+// Every shape here is transcribed verbatim from docs/code_changes_needed/
+// trust-and-safety/IMPLEMENTATION_PLAN.md Appendix A §A11 (2) + [C-02] + [F7] +
+// [F10] — no invented values, no placeholders.
+//
+// SHARED enums + locator types come from ../safety/foundation.js (the single
+// source for every cross-cluster enum); they are NEVER redefined here. This
+// cluster IMPORTS TakeItDownRequesterRoleSchema, TargetLocatorSummaryV1Schema,
+// TakeItDownCompletenessStatusSchema, TakeItDownValidityStatusSchema,
+// TakeItDownInvalidReasonCodeSchema, TakeItDownPublicStatusSchema,
+// NciiRemovalCompletionOutcomeSchema, NciiActionTypeSchema, NciiActionResultSchema,
+// TakeItDownFieldCodeSchema, TakeItDownPublicReasonCodeSchema, and
+// SafetyReviewerCapabilitySchema.
+//
+// Collection note: this cluster introduces a NEW Firestore collection plus several
+// subcollections (private/requester, submissions, validityDecisions, actions,
+// statusProjection/current, evidence). Wiring collections.ts / path-builders.ts /
+// registry.ts is deferred to the app leg (the orchestrator binds the schemas +
+// path builders there); the doc-id shapes (including the deterministic intake
+// requestId [H-07]) are documented on each schema below.
+import { z } from 'zod';
+import { TakeItDownRequesterRoleSchema, TargetLocatorSummaryV1Schema, TakeItDownCompletenessStatusSchema, TakeItDownValidityStatusSchema, TakeItDownInvalidReasonCodeSchema, TakeItDownPublicStatusSchema, NciiRemovalCompletionOutcomeSchema, NciiActionTypeSchema, NciiActionResultSchema, TakeItDownFieldCodeSchema, TakeItDownPublicReasonCodeSchema, SafetyReviewerCapabilitySchema, } from '../safety/foundation.js';
+// ===========================================================================
+// §A11 (2) [H1] — ROOT takeItDownRequests/{requestId} = TakeItDownRequestRootV1
+// (NO requester PII / narrative / signature / authority). [H-07] the intake
+// `requestId` is the deterministic sha256('takeItDownRequest:v1:' +
+// idempotencyKey + ':' + normalizedTargetKey) so retries resolve to one doc.
+// ===========================================================================
+export const TakeItDownRequestRootV1Schema = z.object({
+    schemaVersion: z.literal(1),
+    requestId: z.string().min(1),
+    caseId: z.string().min(1).optional(),
+    requesterRole: TakeItDownRequesterRoleSchema,
+    // privacy-safe summary ONLY — never the narrative
+    targetLocatorSummary: TargetLocatorSummaryV1Schema,
+    receivedAt: z.number(),
+    completenessStatus: TakeItDownCompletenessStatusSchema, // 'incomplete' | 'complete'
+    validityStatus: TakeItDownValidityStatusSchema, // 'pending' | 'valid' | 'invalid' | 'unableToLocate'
+    invalidReasonCode: TakeItDownInvalidReasonCodeSchema.optional(),
+    completenessDeterminedAt: z.number().optional(),
+    validityDeterminedAt: z.number().optional(),
+    completedBySubmissionId: z.string().min(1).optional(), // which immutable submission completed the request
+    validRequestReceivedAt: z.number().optional(), // [F3] EARLIEST complete+valid receipt — pins the clock
+    removalDeadlineAt: z.number().optional(), // = validRequestReceivedAt + 48h (non-authoritative projection; [H4])
+    publicStatus: TakeItDownPublicStatusSchema,
+    statusTokenHash: z.string().min(1), // sha256(token) ONLY — the raw token is never stored
+    statusTokenVersion: z.number(), // rotation
+    statusTokenRevokedAt: z.number().optional(), // revocation
+    statusTokenExpiresAt: z.number().optional(), // [M3] expires from FINAL request closure (statusTokenRetentionDays)
+    requestClosedAt: z.number().optional(), // when the request reached a terminal disposition
+    removalCompletionAt: z.number().optional(), // [M-01] set when removal verified-completes
+    verifiedRemovalNoticeSentAt: z.number().optional(), // [M-01] set when uploader removal notice verifiably sent; ABSENT when suppressed
+    appealWindowStartsAt: z.number().optional(), // [M-01] DETERMINISTIC formula in the M3 retention section
+    finalClosedAt: z.number().optional(), // [H-08] = appealWindowStartsAt + appealWindowDays; arms for EVERY terminal disposition
+    removalCompletionOutcome: NciiRemovalCompletionOutcomeSchema.optional(), // [H4] honest derived completion — NEVER 'completed' for a partial technical failure
+    createdAt: z.number(),
+    updatedAt: z.number(),
+}).strict();
+// ===========================================================================
+// §A11 (2) [H1] / [F7] — RESTRICTED takeItDownRequests/{requestId}/private/requester
+// = TakeItDownRequesterPrivateV1 (nciiRequestReviewer / nciiEvidenceReviewer only).
+// Holds signature, full contact, narrative, certifications.
+// ===========================================================================
+/** electronicSignature.signatureMethod — typed vs drawn signature. */
+export const TakeItDownSignatureMethodSchema = z.enum(['typedName', 'drawnSignature']);
+/** The statutory electronic signature block (embedded on the restricted subdoc). */
+export const TakeItDownElectronicSignatureV1Schema = z.object({
+    signedName: z.string(),
+    signedAt: z.number(),
+    signatureMethod: TakeItDownSignatureMethodSchema,
+}).strict();
+/** The authorized-representative block — present only for an
+ * `authorizedRepresentative` requester. */
+export const TakeItDownAuthorizedRepresentativeV1Schema = z.object({
+    representedPersonName: z.string(),
+    authorityBasis: z.string(),
+    authorityEvidenceRef: z.string().min(1).optional(),
+}).strict();
+/** `takeItDownRequests/{requestId}/private/requester` = TakeItDownRequesterPrivateV1.
+ * RESTRICTED — nciiRequestReviewer / nciiEvidenceReviewer only. Fixed doc id
+ * `requester`. */
+export const TakeItDownRequesterPrivateV1Schema = z.object({
+    schemaVersion: z.literal(1),
+    requesterName: z.string(),
+    contactEmail: z.string(),
+    contactPhone: z.string().optional(),
+    electronicSignature: TakeItDownElectronicSignatureV1Schema,
+    authorizedRepresentative: TakeItDownAuthorizedRepresentativeV1Schema.optional(),
+    nonconsentStatement: z.string(), // the statutory non-consent statement
+    supportingFacts: z.string(),
+    goodFaithCertification: z.boolean(),
+    accuracyCertification: z.boolean().optional(), // [H2] NOT a hard validity gate by default — counsel decides
+    authorityCertification: z.boolean().optional(), // [H2] NOT a hard validity gate by default — counsel decides
+    createdAt: z.number(),
+    updatedAt: z.number(),
+}).strict();
+// ===========================================================================
+// §A11 (2) [H1] — IMMUTABLE takeItDownRequests/{requestId}/submissions/{submissionId}
+// = TakeItDownSubmissionV1 (append-only; the earliest complete receipt is
+// reconstructed from these, never from the mutable root).
+// ===========================================================================
+/** Who created a submission. */
+export const TakeItDownSubmissionCreatedBySchema = z.enum(['requester', 'operator', 'system']);
+/** `takeItDownRequests/{requestId}/submissions/{submissionId}` = TakeItDownSubmissionV1
+ * — IMMUTABLE append-only. Doc id `submissionId` is a deterministic/assigned id. */
+export const TakeItDownSubmissionV1Schema = z.object({
+    schemaVersion: z.literal(1),
+    submissionId: z.string().min(1),
+    sequence: z.number(), // monotonic per request — append order
+    receivedAt: z.number(), // the immutable statutory receipt time of THIS submission
+    suppliedFieldCodes: z.array(TakeItDownFieldCodeSchema).max(16),
+    evidenceIds: z.array(z.string().min(1)).max(16),
+    cumulativeRequestSnapshotHash: z.string(), // hash of the cumulative request state as of this submission
+    cumulativeCompleteness: TakeItDownCompletenessStatusSchema, // 'incomplete' | 'complete'
+    firstCompletedRequest: z.boolean(), // true on the submission whose cumulative state FIRST became complete
+    supersedesSubmissionId: z.string().min(1).optional(),
+    createdBy: TakeItDownSubmissionCreatedBySchema,
+}).strict();
+// ===========================================================================
+// §A11 (2) [H2] — IMMUTABLE takeItDownRequests/{requestId}/validityDecisions/{decisionId}
+// = TakeItDownValidityDecisionV1 (append-only; the authoritative validity ruling —
+// the root `validityStatus` is its projection). `incomplete` is NEVER a validity
+// result.
+// ===========================================================================
+/** The validity-decision result. `incomplete` is a COMPLETENESS state, NEVER a
+ * validity result. */
+export const TakeItDownValidityDecisionResultSchema = z.enum(['valid', 'invalid', 'unableToLocate']);
+/** `takeItDownRequests/{requestId}/validityDecisions/{decisionId}` =
+ * TakeItDownValidityDecisionV1 — IMMUTABLE append-only. Doc id `decisionId` is a
+ * deterministic/assigned id. */
+export const TakeItDownValidityDecisionV1Schema = z.object({
+    schemaVersion: z.literal(1),
+    decisionId: z.string().min(1),
+    requestId: z.string().min(1),
+    result: TakeItDownValidityDecisionResultSchema,
+    basisSubmissionIds: z.array(z.string().min(1)).max(16), // the submissions the decision relied on
+    validFromSubmissionId: z.string().min(1).optional(), // the EARLIEST submission whose cumulative snapshot satisfies the valid decision
+    validRequestReceivedAt: z.number().optional(), // = that submission's immutable receivedAt (the binding statutory time)
+    reasonCode: TakeItDownInvalidReasonCodeSchema.optional(),
+    rationaleRef: z.string(), // pointer to a restricted rationale row
+    decidedByUid: z.string().min(1),
+    decidedAt: z.number(),
+}).strict();
+// ===========================================================================
+// §A11 (2) [L1] — takeItDownRequests/{requestId}/actions/{actionId} = the request
+// action row (CLOSED enums + a detailRef to a RESTRICTED row, never an inline
+// rationale blob).
+// ===========================================================================
+/** `takeItDownRequests/{requestId}/actions/{actionId}` — the [L1] closed-enum +
+ * detailRef row. Doc id `actionId` is a deterministic/assigned id. */
+export const TakeItDownRequestActionV1Schema = z.object({
+    schemaVersion: z.literal(1),
+    actionId: z.string().min(1),
+    at: z.number(),
+    actorId: z.string().min(1),
+    capability: SafetyReviewerCapabilitySchema, // = the §[M4] matrix capability used
+    actionType: NciiActionTypeSchema,
+    result: NciiActionResultSchema,
+    summary: z.string().max(280), // BOUNDED ≤ 280 chars, non-sensitive
+    detailRef: z.string().min(1), // pointer to a RESTRICTED detail row holding any sensitive rationale
+}).strict();
+// ===========================================================================
+// §A11 (2) [H3] — takeItDownRequests/{requestId}/statusProjection/current =
+// TakeItDownPublicStatusV1 (public-safe ONLY — the single row the no-login status
+// page reads). Routed on the OPAQUE requestReference, never the raw requestId.
+// ===========================================================================
+/** The public status page's `nextAction` hint. */
+export const TakeItDownPublicNextActionSchema = z.enum([
+    'none',
+    'submitSupplement',
+    'checkLater',
+    'appealAvailable',
+]);
+/** `takeItDownRequests/{requestId}/statusProjection/current` =
+ * TakeItDownPublicStatusV1. Fixed doc id `current`. */
+export const TakeItDownPublicStatusV1Schema = z.object({
+    schemaVersion: z.literal(1),
+    requestReference: z.string().min(1), // opaque public reference (NOT the requestId, NOT PII)
+    publicStatus: TakeItDownPublicStatusSchema,
+    publicReasonCode: TakeItDownPublicReasonCodeSchema.optional(),
+    missingFieldCodes: z.array(TakeItDownFieldCodeSchema).max(16).optional(),
+    nextAction: TakeItDownPublicNextActionSchema.optional(),
+    removalDeadlineAt: z.number().optional(),
+    updatedAt: z.number(),
+}).strict();
+// ===========================================================================
+// §A11 (2) [F10] — takeItDownRequests/{requestId}/evidence/{evidenceId} = the
+// public-evidence-upload record (account-less + in-app evidence lands in an
+// ISOLATED admin-only Firebase Storage bucket, never R2, never served, no durable
+// URL). Safety-scan state is tracked separately by NciiEvidenceSafetyScanV1 [H5]
+// (owned by the removal cluster).
+// ===========================================================================
+/** `takeItDownRequests/{requestId}/evidence/{evidenceId}` — the [F10] public
+ * evidence-upload record. Doc id `evidenceId` is a deterministic/assigned id.
+ * INVARIANT: this record NEVER sets `originatingUploaderUid` — enforcement / NCMEC
+ * attribution targets the ORIGINAL content's originatingUploaderUid (perpetrator)
+ * via MediaOriginLineageV1 (a correlation, not a merge). */
+export const TakeItDownEvidenceV1Schema = z.object({
+    schemaVersion: z.literal(1),
+    evidenceId: z.string().min(1),
+    requestId: z.string().min(1),
+    uploadContext: z.literal('takeItDownEvidence'), // LITERAL tag — never an ordinary content origin
+    submitterUid: z.string().min(1).optional(), // the submitter is NEVER auto-actioned for evidence they submit
+    bucket: z.string().min(1),
+    key: z.string().min(1),
+    generation: z.string().min(1),
+    contentType: z.string().min(1),
+    sizeBytes: z.number(),
+    sha256: z.string().min(1),
+    md5: z.string().min(1),
+    capturedAt: z.number(),
+    createdAt: z.number(),
+}).strict();
+// ===========================================================================
+// §A11 [C-02] — conditional completeness predicate (`computeCompleteness`).
+// requiredFieldCodes(requesterRole) + a contact one-of. These are EMBEDDED /
+// NON-DOC shapes (not Firestore documents): the counsel-ratified required set + a
+// documented predicate. Completeness is NOT "every TakeItDownFieldCode arrived".
+// ===========================================================================
+/** [C-02] Required field codes for a `depictedPerson` request (counsel-ratified). */
+export const REQUIRED_FIELD_CODES_DEPICTED_PERSON = [
+    'requesterName',
+    'requesterRole',
+    'electronicSignature',
+    'targetLocator',
+    'nonconsentStatement',
+    'goodFaithCertification',
+];
+/** [C-02] Required field codes for an `authorizedRepresentative` request =
+ * depicted-person set ∪ { authorityBasis, authorityEvidence } (counsel-ratified). */
+export const REQUIRED_FIELD_CODES_AUTHORIZED_REPRESENTATIVE = [
+    ...REQUIRED_FIELD_CODES_DEPICTED_PERSON,
+    'authorityBasis',
+    'authorityEvidence',
+];
+/** [C-02] The contact one-of: at least ONE of these must be present (neither is
+ * individually required; either alone satisfies it). */
+export const CONTACT_ONE_OF_FIELD_CODES = [
+    'contactEmail',
+    'contactPhone',
+];
+/** [C-02] `requiredFieldCodes(requesterRole)` — the counsel-ratified required set.
+ * `supportingFacts` is collected but is NOT a completeness gate; `contactEmail` /
+ * `contactPhone` are governed by the contact one-of (see CONTACT_ONE_OF_FIELD_CODES),
+ * never individually required. The implementer uses EXACTLY this set and never
+ * hard-requires `contactPhone` or the authorizedRepresentative block on a
+ * depicted-person request. */
+export function requiredFieldCodes(requesterRole) {
+    return requesterRole === 'authorizedRepresentative'
+        ? REQUIRED_FIELD_CODES_AUTHORIZED_REPRESENTATIVE
+        : REQUIRED_FIELD_CODES_DEPICTED_PERSON;
+}
+/** [C-02] `computeCompleteness` — returns `complete` iff every code in
+ * `requiredFieldCodes(requesterRole)` is supplied AND the contact one-of holds;
+ * otherwise `incomplete` with the missing codes surfaced (those become
+ * `TakeItDownPublicStatusV1.missingFieldCodes`). The missing-set lists the role's
+ * unmet required codes, plus a `contactEmail`/`contactPhone` representative for an
+ * unmet contact one-of (the implementer/UI decides which contact code to surface;
+ * here we surface `contactEmail` as the canonical missing-contact marker). */
+export function computeCompleteness(input) {
+    const supplied = new Set(input.suppliedFieldCodes);
+    const missingFieldCodes = [];
+    for (const code of requiredFieldCodes(input.requesterRole)) {
+        if (!supplied.has(code))
+            missingFieldCodes.push(code);
+    }
+    const contactSatisfied = CONTACT_ONE_OF_FIELD_CODES.some((code) => supplied.has(code));
+    if (!contactSatisfied)
+        missingFieldCodes.push('contactEmail');
+    return {
+        status: missingFieldCodes.length === 0 ? 'complete' : 'incomplete',
+        missingFieldCodes,
+    };
+}
+//# sourceMappingURL=requests.js.map