chainlesschain 0.66.0 → 0.132.0

package/src/lib/terraform-manager.js

@@ -198,4 +198,367 @@ export function listRuns(filter = {}) {
 export function _resetState() {
   _workspaces.clear();
   _runs.clear();
+  _maxConcurrentRuns = DEFAULT_MAX_CONCURRENT_RUNS;
+}
+
+/* ═══════════════════════════════════════════════════════════════
+ * V2 Canonical Surface (Phase 56 — Terraform Manager)
+ *   Strictly additive; legacy exports above remain unchanged.
+ * ═══════════════════════════════════════════════════════════════ */
+
+export const RUN_STATUS_V2 = Object.freeze({
+  PENDING: "pending",
+  PLANNING: "planning",
+  PLANNED: "planned",
+  APPLYING: "applying",
+  APPLIED: "applied",
+  DESTROYING: "destroying",
+  DESTROYED: "destroyed",
+  ERRORED: "errored",
+  CANCELLED: "cancelled",
+});
+
+export const RUN_TYPE_V2 = Object.freeze({
+  PLAN: "plan",
+  APPLY: "apply",
+  DESTROY: "destroy",
+});
+
+export const WORKSPACE_STATUS_V2 = Object.freeze({
+  ACTIVE: "active",
+  LOCKED: "locked",
+  ARCHIVED: "archived",
+});
+
+const DEFAULT_MAX_CONCURRENT_RUNS = 5;
+let _maxConcurrentRuns = DEFAULT_MAX_CONCURRENT_RUNS;
+
+export const TERRAFORM_DEFAULT_MAX_CONCURRENT = DEFAULT_MAX_CONCURRENT_RUNS;
+
+export function setMaxConcurrentRuns(n) {
+  if (typeof n !== "number" || !Number.isFinite(n) || n < 1) {
+    throw new Error("maxConcurrentRuns must be a positive integer");
+  }
+  _maxConcurrentRuns = Math.floor(n);
+  return _maxConcurrentRuns;
+}
+
+export function getMaxConcurrentRuns() {
+  return _maxConcurrentRuns;
+}
+
+const _activeRunStatuses = new Set([
+  RUN_STATUS_V2.PENDING,
+  RUN_STATUS_V2.PLANNING,
+  RUN_STATUS_V2.APPLYING,
+  RUN_STATUS_V2.DESTROYING,
+]);
+
+const _terminalRunStatuses = new Set([
+  RUN_STATUS_V2.APPLIED,
+  RUN_STATUS_V2.DESTROYED,
+  RUN_STATUS_V2.ERRORED,
+  RUN_STATUS_V2.CANCELLED,
+]);
+
+// run-status state machine
+const _allowedRunTransitions = new Map([
+  [
+    RUN_STATUS_V2.PENDING,
+    new Set([
+      RUN_STATUS_V2.PLANNING,
+      RUN_STATUS_V2.CANCELLED,
+      RUN_STATUS_V2.ERRORED,
+    ]),
+  ],
+  [
+    RUN_STATUS_V2.PLANNING,
+    new Set([
+      RUN_STATUS_V2.PLANNED,
+      RUN_STATUS_V2.ERRORED,
+      RUN_STATUS_V2.CANCELLED,
+    ]),
+  ],
+  [
+    RUN_STATUS_V2.PLANNED,
+    new Set([
+      RUN_STATUS_V2.APPLYING,
+      RUN_STATUS_V2.DESTROYING,
+      RUN_STATUS_V2.CANCELLED,
+      RUN_STATUS_V2.ERRORED,
+    ]),
+  ],
+  [
+    RUN_STATUS_V2.APPLYING,
+    new Set([RUN_STATUS_V2.APPLIED, RUN_STATUS_V2.ERRORED]),
+  ],
+  [
+    RUN_STATUS_V2.DESTROYING,
+    new Set([RUN_STATUS_V2.DESTROYED, RUN_STATUS_V2.ERRORED]),
+  ],
+  [RUN_STATUS_V2.APPLIED, new Set([])],
+  [RUN_STATUS_V2.DESTROYED, new Set([])],
+  [RUN_STATUS_V2.ERRORED, new Set([])],
+  [RUN_STATUS_V2.CANCELLED, new Set([])],
+]);
+
+// workspace-status state machine
+const _allowedWorkspaceTransitions = new Map([
+  [
+    WORKSPACE_STATUS_V2.ACTIVE,
+    new Set([WORKSPACE_STATUS_V2.LOCKED, WORKSPACE_STATUS_V2.ARCHIVED]),
+  ],
+  [
+    WORKSPACE_STATUS_V2.LOCKED,
+    new Set([WORKSPACE_STATUS_V2.ACTIVE, WORKSPACE_STATUS_V2.ARCHIVED]),
+  ],
+  [WORKSPACE_STATUS_V2.ARCHIVED, new Set([WORKSPACE_STATUS_V2.ACTIVE])],
+]);
+
+export function createWorkspaceV2(db, options = {}) {
+  const {
+    name,
+    description,
+    terraformVersion,
+    workingDirectory,
+    autoApply,
+    variables,
+    providers,
+  } = options;
+
+  if (!name) throw new Error("Workspace name is required");
+
+  // Unique name check
+  for (const existing of _workspaces.values()) {
+    if (existing.name === name) {
+      throw new Error(`Workspace name already exists: ${name}`);
+    }
+  }
+
+  return createWorkspace(db, name, {
+    description,
+    terraformVersion,
+    workingDirectory,
+    autoApply,
+    variables,
+    providers,
+  });
+}
+
+export function setWorkspaceStatus(db, workspaceId, newStatus) {
+  const workspace = _workspaces.get(workspaceId);
+  if (!workspace) throw new Error(`Workspace not found: ${workspaceId}`);
+
+  const validStatuses = Object.values(WORKSPACE_STATUS_V2);
+  if (!validStatuses.includes(newStatus)) {
+    throw new Error(`Unknown workspace status: ${newStatus}`);
+  }
+
+  const allowed = _allowedWorkspaceTransitions.get(workspace.status);
+  if (!allowed || !allowed.has(newStatus)) {
+    throw new Error(
+      `Invalid workspace status transition: ${workspace.status} → ${newStatus}`,
+    );
+  }
+
+  workspace.status = newStatus;
+  db.prepare(`UPDATE terraform_workspaces SET status = ? WHERE id = ?`).run(
+    newStatus,
+    workspaceId,
+  );
+
+  return { workspaceId, status: newStatus };
+}
+
+export function archiveWorkspace(db, workspaceId) {
+  return setWorkspaceStatus(db, workspaceId, WORKSPACE_STATUS_V2.ARCHIVED);
+}
+
+function _countActiveRuns() {
+  let count = 0;
+  for (const r of _runs.values()) {
+    if (_activeRunStatuses.has(r.status)) count++;
+  }
+  return count;
+}
+
+export function planRunV2(db, options = {}) {
+  const { workspaceId, runType, triggeredBy } = options;
+  const workspace = _workspaces.get(workspaceId);
+  if (!workspace) throw new Error(`Workspace not found: ${workspaceId}`);
+
+  const validRunTypes = Object.values(RUN_TYPE_V2);
+  const effectiveType = runType || RUN_TYPE_V2.PLAN;
+  if (!validRunTypes.includes(effectiveType)) {
+    throw new Error(`Unknown run type: ${effectiveType}`);
+  }
+
+  if (workspace.status === WORKSPACE_STATUS_V2.ARCHIVED) {
+    throw new Error(`Cannot plan run on archived workspace: ${workspaceId}`);
+  }
+
+  const activeCount = _countActiveRuns();
+  if (activeCount >= _maxConcurrentRuns) {
+    throw new Error(
+      `Max concurrent runs reached: ${activeCount}/${_maxConcurrentRuns}`,
+    );
+  }
+
+  const id = crypto.randomUUID();
+  const now = new Date().toISOString();
+
+  const run = {
+    id,
+    workspaceId,
+    runType: effectiveType,
+    status: RUN_STATUS_V2.PENDING,
+    planOutput: null,
+    applyOutput: null,
+    resourcesAdded: 0,
+    resourcesChanged: 0,
+    resourcesDestroyed: 0,
+    triggeredBy: triggeredBy || "manual",
+    startedAt: now,
+    completedAt: null,
+    errorMessage: null,
+    createdAt: now,
+  };
+
+  _runs.set(id, run);
+
+  db.prepare(
+    `INSERT INTO terraform_runs (id, workspace_id, run_type, status, plan_output, apply_output, resources_added, resources_changed, resources_destroyed, triggered_by, started_at, completed_at, error_message, created_at)
+     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+  ).run(
+    id,
+    workspaceId,
+    effectiveType,
+    run.status,
+    null,
+    null,
+    0,
+    0,
+    0,
+    run.triggeredBy,
+    now,
+    null,
+    null,
+    now,
+  );
+
+  return run;
+}
+
+export function setRunStatus(db, runId, newStatus, patch = {}) {
+  const run = _runs.get(runId);
+  if (!run) throw new Error(`Run not found: ${runId}`);
+
+  const validStatuses = Object.values(RUN_STATUS_V2);
+  if (!validStatuses.includes(newStatus)) {
+    throw new Error(`Unknown run status: ${newStatus}`);
+  }
+
+  const allowed = _allowedRunTransitions.get(run.status);
+  if (!allowed || !allowed.has(newStatus)) {
+    throw new Error(
+      `Invalid run status transition: ${run.status} → ${newStatus}`,
+    );
+  }
+
+  run.status = newStatus;
+  if (typeof patch.planOutput === "string") run.planOutput = patch.planOutput;
+  if (typeof patch.applyOutput === "string")
+    run.applyOutput = patch.applyOutput;
+  if (typeof patch.resourcesAdded === "number")
+    run.resourcesAdded = patch.resourcesAdded;
+  if (typeof patch.resourcesChanged === "number")
+    run.resourcesChanged = patch.resourcesChanged;
+  if (typeof patch.resourcesDestroyed === "number")
+    run.resourcesDestroyed = patch.resourcesDestroyed;
+  if (typeof patch.errorMessage === "string")
+    run.errorMessage = patch.errorMessage;
+  if (_terminalRunStatuses.has(newStatus)) {
+    run.completedAt = new Date().toISOString();
+  }
+
+  db.prepare(
+    `UPDATE terraform_runs SET status = ?, plan_output = ?, apply_output = ?, resources_added = ?, resources_changed = ?, resources_destroyed = ?, error_message = ?, completed_at = ? WHERE id = ?`,
+  ).run(
+    run.status,
+    run.planOutput,
+    run.applyOutput,
+    run.resourcesAdded,
+    run.resourcesChanged,
+    run.resourcesDestroyed,
+    run.errorMessage,
+    run.completedAt,
+    runId,
+  );
+
+  // Bump workspace state version on terminal apply/destroy
+  if (
+    newStatus === RUN_STATUS_V2.APPLIED ||
+    newStatus === RUN_STATUS_V2.DESTROYED
+  ) {
+    const workspace = _workspaces.get(run.workspaceId);
+    if (workspace) {
+      workspace.stateVersion++;
+      workspace.lastRunId = runId;
+      workspace.lastRunAt = new Date().toISOString();
+    }
+  }
+
+  return run;
+}
+
+export function cancelRun(db, runId) {
+  return setRunStatus(db, runId, RUN_STATUS_V2.CANCELLED);
+}
+
+export function failRun(db, runId, errorMessage) {
+  return setRunStatus(db, runId, RUN_STATUS_V2.ERRORED, { errorMessage });
+}
+
+export function getActiveRunCount() {
+  return _countActiveRuns();
+}
+
+export function getTerraformStatsV2() {
+  const workspaces = [..._workspaces.values()];
+  const runs = [..._runs.values()];
+
+  const wsByStatus = {};
+  for (const s of Object.values(WORKSPACE_STATUS_V2)) wsByStatus[s] = 0;
+  for (const w of workspaces)
+    wsByStatus[w.status] = (wsByStatus[w.status] || 0) + 1;
+
+  const runsByStatus = {};
+  for (const s of Object.values(RUN_STATUS_V2)) runsByStatus[s] = 0;
+  for (const r of runs)
+    runsByStatus[r.status] = (runsByStatus[r.status] || 0) + 1;
+
+  const runsByType = {};
+  for (const t of Object.values(RUN_TYPE_V2)) runsByType[t] = 0;
+  for (const r of runs)
+    runsByType[r.runType] = (runsByType[r.runType] || 0) + 1;
+
+  const totalResources = runs.reduce(
+    (acc, r) => ({
+      added: acc.added + (r.resourcesAdded || 0),
+      changed: acc.changed + (r.resourcesChanged || 0),
+      destroyed: acc.destroyed + (r.resourcesDestroyed || 0),
+    }),
+    { added: 0, changed: 0, destroyed: 0 },
+  );
+
+  return {
+    totalWorkspaces: workspaces.length,
+    totalRuns: runs.length,
+    activeRuns: _countActiveRuns(),
+    maxConcurrentRuns: _maxConcurrentRuns,
+    workspacesByStatus: wsByStatus,
+    runsByStatus,
+    runsByType,
+    totalResources,
+  };
 }

package/src/lib/threat-intel.js

@@ -266,3 +266,338 @@ export function clearAll(db) {
   const info = db.prepare(`DELETE FROM threat_intel_indicators`).run();
   return info.changes;
 }
+
+/* ═══════════════════════════════════════════════════════════════
+ * V2 Surface — In-memory feed-maturity + indicator-lifecycle layer.
+ * Independent of the SQLite IoC catalog above; tracks feed sources
+ * and indicator lifecycle transitions with caps and auto-flip.
+ * ═══════════════════════════════════════════════════════════════ */
+
+export const FEED_MATURITY_V2 = Object.freeze({
+  PENDING: "pending",
+  TRUSTED: "trusted",
+  DEPRECATED: "deprecated",
+  RETIRED: "retired",
+});
+
+export const INDICATOR_LIFECYCLE_V2 = Object.freeze({
+  PENDING: "pending",
+  ACTIVE: "active",
+  EXPIRED: "expired",
+  REVOKED: "revoked",
+  SUPERSEDED: "superseded",
+});
+
+const FEED_TRANSITIONS_V2 = new Map([
+  ["pending", new Set(["trusted", "retired"])],
+  ["trusted", new Set(["deprecated", "retired"])],
+  ["deprecated", new Set(["trusted", "retired"])],
+  ["retired", new Set()],
+]);
+const FEED_TERMINALS_V2 = new Set(["retired"]);
+
+const INDICATOR_TRANSITIONS_V2 = new Map([
+  ["pending", new Set(["active", "revoked", "superseded"])],
+  ["active", new Set(["expired", "revoked", "superseded"])],
+  ["expired", new Set()],
+  ["revoked", new Set()],
+  ["superseded", new Set()],
+]);
+const INDICATOR_TERMINALS_V2 = new Set(["expired", "revoked", "superseded"]);
+
+export const TI_DEFAULT_MAX_ACTIVE_FEEDS_PER_OWNER = 15;
+export const TI_DEFAULT_MAX_ACTIVE_INDICATORS_PER_FEED = 500;
+export const TI_DEFAULT_FEED_IDLE_MS = 1000 * 60 * 60 * 24 * 60; // 60 days
+export const TI_DEFAULT_INDICATOR_STALE_MS = 1000 * 60 * 60 * 24 * 90; // 90 days
+
+const _feedsV2 = new Map();
+const _indicatorsV2 = new Map();
+let _maxActiveFeedsPerOwnerV2 = TI_DEFAULT_MAX_ACTIVE_FEEDS_PER_OWNER;
+let _maxActiveIndicatorsPerFeedV2 = TI_DEFAULT_MAX_ACTIVE_INDICATORS_PER_FEED;
+let _feedIdleMsV2 = TI_DEFAULT_FEED_IDLE_MS;
+let _indicatorStaleMsV2 = TI_DEFAULT_INDICATOR_STALE_MS;
+
+function _posIntV2(n, label) {
+  const v = Math.floor(Number(n));
+  if (!Number.isFinite(v) || v <= 0)
+    throw new Error(`${label} must be a positive integer`);
+  return v;
+}
+
+export function getMaxActiveFeedsPerOwnerV2() {
+  return _maxActiveFeedsPerOwnerV2;
+}
+export function setMaxActiveFeedsPerOwnerV2(n) {
+  _maxActiveFeedsPerOwnerV2 = _posIntV2(n, "maxActiveFeedsPerOwner");
+}
+export function getMaxActiveIndicatorsPerFeedV2() {
+  return _maxActiveIndicatorsPerFeedV2;
+}
+export function setMaxActiveIndicatorsPerFeedV2(n) {
+  _maxActiveIndicatorsPerFeedV2 = _posIntV2(n, "maxActiveIndicatorsPerFeed");
+}
+export function getFeedIdleMsV2() {
+  return _feedIdleMsV2;
+}
+export function setFeedIdleMsV2(n) {
+  _feedIdleMsV2 = _posIntV2(n, "feedIdleMs");
+}
+export function getIndicatorStaleMsV2() {
+  return _indicatorStaleMsV2;
+}
+export function setIndicatorStaleMsV2(n) {
+  _indicatorStaleMsV2 = _posIntV2(n, "indicatorStaleMs");
+}
+
+export function getActiveFeedCountV2(owner) {
+  let n = 0;
+  for (const f of _feedsV2.values()) {
+    if (f.owner === owner && f.maturity === "trusted") n += 1;
+  }
+  return n;
+}
+
+export function getActiveIndicatorCountV2(feedId) {
+  let n = 0;
+  for (const i of _indicatorsV2.values()) {
+    if (i.feedId === feedId && i.status === "active") n += 1;
+  }
+  return n;
+}
+
+function _copyFeedV2(f) {
+  return { ...f, metadata: { ...f.metadata } };
+}
+function _copyIndicatorV2(i) {
+  return { ...i, metadata: { ...i.metadata } };
+}
+
+export function registerFeedV2(id, { owner, name, metadata = {} } = {}) {
+  if (!id || typeof id !== "string") throw new Error("id must be a string");
+  if (!owner || typeof owner !== "string")
+    throw new Error("owner must be a string");
+  if (!name || typeof name !== "string")
+    throw new Error("name must be a string");
+  if (_feedsV2.has(id)) throw new Error(`feed ${id} already exists`);
+  const now = Date.now();
+  const feed = {
+    id,
+    owner,
+    name,
+    maturity: "pending",
+    createdAt: now,
+    lastSeenAt: now,
+    activatedAt: null,
+    metadata: { ...metadata },
+  };
+  _feedsV2.set(id, feed);
+  return _copyFeedV2(feed);
+}
+
+export function getFeedV2(id) {
+  const f = _feedsV2.get(id);
+  return f ? _copyFeedV2(f) : null;
+}
+
+export function listFeedsV2({ owner, maturity } = {}) {
+  const out = [];
+  for (const f of _feedsV2.values()) {
+    if (owner && f.owner !== owner) continue;
+    if (maturity && f.maturity !== maturity) continue;
+    out.push(_copyFeedV2(f));
+  }
+  return out;
+}
+
+export function setFeedMaturityV2(id, next, { now = Date.now() } = {}) {
+  const f = _feedsV2.get(id);
+  if (!f) throw new Error(`feed ${id} not found`);
+  if (!FEED_TRANSITIONS_V2.has(next))
+    throw new Error(`unknown feed maturity: ${next}`);
+  if (FEED_TERMINALS_V2.has(f.maturity))
+    throw new Error(`feed ${id} is in terminal state ${f.maturity}`);
+  const allowed = FEED_TRANSITIONS_V2.get(f.maturity);
+  if (!allowed.has(next))
+    throw new Error(`cannot transition feed from ${f.maturity} to ${next}`);
+  if (next === "trusted") {
+    if (f.maturity === "pending") {
+      const count = getActiveFeedCountV2(f.owner);
+      if (count >= _maxActiveFeedsPerOwnerV2)
+        throw new Error(
+          `owner ${f.owner} already at active-feed cap (${_maxActiveFeedsPerOwnerV2})`,
+        );
+    }
+    if (!f.activatedAt) f.activatedAt = now;
+  }
+  f.maturity = next;
+  f.lastSeenAt = now;
+  return _copyFeedV2(f);
+}
+
+export function trustFeedV2(id, opts) {
+  return setFeedMaturityV2(id, "trusted", opts);
+}
+export function deprecateFeedV2(id, opts) {
+  return setFeedMaturityV2(id, "deprecated", opts);
+}
+export function retireFeedV2(id, opts) {
+  return setFeedMaturityV2(id, "retired", opts);
+}
+
+export function touchFeedV2(id, { now = Date.now() } = {}) {
+  const f = _feedsV2.get(id);
+  if (!f) throw new Error(`feed ${id} not found`);
+  f.lastSeenAt = now;
+  return _copyFeedV2(f);
+}
+
+export function createIndicatorV2(
+  id,
+  { feedId, iocType, value, metadata = {} } = {},
+) {
+  if (!id || typeof id !== "string") throw new Error("id must be a string");
+  if (!feedId || typeof feedId !== "string")
+    throw new Error("feedId must be a string");
+  if (!iocType || typeof iocType !== "string")
+    throw new Error("iocType must be a string");
+  if (!value || typeof value !== "string")
+    throw new Error("value must be a string");
+  if (!_feedsV2.has(feedId)) throw new Error(`feed ${feedId} not found`);
+  if (_indicatorsV2.has(id)) throw new Error(`indicator ${id} already exists`);
+  const now = Date.now();
+  const indicator = {
+    id,
+    feedId,
+    iocType,
+    value,
+    status: "pending",
+    createdAt: now,
+    lastSeenAt: now,
+    activatedAt: null,
+    resolvedAt: null,
+    metadata: { ...metadata },
+  };
+  _indicatorsV2.set(id, indicator);
+  return _copyIndicatorV2(indicator);
+}
+
+export function getIndicatorV2(id) {
+  const i = _indicatorsV2.get(id);
+  return i ? _copyIndicatorV2(i) : null;
+}
+
+export function listIndicatorsV2({ feedId, status } = {}) {
+  const out = [];
+  for (const i of _indicatorsV2.values()) {
+    if (feedId && i.feedId !== feedId) continue;
+    if (status && i.status !== status) continue;
+    out.push(_copyIndicatorV2(i));
+  }
+  return out;
+}
+
+export function setIndicatorStatusV2(id, next, { now = Date.now() } = {}) {
+  const i = _indicatorsV2.get(id);
+  if (!i) throw new Error(`indicator ${id} not found`);
+  if (!INDICATOR_TRANSITIONS_V2.has(next))
+    throw new Error(`unknown indicator status: ${next}`);
+  if (INDICATOR_TERMINALS_V2.has(i.status))
+    throw new Error(`indicator ${id} is in terminal state ${i.status}`);
+  const allowed = INDICATOR_TRANSITIONS_V2.get(i.status);
+  if (!allowed.has(next))
+    throw new Error(`cannot transition indicator from ${i.status} to ${next}`);
+  if (next === "active" && i.status === "pending") {
+    const count = getActiveIndicatorCountV2(i.feedId);
+    if (count >= _maxActiveIndicatorsPerFeedV2)
+      throw new Error(
+        `feed ${i.feedId} already at active-indicator cap (${_maxActiveIndicatorsPerFeedV2})`,
+      );
+    if (!i.activatedAt) i.activatedAt = now;
+  }
+  if (INDICATOR_TERMINALS_V2.has(next) && !i.resolvedAt) {
+    i.resolvedAt = now;
+  }
+  i.status = next;
+  i.lastSeenAt = now;
+  return _copyIndicatorV2(i);
+}
+
+export function activateIndicatorV2(id, opts) {
+  return setIndicatorStatusV2(id, "active", opts);
+}
+export function expireIndicatorV2(id, opts) {
+  return setIndicatorStatusV2(id, "expired", opts);
+}
+export function revokeIndicatorV2(id, opts) {
+  return setIndicatorStatusV2(id, "revoked", opts);
+}
+export function supersedeIndicatorV2(id, opts) {
+  return setIndicatorStatusV2(id, "superseded", opts);
+}
+
+export function refreshIndicatorV2(id, { now = Date.now() } = {}) {
+  const i = _indicatorsV2.get(id);
+  if (!i) throw new Error(`indicator ${id} not found`);
+  if (INDICATOR_TERMINALS_V2.has(i.status))
+    throw new Error(`indicator ${id} is in terminal state ${i.status}`);
+  i.lastSeenAt = now;
+  return _copyIndicatorV2(i);
+}
+
+export function autoDeprecateIdleFeedsV2({ now = Date.now() } = {}) {
+  const flipped = [];
+  for (const f of _feedsV2.values()) {
+    if (f.maturity !== "trusted") continue;
+    if (now - f.lastSeenAt > _feedIdleMsV2) {
+      f.maturity = "deprecated";
+      f.lastSeenAt = now;
+      flipped.push(_copyFeedV2(f));
+    }
+  }
+  return flipped;
+}
+
+export function autoExpireStaleIndicatorsV2({ now = Date.now() } = {}) {
+  const flipped = [];
+  for (const i of _indicatorsV2.values()) {
+    if (i.status !== "active") continue;
+    if (now - i.lastSeenAt > _indicatorStaleMsV2) {
+      i.status = "expired";
+      i.lastSeenAt = now;
+      if (!i.resolvedAt) i.resolvedAt = now;
+      flipped.push(_copyIndicatorV2(i));
+    }
+  }
+  return flipped;
+}
+
+export function getThreatIntelStatsV2() {
+  const feedsByMaturity = {};
+  for (const m of Object.values(FEED_MATURITY_V2)) feedsByMaturity[m] = 0;
+  for (const f of _feedsV2.values()) feedsByMaturity[f.maturity] += 1;
+
+  const indicatorsByStatus = {};
+  for (const s of Object.values(INDICATOR_LIFECYCLE_V2))
+    indicatorsByStatus[s] = 0;
+  for (const i of _indicatorsV2.values()) indicatorsByStatus[i.status] += 1;
+
+  return {
+    totalFeedsV2: _feedsV2.size,
+    totalIndicatorsV2: _indicatorsV2.size,
+    maxActiveFeedsPerOwner: _maxActiveFeedsPerOwnerV2,
+    maxActiveIndicatorsPerFeed: _maxActiveIndicatorsPerFeedV2,
+    feedIdleMs: _feedIdleMsV2,
+    indicatorStaleMs: _indicatorStaleMsV2,
+    feedsByMaturity,
+    indicatorsByStatus,
+  };
+}
+
+export function _resetStateThreatIntelV2() {
+  _feedsV2.clear();
+  _indicatorsV2.clear();
+  _maxActiveFeedsPerOwnerV2 = TI_DEFAULT_MAX_ACTIVE_FEEDS_PER_OWNER;
+  _maxActiveIndicatorsPerFeedV2 = TI_DEFAULT_MAX_ACTIVE_INDICATORS_PER_FEED;
+  _feedIdleMsV2 = TI_DEFAULT_FEED_IDLE_MS;
+  _indicatorStaleMsV2 = TI_DEFAULT_INDICATOR_STALE_MS;
+}