gazetta 0.7.0 → 0.8.0

package/dist/admin-api/hook-audit-emitter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hook-audit-emitter.d.ts","sourceRoot":"","sources":["../../src/admin-api/hook-audit-emitter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AACrD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAA;AAE1D;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,YAAY,GAAG,iBAAiB,CAe7E"}

package/dist/admin-api/hook-audit-emitter.js

@@ -0,0 +1,21 @@
+/**
+ * Build a HookFiringEmitter that forwards every firing to
+ * `audit.record(...)`. Pass into HookContext.auditEmit.
+ */
+export function makeAuditFiringEmitter(audit) {
+    return async (event) => {
+        await audit.record({
+            action: 'hook-fired',
+            outcome: event.outcome,
+            scope: { kind: 'site' },
+            metadata: {
+                hookName: event.hookName,
+                phase: event.phase,
+                source: event.source,
+                priority: event.priority,
+                durationMs: event.durationMs,
+            },
+        });
+    };
+}
+//# sourceMappingURL=hook-audit-emitter.js.map

package/dist/admin-api/hook-audit-emitter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hook-audit-emitter.js","sourceRoot":"","sources":["../../src/admin-api/hook-audit-emitter.ts"],"names":[],"mappings":"AAiCA;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAmB;IACxD,OAAO,KAAK,EAAC,KAAK,EAAC,EAAE;QACnB,MAAM,KAAK,CAAC,MAAM,CAAC;YACjB,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;YACvB,QAAQ,EAAE;gBACR,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,UAAU,EAAE,KAAK,CAAC,UAAU;aAC7B;SACF,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}

package/dist/admin-api/index.d.ts

@@ -1,6 +1,39 @@
 import { Hono } from 'hono';
 import type { StorageProvider, TargetConfig } from '../types.js';
 import { type SourceContext } from './source-context.js';
+import { HookRegistry, type HookContribution } from '../hooks/index.js';
+export interface BuildHooksRegistryOptions {
+    /**
+     * Factory contributions from `site.config.ts admin.hooks`.
+     * Each contribution carries a `source` + array of phase /
+     * handler / options entries.
+     *
+     * Default per-handler priority is **100** (factory band) when
+     * the contribution doesn't specify one explicitly. Site-local
+     * factories that want to run last can pass `priority: 1000`
+     * via per-entry options.
+     */
+    contributions?: ReadonlyArray<HookContribution>;
+}
+/**
+ * Convenience boot helper: construct a HookRegistry, populate it
+ * from `admin.hooks` factory contributions, seal it, return it.
+ *
+ * Per design-hooks.md "Registration (Q4 locked — factory
+ * contributions only)". Site-local hooks AND npm-distributed
+ * plugins both produce `HookContribution` from a factory call;
+ * both wire identically through `admin.hooks` in `site.config.ts`.
+ *
+ * Sequence:
+ *   1. For each contribution → for each `hooks[i]` entry →
+ *      register with the contribution's source identity.
+ *   2. Seal — subsequent registrations throw
+ *      RegistrationAfterInitError.
+ *
+ * `contributions` is optional; an empty registry is a valid
+ * result for sites without hooks.
+ */
+export declare function buildHooksRegistry(opts?: BuildHooksRegistryOptions): Promise<HookRegistry>;
 export interface AdminAppOptions {
     /**
      * Pre-built SourceContext — preferred when the caller controls source-content
@@ -21,9 +54,60 @@ export interface AdminAppOptions {
     targets?: Map<string, StorageProvider>;
     /** Target configurations — providers are initialized lazily on first publish/fetch/compare. */
     targetConfigs?: Record<string, TargetConfig>;
+    /**
+     * Disable the periodic cache-stats logger. Defaults to false (logger
+     * runs every 5 minutes). Tests pass true to avoid background timers
+     * leaking into the test runtime.
+     */
+    disableCacheStatsLogger?: boolean;
+    /**
+     * Pre-built hook registry. Construct via
+     * `buildHooksRegistry({ contributions })` against
+     * `manifest.admin?.hooks` from the loaded site config, then pass
+     * the sealed registry here. When omitted, hook dispatch is a
+     * no-op (sites without hooks pay zero overhead).
+     *
+     * Tests pass an empty (or pre-populated) registry directly.
+     */
+    hooks?: HookRegistry;
+    /**
+     * Background validation scanner (Cut 2). Constructed by the boot path
+     * via `createValidationScanner({...})` against the resolved source. The
+     * admin app mounts the read-side route + SSE channel against this
+     * instance. When omitted, `/api/validation/issues` returns an empty list
+     * and the SSE channel emits no events.
+     */
+    validationScanner?: import('../validation/scanner.js').ValidationScanner | null;
+    /**
+     * Validator registry override. Defaults to `defaultValidatorRegistry()`
+     * which ships every Cut 1-4 validator. Tests pass a custom registry to
+     * exercise the publish-audit + publish-gate paths with synthetic
+     * pre-publish-stage validators.
+     */
+    validators?: import('../validation/registry.js').ValidatorRegistry;
+    /**
+     * Disable the periodic audit retention pruner. Defaults to false
+     * (pruner runs at boot + every 6 hours when audit retention is
+     * configured). Tests pass true to avoid background timers leaking
+     * into the test runtime; the boot pass and the interval both gate
+     * on this flag.
+     */
+    disableAuditRetentionPruner?: boolean;
 }
 type AdminApp = Hono & {
     invalidateTemplatesCache(): void;
+    /**
+     * Drop AdminCache entries for content (page + fragment summaries)
+     * across every SourceContext the resolver has built. Called by
+     * `gazetta dev`'s file watcher on out-of-band manifest changes
+     * (git pull, manual edit, e2e wipes) — those bypass the save
+     * handler that would normally invalidate the cache.
+     *
+     * Production (`gazetta serve`) doesn't have a file watcher;
+     * out-of-band changes there are vanishingly rare (manifests are
+     * deployed-once artifacts).
+     */
+    invalidateContentCache(): Promise<void>;
 };
 /**
  * Create an admin API Hono app. Accepts a single options object.

package/dist/admin-api/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/admin-api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAG3B,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAMhE,OAAO,EAIL,KAAK,aAAa,EAEnB,MAAM,qBAAqB,CAAA;AAa5B,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,MAAM,CAAC,EAAE,aAAa,CAAA;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,6DAA6D;IAC7D,OAAO,CAAC,EAAE,eAAe,CAAA;IACzB,6EAA6E;IAC7E,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,8FAA8F;IAC9F,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,8EAA8E;IAC9E,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,wFAAwF;IACxF,OAAO,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACtC,+FAA+F;IAC/F,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAA;CAC7C;AAED,KAAK,QAAQ,GAAG,IAAI,GAAG;IACrB,wBAAwB,IAAI,IAAI,CAAA;CACjC,CAAA;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,eAAe,GAAG,QAAQ,CA4G9D"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/admin-api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAK3B,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAMhE,OAAO,EAIL,KAAK,aAAa,EAEnB,MAAM,qBAAqB,CAAA;AAgC5B,OAAO,EAAE,YAAY,EAAE,KAAK,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAEvE,MAAM,WAAW,yBAAyB;IACxC;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAA;CAChD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,kBAAkB,CAAC,IAAI,GAAE,yBAA8B,GAAG,OAAO,CAAC,YAAY,CAAC,CAcpG;AAGD,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,MAAM,CAAC,EAAE,aAAa,CAAA;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,6DAA6D;IAC7D,OAAO,CAAC,EAAE,eAAe,CAAA;IACzB,6EAA6E;IAC7E,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,8FAA8F;IAC9F,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,8EAA8E;IAC9E,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,wFAAwF;IACxF,OAAO,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACtC,+FAA+F;IAC/F,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IAC5C;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAA;IACjC;;;;;;;;OAQG;IACH,KAAK,CAAC,EAAE,YAAY,CAAA;IACpB;;;;;;OAMG;IACH,iBAAiB,CAAC,EAAE,OAAO,0BAA0B,EAAE,iBAAiB,GAAG,IAAI,CAAA;IAC/E;;;;;OAKG;IACH,UAAU,CAAC,EAAE,OAAO,2BAA2B,EAAE,iBAAiB,CAAA;IAClE;;;;;;OAMG;IACH,2BAA2B,CAAC,EAAE,OAAO,CAAA;CACtC;AAED,KAAK,QAAQ,GAAG,IAAI,GAAG;IACrB,wBAAwB,IAAI,IAAI,CAAA;IAChC;;;;;;;;;;OAUG;IACH,sBAAsB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACxC,CAAA;AA4BD;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,eAAe,GAAG,QAAQ,CAiT9D"}

package/dist/admin-api/index.js

@@ -1,5 +1,7 @@
 import { Hono } from 'hono';
 import { join } from 'node:path';
+import { hostname } from 'node:os';
+import { randomBytes } from 'node:crypto';
 import { logger } from 'hono/logger';
 import { scanTemplates } from '../templates-scan.js';
 import { memoizeAsync } from '../concurrency.js';
@@ -8,9 +10,14 @@ import { createHistoryProvider } from '../history-provider.js';
 import { isHistoryEnabled, getHistoryRetention } from '../types.js';
 import { createSourceContext, staticSourceResolver, registrySourceResolver, } from './source-context.js';
 import { authMiddleware } from './middleware/auth.js';
+import { principalMiddleware } from './middleware/principal.js';
+import { auditMiddleware } from './middleware/audit.js';
+import { AuthConfigSchema, AuthConfigurationError, buildAuthProvider } from '../auth/index.js';
+import { AuditConfigSchema, AuditConfigurationError, createHistoryAuditProvider, DEFAULT_AUDIT_CONFIG, pruneAuditEvents, } from '../audit/index.js';
 import { siteRoutes } from './routes/site.js';
 import { pageRoutes } from './routes/pages.js';
 import { fragmentRoutes } from './routes/fragments.js';
+import { defaultValidatorRegistry } from '../validation/default-registry.js';
 import { templateRoutes } from './routes/templates.js';
 import { previewRoutes } from './routes/preview.js';
 import { publishRoutes } from './routes/publish.js';
@@ -18,6 +25,76 @@ import { compareRoutes } from './routes/compare.js';
 import { fieldRoutes } from './routes/fields.js';
 import { historyRoutes } from './routes/history.js';
 import { assetRoutes } from './routes/assets.js';
+import { systemRoutes } from './routes/system.js';
+import { auditRoutes } from './routes/audit.js';
+import { validationRoutes } from './routes/validation.js';
+import { healthRoutes } from './routes/health.js';
+import { archiveRoutes } from './routes/archive.js';
+import { renameRoutes } from './routes/rename.js';
+import { warnOnCapabilityGaps } from '../runtime/capability-gap-warnings.js';
+import { HookRegistry } from '../hooks/index.js';
+/**
+ * Convenience boot helper: construct a HookRegistry, populate it
+ * from `admin.hooks` factory contributions, seal it, return it.
+ *
+ * Per design-hooks.md "Registration (Q4 locked — factory
+ * contributions only)". Site-local hooks AND npm-distributed
+ * plugins both produce `HookContribution` from a factory call;
+ * both wire identically through `admin.hooks` in `site.config.ts`.
+ *
+ * Sequence:
+ *   1. For each contribution → for each `hooks[i]` entry →
+ *      register with the contribution's source identity.
+ *   2. Seal — subsequent registrations throw
+ *      RegistrationAfterInitError.
+ *
+ * `contributions` is optional; an empty registry is a valid
+ * result for sites without hooks.
+ */
+export async function buildHooksRegistry(opts = {}) {
+    const registry = new HookRegistry();
+    if (opts.contributions) {
+        for (const contribution of opts.contributions) {
+            for (const entry of contribution.hooks) {
+                // Default factory-supplied hook priority to the factory
+                // band (100). Per-entry options.priority overrides.
+                const options = { priority: 100, ...(entry.options ?? {}) };
+                registry.register(entry.phase, entry.handler, options, contribution.source);
+            }
+        }
+    }
+    registry.seal();
+    return registry;
+}
+import { startCacheStatsLogger } from './cache-stats-logger.js';
+/**
+ * Resolve a per-process instance id for audit JSONL file naming.
+ *
+ * Chain per `design-logging.md`'s "Multi-instance correlation":
+ *   1. `K_REVISION` env (Cloud Run; per-revision)
+ *   2. `os.hostname()` — returns the pod name on K8s default config,
+ *      machine hostname elsewhere
+ *   3. Random 8-char hex (only when hostname is empty / unavailable)
+ *
+ * `process.env.HOSTNAME` is NOT in the chain — Linux containers
+ * usually have it via the shell, but Node processes exec'd directly
+ * may not inherit shell env, so HOSTNAME can be undefined on K8s
+ * pods. `os.hostname()` calls gethostname(2) directly and is reliable
+ * across runtimes.
+ */
+function resolveInstanceId() {
+    if (process.env.K_REVISION)
+        return process.env.K_REVISION;
+    try {
+        const name = hostname();
+        if (name)
+            return name;
+    }
+    catch {
+        // hostname() can throw on some Wintertc-style runtimes — fall through.
+    }
+    return randomBytes(4).toString('hex');
+}
 /**
  * Create an admin API Hono app. Accepts a single options object.
  *
@@ -29,6 +106,9 @@ import { assetRoutes } from './routes/assets.js';
 export function createAdminApp(opts) {
     const app = new Hono();
     app.use(logger());
+    // Bearer-token guard (legacy GAZETTA_TOKEN) — orthogonal to
+    // upstream-identity extraction. Principal middleware ships
+    // below once `source.manifest` is in scope.
     app.use('/api/*', authMiddleware());
     const templatesDir = opts.templatesDir ?? join(opts.siteDir, 'templates');
     const adminDir = opts.adminDir ?? join(opts.siteDir, 'admin');
@@ -51,7 +131,7 @@ export function createAdminApp(opts) {
         // Backfill history on the source if the caller didn't supply one —
         // dev bootstrap builds a bare SourceContext and relies on admin-api
         // to wire history per the target's config. Skip when the target's
-        // site.yaml has `history.enabled: false`, or when there's no
+        // site.config.ts has `history.enabled: false`, or when there's no
         // matching targetConfig (legacy single-storage path).
         if (!opts.source.history) {
             source = { ...opts.source, history: buildHistoryForSource(opts, opts.source) };
@@ -67,6 +147,14 @@ export function createAdminApp(opts) {
             history: buildHistoryForLegacySource(opts),
         });
     }
+    // Capability-gap surface #1 (boot config validate) per
+    // `feature-design-process.md`'s capability-gap-UX discipline.
+    // Walks targets; warns about runtime capability gaps (e.g., a
+    // plain-static target can't emit 301 redirects from archive
+    // operations). Non-blocking — admin starts. Operators see the
+    // warning during deploy so misconfiguration surfaces early.
+    if (source.manifest)
+        warnOnCapabilityGaps(source.manifest);
     // Build the per-request source resolver. When target configs are
     // declared, routes honor `?target=<name>` to read from any known
     // target. Providers are initialized lazily so dev startup doesn't
@@ -86,6 +174,7 @@ export function createAdminApp(opts) {
             registry,
             projectSiteDir: source.projectSiteDir,
             manifest: source.manifest,
+            gazettaManifest: source.gazettaManifest,
             // The registry's filesystem targets are already content-rooted
             // (path=./targets/<key>); siteDir on the resolved context is empty.
             siteDir: '',
@@ -93,14 +182,16 @@ export function createAdminApp(opts) {
                 const config = opts.targetConfigs[name];
                 if (!config)
                     return;
-                const { createStorageProvider } = await import('../targets.js');
-                const storage = await createStorageProvider(config.storage, source.projectSiteDir, name);
+                // Storage is already a constructed provider (Path X — operator-facing
+                // factory ran at config-eval). Init the connection if the provider
+                // exposes one (S3 + Azure use this for connectivity probes).
+                const storage = config.storage;
                 const maybeInit = storage;
                 if (typeof maybeInit.init === 'function')
                     await maybeInit.init();
                 providers.set(name, storage);
             },
-            // Build a HistoryProvider per target, honoring the site.yaml
+            // Build a HistoryProvider per target, honoring the site.config.ts
             // `history` block (enabled/retention). Returns undefined when the
             // target has history turned off — routes no-op on absent provider.
             buildHistory: (name, storage) => {
@@ -114,21 +205,175 @@ export function createAdminApp(opts) {
     else {
         resolveSource = staticSourceResolver(source);
     }
+    // Validator registry built once per app — Cut 1 ships the 5 reference-
+    // existence validators; Cut 2+ extend the default registry. Tests can
+    // override via opts.validators.
+    const validators = opts.validators ?? defaultValidatorRegistry();
+    // Principal middleware — extracts upstream identity (Cloudflare
+    // Access JWT, X-Forwarded-User header, etc.) per the configured
+    // trust mode in `site.config.ts admin.auth`. Falls back to
+    // `none`-mode (anonymous + admin role) when no auth is configured.
+    // Must run before route registration so handlers see c.var.principal.
+    //
+    // The auth config sits under SiteManifest.admin.auth as a loose
+    // record (per the existing config schema's reserved-slot pattern);
+    // we strict-parse it here against the typed AuthConfigSchema and
+    // throw a clear AuthConfigurationError if the operator's block is
+    // malformed.
+    const rawAuthBlock = source.manifest?.admin?.auth;
+    let authProvider;
+    if (rawAuthBlock !== undefined) {
+        const parsed = AuthConfigSchema.safeParse(rawAuthBlock);
+        if (!parsed.success) {
+            throw new AuthConfigurationError(`Invalid admin.auth block in site.config.ts: ${parsed.error.issues
+                .map(i => `${i.path.join('.')}: ${i.message}`)
+                .join('; ')}`);
+        }
+        authProvider = buildAuthProvider(parsed.data);
+    }
+    else {
+        // No admin.auth block — none mode (single-author / dev).
+        authProvider = buildAuthProvider(undefined);
+    }
+    app.use('/api/*', principalMiddleware(authProvider));
+    // Audit middleware — per design-audit.md "Recording timing".
+    // Resolves admin.audit config; constructs the configured providers;
+    // injects c.var.audit so handlers can call `c.var.audit.record(...)`.
+    // Defaults to HistoryAuditProvider when admin.audit is absent
+    // (zero-config audit; events stored under target's
+    // .gazetta/audit/events-{instance}.jsonl).
+    const rawAuditBlock = source.manifest?.admin?.audit;
+    let auditConfig;
+    if (rawAuditBlock !== undefined) {
+        const parsed = AuditConfigSchema.safeParse(rawAuditBlock);
+        if (!parsed.success) {
+            throw new AuditConfigurationError(`Invalid admin.audit block in site.config.ts: ${parsed.error.issues
+                .map(i => `${i.path.join('.')}: ${i.message}`)
+                .join('; ')}`);
+        }
+        auditConfig = parsed.data;
+    }
+    else {
+        auditConfig = DEFAULT_AUDIT_CONFIG;
+    }
+    // Salt env var resolution per design-audit.md "Salt management":
+    // GAZETTA_AUDIT_ACTOR_SALT for actor pseudonymization;
+    // GAZETTA_AUDIT_SOURCEIP_SALT for source-IP hashing.
+    const actorPseudonym = auditConfig.actorPseudonym ?? 'none';
+    const recordSourceIp = auditConfig.recordSourceIp ?? 'none';
+    const recordUserAgent = auditConfig.recordUserAgent ?? 'none';
+    if (actorPseudonym === 'sha256' && !process.env.GAZETTA_AUDIT_ACTOR_SALT) {
+        throw new AuditConfigurationError('admin.audit.actorPseudonym: sha256 requires the GAZETTA_AUDIT_ACTOR_SALT environment variable');
+    }
+    if (recordSourceIp === 'hashed' && !process.env.GAZETTA_AUDIT_SOURCEIP_SALT) {
+        throw new AuditConfigurationError('admin.audit.recordSourceIp: hashed requires the GAZETTA_AUDIT_SOURCEIP_SALT environment variable');
+    }
+    // Build the configured providers. v1 ships only HistoryAuditProvider;
+    // v2 sinks (webhook, file, OTel, CloudWatch, etc.) extend the build
+    // step here when they ship.
+    const auditProviders = [];
+    if (auditConfig.provider === 'history') {
+        auditProviders.push(createHistoryAuditProvider({
+            storage: source.storage,
+            instance: resolveInstanceId(),
+        }));
+    }
+    app.use('/api/*', auditMiddleware({
+        providers: auditProviders,
+        strict: auditConfig.strict ?? false,
+        actorPseudonym,
+        actorSalt: process.env.GAZETTA_AUDIT_ACTOR_SALT,
+        recordSourceIp,
+        sourceIpSalt: process.env.GAZETTA_AUDIT_SOURCEIP_SALT,
+        trustedProxyCount: auditConfig.trustedProxyCount,
+        recordUserAgent,
+    }));
     app.route('/', siteRoutes(resolveSource));
-    app.route('/', pageRoutes(resolveSource));
-    app.route('/', fragmentRoutes(resolveSource));
-    app.route('/', templateRoutes(resolveSource, templatesDir, adminDir, opts.production));
+    // Archive + rename routes must register BEFORE pageRoutes /
+    // fragmentRoutes — those modules use `:name{.+}` greedy regex
+    // parameters that would capture `landing/archive` (or `/rename`)
+    // when these routes' literal-suffix paths would correctly capture
+    // `landing` + the suffix. First-match-wins in Hono's routing trie
+    // means specific suffixes register first.
+    app.route('/', archiveRoutes(resolveSource, { scanner: opts.validationScanner ?? null }));
+    app.route('/', renameRoutes(resolveSource));
+    app.route('/', pageRoutes(resolveSource, validators, templatesDir, {
+        hooks: opts.hooks,
+        scanner: opts.validationScanner ?? null,
+    }));
+    app.route('/', fragmentRoutes(resolveSource, validators, templatesDir, {
+        hooks: opts.hooks,
+        scanner: opts.validationScanner ?? null,
+    }));
+    app.route('/', templateRoutes(resolveSource, templatesDir, adminDir, opts.production, {
+        scanner: opts.validationScanner ?? null,
+    }));
     app.route('/', previewRoutes(resolveSource, templatesDir));
-    app.route('/', publishRoutes(resolveSource, opts.targets, opts.targetConfigs, templatesDir, scan));
+    app.route('/', publishRoutes(resolveSource, opts.targets, opts.targetConfigs, templatesDir, scan, {
+        hooks: opts.hooks,
+        validators,
+    }));
     app.route('/', compareRoutes(resolveSource, opts.targets, opts.targetConfigs, templatesDir, scan));
     app.route('/', fieldRoutes(resolveSource, adminDir));
     app.route('/', historyRoutes(resolveSource, opts.targets, opts.targetConfigs));
-    app.route('/', assetRoutes(resolveSource));
+    app.route('/', assetRoutes(resolveSource, { hooks: opts.hooks }));
+    app.route('/', systemRoutes(resolveSource));
+    app.route('/', auditRoutes({ providers: auditProviders }));
+    app.route('/', validationRoutes({ scanner: opts.validationScanner ?? null }));
+    app.route('/', healthRoutes());
+    // Periodic cache stats log — fires every 5 minutes against the
+    // bootstrap source's cache. Runs unobtrusively (timer.unref()
+    // means it never blocks process exit). Tests pass
+    // `disableCacheStatsLogger: true` to avoid background timers; the
+    // route at /api/system/cache/stats still exposes on-demand
+    // snapshots either way.
+    if (!opts.disableCacheStatsLogger) {
+        startCacheStatsLogger({ cache: source.cache });
+    }
+    // Audit retention pruner — when admin.audit.retention is configured
+    // (events cap and/or maxAgeMonths), evict old / overflow events at
+    // boot + every 6 hours per design-audit.md "Retention". No-op when
+    // retention isn't configured (operator opted out / never opted in).
+    // Same pattern as the cache stats logger: timer.unref() so it never
+    // blocks process exit; tests pass `disableAuditRetentionPruner:
+    // true` to keep background work out of the test runtime.
+    if (!opts.disableAuditRetentionPruner &&
+        auditConfig.provider === 'history' &&
+        auditConfig.retention &&
+        (auditConfig.retention.events !== undefined || auditConfig.retention.maxAgeMonths)) {
+        const retentionConfig = auditConfig.retention;
+        const runPrune = async () => {
+            try {
+                await pruneAuditEvents(source.storage, {
+                    events: retentionConfig.events,
+                    maxAgeMonths: retentionConfig.maxAgeMonths ?? null,
+                });
+            }
+            catch {
+                // Pruner failures fail-open per Universal Provider Requirement
+                // #5 — audit accumulates until next successful prune. Operator
+                // monitoring sees the failure via structured log (TODO when
+                // logging foundation lands; v1 swallows silently).
+            }
+        };
+        // Boot pass.
+        void runPrune();
+        // 6-hour interval (21_600_000 ms). unref() so the process can exit
+        // independently of this timer.
+        const PRUNE_INTERVAL_MS = 6 * 60 * 60 * 1000;
+        const timer = setInterval(runPrune, PRUNE_INTERVAL_MS);
+        timer.unref();
+    }
     // Exposed for the CLI's template file watcher: clears the memoized scan
     // so the next publish/compare picks up template edits. Not part of the
     // Hono Request interface — the CLI casts the return.
     const appWithInvalidate = app;
     appWithInvalidate.invalidateTemplatesCache = () => cachedScan.invalidate();
+    appWithInvalidate.invalidateContentCache = async () => {
+        await resolveSource.forEachBuilt(async (ctx) => {
+            await Promise.all([ctx.cache.invalidatePrefix('pages:'), ctx.cache.invalidatePrefix('fragments:')]);
+        });
+    };
     return appWithInvalidate;
 }
 /**

package/dist/admin-api/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/admin-api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAEpC,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAA;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAA;AAC9D,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AACnE,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,GAGvB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AA4BhD;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,IAAqB;IAClD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;IAEtB,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACjB,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE,CAAC,CAAA;IAEnC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IAE7D,yEAAyE;IACzE,uEAAuE;IACvE,yEAAyE;IACzE,2DAA2D;IAC3D,EAAE;IACF,wEAAwE;IACxE,oEAAoE;IACpE,yEAAyE;IACzE,gCAAgC;IAChC,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,IAAI,EAAE,CACzC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAC,CACjF,CAAA;IACD,MAAM,IAAI,GAAG,CAAC,IAAY,EAAE,IAAY,EAAE,EAAE,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;IAEnH,yEAAyE;IACzE,mEAAmE;IACnE,IAAI,MAAqB,CAAA;IACzB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;QACpB,mEAAmE;QACnE,oEAAoE;QACpE,kEAAkE;QAClE,6DAA6D;QAC7D,sDAAsD;QACtD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,CAAA;QAChF,CAAC;IACH,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;QAClF,CAAC;QACD,MAAM,GAAG,mBAAmB,CAAC;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,2BAA2B,CAAC,IAAI,CAAC;SAC3C,CAAC,CAAA;IACJ,CAAC;IAED,iEAAiE;IACjE,iEAAiE;IACjE,kEAAkE;IAClE,kEAAkE;IAClE,sBAAsB;IACtB,EAAE;IACF,qEAAqE;IACrE,mDAAmD;IACnD,IAAI,aAAoC,CAAA;IACxC,IAAI,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrE,oEAAoE;QACpE,iEAAiE;QACjE,oDAAoD;QACpD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAA;QAC7C,MAAM,QAAQ,GAAG,wBAAwB,CAAC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;QACxE,aAAa,GAAG,sBAAsB,CAAC;YACrC,QAAQ;YACR,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,+DAA+D;YAC/D,oEAAoE;YACpE,OAAO,EAAE,EAAE;YACX,QAAQ,EAAE,KAAK,EAAC,IAAI,EAAC,EAAE;gBACrB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAc,CAAC,IAAI,CAAC,CAAA;gBACxC,IAAI,CAAC,MAAM;oBAAE,OAAM;gBACnB,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAA;gBAC/D,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,cAAc,EAAE,IAAI,CAAC,CAAA;gBACxF,MAAM,SAAS,GAAG,OAA2D,CAAA;gBAC7E,IAAI,OAAO,SAAS,CAAC,IAAI,KAAK,UAAU;oBAAE,MAAM,SAAS,CAAC,IAAI,EAAE,CAAA;gBAChE,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YAC9B,CAAC;YACD,6DAA6D;YAC7D,kEAAkE;YAClE,mEAAmE;YACnE,YAAY,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE;gBAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,aAAc,CAAC,IAAI,CAAC,CAAA;gBACxC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;oBAAE,OAAO,SAAS,CAAA;gBAC1D,OAAO,qBAAqB,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,mBAAmB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;YACnF,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAA;IAC9C,CAAC;IAED,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC,CAAA;IACzC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC,CAAA;IACzC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,cAAc,CAAC,aAAa,CAAC,CAAC,CAAA;IAC7C,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,cAAc,CAAC,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAA;IACtF,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC,CAAA;IAC1D,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC,CAAA;IAClG,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC,CAAA;IAClG,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAA;IACpD,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAA;IAC9E,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,aAAa,CAAC,CAAC,CAAA;IAE1C,wEAAwE;IACxE,uEAAuE;IACvE,qDAAqD;IACrD,MAAM,iBAAiB,GAAG,GAAe,CAAA;IACzC,iBAAiB,CAAC,wBAAwB,GAAG,GAAG,EAAE,CAAC,UAAU,CAAC,UAAU,EAAE,CAAA;IAC1E,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,qBAAqB,CAAC,IAAqB,EAAE,MAAqB;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAA;IAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAC5D,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAAE,OAAO,SAAS,CAAA;IAC1D,OAAO,qBAAqB,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS,EAAE,mBAAmB,CAAC,MAAM,CAAC;KACvC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,2BAA2B,CAAC,IAAqB;IACxD,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAA;IAClC,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAA;IAC9B,uEAAuE;IACvE,iEAAiE;IACjE,sDAAsD;IACtD,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAA;IAClF,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAA;IACpC,OAAO,qBAAqB,CAAC;QAC3B,OAAO,EAAE,IAAI,CAAC,OAAQ;QACtB,SAAS,EAAE,mBAAmB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;KACjD,CAAC,CAAA;AACJ,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/admin-api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAClC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAEpC,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAA;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAA;AAC9D,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AACnE,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,sBAAsB,GAGvB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAA;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAC9F,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,EAC1B,oBAAoB,EACpB,gBAAgB,GAGjB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,wBAAwB,EAAE,MAAM,mCAAmC,CAAA;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAA;AAC5E,OAAO,EAAE,YAAY,EAAyB,MAAM,mBAAmB,CAAA;AAgBvE;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAAkC,EAAE;IAC3E,MAAM,QAAQ,GAAG,IAAI,YAAY,EAAE,CAAA;IACnC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC9C,KAAK,MAAM,KAAK,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;gBACvC,wDAAwD;gBACxD,oDAAoD;gBACpD,MAAM,OAAO,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAA;gBAC3D,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,MAAM,CAAC,CAAA;YAC7E,CAAC;QACH,CAAC;IACH,CAAC;IACD,QAAQ,CAAC,IAAI,EAAE,CAAA;IACf,OAAO,QAAQ,CAAA;AACjB,CAAC;AACD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAA;AA+E/D;;;;;;;;;;;;;;GAcG;AACH,SAAS,iBAAiB;IACxB,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAA;IACzD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAA;QACvB,IAAI,IAAI;YAAE,OAAO,IAAI,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;IACzE,CAAC;IACD,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AACvC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,IAAqB;IAClD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;IAEtB,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACjB,4DAA4D;IAC5D,2DAA2D;IAC3D,4CAA4C;IAC5C,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE,CAAC,CAAA;IAEnC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IAE7D,yEAAyE;IACzE,uEAAuE;IACvE,yEAAyE;IACzE,2DAA2D;IAC3D,EAAE;IACF,wEAAwE;IACxE,oEAAoE;IACpE,yEAAyE;IACzE,gCAAgC;IAChC,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,IAAI,EAAE,CACzC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAC,CACjF,CAAA;IACD,MAAM,IAAI,GAAG,CAAC,IAAY,EAAE,IAAY,EAAE,EAAE,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;IAEnH,yEAAyE;IACzE,mEAAmE;IACnE,IAAI,MAAqB,CAAA;IACzB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;QACpB,mEAAmE;QACnE,oEAAoE;QACpE,kEAAkE;QAClE,kEAAkE;QAClE,sDAAsD;QACtD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,CAAA;QAChF,CAAC;IACH,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;QAClF,CAAC;QACD,MAAM,GAAG,mBAAmB,CAAC;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,2BAA2B,CAAC,IAAI,CAAC;SAC3C,CAAC,CAAA;IACJ,CAAC;IAED,uDAAuD;IACvD,8DAA8D;IAC9D,8DAA8D;IAC9D,4DAA4D;IAC5D,8DAA8D;IAC9D,4DAA4D;IAC5D,IAAI,MAAM,CAAC,QAAQ;QAAE,oBAAoB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAE1D,iEAAiE;IACjE,iEAAiE;IACjE,kEAAkE;IAClE,kEAAkE;IAClE,sBAAsB;IACtB,EAAE;IACF,qEAAqE;IACrE,mDAAmD;IACnD,IAAI,aAAoC,CAAA;IACxC,IAAI,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrE,oEAAoE;QACpE,iEAAiE;QACjE,oDAAoD;QACpD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAA;QAC7C,MAAM,QAAQ,GAAG,wBAAwB,CAAC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;QACxE,aAAa,GAAG,sBAAsB,CAAC;YACrC,QAAQ;YACR,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,+DAA+D;YAC/D,oEAAoE;YACpE,OAAO,EAAE,EAAE;YACX,QAAQ,EAAE,KAAK,EAAC,IAAI,EAAC,EAAE;gBACrB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAc,CAAC,IAAI,CAAC,CAAA;gBACxC,IAAI,CAAC,MAAM;oBAAE,OAAM;gBACnB,sEAAsE;gBACtE,mEAAmE;gBACnE,6DAA6D;gBAC7D,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAA;gBAC9B,MAAM,SAAS,GAAG,OAA2D,CAAA;gBAC7E,IAAI,OAAO,SAAS,CAAC,IAAI,KAAK,UAAU;oBAAE,MAAM,SAAS,CAAC,IAAI,EAAE,CAAA;gBAChE,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YAC9B,CAAC;YACD,kEAAkE;YAClE,kEAAkE;YAClE,mEAAmE;YACnE,YAAY,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE;gBAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,aAAc,CAAC,IAAI,CAAC,CAAA;gBACxC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;oBAAE,OAAO,SAAS,CAAA;gBAC1D,OAAO,qBAAqB,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,mBAAmB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;YACnF,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAA;IAC9C,CAAC;IAED,uEAAuE;IACvE,sEAAsE;IACtE,gCAAgC;IAChC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,wBAAwB,EAAE,CAAA;IAEhE,gEAAgE;IAChE,gEAAgE;IAChE,2DAA2D;IAC3D,mEAAmE;IACnE,sEAAsE;IACtE,EAAE;IACF,gEAAgE;IAChE,mEAAmE;IACnE,iEAAiE;IACjE,kEAAkE;IAClE,aAAa;IACb,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAe,CAAA;IAC5D,IAAI,YAAY,CAAA;IAChB,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;QACvD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,sBAAsB,CAC9B,+CAA+C,MAAM,CAAC,KAAK,CAAC,MAAM;iBAC/D,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;iBAC7C,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAA;QACH,CAAC;QACD,YAAY,GAAG,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC/C,CAAC;SAAM,CAAC;QACN,yDAAyD;QACzD,YAAY,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAA;IAC7C,CAAC;IACD,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,mBAAmB,CAAC,YAAY,CAAC,CAAC,CAAA;IAEpD,6DAA6D;IAC7D,oEAAoE;IACpE,sEAAsE;IACtE,8DAA8D;IAC9D,mDAAmD;IACnD,2CAA2C;IAC3C,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAgB,CAAA;IAC9D,IAAI,WAAwB,CAAA;IAC5B,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAA;QACzD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,uBAAuB,CAC/B,gDAAgD,MAAM,CAAC,KAAK,CAAC,MAAM;iBAChE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;iBAC7C,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAA;QACH,CAAC;QACD,WAAW,GAAG,MAAM,CAAC,IAAI,CAAA;IAC3B,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,oBAAoB,CAAA;IACpC,CAAC;IACD,iEAAiE;IACjE,uDAAuD;IACvD,qDAAqD;IACrD,MAAM,cAAc,GAAG,WAAW,CAAC,cAAc,IAAI,MAAM,CAAA;IAC3D,MAAM,cAAc,GAAG,WAAW,CAAC,cAAc,IAAI,MAAM,CAAA;IAC3D,MAAM,eAAe,GAAG,WAAW,CAAC,eAAe,IAAI,MAAM,CAAA;IAC7D,IAAI,cAAc,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC;QACzE,MAAM,IAAI,uBAAuB,CAC/B,+FAA+F,CAChG,CAAA;IACH,CAAC;IACD,IAAI,cAAc,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE,CAAC;QAC5E,MAAM,IAAI,uBAAuB,CAC/B,kGAAkG,CACnG,CAAA;IACH,CAAC;IACD,sEAAsE;IACtE,oEAAoE;IACpE,4BAA4B;IAC5B,MAAM,cAAc,GAAoB,EAAE,CAAA;IAC1C,IAAI,WAAW,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACvC,cAAc,CAAC,IAAI,CACjB,0BAA0B,CAAC;YACzB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,QAAQ,EAAE,iBAAiB,EAAE;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IACD,GAAG,CAAC,GAAG,CACL,QAAQ,EACR,eAAe,CAAC;QACd,SAAS,EAAE,cAAc;QACzB,MAAM,EAAE,WAAW,CAAC,MAAM,IAAI,KAAK;QACnC,cAAc;QACd,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QAC/C,cAAc;QACd,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B;QACrD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB;QAChD,eAAe;KAChB,CAAC,CACH,CAAA;IAED,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC,CAAA;IACzC,4DAA4D;IAC5D,8DAA8D;IAC9D,iEAAiE;IACjE,kEAAkE;IAClE,kEAAkE;IAClE,0CAA0C;IAC1C,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,aAAa,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,iBAAiB,IAAI,IAAI,EAAE,CAAC,CAAC,CAAA;IACzF,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,aAAa,CAAC,CAAC,CAAA;IAC3C,GAAG,CAAC,KAAK,CACP,GAAG,EACH,UAAU,CAAC,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE;QAClD,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,OAAO,EAAE,IAAI,CAAC,iBAAiB,IAAI,IAAI;KACxC,CAAC,CACH,CAAA;IACD,GAAG,CAAC,KAAK,CACP,GAAG,EACH,cAAc,CAAC,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE;QACtD,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,OAAO,EAAE,IAAI,CAAC,iBAAiB,IAAI,IAAI;KACxC,CAAC,CACH,CAAA;IACD,GAAG,CAAC,KAAK,CACP,GAAG,EACH,cAAc,CAAC,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE;QACrE,OAAO,EAAE,IAAI,CAAC,iBAAiB,IAAI,IAAI;KACxC,CAAC,CACH,CAAA;IACD,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC,CAAA;IAC1D,GAAG,CAAC,KAAK,CACP,GAAG,EACH,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,EAAE,IAAI,EAAE;QACjF,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,UAAU;KACX,CAAC,CACH,CAAA;IACD,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC,CAAA;IAClG,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAA;IACpD,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAA;IAC9E,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,aAAa,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;IACjE,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,aAAa,CAAC,CAAC,CAAA;IAC3C,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC,CAAC,CAAA;IAC1D,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,iBAAiB,IAAI,IAAI,EAAE,CAAC,CAAC,CAAA;IAC7E,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,EAAE,CAAC,CAAA;IAE9B,+DAA+D;IAC/D,8DAA8D;IAC9D,kDAAkD;IAClD,kEAAkE;IAClE,2DAA2D;IAC3D,wBAAwB;IACxB,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAClC,qBAAqB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAA;IAChD,CAAC;IAED,oEAAoE;IACpE,mEAAmE;IACnE,mEAAmE;IACnE,oEAAoE;IACpE,oEAAoE;IACpE,gEAAgE;IAChE,yDAAyD;IACzD,IACE,CAAC,IAAI,CAAC,2BAA2B;QACjC,WAAW,CAAC,QAAQ,KAAK,SAAS;QAClC,WAAW,CAAC,SAAS;QACrB,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,KAAK,SAAS,IAAI,WAAW,CAAC,SAAS,CAAC,YAAY,CAAC,EAClF,CAAC;QACD,MAAM,eAAe,GAAG,WAAW,CAAC,SAAS,CAAA;QAC7C,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;YAC1B,IAAI,CAAC;gBACH,MAAM,gBAAgB,CAAC,MAAM,CAAC,OAAO,EAAE;oBACrC,MAAM,EAAE,eAAe,CAAC,MAAM;oBAC9B,YAAY,EAAE,eAAe,CAAC,YAAY,IAAI,IAAI;iBACnD,CAAC,CAAA;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,+DAA+D;gBAC/D,+DAA+D;gBAC/D,4DAA4D;gBAC5D,mDAAmD;YACrD,CAAC;QACH,CAAC,CAAA;QACD,aAAa;QACb,KAAK,QAAQ,EAAE,CAAA;QACf,mEAAmE;QACnE,+BAA+B;QAC/B,MAAM,iBAAiB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QAC5C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAA;QACtD,KAAK,CAAC,KAAK,EAAE,CAAA;IACf,CAAC;IAED,wEAAwE;IACxE,uEAAuE;IACvE,qDAAqD;IACrD,MAAM,iBAAiB,GAAG,GAAe,CAAA;IACzC,iBAAiB,CAAC,wBAAwB,GAAG,GAAG,EAAE,CAAC,UAAU,CAAC,UAAU,EAAE,CAAA;IAC1E,iBAAiB,CAAC,sBAAsB,GAAG,KAAK,IAAI,EAAE;QACpD,MAAM,aAAa,CAAC,YAAY,CAAC,KAAK,EAAC,GAAG,EAAC,EAAE;YAC3C,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QACrG,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;IACD,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,qBAAqB,CAAC,IAAqB,EAAE,MAAqB;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAA;IAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAC5D,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAAE,OAAO,SAAS,CAAA;IAC1D,OAAO,qBAAqB,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS,EAAE,mBAAmB,CAAC,MAAM,CAAC;KACvC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,2BAA2B,CAAC,IAAqB;IACxD,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAA;IAClC,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAA;IAC9B,uEAAuE;IACvE,iEAAiE;IACjE,sDAAsD;IACtD,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAA;IAClF,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAA;IACpC,OAAO,qBAAqB,CAAC;QAC3B,OAAO,EAAE,IAAI,CAAC,OAAQ;QACtB,SAAS,EAAE,mBAAmB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;KACjD,CAAC,CAAA;AACJ,CAAC"}

package/dist/admin-api/middleware/audit.d.ts

@@ -0,0 +1,25 @@
+import { type ActorPseudonymMode, type AuditContext, type AuditFailureLogger, type AuditProvider, type SourceIpMode, type UserAgentMode } from '../../audit/index.js';
+import type { PrincipalEnv } from './principal.js';
+/**
+ * Hono context augmentation — readers see `c.var.audit` typed as
+ * `AuditContext` (always populated; never undefined after this
+ * middleware runs).
+ */
+export type AuditEnv = PrincipalEnv & {
+    Variables: PrincipalEnv['Variables'] & {
+        audit: AuditContext;
+    };
+};
+export interface AuditMiddlewareOptions {
+    providers: ReadonlyArray<AuditProvider>;
+    strict: boolean;
+    actorPseudonym: ActorPseudonymMode;
+    actorSalt?: string;
+    recordSourceIp: SourceIpMode;
+    sourceIpSalt?: string;
+    trustedProxyCount?: number;
+    recordUserAgent: UserAgentMode;
+    logFailure?: AuditFailureLogger;
+}
+export declare function auditMiddleware(opts: AuditMiddlewareOptions): import("hono").MiddlewareHandler<AuditEnv, string, {}, Response>;
+//# sourceMappingURL=audit.d.ts.map

package/dist/admin-api/middleware/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../../src/admin-api/middleware/audit.ts"],"names":[],"mappings":"AA6BA,OAAO,EACL,KAAK,kBAAkB,EACvB,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACvB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,aAAa,EAEnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAElD;;;;GAIG;AACH,MAAM,MAAM,QAAQ,GAAG,YAAY,GAAG;IACpC,SAAS,EAAE,YAAY,CAAC,WAAW,CAAC,GAAG;QACrC,KAAK,EAAE,YAAY,CAAA;KACpB,CAAA;CACF,CAAA;AAED,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,aAAa,CAAC,aAAa,CAAC,CAAA;IACvC,MAAM,EAAE,OAAO,CAAA;IACf,cAAc,EAAE,kBAAkB,CAAA;IAClC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,cAAc,EAAE,YAAY,CAAA;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,eAAe,EAAE,aAAa,CAAA;IAC9B,UAAU,CAAC,EAAE,kBAAkB,CAAA;CAChC;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,sBAAsB,oEA4B3D"}

package/dist/admin-api/middleware/audit.js

@@ -0,0 +1,65 @@
+/**
+ * Audit middleware — wires the audit subsystem into the per-request
+ * Hono context.
+ *
+ * # What this middleware does
+ *
+ * 1. Reads `c.var.principal` (set by Cut 7's principalMiddleware).
+ * 2. Builds an `AuditContext` for this request (with the principal,
+ *    request headers, and peer IP bound).
+ * 3. Stores the context on `c.var.audit` so route handlers can call
+ *    `c.var.audit.record({...})`.
+ *
+ * # Wiring order
+ *
+ * Must run AFTER principalMiddleware (Cut 7) so `c.var.principal`
+ * is populated. Must run BEFORE capability middleware (Cut 8) so
+ * the capability-failure path can record `outcome: 'forbidden'`
+ * audit events — that path needs `c.var.audit` available too.
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: middleware-shaped wiring; doesn't construct providers
+ *     (Cut 2 + Cut 5's boot path do that), doesn't dispatch (the
+ *     recorder does that), doesn't process privacy fields (the
+ *     context does that).
+ *   - DIP: takes pre-built providers + privacy modes; doesn't read
+ *     site.config.ts directly.
+ */
+import { createMiddleware } from 'hono/factory';
+import { createAuditContext, } from '../../audit/index.js';
+export function auditMiddleware(opts) {
+    return createMiddleware(async (c, next) => {
+        const principal = c.get('principal');
+        const headers = new Map();
+        c.req.raw.headers.forEach((value, key) => {
+            headers.set(key.toLowerCase(), value);
+        });
+        const peerIp = headers.get('cf-connecting-ip') ??
+            headers.get('x-real-ip') ??
+            extractFirstXffEntry(headers.get('x-forwarded-for'));
+        const ctx = createAuditContext({
+            providers: opts.providers,
+            strict: opts.strict,
+            actorPseudonym: opts.actorPseudonym,
+            actorSalt: opts.actorSalt,
+            recordSourceIp: opts.recordSourceIp,
+            sourceIpSalt: opts.sourceIpSalt,
+            trustedProxyCount: opts.trustedProxyCount,
+            recordUserAgent: opts.recordUserAgent,
+            principal,
+            headers,
+            peerIp: peerIp ?? undefined,
+            logFailure: opts.logFailure,
+        });
+        c.set('audit', ctx);
+        await next();
+    });
+}
+function extractFirstXffEntry(xff) {
+    if (!xff)
+        return null;
+    const first = xff.split(',')[0]?.trim();
+    return first || null;
+}
+//# sourceMappingURL=audit.js.map

package/dist/admin-api/middleware/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../src/admin-api/middleware/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAC/C,OAAO,EAOL,kBAAkB,GACnB,MAAM,sBAAsB,CAAA;AA0B7B,MAAM,UAAU,eAAe,CAAC,IAA4B;IAC1D,OAAO,gBAAgB,CAAW,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAClD,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACpC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAA;QACzC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACvC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,KAAK,CAAC,CAAA;QACvC,CAAC,CAAC,CAAA;QACF,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;YACxB,oBAAoB,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAA;QACtD,MAAM,GAAG,GAAG,kBAAkB,CAAC;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;YACzC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,SAAS;YACT,OAAO;YACP,MAAM,EAAE,MAAM,IAAI,SAAS;YAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAA;QACF,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QACnB,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,GAA8B;IAC1D,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAA;IACvC,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC"}

package/dist/admin-api/middleware/capability.d.ts

@@ -0,0 +1,8 @@
+import type { PrincipalEnv } from './principal.js';
+/**
+ * Build a middleware that requires the specified capability.
+ * Returns 401 for anonymous requests, 403 for authenticated
+ * requests lacking the capability.
+ */
+export declare function requireCapability(capability: string): import("hono").MiddlewareHandler<PrincipalEnv, string, {}, Response>;
+//# sourceMappingURL=capability.d.ts.map

package/dist/admin-api/middleware/capability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability.d.ts","sourceRoot":"","sources":["../../../src/admin-api/middleware/capability.ts"],"names":[],"mappings":"AAuCA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAElD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,wEA0BnD"}