gdc-common-utils-ts 1.24.0 → 1.24.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -39,6 +39,11 @@ export interface AuditInfo {
|
|
|
39
39
|
updated?: string;
|
|
40
40
|
/** True if removed/deactivated (deactivation time is typically `updated`). */
|
|
41
41
|
deactivated?: boolean;
|
|
42
|
+
/**
|
|
43
|
+
* Optional lightweight lifecycle disposition copied outside encrypted
|
|
44
|
+
* content, for example `purged`.
|
|
45
|
+
*/
|
|
46
|
+
disposition?: string;
|
|
42
47
|
/** Name of the channel/network where the data is audited/anchored. */
|
|
43
48
|
channel?: string;
|
|
44
49
|
/** Base58/Base64Url transaction identifier, depending on the attestation layer. */
|
|
@@ -46,6 +51,34 @@ export interface AuditInfo {
|
|
|
46
51
|
/** Transaction timestamp (ISO 8601). */
|
|
47
52
|
txTime?: string;
|
|
48
53
|
}
|
|
54
|
+
/**
|
|
55
|
+
* Public runtime projection kept outside encrypted `content`.
|
|
56
|
+
*
|
|
57
|
+
* These values are not the canonical business payload. They are copied or
|
|
58
|
+
* generated from the protected content so runtime flows can answer lightweight
|
|
59
|
+
* queries without hydrating the confidential JWE blob.
|
|
60
|
+
*
|
|
61
|
+
* Rules:
|
|
62
|
+
* - Keep this object strictly minimal.
|
|
63
|
+
* - Only place data here when it is intentionally public or deployment-safe.
|
|
64
|
+
* - Never treat these fields as the source of truth if the encrypted content
|
|
65
|
+
* carries the canonical value.
|
|
66
|
+
*/
|
|
67
|
+
export interface PublicInfo {
|
|
68
|
+
/**
|
|
69
|
+
* Optional lightweight role or technical marker copied outside encrypted
|
|
70
|
+
* content for routing, gating, or lifecycle inspection.
|
|
71
|
+
*
|
|
72
|
+
* This is a convenience projection for lookup. The canonical role still
|
|
73
|
+
* belongs to the protected business payload and/or indexed attributes.
|
|
74
|
+
*
|
|
75
|
+
* Example:
|
|
76
|
+
* - hosting may copy a synthetic bootstrap-controller marker here so tenant
|
|
77
|
+
* lifecycle scans can ignore that technical employee without hydrating the
|
|
78
|
+
* confidential JWE payload.
|
|
79
|
+
*/
|
|
80
|
+
role?: string;
|
|
81
|
+
}
|
|
49
82
|
/**
|
|
50
83
|
* Defines the structure of an attribute to be indexed for blind, searchable queries.
|
|
51
84
|
* @see https://identity.foundation/confidential-storage/#indexed-attributes
|
|
@@ -157,6 +190,19 @@ export interface ConfidentialStorageDoc {
|
|
|
157
190
|
tag?: MetaTagCoding[];
|
|
158
191
|
/** Policy-dependent research/analytics metadata, kept outside encrypted `content`. */
|
|
159
192
|
research?: ResearchInfo;
|
|
193
|
+
/**
|
|
194
|
+
* Optional public runtime projection copied or generated for lightweight
|
|
195
|
+
* reads outside encrypted `content`.
|
|
196
|
+
*
|
|
197
|
+
* This object is intended for lookup, routing, and operational gating.
|
|
198
|
+
* It must not become a second canonical payload.
|
|
199
|
+
*
|
|
200
|
+
* Typical usage:
|
|
201
|
+
* - copy a small public or deployment-safe value out of protected content
|
|
202
|
+
* - or generate a technical marker needed for lightweight runtime scans
|
|
203
|
+
* - never treat this object as the source of truth for business semantics
|
|
204
|
+
*/
|
|
205
|
+
public?: PublicInfo;
|
|
160
206
|
}
|
|
161
207
|
/**
|
|
162
208
|
* Represents a document whose sensitive content has been decrypted and is held
|