gazetta 0.6.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin-dist/assets/index-CBeq0rRb.js +693 -0
- package/admin-dist/assets/index-Dtg1dTZQ.css +1 -0
- package/admin-dist/assets/rolldown-runtime-BYbx6iT9.js +1 -0
- package/admin-dist/assets/{vendor-primevue-C0Q_YTCb.js → vendor-primevue-CBGHkaXv.js} +183 -39
- package/admin-dist/assets/{vendor-react-BipDVGow.js → vendor-react-BdW_kNCG.js} +2 -2
- package/admin-dist/assets/vendor-rjsf-lN2SztQt.js +33 -0
- package/admin-dist/assets/vendor-tiptap-C36yDquB.js +141 -0
- package/admin-dist/assets/vendor-vue-Bt5uR1VW.js +1 -0
- package/admin-dist/assets/workbox-window.prod.es5-DGMtIXHc.js +2 -0
- package/admin-dist/index.html +8 -8
- package/admin-dist/sw.js +1 -0
- package/dist/admin-api/archived-name-conflict.d.ts +31 -0
- package/dist/admin-api/archived-name-conflict.d.ts.map +1 -0
- package/dist/admin-api/archived-name-conflict.js +226 -0
- package/dist/admin-api/archived-name-conflict.js.map +1 -0
- package/dist/admin-api/cache-stats-logger.d.ts +83 -0
- package/dist/admin-api/cache-stats-logger.d.ts.map +1 -0
- package/dist/admin-api/cache-stats-logger.js +59 -0
- package/dist/admin-api/cache-stats-logger.js.map +1 -0
- package/dist/admin-api/error-response.d.ts +21 -0
- package/dist/admin-api/error-response.d.ts.map +1 -0
- package/dist/admin-api/error-response.js +12 -0
- package/dist/admin-api/error-response.js.map +1 -0
- package/dist/admin-api/hook-audit-emitter.d.ts +38 -0
- package/dist/admin-api/hook-audit-emitter.d.ts.map +1 -0
- package/dist/admin-api/hook-audit-emitter.js +21 -0
- package/dist/admin-api/hook-audit-emitter.js.map +1 -0
- package/dist/admin-api/index.d.ts +84 -2
- package/dist/admin-api/index.d.ts.map +1 -1
- package/dist/admin-api/index.js +257 -32
- package/dist/admin-api/index.js.map +1 -1
- package/dist/admin-api/middleware/audit.d.ts +25 -0
- package/dist/admin-api/middleware/audit.d.ts.map +1 -0
- package/dist/admin-api/middleware/audit.js +65 -0
- package/dist/admin-api/middleware/audit.js.map +1 -0
- package/dist/admin-api/middleware/capability.d.ts +8 -0
- package/dist/admin-api/middleware/capability.d.ts.map +1 -0
- package/dist/admin-api/middleware/capability.js +65 -0
- package/dist/admin-api/middleware/capability.js.map +1 -0
- package/dist/admin-api/middleware/principal.d.ts +18 -0
- package/dist/admin-api/middleware/principal.d.ts.map +1 -0
- package/dist/admin-api/middleware/principal.js +128 -0
- package/dist/admin-api/middleware/principal.js.map +1 -0
- package/dist/admin-api/routes/archive-review.d.ts +80 -0
- package/dist/admin-api/routes/archive-review.d.ts.map +1 -0
- package/dist/admin-api/routes/archive-review.js +70 -0
- package/dist/admin-api/routes/archive-review.js.map +1 -0
- package/dist/admin-api/routes/archive.d.ts +145 -0
- package/dist/admin-api/routes/archive.d.ts.map +1 -0
- package/dist/admin-api/routes/archive.js +540 -0
- package/dist/admin-api/routes/archive.js.map +1 -0
- package/dist/admin-api/routes/assets.d.ts +21 -0
- package/dist/admin-api/routes/assets.d.ts.map +1 -0
- package/dist/admin-api/routes/assets.js +586 -0
- package/dist/admin-api/routes/assets.js.map +1 -0
- package/dist/admin-api/routes/audit.d.ts +71 -0
- package/dist/admin-api/routes/audit.d.ts.map +1 -0
- package/dist/admin-api/routes/audit.js +178 -0
- package/dist/admin-api/routes/audit.js.map +1 -0
- package/dist/admin-api/routes/compare.d.ts.map +1 -1
- package/dist/admin-api/routes/compare.js +3 -2
- package/dist/admin-api/routes/compare.js.map +1 -1
- package/dist/admin-api/routes/fields.d.ts.map +1 -1
- package/dist/admin-api/routes/fields.js +2 -1
- package/dist/admin-api/routes/fields.js.map +1 -1
- package/dist/admin-api/routes/fragments.d.ts +13 -1
- package/dist/admin-api/routes/fragments.d.ts.map +1 -1
- package/dist/admin-api/routes/fragments.js +128 -67
- package/dist/admin-api/routes/fragments.js.map +1 -1
- package/dist/admin-api/routes/health.d.ts +60 -0
- package/dist/admin-api/routes/health.d.ts.map +1 -0
- package/dist/admin-api/routes/health.js +65 -0
- package/dist/admin-api/routes/health.js.map +1 -0
- package/dist/admin-api/routes/history.d.ts +2 -1
- package/dist/admin-api/routes/history.d.ts.map +1 -1
- package/dist/admin-api/routes/history.js +26 -4
- package/dist/admin-api/routes/history.js.map +1 -1
- package/dist/admin-api/routes/pages.d.ts +20 -1
- package/dist/admin-api/routes/pages.d.ts.map +1 -1
- package/dist/admin-api/routes/pages.js +158 -85
- package/dist/admin-api/routes/pages.js.map +1 -1
- package/dist/admin-api/routes/preview.d.ts.map +1 -1
- package/dist/admin-api/routes/preview.js +56 -17
- package/dist/admin-api/routes/preview.js.map +1 -1
- package/dist/admin-api/routes/publish.d.ts +19 -1
- package/dist/admin-api/routes/publish.d.ts.map +1 -1
- package/dist/admin-api/routes/publish.js +548 -99
- package/dist/admin-api/routes/publish.js.map +1 -1
- package/dist/admin-api/routes/rename.d.ts +62 -0
- package/dist/admin-api/routes/rename.d.ts.map +1 -0
- package/dist/admin-api/routes/rename.js +366 -0
- package/dist/admin-api/routes/rename.js.map +1 -0
- package/dist/admin-api/routes/site.d.ts.map +1 -1
- package/dist/admin-api/routes/site.js +6 -18
- package/dist/admin-api/routes/site.js.map +1 -1
- package/dist/admin-api/routes/system.d.ts +23 -0
- package/dist/admin-api/routes/system.d.ts.map +1 -0
- package/dist/admin-api/routes/system.js +115 -0
- package/dist/admin-api/routes/system.js.map +1 -0
- package/dist/admin-api/routes/templates.d.ts +11 -1
- package/dist/admin-api/routes/templates.d.ts.map +1 -1
- package/dist/admin-api/routes/templates.js +36 -3
- package/dist/admin-api/routes/templates.js.map +1 -1
- package/dist/admin-api/routes/validation.d.ts +47 -0
- package/dist/admin-api/routes/validation.d.ts.map +1 -0
- package/dist/admin-api/routes/validation.js +120 -0
- package/dist/admin-api/routes/validation.js.map +1 -0
- package/dist/admin-api/schemas/archive.d.ts +124 -0
- package/dist/admin-api/schemas/archive.d.ts.map +1 -0
- package/dist/admin-api/schemas/archive.js +93 -0
- package/dist/admin-api/schemas/archive.js.map +1 -0
- package/dist/admin-api/schemas/assets.d.ts +64 -0
- package/dist/admin-api/schemas/assets.d.ts.map +1 -0
- package/dist/admin-api/schemas/assets.js +59 -0
- package/dist/admin-api/schemas/assets.js.map +1 -0
- package/dist/admin-api/schemas/audit.d.ts +175 -0
- package/dist/admin-api/schemas/audit.d.ts.map +1 -0
- package/dist/admin-api/schemas/audit.js +91 -0
- package/dist/admin-api/schemas/audit.js.map +1 -0
- package/dist/admin-api/schemas/error.d.ts +94 -0
- package/dist/admin-api/schemas/error.d.ts.map +1 -0
- package/dist/admin-api/schemas/error.js +79 -0
- package/dist/admin-api/schemas/error.js.map +1 -0
- package/dist/admin-api/schemas/fragments.d.ts +2 -0
- package/dist/admin-api/schemas/fragments.d.ts.map +1 -1
- package/dist/admin-api/schemas/fragments.js +4 -0
- package/dist/admin-api/schemas/fragments.js.map +1 -1
- package/dist/admin-api/schemas/index.d.ts +10 -0
- package/dist/admin-api/schemas/index.d.ts.map +1 -1
- package/dist/admin-api/schemas/index.js +10 -0
- package/dist/admin-api/schemas/index.js.map +1 -1
- package/dist/admin-api/schemas/pages.d.ts +2 -0
- package/dist/admin-api/schemas/pages.d.ts.map +1 -1
- package/dist/admin-api/schemas/pages.js +11 -0
- package/dist/admin-api/schemas/pages.js.map +1 -1
- package/dist/admin-api/schemas/rename.d.ts +77 -0
- package/dist/admin-api/schemas/rename.d.ts.map +1 -0
- package/dist/admin-api/schemas/rename.js +75 -0
- package/dist/admin-api/schemas/rename.js.map +1 -0
- package/dist/admin-api/schemas/site.d.ts +3 -2
- package/dist/admin-api/schemas/site.d.ts.map +1 -1
- package/dist/admin-api/schemas/site.js +3 -2
- package/dist/admin-api/schemas/site.js.map +1 -1
- package/dist/admin-api/schemas/system.d.ts +28 -0
- package/dist/admin-api/schemas/system.d.ts.map +1 -0
- package/dist/admin-api/schemas/system.js +35 -0
- package/dist/admin-api/schemas/system.js.map +1 -0
- package/dist/admin-api/schemas/targets.d.ts +55 -0
- package/dist/admin-api/schemas/targets.d.ts.map +1 -1
- package/dist/admin-api/schemas/targets.js +46 -0
- package/dist/admin-api/schemas/targets.js.map +1 -1
- package/dist/admin-api/schemas/templates.d.ts +54 -0
- package/dist/admin-api/schemas/templates.d.ts.map +1 -1
- package/dist/admin-api/schemas/templates.js +21 -0
- package/dist/admin-api/schemas/templates.js.map +1 -1
- package/dist/admin-api/schemas/validation.d.ts +101 -0
- package/dist/admin-api/schemas/validation.d.ts.map +1 -0
- package/dist/admin-api/schemas/validation.js +57 -0
- package/dist/admin-api/schemas/validation.js.map +1 -0
- package/dist/admin-api/source-context.d.ts +66 -17
- package/dist/admin-api/source-context.d.ts.map +1 -1
- package/dist/admin-api/source-context.js +43 -8
- package/dist/admin-api/source-context.js.map +1 -1
- package/dist/ai/adapter-scaffold.d.ts +63 -0
- package/dist/ai/adapter-scaffold.d.ts.map +1 -0
- package/dist/ai/adapter-scaffold.js +89 -0
- package/dist/ai/adapter-scaffold.js.map +1 -0
- package/dist/ai/compose-prompt.d.ts +50 -0
- package/dist/ai/compose-prompt.d.ts.map +1 -0
- package/dist/ai/compose-prompt.js +49 -0
- package/dist/ai/compose-prompt.js.map +1 -0
- package/dist/ai/errors.d.ts +65 -0
- package/dist/ai/errors.d.ts.map +1 -0
- package/dist/ai/errors.js +59 -0
- package/dist/ai/errors.js.map +1 -0
- package/dist/ai/index.d.ts +17 -0
- package/dist/ai/index.d.ts.map +1 -0
- package/dist/ai/index.js +16 -0
- package/dist/ai/index.js.map +1 -0
- package/dist/ai/provider.d.ts +76 -0
- package/dist/ai/provider.d.ts.map +1 -0
- package/dist/ai/provider.js +13 -0
- package/dist/ai/provider.js.map +1 -0
- package/dist/ai/refusal.d.ts +50 -0
- package/dist/ai/refusal.d.ts.map +1 -0
- package/dist/ai/refusal.js +100 -0
- package/dist/ai/refusal.js.map +1 -0
- package/dist/ai/vision-prep.d.ts +32 -0
- package/dist/ai/vision-prep.d.ts.map +1 -0
- package/dist/ai/vision-prep.js +113 -0
- package/dist/ai/vision-prep.js.map +1 -0
- package/dist/alt/adapter.d.ts +140 -0
- package/dist/alt/adapter.d.ts.map +1 -0
- package/dist/alt/adapter.js +7 -0
- package/dist/alt/adapter.js.map +1 -0
- package/dist/alt/anthropic.d.ts +63 -0
- package/dist/alt/anthropic.d.ts.map +1 -0
- package/dist/alt/anthropic.js +147 -0
- package/dist/alt/anthropic.js.map +1 -0
- package/dist/alt/config.d.ts +67 -0
- package/dist/alt/config.d.ts.map +1 -0
- package/dist/alt/config.js +41 -0
- package/dist/alt/config.js.map +1 -0
- package/dist/alt/factory.d.ts +19 -0
- package/dist/alt/factory.d.ts.map +1 -0
- package/dist/alt/factory.js +69 -0
- package/dist/alt/factory.js.map +1 -0
- package/dist/alt/null-adapter.d.ts +3 -0
- package/dist/alt/null-adapter.d.ts.map +1 -0
- package/dist/alt/null-adapter.js +43 -0
- package/dist/alt/null-adapter.js.map +1 -0
- package/dist/alt/ollama.d.ts +40 -0
- package/dist/alt/ollama.d.ts.map +1 -0
- package/dist/alt/ollama.js +139 -0
- package/dist/alt/ollama.js.map +1 -0
- package/dist/alt/openai.d.ts +46 -0
- package/dist/alt/openai.d.ts.map +1 -0
- package/dist/alt/openai.js +118 -0
- package/dist/alt/openai.js.map +1 -0
- package/dist/alt/prompt-policies.d.ts +79 -0
- package/dist/alt/prompt-policies.d.ts.map +1 -0
- package/dist/alt/prompt-policies.js +67 -0
- package/dist/alt/prompt-policies.js.map +1 -0
- package/dist/alt/route-handler.d.ts +56 -0
- package/dist/alt/route-handler.d.ts.map +1 -0
- package/dist/alt/route-handler.js +122 -0
- package/dist/alt/route-handler.js.map +1 -0
- package/dist/alt/suggester.d.ts +57 -0
- package/dist/alt/suggester.d.ts.map +1 -0
- package/dist/alt/suggester.js +133 -0
- package/dist/alt/suggester.js.map +1 -0
- package/dist/app.js +1 -1
- package/dist/app.js.map +1 -1
- package/dist/archive-aliases.d.ts +79 -0
- package/dist/archive-aliases.d.ts.map +1 -0
- package/dist/archive-aliases.js +60 -0
- package/dist/archive-aliases.js.map +1 -0
- package/dist/archive-helpers.d.ts +73 -0
- package/dist/archive-helpers.d.ts.map +1 -0
- package/dist/archive-helpers.js +94 -0
- package/dist/archive-helpers.js.map +1 -0
- package/dist/assets/analyze-audio.d.ts +3 -0
- package/dist/assets/analyze-audio.d.ts.map +1 -0
- package/dist/assets/analyze-audio.js +80 -0
- package/dist/assets/analyze-audio.js.map +1 -0
- package/dist/assets/analyze-image.d.ts +19 -0
- package/dist/assets/analyze-image.d.ts.map +1 -0
- package/dist/assets/analyze-image.js +123 -0
- package/dist/assets/analyze-image.js.map +1 -0
- package/dist/assets/analyze.d.ts +94 -0
- package/dist/assets/analyze.d.ts.map +1 -0
- package/dist/assets/analyze.js +45 -0
- package/dist/assets/analyze.js.map +1 -0
- package/dist/assets/asset-deps.d.ts +30 -0
- package/dist/assets/asset-deps.d.ts.map +1 -0
- package/dist/assets/asset-deps.js +42 -0
- package/dist/assets/asset-deps.js.map +1 -0
- package/dist/assets/asset-paths.d.ts +155 -0
- package/dist/assets/asset-paths.d.ts.map +1 -0
- package/dist/assets/asset-paths.js +197 -0
- package/dist/assets/asset-paths.js.map +1 -0
- package/dist/assets/delete.d.ts +75 -0
- package/dist/assets/delete.d.ts.map +1 -0
- package/dist/assets/delete.js +82 -0
- package/dist/assets/delete.js.map +1 -0
- package/dist/assets/errors.d.ts +241 -0
- package/dist/assets/errors.d.ts.map +1 -0
- package/dist/assets/errors.js +300 -0
- package/dist/assets/errors.js.map +1 -0
- package/dist/assets/find-refs.d.ts +37 -0
- package/dist/assets/find-refs.d.ts.map +1 -0
- package/dist/assets/find-refs.js +35 -0
- package/dist/assets/find-refs.js.map +1 -0
- package/dist/assets/hash.d.ts +13 -0
- package/dist/assets/hash.d.ts.map +1 -0
- package/dist/assets/hash.js +43 -0
- package/dist/assets/hash.js.map +1 -0
- package/dist/assets/image-metadata.d.ts +11 -0
- package/dist/assets/image-metadata.d.ts.map +1 -0
- package/dist/assets/image-metadata.js +31 -0
- package/dist/assets/image-metadata.js.map +1 -0
- package/dist/assets/ingest-locale.d.ts +86 -0
- package/dist/assets/ingest-locale.d.ts.map +1 -0
- package/dist/assets/ingest-locale.js +209 -0
- package/dist/assets/ingest-locale.js.map +1 -0
- package/dist/assets/ingest.d.ts +96 -0
- package/dist/assets/ingest.d.ts.map +1 -0
- package/dist/assets/ingest.js +308 -0
- package/dist/assets/ingest.js.map +1 -0
- package/dist/assets/kind-compat.d.ts +34 -0
- package/dist/assets/kind-compat.d.ts.map +1 -0
- package/dist/assets/kind-compat.js +33 -0
- package/dist/assets/kind-compat.js.map +1 -0
- package/dist/assets/list.d.ts +46 -0
- package/dist/assets/list.d.ts.map +1 -0
- package/dist/assets/list.js +102 -0
- package/dist/assets/list.js.map +1 -0
- package/dist/assets/manifest-default.d.ts +56 -0
- package/dist/assets/manifest-default.d.ts.map +1 -0
- package/dist/assets/manifest-default.js +120 -0
- package/dist/assets/manifest-default.js.map +1 -0
- package/dist/assets/manifest-filename.d.ts +52 -0
- package/dist/assets/manifest-filename.d.ts.map +1 -0
- package/dist/assets/manifest-filename.js +104 -0
- package/dist/assets/manifest-filename.js.map +1 -0
- package/dist/assets/manifest-locale.d.ts +60 -0
- package/dist/assets/manifest-locale.d.ts.map +1 -0
- package/dist/assets/manifest-locale.js +206 -0
- package/dist/assets/manifest-locale.js.map +1 -0
- package/dist/assets/manifest-merge.d.ts +66 -0
- package/dist/assets/manifest-merge.d.ts.map +1 -0
- package/dist/assets/manifest-merge.js +82 -0
- package/dist/assets/manifest-merge.js.map +1 -0
- package/dist/assets/manifest.d.ts +83 -0
- package/dist/assets/manifest.d.ts.map +1 -0
- package/dist/assets/manifest.js +93 -0
- package/dist/assets/manifest.js.map +1 -0
- package/dist/assets/mime-sniff.d.ts +18 -0
- package/dist/assets/mime-sniff.d.ts.map +1 -0
- package/dist/assets/mime-sniff.js +84 -0
- package/dist/assets/mime-sniff.js.map +1 -0
- package/dist/assets/preprocess-svg.d.ts +3 -0
- package/dist/assets/preprocess-svg.d.ts.map +1 -0
- package/dist/assets/preprocess-svg.js +49 -0
- package/dist/assets/preprocess-svg.js.map +1 -0
- package/dist/assets/preprocess.d.ts +62 -0
- package/dist/assets/preprocess.d.ts.map +1 -0
- package/dist/assets/preprocess.js +86 -0
- package/dist/assets/preprocess.js.map +1 -0
- package/dist/assets/publish-plan.d.ts +41 -0
- package/dist/assets/publish-plan.d.ts.map +1 -0
- package/dist/assets/publish-plan.js +49 -0
- package/dist/assets/publish-plan.js.map +1 -0
- package/dist/assets/publish.d.ts +33 -0
- package/dist/assets/publish.d.ts.map +1 -0
- package/dist/assets/publish.js +81 -0
- package/dist/assets/publish.js.map +1 -0
- package/dist/assets/refs.d.ts +37 -0
- package/dist/assets/refs.d.ts.map +1 -0
- package/dist/assets/refs.js +33 -0
- package/dist/assets/refs.js.map +1 -0
- package/dist/assets/remove-override.d.ts +42 -0
- package/dist/assets/remove-override.d.ts.map +1 -0
- package/dist/assets/remove-override.js +53 -0
- package/dist/assets/remove-override.js.map +1 -0
- package/dist/assets/rename.d.ts +43 -0
- package/dist/assets/rename.d.ts.map +1 -0
- package/dist/assets/rename.js +271 -0
- package/dist/assets/rename.js.map +1 -0
- package/dist/assets/replace.d.ts +37 -0
- package/dist/assets/replace.d.ts.map +1 -0
- package/dist/assets/replace.js +195 -0
- package/dist/assets/replace.js.map +1 -0
- package/dist/assets/resolve.d.ts +141 -0
- package/dist/assets/resolve.d.ts.map +1 -0
- package/dist/assets/resolve.js +381 -0
- package/dist/assets/resolve.js.map +1 -0
- package/dist/assets/rewrite-manifest-asset-ref.d.ts +44 -0
- package/dist/assets/rewrite-manifest-asset-ref.d.ts.map +1 -0
- package/dist/assets/rewrite-manifest-asset-ref.js +51 -0
- package/dist/assets/rewrite-manifest-asset-ref.js.map +1 -0
- package/dist/assets/scan-manifest-for-asset.d.ts +63 -0
- package/dist/assets/scan-manifest-for-asset.d.ts.map +1 -0
- package/dist/assets/scan-manifest-for-asset.js +105 -0
- package/dist/assets/scan-manifest-for-asset.js.map +1 -0
- package/dist/assets/serve-route.d.ts +45 -0
- package/dist/assets/serve-route.d.ts.map +1 -0
- package/dist/assets/serve-route.js +123 -0
- package/dist/assets/serve-route.js.map +1 -0
- package/dist/assets/svg-sanitize.d.ts +38 -0
- package/dist/assets/svg-sanitize.d.ts.map +1 -0
- package/dist/assets/svg-sanitize.js +209 -0
- package/dist/assets/svg-sanitize.js.map +1 -0
- package/dist/assets/update-metadata.d.ts +61 -0
- package/dist/assets/update-metadata.d.ts.map +1 -0
- package/dist/assets/update-metadata.js +82 -0
- package/dist/assets/update-metadata.js.map +1 -0
- package/dist/assets/url.d.ts +82 -0
- package/dist/assets/url.d.ts.map +1 -0
- package/dist/assets/url.js +103 -0
- package/dist/assets/url.js.map +1 -0
- package/dist/assets/validate.d.ts +74 -0
- package/dist/assets/validate.d.ts.map +1 -0
- package/dist/assets/validate.js +136 -0
- package/dist/assets/validate.js.map +1 -0
- package/dist/assets/variants.d.ts +23 -0
- package/dist/assets/variants.d.ts.map +1 -0
- package/dist/assets/variants.js +74 -0
- package/dist/assets/variants.js.map +1 -0
- package/dist/audit/config.d.ts +75 -0
- package/dist/audit/config.d.ts.map +1 -0
- package/dist/audit/config.js +91 -0
- package/dist/audit/config.js.map +1 -0
- package/dist/audit/context.d.ts +98 -0
- package/dist/audit/context.d.ts.map +1 -0
- package/dist/audit/context.js +51 -0
- package/dist/audit/context.js.map +1 -0
- package/dist/audit/errors.d.ts +73 -0
- package/dist/audit/errors.d.ts.map +1 -0
- package/dist/audit/errors.js +78 -0
- package/dist/audit/errors.js.map +1 -0
- package/dist/audit/index.d.ts +16 -0
- package/dist/audit/index.d.ts.map +1 -0
- package/dist/audit/index.js +10 -0
- package/dist/audit/index.js.map +1 -0
- package/dist/audit/provider.d.ts +73 -0
- package/dist/audit/provider.d.ts.map +1 -0
- package/dist/audit/provider.js +2 -0
- package/dist/audit/provider.js.map +1 -0
- package/dist/audit/providers/history.d.ts +66 -0
- package/dist/audit/providers/history.d.ts.map +1 -0
- package/dist/audit/providers/history.js +102 -0
- package/dist/audit/providers/history.js.map +1 -0
- package/dist/audit/pseudonymize.d.ts +26 -0
- package/dist/audit/pseudonymize.d.ts.map +1 -0
- package/dist/audit/pseudonymize.js +86 -0
- package/dist/audit/pseudonymize.js.map +1 -0
- package/dist/audit/recorder.d.ts +102 -0
- package/dist/audit/recorder.d.ts.map +1 -0
- package/dist/audit/recorder.js +55 -0
- package/dist/audit/recorder.js.map +1 -0
- package/dist/audit/retention.d.ts +83 -0
- package/dist/audit/retention.d.ts.map +1 -0
- package/dist/audit/retention.js +142 -0
- package/dist/audit/retention.js.map +1 -0
- package/dist/audit/source-ip.d.ts +32 -0
- package/dist/audit/source-ip.d.ts.map +1 -0
- package/dist/audit/source-ip.js +164 -0
- package/dist/audit/source-ip.js.map +1 -0
- package/dist/audit/types.d.ts +143 -0
- package/dist/audit/types.d.ts.map +1 -0
- package/dist/audit/types.js +33 -0
- package/dist/audit/types.js.map +1 -0
- package/dist/audit/user-agent.d.ts +28 -0
- package/dist/audit/user-agent.d.ts.map +1 -0
- package/dist/audit/user-agent.js +63 -0
- package/dist/audit/user-agent.js.map +1 -0
- package/dist/auth/capabilities.d.ts +28 -0
- package/dist/auth/capabilities.d.ts.map +1 -0
- package/dist/auth/capabilities.js +101 -0
- package/dist/auth/capabilities.js.map +1 -0
- package/dist/auth/config.d.ts +109 -0
- package/dist/auth/config.d.ts.map +1 -0
- package/dist/auth/config.js +221 -0
- package/dist/auth/config.js.map +1 -0
- package/dist/auth/errors.d.ts +72 -0
- package/dist/auth/errors.d.ts.map +1 -0
- package/dist/auth/errors.js +78 -0
- package/dist/auth/errors.js.map +1 -0
- package/dist/auth/factory.d.ts +43 -0
- package/dist/auth/factory.d.ts.map +1 -0
- package/dist/auth/factory.js +48 -0
- package/dist/auth/factory.js.map +1 -0
- package/dist/auth/index.d.ts +21 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +14 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/ip-match.d.ts +29 -0
- package/dist/auth/ip-match.d.ts.map +1 -0
- package/dist/auth/ip-match.js +162 -0
- package/dist/auth/ip-match.js.map +1 -0
- package/dist/auth/provider.d.ts +76 -0
- package/dist/auth/provider.d.ts.map +1 -0
- package/dist/auth/provider.js +2 -0
- package/dist/auth/provider.js.map +1 -0
- package/dist/auth/providers/aws-cognito.d.ts +55 -0
- package/dist/auth/providers/aws-cognito.d.ts.map +1 -0
- package/dist/auth/providers/aws-cognito.js +114 -0
- package/dist/auth/providers/aws-cognito.js.map +1 -0
- package/dist/auth/providers/azure-easy-auth.d.ts +7 -0
- package/dist/auth/providers/azure-easy-auth.d.ts.map +1 -0
- package/dist/auth/providers/azure-easy-auth.js +48 -0
- package/dist/auth/providers/azure-easy-auth.js.map +1 -0
- package/dist/auth/providers/cloudflare-access.d.ts +71 -0
- package/dist/auth/providers/cloudflare-access.d.ts.map +1 -0
- package/dist/auth/providers/cloudflare-access.js +120 -0
- package/dist/auth/providers/cloudflare-access.js.map +1 -0
- package/dist/auth/providers/forwarded-user.d.ts +31 -0
- package/dist/auth/providers/forwarded-user.d.ts.map +1 -0
- package/dist/auth/providers/forwarded-user.js +72 -0
- package/dist/auth/providers/forwarded-user.js.map +1 -0
- package/dist/auth/providers/none.d.ts +6 -0
- package/dist/auth/providers/none.d.ts.map +1 -0
- package/dist/auth/providers/none.js +19 -0
- package/dist/auth/providers/none.js.map +1 -0
- package/dist/auth/providers/tailscale.d.ts +7 -0
- package/dist/auth/providers/tailscale.d.ts.map +1 -0
- package/dist/auth/providers/tailscale.js +30 -0
- package/dist/auth/providers/tailscale.js.map +1 -0
- package/dist/auth/role-resolver.d.ts +38 -0
- package/dist/auth/role-resolver.d.ts.map +1 -0
- package/dist/auth/role-resolver.js +92 -0
- package/dist/auth/role-resolver.js.map +1 -0
- package/dist/auth/types.d.ts +150 -0
- package/dist/auth/types.d.ts.map +1 -0
- package/dist/auth/types.js +60 -0
- package/dist/auth/types.js.map +1 -0
- package/dist/cache/errors.d.ts +41 -0
- package/dist/cache/errors.d.ts.map +1 -0
- package/dist/cache/errors.js +44 -0
- package/dist/cache/errors.js.map +1 -0
- package/dist/cache/factories.d.ts +17 -0
- package/dist/cache/factories.d.ts.map +1 -0
- package/dist/cache/factories.js +17 -0
- package/dist/cache/factories.js.map +1 -0
- package/dist/cache/keys.d.ts +63 -0
- package/dist/cache/keys.d.ts.map +1 -0
- package/dist/cache/keys.js +145 -0
- package/dist/cache/keys.js.map +1 -0
- package/dist/cache/memory.d.ts +51 -0
- package/dist/cache/memory.d.ts.map +1 -0
- package/dist/cache/memory.js +204 -0
- package/dist/cache/memory.js.map +1 -0
- package/dist/cache/per-site.d.ts +22 -0
- package/dist/cache/per-site.d.ts.map +1 -0
- package/dist/cache/per-site.js +114 -0
- package/dist/cache/per-site.js.map +1 -0
- package/dist/cache/types.d.ts +142 -0
- package/dist/cache/types.d.ts.map +1 -0
- package/dist/cache/types.js +33 -0
- package/dist/cache/types.js.map +1 -0
- package/dist/cli/archive.d.ts +44 -0
- package/dist/cli/archive.d.ts.map +1 -0
- package/dist/cli/archive.js +310 -0
- package/dist/cli/archive.js.map +1 -0
- package/dist/cli/assets-cli.d.ts +58 -0
- package/dist/cli/assets-cli.d.ts.map +1 -0
- package/dist/cli/assets-cli.js +233 -0
- package/dist/cli/assets-cli.js.map +1 -0
- package/dist/cli/assets-display.d.ts +112 -0
- package/dist/cli/assets-display.d.ts.map +1 -0
- package/dist/cli/assets-display.js +106 -0
- package/dist/cli/assets-display.js.map +1 -0
- package/dist/cli/bootstrap.d.ts +15 -10
- package/dist/cli/bootstrap.d.ts.map +1 -1
- package/dist/cli/bootstrap.js +59 -24
- package/dist/cli/bootstrap.js.map +1 -1
- package/dist/cli/dev-template-watcher.d.ts +29 -0
- package/dist/cli/dev-template-watcher.d.ts.map +1 -0
- package/dist/cli/dev-template-watcher.js +38 -0
- package/dist/cli/dev-template-watcher.js.map +1 -0
- package/dist/cli/history.d.ts.map +1 -1
- package/dist/cli/history.js +5 -3
- package/dist/cli/history.js.map +1 -1
- package/dist/cli/index.js +737 -374
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/validate-flags.d.ts +29 -0
- package/dist/cli/validate-flags.d.ts.map +1 -0
- package/dist/cli/validate-flags.js +49 -0
- package/dist/cli/validate-flags.js.map +1 -0
- package/dist/compare.d.ts +1 -1
- package/dist/compare.d.ts.map +1 -1
- package/dist/compare.js +40 -35
- package/dist/compare.js.map +1 -1
- package/dist/component-ids.d.ts +25 -0
- package/dist/component-ids.d.ts.map +1 -0
- package/dist/component-ids.js +83 -0
- package/dist/component-ids.js.map +1 -0
- package/dist/config/define.d.ts +61 -0
- package/dist/config/define.d.ts.map +1 -0
- package/dist/config/define.js +64 -0
- package/dist/config/define.js.map +1 -0
- package/dist/config/errors.d.ts +32 -0
- package/dist/config/errors.d.ts.map +1 -0
- package/dist/config/errors.js +40 -0
- package/dist/config/errors.js.map +1 -0
- package/dist/config/index.d.ts +13 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +20 -0
- package/dist/config/index.js.map +1 -0
- package/dist/config/loader.d.ts +105 -0
- package/dist/config/loader.d.ts.map +1 -0
- package/dist/config/loader.js +265 -0
- package/dist/config/loader.js.map +1 -0
- package/dist/config/schemas.d.ts +89 -0
- package/dist/config/schemas.d.ts.map +1 -0
- package/dist/config/schemas.js +172 -0
- package/dist/config/schemas.js.map +1 -0
- package/dist/config/types.d.ts +32 -0
- package/dist/config/types.d.ts.map +1 -0
- package/dist/config/types.js +15 -0
- package/dist/config/types.js.map +1 -0
- package/dist/dep-sidecars.d.ts +127 -0
- package/dist/dep-sidecars.d.ts.map +1 -0
- package/dist/dep-sidecars.js +122 -0
- package/dist/dep-sidecars.js.map +1 -0
- package/dist/deploy/cloudflare-workers.d.ts +46 -0
- package/dist/deploy/cloudflare-workers.d.ts.map +1 -0
- package/dist/deploy/cloudflare-workers.js +213 -0
- package/dist/deploy/cloudflare-workers.js.map +1 -0
- package/dist/deploy/errors.d.ts +66 -0
- package/dist/deploy/errors.d.ts.map +1 -0
- package/dist/deploy/errors.js +82 -0
- package/dist/deploy/errors.js.map +1 -0
- package/dist/deploy/index.d.ts +9 -0
- package/dist/deploy/index.d.ts.map +1 -0
- package/dist/deploy/index.js +3 -0
- package/dist/deploy/index.js.map +1 -0
- package/dist/deploy/types.d.ts +162 -0
- package/dist/deploy/types.d.ts.map +1 -0
- package/dist/deploy/types.js +2 -0
- package/dist/deploy/types.js.map +1 -0
- package/dist/editor/AssetEmbeddedWidget.d.ts +3 -0
- package/dist/editor/AssetEmbeddedWidget.d.ts.map +1 -0
- package/dist/editor/AssetEmbeddedWidget.js +146 -0
- package/dist/editor/AssetEmbeddedWidget.js.map +1 -0
- package/dist/editor/mount.d.ts +12 -1
- package/dist/editor/mount.d.ts.map +1 -1
- package/dist/editor/mount.js +36 -5
- package/dist/editor/mount.js.map +1 -1
- package/dist/format.d.ts +44 -0
- package/dist/format.d.ts.map +1 -0
- package/dist/format.js +65 -0
- package/dist/format.js.map +1 -0
- package/dist/fragment-deps.d.ts +24 -0
- package/dist/fragment-deps.d.ts.map +1 -0
- package/dist/fragment-deps.js +20 -0
- package/dist/fragment-deps.js.map +1 -0
- package/dist/fragments/create.d.ts +70 -0
- package/dist/fragments/create.d.ts.map +1 -0
- package/dist/fragments/create.js +93 -0
- package/dist/fragments/create.js.map +1 -0
- package/dist/fragments/publish.d.ts +37 -0
- package/dist/fragments/publish.d.ts.map +1 -0
- package/dist/fragments/publish.js +52 -0
- package/dist/fragments/publish.js.map +1 -0
- package/dist/fragments/save.d.ts +81 -0
- package/dist/fragments/save.d.ts.map +1 -0
- package/dist/fragments/save.js +105 -0
- package/dist/fragments/save.js.map +1 -0
- package/dist/hash.d.ts +0 -6
- package/dist/hash.d.ts.map +1 -1
- package/dist/hash.js +0 -18
- package/dist/hash.js.map +1 -1
- package/dist/history-provider.d.ts.map +1 -1
- package/dist/history-provider.js +30 -8
- package/dist/history-provider.js.map +1 -1
- package/dist/history-recorder.d.ts +10 -6
- package/dist/history-recorder.d.ts.map +1 -1
- package/dist/history-recorder.js +13 -5
- package/dist/history-recorder.js.map +1 -1
- package/dist/history-restorer.d.ts.map +1 -1
- package/dist/history-restorer.js +34 -2
- package/dist/history-restorer.js.map +1 -1
- package/dist/history.d.ts +26 -8
- package/dist/history.d.ts.map +1 -1
- package/dist/hooks/audit-emitter.d.ts +73 -0
- package/dist/hooks/audit-emitter.d.ts.map +1 -0
- package/dist/hooks/audit-emitter.js +13 -0
- package/dist/hooks/audit-emitter.js.map +1 -0
- package/dist/hooks/context.d.ts +78 -0
- package/dist/hooks/context.d.ts.map +1 -0
- package/dist/hooks/context.js +56 -0
- package/dist/hooks/context.js.map +1 -0
- package/dist/hooks/contribution.d.ts +90 -0
- package/dist/hooks/contribution.d.ts.map +1 -0
- package/dist/hooks/contribution.js +2 -0
- package/dist/hooks/contribution.js.map +1 -0
- package/dist/hooks/dispatch.d.ts +30 -0
- package/dist/hooks/dispatch.d.ts.map +1 -0
- package/dist/hooks/dispatch.js +252 -0
- package/dist/hooks/dispatch.js.map +1 -0
- package/dist/hooks/errors.d.ts +100 -0
- package/dist/hooks/errors.d.ts.map +1 -0
- package/dist/hooks/errors.js +103 -0
- package/dist/hooks/errors.js.map +1 -0
- package/dist/hooks/index.d.ts +15 -0
- package/dist/hooks/index.d.ts.map +1 -0
- package/dist/hooks/index.js +6 -0
- package/dist/hooks/index.js.map +1 -0
- package/dist/hooks/registry.d.ts +53 -0
- package/dist/hooks/registry.d.ts.map +1 -0
- package/dist/hooks/registry.js +139 -0
- package/dist/hooks/registry.js.map +1 -0
- package/dist/hooks/storage.d.ts +43 -0
- package/dist/hooks/storage.d.ts.map +1 -0
- package/dist/hooks/storage.js +2 -0
- package/dist/hooks/storage.js.map +1 -0
- package/dist/hooks/types.d.ts +324 -0
- package/dist/hooks/types.d.ts.map +1 -0
- package/dist/hooks/types.js +2 -0
- package/dist/hooks/types.js.map +1 -0
- package/dist/index.d.ts +27 -9
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +50 -7
- package/dist/index.js.map +1 -1
- package/dist/locale.d.ts +25 -1
- package/dist/locale.d.ts.map +1 -1
- package/dist/locale.js +44 -2
- package/dist/locale.js.map +1 -1
- package/dist/manifest-save.d.ts +255 -0
- package/dist/manifest-save.d.ts.map +1 -0
- package/dist/manifest-save.js +260 -0
- package/dist/manifest-save.js.map +1 -0
- package/dist/manifest.d.ts +1 -2
- package/dist/manifest.d.ts.map +1 -1
- package/dist/manifest.js +43 -44
- package/dist/manifest.js.map +1 -1
- package/dist/node-floor.d.ts +3 -0
- package/dist/node-floor.d.ts.map +1 -0
- package/dist/node-floor.js +3 -0
- package/dist/node-floor.js.map +1 -0
- package/dist/pages/create.d.ts +103 -0
- package/dist/pages/create.d.ts.map +1 -0
- package/dist/pages/create.js +117 -0
- package/dist/pages/create.js.map +1 -0
- package/dist/pages/publish.d.ts +59 -0
- package/dist/pages/publish.d.ts.map +1 -0
- package/dist/pages/publish.js +78 -0
- package/dist/pages/publish.js.map +1 -0
- package/dist/pages/save.d.ts +97 -0
- package/dist/pages/save.d.ts.map +1 -0
- package/dist/pages/save.js +138 -0
- package/dist/pages/save.js.map +1 -0
- package/dist/providers/_atomic-write.d.ts +9 -0
- package/dist/providers/_atomic-write.d.ts.map +1 -0
- package/dist/providers/_atomic-write.js +72 -0
- package/dist/providers/_atomic-write.js.map +1 -0
- package/dist/providers/_rm-ignore-missing.d.ts +31 -0
- package/dist/providers/_rm-ignore-missing.d.ts.map +1 -0
- package/dist/providers/_rm-ignore-missing.js +12 -0
- package/dist/providers/_rm-ignore-missing.js.map +1 -0
- package/dist/providers/_stream-interop.d.ts +23 -0
- package/dist/providers/_stream-interop.d.ts.map +1 -0
- package/dist/providers/_stream-interop.js +21 -0
- package/dist/providers/_stream-interop.js.map +1 -0
- package/dist/providers/azure-blob.d.ts.map +1 -1
- package/dist/providers/azure-blob.js +60 -0
- package/dist/providers/azure-blob.js.map +1 -1
- package/dist/providers/factories.d.ts +65 -0
- package/dist/providers/factories.d.ts.map +1 -0
- package/dist/providers/factories.js +189 -0
- package/dist/providers/factories.js.map +1 -0
- package/dist/providers/filesystem.d.ts +4 -0
- package/dist/providers/filesystem.d.ts.map +1 -1
- package/dist/providers/filesystem.js +63 -2
- package/dist/providers/filesystem.js.map +1 -1
- package/dist/providers/s3.d.ts.map +1 -1
- package/dist/providers/s3.js +84 -1
- package/dist/providers/s3.js.map +1 -1
- package/dist/publish-item.d.ts +225 -0
- package/dist/publish-item.d.ts.map +1 -0
- package/dist/publish-item.js +210 -0
- package/dist/publish-item.js.map +1 -0
- package/dist/publish-rendered.d.ts +37 -17
- package/dist/publish-rendered.d.ts.map +1 -1
- package/dist/publish-rendered.js +144 -71
- package/dist/publish-rendered.js.map +1 -1
- package/dist/publish-renderers.d.ts +132 -0
- package/dist/publish-renderers.d.ts.map +1 -0
- package/dist/publish-renderers.js +240 -0
- package/dist/publish-renderers.js.map +1 -0
- package/dist/publish-run.d.ts +223 -0
- package/dist/publish-run.d.ts.map +1 -0
- package/dist/publish-run.js +307 -0
- package/dist/publish-run.js.map +1 -0
- package/dist/publish.d.ts +13 -12
- package/dist/publish.d.ts.map +1 -1
- package/dist/publish.js +24 -57
- package/dist/publish.js.map +1 -1
- package/dist/render-for-analysis.d.ts +24 -0
- package/dist/render-for-analysis.d.ts.map +1 -0
- package/dist/render-for-analysis.js +146 -0
- package/dist/render-for-analysis.js.map +1 -0
- package/dist/resolver.d.ts +12 -2
- package/dist/resolver.d.ts.map +1 -1
- package/dist/resolver.js +101 -32
- package/dist/resolver.js.map +1 -1
- package/dist/runtime/archive-marker.d.ts +62 -0
- package/dist/runtime/archive-marker.d.ts.map +1 -0
- package/dist/runtime/archive-marker.js +88 -0
- package/dist/runtime/archive-marker.js.map +1 -0
- package/dist/runtime/capability-gap-warnings.d.ts +42 -0
- package/dist/runtime/capability-gap-warnings.d.ts.map +1 -0
- package/dist/runtime/capability-gap-warnings.js +28 -0
- package/dist/runtime/capability-gap-warnings.js.map +1 -0
- package/dist/runtime/redirects-emit.d.ts +93 -0
- package/dist/runtime/redirects-emit.d.ts.map +1 -0
- package/dist/runtime/redirects-emit.js +89 -0
- package/dist/runtime/redirects-emit.js.map +1 -0
- package/dist/runtime/runtime-capabilities.d.ts +79 -0
- package/dist/runtime/runtime-capabilities.d.ts.map +1 -0
- package/dist/runtime/runtime-capabilities.js +60 -0
- package/dist/runtime/runtime-capabilities.js.map +1 -0
- package/dist/save-etag.d.ts +69 -0
- package/dist/save-etag.d.ts.map +1 -0
- package/dist/save-etag.js +118 -0
- package/dist/save-etag.js.map +1 -0
- package/dist/schema/dimensions.d.ts +78 -0
- package/dist/schema/dimensions.d.ts.map +1 -0
- package/dist/schema/dimensions.js +97 -0
- package/dist/schema/dimensions.js.map +1 -0
- package/dist/schema/helpers.d.ts +108 -0
- package/dist/schema/helpers.d.ts.map +1 -0
- package/dist/schema/helpers.js +133 -0
- package/dist/schema/helpers.js.map +1 -0
- package/dist/schema/index.d.ts +27 -0
- package/dist/schema/index.d.ts.map +1 -0
- package/dist/schema/index.js +25 -0
- package/dist/schema/index.js.map +1 -0
- package/dist/schema/types.d.ts +390 -0
- package/dist/schema/types.d.ts.map +1 -0
- package/dist/schema/types.js +25 -0
- package/dist/schema/types.js.map +1 -0
- package/dist/selector-chain.d.ts +63 -0
- package/dist/selector-chain.d.ts.map +1 -0
- package/dist/selector-chain.js +58 -0
- package/dist/selector-chain.js.map +1 -0
- package/dist/sidecars.d.ts +19 -18
- package/dist/sidecars.d.ts.map +1 -1
- package/dist/sidecars.js +70 -62
- package/dist/sidecars.js.map +1 -1
- package/dist/site-loader.d.ts +42 -4
- package/dist/site-loader.d.ts.map +1 -1
- package/dist/site-loader.js +27 -8
- package/dist/site-loader.js.map +1 -1
- package/dist/targets.d.ts +21 -12
- package/dist/targets.d.ts.map +1 -1
- package/dist/targets.js +27 -117
- package/dist/targets.js.map +1 -1
- package/dist/testing/admin-cache-contract.d.ts +52 -0
- package/dist/testing/admin-cache-contract.d.ts.map +1 -0
- package/dist/testing/admin-cache-contract.js +203 -0
- package/dist/testing/admin-cache-contract.js.map +1 -0
- package/dist/testing/index.d.ts +11 -0
- package/dist/testing/index.d.ts.map +1 -0
- package/dist/testing/index.js +11 -0
- package/dist/testing/index.js.map +1 -0
- package/dist/themes.d.ts +69 -0
- package/dist/themes.d.ts.map +1 -0
- package/dist/themes.js +85 -0
- package/dist/themes.js.map +1 -0
- package/dist/transforms/adapter.d.ts +115 -0
- package/dist/transforms/adapter.d.ts.map +1 -0
- package/dist/transforms/adapter.js +2 -0
- package/dist/transforms/adapter.js.map +1 -0
- package/dist/transforms/cloudflare.d.ts +17 -0
- package/dist/transforms/cloudflare.d.ts.map +1 -0
- package/dist/transforms/cloudflare.js +110 -0
- package/dist/transforms/cloudflare.js.map +1 -0
- package/dist/transforms/factories.d.ts +16 -0
- package/dist/transforms/factories.d.ts.map +1 -0
- package/dist/transforms/factories.js +18 -0
- package/dist/transforms/factories.js.map +1 -0
- package/dist/transforms/index.d.ts +17 -0
- package/dist/transforms/index.d.ts.map +1 -0
- package/dist/transforms/index.js +6 -0
- package/dist/transforms/index.js.map +1 -0
- package/dist/transforms/sharp.d.ts +17 -0
- package/dist/transforms/sharp.d.ts.map +1 -0
- package/dist/transforms/sharp.js +57 -0
- package/dist/transforms/sharp.js.map +1 -0
- package/dist/types.d.ts +485 -34
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +20 -1
- package/dist/types.js.map +1 -1
- package/dist/validation/alt-required-walker.d.ts +27 -0
- package/dist/validation/alt-required-walker.d.ts.map +1 -0
- package/dist/validation/alt-required-walker.js +108 -0
- package/dist/validation/alt-required-walker.js.map +1 -0
- package/dist/validation/default-registry.d.ts +12 -0
- package/dist/validation/default-registry.d.ts.map +1 -0
- package/dist/validation/default-registry.js +55 -0
- package/dist/validation/default-registry.js.map +1 -0
- package/dist/validation/publish-audit.d.ts +44 -0
- package/dist/validation/publish-audit.d.ts.map +1 -0
- package/dist/validation/publish-audit.js +64 -0
- package/dist/validation/publish-audit.js.map +1 -0
- package/dist/validation/registry.d.ts +23 -0
- package/dist/validation/registry.d.ts.map +1 -0
- package/dist/validation/registry.js +15 -0
- package/dist/validation/registry.js.map +1 -0
- package/dist/validation/save-delta.d.ts +46 -0
- package/dist/validation/save-delta.d.ts.map +1 -0
- package/dist/validation/save-delta.js +57 -0
- package/dist/validation/save-delta.js.map +1 -0
- package/dist/validation/scanner.d.ts +91 -0
- package/dist/validation/scanner.d.ts.map +1 -0
- package/dist/validation/scanner.js +327 -0
- package/dist/validation/scanner.js.map +1 -0
- package/dist/validation/template-impact.d.ts +52 -0
- package/dist/validation/template-impact.d.ts.map +1 -0
- package/dist/validation/template-impact.js +53 -0
- package/dist/validation/template-impact.js.map +1 -0
- package/dist/validation/types.d.ts +123 -0
- package/dist/validation/types.d.ts.map +1 -0
- package/dist/validation/types.js +7 -0
- package/dist/validation/types.js.map +1 -0
- package/dist/validation/validators/accessibility.d.ts +3 -0
- package/dist/validation/validators/accessibility.d.ts.map +1 -0
- package/dist/validation/validators/accessibility.js +106 -0
- package/dist/validation/validators/accessibility.js.map +1 -0
- package/dist/validation/validators/aliasof-points-to-archived.d.ts +40 -0
- package/dist/validation/validators/aliasof-points-to-archived.d.ts.map +1 -0
- package/dist/validation/validators/aliasof-points-to-archived.js +34 -0
- package/dist/validation/validators/aliasof-points-to-archived.js.map +1 -0
- package/dist/validation/validators/alt-required.d.ts +3 -0
- package/dist/validation/validators/alt-required.d.ts.map +1 -0
- package/dist/validation/validators/alt-required.js +118 -0
- package/dist/validation/validators/alt-required.js.map +1 -0
- package/dist/validation/validators/archive-not-supported-on-target.d.ts +3 -0
- package/dist/validation/validators/archive-not-supported-on-target.d.ts.map +1 -0
- package/dist/validation/validators/archive-not-supported-on-target.js +38 -0
- package/dist/validation/validators/archive-not-supported-on-target.js.map +1 -0
- package/dist/validation/validators/broken-links.d.ts +3 -0
- package/dist/validation/validators/broken-links.d.ts.map +1 -0
- package/dist/validation/validators/broken-links.js +190 -0
- package/dist/validation/validators/broken-links.js.map +1 -0
- package/dist/validation/validators/circular-alias.d.ts +36 -0
- package/dist/validation/validators/circular-alias.d.ts.map +1 -0
- package/dist/validation/validators/circular-alias.js +63 -0
- package/dist/validation/validators/circular-alias.js.map +1 -0
- package/dist/validation/validators/circular-fragment.d.ts +15 -0
- package/dist/validation/validators/circular-fragment.d.ts.map +1 -0
- package/dist/validation/validators/circular-fragment.js +97 -0
- package/dist/validation/validators/circular-fragment.js.map +1 -0
- package/dist/validation/validators/dangling-alias.d.ts +38 -0
- package/dist/validation/validators/dangling-alias.d.ts.map +1 -0
- package/dist/validation/validators/dangling-alias.js +31 -0
- package/dist/validation/validators/dangling-alias.js.map +1 -0
- package/dist/validation/validators/deploy-target-type-supported.d.ts +3 -0
- package/dist/validation/validators/deploy-target-type-supported.d.ts.map +1 -0
- package/dist/validation/validators/deploy-target-type-supported.js +32 -0
- package/dist/validation/validators/deploy-target-type-supported.js.map +1 -0
- package/dist/validation/validators/dynamic-route-conflict.d.ts +18 -0
- package/dist/validation/validators/dynamic-route-conflict.d.ts.map +1 -0
- package/dist/validation/validators/dynamic-route-conflict.js +80 -0
- package/dist/validation/validators/dynamic-route-conflict.js.map +1 -0
- package/dist/validation/validators/html-validity.d.ts +3 -0
- package/dist/validation/validators/html-validity.d.ts.map +1 -0
- package/dist/validation/validators/html-validity.js +89 -0
- package/dist/validation/validators/html-validity.js.map +1 -0
- package/dist/validation/validators/orphaned-locale-file.d.ts +21 -0
- package/dist/validation/validators/orphaned-locale-file.d.ts.map +1 -0
- package/dist/validation/validators/orphaned-locale-file.js +84 -0
- package/dist/validation/validators/orphaned-locale-file.js.map +1 -0
- package/dist/validation/validators/referenced-archived-without-alias.d.ts +3 -0
- package/dist/validation/validators/referenced-archived-without-alias.d.ts.map +1 -0
- package/dist/validation/validators/referenced-archived-without-alias.js +65 -0
- package/dist/validation/validators/referenced-archived-without-alias.js.map +1 -0
- package/dist/validation/validators/referenced-asset-exists.d.ts +13 -0
- package/dist/validation/validators/referenced-asset-exists.d.ts.map +1 -0
- package/dist/validation/validators/referenced-asset-exists.js +80 -0
- package/dist/validation/validators/referenced-asset-exists.js.map +1 -0
- package/dist/validation/validators/referenced-fragment-exists.d.ts +9 -0
- package/dist/validation/validators/referenced-fragment-exists.d.ts.map +1 -0
- package/dist/validation/validators/referenced-fragment-exists.js +52 -0
- package/dist/validation/validators/referenced-fragment-exists.js.map +1 -0
- package/dist/validation/validators/referenced-template-exists.d.ts +10 -0
- package/dist/validation/validators/referenced-template-exists.d.ts.map +1 -0
- package/dist/validation/validators/referenced-template-exists.js +74 -0
- package/dist/validation/validators/referenced-template-exists.js.map +1 -0
- package/dist/validation/validators/schema-conformance.d.ts +17 -0
- package/dist/validation/validators/schema-conformance.d.ts.map +1 -0
- package/dist/validation/validators/schema-conformance.js +94 -0
- package/dist/validation/validators/schema-conformance.js.map +1 -0
- package/dist/validation/validators/target-deploy-coverage.d.ts +3 -0
- package/dist/validation/validators/target-deploy-coverage.d.ts.map +1 -0
- package/dist/validation/validators/target-deploy-coverage.js +37 -0
- package/dist/validation/validators/target-deploy-coverage.js.map +1 -0
- package/dist/validation/validators/unused-fragment.d.ts +16 -0
- package/dist/validation/validators/unused-fragment.d.ts.map +1 -0
- package/dist/validation/validators/unused-fragment.js +86 -0
- package/dist/validation/validators/unused-fragment.js.map +1 -0
- package/package.json +69 -27
- package/admin-dist/assets/index-B6pVot0Y.css +0 -1
- package/admin-dist/assets/index-DniLwxJA.js +0 -609
- package/admin-dist/assets/rolldown-runtime-COnpUsM8.js +0 -1
- package/admin-dist/assets/vendor-rjsf-HKBAjOmQ.js +0 -32
- package/admin-dist/assets/vendor-tiptap-IyO99U4R.js +0 -142
- package/admin-dist/assets/vendor-vue-D3wBSmDf.js +0 -1
- package/dist/providers/r2.d.ts +0 -8
- package/dist/providers/r2.d.ts.map +0 -1
- package/dist/providers/r2.js +0 -86
- package/dist/providers/r2.js.map +0 -1
- package/dist/publish-locale.d.ts +0 -44
- package/dist/publish-locale.d.ts.map +0 -1
- package/dist/publish-locale.js +0 -103
- package/dist/publish-locale.js.map +0 -1
- package/dist/source-sidecars.d.ts +0 -32
- package/dist/source-sidecars.d.ts.map +0 -1
- package/dist/source-sidecars.js +0 -98
- package/dist/source-sidecars.js.map +0 -1
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `AuditProvider` — the seam between Gazetta's recording sites
|
|
3
|
+
* (save/publish/delete/restore handlers, capability middleware,
|
|
4
|
+
* principal middleware) and the operator's chosen audit sink.
|
|
5
|
+
*
|
|
6
|
+
* # The contract
|
|
7
|
+
*
|
|
8
|
+
* Per `design-audit.md`'s "Surface-specific contract":
|
|
9
|
+
*
|
|
10
|
+
* - `record(event)` — write an `AuditEvent` to the sink. MUST
|
|
11
|
+
* NOT throw on transport errors; falls back to local-only
|
|
12
|
+
* recording on failure (the dispatcher in Cut 3 catches +
|
|
13
|
+
* logs via `AuditTransportError`).
|
|
14
|
+
* - `query(filter)` — optional. Providers that own queryable
|
|
15
|
+
* storage implement this; external-sink providers (webhook,
|
|
16
|
+
* OTel) omit it.
|
|
17
|
+
* - `queryUrl()` — optional. Returns a deep-link to the
|
|
18
|
+
* operator's destination console (CloudWatch / Azure Monitor
|
|
19
|
+
* URLs). Providers that own queryable storage typically omit.
|
|
20
|
+
*
|
|
21
|
+
* # Plugin promotion path
|
|
22
|
+
*
|
|
23
|
+
* Per ADR-0009 + `design-plugins.md`: external audit providers
|
|
24
|
+
* ship as npm packages exporting factory functions returning
|
|
25
|
+
* `AuditProvider`. Operators import + invoke at the audit config
|
|
26
|
+
* field (Pattern 3 — multi-provider fan-out via `auditChain([...])`
|
|
27
|
+
* when shipped). No runtime register method.
|
|
28
|
+
*
|
|
29
|
+
* # SOLID lenses
|
|
30
|
+
*
|
|
31
|
+
* - SRP: each provider owns one sink's mechanics; no cross-cutting
|
|
32
|
+
* concerns.
|
|
33
|
+
* - LSP: every provider returns events shaped by `AuditEvent`;
|
|
34
|
+
* consumers branch only on `outcome` / `action` for behavior.
|
|
35
|
+
* - DIP: recorder + drawer depend on this interface, never on
|
|
36
|
+
* concrete classes.
|
|
37
|
+
* - ISP: interface stays narrow — record + optional query + optional
|
|
38
|
+
* queryUrl. No capability-detection methods every provider must
|
|
39
|
+
* stub out.
|
|
40
|
+
*/
|
|
41
|
+
import type { AuditEvent, AuditQuery } from './types.js';
|
|
42
|
+
export interface AuditProvider {
|
|
43
|
+
/**
|
|
44
|
+
* Stable name. Used in failure log entries and in the audit
|
|
45
|
+
* drawer's "View in {name}" deep-link button. Convention:
|
|
46
|
+
* lowercase-kebab-case (`'history'`, `'cloudwatch'`,
|
|
47
|
+
* `'http-webhook'`).
|
|
48
|
+
*/
|
|
49
|
+
readonly name: string;
|
|
50
|
+
/**
|
|
51
|
+
* Record an audit event. MUST NOT throw on transport errors;
|
|
52
|
+
* fall back to local recording on failure. Audit failures never
|
|
53
|
+
* block writes (fail-open default; strict mode opt-in via
|
|
54
|
+
* `admin.audit.strict: true` — handled by the recorder dispatcher
|
|
55
|
+
* in Cut 3).
|
|
56
|
+
*/
|
|
57
|
+
record(event: AuditEvent): Promise<void>;
|
|
58
|
+
/**
|
|
59
|
+
* Optional — providers that own queryable storage implement this.
|
|
60
|
+
* External-sink providers that push events elsewhere (CloudWatch,
|
|
61
|
+
* webhook, OTel) omit it; the audit drawer falls back to a deep
|
|
62
|
+
* link from `queryUrl()` in those cases.
|
|
63
|
+
*/
|
|
64
|
+
query?(filter: AuditQuery): Promise<AuditEvent[]>;
|
|
65
|
+
/**
|
|
66
|
+
* Optional — providers that push to an external destination
|
|
67
|
+
* return a deep-link to the operator's destination console.
|
|
68
|
+
* Returning `null` means "configured but no link available."
|
|
69
|
+
* Providers that own queryable storage typically omit this.
|
|
70
|
+
*/
|
|
71
|
+
queryUrl?(): string | null;
|
|
72
|
+
}
|
|
73
|
+
//# sourceMappingURL=provider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../src/audit/provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAExD,MAAM,WAAW,aAAa;IAC5B;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACxC;;;;;OAKG;IACH,KAAK,CAAC,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAA;IACjD;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,MAAM,GAAG,IAAI,CAAA;CAC3B"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../src/audit/provider.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `HistoryAuditProvider` — v1 in-tree audit provider that stores
|
|
3
|
+
* events in the target's `.gazetta/audit/events.jsonl` file.
|
|
4
|
+
*
|
|
5
|
+
* # Why JSONL, not extending Revisions
|
|
6
|
+
*
|
|
7
|
+
* Per `design-audit.md`: "Audit and history are conceptually peer
|
|
8
|
+
* surfaces. v1 ships them unified in HistoryAuditProvider (writes a
|
|
9
|
+
* revision on success; writes an audit event on every outcome)."
|
|
10
|
+
*
|
|
11
|
+
* The simplest unified shape: history-recorder keeps writing
|
|
12
|
+
* Revisions for the success path (existing primitive, unchanged);
|
|
13
|
+
* audit events live in a parallel JSONL file under the same
|
|
14
|
+
* `.gazetta/` namespace. Failure outcomes (forbidden /
|
|
15
|
+
* validation-failed / unauthenticated) write only to the audit log
|
|
16
|
+
* (no content snapshot — there was no successful write to record).
|
|
17
|
+
* Success outcomes write to BOTH (revision in `.gazetta/history/`,
|
|
18
|
+
* audit event in `.gazetta/audit/events.jsonl`); the audit-event
|
|
19
|
+
* carries the actor + outcome + scope context the revision shape
|
|
20
|
+
* predates.
|
|
21
|
+
*
|
|
22
|
+
* The alternative — extending `Revision` with `actor` + `outcome` —
|
|
23
|
+
* forces the existing history machinery to handle audit-only
|
|
24
|
+
* revisions (no snapshot). Rather than complicate history-recorder
|
|
25
|
+
* with optional-snapshot revision flow, the audit log gets its own
|
|
26
|
+
* append-only file. v1 validation: simpler shape; same multi-instance
|
|
27
|
+
* guarantees.
|
|
28
|
+
*
|
|
29
|
+
* # Multi-instance correctness
|
|
30
|
+
*
|
|
31
|
+
* One file per instance. Each admin process writes to
|
|
32
|
+
* `events-{instance-id}.jsonl` so concurrent appends don't race.
|
|
33
|
+
* Reads aggregate via `readDir` + concat. Same pattern as
|
|
34
|
+
* design-audit.md "v2 reserved" notes for `FileAuditProvider`:
|
|
35
|
+
* "filesystem POSIX `O_APPEND` for small writes; R2/S3/Azure use
|
|
36
|
+
* per-instance file (`events.{instance-id}.jsonl`)".
|
|
37
|
+
*
|
|
38
|
+
* v1 is per-instance file unconditionally — no special-casing
|
|
39
|
+
* filesystem vs cloud storage. Filesystem operators pay one extra
|
|
40
|
+
* file per process (negligible); cloud-storage operators get the
|
|
41
|
+
* concurrency safety they need.
|
|
42
|
+
*
|
|
43
|
+
* # SOLID lenses
|
|
44
|
+
*
|
|
45
|
+
* - SRP: this provider only writes/reads JSONL. Recording dispatch,
|
|
46
|
+
* pseudonymization, and source-IP extraction live elsewhere.
|
|
47
|
+
* - LSP: implements `AuditProvider`; consumers don't know it's
|
|
48
|
+
* filesystem-backed.
|
|
49
|
+
* - DIP: takes a `StorageProvider` instance — works against
|
|
50
|
+
* filesystem, R2, S3, Azure Blob uniformly.
|
|
51
|
+
*/
|
|
52
|
+
import type { StorageProvider } from '../../types.js';
|
|
53
|
+
import type { AuditProvider } from '../provider.js';
|
|
54
|
+
export interface HistoryAuditProviderOptions {
|
|
55
|
+
/** Storage provider for the target. Audit events live under `.gazetta/audit/`. */
|
|
56
|
+
storage: StorageProvider;
|
|
57
|
+
/**
|
|
58
|
+
* Per-process instance identifier. Disambiguates JSONL file
|
|
59
|
+
* names for multi-instance correctness. Production resolves
|
|
60
|
+
* this from K_REVISION (Cloud Run) → os.hostname() → random
|
|
61
|
+
* 8-char hex (per design-logging.md conventions).
|
|
62
|
+
*/
|
|
63
|
+
instance: string;
|
|
64
|
+
}
|
|
65
|
+
export declare function createHistoryAuditProvider(opts: HistoryAuditProviderOptions): AuditProvider;
|
|
66
|
+
//# sourceMappingURL=history.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"history.d.ts","sourceRoot":"","sources":["../../../src/audit/providers/history.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAErD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAEnD,MAAM,WAAW,2BAA2B;IAC1C,kFAAkF;IAClF,OAAO,EAAE,eAAe,CAAA;IACxB;;;;;OAKG;IACH,QAAQ,EAAE,MAAM,CAAA;CACjB;AAID,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,2BAA2B,GAAG,aAAa,CA0F3F"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
const AUDIT_DIR = '.gazetta/audit';
|
|
2
|
+
export function createHistoryAuditProvider(opts) {
|
|
3
|
+
const { storage, instance } = opts;
|
|
4
|
+
const eventsPath = `${AUDIT_DIR}/events-${instance}.jsonl`;
|
|
5
|
+
async function appendEvent(event) {
|
|
6
|
+
// Read-modify-write per call. JSONL append-only on filesystem
|
|
7
|
+
// would be cheaper, but cloud StorageProvider (R2/S3/Azure)
|
|
8
|
+
// doesn't expose append — every write is whole-object replace.
|
|
9
|
+
// The per-instance file scoping makes RMW safe (no other
|
|
10
|
+
// instance writes to this file); the cost is one extra read
|
|
11
|
+
// per event. Acceptable for v1 latency budget (50-200ms).
|
|
12
|
+
let existing = '';
|
|
13
|
+
try {
|
|
14
|
+
existing = await storage.readFile(eventsPath);
|
|
15
|
+
}
|
|
16
|
+
catch {
|
|
17
|
+
// First write — file doesn't exist yet. Create the directory
|
|
18
|
+
// if the storage provider needs it (filesystem mkdir).
|
|
19
|
+
await storage.mkdir(AUDIT_DIR).catch(() => {
|
|
20
|
+
// Provider may not require mkdir (S3/R2 have no concept);
|
|
21
|
+
// swallow.
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
const line = JSON.stringify(event) + '\n';
|
|
25
|
+
await storage.writeFile(eventsPath, existing + line);
|
|
26
|
+
}
|
|
27
|
+
async function readAllEvents() {
|
|
28
|
+
// List all instance files + concat. readDir returns DirEntry
|
|
29
|
+
// shapes; we filter to the events-*.jsonl pattern so unrelated
|
|
30
|
+
// files (audit-index sidecars in the future) don't get parsed
|
|
31
|
+
// as events.
|
|
32
|
+
let entries;
|
|
33
|
+
try {
|
|
34
|
+
entries = await storage.readDir(AUDIT_DIR);
|
|
35
|
+
}
|
|
36
|
+
catch {
|
|
37
|
+
// No audit directory yet — nothing to read.
|
|
38
|
+
return [];
|
|
39
|
+
}
|
|
40
|
+
const events = [];
|
|
41
|
+
for (const entry of entries) {
|
|
42
|
+
if (entry.isDirectory)
|
|
43
|
+
continue;
|
|
44
|
+
if (!entry.name.startsWith('events-') || !entry.name.endsWith('.jsonl'))
|
|
45
|
+
continue;
|
|
46
|
+
const content = await storage.readFile(`${AUDIT_DIR}/${entry.name}`);
|
|
47
|
+
for (const line of content.split('\n')) {
|
|
48
|
+
const trimmed = line.trim();
|
|
49
|
+
if (!trimmed)
|
|
50
|
+
continue;
|
|
51
|
+
try {
|
|
52
|
+
events.push(JSON.parse(trimmed));
|
|
53
|
+
}
|
|
54
|
+
catch {
|
|
55
|
+
// Malformed line — skip. A corrupt single line shouldn't
|
|
56
|
+
// poison the whole query. Future: structured-log this.
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
return events;
|
|
61
|
+
}
|
|
62
|
+
function matchesFilter(event, filter) {
|
|
63
|
+
if (filter.action && event.action !== filter.action)
|
|
64
|
+
return false;
|
|
65
|
+
if (filter.outcome && event.outcome !== filter.outcome)
|
|
66
|
+
return false;
|
|
67
|
+
if (filter.scope?.kind && event.scope.kind !== filter.scope.kind)
|
|
68
|
+
return false;
|
|
69
|
+
if (filter.scope?.name && event.scope.name !== filter.scope.name)
|
|
70
|
+
return false;
|
|
71
|
+
if (filter.actor) {
|
|
72
|
+
const needle = filter.actor.toLowerCase();
|
|
73
|
+
const idMatch = event.actor.id.toLowerCase().includes(needle);
|
|
74
|
+
const emailMatch = event.actor.email?.toLowerCase().includes(needle) ?? false;
|
|
75
|
+
if (!idMatch && !emailMatch)
|
|
76
|
+
return false;
|
|
77
|
+
}
|
|
78
|
+
if (filter.since && event.timestamp < filter.since)
|
|
79
|
+
return false;
|
|
80
|
+
if (filter.until && event.timestamp >= filter.until)
|
|
81
|
+
return false;
|
|
82
|
+
return true;
|
|
83
|
+
}
|
|
84
|
+
return {
|
|
85
|
+
name: 'history',
|
|
86
|
+
async record(event) {
|
|
87
|
+
await appendEvent(event);
|
|
88
|
+
},
|
|
89
|
+
async query(filter) {
|
|
90
|
+
const all = await readAllEvents();
|
|
91
|
+
// Sort newest-first per audit-drawer convention. Stable sort
|
|
92
|
+
// by timestamp (string compare on ISO-8601 works correctly).
|
|
93
|
+
all.sort((a, b) => b.timestamp.localeCompare(a.timestamp));
|
|
94
|
+
const matched = all.filter(e => matchesFilter(e, filter));
|
|
95
|
+
const limit = filter.limit ?? 100;
|
|
96
|
+
return matched.slice(0, Math.min(limit, 1000));
|
|
97
|
+
},
|
|
98
|
+
// queryUrl intentionally omitted — HistoryAuditProvider has
|
|
99
|
+
// queryable storage; the drawer reads via query() directly.
|
|
100
|
+
};
|
|
101
|
+
}
|
|
102
|
+
//# sourceMappingURL=history.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"history.js","sourceRoot":"","sources":["../../../src/audit/providers/history.ts"],"names":[],"mappings":"AAmEA,MAAM,SAAS,GAAG,gBAAgB,CAAA;AAElC,MAAM,UAAU,0BAA0B,CAAC,IAAiC;IAC1E,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAA;IAClC,MAAM,UAAU,GAAG,GAAG,SAAS,WAAW,QAAQ,QAAQ,CAAA;IAE1D,KAAK,UAAU,WAAW,CAAC,KAAiB;QAC1C,8DAA8D;QAC9D,4DAA4D;QAC5D,+DAA+D;QAC/D,yDAAyD;QACzD,4DAA4D;QAC5D,0DAA0D;QAC1D,IAAI,QAAQ,GAAG,EAAE,CAAA;QACjB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,6DAA6D;YAC7D,uDAAuD;YACvD,MAAM,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;gBACxC,0DAA0D;gBAC1D,WAAW;YACb,CAAC,CAAC,CAAA;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAA;QACzC,MAAM,OAAO,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,GAAG,IAAI,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,UAAU,aAAa;QAC1B,6DAA6D;QAC7D,+DAA+D;QAC/D,8DAA8D;QAC9D,aAAa;QACb,IAAI,OAAwD,CAAA;QAC5D,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,4CAA4C;YAC5C,OAAO,EAAE,CAAA;QACX,CAAC;QACD,MAAM,MAAM,GAAiB,EAAE,CAAA;QAC/B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,WAAW;gBAAE,SAAQ;YAC/B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,SAAQ;YACjF,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,GAAG,SAAS,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;YACpE,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;gBAC3B,IAAI,CAAC,OAAO;oBAAE,SAAQ;gBACtB,IAAI,CAAC;oBACH,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC,CAAA;gBAChD,CAAC;gBAAC,MAAM,CAAC;oBACP,yDAAyD;oBACzD,uDAAuD;gBACzD,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAED,SAAS,aAAa,CAAC,KAAiB,EAAE,MAAkB;QAC1D,IAAI,MAAM,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QACjE,IAAI,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,CAAC,OAAO;YAAE,OAAO,KAAK,CAAA;QACpE,IAAI,MAAM,CAAC,KAAK,EAAE,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,IAAI;YAAE,OAAO,KAAK,CAAA;QAC9E,IAAI,MAAM,CAAC,KAAK,EAAE,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,IAAI;YAAE,OAAO,KAAK,CAAA;QAC9E,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,CAAA;YACzC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;YAC7D,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAA;YAC7E,IAAI,CAAC,OAAO,IAAI,CAAC,UAAU;gBAAE,OAAO,KAAK,CAAA;QAC3C,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC,SAAS,GAAG,MAAM,CAAC,KAAK;YAAE,OAAO,KAAK,CAAA;QAChE,IAAI,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC,SAAS,IAAI,MAAM,CAAC,KAAK;YAAE,OAAO,KAAK,CAAA;QACjE,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO;QACL,IAAI,EAAE,SAAS;QACf,KAAK,CAAC,MAAM,CAAC,KAAiB;YAC5B,MAAM,WAAW,CAAC,KAAK,CAAC,CAAA;QAC1B,CAAC;QACD,KAAK,CAAC,KAAK,CAAC,MAAkB;YAC5B,MAAM,GAAG,GAAG,MAAM,aAAa,EAAE,CAAA;YACjC,6DAA6D;YAC7D,6DAA6D;YAC7D,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAA;YAC1D,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAA;YACzD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,GAAG,CAAA;YACjC,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAA;QAChD,CAAC;QACD,4DAA4D;QAC5D,4DAA4D;KAC7D,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type { AuditActor } from './types.js';
|
|
2
|
+
export type ActorPseudonymMode = 'none' | 'sha256';
|
|
3
|
+
/**
|
|
4
|
+
* Apply the configured pseudonymization mode to an actor snapshot.
|
|
5
|
+
*
|
|
6
|
+
* - `'none'` (default) — pass through unchanged.
|
|
7
|
+
* - `'sha256'` — replace `id` with the salted hash prefix; drop
|
|
8
|
+
* `email`.
|
|
9
|
+
*
|
|
10
|
+
* The original `actor` is never mutated; returns a new object.
|
|
11
|
+
*
|
|
12
|
+
* Throws when `mode === 'sha256'` and `salt` is empty/undefined —
|
|
13
|
+
* pseudonymization without a salt is a misconfiguration that would
|
|
14
|
+
* silently produce reversible-by-rainbow-table hashes. Caller (Cut
|
|
15
|
+
* 5's wiring) should catch this at boot via `AuditConfigurationError`
|
|
16
|
+
* when the env var is missing.
|
|
17
|
+
*/
|
|
18
|
+
export declare function pseudonymizeActor(actor: AuditActor, mode: ActorPseudonymMode, salt?: string): AuditActor;
|
|
19
|
+
/**
|
|
20
|
+
* Compute the pseudonymized id for an actor — exposed for forensic
|
|
21
|
+
* queries: an operator who knows the upstream sub + salt can
|
|
22
|
+
* compute the pseudonymized id and search the audit log without
|
|
23
|
+
* the recorder being involved.
|
|
24
|
+
*/
|
|
25
|
+
export declare function computePseudonymizedId(rawSub: string, salt: string): string;
|
|
26
|
+
//# sourceMappingURL=pseudonymize.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pseudonymize.d.ts","sourceRoot":"","sources":["../../src/audit/pseudonymize.ts"],"names":[],"mappings":"AAwCA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAE5C,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,QAAQ,CAAA;AAElD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,UAAU,CAkBxG;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAK3E"}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Actor pseudonymization — opt-in privacy hardening for audit events.
|
|
3
|
+
*
|
|
4
|
+
* Per `design-audit.md`'s "Pseudonymization" section: when
|
|
5
|
+
* `admin.audit.actorPseudonym: 'sha256'` is configured, the event's
|
|
6
|
+
* `actor.id` is replaced with `sha256(sub + GAZETTA_AUDIT_ACTOR_SALT)
|
|
7
|
+
* .slice(0, 16)`. The `actor.email` field is dropped (low-entropy
|
|
8
|
+
* email gives weak pseudonymization).
|
|
9
|
+
*
|
|
10
|
+
* # When to opt in
|
|
11
|
+
*
|
|
12
|
+
* - External-sink configurations where audit events leave Gazetta's
|
|
13
|
+
* process boundary (CloudWatch, OTel, webhook) — limits PII
|
|
14
|
+
* leakage if sink storage is compromised
|
|
15
|
+
* - Regulated contexts demanding pseudonymization-by-default (some
|
|
16
|
+
* EU healthcare contexts, German telecommunications data
|
|
17
|
+
* retention)
|
|
18
|
+
* - Multi-tenant SIEM correlation with shared salt across systems
|
|
19
|
+
*
|
|
20
|
+
* # Salt management
|
|
21
|
+
*
|
|
22
|
+
* - Salt is a credential. Stored in `GAZETTA_AUDIT_ACTOR_SALT` env
|
|
23
|
+
* var per Universal Provider Requirement #3. Never in
|
|
24
|
+
* `site.config.ts`.
|
|
25
|
+
* - 16+ random bytes recommended.
|
|
26
|
+
* - Salt rotation breaks historic correlation by design — rotate
|
|
27
|
+
* per security policy (annually typical); document rotation
|
|
28
|
+
* dates so forensic queries can scope by salt-era.
|
|
29
|
+
* - Multi-instance: every instance reads the same env → deterministic
|
|
30
|
+
* hash across instances.
|
|
31
|
+
*
|
|
32
|
+
* # SOLID lenses
|
|
33
|
+
*
|
|
34
|
+
* - SRP: pseudonymization only. Doesn't dispatch, doesn't extract
|
|
35
|
+
* identity. Pure function over `(actor, mode)`.
|
|
36
|
+
* - DIP: takes the salt as a string parameter (dependency-injected
|
|
37
|
+
* by the caller); doesn't read `process.env` directly so tests
|
|
38
|
+
* can pass deterministic salts.
|
|
39
|
+
*/
|
|
40
|
+
import { createHash } from 'node:crypto';
|
|
41
|
+
/**
|
|
42
|
+
* Apply the configured pseudonymization mode to an actor snapshot.
|
|
43
|
+
*
|
|
44
|
+
* - `'none'` (default) — pass through unchanged.
|
|
45
|
+
* - `'sha256'` — replace `id` with the salted hash prefix; drop
|
|
46
|
+
* `email`.
|
|
47
|
+
*
|
|
48
|
+
* The original `actor` is never mutated; returns a new object.
|
|
49
|
+
*
|
|
50
|
+
* Throws when `mode === 'sha256'` and `salt` is empty/undefined —
|
|
51
|
+
* pseudonymization without a salt is a misconfiguration that would
|
|
52
|
+
* silently produce reversible-by-rainbow-table hashes. Caller (Cut
|
|
53
|
+
* 5's wiring) should catch this at boot via `AuditConfigurationError`
|
|
54
|
+
* when the env var is missing.
|
|
55
|
+
*/
|
|
56
|
+
export function pseudonymizeActor(actor, mode, salt) {
|
|
57
|
+
if (mode === 'none')
|
|
58
|
+
return actor;
|
|
59
|
+
// mode === 'sha256'
|
|
60
|
+
if (!salt || salt.length === 0) {
|
|
61
|
+
throw new Error('actorPseudonym: sha256 requires a non-empty salt (set GAZETTA_AUDIT_ACTOR_SALT environment variable)');
|
|
62
|
+
}
|
|
63
|
+
const hash = createHash('sha256')
|
|
64
|
+
.update(actor.id + salt)
|
|
65
|
+
.digest('hex')
|
|
66
|
+
.slice(0, 16);
|
|
67
|
+
return {
|
|
68
|
+
id: hash,
|
|
69
|
+
// email dropped — low-entropy email gives weak pseudonymization.
|
|
70
|
+
role: actor.role,
|
|
71
|
+
trustMode: actor.trustMode,
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
/**
|
|
75
|
+
* Compute the pseudonymized id for an actor — exposed for forensic
|
|
76
|
+
* queries: an operator who knows the upstream sub + salt can
|
|
77
|
+
* compute the pseudonymized id and search the audit log without
|
|
78
|
+
* the recorder being involved.
|
|
79
|
+
*/
|
|
80
|
+
export function computePseudonymizedId(rawSub, salt) {
|
|
81
|
+
return createHash('sha256')
|
|
82
|
+
.update(rawSub + salt)
|
|
83
|
+
.digest('hex')
|
|
84
|
+
.slice(0, 16);
|
|
85
|
+
}
|
|
86
|
+
//# sourceMappingURL=pseudonymize.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pseudonymize.js","sourceRoot":"","sources":["../../src/audit/pseudonymize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAKxC;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAiB,EAAE,IAAwB,EAAE,IAAa;IAC1F,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,KAAK,CAAA;IACjC,oBAAoB;IACpB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,sGAAsG,CACvG,CAAA;IACH,CAAC;IACD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC;SAC9B,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC;SACvB,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACf,OAAO;QACL,EAAE,EAAE,IAAI;QACR,iEAAiE;QACjE,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,SAAS,EAAE,KAAK,CAAC,SAAS;KAC3B,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAc,EAAE,IAAY;IACjE,OAAO,UAAU,CAAC,QAAQ,CAAC;SACxB,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC;SACrB,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AACjB,CAAC"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit-recording dispatcher. The fan-out + fail-open layer that
|
|
3
|
+
* separates recording sites (save/publish/delete/restore handlers)
|
|
4
|
+
* from individual `AuditProvider` implementations.
|
|
5
|
+
*
|
|
6
|
+
* # Locked design — synchronous fail-open, parallel fan-out
|
|
7
|
+
*
|
|
8
|
+
* Per `design-audit.md`'s "Recording timing":
|
|
9
|
+
*
|
|
10
|
+
* - **Synchronous** — operation awaits the audit attempt. If the
|
|
11
|
+
* user got a success response, the audit attempt was completed.
|
|
12
|
+
* Async queuing would lose in-flight events on process restart.
|
|
13
|
+
* - **Fail-open by default** — provider failures never block the
|
|
14
|
+
* write. Operators in compliance contexts opt into `strict: true`
|
|
15
|
+
* (any provider failure blocks the write).
|
|
16
|
+
* - **Parallel fan-out** — `Promise.allSettled` so two providers'
|
|
17
|
+
* latencies don't stack. Failures are independent.
|
|
18
|
+
*
|
|
19
|
+
* # Failure log — no payload
|
|
20
|
+
*
|
|
21
|
+
* Per Universal Provider Requirement #5: "When audit recording fails
|
|
22
|
+
* (fail-open), the failure log entry MUST NOT contain event payload."
|
|
23
|
+
* The recorder logs only `{ provider, eventId, category }` — never
|
|
24
|
+
* the actor, scope, or metadata. Prevents PII side-channels into
|
|
25
|
+
* application stderr / log shipping.
|
|
26
|
+
*
|
|
27
|
+
* # Strict mode
|
|
28
|
+
*
|
|
29
|
+
* For HIPAA / SOC 2 compliance contexts where "audit recording
|
|
30
|
+
* confirmed successful" is a hard prerequisite for the write to
|
|
31
|
+
* proceed. The recorder's caller (Cut 5's wired handlers) checks
|
|
32
|
+
* the `failed` flag in the result and aborts the write when strict
|
|
33
|
+
* mode is on.
|
|
34
|
+
*
|
|
35
|
+
* # SOLID lenses
|
|
36
|
+
*
|
|
37
|
+
* - SRP: dispatch + failure-log only. Doesn't construct providers,
|
|
38
|
+
* doesn't extract identity (Cut 4 handles privacy / source-IP
|
|
39
|
+
* extraction).
|
|
40
|
+
* - DIP: takes a `readonly AuditProvider[]` and an opaque logger
|
|
41
|
+
* callback; no coupling to specific providers or to Hono.
|
|
42
|
+
*/
|
|
43
|
+
import type { AuditEvent } from './types.js';
|
|
44
|
+
import type { AuditProvider } from './provider.js';
|
|
45
|
+
export interface AuditFailureLog {
|
|
46
|
+
/** Provider name that failed. Per design: log identifies which sink dropped. */
|
|
47
|
+
provider: string;
|
|
48
|
+
/**
|
|
49
|
+
* Categorical reason — `transport` for network/HTTP failures,
|
|
50
|
+
* `serialize` for unparseable events, `quota` for sink full.
|
|
51
|
+
* Surface to log aggregators for filtering.
|
|
52
|
+
*/
|
|
53
|
+
category: 'transport' | 'serialize' | 'quota';
|
|
54
|
+
/** Reason text for diagnostics. PII-free; never the event payload. */
|
|
55
|
+
reason: string;
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Logger callback signature. Production wires to `pino` per
|
|
59
|
+
* `design-logging.md`; tests inject stubs to assert shape + count.
|
|
60
|
+
*
|
|
61
|
+
* Note: NEVER receives the event payload. The logger contract is
|
|
62
|
+
* narrow on purpose — operator's log-shipping pipeline can't
|
|
63
|
+
* accidentally surface PII via the audit failure path.
|
|
64
|
+
*/
|
|
65
|
+
export type AuditFailureLogger = (entry: AuditFailureLog) => void;
|
|
66
|
+
export interface RecordToAllOptions {
|
|
67
|
+
/** Providers to fan out to. Order doesn't matter (parallel). */
|
|
68
|
+
providers: ReadonlyArray<AuditProvider>;
|
|
69
|
+
/**
|
|
70
|
+
* Strict mode flag. `true` → caller blocks the write on any
|
|
71
|
+
* provider failure (per design-audit.md "Strict mode opt-in").
|
|
72
|
+
* `false` (default) → fail-open; operations always proceed.
|
|
73
|
+
*/
|
|
74
|
+
strict?: boolean;
|
|
75
|
+
/**
|
|
76
|
+
* Failure logger. Production wires `pino`. Tests inject `vi.fn()`.
|
|
77
|
+
* When undefined, failures pass silently — useful for tests that
|
|
78
|
+
* don't care about log output, but production should always wire
|
|
79
|
+
* a real logger for diagnosability.
|
|
80
|
+
*/
|
|
81
|
+
logFailure?: AuditFailureLogger;
|
|
82
|
+
}
|
|
83
|
+
export interface RecordResult {
|
|
84
|
+
/** Number of providers that successfully recorded. */
|
|
85
|
+
succeeded: number;
|
|
86
|
+
/**
|
|
87
|
+
* Number of providers that failed. Always 0 when no providers are
|
|
88
|
+
* configured. Caller uses this in strict mode to abort the write.
|
|
89
|
+
*/
|
|
90
|
+
failed: number;
|
|
91
|
+
/** Per-provider failure entries — for diagnostic surfaces. */
|
|
92
|
+
failures: ReadonlyArray<AuditFailureLog>;
|
|
93
|
+
}
|
|
94
|
+
/**
|
|
95
|
+
* Fan-out an event to every configured provider in parallel.
|
|
96
|
+
* Returns counts + per-failure entries; never throws (per Universal
|
|
97
|
+
* Provider Requirement #5). Strict-mode behavior is the caller's
|
|
98
|
+
* concern — the recorder does the dispatch + log; the caller branches
|
|
99
|
+
* on `result.failed > 0` to abort the write.
|
|
100
|
+
*/
|
|
101
|
+
export declare function recordToAll(event: AuditEvent, opts: RecordToAllOptions): Promise<RecordResult>;
|
|
102
|
+
//# sourceMappingURL=recorder.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"recorder.d.ts","sourceRoot":"","sources":["../../src/audit/recorder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAC5C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAElD,MAAM,WAAW,eAAe;IAC9B,gFAAgF;IAChF,QAAQ,EAAE,MAAM,CAAA;IAChB;;;;OAIG;IACH,QAAQ,EAAE,WAAW,GAAG,WAAW,GAAG,OAAO,CAAA;IAC7C,sEAAsE;IACtE,MAAM,EAAE,MAAM,CAAA;CACf;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAA;AAEjE,MAAM,WAAW,kBAAkB;IACjC,gEAAgE;IAChE,SAAS,EAAE,aAAa,CAAC,aAAa,CAAC,CAAA;IACvC;;;;OAIG;IACH,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,kBAAkB,CAAA;CAChC;AAED,MAAM,WAAW,YAAY;IAC3B,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAA;IACjB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAA;IACd,8DAA8D;IAC9D,QAAQ,EAAE,aAAa,CAAC,eAAe,CAAC,CAAA;CACzC;AAED;;;;;;GAMG;AACH,wBAAsB,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,YAAY,CAAC,CAuBpG"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Fan-out an event to every configured provider in parallel.
|
|
3
|
+
* Returns counts + per-failure entries; never throws (per Universal
|
|
4
|
+
* Provider Requirement #5). Strict-mode behavior is the caller's
|
|
5
|
+
* concern — the recorder does the dispatch + log; the caller branches
|
|
6
|
+
* on `result.failed > 0` to abort the write.
|
|
7
|
+
*/
|
|
8
|
+
export async function recordToAll(event, opts) {
|
|
9
|
+
const { providers, logFailure } = opts;
|
|
10
|
+
if (providers.length === 0)
|
|
11
|
+
return { succeeded: 0, failed: 0, failures: [] };
|
|
12
|
+
const results = await Promise.allSettled(providers.map(p => p.record(event)));
|
|
13
|
+
const failures = [];
|
|
14
|
+
let succeeded = 0;
|
|
15
|
+
for (let i = 0; i < results.length; i++) {
|
|
16
|
+
const result = results[i];
|
|
17
|
+
const provider = providers[i];
|
|
18
|
+
if (result.status === 'fulfilled') {
|
|
19
|
+
succeeded++;
|
|
20
|
+
continue;
|
|
21
|
+
}
|
|
22
|
+
const entry = {
|
|
23
|
+
provider: provider.name,
|
|
24
|
+
category: categorizeFailure(result.reason),
|
|
25
|
+
reason: extractReason(result.reason),
|
|
26
|
+
};
|
|
27
|
+
failures.push(entry);
|
|
28
|
+
logFailure?.(entry);
|
|
29
|
+
}
|
|
30
|
+
return { succeeded, failed: failures.length, failures };
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Categorize a thrown reason into the closed-enum category. Maps
|
|
34
|
+
* `AuditTransportError.category` directly when present; falls back
|
|
35
|
+
* to `'transport'` for unknown errors (most common — provider
|
|
36
|
+
* SDKs rarely throw structured failure types).
|
|
37
|
+
*/
|
|
38
|
+
function categorizeFailure(reason) {
|
|
39
|
+
if (reason instanceof Error) {
|
|
40
|
+
// AuditTransportError carries category as a typed field.
|
|
41
|
+
const maybeCategory = reason.category;
|
|
42
|
+
if (maybeCategory === 'transport' || maybeCategory === 'serialize' || maybeCategory === 'quota') {
|
|
43
|
+
return maybeCategory;
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
return 'transport';
|
|
47
|
+
}
|
|
48
|
+
function extractReason(reason) {
|
|
49
|
+
if (reason instanceof Error)
|
|
50
|
+
return reason.message;
|
|
51
|
+
if (typeof reason === 'string')
|
|
52
|
+
return reason;
|
|
53
|
+
return 'unknown failure';
|
|
54
|
+
}
|
|
55
|
+
//# sourceMappingURL=recorder.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"recorder.js","sourceRoot":"","sources":["../../src/audit/recorder.ts"],"names":[],"mappings":"AAkGA;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAiB,EAAE,IAAwB;IAC3E,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;IACtC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAA;IAE5E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC7E,MAAM,QAAQ,GAAsB,EAAE,CAAA;IACtC,IAAI,SAAS,GAAG,CAAC,CAAA;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;QACzB,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;QAC7B,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,SAAS,EAAE,CAAA;YACX,SAAQ;QACV,CAAC;QACD,MAAM,KAAK,GAAoB;YAC7B,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,QAAQ,EAAE,iBAAiB,CAAC,MAAM,CAAC,MAAM,CAAC;YAC1C,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC;SACrC,CAAA;QACD,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACpB,UAAU,EAAE,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAA;AACzD,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,MAAe;IACxC,IAAI,MAAM,YAAY,KAAK,EAAE,CAAC;QAC5B,yDAAyD;QACzD,MAAM,aAAa,GAAI,MAAiC,CAAC,QAAQ,CAAA;QACjE,IAAI,aAAa,KAAK,WAAW,IAAI,aAAa,KAAK,WAAW,IAAI,aAAa,KAAK,OAAO,EAAE,CAAC;YAChG,OAAO,aAAa,CAAA;QACtB,CAAC;IACH,CAAC;IACD,OAAO,WAAW,CAAA;AACpB,CAAC;AAED,SAAS,aAAa,CAAC,MAAe;IACpC,IAAI,MAAM,YAAY,KAAK;QAAE,OAAO,MAAM,CAAC,OAAO,CAAA;IAClD,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAA;IAC7C,OAAO,iBAAiB,CAAA;AAC1B,CAAC"}
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit retention pruner.
|
|
3
|
+
*
|
|
4
|
+
* Per design-audit.md "Retention": audit retention is configurable
|
|
5
|
+
* independently from content history retention. Two dimensions:
|
|
6
|
+
*
|
|
7
|
+
* - `events` — max event count kept across all per-instance JSONL
|
|
8
|
+
* files. When exceeded, oldest events evicted (timestamp-sort
|
|
9
|
+
* ascending; drop from the head).
|
|
10
|
+
* - `maxAgeMonths` — max age in months. Events older than the
|
|
11
|
+
* cutoff evicted regardless of count.
|
|
12
|
+
*
|
|
13
|
+
* Operator sets one or both. When neither set, the pruner is a no-op
|
|
14
|
+
* (audit accumulates indefinitely until storage budget exhausted —
|
|
15
|
+
* operator's choice; documented).
|
|
16
|
+
*
|
|
17
|
+
* # JSONL storage shape
|
|
18
|
+
*
|
|
19
|
+
* Per `HistoryAuditProvider`, events live in
|
|
20
|
+
* `.gazetta/audit/events-{instance-id}.jsonl` — one file per admin
|
|
21
|
+
* instance. The pruner walks every events file, parses lines into
|
|
22
|
+
* AuditEvent objects, applies retention, and rewrites each file with
|
|
23
|
+
* the surviving lines. Per-file rewrite preserves the per-instance
|
|
24
|
+
* scoping (no cross-instance interleaving).
|
|
25
|
+
*
|
|
26
|
+
* # Multi-instance correctness
|
|
27
|
+
*
|
|
28
|
+
* Per-revision file granularity (each instance's file is independent)
|
|
29
|
+
* means concurrent pruners on the same target converge. If instance A
|
|
30
|
+
* is rewriting events-A.jsonl while instance B is rewriting
|
|
31
|
+
* events-B.jsonl, no race. If two pruners on different hosts try to
|
|
32
|
+
* rewrite the SAME events-A.jsonl simultaneously (two instances with
|
|
33
|
+
* the same hostname / K_REVISION), the storage provider's atomic
|
|
34
|
+
* write-then-rename keeps the file consistent — last-write-wins is
|
|
35
|
+
* fine because both pruners compute the same surviving set from the
|
|
36
|
+
* same input bytes.
|
|
37
|
+
*
|
|
38
|
+
* # Why JSONL-line pruning, not whole-file deletion
|
|
39
|
+
*
|
|
40
|
+
* The pruner has to handle events file-by-file because:
|
|
41
|
+
* - Different instances have different event mixes; deleting an
|
|
42
|
+
* entire instance's file would lose events newer than the cutoff
|
|
43
|
+
* - Events within one instance's file span time; some pruned, some
|
|
44
|
+
* kept — selective line removal is the right granularity
|
|
45
|
+
*
|
|
46
|
+
* # Returns: PruneResult
|
|
47
|
+
*
|
|
48
|
+
* Diagnostic info for the caller's log + metrics. `eventsKept` and
|
|
49
|
+
* `eventsEvicted` together = total events pre-prune.
|
|
50
|
+
*
|
|
51
|
+
* # SOLID lenses
|
|
52
|
+
*
|
|
53
|
+
* - SRP: retention only; doesn't construct providers, doesn't
|
|
54
|
+
* audit pruner-events itself (would create recursion).
|
|
55
|
+
* - DIP: takes a StorageProvider — works against filesystem, R2,
|
|
56
|
+
* S3, Azure Blob uniformly.
|
|
57
|
+
*/
|
|
58
|
+
import type { StorageProvider } from '../types.js';
|
|
59
|
+
export interface AuditRetentionConfig {
|
|
60
|
+
/** Max event count kept. When exceeded, oldest evicted. */
|
|
61
|
+
events?: number;
|
|
62
|
+
/** Max age in months. Events older than the cutoff evicted. */
|
|
63
|
+
maxAgeMonths?: number | null;
|
|
64
|
+
}
|
|
65
|
+
export interface PruneResult {
|
|
66
|
+
/** Number of events present before pruning. */
|
|
67
|
+
eventsBefore: number;
|
|
68
|
+
/** Number of events surviving. */
|
|
69
|
+
eventsKept: number;
|
|
70
|
+
/** Number of events evicted. */
|
|
71
|
+
eventsEvicted: number;
|
|
72
|
+
/** Files rewritten (only files with at least one eviction). */
|
|
73
|
+
filesRewritten: number;
|
|
74
|
+
/** Files inspected (every events file under .gazetta/audit/). */
|
|
75
|
+
filesInspected: number;
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Walk the audit JSONL files, evict events that violate retention,
|
|
79
|
+
* rewrite each affected file. No-op when retention config has neither
|
|
80
|
+
* `events` nor `maxAgeMonths` set.
|
|
81
|
+
*/
|
|
82
|
+
export declare function pruneAuditEvents(storage: StorageProvider, config: AuditRetentionConfig): Promise<PruneResult>;
|
|
83
|
+
//# sourceMappingURL=retention.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"retention.d.ts","sourceRoot":"","sources":["../../src/audit/retention.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAGlD,MAAM,WAAW,oBAAoB;IACnC,2DAA2D;IAC3D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,+DAA+D;IAC/D,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,WAAW;IAC1B,+CAA+C;IAC/C,YAAY,EAAE,MAAM,CAAA;IACpB,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAA;IAClB,gCAAgC;IAChC,aAAa,EAAE,MAAM,CAAA;IACrB,+DAA+D;IAC/D,cAAc,EAAE,MAAM,CAAA;IACtB,iEAAiE;IACjE,cAAc,EAAE,MAAM,CAAA;CACvB;AAID;;;;GAIG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,WAAW,CAAC,CA0HnH"}
|