npm - gazetta - Versions diffs - 0.6.0 → 0.8.0 - Mend

gazetta 0.6.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (983) hide show

package/admin-dist/assets/index-CBeq0rRb.js +693 -0
package/admin-dist/assets/index-Dtg1dTZQ.css +1 -0
package/admin-dist/assets/rolldown-runtime-BYbx6iT9.js +1 -0
package/admin-dist/assets/{vendor-primevue-C0Q_YTCb.js → vendor-primevue-CBGHkaXv.js} +183 -39
package/admin-dist/assets/{vendor-react-BipDVGow.js → vendor-react-BdW_kNCG.js} +2 -2
package/admin-dist/assets/vendor-rjsf-lN2SztQt.js +33 -0
package/admin-dist/assets/vendor-tiptap-C36yDquB.js +141 -0
package/admin-dist/assets/vendor-vue-Bt5uR1VW.js +1 -0
package/admin-dist/assets/workbox-window.prod.es5-DGMtIXHc.js +2 -0
package/admin-dist/index.html +8 -8
package/admin-dist/sw.js +1 -0
package/dist/admin-api/archived-name-conflict.d.ts +31 -0
package/dist/admin-api/archived-name-conflict.d.ts.map +1 -0
package/dist/admin-api/archived-name-conflict.js +226 -0
package/dist/admin-api/archived-name-conflict.js.map +1 -0
package/dist/admin-api/cache-stats-logger.d.ts +83 -0
package/dist/admin-api/cache-stats-logger.d.ts.map +1 -0
package/dist/admin-api/cache-stats-logger.js +59 -0
package/dist/admin-api/cache-stats-logger.js.map +1 -0
package/dist/admin-api/error-response.d.ts +21 -0
package/dist/admin-api/error-response.d.ts.map +1 -0
package/dist/admin-api/error-response.js +12 -0
package/dist/admin-api/error-response.js.map +1 -0
package/dist/admin-api/hook-audit-emitter.d.ts +38 -0
package/dist/admin-api/hook-audit-emitter.d.ts.map +1 -0
package/dist/admin-api/hook-audit-emitter.js +21 -0
package/dist/admin-api/hook-audit-emitter.js.map +1 -0
package/dist/admin-api/index.d.ts +84 -2
package/dist/admin-api/index.d.ts.map +1 -1
package/dist/admin-api/index.js +257 -32
package/dist/admin-api/index.js.map +1 -1
package/dist/admin-api/middleware/audit.d.ts +25 -0
package/dist/admin-api/middleware/audit.d.ts.map +1 -0
package/dist/admin-api/middleware/audit.js +65 -0
package/dist/admin-api/middleware/audit.js.map +1 -0
package/dist/admin-api/middleware/capability.d.ts +8 -0
package/dist/admin-api/middleware/capability.d.ts.map +1 -0
package/dist/admin-api/middleware/capability.js +65 -0
package/dist/admin-api/middleware/capability.js.map +1 -0
package/dist/admin-api/middleware/principal.d.ts +18 -0
package/dist/admin-api/middleware/principal.d.ts.map +1 -0
package/dist/admin-api/middleware/principal.js +128 -0
package/dist/admin-api/middleware/principal.js.map +1 -0
package/dist/admin-api/routes/archive-review.d.ts +80 -0
package/dist/admin-api/routes/archive-review.d.ts.map +1 -0
package/dist/admin-api/routes/archive-review.js +70 -0
package/dist/admin-api/routes/archive-review.js.map +1 -0
package/dist/admin-api/routes/archive.d.ts +145 -0
package/dist/admin-api/routes/archive.d.ts.map +1 -0
package/dist/admin-api/routes/archive.js +540 -0
package/dist/admin-api/routes/archive.js.map +1 -0
package/dist/admin-api/routes/assets.d.ts +21 -0
package/dist/admin-api/routes/assets.d.ts.map +1 -0
package/dist/admin-api/routes/assets.js +586 -0
package/dist/admin-api/routes/assets.js.map +1 -0
package/dist/admin-api/routes/audit.d.ts +71 -0
package/dist/admin-api/routes/audit.d.ts.map +1 -0
package/dist/admin-api/routes/audit.js +178 -0
package/dist/admin-api/routes/audit.js.map +1 -0
package/dist/admin-api/routes/compare.d.ts.map +1 -1
package/dist/admin-api/routes/compare.js +3 -2
package/dist/admin-api/routes/compare.js.map +1 -1
package/dist/admin-api/routes/fields.d.ts.map +1 -1
package/dist/admin-api/routes/fields.js +2 -1
package/dist/admin-api/routes/fields.js.map +1 -1
package/dist/admin-api/routes/fragments.d.ts +13 -1
package/dist/admin-api/routes/fragments.d.ts.map +1 -1
package/dist/admin-api/routes/fragments.js +128 -67
package/dist/admin-api/routes/fragments.js.map +1 -1
package/dist/admin-api/routes/health.d.ts +60 -0
package/dist/admin-api/routes/health.d.ts.map +1 -0
package/dist/admin-api/routes/health.js +65 -0
package/dist/admin-api/routes/health.js.map +1 -0
package/dist/admin-api/routes/history.d.ts +2 -1
package/dist/admin-api/routes/history.d.ts.map +1 -1
package/dist/admin-api/routes/history.js +26 -4
package/dist/admin-api/routes/history.js.map +1 -1
package/dist/admin-api/routes/pages.d.ts +20 -1
package/dist/admin-api/routes/pages.d.ts.map +1 -1
package/dist/admin-api/routes/pages.js +158 -85
package/dist/admin-api/routes/pages.js.map +1 -1
package/dist/admin-api/routes/preview.d.ts.map +1 -1
package/dist/admin-api/routes/preview.js +56 -17
package/dist/admin-api/routes/preview.js.map +1 -1
package/dist/admin-api/routes/publish.d.ts +19 -1
package/dist/admin-api/routes/publish.d.ts.map +1 -1
package/dist/admin-api/routes/publish.js +548 -99
package/dist/admin-api/routes/publish.js.map +1 -1
package/dist/admin-api/routes/rename.d.ts +62 -0
package/dist/admin-api/routes/rename.d.ts.map +1 -0
package/dist/admin-api/routes/rename.js +366 -0
package/dist/admin-api/routes/rename.js.map +1 -0
package/dist/admin-api/routes/site.d.ts.map +1 -1
package/dist/admin-api/routes/site.js +6 -18
package/dist/admin-api/routes/site.js.map +1 -1
package/dist/admin-api/routes/system.d.ts +23 -0
package/dist/admin-api/routes/system.d.ts.map +1 -0
package/dist/admin-api/routes/system.js +115 -0
package/dist/admin-api/routes/system.js.map +1 -0
package/dist/admin-api/routes/templates.d.ts +11 -1
package/dist/admin-api/routes/templates.d.ts.map +1 -1
package/dist/admin-api/routes/templates.js +36 -3
package/dist/admin-api/routes/templates.js.map +1 -1
package/dist/admin-api/routes/validation.d.ts +47 -0
package/dist/admin-api/routes/validation.d.ts.map +1 -0
package/dist/admin-api/routes/validation.js +120 -0
package/dist/admin-api/routes/validation.js.map +1 -0
package/dist/admin-api/schemas/archive.d.ts +124 -0
package/dist/admin-api/schemas/archive.d.ts.map +1 -0
package/dist/admin-api/schemas/archive.js +93 -0
package/dist/admin-api/schemas/archive.js.map +1 -0
package/dist/admin-api/schemas/assets.d.ts +64 -0
package/dist/admin-api/schemas/assets.d.ts.map +1 -0
package/dist/admin-api/schemas/assets.js +59 -0
package/dist/admin-api/schemas/assets.js.map +1 -0
package/dist/admin-api/schemas/audit.d.ts +175 -0
package/dist/admin-api/schemas/audit.d.ts.map +1 -0
package/dist/admin-api/schemas/audit.js +91 -0
package/dist/admin-api/schemas/audit.js.map +1 -0
package/dist/admin-api/schemas/error.d.ts +94 -0
package/dist/admin-api/schemas/error.d.ts.map +1 -0
package/dist/admin-api/schemas/error.js +79 -0
package/dist/admin-api/schemas/error.js.map +1 -0
package/dist/admin-api/schemas/fragments.d.ts +2 -0
package/dist/admin-api/schemas/fragments.d.ts.map +1 -1
package/dist/admin-api/schemas/fragments.js +4 -0
package/dist/admin-api/schemas/fragments.js.map +1 -1
package/dist/admin-api/schemas/index.d.ts +10 -0
package/dist/admin-api/schemas/index.d.ts.map +1 -1
package/dist/admin-api/schemas/index.js +10 -0
package/dist/admin-api/schemas/index.js.map +1 -1
package/dist/admin-api/schemas/pages.d.ts +2 -0
package/dist/admin-api/schemas/pages.d.ts.map +1 -1
package/dist/admin-api/schemas/pages.js +11 -0
package/dist/admin-api/schemas/pages.js.map +1 -1
package/dist/admin-api/schemas/rename.d.ts +77 -0
package/dist/admin-api/schemas/rename.d.ts.map +1 -0
package/dist/admin-api/schemas/rename.js +75 -0
package/dist/admin-api/schemas/rename.js.map +1 -0
package/dist/admin-api/schemas/site.d.ts +3 -2
package/dist/admin-api/schemas/site.d.ts.map +1 -1
package/dist/admin-api/schemas/site.js +3 -2
package/dist/admin-api/schemas/site.js.map +1 -1
package/dist/admin-api/schemas/system.d.ts +28 -0
package/dist/admin-api/schemas/system.d.ts.map +1 -0
package/dist/admin-api/schemas/system.js +35 -0
package/dist/admin-api/schemas/system.js.map +1 -0
package/dist/admin-api/schemas/targets.d.ts +55 -0
package/dist/admin-api/schemas/targets.d.ts.map +1 -1
package/dist/admin-api/schemas/targets.js +46 -0
package/dist/admin-api/schemas/targets.js.map +1 -1
package/dist/admin-api/schemas/templates.d.ts +54 -0
package/dist/admin-api/schemas/templates.d.ts.map +1 -1
package/dist/admin-api/schemas/templates.js +21 -0
package/dist/admin-api/schemas/templates.js.map +1 -1
package/dist/admin-api/schemas/validation.d.ts +101 -0
package/dist/admin-api/schemas/validation.d.ts.map +1 -0
package/dist/admin-api/schemas/validation.js +57 -0
package/dist/admin-api/schemas/validation.js.map +1 -0
package/dist/admin-api/source-context.d.ts +66 -17
package/dist/admin-api/source-context.d.ts.map +1 -1
package/dist/admin-api/source-context.js +43 -8
package/dist/admin-api/source-context.js.map +1 -1
package/dist/ai/adapter-scaffold.d.ts +63 -0
package/dist/ai/adapter-scaffold.d.ts.map +1 -0
package/dist/ai/adapter-scaffold.js +89 -0
package/dist/ai/adapter-scaffold.js.map +1 -0
package/dist/ai/compose-prompt.d.ts +50 -0
package/dist/ai/compose-prompt.d.ts.map +1 -0
package/dist/ai/compose-prompt.js +49 -0
package/dist/ai/compose-prompt.js.map +1 -0
package/dist/ai/errors.d.ts +65 -0
package/dist/ai/errors.d.ts.map +1 -0
package/dist/ai/errors.js +59 -0
package/dist/ai/errors.js.map +1 -0
package/dist/ai/index.d.ts +17 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +16 -0
package/dist/ai/index.js.map +1 -0
package/dist/ai/provider.d.ts +76 -0
package/dist/ai/provider.d.ts.map +1 -0
package/dist/ai/provider.js +13 -0
package/dist/ai/provider.js.map +1 -0
package/dist/ai/refusal.d.ts +50 -0
package/dist/ai/refusal.d.ts.map +1 -0
package/dist/ai/refusal.js +100 -0
package/dist/ai/refusal.js.map +1 -0
package/dist/ai/vision-prep.d.ts +32 -0
package/dist/ai/vision-prep.d.ts.map +1 -0
package/dist/ai/vision-prep.js +113 -0
package/dist/ai/vision-prep.js.map +1 -0
package/dist/alt/adapter.d.ts +140 -0
package/dist/alt/adapter.d.ts.map +1 -0
package/dist/alt/adapter.js +7 -0
package/dist/alt/adapter.js.map +1 -0
package/dist/alt/anthropic.d.ts +63 -0
package/dist/alt/anthropic.d.ts.map +1 -0
package/dist/alt/anthropic.js +147 -0
package/dist/alt/anthropic.js.map +1 -0
package/dist/alt/config.d.ts +67 -0
package/dist/alt/config.d.ts.map +1 -0
package/dist/alt/config.js +41 -0
package/dist/alt/config.js.map +1 -0
package/dist/alt/factory.d.ts +19 -0
package/dist/alt/factory.d.ts.map +1 -0
package/dist/alt/factory.js +69 -0
package/dist/alt/factory.js.map +1 -0
package/dist/alt/null-adapter.d.ts +3 -0
package/dist/alt/null-adapter.d.ts.map +1 -0
package/dist/alt/null-adapter.js +43 -0
package/dist/alt/null-adapter.js.map +1 -0
package/dist/alt/ollama.d.ts +40 -0
package/dist/alt/ollama.d.ts.map +1 -0
package/dist/alt/ollama.js +139 -0
package/dist/alt/ollama.js.map +1 -0
package/dist/alt/openai.d.ts +46 -0
package/dist/alt/openai.d.ts.map +1 -0
package/dist/alt/openai.js +118 -0
package/dist/alt/openai.js.map +1 -0
package/dist/alt/prompt-policies.d.ts +79 -0
package/dist/alt/prompt-policies.d.ts.map +1 -0
package/dist/alt/prompt-policies.js +67 -0
package/dist/alt/prompt-policies.js.map +1 -0
package/dist/alt/route-handler.d.ts +56 -0
package/dist/alt/route-handler.d.ts.map +1 -0
package/dist/alt/route-handler.js +122 -0
package/dist/alt/route-handler.js.map +1 -0
package/dist/alt/suggester.d.ts +57 -0
package/dist/alt/suggester.d.ts.map +1 -0
package/dist/alt/suggester.js +133 -0
package/dist/alt/suggester.js.map +1 -0
package/dist/app.js +1 -1
package/dist/app.js.map +1 -1
package/dist/archive-aliases.d.ts +79 -0
package/dist/archive-aliases.d.ts.map +1 -0
package/dist/archive-aliases.js +60 -0
package/dist/archive-aliases.js.map +1 -0
package/dist/archive-helpers.d.ts +73 -0
package/dist/archive-helpers.d.ts.map +1 -0
package/dist/archive-helpers.js +94 -0
package/dist/archive-helpers.js.map +1 -0
package/dist/assets/analyze-audio.d.ts +3 -0
package/dist/assets/analyze-audio.d.ts.map +1 -0
package/dist/assets/analyze-audio.js +80 -0
package/dist/assets/analyze-audio.js.map +1 -0
package/dist/assets/analyze-image.d.ts +19 -0
package/dist/assets/analyze-image.d.ts.map +1 -0
package/dist/assets/analyze-image.js +123 -0
package/dist/assets/analyze-image.js.map +1 -0
package/dist/assets/analyze.d.ts +94 -0
package/dist/assets/analyze.d.ts.map +1 -0
package/dist/assets/analyze.js +45 -0
package/dist/assets/analyze.js.map +1 -0
package/dist/assets/asset-deps.d.ts +30 -0
package/dist/assets/asset-deps.d.ts.map +1 -0
package/dist/assets/asset-deps.js +42 -0
package/dist/assets/asset-deps.js.map +1 -0
package/dist/assets/asset-paths.d.ts +155 -0
package/dist/assets/asset-paths.d.ts.map +1 -0
package/dist/assets/asset-paths.js +197 -0
package/dist/assets/asset-paths.js.map +1 -0
package/dist/assets/delete.d.ts +75 -0
package/dist/assets/delete.d.ts.map +1 -0
package/dist/assets/delete.js +82 -0
package/dist/assets/delete.js.map +1 -0
package/dist/assets/errors.d.ts +241 -0
package/dist/assets/errors.d.ts.map +1 -0
package/dist/assets/errors.js +300 -0
package/dist/assets/errors.js.map +1 -0
package/dist/assets/find-refs.d.ts +37 -0
package/dist/assets/find-refs.d.ts.map +1 -0
package/dist/assets/find-refs.js +35 -0
package/dist/assets/find-refs.js.map +1 -0
package/dist/assets/hash.d.ts +13 -0
package/dist/assets/hash.d.ts.map +1 -0
package/dist/assets/hash.js +43 -0
package/dist/assets/hash.js.map +1 -0
package/dist/assets/image-metadata.d.ts +11 -0
package/dist/assets/image-metadata.d.ts.map +1 -0
package/dist/assets/image-metadata.js +31 -0
package/dist/assets/image-metadata.js.map +1 -0
package/dist/assets/ingest-locale.d.ts +86 -0
package/dist/assets/ingest-locale.d.ts.map +1 -0
package/dist/assets/ingest-locale.js +209 -0
package/dist/assets/ingest-locale.js.map +1 -0
package/dist/assets/ingest.d.ts +96 -0
package/dist/assets/ingest.d.ts.map +1 -0
package/dist/assets/ingest.js +308 -0
package/dist/assets/ingest.js.map +1 -0
package/dist/assets/kind-compat.d.ts +34 -0
package/dist/assets/kind-compat.d.ts.map +1 -0
package/dist/assets/kind-compat.js +33 -0
package/dist/assets/kind-compat.js.map +1 -0
package/dist/assets/list.d.ts +46 -0
package/dist/assets/list.d.ts.map +1 -0
package/dist/assets/list.js +102 -0
package/dist/assets/list.js.map +1 -0
package/dist/assets/manifest-default.d.ts +56 -0
package/dist/assets/manifest-default.d.ts.map +1 -0
package/dist/assets/manifest-default.js +120 -0
package/dist/assets/manifest-default.js.map +1 -0
package/dist/assets/manifest-filename.d.ts +52 -0
package/dist/assets/manifest-filename.d.ts.map +1 -0
package/dist/assets/manifest-filename.js +104 -0
package/dist/assets/manifest-filename.js.map +1 -0
package/dist/assets/manifest-locale.d.ts +60 -0
package/dist/assets/manifest-locale.d.ts.map +1 -0
package/dist/assets/manifest-locale.js +206 -0
package/dist/assets/manifest-locale.js.map +1 -0
package/dist/assets/manifest-merge.d.ts +66 -0
package/dist/assets/manifest-merge.d.ts.map +1 -0
package/dist/assets/manifest-merge.js +82 -0
package/dist/assets/manifest-merge.js.map +1 -0
package/dist/assets/manifest.d.ts +83 -0
package/dist/assets/manifest.d.ts.map +1 -0
package/dist/assets/manifest.js +93 -0
package/dist/assets/manifest.js.map +1 -0
package/dist/assets/mime-sniff.d.ts +18 -0
package/dist/assets/mime-sniff.d.ts.map +1 -0
package/dist/assets/mime-sniff.js +84 -0
package/dist/assets/mime-sniff.js.map +1 -0
package/dist/assets/preprocess-svg.d.ts +3 -0
package/dist/assets/preprocess-svg.d.ts.map +1 -0
package/dist/assets/preprocess-svg.js +49 -0
package/dist/assets/preprocess-svg.js.map +1 -0
package/dist/assets/preprocess.d.ts +62 -0
package/dist/assets/preprocess.d.ts.map +1 -0
package/dist/assets/preprocess.js +86 -0
package/dist/assets/preprocess.js.map +1 -0
package/dist/assets/publish-plan.d.ts +41 -0
package/dist/assets/publish-plan.d.ts.map +1 -0
package/dist/assets/publish-plan.js +49 -0
package/dist/assets/publish-plan.js.map +1 -0
package/dist/assets/publish.d.ts +33 -0
package/dist/assets/publish.d.ts.map +1 -0
package/dist/assets/publish.js +81 -0
package/dist/assets/publish.js.map +1 -0
package/dist/assets/refs.d.ts +37 -0
package/dist/assets/refs.d.ts.map +1 -0
package/dist/assets/refs.js +33 -0
package/dist/assets/refs.js.map +1 -0
package/dist/assets/remove-override.d.ts +42 -0
package/dist/assets/remove-override.d.ts.map +1 -0
package/dist/assets/remove-override.js +53 -0
package/dist/assets/remove-override.js.map +1 -0
package/dist/assets/rename.d.ts +43 -0
package/dist/assets/rename.d.ts.map +1 -0
package/dist/assets/rename.js +271 -0
package/dist/assets/rename.js.map +1 -0
package/dist/assets/replace.d.ts +37 -0
package/dist/assets/replace.d.ts.map +1 -0
package/dist/assets/replace.js +195 -0
package/dist/assets/replace.js.map +1 -0
package/dist/assets/resolve.d.ts +141 -0
package/dist/assets/resolve.d.ts.map +1 -0
package/dist/assets/resolve.js +381 -0
package/dist/assets/resolve.js.map +1 -0
package/dist/assets/rewrite-manifest-asset-ref.d.ts +44 -0
package/dist/assets/rewrite-manifest-asset-ref.d.ts.map +1 -0
package/dist/assets/rewrite-manifest-asset-ref.js +51 -0
package/dist/assets/rewrite-manifest-asset-ref.js.map +1 -0
package/dist/assets/scan-manifest-for-asset.d.ts +63 -0
package/dist/assets/scan-manifest-for-asset.d.ts.map +1 -0
package/dist/assets/scan-manifest-for-asset.js +105 -0
package/dist/assets/scan-manifest-for-asset.js.map +1 -0
package/dist/assets/serve-route.d.ts +45 -0
package/dist/assets/serve-route.d.ts.map +1 -0
package/dist/assets/serve-route.js +123 -0
package/dist/assets/serve-route.js.map +1 -0
package/dist/assets/svg-sanitize.d.ts +38 -0
package/dist/assets/svg-sanitize.d.ts.map +1 -0
package/dist/assets/svg-sanitize.js +209 -0
package/dist/assets/svg-sanitize.js.map +1 -0
package/dist/assets/update-metadata.d.ts +61 -0
package/dist/assets/update-metadata.d.ts.map +1 -0
package/dist/assets/update-metadata.js +82 -0
package/dist/assets/update-metadata.js.map +1 -0
package/dist/assets/url.d.ts +82 -0
package/dist/assets/url.d.ts.map +1 -0
package/dist/assets/url.js +103 -0
package/dist/assets/url.js.map +1 -0
package/dist/assets/validate.d.ts +74 -0
package/dist/assets/validate.d.ts.map +1 -0
package/dist/assets/validate.js +136 -0
package/dist/assets/validate.js.map +1 -0
package/dist/assets/variants.d.ts +23 -0
package/dist/assets/variants.d.ts.map +1 -0
package/dist/assets/variants.js +74 -0
package/dist/assets/variants.js.map +1 -0
package/dist/audit/config.d.ts +75 -0
package/dist/audit/config.d.ts.map +1 -0
package/dist/audit/config.js +91 -0
package/dist/audit/config.js.map +1 -0
package/dist/audit/context.d.ts +98 -0
package/dist/audit/context.d.ts.map +1 -0
package/dist/audit/context.js +51 -0
package/dist/audit/context.js.map +1 -0
package/dist/audit/errors.d.ts +73 -0
package/dist/audit/errors.d.ts.map +1 -0
package/dist/audit/errors.js +78 -0
package/dist/audit/errors.js.map +1 -0
package/dist/audit/index.d.ts +16 -0
package/dist/audit/index.d.ts.map +1 -0
package/dist/audit/index.js +10 -0
package/dist/audit/index.js.map +1 -0
package/dist/audit/provider.d.ts +73 -0
package/dist/audit/provider.d.ts.map +1 -0
package/dist/audit/provider.js +2 -0
package/dist/audit/provider.js.map +1 -0
package/dist/audit/providers/history.d.ts +66 -0
package/dist/audit/providers/history.d.ts.map +1 -0
package/dist/audit/providers/history.js +102 -0
package/dist/audit/providers/history.js.map +1 -0
package/dist/audit/pseudonymize.d.ts +26 -0
package/dist/audit/pseudonymize.d.ts.map +1 -0
package/dist/audit/pseudonymize.js +86 -0
package/dist/audit/pseudonymize.js.map +1 -0
package/dist/audit/recorder.d.ts +102 -0
package/dist/audit/recorder.d.ts.map +1 -0
package/dist/audit/recorder.js +55 -0
package/dist/audit/recorder.js.map +1 -0
package/dist/audit/retention.d.ts +83 -0
package/dist/audit/retention.d.ts.map +1 -0
package/dist/audit/retention.js +142 -0
package/dist/audit/retention.js.map +1 -0
package/dist/audit/source-ip.d.ts +32 -0
package/dist/audit/source-ip.d.ts.map +1 -0
package/dist/audit/source-ip.js +164 -0
package/dist/audit/source-ip.js.map +1 -0
package/dist/audit/types.d.ts +143 -0
package/dist/audit/types.d.ts.map +1 -0
package/dist/audit/types.js +33 -0
package/dist/audit/types.js.map +1 -0
package/dist/audit/user-agent.d.ts +28 -0
package/dist/audit/user-agent.d.ts.map +1 -0
package/dist/audit/user-agent.js +63 -0
package/dist/audit/user-agent.js.map +1 -0
package/dist/auth/capabilities.d.ts +28 -0
package/dist/auth/capabilities.d.ts.map +1 -0
package/dist/auth/capabilities.js +101 -0
package/dist/auth/capabilities.js.map +1 -0
package/dist/auth/config.d.ts +109 -0
package/dist/auth/config.d.ts.map +1 -0
package/dist/auth/config.js +221 -0
package/dist/auth/config.js.map +1 -0
package/dist/auth/errors.d.ts +72 -0
package/dist/auth/errors.d.ts.map +1 -0
package/dist/auth/errors.js +78 -0
package/dist/auth/errors.js.map +1 -0
package/dist/auth/factory.d.ts +43 -0
package/dist/auth/factory.d.ts.map +1 -0
package/dist/auth/factory.js +48 -0
package/dist/auth/factory.js.map +1 -0
package/dist/auth/index.d.ts +21 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +14 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/ip-match.d.ts +29 -0
package/dist/auth/ip-match.d.ts.map +1 -0
package/dist/auth/ip-match.js +162 -0
package/dist/auth/ip-match.js.map +1 -0
package/dist/auth/provider.d.ts +76 -0
package/dist/auth/provider.d.ts.map +1 -0
package/dist/auth/provider.js +2 -0
package/dist/auth/provider.js.map +1 -0
package/dist/auth/providers/aws-cognito.d.ts +55 -0
package/dist/auth/providers/aws-cognito.d.ts.map +1 -0
package/dist/auth/providers/aws-cognito.js +114 -0
package/dist/auth/providers/aws-cognito.js.map +1 -0
package/dist/auth/providers/azure-easy-auth.d.ts +7 -0
package/dist/auth/providers/azure-easy-auth.d.ts.map +1 -0
package/dist/auth/providers/azure-easy-auth.js +48 -0
package/dist/auth/providers/azure-easy-auth.js.map +1 -0
package/dist/auth/providers/cloudflare-access.d.ts +71 -0
package/dist/auth/providers/cloudflare-access.d.ts.map +1 -0
package/dist/auth/providers/cloudflare-access.js +120 -0
package/dist/auth/providers/cloudflare-access.js.map +1 -0
package/dist/auth/providers/forwarded-user.d.ts +31 -0
package/dist/auth/providers/forwarded-user.d.ts.map +1 -0
package/dist/auth/providers/forwarded-user.js +72 -0
package/dist/auth/providers/forwarded-user.js.map +1 -0
package/dist/auth/providers/none.d.ts +6 -0
package/dist/auth/providers/none.d.ts.map +1 -0
package/dist/auth/providers/none.js +19 -0
package/dist/auth/providers/none.js.map +1 -0
package/dist/auth/providers/tailscale.d.ts +7 -0
package/dist/auth/providers/tailscale.d.ts.map +1 -0
package/dist/auth/providers/tailscale.js +30 -0
package/dist/auth/providers/tailscale.js.map +1 -0
package/dist/auth/role-resolver.d.ts +38 -0
package/dist/auth/role-resolver.d.ts.map +1 -0
package/dist/auth/role-resolver.js +92 -0
package/dist/auth/role-resolver.js.map +1 -0
package/dist/auth/types.d.ts +150 -0
package/dist/auth/types.d.ts.map +1 -0
package/dist/auth/types.js +60 -0
package/dist/auth/types.js.map +1 -0
package/dist/cache/errors.d.ts +41 -0
package/dist/cache/errors.d.ts.map +1 -0
package/dist/cache/errors.js +44 -0
package/dist/cache/errors.js.map +1 -0
package/dist/cache/factories.d.ts +17 -0
package/dist/cache/factories.d.ts.map +1 -0
package/dist/cache/factories.js +17 -0
package/dist/cache/factories.js.map +1 -0
package/dist/cache/keys.d.ts +63 -0
package/dist/cache/keys.d.ts.map +1 -0
package/dist/cache/keys.js +145 -0
package/dist/cache/keys.js.map +1 -0
package/dist/cache/memory.d.ts +51 -0
package/dist/cache/memory.d.ts.map +1 -0
package/dist/cache/memory.js +204 -0
package/dist/cache/memory.js.map +1 -0
package/dist/cache/per-site.d.ts +22 -0
package/dist/cache/per-site.d.ts.map +1 -0
package/dist/cache/per-site.js +114 -0
package/dist/cache/per-site.js.map +1 -0
package/dist/cache/types.d.ts +142 -0
package/dist/cache/types.d.ts.map +1 -0
package/dist/cache/types.js +33 -0
package/dist/cache/types.js.map +1 -0
package/dist/cli/archive.d.ts +44 -0
package/dist/cli/archive.d.ts.map +1 -0
package/dist/cli/archive.js +310 -0
package/dist/cli/archive.js.map +1 -0
package/dist/cli/assets-cli.d.ts +58 -0
package/dist/cli/assets-cli.d.ts.map +1 -0
package/dist/cli/assets-cli.js +233 -0
package/dist/cli/assets-cli.js.map +1 -0
package/dist/cli/assets-display.d.ts +112 -0
package/dist/cli/assets-display.d.ts.map +1 -0
package/dist/cli/assets-display.js +106 -0
package/dist/cli/assets-display.js.map +1 -0
package/dist/cli/bootstrap.d.ts +15 -10
package/dist/cli/bootstrap.d.ts.map +1 -1
package/dist/cli/bootstrap.js +59 -24
package/dist/cli/bootstrap.js.map +1 -1
package/dist/cli/dev-template-watcher.d.ts +29 -0
package/dist/cli/dev-template-watcher.d.ts.map +1 -0
package/dist/cli/dev-template-watcher.js +38 -0
package/dist/cli/dev-template-watcher.js.map +1 -0
package/dist/cli/history.d.ts.map +1 -1
package/dist/cli/history.js +5 -3
package/dist/cli/history.js.map +1 -1
package/dist/cli/index.js +737 -374
package/dist/cli/index.js.map +1 -1
package/dist/cli/validate-flags.d.ts +29 -0
package/dist/cli/validate-flags.d.ts.map +1 -0
package/dist/cli/validate-flags.js +49 -0
package/dist/cli/validate-flags.js.map +1 -0
package/dist/compare.d.ts +1 -1
package/dist/compare.d.ts.map +1 -1
package/dist/compare.js +40 -35
package/dist/compare.js.map +1 -1
package/dist/component-ids.d.ts +25 -0
package/dist/component-ids.d.ts.map +1 -0
package/dist/component-ids.js +83 -0
package/dist/component-ids.js.map +1 -0
package/dist/config/define.d.ts +61 -0
package/dist/config/define.d.ts.map +1 -0
package/dist/config/define.js +64 -0
package/dist/config/define.js.map +1 -0
package/dist/config/errors.d.ts +32 -0
package/dist/config/errors.d.ts.map +1 -0
package/dist/config/errors.js +40 -0
package/dist/config/errors.js.map +1 -0
package/dist/config/index.d.ts +13 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +20 -0
package/dist/config/index.js.map +1 -0
package/dist/config/loader.d.ts +105 -0
package/dist/config/loader.d.ts.map +1 -0
package/dist/config/loader.js +265 -0
package/dist/config/loader.js.map +1 -0
package/dist/config/schemas.d.ts +89 -0
package/dist/config/schemas.d.ts.map +1 -0
package/dist/config/schemas.js +172 -0
package/dist/config/schemas.js.map +1 -0
package/dist/config/types.d.ts +32 -0
package/dist/config/types.d.ts.map +1 -0
package/dist/config/types.js +15 -0
package/dist/config/types.js.map +1 -0
package/dist/dep-sidecars.d.ts +127 -0
package/dist/dep-sidecars.d.ts.map +1 -0
package/dist/dep-sidecars.js +122 -0
package/dist/dep-sidecars.js.map +1 -0
package/dist/deploy/cloudflare-workers.d.ts +46 -0
package/dist/deploy/cloudflare-workers.d.ts.map +1 -0
package/dist/deploy/cloudflare-workers.js +213 -0
package/dist/deploy/cloudflare-workers.js.map +1 -0
package/dist/deploy/errors.d.ts +66 -0
package/dist/deploy/errors.d.ts.map +1 -0
package/dist/deploy/errors.js +82 -0
package/dist/deploy/errors.js.map +1 -0
package/dist/deploy/index.d.ts +9 -0
package/dist/deploy/index.d.ts.map +1 -0
package/dist/deploy/index.js +3 -0
package/dist/deploy/index.js.map +1 -0
package/dist/deploy/types.d.ts +162 -0
package/dist/deploy/types.d.ts.map +1 -0
package/dist/deploy/types.js +2 -0
package/dist/deploy/types.js.map +1 -0
package/dist/editor/AssetEmbeddedWidget.d.ts +3 -0
package/dist/editor/AssetEmbeddedWidget.d.ts.map +1 -0
package/dist/editor/AssetEmbeddedWidget.js +146 -0
package/dist/editor/AssetEmbeddedWidget.js.map +1 -0
package/dist/editor/mount.d.ts +12 -1
package/dist/editor/mount.d.ts.map +1 -1
package/dist/editor/mount.js +36 -5
package/dist/editor/mount.js.map +1 -1
package/dist/format.d.ts +44 -0
package/dist/format.d.ts.map +1 -0
package/dist/format.js +65 -0
package/dist/format.js.map +1 -0
package/dist/fragment-deps.d.ts +24 -0
package/dist/fragment-deps.d.ts.map +1 -0
package/dist/fragment-deps.js +20 -0
package/dist/fragment-deps.js.map +1 -0
package/dist/fragments/create.d.ts +70 -0
package/dist/fragments/create.d.ts.map +1 -0
package/dist/fragments/create.js +93 -0
package/dist/fragments/create.js.map +1 -0
package/dist/fragments/publish.d.ts +37 -0
package/dist/fragments/publish.d.ts.map +1 -0
package/dist/fragments/publish.js +52 -0
package/dist/fragments/publish.js.map +1 -0
package/dist/fragments/save.d.ts +81 -0
package/dist/fragments/save.d.ts.map +1 -0
package/dist/fragments/save.js +105 -0
package/dist/fragments/save.js.map +1 -0
package/dist/hash.d.ts +0 -6
package/dist/hash.d.ts.map +1 -1
package/dist/hash.js +0 -18
package/dist/hash.js.map +1 -1
package/dist/history-provider.d.ts.map +1 -1
package/dist/history-provider.js +30 -8
package/dist/history-provider.js.map +1 -1
package/dist/history-recorder.d.ts +10 -6
package/dist/history-recorder.d.ts.map +1 -1
package/dist/history-recorder.js +13 -5
package/dist/history-recorder.js.map +1 -1
package/dist/history-restorer.d.ts.map +1 -1
package/dist/history-restorer.js +34 -2
package/dist/history-restorer.js.map +1 -1
package/dist/history.d.ts +26 -8
package/dist/history.d.ts.map +1 -1
package/dist/hooks/audit-emitter.d.ts +73 -0
package/dist/hooks/audit-emitter.d.ts.map +1 -0
package/dist/hooks/audit-emitter.js +13 -0
package/dist/hooks/audit-emitter.js.map +1 -0
package/dist/hooks/context.d.ts +78 -0
package/dist/hooks/context.d.ts.map +1 -0
package/dist/hooks/context.js +56 -0
package/dist/hooks/context.js.map +1 -0
package/dist/hooks/contribution.d.ts +90 -0
package/dist/hooks/contribution.d.ts.map +1 -0
package/dist/hooks/contribution.js +2 -0
package/dist/hooks/contribution.js.map +1 -0
package/dist/hooks/dispatch.d.ts +30 -0
package/dist/hooks/dispatch.d.ts.map +1 -0
package/dist/hooks/dispatch.js +252 -0
package/dist/hooks/dispatch.js.map +1 -0
package/dist/hooks/errors.d.ts +100 -0
package/dist/hooks/errors.d.ts.map +1 -0
package/dist/hooks/errors.js +103 -0
package/dist/hooks/errors.js.map +1 -0
package/dist/hooks/index.d.ts +15 -0
package/dist/hooks/index.d.ts.map +1 -0
package/dist/hooks/index.js +6 -0
package/dist/hooks/index.js.map +1 -0
package/dist/hooks/registry.d.ts +53 -0
package/dist/hooks/registry.d.ts.map +1 -0
package/dist/hooks/registry.js +139 -0
package/dist/hooks/registry.js.map +1 -0
package/dist/hooks/storage.d.ts +43 -0
package/dist/hooks/storage.d.ts.map +1 -0
package/dist/hooks/storage.js +2 -0
package/dist/hooks/storage.js.map +1 -0
package/dist/hooks/types.d.ts +324 -0
package/dist/hooks/types.d.ts.map +1 -0
package/dist/hooks/types.js +2 -0
package/dist/hooks/types.js.map +1 -0
package/dist/index.d.ts +27 -9
package/dist/index.d.ts.map +1 -1
package/dist/index.js +50 -7
package/dist/index.js.map +1 -1
package/dist/locale.d.ts +25 -1
package/dist/locale.d.ts.map +1 -1
package/dist/locale.js +44 -2
package/dist/locale.js.map +1 -1
package/dist/manifest-save.d.ts +255 -0
package/dist/manifest-save.d.ts.map +1 -0
package/dist/manifest-save.js +260 -0
package/dist/manifest-save.js.map +1 -0
package/dist/manifest.d.ts +1 -2
package/dist/manifest.d.ts.map +1 -1
package/dist/manifest.js +43 -44
package/dist/manifest.js.map +1 -1
package/dist/node-floor.d.ts +3 -0
package/dist/node-floor.d.ts.map +1 -0
package/dist/node-floor.js +3 -0
package/dist/node-floor.js.map +1 -0
package/dist/pages/create.d.ts +103 -0
package/dist/pages/create.d.ts.map +1 -0
package/dist/pages/create.js +117 -0
package/dist/pages/create.js.map +1 -0
package/dist/pages/publish.d.ts +59 -0
package/dist/pages/publish.d.ts.map +1 -0
package/dist/pages/publish.js +78 -0
package/dist/pages/publish.js.map +1 -0
package/dist/pages/save.d.ts +97 -0
package/dist/pages/save.d.ts.map +1 -0
package/dist/pages/save.js +138 -0
package/dist/pages/save.js.map +1 -0
package/dist/providers/_atomic-write.d.ts +9 -0
package/dist/providers/_atomic-write.d.ts.map +1 -0
package/dist/providers/_atomic-write.js +72 -0
package/dist/providers/_atomic-write.js.map +1 -0
package/dist/providers/_rm-ignore-missing.d.ts +31 -0
package/dist/providers/_rm-ignore-missing.d.ts.map +1 -0
package/dist/providers/_rm-ignore-missing.js +12 -0
package/dist/providers/_rm-ignore-missing.js.map +1 -0
package/dist/providers/_stream-interop.d.ts +23 -0
package/dist/providers/_stream-interop.d.ts.map +1 -0
package/dist/providers/_stream-interop.js +21 -0
package/dist/providers/_stream-interop.js.map +1 -0
package/dist/providers/azure-blob.d.ts.map +1 -1
package/dist/providers/azure-blob.js +60 -0
package/dist/providers/azure-blob.js.map +1 -1
package/dist/providers/factories.d.ts +65 -0
package/dist/providers/factories.d.ts.map +1 -0
package/dist/providers/factories.js +189 -0
package/dist/providers/factories.js.map +1 -0
package/dist/providers/filesystem.d.ts +4 -0
package/dist/providers/filesystem.d.ts.map +1 -1
package/dist/providers/filesystem.js +63 -2
package/dist/providers/filesystem.js.map +1 -1
package/dist/providers/s3.d.ts.map +1 -1
package/dist/providers/s3.js +84 -1
package/dist/providers/s3.js.map +1 -1
package/dist/publish-item.d.ts +225 -0
package/dist/publish-item.d.ts.map +1 -0
package/dist/publish-item.js +210 -0
package/dist/publish-item.js.map +1 -0
package/dist/publish-rendered.d.ts +37 -17
package/dist/publish-rendered.d.ts.map +1 -1
package/dist/publish-rendered.js +144 -71
package/dist/publish-rendered.js.map +1 -1
package/dist/publish-renderers.d.ts +132 -0
package/dist/publish-renderers.d.ts.map +1 -0
package/dist/publish-renderers.js +240 -0
package/dist/publish-renderers.js.map +1 -0
package/dist/publish-run.d.ts +223 -0
package/dist/publish-run.d.ts.map +1 -0
package/dist/publish-run.js +307 -0
package/dist/publish-run.js.map +1 -0
package/dist/publish.d.ts +13 -12
package/dist/publish.d.ts.map +1 -1
package/dist/publish.js +24 -57
package/dist/publish.js.map +1 -1
package/dist/render-for-analysis.d.ts +24 -0
package/dist/render-for-analysis.d.ts.map +1 -0
package/dist/render-for-analysis.js +146 -0
package/dist/render-for-analysis.js.map +1 -0
package/dist/resolver.d.ts +12 -2
package/dist/resolver.d.ts.map +1 -1
package/dist/resolver.js +101 -32
package/dist/resolver.js.map +1 -1
package/dist/runtime/archive-marker.d.ts +62 -0
package/dist/runtime/archive-marker.d.ts.map +1 -0
package/dist/runtime/archive-marker.js +88 -0
package/dist/runtime/archive-marker.js.map +1 -0
package/dist/runtime/capability-gap-warnings.d.ts +42 -0
package/dist/runtime/capability-gap-warnings.d.ts.map +1 -0
package/dist/runtime/capability-gap-warnings.js +28 -0
package/dist/runtime/capability-gap-warnings.js.map +1 -0
package/dist/runtime/redirects-emit.d.ts +93 -0
package/dist/runtime/redirects-emit.d.ts.map +1 -0
package/dist/runtime/redirects-emit.js +89 -0
package/dist/runtime/redirects-emit.js.map +1 -0
package/dist/runtime/runtime-capabilities.d.ts +79 -0
package/dist/runtime/runtime-capabilities.d.ts.map +1 -0
package/dist/runtime/runtime-capabilities.js +60 -0
package/dist/runtime/runtime-capabilities.js.map +1 -0
package/dist/save-etag.d.ts +69 -0
package/dist/save-etag.d.ts.map +1 -0
package/dist/save-etag.js +118 -0
package/dist/save-etag.js.map +1 -0
package/dist/schema/dimensions.d.ts +78 -0
package/dist/schema/dimensions.d.ts.map +1 -0
package/dist/schema/dimensions.js +97 -0
package/dist/schema/dimensions.js.map +1 -0
package/dist/schema/helpers.d.ts +108 -0
package/dist/schema/helpers.d.ts.map +1 -0
package/dist/schema/helpers.js +133 -0
package/dist/schema/helpers.js.map +1 -0
package/dist/schema/index.d.ts +27 -0
package/dist/schema/index.d.ts.map +1 -0
package/dist/schema/index.js +25 -0
package/dist/schema/index.js.map +1 -0
package/dist/schema/types.d.ts +390 -0
package/dist/schema/types.d.ts.map +1 -0
package/dist/schema/types.js +25 -0
package/dist/schema/types.js.map +1 -0
package/dist/selector-chain.d.ts +63 -0
package/dist/selector-chain.d.ts.map +1 -0
package/dist/selector-chain.js +58 -0
package/dist/selector-chain.js.map +1 -0
package/dist/sidecars.d.ts +19 -18
package/dist/sidecars.d.ts.map +1 -1
package/dist/sidecars.js +70 -62
package/dist/sidecars.js.map +1 -1
package/dist/site-loader.d.ts +42 -4
package/dist/site-loader.d.ts.map +1 -1
package/dist/site-loader.js +27 -8
package/dist/site-loader.js.map +1 -1
package/dist/targets.d.ts +21 -12
package/dist/targets.d.ts.map +1 -1
package/dist/targets.js +27 -117
package/dist/targets.js.map +1 -1
package/dist/testing/admin-cache-contract.d.ts +52 -0
package/dist/testing/admin-cache-contract.d.ts.map +1 -0
package/dist/testing/admin-cache-contract.js +203 -0
package/dist/testing/admin-cache-contract.js.map +1 -0
package/dist/testing/index.d.ts +11 -0
package/dist/testing/index.d.ts.map +1 -0
package/dist/testing/index.js +11 -0
package/dist/testing/index.js.map +1 -0
package/dist/themes.d.ts +69 -0
package/dist/themes.d.ts.map +1 -0
package/dist/themes.js +85 -0
package/dist/themes.js.map +1 -0
package/dist/transforms/adapter.d.ts +115 -0
package/dist/transforms/adapter.d.ts.map +1 -0
package/dist/transforms/adapter.js +2 -0
package/dist/transforms/adapter.js.map +1 -0
package/dist/transforms/cloudflare.d.ts +17 -0
package/dist/transforms/cloudflare.d.ts.map +1 -0
package/dist/transforms/cloudflare.js +110 -0
package/dist/transforms/cloudflare.js.map +1 -0
package/dist/transforms/factories.d.ts +16 -0
package/dist/transforms/factories.d.ts.map +1 -0
package/dist/transforms/factories.js +18 -0
package/dist/transforms/factories.js.map +1 -0
package/dist/transforms/index.d.ts +17 -0
package/dist/transforms/index.d.ts.map +1 -0
package/dist/transforms/index.js +6 -0
package/dist/transforms/index.js.map +1 -0
package/dist/transforms/sharp.d.ts +17 -0
package/dist/transforms/sharp.d.ts.map +1 -0
package/dist/transforms/sharp.js +57 -0
package/dist/transforms/sharp.js.map +1 -0
package/dist/types.d.ts +485 -34
package/dist/types.d.ts.map +1 -1
package/dist/types.js +20 -1
package/dist/types.js.map +1 -1
package/dist/validation/alt-required-walker.d.ts +27 -0
package/dist/validation/alt-required-walker.d.ts.map +1 -0
package/dist/validation/alt-required-walker.js +108 -0
package/dist/validation/alt-required-walker.js.map +1 -0
package/dist/validation/default-registry.d.ts +12 -0
package/dist/validation/default-registry.d.ts.map +1 -0
package/dist/validation/default-registry.js +55 -0
package/dist/validation/default-registry.js.map +1 -0
package/dist/validation/publish-audit.d.ts +44 -0
package/dist/validation/publish-audit.d.ts.map +1 -0
package/dist/validation/publish-audit.js +64 -0
package/dist/validation/publish-audit.js.map +1 -0
package/dist/validation/registry.d.ts +23 -0
package/dist/validation/registry.d.ts.map +1 -0
package/dist/validation/registry.js +15 -0
package/dist/validation/registry.js.map +1 -0
package/dist/validation/save-delta.d.ts +46 -0
package/dist/validation/save-delta.d.ts.map +1 -0
package/dist/validation/save-delta.js +57 -0
package/dist/validation/save-delta.js.map +1 -0
package/dist/validation/scanner.d.ts +91 -0
package/dist/validation/scanner.d.ts.map +1 -0
package/dist/validation/scanner.js +327 -0
package/dist/validation/scanner.js.map +1 -0
package/dist/validation/template-impact.d.ts +52 -0
package/dist/validation/template-impact.d.ts.map +1 -0
package/dist/validation/template-impact.js +53 -0
package/dist/validation/template-impact.js.map +1 -0
package/dist/validation/types.d.ts +123 -0
package/dist/validation/types.d.ts.map +1 -0
package/dist/validation/types.js +7 -0
package/dist/validation/types.js.map +1 -0
package/dist/validation/validators/accessibility.d.ts +3 -0
package/dist/validation/validators/accessibility.d.ts.map +1 -0
package/dist/validation/validators/accessibility.js +106 -0
package/dist/validation/validators/accessibility.js.map +1 -0
package/dist/validation/validators/aliasof-points-to-archived.d.ts +40 -0
package/dist/validation/validators/aliasof-points-to-archived.d.ts.map +1 -0
package/dist/validation/validators/aliasof-points-to-archived.js +34 -0
package/dist/validation/validators/aliasof-points-to-archived.js.map +1 -0
package/dist/validation/validators/alt-required.d.ts +3 -0
package/dist/validation/validators/alt-required.d.ts.map +1 -0
package/dist/validation/validators/alt-required.js +118 -0
package/dist/validation/validators/alt-required.js.map +1 -0
package/dist/validation/validators/archive-not-supported-on-target.d.ts +3 -0
package/dist/validation/validators/archive-not-supported-on-target.d.ts.map +1 -0
package/dist/validation/validators/archive-not-supported-on-target.js +38 -0
package/dist/validation/validators/archive-not-supported-on-target.js.map +1 -0
package/dist/validation/validators/broken-links.d.ts +3 -0
package/dist/validation/validators/broken-links.d.ts.map +1 -0
package/dist/validation/validators/broken-links.js +190 -0
package/dist/validation/validators/broken-links.js.map +1 -0
package/dist/validation/validators/circular-alias.d.ts +36 -0
package/dist/validation/validators/circular-alias.d.ts.map +1 -0
package/dist/validation/validators/circular-alias.js +63 -0
package/dist/validation/validators/circular-alias.js.map +1 -0
package/dist/validation/validators/circular-fragment.d.ts +15 -0
package/dist/validation/validators/circular-fragment.d.ts.map +1 -0
package/dist/validation/validators/circular-fragment.js +97 -0
package/dist/validation/validators/circular-fragment.js.map +1 -0
package/dist/validation/validators/dangling-alias.d.ts +38 -0
package/dist/validation/validators/dangling-alias.d.ts.map +1 -0
package/dist/validation/validators/dangling-alias.js +31 -0
package/dist/validation/validators/dangling-alias.js.map +1 -0
package/dist/validation/validators/deploy-target-type-supported.d.ts +3 -0
package/dist/validation/validators/deploy-target-type-supported.d.ts.map +1 -0
package/dist/validation/validators/deploy-target-type-supported.js +32 -0
package/dist/validation/validators/deploy-target-type-supported.js.map +1 -0
package/dist/validation/validators/dynamic-route-conflict.d.ts +18 -0
package/dist/validation/validators/dynamic-route-conflict.d.ts.map +1 -0
package/dist/validation/validators/dynamic-route-conflict.js +80 -0
package/dist/validation/validators/dynamic-route-conflict.js.map +1 -0
package/dist/validation/validators/html-validity.d.ts +3 -0
package/dist/validation/validators/html-validity.d.ts.map +1 -0
package/dist/validation/validators/html-validity.js +89 -0
package/dist/validation/validators/html-validity.js.map +1 -0
package/dist/validation/validators/orphaned-locale-file.d.ts +21 -0
package/dist/validation/validators/orphaned-locale-file.d.ts.map +1 -0
package/dist/validation/validators/orphaned-locale-file.js +84 -0
package/dist/validation/validators/orphaned-locale-file.js.map +1 -0
package/dist/validation/validators/referenced-archived-without-alias.d.ts +3 -0
package/dist/validation/validators/referenced-archived-without-alias.d.ts.map +1 -0
package/dist/validation/validators/referenced-archived-without-alias.js +65 -0
package/dist/validation/validators/referenced-archived-without-alias.js.map +1 -0
package/dist/validation/validators/referenced-asset-exists.d.ts +13 -0
package/dist/validation/validators/referenced-asset-exists.d.ts.map +1 -0
package/dist/validation/validators/referenced-asset-exists.js +80 -0
package/dist/validation/validators/referenced-asset-exists.js.map +1 -0
package/dist/validation/validators/referenced-fragment-exists.d.ts +9 -0
package/dist/validation/validators/referenced-fragment-exists.d.ts.map +1 -0
package/dist/validation/validators/referenced-fragment-exists.js +52 -0
package/dist/validation/validators/referenced-fragment-exists.js.map +1 -0
package/dist/validation/validators/referenced-template-exists.d.ts +10 -0
package/dist/validation/validators/referenced-template-exists.d.ts.map +1 -0
package/dist/validation/validators/referenced-template-exists.js +74 -0
package/dist/validation/validators/referenced-template-exists.js.map +1 -0
package/dist/validation/validators/schema-conformance.d.ts +17 -0
package/dist/validation/validators/schema-conformance.d.ts.map +1 -0
package/dist/validation/validators/schema-conformance.js +94 -0
package/dist/validation/validators/schema-conformance.js.map +1 -0
package/dist/validation/validators/target-deploy-coverage.d.ts +3 -0
package/dist/validation/validators/target-deploy-coverage.d.ts.map +1 -0
package/dist/validation/validators/target-deploy-coverage.js +37 -0
package/dist/validation/validators/target-deploy-coverage.js.map +1 -0
package/dist/validation/validators/unused-fragment.d.ts +16 -0
package/dist/validation/validators/unused-fragment.d.ts.map +1 -0
package/dist/validation/validators/unused-fragment.js +86 -0
package/dist/validation/validators/unused-fragment.js.map +1 -0
package/package.json +69 -27
package/admin-dist/assets/index-B6pVot0Y.css +0 -1
package/admin-dist/assets/index-DniLwxJA.js +0 -609
package/admin-dist/assets/rolldown-runtime-COnpUsM8.js +0 -1
package/admin-dist/assets/vendor-rjsf-HKBAjOmQ.js +0 -32
package/admin-dist/assets/vendor-tiptap-IyO99U4R.js +0 -142
package/admin-dist/assets/vendor-vue-D3wBSmDf.js +0 -1
package/dist/providers/r2.d.ts +0 -8
package/dist/providers/r2.d.ts.map +0 -1
package/dist/providers/r2.js +0 -86
package/dist/providers/r2.js.map +0 -1
package/dist/publish-locale.d.ts +0 -44
package/dist/publish-locale.d.ts.map +0 -1
package/dist/publish-locale.js +0 -103
package/dist/publish-locale.js.map +0 -1
package/dist/source-sidecars.d.ts +0 -32
package/dist/source-sidecars.d.ts.map +0 -1
package/dist/source-sidecars.js +0 -98
package/dist/source-sidecars.js.map +0 -1

package/dist/audit/retention.js ADDED Viewed

@@ -0,0 +1,142 @@
+const AUDIT_DIR = '.gazetta/audit';
+/**
+ * Walk the audit JSONL files, evict events that violate retention,
+ * rewrite each affected file. No-op when retention config has neither
+ * `events` nor `maxAgeMonths` set.
+ */
+export async function pruneAuditEvents(storage, config) {
+    // No retention configured → no-op. Operator opted out or never opted in.
+    const hasEventsCap = config.events !== undefined && config.events !== null;
+    const hasAgeCap = config.maxAgeMonths !== undefined && config.maxAgeMonths !== null && config.maxAgeMonths > 0;
+    if (!hasEventsCap && !hasAgeCap) {
+        return { eventsBefore: 0, eventsKept: 0, eventsEvicted: 0, filesRewritten: 0, filesInspected: 0 };
+    }
+    // Compute the age cutoff once so all files use the same boundary.
+    // `maxAgeMonths` is a real-month subtraction (Date.setMonth handles
+    // leap years + variable month length); ISO-8601 string compare works
+    // on the resulting timestamp.
+    const ageCutoff = hasAgeCap ? computeAgeCutoff(config.maxAgeMonths) : null;
+    // Walk the events directory. Missing dir = no events to prune.
+    let entries;
+    try {
+        entries = await storage.readDir(AUDIT_DIR);
+    }
+    catch {
+        return { eventsBefore: 0, eventsKept: 0, eventsEvicted: 0, filesRewritten: 0, filesInspected: 0 };
+    }
+    // Read every events file into memory with its source path. We need
+    // the global event count for `events` cap enforcement (oldest-across-
+    // files evicted, not per-file), so we collect all events first.
+    const filesInspected = [];
+    for (const entry of entries) {
+        if (entry.isDirectory)
+            continue;
+        if (!entry.name.startsWith('events-') || !entry.name.endsWith('.jsonl'))
+            continue;
+        const path = `${AUDIT_DIR}/${entry.name}`;
+        const content = await storage.readFile(path);
+        const lines = content.split('\n');
+        const events = [];
+        let rawLineCount = 0;
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (!trimmed)
+                continue;
+            rawLineCount++;
+            try {
+                events.push(JSON.parse(trimmed));
+            }
+            catch {
+                // Malformed line — skip + count as raw line so the rewrite
+                // doesn't accidentally include it. Same posture as the reader
+                // in HistoryAuditProvider.
+            }
+        }
+        filesInspected.push({ path, events, rawLineCount });
+    }
+    const eventsBefore = filesInspected.reduce((sum, f) => sum + f.events.length, 0);
+    if (eventsBefore === 0) {
+        return {
+            eventsBefore: 0,
+            eventsKept: 0,
+            eventsEvicted: 0,
+            filesRewritten: 0,
+            filesInspected: filesInspected.length,
+        };
+    }
+    // Phase 1: age cutoff (per-file evaluation; events older than the
+    // cutoff are evicted regardless of where they sit in the global
+    // ordering).
+    for (const file of filesInspected) {
+        if (ageCutoff !== null) {
+            file.events = file.events.filter(e => e.timestamp >= ageCutoff);
+        }
+    }
+    // Phase 2: count cap (global). Build the global ordering once:
+    // sort all surviving events by timestamp (oldest first), evict
+    // from the head until we're under the cap. The eviction set is
+    // matched back to its source file by reference identity.
+    let evictedFromCap = new Set();
+    if (hasEventsCap) {
+        const allSurviving = [];
+        for (const file of filesInspected) {
+            for (const event of file.events) {
+                allSurviving.push({ file, event });
+            }
+        }
+        allSurviving.sort((a, b) => a.event.timestamp.localeCompare(b.event.timestamp));
+        const overflow = allSurviving.length - config.events;
+        if (overflow > 0) {
+            evictedFromCap = new Set(allSurviving.slice(0, overflow).map(x => x.event));
+        }
+    }
+    // Phase 3: rewrite each file whose surviving set differs from the
+    // pre-prune set. Reasons a file rewrites:
+    //   - age-cutoff already mutated `file.events`
+    //   - count-cap is going to evict additional events
+    //   - malformed JSONL lines on disk (rawLineCount > parsed events) —
+    //     incidental hygiene; the line never made it through parse and
+    //     wouldn't survive a re-read either, so we drop it during the
+    //     rewrite. Doesn't count toward `eventsEvicted` (the metric
+    //     reports parsed-event deltas only).
+    let filesRewritten = 0;
+    let eventsKeptTotal = 0;
+    for (const file of filesInspected) {
+        const surviving = evictedFromCap.size > 0 ? file.events.filter(e => !evictedFromCap.has(e)) : file.events;
+        eventsKeptTotal += surviving.length;
+        const parsedDelta = file.events.length - surviving.length;
+        const malformedLines = file.rawLineCount - file.events.length;
+        if (parsedDelta === 0 && malformedLines === 0)
+            continue;
+        // Rewrite. JSONL convention: one event per line + trailing newline.
+        // Empty file (all events pruned) → write an empty string so the
+        // file remains as a marker (deleting would force concurrent
+        // appenders to mkdir; safer to keep the file with a zero-line body).
+        const rewritten = surviving.map(e => JSON.stringify(e)).join('\n');
+        const final = rewritten ? rewritten + '\n' : '';
+        await storage.writeFile(file.path, final);
+        filesRewritten++;
+    }
+    return {
+        eventsBefore,
+        eventsKept: eventsKeptTotal,
+        eventsEvicted: eventsBefore - eventsKeptTotal,
+        filesRewritten,
+        filesInspected: filesInspected.length,
+    };
+}
+/**
+ * Subtract `months` calendar months from `now` and return the ISO
+ * timestamp boundary. Events with `timestamp >= cutoff` are kept;
+ * older events evicted.
+ *
+ * Uses Date.setMonth so leap years and variable-length months are
+ * handled correctly (3 months back from 2026-05-31 is 2026-02-28,
+ * not 2026-02-31).
+ */
+function computeAgeCutoff(months) {
+    const cutoff = new Date();
+    cutoff.setMonth(cutoff.getMonth() - months);
+    return cutoff.toISOString();
+}
+//# sourceMappingURL=retention.js.map

package/dist/audit/retention.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"retention.js","sourceRoot":"","sources":["../../src/audit/retention.ts"],"names":[],"mappings":"AAgFA,MAAM,SAAS,GAAG,gBAAgB,CAAA;AAElC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAwB,EAAE,MAA4B;IAC3F,yEAAyE;IACzE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,CAAA;IAC1E,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,KAAK,SAAS,IAAI,MAAM,CAAC,YAAY,KAAK,IAAI,IAAI,MAAM,CAAC,YAAY,GAAG,CAAC,CAAA;IAC9G,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,CAAA;IACnG,CAAC;IAED,kEAAkE;IAClE,oEAAoE;IACpE,qEAAqE;IACrE,8BAA8B;IAC9B,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,YAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAE3E,+DAA+D;IAC/D,IAAI,OAAwD,CAAA;IAC5D,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,CAAA;IACnG,CAAC;IAED,mEAAmE;IACnE,sEAAsE;IACtE,gEAAgE;IAChE,MAAM,cAAc,GAAmE,EAAE,CAAA;IACzF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW;YAAE,SAAQ;QAC/B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAQ;QACjF,MAAM,IAAI,GAAG,GAAG,SAAS,IAAI,KAAK,CAAC,IAAI,EAAE,CAAA;QACzC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QACjC,MAAM,MAAM,GAAiB,EAAE,CAAA;QAC/B,IAAI,YAAY,GAAG,CAAC,CAAA;QACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;YAC3B,IAAI,CAAC,OAAO;gBAAE,SAAQ;YACtB,YAAY,EAAE,CAAA;YACd,IAAI,CAAC;gBACH,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC,CAAA;YAChD,CAAC;YAAC,MAAM,CAAC;gBACP,2DAA2D;gBAC3D,8DAA8D;gBAC9D,2BAA2B;YAC7B,CAAC;QACH,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAA;IACrD,CAAC;IAED,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;IAChF,IAAI,YAAY,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;YACb,aAAa,EAAE,CAAC;YAChB,cAAc,EAAE,CAAC;YACjB,cAAc,EAAE,cAAc,CAAC,MAAM;SACtC,CAAA;IACH,CAAC;IAED,kEAAkE;IAClE,gEAAgE;IAChE,aAAa;IACb,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAA;QACjE,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,+DAA+D;IAC/D,+DAA+D;IAC/D,yDAAyD;IACzD,IAAI,cAAc,GAAG,IAAI,GAAG,EAAc,CAAA;IAC1C,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,YAAY,GAAmE,EAAE,CAAA;QACvF,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YAClC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;YACpC,CAAC;QACH,CAAC;QACD,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAA;QAC/E,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,GAAG,MAAM,CAAC,MAAO,CAAA;QACrD,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACjB,cAAc,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAA;QAC7E,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,0CAA0C;IAC1C,+CAA+C;IAC/C,oDAAoD;IACpD,qEAAqE;IACrE,mEAAmE;IACnE,kEAAkE;IAClE,gEAAgE;IAChE,yCAAyC;IACzC,IAAI,cAAc,GAAG,CAAC,CAAA;IACtB,IAAI,eAAe,GAAG,CAAC,CAAA;IACvB,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAA;QACzG,eAAe,IAAI,SAAS,CAAC,MAAM,CAAA;QACnC,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAA;QACzD,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAA;QAC7D,IAAI,WAAW,KAAK,CAAC,IAAI,cAAc,KAAK,CAAC;YAAE,SAAQ;QACvD,oEAAoE;QACpE,gEAAgE;QAChE,4DAA4D;QAC5D,qEAAqE;QACrE,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAClE,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;QAC/C,MAAM,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QACzC,cAAc,EAAE,CAAA;IAClB,CAAC;IAED,OAAO;QACL,YAAY;QACZ,UAAU,EAAE,eAAe;QAC3B,aAAa,EAAE,YAAY,GAAG,eAAe;QAC7C,cAAc;QACd,cAAc,EAAE,cAAc,CAAC,MAAM;KACtC,CAAA;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,gBAAgB,CAAC,MAAc;IACtC,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAA;IACzB,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,MAAM,CAAC,CAAA;IAC3C,OAAO,MAAM,CAAC,WAAW,EAAE,CAAA;AAC7B,CAAC"}

package/dist/audit/source-ip.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+export type SourceIpMode = 'none' | 'raw' | 'hashed' | 'truncated';
+export interface SourceIpExtractionContext {
+    /** Trust mode determines which header carries the client IP. */
+    trustMode: string;
+    /** TCP peer IP (when available — Hono's c.req.raw.headers may not expose). */
+    peerIp?: string;
+    /** All request headers (for X-Forwarded-For / Cf-Connecting-IP / X-Real-IP lookup). */
+    headers: ReadonlyMap<string, string>;
+    /**
+     * For trust modes that read X-Forwarded-For, how many trusted
+     * proxies are between Gazetta and the client. Counts back from
+     * the rightmost; everything to the right is trusted, the
+     * resulting leftmost-of-trusted is the client.
+     *
+     * Defaults to 1 (single proxy in front of Gazetta — most common).
+     */
+    trustedProxyCount?: number;
+}
+/**
+ * Extract the client IP per the trust mode's header convention.
+ * Returns null when the configured header is missing — the caller
+ * should omit the `sourceIp` field from the event (per design:
+ * "Explicitly absent is more honest" than fake values).
+ */
+export declare function extractSourceIp(ctx: SourceIpExtractionContext): string | null;
+/**
+ * Apply the configured source-IP mode. Returns null when the mode
+ * is `'none'` OR when the extracted IP is null/empty/malformed —
+ * the caller omits the field.
+ */
+export declare function processSourceIp(rawIp: string | null, mode: SourceIpMode, salt?: string): string | null;
+//# sourceMappingURL=source-ip.d.ts.map

package/dist/audit/source-ip.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"source-ip.d.ts","sourceRoot":"","sources":["../../src/audit/source-ip.ts"],"names":[],"mappings":"AAsCA,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,WAAW,CAAA;AAElE,MAAM,WAAW,yBAAyB;IACxC,gEAAgE;IAChE,SAAS,EAAE,MAAM,CAAA;IACjB,8EAA8E;IAC9E,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,uFAAuF;IACvF,OAAO,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACpC;;;;;;;OAOG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,yBAAyB,GAAG,MAAM,GAAG,IAAI,CAqC7E;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAkBtG"}

package/dist/audit/source-ip.js ADDED Viewed

@@ -0,0 +1,164 @@
+/**
+ * Source-IP recording — opt-in per design-audit.md "Source IP
+ * recording" section. Trust-mode-driven extraction with optional
+ * pseudonymization / truncation.
+ *
+ * # Modes
+ *
+ *   - `'none'` (default) — IP not recorded; field absent from event
+ *   - `'raw'` — full IP. GDPR-personal-data; operator declares
+ *     processing
+ *   - `'hashed'` — `sha256(ip + GAZETTA_AUDIT_SOURCEIP_SALT).slice(0, 16)`
+ *     for "same source across events?" correlation without
+ *     identification. Different salt from actor (so rotating one
+ *     doesn't break the other)
+ *   - `'truncated'` — `/24` for IPv4, `/48` for IPv6. Geographic /
+ *     network-segment forensics without device identification
+ *
+ * # Trust-mode-driven extraction
+ *
+ * Per design's "Trust-mode-driven header extraction" — leftmost-XFF
+ * naive read is an OWASP Trust Boundary Violation. The IP source
+ * differs per trust mode:
+ *
+ *   - `none`              — TCP peer (no proxy assumed)
+ *   - `forwarded-user`    — X-Forwarded-For with trustedProxyCount
+ *   - `cloudflare-access` — Cf-Connecting-IP (signed/trusted)
+ *   - `azure-easy-auth`   — X-Forwarded-For (Azure appends one entry)
+ *   - `aws-cognito`       — X-Forwarded-For (ALB appends one entry)
+ *   - `tailscale`         — TCP peer (serves direct)
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: extraction + truncation/hashing only. Doesn't dispatch,
+ *     doesn't extract actor identity. Pure functions over
+ *     `(headers, mode, salt?)`.
+ */
+import { createHash } from 'node:crypto';
+/**
+ * Extract the client IP per the trust mode's header convention.
+ * Returns null when the configured header is missing — the caller
+ * should omit the `sourceIp` field from the event (per design:
+ * "Explicitly absent is more honest" than fake values).
+ */
+export function extractSourceIp(ctx) {
+    const { trustMode, headers } = ctx;
+    switch (trustMode) {
+        case 'none':
+        case 'tailscale':
+            return ctx.peerIp ?? null;
+        case 'cloudflare-access': {
+            const cfIp = headers.get('cf-connecting-ip');
+            if (cfIp)
+                return cfIp;
+            return ctx.peerIp ?? null;
+        }
+        case 'forwarded-user':
+        case 'azure-easy-auth':
+        case 'aws-cognito': {
+            // X-Forwarded-For shape: "client, proxy1, proxy2".
+            // trustedProxyCount = N → take the (N+1)th from the RIGHT
+            // (1-indexed). For N=1 (one trusted proxy), client is the
+            // leftmost; for N=2, client is leftmost-of-leftmost-two.
+            const xff = headers.get('x-forwarded-for');
+            if (!xff)
+                return ctx.peerIp ?? null;
+            const entries = xff
+                .split(',')
+                .map(s => s.trim())
+                .filter(Boolean);
+            if (entries.length === 0)
+                return ctx.peerIp ?? null;
+            const trustedCount = ctx.trustedProxyCount ?? 1;
+            // Client position from the right: N entries trusted; client
+            // is the (N+1)th-from-right, i.e., entries[entries.length - N - 1].
+            const clientIdx = entries.length - trustedCount - 1;
+            if (clientIdx < 0)
+                return ctx.peerIp ?? null;
+            return entries[clientIdx];
+        }
+        default:
+            // Unknown trust mode (plugin-supplied future) — fall back to
+            // peer IP. Plugin authors override via custom extraction.
+            return ctx.peerIp ?? null;
+    }
+}
+/**
+ * Apply the configured source-IP mode. Returns null when the mode
+ * is `'none'` OR when the extracted IP is null/empty/malformed —
+ * the caller omits the field.
+ */
+export function processSourceIp(rawIp, mode, salt) {
+    if (mode === 'none')
+        return null;
+    if (!rawIp || rawIp.length === 0)
+        return null;
+    if (mode === 'raw')
+        return rawIp;
+    if (mode === 'hashed') {
+        if (!salt || salt.length === 0) {
+            throw new Error('recordSourceIp: hashed requires a non-empty salt (set GAZETTA_AUDIT_SOURCEIP_SALT environment variable)');
+        }
+        return createHash('sha256')
+            .update(rawIp + salt)
+            .digest('hex')
+            .slice(0, 16);
+    }
+    // mode === 'truncated'
+    return truncateIp(rawIp);
+}
+/**
+ * Truncate an IP to /24 (IPv4) or /48 (IPv6). Returns null for
+ * malformed input — the caller treats this as "missing" and omits
+ * the field.
+ */
+function truncateIp(ip) {
+    // IPv4: 1.2.3.4 → 1.2.3.0/24
+    if (ip.includes('.') && !ip.includes(':')) {
+        const parts = ip.split('.');
+        if (parts.length !== 4)
+            return null;
+        for (const p of parts) {
+            const n = Number.parseInt(p, 10);
+            if (!Number.isInteger(n) || n < 0 || n > 255)
+                return null;
+        }
+        return `${parts[0]}.${parts[1]}.${parts[2]}.0/24`;
+    }
+    // IPv6: fe80::1234 → fe80::/48 (first 3 groups of 16 bits)
+    if (ip.includes(':')) {
+        // Expand :: shorthand if present.
+        const groups = expandIpv6Groups(ip);
+        if (!groups)
+            return null;
+        return `${groups.slice(0, 3).join(':')}::/48`;
+    }
+    return null;
+}
+function expandIpv6Groups(ip) {
+    const doubleColon = ip.indexOf('::');
+    let groups;
+    if (doubleColon >= 0) {
+        const left = ip.slice(0, doubleColon).split(':').filter(Boolean);
+        const right = ip
+            .slice(doubleColon + 2)
+            .split(':')
+            .filter(Boolean);
+        const fillCount = 8 - left.length - right.length;
+        if (fillCount < 0)
+            return null;
+        groups = [...left, ...new Array(fillCount).fill('0'), ...right];
+    }
+    else {
+        groups = ip.split(':');
+    }
+    if (groups.length !== 8)
+        return null;
+    for (const g of groups) {
+        const n = Number.parseInt(g, 16);
+        if (!Number.isInteger(n) || n < 0 || n > 0xffff)
+            return null;
+    }
+    return groups;
+}
+//# sourceMappingURL=source-ip.js.map

package/dist/audit/source-ip.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"source-ip.js","sourceRoot":"","sources":["../../src/audit/source-ip.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAsBxC;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,GAA8B;IAC5D,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,GAAG,CAAA;IAClC,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,MAAM,CAAC;QACZ,KAAK,WAAW;YACd,OAAO,GAAG,CAAC,MAAM,IAAI,IAAI,CAAA;QAC3B,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;YAC5C,IAAI,IAAI;gBAAE,OAAO,IAAI,CAAA;YACrB,OAAO,GAAG,CAAC,MAAM,IAAI,IAAI,CAAA;QAC3B,CAAC;QACD,KAAK,gBAAgB,CAAC;QACtB,KAAK,iBAAiB,CAAC;QACvB,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,mDAAmD;YACnD,0DAA0D;YAC1D,0DAA0D;YAC1D,yDAAyD;YACzD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;YAC1C,IAAI,CAAC,GAAG;gBAAE,OAAO,GAAG,CAAC,MAAM,IAAI,IAAI,CAAA;YACnC,MAAM,OAAO,GAAG,GAAG;iBAChB,KAAK,CAAC,GAAG,CAAC;iBACV,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBAClB,MAAM,CAAC,OAAO,CAAC,CAAA;YAClB,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,GAAG,CAAC,MAAM,IAAI,IAAI,CAAA;YACnD,MAAM,YAAY,GAAG,GAAG,CAAC,iBAAiB,IAAI,CAAC,CAAA;YAC/C,4DAA4D;YAC5D,oEAAoE;YACpE,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,YAAY,GAAG,CAAC,CAAA;YACnD,IAAI,SAAS,GAAG,CAAC;gBAAE,OAAO,GAAG,CAAC,MAAM,IAAI,IAAI,CAAA;YAC5C,OAAO,OAAO,CAAC,SAAS,CAAC,CAAA;QAC3B,CAAC;QACD;YACE,6DAA6D;YAC7D,0DAA0D;YAC1D,OAAO,GAAG,CAAC,MAAM,IAAI,IAAI,CAAA;IAC7B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,KAAoB,EAAE,IAAkB,EAAE,IAAa;IACrF,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IAChC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAE7C,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,KAAK,CAAA;IAChC,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,yGAAyG,CAC1G,CAAA;QACH,CAAC;QACD,OAAO,UAAU,CAAC,QAAQ,CAAC;aACxB,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC;aACpB,MAAM,CAAC,KAAK,CAAC;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACjB,CAAC;IACD,uBAAuB;IACvB,OAAO,UAAU,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,UAAU,CAAC,EAAU;IAC5B,6BAA6B;IAC7B,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QACnC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;YAChC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG;gBAAE,OAAO,IAAI,CAAA;QAC3D,CAAC;QACD,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,OAAO,CAAA;IACnD,CAAC;IACD,2DAA2D;IAC3D,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,kCAAkC;QAClC,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAA;QACnC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAA;IAC/C,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,gBAAgB,CAAC,EAAU;IAClC,MAAM,WAAW,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IACpC,IAAI,MAAgB,CAAA;IACpB,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAChE,MAAM,KAAK,GAAG,EAAE;aACb,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC;aACtB,KAAK,CAAC,GAAG,CAAC;aACV,MAAM,CAAC,OAAO,CAAC,CAAA;QAClB,MAAM,SAAS,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAA;QAChD,IAAI,SAAS,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QAC9B,MAAM,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,KAAK,CAAC,CAAA;IACjE,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACpC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QAChC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,MAAM;YAAE,OAAO,IAAI,CAAA;IAC9D,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/audit/types.d.ts ADDED Viewed

@@ -0,0 +1,143 @@
+/**
+ * Audit types — the durable forensic record shape consumed by every
+ * `AuditProvider` implementation.
+ *
+ * # Why these types live here
+ *
+ * Per `design-audit.md`'s "history-recorder is the foundation"
+ * invariant, the audit log extends the existing `Revision` shape
+ * with `actor` + `outcome` fields. The types here are the wire
+ * shape every provider speaks; in-tree `HistoryAuditProvider`
+ * (Cut 2) and external-sink providers (v2 webhook, file, OTel,
+ * CloudWatch, Azure Monitor, syslog) all consume `AuditEvent`.
+ *
+ * # Outcome is required
+ *
+ * Per the locked invariant: "no implicit 'default to success' —
+ * recording sites supply outcome explicitly. Cuts a class of 'I
+ * forgot to record the failure' bugs." The closed enum stays
+ * closed (future additions like `'rate-limited'`, `'session-expired'`
+ * extend the enum, not the wire shape).
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: this module owns the event vocabulary. Doesn't read
+ *     storage; pure data shapes.
+ *   - DIP: providers, recorder, drawer all depend on these types
+ *     — never on which specific provider produced an event.
+ *   - LSP: every `AuditProvider` returns events shaped by these
+ *     types; consumers branch only on `outcome` / `action` for
+ *     behavior, never on which provider produced the data.
+ */
+/**
+ * Closed enum of action verbs Gazetta records. Per `design-audit.md`
+ * "Recording scope (v1)": save / publish / delete / restore at the
+ * content level + configure-roles for role-mapping changes in
+ * site.config.ts. `hook-fired` extends per design-hooks.md Cut 7.
+ *
+ * Soft-delete (per design-soft-delete.md Q8) extends with
+ * `archive` / `unarchive` / `purge` / `rename` — each maps to one
+ * user action; `rename` is recorded as a single composite event with
+ * `metadata.fromName` for forensic reconstruction (per Q8 M4 lock).
+ */
+export type AuditAction = 'save' | 'publish' | 'delete' | 'restore' | 'configure-roles' | 'hook-fired' | 'archive' | 'unarchive' | 'purge' | 'rename' | 'review-withdraw' | 'ai-suggest-alt';
+/**
+ * Closed enum of outcomes. Locked: every recording site supplies
+ * outcome explicitly. The four listed cover write attempts;
+ * v2 ambient-log expansion ('read', 'hook-cancelled') stays
+ * closed-enum.
+ */
+export type AuditOutcome = 'success' | 'forbidden' | 'validation-failed' | 'unauthenticated' | 'hook-cancelled' | 'timeout';
+/**
+ * Snapshot of the principal at decision time — never a live
+ * reference. Subsequent role changes don't rewrite history.
+ */
+export interface AuditActor {
+    /**
+     * Upstream stable subject (OIDC `sub`, Cloudflare Access
+     * `identity_nonce`, etc.) — NOT email. Email rotates; sub is
+     * stable. When `admin.audit.actorPseudonym: 'sha256'` is
+     * configured (Cut 4), this field is the salted hash prefix.
+     * `'unknown'` for pre-RBAC revisions or `none`-mode deployments.
+     */
+    id: string;
+    /**
+     * Optional human-readable identifier. Redacted to undefined when
+     * pseudonymization is enabled (low-entropy email gives weak
+     * pseudonymization).
+     */
+    email?: string;
+    /** Resolved Gazetta role at decision time. */
+    role: string;
+    /**
+     * Trust mode that produced this principal. Open string (not the
+     * `TrustMode` enum) so plugin-supplied modes can carry their own
+     * names without widening this type.
+     */
+    trustMode: string;
+}
+/**
+ * What was acted on. Keeps the audit query layer simple — consumers
+ * filter by `kind` + optional `name`.
+ */
+export interface AuditScope {
+    kind: 'page' | 'fragment' | 'asset' | 'site';
+    /** Item name when applicable (page name, fragment name, etc.). */
+    name?: string;
+}
+/**
+ * The wire shape every provider speaks. Every event records actor
+ * identity + action + outcome + scope; optional sourceIp / userAgent
+ * are operator-opt-in per Cut 4's privacy posture.
+ */
+export interface AuditEvent {
+    /** ISO 8601 with Z suffix. Matches the existing history-recorder convention. */
+    timestamp: string;
+    /** Snapshot of the actor at decision time. */
+    actor: AuditActor;
+    /** Closed-enum action verb. */
+    action: AuditAction;
+    /** Closed-enum outcome. Required — no implicit default. */
+    outcome: AuditOutcome;
+    /** What was acted on. */
+    scope: AuditScope;
+    /**
+     * Source IP when `admin.audit.recordSourceIp` is configured.
+     * Truncation / pseudonymization happens at recording time per
+     * the operator's mode setting (Cut 4).
+     */
+    sourceIp?: string;
+    /**
+     * User agent when `admin.audit.recordUserAgent` is configured.
+     * Cut 4 supports raw / truncated modes; default is none.
+     */
+    userAgent?: string;
+    /**
+     * Provider-specific extras. Examples: publish source target +
+     * destination, restore revision id, `missingCapabilities` for
+     * forbidden outcomes, `comment` for failure-mode events.
+     */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Filter shape consumed by `AuditProvider.query()`. Open enums
+ * because filter values come from URL query params; the server
+ * validates each field against the audit-event closed enums.
+ */
+export interface AuditQuery {
+    /** Match against `actor.id` or `actor.email` (case-insensitive substring). */
+    actor?: string;
+    action?: AuditAction;
+    outcome?: AuditOutcome;
+    scope?: {
+        kind?: AuditScope['kind'];
+        name?: string;
+    };
+    /** ISO 8601 timestamp lower bound (inclusive). */
+    since?: string;
+    /** ISO 8601 timestamp upper bound (exclusive). */
+    until?: string;
+    /** Max events returned. Default 100; provider may cap further. */
+    limit?: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/audit/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/audit/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH;;;;;;;;;;GAUG;AACH,MAAM,MAAM,WAAW,GACnB,MAAM,GACN,SAAS,GACT,QAAQ,GACR,SAAS,GACT,iBAAiB,GACjB,YAAY,GACZ,SAAS,GACT,WAAW,GACX,OAAO,GACP,QAAQ,GACR,iBAAiB,GACjB,gBAAgB,CAAA;AAEpB;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GACpB,SAAS,GACT,WAAW,GACX,mBAAmB,GACnB,iBAAiB,GACjB,gBAAgB,GAChB,SAAS,CAAA;AAEb;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;OAMG;IACH,EAAE,EAAE,MAAM,CAAA;IACV;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAA;IACZ;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,GAAG,MAAM,CAAA;IAC5C,kEAAkE;IAClE,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,gFAAgF;IAChF,SAAS,EAAE,MAAM,CAAA;IACjB,8CAA8C;IAC9C,KAAK,EAAE,UAAU,CAAA;IACjB,+BAA+B;IAC/B,MAAM,EAAE,WAAW,CAAA;IACnB,2DAA2D;IAC3D,OAAO,EAAE,YAAY,CAAA;IACrB,yBAAyB;IACzB,KAAK,EAAE,UAAU,CAAA;IACjB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,8EAA8E;IAC9E,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,OAAO,CAAC,EAAE,YAAY,CAAA;IACtB,KAAK,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;IACpD,kDAAkD;IAClD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,kDAAkD;IAClD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,kEAAkE;IAClE,KAAK,CAAC,EAAE,MAAM,CAAA;CACf"}

package/dist/audit/types.js ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Audit types — the durable forensic record shape consumed by every
+ * `AuditProvider` implementation.
+ *
+ * # Why these types live here
+ *
+ * Per `design-audit.md`'s "history-recorder is the foundation"
+ * invariant, the audit log extends the existing `Revision` shape
+ * with `actor` + `outcome` fields. The types here are the wire
+ * shape every provider speaks; in-tree `HistoryAuditProvider`
+ * (Cut 2) and external-sink providers (v2 webhook, file, OTel,
+ * CloudWatch, Azure Monitor, syslog) all consume `AuditEvent`.
+ *
+ * # Outcome is required
+ *
+ * Per the locked invariant: "no implicit 'default to success' —
+ * recording sites supply outcome explicitly. Cuts a class of 'I
+ * forgot to record the failure' bugs." The closed enum stays
+ * closed (future additions like `'rate-limited'`, `'session-expired'`
+ * extend the enum, not the wire shape).
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: this module owns the event vocabulary. Doesn't read
+ *     storage; pure data shapes.
+ *   - DIP: providers, recorder, drawer all depend on these types
+ *     — never on which specific provider produced an event.
+ *   - LSP: every `AuditProvider` returns events shaped by these
+ *     types; consumers branch only on `outcome` / `action` for
+ *     behavior, never on which provider produced the data.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/audit/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/audit/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG"}

package/dist/audit/user-agent.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * User-agent recording — opt-in per design-audit.md "User agent
+ * recording" section. Lower priority than source-IP; most operators
+ * don't enable.
+ *
+ * # Modes
+ *
+ *   - `'none'` (default) — UA not recorded; field absent
+ *   - `'raw'` — full UA string. Useful for fingerprint forensics
+ *   - `'truncated'` — browser family + major version. Drops
+ *     fingerprinting detail; example outputs: `'Chrome/119'`,
+ *     `'Firefox/120'`, `'Safari/17'`, `'Other'`
+ *
+ * No `'hashed'` mode — UA has too little entropy for hashing to be
+ * a meaningful privacy hardening; if you want privacy, use
+ * `truncated` or `none`.
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: UA processing only.
+ */
+export type UserAgentMode = 'none' | 'raw' | 'truncated';
+/**
+ * Apply the configured UA mode. Returns null for `'none'` or when
+ * input is empty/missing.
+ */
+export declare function processUserAgent(rawUa: string | undefined, mode: UserAgentMode): string | null;
+//# sourceMappingURL=user-agent.d.ts.map

package/dist/audit/user-agent.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"user-agent.d.ts","sourceRoot":"","sources":["../../src/audit/user-agent.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,KAAK,GAAG,WAAW,CAAA;AAExD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,IAAI,EAAE,aAAa,GAAG,MAAM,GAAG,IAAI,CAM9F"}

package/dist/audit/user-agent.js ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * User-agent recording — opt-in per design-audit.md "User agent
+ * recording" section. Lower priority than source-IP; most operators
+ * don't enable.
+ *
+ * # Modes
+ *
+ *   - `'none'` (default) — UA not recorded; field absent
+ *   - `'raw'` — full UA string. Useful for fingerprint forensics
+ *   - `'truncated'` — browser family + major version. Drops
+ *     fingerprinting detail; example outputs: `'Chrome/119'`,
+ *     `'Firefox/120'`, `'Safari/17'`, `'Other'`
+ *
+ * No `'hashed'` mode — UA has too little entropy for hashing to be
+ * a meaningful privacy hardening; if you want privacy, use
+ * `truncated` or `none`.
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: UA processing only.
+ */
+/**
+ * Apply the configured UA mode. Returns null for `'none'` or when
+ * input is empty/missing.
+ */
+export function processUserAgent(rawUa, mode) {
+    if (mode === 'none')
+        return null;
+    if (!rawUa || rawUa.length === 0)
+        return null;
+    if (mode === 'raw')
+        return rawUa;
+    // mode === 'truncated' — extract browser family + major version.
+    return truncateUserAgent(rawUa);
+}
+/**
+ * Heuristic browser-family detection. Order matters: Edge before
+ * Chrome (Edge UA contains Chrome); Opera before Chrome (same).
+ * Returns 'Other' when no known family matches — better than
+ * leaking the raw string under truncated mode.
+ */
+function truncateUserAgent(ua) {
+    // Patterns ordered by specificity: more-specific first.
+    const patterns = [
+        { name: 'Edge', regex: /Edg(e|A|iOS)?\/(\d+)/i },
+        { name: 'Opera', regex: /OPR\/(\d+)/i },
+        { name: 'Chrome', regex: /Chrome\/(\d+)/i },
+        { name: 'Firefox', regex: /Firefox\/(\d+)/i },
+        { name: 'Safari', regex: /Version\/(\d+).*Safari/i },
+    ];
+    for (const { name, regex } of patterns) {
+        const match = ua.match(regex);
+        if (match) {
+            // Match group 1 is sometimes a sub-product name (Edg vs Edge),
+            // group 2 is the version. Pick the last numeric group.
+            const numericGroups = match.filter(g => /^\d+$/.test(g ?? ''));
+            const version = numericGroups[numericGroups.length - 1];
+            return `${name}/${version}`;
+        }
+    }
+    return 'Other';
+}
+//# sourceMappingURL=user-agent.js.map

package/dist/audit/user-agent.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user-agent.js","sourceRoot":"","sources":["../../src/audit/user-agent.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAIH;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAyB,EAAE,IAAmB;IAC7E,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IAChC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAC7C,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,KAAK,CAAA;IAChC,iEAAiE;IACjE,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAA;AACjC,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,EAAU;IACnC,wDAAwD;IACxD,MAAM,QAAQ,GAA2C;QACvD,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB,EAAE;QAChD,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE;QACvC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,EAAE;QAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,iBAAiB,EAAE;QAC7C,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,yBAAyB,EAAE;KACrD,CAAA;IACD,KAAK,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,QAAQ,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QAC7B,IAAI,KAAK,EAAE,CAAC;YACV,+DAA+D;YAC/D,uDAAuD;YACvD,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;YAC9D,MAAM,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;YACvD,OAAO,GAAG,IAAI,IAAI,OAAO,EAAE,CAAA;QAC7B,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC"}