From 8bba5a7b98460dc01939540b1d1f3d1b55cdf6c7 Mon Sep 17 00:00:00 2001 From: Jake Shilling Date: Thu, 2 Apr 2026 16:43:34 -0400 Subject: [PATCH 1/5] chore: pin audited pnpm transitive deps --- package.json | 13 +- pnpm-lock.yaml | 784 ++++++++++++++++--------------------------------- 2 files changed, 256 insertions(+), 541 deletions(-) diff --git a/package.json b/package.json index 94036e0..a8c746a 100644 --- a/package.json +++ b/package.json @@ -35,15 +35,22 @@ "@cspell/dict-software-terms": "^5.2.2", "@cspell/dict-sql": "^2.2.1", "@cspell/dict-typescript": "^3.2.3", - "@redocly/cli": "^1.34.5", + "@redocly/cli": "^2.25.4", "@stoplight/spectral-cli": "^6.15.0", "ajv": "^8.18.0", - "ajv-cli": "^5.0.0", "ajv-formats": "^3.0.1", "cspell": "^9.7.0", "glob": "^13.0.6", "markdownlint-cli2": "^0.22.0", - "prettier": "^3.6.2", + "prettier": "^3.8.1", "typescript": "^6.0.2" + }, + "pnpm": { + "overrides": { + "markdownlint-cli2>smol-toml": "1.6.1", + "@stoplight/spectral-ruleset-bundler>rollup": "2.80.0", + "@stoplight/spectral-core>minimatch": "3.1.5", + "lodash": "4.18.0" + } } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 56e2583..88b3b1f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -4,6 +4,12 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false +overrides: + markdownlint-cli2>smol-toml: 1.6.1 + '@stoplight/spectral-ruleset-bundler>rollup': 2.80.0 + '@stoplight/spectral-core>minimatch': 3.1.5 + lodash: 4.18.0 + importers: .: @@ -78,17 +84,14 @@ importers: specifier: ^3.2.3 version: 3.2.3 '@redocly/cli': - specifier: ^1.34.5 - version: 1.34.11(ajv@8.18.0) + specifier: ^2.25.4 + version: 2.25.4(@opentelemetry/api@1.9.0)(core-js@3.32.1) '@stoplight/spectral-cli': specifier: ^6.15.0 version: 6.15.0 ajv: specifier: ^8.18.0 version: 8.18.0 - ajv-cli: - specifier: ^5.0.0 - version: 5.0.0 ajv-formats: specifier: ^3.0.1 version: 3.0.1(ajv@8.18.0) @@ -102,7 +105,7 @@ importers: specifier: ^0.22.0 version: 0.22.0 prettier: - specifier: ^3.6.2 + specifier: ^3.8.1 version: 3.8.1 typescript: specifier: ^6.0.2 @@ -410,10 +413,6 @@ packages: resolution: {integrity: sha512-RE815I4arJFtt+FVeU1Tgp9/Xvecacji8w/V6XtXsWWH/wz/eNkNbhb+ny/+PlVZjV0rxQpRSQKNKE3lcktHEA==} engines: {node: '>=10.10.0'} - '@jest/schemas@29.6.3': - resolution: {integrity: sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==} - engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} - '@jsdevtools/ono@7.1.3': resolution: {integrity: sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==} @@ -435,6 +434,10 @@ packages: peerDependencies: jsep: ^0.4.0||^1.0.0 + '@noble/hashes@1.8.0': + resolution: {integrity: sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==} + engines: {node: ^14.21.3 || >=16} + '@nodelib/fs.scandir@2.1.5': resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==} engines: {node: '>= 8'} @@ -447,88 +450,76 @@ packages: resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==} engines: {node: '>= 8'} - '@opentelemetry/api-logs@0.53.0': - resolution: {integrity: sha512-8HArjKx+RaAI8uEIgcORbZIPklyh1YLjPSBus8hjRmvLi6DeFzgOcdZ7KwPabKj8mXF8dX0hyfAyGfycz0DbFw==} - engines: {node: '>=14'} + '@opentelemetry/api-logs@0.202.0': + resolution: {integrity: sha512-fTBjMqKCfotFWfLzaKyhjLvyEyq5vDKTTFfBmx21btv3gvy8Lq6N5Dh2OzqeuN4DjtpSvNT1uNVfg08eD2Rfxw==} + engines: {node: '>=8.0.0'} '@opentelemetry/api@1.9.0': resolution: {integrity: sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==} engines: {node: '>=8.0.0'} - '@opentelemetry/context-async-hooks@1.26.0': - resolution: {integrity: sha512-HedpXXYzzbaoutw6DFLWLDket2FwLkLpil4hGCZ1xYEIMTcivdfwEOISgdbLEWyG3HW52gTq2V9mOVJrONgiwg==} - engines: {node: '>=14'} + '@opentelemetry/context-async-hooks@2.0.1': + resolution: {integrity: sha512-XuY23lSI3d4PEqKA+7SLtAgwqIfc6E/E9eAQWLN1vlpC53ybO3o6jW4BsXo1xvz9lYyyWItfQDDLzezER01mCw==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.0.0 <1.10.0' - '@opentelemetry/core@1.26.0': - resolution: {integrity: sha512-1iKxXXE8415Cdv0yjG3G6hQnB5eVEsJce3QaawX8SjDn0mAS0ZM8fAbZZJD4ajvhC15cePvosSCut404KrIIvQ==} - engines: {node: '>=14'} + '@opentelemetry/core@2.0.1': + resolution: {integrity: sha512-MaZk9SJIDgo1peKevlbhP6+IwIiNPNmswNL4AF0WaQJLbHXjr9SrZMgS12+iqr9ToV4ZVosCcc0f8Rg67LXjxw==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.0.0 <1.10.0' - '@opentelemetry/exporter-trace-otlp-http@0.53.0': - resolution: {integrity: sha512-m7F5ZTq+V9mKGWYpX8EnZ7NjoqAU7VemQ1E2HAG+W/u0wpY1x0OmbxAXfGKFHCspdJk8UKlwPGrpcB8nay3P8A==} - engines: {node: '>=14'} - peerDependencies: - '@opentelemetry/api': ^1.0.0 - - '@opentelemetry/otlp-exporter-base@0.53.0': - resolution: {integrity: sha512-UCWPreGQEhD6FjBaeDuXhiMf6kkBODF0ZQzrk/tuQcaVDJ+dDQ/xhJp192H9yWnKxVpEjFrSSLnpqmX4VwX+eA==} - engines: {node: '>=14'} - peerDependencies: - '@opentelemetry/api': ^1.0.0 - - '@opentelemetry/otlp-transformer@0.53.0': - resolution: {integrity: sha512-rM0sDA9HD8dluwuBxLetUmoqGJKSAbWenwD65KY9iZhUxdBHRLrIdrABfNDP7aiTjcgK8XFyTn5fhDz7N+W6DA==} - engines: {node: '>=14'} + '@opentelemetry/exporter-trace-otlp-http@0.202.0': + resolution: {integrity: sha512-/hKE8DaFCJuaQqE1IxpgkcjOolUIwgi3TgHElPVKGdGRBSmJMTmN/cr6vWa55pCJIXPyhKvcMrbrya7DZ3VmzA==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/propagator-b3@1.26.0': - resolution: {integrity: sha512-vvVkQLQ/lGGyEy9GT8uFnI047pajSOVnZI2poJqVGD3nJ+B9sFGdlHNnQKophE3lHfnIH0pw2ubrCTjZCgIj+Q==} - engines: {node: '>=14'} + '@opentelemetry/otlp-exporter-base@0.202.0': + resolution: {integrity: sha512-nMEOzel+pUFYuBJg2znGmHJWbmvMbdX5/RhoKNKowguMbURhz0fwik5tUKplLcUtl8wKPL1y9zPnPxeBn65N0Q==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: - '@opentelemetry/api': '>=1.0.0 <1.10.0' + '@opentelemetry/api': ^1.3.0 - '@opentelemetry/propagator-jaeger@1.26.0': - resolution: {integrity: sha512-DelFGkCdaxA1C/QA0Xilszfr0t4YbGd3DjxiCDPh34lfnFr+VkkrjV9S8ZTJvAzfdKERXhfOxIKBoGPJwoSz7Q==} - engines: {node: '>=14'} + '@opentelemetry/otlp-transformer@0.202.0': + resolution: {integrity: sha512-5XO77QFzs9WkexvJQL9ksxL8oVFb/dfi9NWQSq7Sv0Efr9x3N+nb1iklP1TeVgxqJ7m1xWiC/Uv3wupiQGevMw==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: - '@opentelemetry/api': '>=1.0.0 <1.10.0' + '@opentelemetry/api': ^1.3.0 - '@opentelemetry/resources@1.26.0': - resolution: {integrity: sha512-CPNYchBE7MBecCSVy0HKpUISEeJOniWqcHaAHpmasZ3j9o6V3AyBzhRc90jdmemq0HOxDr6ylhUbDhBqqPpeNw==} - engines: {node: '>=14'} + '@opentelemetry/resources@2.0.1': + resolution: {integrity: sha512-dZOB3R6zvBwDKnHDTB4X1xtMArB/d324VsbiPkX/Yu0Q8T2xceRthoIVFhJdvgVM2QhGVUyX9tzwiNxGtoBJUw==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: - '@opentelemetry/api': '>=1.0.0 <1.10.0' + '@opentelemetry/api': '>=1.3.0 <1.10.0' - '@opentelemetry/sdk-logs@0.53.0': - resolution: {integrity: sha512-dhSisnEgIj/vJZXZV6f6KcTnyLDx/VuQ6l3ejuZpMpPlh9S1qMHiZU9NMmOkVkwwHkMy3G6mEBwdP23vUZVr4g==} - engines: {node: '>=14'} + '@opentelemetry/sdk-logs@0.202.0': + resolution: {integrity: sha512-pv8QiQLQzk4X909YKm0lnW4hpuQg4zHwJ4XBd5bZiXcd9urvrJNoNVKnxGHPiDVX/GiLFvr5DMYsDBQbZCypRQ==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.4.0 <1.10.0' - '@opentelemetry/sdk-metrics@1.26.0': - resolution: {integrity: sha512-0SvDXmou/JjzSDOjUmetAAvcKQW6ZrvosU0rkbDGpXvvZN+pQF6JbK/Kd4hNdK4q/22yeruqvukXEJyySTzyTQ==} - engines: {node: '>=14'} + '@opentelemetry/sdk-metrics@2.0.1': + resolution: {integrity: sha512-wf8OaJoSnujMAHWR3g+/hGvNcsC16rf9s1So4JlMiFaFHiE4HpIA3oUh+uWZQ7CNuK8gVW/pQSkgoa5HkkOl0g==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: - '@opentelemetry/api': '>=1.3.0 <1.10.0' + '@opentelemetry/api': '>=1.9.0 <1.10.0' - '@opentelemetry/sdk-trace-base@1.26.0': - resolution: {integrity: sha512-olWQldtvbK4v22ymrKLbIcBi9L2SpMO84sCPY54IVsJhP9fRsxJT194C/AVaAuJzLE30EdhhM1VmvVYR7az+cw==} - engines: {node: '>=14'} + '@opentelemetry/sdk-trace-base@2.0.1': + resolution: {integrity: sha512-xYLlvk/xdScGx1aEqvxLwf6sXQLXCjk3/1SQT9X9AoN5rXRhkdvIFShuNNmtTEPRBqcsMbS4p/gJLNI2wXaDuQ==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: - '@opentelemetry/api': '>=1.0.0 <1.10.0' + '@opentelemetry/api': '>=1.3.0 <1.10.0' - '@opentelemetry/sdk-trace-node@1.26.0': - resolution: {integrity: sha512-Fj5IVKrj0yeUwlewCRwzOVcr5avTuNnMHWf7GPc1t6WaT78J6CJyF3saZ/0RkZfdeNO8IcBl/bNcWMVZBMRW8Q==} - engines: {node: '>=14'} + '@opentelemetry/sdk-trace-node@2.0.1': + resolution: {integrity: sha512-UhdbPF19pMpBtCWYP5lHbTogLWx9N0EBxtdagvkn5YtsAnCBZzL7SjktG+ZmupRgifsHMjwUaCCaVmqGfSADmA==} + engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.0.0 <1.10.0' - '@opentelemetry/semantic-conventions@1.27.0': - resolution: {integrity: sha512-sAay1RrB+ONOem0OZanAR1ZI/k7yDpnOQSQmTMuGImUQb2y8EbSaCJ94FQluM74xoU03vlb2d2U90hZluL6nQg==} + '@opentelemetry/semantic-conventions@1.34.0': + resolution: {integrity: sha512-aKcOkyrorBGlajjRdVoJWHTxfxO1vCNHLJVlSDaRHDIdjU+pX8IYQPvPDkYiujKLbRnWU+1TBwEt0QRgSm4SGA==} engines: {node: '>=14'} '@protobufjs/aspromise@1.1.2': @@ -564,21 +555,34 @@ packages: '@redocly/ajv@8.11.2': resolution: {integrity: sha512-io1JpnwtIcvojV7QKDUSIuMN/ikdOUd1ReEnUnMKGfDVridQZ31J0MmIuqwuRjWDZfmvr+Q0MqCcfHM2gTivOg==} - '@redocly/cli@1.34.11': - resolution: {integrity: sha512-NTFegt2uQ0A4xewDPcTadsZYSlmEUzF7wnvRgmFI8Ftvjpq/coIdr9EQPmCF6wjrh9UBKdz2rMNckxLo/jhViA==} - engines: {node: '>=18.17.0', npm: '>=9.5.0'} + '@redocly/ajv@8.18.0': + resolution: {integrity: sha512-F+LMD2IDIXuHxgpLJh3nkLj9+tSaEzoUWd+7fONGq5pe2169FUDjpEkOfEpoGLz1sbZni/69p07OsecNfAOpqA==} + + '@redocly/cli-otel@0.1.2': + resolution: {integrity: sha512-Bg7BoO5t1x3lVK+KhA5aGPmeXpQmdf6WtTYHhelKJCsQ+tRMiJoFAQoKHoBHAoNxXrhlS3K9lKFLHGmtxsFQfA==} + + '@redocly/cli@2.25.4': + resolution: {integrity: sha512-ypBv8ZhckTzcOfsFH2VILsLqk00bJ1tI0POtlaEf8z0rDsnmD8auUETkMzw8wlUB+aQM7+VSzpSsmcmqeSgzWQ==} + engines: {node: '>=22.12.0 || >=20.19.0 <21.0.0', npm: '>=10'} hasBin: true '@redocly/config@0.22.0': resolution: {integrity: sha512-gAy93Ddo01Z3bHuVdPWfCwzgfaYgMdaZPcfL7JZ7hWJoK9V0lXDbigTWkhiPFAaLWzbOJ+kbUQG1+XwIm0KRGQ==} + '@redocly/config@0.46.0': + resolution: {integrity: sha512-FZEprNEkmLITKKdv5blIai1qiCcc4dn5+96AjWnmFQmH/oz/OyBiXBSi752/M+Wmype7aH2uRywSCuYlu4CgVA==} + '@redocly/openapi-core@1.34.11': resolution: {integrity: sha512-V09ayfnb5GyysmvARbt+voFZAjGcf7hSYxOYxSkCc4fbH/DTfq5YWoec8cflvmHHqyIFbqvmGKmYFzqhr9zxDg==} engines: {node: '>=18.17.0', npm: '>=9.5.0'} - '@redocly/respect-core@1.34.11': - resolution: {integrity: sha512-0USZA1iRkyCZN/o5ZmgJ9vFVfWe5dE6m2IabF4g7s8EWJErbRFc8LoJ20hfoR75yGUfde+0vTPNOG5T9dlqq1g==} - engines: {node: '>=18.17.0', npm: '>=9.5.0'} + '@redocly/openapi-core@2.25.4': + resolution: {integrity: sha512-zYdKQEsowPNtkTixrfbn5DySWBLQpTsISthVBBEPAa3OZC75UI76CbHXEamJ8Kmlead9IkD5RbgeJvxqJ5/H6Q==} + engines: {node: '>=22.12.0 || >=20.19.0 <21.0.0', npm: '>=10'} + + '@redocly/respect-core@2.25.4': + resolution: {integrity: sha512-0xMbcSft+9Q2sO1wSJMxo510Aqc/kGF/AmUK3OaLQvGvKUgOqq2Op/0aorNQJk6s8WBEH4UN4eFt7fUzUeXs8g==} + engines: {node: '>=22.12.0 || >=20.19.0 <21.0.0', npm: '>=10'} '@rollup/plugin-commonjs@22.0.2': resolution: {integrity: sha512-//NdP6iIwPbMTcazYsiBMbJW7gfmpHom33u1beiIoHDEM0Q9clvtQB1T0efvMqHeKsGohiHo97BCPCkBXdscwg==} @@ -592,9 +596,6 @@ packages: peerDependencies: rollup: ^1.20.0||^2.0.0 - '@sinclair/typebox@0.27.10': - resolution: {integrity: sha512-MTBk/3jGLNB2tVxv6uLlFh1iu64iYOQ2PbdOSK3NW8JZsmlaOh2q6sdtKowBhfw8QFLmYNzTW4/oK4uATIi6ZA==} - '@sindresorhus/merge-streams@4.0.0': resolution: {integrity: sha512-tlqY9xq5ukxTUZBmoOp+m61cqwQD5pHJtFY3Mn8CA8ps6yghLH/Hw8UPdqg4OLmFW3IFlcXnQNmo/dh8HzXYIQ==} engines: {node: '>=18'} @@ -746,15 +747,6 @@ packages: resolution: {integrity: sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==} engines: {node: '>= 14'} - ajv-cli@5.0.0: - resolution: {integrity: sha512-LY4m6dUv44HTyhV+u2z5uX4EhPYTM38Iv1jdgDJJJCyOOuqB8KtZEGjPZ2T+sh5ZIJrXUfgErYx/j3gLd3+PlQ==} - hasBin: true - peerDependencies: - ts-node: '>=9.0.0' - peerDependenciesMeta: - ts-node: - optional: true - ajv-draft-04@1.0.0: resolution: {integrity: sha512-mv00Te6nmYbRp5DCwclxtt7yV/joXJPGS7nM+97GdxvuttCOfgI3K4U25zboyeX0O+myI8ERluxQe5wljMmVIw==} peerDependencies: @@ -799,14 +791,6 @@ packages: resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==} engines: {node: '>=8'} - ansi-styles@5.2.0: - resolution: {integrity: sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==} - engines: {node: '>=10'} - - anymatch@3.1.3: - resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==} - engines: {node: '>= 8'} - argparse@1.0.10: resolution: {integrity: sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==} @@ -839,9 +823,6 @@ packages: resolution: {integrity: sha512-hsU18Ae8CDTR6Kgu9DYf0EbCr/a5iGL0rytQDobUcdpYOKokk8LEjVphnXkDkgpi0wYVsqrXuP0bZxJaTqdgoA==} engines: {node: '>= 0.4'} - asynckit@0.4.0: - resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==} - available-typed-arrays@1.0.7: resolution: {integrity: sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==} engines: {node: '>= 0.4'} @@ -859,10 +840,6 @@ packages: peerDependencies: ajv: 4.11.8 - 8 - binary-extensions@2.3.0: - resolution: {integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==} - engines: {node: '>=8'} - brace-expansion@1.1.13: resolution: {integrity: sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==} @@ -877,16 +854,9 @@ packages: resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} engines: {node: '>=8'} - buffer-from@1.1.2: - resolution: {integrity: sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==} - builtins@1.0.3: resolution: {integrity: sha512-uYBjakWipfaO/bXI7E8rq6kpwHRZK5cNYrUv2OzZSI/FvmdMyXJ2tG9dKcjEC5YHmHpUAwsargWIZNWdxb/bnQ==} - bundle-name@4.1.0: - resolution: {integrity: sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q==} - engines: {node: '>=18'} - call-bind-apply-helpers@1.0.2: resolution: {integrity: sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==} engines: {node: '>= 0.4'} @@ -934,10 +904,6 @@ packages: character-reference-invalid@2.0.1: resolution: {integrity: sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==} - chokidar@3.5.3: - resolution: {integrity: sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==} - engines: {node: '>= 8.10.0'} - classnames@2.5.1: resolution: {integrity: sha512-saHYOzhIQs6wy2sVxTM6bUDsQO4F50V9RQ22qBpEdCW+I+/Wmke2HOl6lS6dTpdxVhb88/I6+Hs+438c3lfUow==} @@ -972,10 +938,6 @@ packages: colorette@2.0.20: resolution: {integrity: sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==} - combined-stream@1.0.8: - resolution: {integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==} - engines: {node: '>= 0.8'} - commander@14.0.3: resolution: {integrity: sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==} engines: {node: '>=20'} @@ -994,10 +956,6 @@ packages: concat-map@0.0.1: resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==} - concat-stream@2.0.0: - resolution: {integrity: sha512-MWufYdFw53ccGjCA+Ol7XJYpAlW6/prSMzuPOTRnJGcGzuhLn4Scrz7qf6o8bROZ514ltazcIFJZevcfbo0x7A==} - engines: {'0': node >= 6.0} - cookie@0.7.2: resolution: {integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==} engines: {node: '>= 0.6'} @@ -1090,30 +1048,14 @@ packages: decode-named-character-reference@1.3.0: resolution: {integrity: sha512-GtpQYB283KrPp6nRw50q3U9/VfOutZOe103qlN7BPP6Ad27xYnOIWv4lPzo8HCAL+mMZofJ9KEy30fq6MfaK6Q==} - default-browser-id@5.0.1: - resolution: {integrity: sha512-x1VCxdX4t+8wVfd1so/9w+vQ4vx7lKd2Qp5tDRutErwmR85OgmfX7RlLRMWafRMY7hbEiXIbudNrjOAPa/hL8Q==} - engines: {node: '>=18'} - - default-browser@5.5.0: - resolution: {integrity: sha512-H9LMLr5zwIbSxrmvikGuI/5KGhZ8E2zH3stkMgM5LpOWDutGM2JZaj460Udnf1a+946zc7YBgrqEWwbk7zHvGw==} - engines: {node: '>=18'} - define-data-property@1.1.4: resolution: {integrity: sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==} engines: {node: '>= 0.4'} - define-lazy-prop@3.0.0: - resolution: {integrity: sha512-N+MeXYoqr3pOgn8xfyRPREN7gHakLYjhsHhWGT3fWAiL4IkAt0iDw14QiiEm2bE30c5XX5q0FtAA3CK5f9/BUg==} - engines: {node: '>=12'} - define-properties@1.2.1: resolution: {integrity: sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==} engines: {node: '>= 0.4'} - delayed-stream@1.0.0: - resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==} - engines: {node: '>=0.4.0'} - dependency-graph@0.11.0: resolution: {integrity: sha512-JeMq7fEshyepOWDfcfHK06N3MhyPhz++vtqWhMT5O9A3K42rdsEDpfdVqjaqaAhsw6a+ZqeDvQVtD0hFHQWrzg==} engines: {node: '>= 0.6.0'} @@ -1125,10 +1067,6 @@ packages: devlop@1.1.0: resolution: {integrity: sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==} - diff-sequences@29.6.3: - resolution: {integrity: sha512-EjePK1srD3P08o2j4f0ExnylqRs5B9tJjcp9t1krH2qRi8CCdsYfwe9JgSLurFBWwq4uOlipzfk5fHNvwFKr8Q==} - engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} - dompurify@3.3.3: resolution: {integrity: sha512-Oj6pzI2+RqBfFG+qOaOLbFXLQ90ARpcGG6UePL82bJLtdsa6CYJD7nmiU8MW9nQNOtCHV3lZ/Bzq1X0QYbBZCA==} @@ -1204,9 +1142,6 @@ packages: eventemitter3@5.0.4: resolution: {integrity: sha512-mlsTRyGaPBjPedk6Bvw+aqbsXDtoAyAzm5MO7JgU+yVRyMQ5O8bD4Kcci7BS85f93veegeCPkL8R4GLClnjLFw==} - fast-deep-equal@2.0.1: - resolution: {integrity: sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w==} - fast-deep-equal@3.1.3: resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==} @@ -1222,10 +1157,6 @@ packages: resolution: {integrity: sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==} engines: {node: '>=8.6.0'} - fast-json-patch@2.2.1: - resolution: {integrity: sha512-4j5uBaTnsYAV5ebkidvxiLUYOwjQ+JSFljeqfTxCrH9bDmlCQaOJFS84oDJ2rAXZq2yskmk3ORfoP9DCwqFNig==} - engines: {node: '>= 0.4.0'} - fast-json-stable-stringify@2.1.0: resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==} @@ -1275,10 +1206,6 @@ packages: foreach@2.0.6: resolution: {integrity: sha512-k6GAGDyqLe9JaebCsFCoudPPWfihKu8pylYXRlqP1J7ms39iPoTtk2fviNglIeQEwdh0bQeKJ01ZPyuyQvKzwg==} - form-data@4.0.4: - resolution: {integrity: sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==} - engines: {node: '>= 6'} - fs-extra@10.1.0: resolution: {integrity: sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==} engines: {node: '>=12'} @@ -1321,9 +1248,6 @@ packages: resolution: {integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==} engines: {node: '>= 0.4'} - get-port-please@3.0.1: - resolution: {integrity: sha512-R5pcVO8Z1+pVDu8Ml3xaJCEkBiiy1VQN9za0YqH8GIi1nIqD4IzQhzY6dDzMRtdS1lyiGlucRzm8IN8wtLIXng==} - get-proto@1.0.1: resolution: {integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==} engines: {node: '>= 0.4'} @@ -1366,8 +1290,8 @@ packages: graceful-fs@4.2.11: resolution: {integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==} - handlebars@4.7.8: - resolution: {integrity: sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==} + handlebars@4.7.9: + resolution: {integrity: sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==} engines: {node: '>=0.4.7'} hasBin: true @@ -1456,10 +1380,6 @@ packages: resolution: {integrity: sha512-n4ZT37wG78iz03xPRKJrHTdZbe3IicyucEtdRsV5yglwc3GyUfbAfpSeD0FJ41NbUNSt5wbhqfp1fS+BgnvDFQ==} engines: {node: '>= 0.4'} - is-binary-path@2.1.0: - resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==} - engines: {node: '>=8'} - is-boolean-object@1.2.2: resolution: {integrity: sha512-wa56o2/ElJMYqjCjGkXri7it5FbebW5usLw/nPmCMs5DeZ7eziSYZhSmPRn0txqeW4LnAmQQU7FgqLpsEFKM4A==} engines: {node: '>= 0.4'} @@ -1483,11 +1403,6 @@ packages: is-decimal@2.0.1: resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==} - is-docker@3.0.0: - resolution: {integrity: sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ==} - engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} - hasBin: true - is-extglob@2.1.1: resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==} engines: {node: '>=0.10.0'} @@ -1511,11 +1426,6 @@ packages: is-hexadecimal@2.0.1: resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==} - is-inside-container@1.0.0: - resolution: {integrity: sha512-KIYLCCJghfHZxqjYBE7rEy0OBuTd5xCHS7tHVgvCLkx7StIoaxwNW3hCALgEUjFfeRk+MG/Qxmp/vtETEF3tRA==} - engines: {node: '>=14.16'} - hasBin: true - is-map@2.0.3: resolution: {integrity: sha512-1Qed0/Hr2m+YqxnM09CjA2d/i6YZNfF6R2oRAOj36eUdS6qIV/huPJNSEpKbupewFs+ZsJlxsjjPbc0/afW6Lw==} engines: {node: '>= 0.4'} @@ -1579,25 +1489,9 @@ packages: resolution: {integrity: sha512-mfcwb6IzQyOKTs84CQMrOwW4gQcaTOAWJ0zzJCl2WSPDrWk/OzDaImWFH3djXhb24g4eudZfLRozAvPGw4d9hQ==} engines: {node: '>= 0.4'} - is-wsl@3.1.1: - resolution: {integrity: sha512-e6rvdUCiQCAuumZslxRJWR/Doq4VpPR82kqclvcS0efgt430SlGIk05vdCN58+VrzgtIcfNODjozVielycD4Sw==} - engines: {node: '>=16'} - isarray@2.0.5: resolution: {integrity: sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==} - jest-diff@29.7.0: - resolution: {integrity: sha512-LMIgiIrhigmPrs03JHpxUh2yISK3vLFPkAodPeo0+BuF7wA2FoQbkEg1u8gBYBThncu7e1oEDUfIXVuTqLRUjw==} - engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} - - jest-get-type@29.6.3: - resolution: {integrity: sha512-zrteXnqYxfQh7l5FHyL38jL39di8H8rHoecLH3JNxH3BwOrBsNeabdap5e0I23lD4HHI8W5VFBZqG4Eaq5LNcw==} - engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} - - jest-matcher-utils@29.7.0: - resolution: {integrity: sha512-sBkD+Xi9DtcChsI3L3u0+N0opgPYnCRPtGcQYrgXmR+hmt/fYfWAL0xRXYU8eWOdfuLgBe0YCW3AFtnRLagq/g==} - engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} - js-levenshtein@1.1.6: resolution: {integrity: sha512-X2BB11YZtrRqY4EnQcLX5Rh373zbK4alC1FW7D7MBhL2gtcC17cTnr6DmfHZeS0s2rTHjUTMMHfG7gO8SSdw+g==} engines: {node: '>=0.10.0'} @@ -1609,10 +1503,6 @@ packages: resolution: {integrity: sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==} hasBin: true - js-yaml@4.1.0: - resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==} - hasBin: true - js-yaml@4.1.1: resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==} hasBin: true @@ -1624,17 +1514,13 @@ packages: json-pointer@0.6.2: resolution: {integrity: sha512-vLWcKbOaXlO+jvRy4qNd+TI1QUPZzfJj1tpJ3vAXDych5XJf93ftpUKe5pKCrzyIIwgBJcOcCVRUfqQP25afBw==} - json-schema-migrate@2.0.0: - resolution: {integrity: sha512-r38SVTtojDRp4eD6WsCqiE0eNDt4v1WalBXb9cyZYw9ai5cGtBwzRNWjHzJl38w6TxFkXAIA7h+fyX3tnrAFhQ==} + json-schema-to-ts@2.7.2: + resolution: {integrity: sha512-R1JfqKqbBR4qE8UyBR56Ms30LL62/nlhoz+1UkfI/VE7p54Awu919FZ6ZUPG8zIa3XB65usPJgr1ONVncUGSaQ==} + engines: {node: '>=16'} json-schema-traverse@1.0.0: resolution: {integrity: sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==} - json5@2.2.3: - resolution: {integrity: sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==} - engines: {node: '>=6'} - hasBin: true - jsonc-parser@2.2.1: resolution: {integrity: sha512-o6/yDBYccGvTz1+QFevz6l6OBZ2+fMVu2JZ9CIhzsYRX4mjaK5IyX9eldUdCmga16zlgQxyrj5pt9kzuj2C02w==} @@ -1644,16 +1530,15 @@ packages: jsonfile@6.2.0: resolution: {integrity: sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg==} - jsonpath-plus@10.3.0: - resolution: {integrity: sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==} - engines: {node: '>=18.0.0'} - hasBin: true - jsonpath-plus@10.4.0: resolution: {integrity: sha512-T92WWatJXmhBbKsgH/0hl+jxjdXrifi5IKeMY02DWggRxX0UElcbVzPlmgLTbvsPeW1PasQ6xE2Q75stkhGbsA==} engines: {node: '>=18.0.0'} hasBin: true + jsonpath-rfc9535@1.3.0: + resolution: {integrity: sha512-3jFHya7oZ45aDxIIdx+/zQARahHXxFSMWBkcBUldfXpLS9VCXDJyTKt35kQfEXLqh0K3Ixw/9xFnvcDStaxh7Q==} + engines: {node: '>=20'} + jsonpointer@5.0.1: resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==} engines: {node: '>=0.10.0'} @@ -1676,8 +1561,9 @@ packages: lodash.topath@4.5.2: resolution: {integrity: sha512-1/W4dM+35DwvE/iEd1M9ekewOSTlpFekhw9mhAtrwjVqUr83/ilQiyAvmg4tVX7Unkcfl1KC+i9WdaT4B6aQcg==} - lodash@4.17.23: - resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==} + lodash@4.18.0: + resolution: {integrity: sha512-l1mfj2atMqndAHI3ls7XqPxEjV2J9ZkcNyHpoZA3r2T1LLwDB69jgkMWh71YKwhBbK0G2f4WSn05ahmQXVxupA==} + deprecated: Bad release. Please use lodash@4.17.21 instead. long@5.3.2: resolution: {integrity: sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA==} @@ -1815,21 +1701,10 @@ packages: resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==} engines: {node: '>=8.6'} - mime-db@1.52.0: - resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==} - engines: {node: '>= 0.6'} - - mime-types@2.1.35: - resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==} - engines: {node: '>= 0.6'} - minimatch@10.2.4: resolution: {integrity: sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==} engines: {node: 18 || 20 || >=22} - minimatch@3.1.2: - resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==} - minimatch@3.1.5: resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==} @@ -1857,8 +1732,8 @@ packages: react-native: optional: true - mobx-react@9.2.1: - resolution: {integrity: sha512-WJNNm0FB2n0Z0u+jS1QHmmWyV8l2WiAj8V8I/96kbUEN2YbYCoKW+hbbqKKRUBqElu0llxM7nWKehvRIkhBVJw==} + mobx-react@9.2.0: + resolution: {integrity: sha512-dkGWCx+S0/1mfiuFfHRH8D9cplmwhxOV5CkXMp38u6rQGG2Pv3FWYztS0M7ncR6TyPRQKaTG/pnitInoYE9Vrw==} peerDependencies: mobx: ^6.9.0 react: ^16.8.0 || ^17 || ^18 || ^19 @@ -1908,10 +1783,6 @@ packages: resolution: {integrity: sha512-Pzr3rol8fvhG/oJjIq2NTVB0vmdNNlz22FENhhPojYRZ4/ee08CfK4YuKmuL54V9MLhI1kpzxfOJ/63LzmZzDg==} engines: {node: '>=14'} - normalize-path@3.0.0: - resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==} - engines: {node: '>=0.10.0'} - oas-kit-common@1.0.8: resolution: {integrity: sha512-pJTS2+T0oGIwgjGpw7sIRU8RQMcUoKCDWFLdBqKB2BNmGpbBMH2sdqAaOXUg8OzonZHU0L7vfJu1mJFEiYDWOQ==} @@ -1947,13 +1818,6 @@ packages: once@1.4.0: resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==} - open@10.1.0: - resolution: {integrity: sha512-mnkeQ1qP5Ue2wd+aivTD3NHd/lZ96Lu0jgf0pwktLPtx6cTZiH7tyeGRRHs0zX0rbrahXPnXlUnbeXyaBBuIaw==} - engines: {node: '>=18'} - - openapi-sampler@1.7.0: - resolution: {integrity: sha512-fWq32F5vqGpgRJYIarC/9Y1wC9tKnRDcCOjsDJ7MIcSv2HsE7kNifcXIZ8FVtNStBUWxYrEk/MKqVF0SwZ5gog==} - openapi-sampler@1.7.2: resolution: {integrity: sha512-OKytvqB5XIaTgA9xtw8W8UTar+uymW2xPVpFN0NihMtuHPdPTGxBEhGnfFnJW5g/gOSIvkP+H0Xh3XhVI9/n7g==} @@ -2054,10 +1918,6 @@ packages: engines: {node: '>=14'} hasBin: true - pretty-format@29.7.0: - resolution: {integrity: sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==} - engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} - printable-characters@1.0.42: resolution: {integrity: sha512-dKp+C4iXWK4vVYZmYSd0KBH5F/h1HoZRsbJ82AVKRO3PEo8L4lBS/vLwhVtpwwuYcoIsVY+1JYKR268yn480uQ==} @@ -2090,9 +1950,6 @@ packages: react-is@16.13.1: resolution: {integrity: sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==} - react-is@18.3.1: - resolution: {integrity: sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==} - react-tabs@6.1.1: resolution: {integrity: sha512-CPiuKoMFf89B7QlbFfdBD9XmUWiE3qudQputMVZB8GQvPJZRX/gqjDaDWOPDwGinEfpJKEuBCkGt83Tt4efeyA==} peerDependencies: @@ -2106,12 +1963,8 @@ packages: resolution: {integrity: sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==} engines: {node: '>= 6'} - readdirp@3.6.0: - resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==} - engines: {node: '>=8.10.0'} - - redoc@2.5.0: - resolution: {integrity: sha512-NpYsOZ1PD9qFdjbLVBZJWptqE+4Y6TkUuvEOqPUmoH7AKOmPcE+hYjotLxQNTqVoWL4z0T2uxILmcc8JGDci+Q==} + redoc@2.5.1: + resolution: {integrity: sha512-LmqA+4A3CmhTllGG197F0arUpmChukAj9klfSdxNRemT9Hr07xXr7OGKu4PHzBs359sgrJ+4JwmOlM7nxLPGMg==} engines: {node: '>=6.9', npm: '>=3.0.0'} peerDependencies: core-js: ^3.1.4 @@ -2163,15 +2016,11 @@ packages: resolution: {integrity: sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==} engines: {iojs: '>=1.0.0', node: '>=0.10.0'} - rollup@2.79.2: - resolution: {integrity: sha512-fS6iqSPZDs3dr/y7Od6y5nha8dW1YnbgtsyotCVvoFGKbERG++CVRFv1meyGDE1SNItQA8BrnCw7ScdAhRJ3XQ==} + rollup@2.80.0: + resolution: {integrity: sha512-cIFJOD1DESzpjOBl763Kp1AH7UE/0fcdHe6rZXUdQ9c50uvgigvW97u3IcSeBwOkgqL/PXPBktBCh0KEu5L8XQ==} engines: {node: '>=10.0.0'} hasBin: true - run-applescript@7.1.0: - resolution: {integrity: sha512-DPe5pVFaAsinSaV6QjQ6gdiedWDcRCbUuiQfQa2wmWV7+xC9bGulGI8+TdRmoFkAPaBXk8CrAbnlY2ISniJ47Q==} - engines: {node: '>=18'} - run-parallel@1.2.0: resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==} @@ -2271,10 +2120,6 @@ packages: resolution: {integrity: sha512-tf+h5W1IrjNm/9rKKj0JU2MDMruiopx0jjVA5zCdBtcGjfp0+c5rHw/zADLC3IeKlGHtVbHtpfzvYA0OYT+HKg==} engines: {node: '>=8.0.0'} - smol-toml@1.6.0: - resolution: {integrity: sha512-4zemZi0HvTnYwLfrpk/CF9LOd9Lt87kAt50GnqhMpyF9U3poDAP2+iukq2bZsO/ufegbYehBkqINbsWxj4l4cw==} - engines: {node: '>= 18'} - smol-toml@1.6.1: resolution: {integrity: sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==} engines: {node: '>= 18'} @@ -2377,6 +2222,9 @@ packages: tr46@0.0.3: resolution: {integrity: sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==} + ts-algebra@1.2.2: + resolution: {integrity: sha512-kloPhf1hq3JbCPOTYoOWDKxebWjNb2o/LKnNfkWhxVVisFFmMJPPdJeGoGmM+iRLyoXAR61e08Pb+vUXINg8aA==} + tslib@1.14.1: resolution: {integrity: sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==} @@ -2399,9 +2247,6 @@ packages: resolution: {integrity: sha512-3KS2b+kL7fsuk/eJZ7EQdnEmQoaho/r6KUef7hxvltNA5DR8NAUM+8wJMbJyZ4G9/7i3v5zPBIMN5aybAh2/Jg==} engines: {node: '>= 0.4'} - typedarray@0.0.6: - resolution: {integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==} - typescript@6.0.2: resolution: {integrity: sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==} engines: {node: '>=14.17'} @@ -2415,6 +2260,14 @@ packages: engines: {node: '>=0.8.0'} hasBin: true + ulid@2.4.0: + resolution: {integrity: sha512-fIRiVTJNcSRmXKPZtGzFQv9WRrZ3M9eoptl/teFJvjOzmpU+/K/JH6HZ8deBfb5vMEpicJcLn7JmvdknlMq7Zg==} + hasBin: true + + ulid@3.0.2: + resolution: {integrity: sha512-yu26mwteFYzBAot7KVMqFGCVpsF6g8wXfJzQUHvu1no3+rRRSFcSV2nKeYvNPLD2J4b08jYBDhHUjeH0ygIl9w==} + hasBin: true + unbox-primitive@1.1.0: resolution: {integrity: sha512-nWJ91DjeOkej/TA8pXQ3myruKpKEYgqvpw9lz4OPHj/NWFNluYrjbz9j01CJ8yKQd2g4jFoOkINCTW2I5LEEyw==} engines: {node: '>= 0.4'} @@ -2422,8 +2275,8 @@ packages: undici-types@7.18.2: resolution: {integrity: sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==} - undici@6.24.1: - resolution: {integrity: sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==} + undici@6.24.0: + resolution: {integrity: sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==} engines: {node: '>=18.17'} unicorn-magic@0.4.0: @@ -2850,10 +2703,6 @@ snapshots: '@humanwhocodes/momoa@2.0.4': {} - '@jest/schemas@29.6.3': - dependencies: - '@sinclair/typebox': 0.27.10 - '@jsdevtools/ono@7.1.3': {} '@jsep-plugin/assignment@1.3.0(jsep@1.4.0)': @@ -2868,6 +2717,8 @@ snapshots: dependencies: jsep: 1.4.0 + '@noble/hashes@1.8.0': {} + '@nodelib/fs.scandir@2.1.5': dependencies: '@nodelib/fs.stat': 2.0.5 @@ -2880,94 +2731,81 @@ snapshots: '@nodelib/fs.scandir': 2.1.5 fastq: 1.20.1 - '@opentelemetry/api-logs@0.53.0': + '@opentelemetry/api-logs@0.202.0': dependencies: '@opentelemetry/api': 1.9.0 '@opentelemetry/api@1.9.0': {} - '@opentelemetry/context-async-hooks@1.26.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/context-async-hooks@2.0.1(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core@1.26.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/core@2.0.1(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/semantic-conventions': 1.27.0 + '@opentelemetry/semantic-conventions': 1.34.0 - '@opentelemetry/exporter-trace-otlp-http@0.53.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-trace-otlp-http@0.202.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.53.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.53.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 1.26.0(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.202.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.202.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.0.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base@0.53.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/otlp-exporter-base@0.202.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.53.0(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.202.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer@0.53.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/otlp-transformer@0.202.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/api-logs': 0.53.0 - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-logs': 0.53.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-metrics': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 1.26.0(@opentelemetry/api@1.9.0) + '@opentelemetry/api-logs': 0.202.0 + '@opentelemetry/core': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-logs': 0.202.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-metrics': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.0.1(@opentelemetry/api@1.9.0) protobufjs: 7.5.4 - '@opentelemetry/propagator-b3@1.26.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/resources@2.0.1(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/semantic-conventions': 1.34.0 - '@opentelemetry/propagator-jaeger@1.26.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/sdk-logs@0.202.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) + '@opentelemetry/api-logs': 0.202.0 + '@opentelemetry/core': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.0.1(@opentelemetry/api@1.9.0) - '@opentelemetry/resources@1.26.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/sdk-metrics@2.0.1(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/semantic-conventions': 1.27.0 + '@opentelemetry/core': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.0.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-logs@0.53.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/sdk-trace-base@2.0.1(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/api-logs': 0.53.0 - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 1.26.0(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/semantic-conventions': 1.34.0 - '@opentelemetry/sdk-metrics@1.26.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/sdk-trace-node@2.0.1(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 1.26.0(@opentelemetry/api@1.9.0) + '@opentelemetry/context-async-hooks': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.0.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base@1.26.0(@opentelemetry/api@1.9.0)': - dependencies: - '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/semantic-conventions': 1.27.0 - - '@opentelemetry/sdk-trace-node@1.26.0(@opentelemetry/api@1.9.0)': - dependencies: - '@opentelemetry/api': 1.9.0 - '@opentelemetry/context-async-hooks': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/core': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/propagator-b3': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/propagator-jaeger': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 1.26.0(@opentelemetry/api@1.9.0) - semver: 7.7.4 - - '@opentelemetry/semantic-conventions@1.27.0': {} + '@opentelemetry/semantic-conventions@1.34.0': {} '@protobufjs/aspromise@1.1.2': {} @@ -2999,37 +2837,52 @@ snapshots: require-from-string: 2.0.2 uri-js-replace: 1.0.1 - '@redocly/cli@1.34.11(ajv@8.18.0)': + '@redocly/ajv@8.18.0': dependencies: - '@opentelemetry/api': 1.9.0 - '@opentelemetry/exporter-trace-otlp-http': 0.53.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-node': 1.26.0(@opentelemetry/api@1.9.0) - '@opentelemetry/semantic-conventions': 1.27.0 - '@redocly/config': 0.22.0 - '@redocly/openapi-core': 1.34.11 - '@redocly/respect-core': 1.34.11(ajv@8.18.0) + fast-deep-equal: 3.1.3 + fast-uri: 3.1.0 + json-schema-traverse: 1.0.0 + require-from-string: 2.0.2 + + '@redocly/cli-otel@0.1.2': + dependencies: + ulid: 2.4.0 + + '@redocly/cli@2.25.4(@opentelemetry/api@1.9.0)(core-js@3.32.1)': + dependencies: + '@opentelemetry/exporter-trace-otlp-http': 0.202.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-node': 2.0.1(@opentelemetry/api@1.9.0) + '@opentelemetry/semantic-conventions': 1.34.0 + '@redocly/cli-otel': 0.1.2 + '@redocly/openapi-core': 2.25.4 + '@redocly/respect-core': 2.25.4 abort-controller: 3.0.0 - chokidar: 3.5.3 + ajv: '@redocly/ajv@8.18.0' + ajv-formats: 3.0.1(@redocly/ajv@8.18.0) colorette: 1.4.0 - core-js: 3.32.1 + cookie: 0.7.2 dotenv: 16.4.7 - form-data: 4.0.4 - get-port-please: 3.0.1 - glob: 7.2.3 - handlebars: 4.7.8 + glob: 13.0.6 + handlebars: 4.7.9 + https-proxy-agent: 7.0.6 mobx: 6.12.3 + picomatch: 4.0.4 pluralize: 8.0.0 react: 19.2.4 react-dom: 19.2.4(react@19.2.4) - redoc: 2.5.0(core-js@3.32.1)(mobx@6.12.3)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(styled-components@6.3.9(react-dom@19.2.4(react@19.2.4))(react@19.2.4)) + redoc: 2.5.1(core-js@3.32.1)(mobx@6.12.3)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(styled-components@6.3.9(react-dom@19.2.4(react@19.2.4))(react@19.2.4)) semver: 7.7.4 + set-cookie-parser: 2.7.1 simple-websocket: 9.1.0 styled-components: 6.3.9(react-dom@19.2.4(react@19.2.4))(react@19.2.4) + ulid: 3.0.2 + undici: 6.24.0 yargs: 17.0.1 transitivePeerDependencies: - - ajv + - '@opentelemetry/api' - bufferutil + - core-js - encoding - react-native - supports-color @@ -3037,6 +2890,10 @@ snapshots: '@redocly/config@0.22.0': {} + '@redocly/config@0.46.0': + dependencies: + json-schema-to-ts: 2.7.2 + '@redocly/openapi-core@1.34.11': dependencies: '@redocly/ajv': 8.11.2 @@ -3051,50 +2908,51 @@ snapshots: transitivePeerDependencies: - supports-color - '@redocly/respect-core@1.34.11(ajv@8.18.0)': + '@redocly/openapi-core@2.25.4': + dependencies: + '@redocly/ajv': 8.18.0 + '@redocly/config': 0.46.0 + ajv: '@redocly/ajv@8.18.0' + ajv-formats: 3.0.1(@redocly/ajv@8.18.0) + colorette: 1.4.0 + js-levenshtein: 1.1.6 + js-yaml: 4.1.1 + picomatch: 4.0.4 + pluralize: 8.0.0 + yaml-ast-parser: 0.0.43 + + '@redocly/respect-core@2.25.4': dependencies: '@faker-js/faker': 7.6.0 - '@redocly/ajv': 8.11.2 - '@redocly/openapi-core': 1.34.11 - better-ajv-errors: 1.2.0(ajv@8.18.0) + '@noble/hashes': 1.8.0 + '@redocly/ajv': 8.18.0 + '@redocly/openapi-core': 2.25.4 + ajv: '@redocly/ajv@8.18.0' + better-ajv-errors: 1.2.0(@redocly/ajv@8.18.0) colorette: 2.0.20 - concat-stream: 2.0.0 - cookie: 0.7.2 - dotenv: 16.4.7 - form-data: 4.0.4 - jest-diff: 29.7.0 - jest-matcher-utils: 29.7.0 - js-yaml: 4.1.0 json-pointer: 0.6.2 - jsonpath-plus: 10.3.0 - open: 10.1.0 - openapi-sampler: 1.7.0 + jsonpath-rfc9535: 1.3.0 + openapi-sampler: 1.7.2 outdent: 0.8.0 - set-cookie-parser: 2.7.1 - undici: 6.24.1 - transitivePeerDependencies: - - ajv - - supports-color + picomatch: 4.0.4 - '@rollup/plugin-commonjs@22.0.2(rollup@2.79.2)': + '@rollup/plugin-commonjs@22.0.2(rollup@2.80.0)': dependencies: - '@rollup/pluginutils': 3.1.0(rollup@2.79.2) + '@rollup/pluginutils': 3.1.0(rollup@2.80.0) commondir: 1.0.1 estree-walker: 2.0.2 glob: 7.2.3 is-reference: 1.2.1 magic-string: 0.25.9 resolve: 1.22.11 - rollup: 2.79.2 + rollup: 2.80.0 - '@rollup/pluginutils@3.1.0(rollup@2.79.2)': + '@rollup/pluginutils@3.1.0(rollup@2.80.0)': dependencies: '@types/estree': 0.0.39 estree-walker: 1.0.1 picomatch: 2.3.2 - rollup: 2.79.2 - - '@sinclair/typebox@0.27.10': {} + rollup: 2.80.0 '@sindresorhus/merge-streams@4.0.0': {} @@ -3120,7 +2978,7 @@ snapshots: dependency-graph: 0.11.0 fast-memoize: 2.5.2 immer: 9.0.21 - lodash: 4.17.23 + lodash: 4.18.0 tslib: 2.8.1 urijs: 1.19.11 @@ -3130,7 +2988,7 @@ snapshots: '@stoplight/path': 1.3.2 '@stoplight/types': 13.20.0 jsonc-parser: 2.2.1 - lodash: 4.17.23 + lodash: 4.18.0 safe-stable-stringify: 1.1.1 '@stoplight/ordered-object-literal@1.0.5': {} @@ -3153,7 +3011,7 @@ snapshots: chalk: 4.1.2 fast-glob: 3.2.12 hpagent: 1.2.0 - lodash: 4.17.23 + lodash: 4.18.0 pony-cause: 1.1.1 stacktracey: 2.2.0 tslib: 2.8.1 @@ -3177,9 +3035,9 @@ snapshots: ajv-formats: 2.1.1(ajv@8.18.0) es-aggregate-error: 1.0.14 jsonpath-plus: 10.4.0 - lodash: 4.17.23 + lodash: 4.18.0 lodash.topath: 4.5.2 - minimatch: 3.1.2 + minimatch: 3.1.5 nimma: 0.2.3 pony-cause: 1.1.1 simple-eval: 1.0.1 @@ -3205,7 +3063,7 @@ snapshots: '@types/markdown-escape': 1.1.3 chalk: 4.1.2 cliui: 7.0.4 - lodash: 4.17.23 + lodash: 4.18.0 markdown-escape: 2.0.0 node-sarif-builder: 2.0.3 strip-ansi: 6.0.1 @@ -3225,7 +3083,7 @@ snapshots: ajv-draft-04: 1.0.0(ajv@8.18.0) ajv-errors: 3.0.0(ajv@8.18.0) ajv-formats: 2.1.1(ajv@8.18.0) - lodash: 4.17.23 + lodash: 4.18.0 tslib: 2.8.1 transitivePeerDependencies: - encoding @@ -3249,7 +3107,7 @@ snapshots: '@stoplight/spectral-ruleset-bundler@1.6.3': dependencies: - '@rollup/plugin-commonjs': 22.0.2(rollup@2.79.2) + '@rollup/plugin-commonjs': 22.0.2(rollup@2.80.0) '@stoplight/path': 1.3.2 '@stoplight/spectral-core': 1.21.0 '@stoplight/spectral-formats': 1.8.2 @@ -3262,7 +3120,7 @@ snapshots: '@stoplight/types': 13.20.0 '@types/node': 25.5.0 pony-cause: 1.1.1 - rollup: 2.79.2 + rollup: 2.80.0 tslib: 2.8.1 validate-npm-package-name: 3.0.0 transitivePeerDependencies: @@ -3302,7 +3160,7 @@ snapshots: ajv-formats: 2.1.1(ajv@8.18.0) json-schema-traverse: 1.0.0 leven: 3.1.0 - lodash: 4.17.23 + lodash: 4.18.0 tslib: 2.8.1 transitivePeerDependencies: - encoding @@ -3313,7 +3171,7 @@ snapshots: '@stoplight/path': 1.3.2 '@stoplight/types': 13.20.0 abort-controller: 3.0.0 - lodash: 4.17.23 + lodash: 4.18.0 node-fetch: 2.7.0 tslib: 2.8.1 transitivePeerDependencies: @@ -3393,16 +3251,6 @@ snapshots: agent-base@7.1.4: {} - ajv-cli@5.0.0: - dependencies: - ajv: 8.18.0 - fast-json-patch: 2.2.1 - glob: 7.2.3 - js-yaml: 3.14.2 - json-schema-migrate: 2.0.0 - json5: 2.2.3 - minimist: 1.2.8 - ajv-draft-04@1.0.0(ajv@8.18.0): optionalDependencies: ajv: 8.18.0 @@ -3415,6 +3263,10 @@ snapshots: optionalDependencies: ajv: 8.18.0 + ajv-formats@3.0.1(@redocly/ajv@8.18.0): + optionalDependencies: + ajv: '@redocly/ajv@8.18.0' + ajv-formats@3.0.1(ajv@8.18.0): optionalDependencies: ajv: 8.18.0 @@ -3434,13 +3286,6 @@ snapshots: dependencies: color-convert: 2.0.1 - ansi-styles@5.2.0: {} - - anymatch@3.1.3: - dependencies: - normalize-path: 3.0.0 - picomatch: 2.3.2 - argparse@1.0.10: dependencies: sprintf-js: 1.0.3 @@ -3476,8 +3321,6 @@ snapshots: async-function@1.0.0: {} - asynckit@0.4.0: {} - available-typed-arrays@1.0.7: dependencies: possible-typed-array-names: 1.1.0 @@ -3486,17 +3329,15 @@ snapshots: balanced-match@4.0.4: {} - better-ajv-errors@1.2.0(ajv@8.18.0): + better-ajv-errors@1.2.0(@redocly/ajv@8.18.0): dependencies: '@babel/code-frame': 7.29.0 '@humanwhocodes/momoa': 2.0.4 - ajv: 8.18.0 + ajv: '@redocly/ajv@8.18.0' chalk: 4.1.2 jsonpointer: 5.0.1 leven: 3.1.0 - binary-extensions@2.3.0: {} - brace-expansion@1.1.13: dependencies: balanced-match: 1.0.2 @@ -3514,14 +3355,8 @@ snapshots: dependencies: fill-range: 7.1.1 - buffer-from@1.1.2: {} - builtins@1.0.3: {} - bundle-name@4.1.0: - dependencies: - run-applescript: 7.1.0 - call-bind-apply-helpers@1.0.2: dependencies: es-errors: 1.3.0 @@ -3564,18 +3399,6 @@ snapshots: character-reference-invalid@2.0.1: {} - chokidar@3.5.3: - dependencies: - anymatch: 3.1.3 - braces: 3.0.3 - glob-parent: 5.1.2 - is-binary-path: 2.1.0 - is-glob: 4.0.3 - normalize-path: 3.0.0 - readdirp: 3.6.0 - optionalDependencies: - fsevents: 2.3.3 - classnames@2.5.1: {} clear-module@4.1.2: @@ -3613,10 +3436,6 @@ snapshots: colorette@2.0.20: {} - combined-stream@1.0.8: - dependencies: - delayed-stream: 1.0.0 - commander@14.0.3: {} commander@8.3.0: {} @@ -3630,13 +3449,6 @@ snapshots: concat-map@0.0.1: {} - concat-stream@2.0.0: - dependencies: - buffer-from: 1.1.2 - inherits: 2.0.4 - readable-stream: 3.6.2 - typedarray: 0.0.6 - cookie@0.7.2: {} core-js@3.32.1: {} @@ -3774,29 +3586,18 @@ snapshots: dependencies: character-entities: 2.0.2 - default-browser-id@5.0.1: {} - - default-browser@5.5.0: - dependencies: - bundle-name: 4.1.0 - default-browser-id: 5.0.1 - define-data-property@1.1.4: dependencies: es-define-property: 1.0.1 es-errors: 1.3.0 gopd: 1.2.0 - define-lazy-prop@3.0.0: {} - define-properties@1.2.1: dependencies: define-data-property: 1.1.4 has-property-descriptors: 1.0.2 object-keys: 1.1.1 - delayed-stream@1.0.0: {} - dependency-graph@0.11.0: {} dequal@2.0.3: {} @@ -3805,8 +3606,6 @@ snapshots: dependencies: dequal: 2.0.3 - diff-sequences@29.6.3: {} - dompurify@3.3.3: optionalDependencies: '@types/trusted-types': 2.0.7 @@ -3930,8 +3729,6 @@ snapshots: eventemitter3@5.0.4: {} - fast-deep-equal@2.0.1: {} - fast-deep-equal@3.1.3: {} fast-equals@6.0.0: {} @@ -3952,10 +3749,6 @@ snapshots: merge2: 1.4.1 micromatch: 4.0.8 - fast-json-patch@2.2.1: - dependencies: - fast-deep-equal: 2.0.1 - fast-json-stable-stringify@2.1.0: {} fast-memoize@2.5.2: {} @@ -3999,14 +3792,6 @@ snapshots: foreach@2.0.6: {} - form-data@4.0.4: - dependencies: - asynckit: 0.4.0 - combined-stream: 1.0.8 - es-set-tostringtag: 2.1.0 - hasown: 2.0.2 - mime-types: 2.1.35 - fs-extra@10.1.0: dependencies: graceful-fs: 4.2.11 @@ -4052,8 +3837,6 @@ snapshots: hasown: 2.0.2 math-intrinsics: 1.1.0 - get-port-please@3.0.1: {} - get-proto@1.0.1: dependencies: dunder-proto: 1.0.1 @@ -4111,7 +3894,7 @@ snapshots: graceful-fs@4.2.11: {} - handlebars@4.7.8: + handlebars@4.7.9: dependencies: minimist: 1.2.8 neo-async: 2.6.2 @@ -4204,10 +3987,6 @@ snapshots: dependencies: has-bigints: 1.1.0 - is-binary-path@2.1.0: - dependencies: - binary-extensions: 2.3.0 - is-boolean-object@1.2.2: dependencies: call-bound: 1.0.4 @@ -4232,8 +4011,6 @@ snapshots: is-decimal@2.0.1: {} - is-docker@3.0.0: {} - is-extglob@2.1.1: {} is-finalizationregistry@1.1.1: @@ -4256,10 +4033,6 @@ snapshots: is-hexadecimal@2.0.1: {} - is-inside-container@1.0.0: - dependencies: - is-docker: 3.0.0 - is-map@2.0.3: {} is-negative-zero@2.0.3: {} @@ -4318,28 +4091,8 @@ snapshots: call-bound: 1.0.4 get-intrinsic: 1.3.0 - is-wsl@3.1.1: - dependencies: - is-inside-container: 1.0.0 - isarray@2.0.5: {} - jest-diff@29.7.0: - dependencies: - chalk: 4.1.2 - diff-sequences: 29.6.3 - jest-get-type: 29.6.3 - pretty-format: 29.7.0 - - jest-get-type@29.6.3: {} - - jest-matcher-utils@29.7.0: - dependencies: - chalk: 4.1.2 - jest-diff: 29.7.0 - jest-get-type: 29.6.3 - pretty-format: 29.7.0 - js-levenshtein@1.1.6: {} js-tokens@4.0.0: {} @@ -4349,10 +4102,6 @@ snapshots: argparse: 1.0.10 esprima: 4.0.1 - js-yaml@4.1.0: - dependencies: - argparse: 2.0.1 - js-yaml@4.1.1: dependencies: argparse: 2.0.1 @@ -4363,14 +4112,14 @@ snapshots: dependencies: foreach: 2.0.6 - json-schema-migrate@2.0.0: + json-schema-to-ts@2.7.2: dependencies: - ajv: 8.18.0 + '@babel/runtime': 7.29.2 + '@types/json-schema': 7.0.15 + ts-algebra: 1.2.2 json-schema-traverse@1.0.0: {} - json5@2.2.3: {} - jsonc-parser@2.2.1: {} jsonc-parser@3.3.1: {} @@ -4381,18 +4130,14 @@ snapshots: optionalDependencies: graceful-fs: 4.2.11 - jsonpath-plus@10.3.0: - dependencies: - '@jsep-plugin/assignment': 1.3.0(jsep@1.4.0) - '@jsep-plugin/regex': 1.0.4(jsep@1.4.0) - jsep: 1.4.0 - jsonpath-plus@10.4.0: dependencies: '@jsep-plugin/assignment': 1.3.0(jsep@1.4.0) '@jsep-plugin/regex': 1.0.4(jsep@1.4.0) jsep: 1.4.0 + jsonpath-rfc9535@1.3.0: {} + jsonpointer@5.0.1: {} katex@0.16.44: @@ -4411,7 +4156,7 @@ snapshots: lodash.topath@4.5.2: {} - lodash@4.17.23: {} + lodash@4.18.0: {} long@5.3.2: {} @@ -4454,7 +4199,7 @@ snapshots: markdownlint: 0.40.0 markdownlint-cli2-formatter-default: 0.0.6(markdownlint-cli2@0.22.0) micromatch: 4.0.8 - smol-toml: 1.6.0 + smol-toml: 1.6.1 transitivePeerDependencies: - supports-color @@ -4657,20 +4402,10 @@ snapshots: braces: 3.0.3 picomatch: 2.3.2 - mime-db@1.52.0: {} - - mime-types@2.1.35: - dependencies: - mime-db: 1.52.0 - minimatch@10.2.4: dependencies: brace-expansion: 5.0.5 - minimatch@3.1.2: - dependencies: - brace-expansion: 1.1.13 - minimatch@3.1.5: dependencies: brace-expansion: 1.1.13 @@ -4691,7 +4426,7 @@ snapshots: optionalDependencies: react-dom: 19.2.4(react@19.2.4) - mobx-react@9.2.1(mobx@6.12.3)(react-dom@19.2.4(react@19.2.4))(react@19.2.4): + mobx-react@9.2.0(mobx@6.12.3)(react-dom@19.2.4(react@19.2.4))(react@19.2.4): dependencies: mobx: 6.12.3 mobx-react-lite: 4.1.1(mobx@6.12.3)(react-dom@19.2.4(react@19.2.4))(react@19.2.4) @@ -4734,8 +4469,6 @@ snapshots: '@types/sarif': 2.1.7 fs-extra: 10.1.0 - normalize-path@3.0.0: {} - oas-kit-common@1.0.8: dependencies: fast-safe-stringify: 2.1.1 @@ -4752,7 +4485,7 @@ snapshots: oas-kit-common: 1.0.8 reftools: 1.1.9 yaml: 1.10.3 - yargs: 17.0.1 + yargs: 17.7.2 oas-schema-walker@1.1.5: {} @@ -4786,19 +4519,6 @@ snapshots: dependencies: wrappy: 1.0.2 - open@10.1.0: - dependencies: - default-browser: 5.5.0 - define-lazy-prop: 3.0.0 - is-inside-container: 1.0.0 - is-wsl: 3.1.1 - - openapi-sampler@1.7.0: - dependencies: - '@types/json-schema': 7.0.15 - fast-xml-parser: 5.5.9 - json-pointer: 0.6.2 - openapi-sampler@1.7.2: dependencies: '@types/json-schema': 7.0.15 @@ -4886,12 +4606,6 @@ snapshots: prettier@3.8.1: {} - pretty-format@29.7.0: - dependencies: - '@jest/schemas': 29.6.3 - ansi-styles: 5.2.0 - react-is: 18.3.1 - printable-characters@1.0.42: {} prismjs@1.30.0: {} @@ -4932,8 +4646,6 @@ snapshots: react-is@16.13.1: {} - react-is@18.3.1: {} - react-tabs@6.1.1(react@19.2.4): dependencies: clsx: 2.1.1 @@ -4948,11 +4660,7 @@ snapshots: string_decoder: 1.3.0 util-deprecate: 1.0.2 - readdirp@3.6.0: - dependencies: - picomatch: 2.3.2 - - redoc@2.5.0(core-js@3.32.1)(mobx@6.12.3)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(styled-components@6.3.9(react-dom@19.2.4(react@19.2.4))(react@19.2.4)): + redoc@2.5.1(core-js@3.32.1)(mobx@6.12.3)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(styled-components@6.3.9(react-dom@19.2.4(react@19.2.4))(react@19.2.4)): dependencies: '@redocly/openapi-core': 1.34.11 classnames: 2.5.1 @@ -4965,7 +4673,7 @@ snapshots: mark.js: 8.11.1 marked: 4.3.0 mobx: 6.12.3 - mobx-react: 9.2.1(mobx@6.12.3)(react-dom@19.2.4(react@19.2.4))(react@19.2.4) + mobx-react: 9.2.0(mobx@6.12.3)(react-dom@19.2.4(react@19.2.4))(react@19.2.4) openapi-sampler: 1.7.2 path-browserify: 1.0.1 perfect-scrollbar: 1.5.6 @@ -5027,12 +4735,10 @@ snapshots: reusify@1.1.0: {} - rollup@2.79.2: + rollup@2.80.0: optionalDependencies: fsevents: 2.3.3 - run-applescript@7.1.0: {} - run-parallel@1.2.0: dependencies: queue-microtask: 1.2.3 @@ -5166,8 +4872,6 @@ snapshots: slugify@1.4.7: {} - smol-toml@1.6.0: {} - smol-toml@1.6.1: {} source-map-js@1.2.1: {} @@ -5273,7 +4977,7 @@ snapshots: oas-validator: 5.0.8 reftools: 1.1.9 yaml: 1.10.3 - yargs: 17.0.1 + yargs: 17.7.2 transitivePeerDependencies: - encoding @@ -5290,6 +4994,8 @@ snapshots: tr46@0.0.3: {} + ts-algebra@1.2.2: {} + tslib@1.14.1: {} tslib@2.8.1: {} @@ -5327,8 +5033,6 @@ snapshots: possible-typed-array-names: 1.1.0 reflect.getprototypeof: 1.0.10 - typedarray@0.0.6: {} - typescript@6.0.2: {} uc.micro@2.1.0: {} @@ -5336,6 +5040,10 @@ snapshots: uglify-js@3.19.3: optional: true + ulid@2.4.0: {} + + ulid@3.0.2: {} + unbox-primitive@1.1.0: dependencies: call-bound: 1.0.4 @@ -5345,7 +5053,7 @@ snapshots: undici-types@7.18.2: {} - undici@6.24.1: {} + undici@6.24.0: {} unicorn-magic@0.4.0: {} From f03afc7a9f89ebea11a24b73a1e5cd0bd80120cd Mon Sep 17 00:00:00 2001 From: Jake Shilling Date: Thu, 2 Apr 2026 16:47:52 -0400 Subject: [PATCH 2/5] ci: add pnpm audit workflow --- .github/workflows/pnpm-audit.yml | 39 ++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/pnpm-audit.yml diff --git a/.github/workflows/pnpm-audit.yml b/.github/workflows/pnpm-audit.yml new file mode 100644 index 0000000..bd49677 --- /dev/null +++ b/.github/workflows/pnpm-audit.yml @@ -0,0 +1,39 @@ +name: pnpm audit + +on: + workflow_dispatch: + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + paths: + - package.json + - pnpm-lock.yaml + +permissions: + contents: read + +jobs: + audit: + name: audit + runs-on: self-hosted + steps: + - name: Fetch Repository + uses: actions/checkout@v6 + + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: "lts/*" + cache: pnpm + cache-dependency-path: pnpm-lock.yaml + + - name: Set up pnpm + uses: pnpm/action-setup@v4 + with: + run_install: false + + - name: Run pnpm audit + run: pnpm audit --audit-level low From 1da1c1c634789089dada4acfed02f7c641fe6dd1 Mon Sep 17 00:00:00 2001 From: Jake Shilling Date: Thu, 2 Apr 2026 16:57:21 -0400 Subject: [PATCH 3/5] Try setting up pnpm earlier --- .github/workflows/pnpm-audit.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pnpm-audit.yml b/.github/workflows/pnpm-audit.yml index bd49677..644a715 100644 --- a/.github/workflows/pnpm-audit.yml +++ b/.github/workflows/pnpm-audit.yml @@ -23,6 +23,12 @@ jobs: - name: Fetch Repository uses: actions/checkout@v6 + - name: Set up pnpm + uses: pnpm/action-setup@v4 + with: + version: 10.32.1 + run_install: false + - name: Set up Node.js uses: actions/setup-node@v6 with: @@ -30,10 +36,5 @@ jobs: cache: pnpm cache-dependency-path: pnpm-lock.yaml - - name: Set up pnpm - uses: pnpm/action-setup@v4 - with: - run_install: false - - name: Run pnpm audit run: pnpm audit --audit-level low From e020905f8ac7166680fcfa00d8e60695e23f3959 Mon Sep 17 00:00:00 2001 From: Jake Shilling Date: Thu, 2 Apr 2026 17:01:48 -0400 Subject: [PATCH 4/5] Do not cache pnpm deps --- .github/workflows/pnpm-audit.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/pnpm-audit.yml b/.github/workflows/pnpm-audit.yml index 644a715..6c5fb24 100644 --- a/.github/workflows/pnpm-audit.yml +++ b/.github/workflows/pnpm-audit.yml @@ -33,8 +33,6 @@ jobs: uses: actions/setup-node@v6 with: node-version: "lts/*" - cache: pnpm - cache-dependency-path: pnpm-lock.yaml - name: Run pnpm audit run: pnpm audit --audit-level low From d4fb4771972c8898864bbd7b30526ce3f4443a9d Mon Sep 17 00:00:00 2001 From: Jake Shilling Date: Wed, 15 Apr 2026 09:10:20 -0400 Subject: [PATCH 5/5] docs: resolve documentation audit findings for 2026-04-15 --- AGENTS.md | 7 +- docs/api.md | 122 ++++++++---------- docs/architecture.md | 23 ++-- docs/audit/2026-04-15_09:02:39.md | 110 ++++++++++++++++ docs/features/README.md | 2 +- docs/features/core/nsc-education.md | 5 +- docs/features/infrastructure/redis.md | 8 +- docs/features/security/cognito-auth.md | 63 ++++----- docs/guides/01-getting-started.md | 2 +- docs/guides/02-authentication.md | 5 + docs/overview.md | 105 ++++++++------- .../auth-token-validation-strategy.md | 16 ++- docs/setup.md | 47 +++---- 13 files changed, 318 insertions(+), 197 deletions(-) create mode 100644 docs/audit/2026-04-15_09:02:39.md diff --git a/AGENTS.md b/AGENTS.md index 79427cc..bbc9dc5 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -40,8 +40,8 @@ Observed entry points: - `main.go` - `api.New` -- `routes.RegisterRoutes` -- `api-spec/openapi.yaml` +- `routes.StatusRouter` and `routes.RegisterRoutes` +- `api-spec/v0/openapi.yaml` Observed deployment helpers: @@ -56,7 +56,8 @@ Do not modify these without an explicit task and approval: - `SECURITY.md` - `LICENSE` - `public.jwk` -- `api-spec/dist/*` unless the source spec changed too +- `api-spec/v0/dist/*` unless the source spec changed too +- `api-spec/dist/v0/*` unless the source spec changed too ## 3. Agent Roles diff --git a/docs/api.md b/docs/api.md index bab46a2..3a9b6e7 100644 --- a/docs/api.md +++ b/docs/api.md @@ -5,80 +5,54 @@ The server port is configured through `PORT` and defaults to `3000` in code; the local example environment sets `PORT=8000`. The intended public API contract for this branch is defined in `api-spec/v0/openapi.yaml`; this page -documents the currently wired Go runtime endpoints and their operational -caveats. +documents the endpoints and operational behavior that are actually wired in the +current Go runtime. ## Authentication Behavior -- When `SKIP_AUTH=false`, Cognito middleware is enabled globally. -- Middleware reads access token from header: `x-amzn-oidc-accesstoken`. -- Token checks include: - - valid signature via JWKS - - issuer match - - `token_use=access` - - `client_id` claim equals configured app client ID +- The current branch does not register a Cognito or bearer-token validation + middleware. +- When `SKIP_AUTH=true`, `SkipAuthMiddleware` injects a stable local identity + into Fiber locals using the local values `sub`, `username`, `scope`, and + `groups`. +- When `SKIP_AUTH=false`, requests still reach the route handlers without an + additional auth gate in the current code path. -If auth fails, response is `401 Unauthorized`. -This applies to `/api/edu` and `/api/v0/veteran-disability-ratings` when auth is -enabled. `/health` is registered before the auth middleware and remains -unauthenticated in the current branch. +The checked-in v0 contract still documents OAuth 2.0 client credentials. Treat +that as the intended public contract, not proof of current runtime enforcement. ## Circuit Breaker Behavior -`/health`, `/api/edu`, and `/api/v0/veteran-disability-ratings` are wrapped by -Redis-backed circuit breaker middleware. +`/health`, `POST /api/v0/education-enrollments`, and +`POST /api/v0/veteran-disability-ratings` are wrapped by Redis-backed circuit +breaker middleware. - On breaker deny/open state: `503 Service Unavailable`. - On Redis state read failures with fail-open (default): request is allowed. ## Runtime Endpoints -| Method | Path | Description | Success | Notes | -| ------ | ------------------------------ | -------------------------------------- | ----------- | ------------------------------------------------------------------ | -| `GET` | `/` | Liveness string | `200` text | Returns `Backend running!` | -| `GET` | `/health` | Redis health check | `200` empty | Registered before auth middleware; pings Redis with 2s timeout | -| `GET` | `/api/edu` | NSC education verification scaffold | `200` JSON | Uses a hardcoded request payload in handler; not the v0 contract | -| `POST` | `/api/v0/veteran-disability-ratings` | Veteran disability status from v0 spec | `200` JSON | Accepts caller-provided identity payload and matches the v0 route | - -| Method | Path | Description | Success | Notes | -| ------ | --------------------- | ----------------------------------- | ----------- | ----- | -| `GET` | `/` | Liveness string | `200` text | Returns `Backend running!` | -| `GET` | `/status` | Redis health check | `200` empty | Uses 2s Redis ping timeout; wrapped by circuit breaker | -| `GET` | `/api-spec/v1/verify` | Bundled OpenAPI JSON artifact | `200` JSON | Returns `api-spec/dist/openapi.bundled.json` | -| `GET` | `/api/edu` | Education verification passthrough | `200` JSON | Uses hardcoded request payload in handler; wrapped by circuit breaker | - -### NSC Submit Request model (`pkg/education/models_request.go`) - -```go -type Request struct { - AccountID string `json:"accountId"` - OrganizationName string `json:"organizationName,omitempty"` - CaseReferenceID string `json:"caseReferenceId,omitempty"` - ContactEmail string `json:"contactEmail,omitempty"` - DateOfBirth string `json:"dateOfBirth"` - LastName string `json:"lastName"` - FirstName string `json:"firstName"` - SSN string `json:"ssn,omitempty"` - IdentityDetails []IdentityDetails `json:"identityDetails,omitempty"` - EndClient string `json:"endClient"` - PreviousNames []PreviousName `json:"previousNames,omitempty"` - Terms string `json:"terms"` -} -``` +| Method | Path | Description | Success | Notes | +|---|---|---|---|---| +| `GET` | `/` | Liveness string | `200` text | Returns `Backend running!` | +| `GET` | `/health` | Redis health check | `200` empty | Pings Redis with a 2-second timeout and is wrapped by the breaker middleware | +| `GET` | `/api-spec/v1/verify` | Bundled OpenAPI JSON artifact | `200` JSON | Returns `api-spec/v0/dist/openapi.bundled.json` | +| `POST` | `/api/v0/education-enrollments` | Education enrollment lookup | `200` JSON | Binds request JSON, validates required identity fields, then calls NSC service | +| `POST` | `/api/v0/veteran-disability-ratings` | Veteran disability lookup | `200` JSON | Binds request JSON and requires either SSN or a complete address block | -### NSC Submit Response model (`pkg/education/models_response.go`) +## Request Validation and Error Semantics -```go -type Response struct { - ClientData ClientDataResponse `json:"clientData"` - IdentityDetails []IdentityDetailsResponse `json:"identityDetails"` - Status StatusResponse `json:"status"` - StudentInfoProvided StudentInfoProvidedResponse `json:"studentInfoProvided"` - TransactionDetails TransactionDetailsResponse `json:"transactionDetails"` -} -``` +- Education requests require `firstName`, `lastName`, and `dateOfBirth`. +- Veteran requests require `firstName`, `lastName`, and `dateOfBirth`, plus + either `ssn` or a complete address (`street1`, `city`, `state`, + `postalCode`, `country`). +- Fiber error handling sends plain-text response bodies for `400`, `502`, and + `503` cases produced with `fiber.NewError(...)`. +- Both verification handlers return bare `404` responses for not-found cases. + +## Examples -## Example: `/health` +### `/health` ```bash curl -i http://localhost:8000/health @@ -90,20 +64,24 @@ curl -i http://localhost:8000/health curl -i http://localhost:8000/api-spec/v1/verify ``` -Returns the checked-in bundled OpenAPI JSON artifact with `Content-Type: application/json`. - -## Example: `/api/edu` (auth skipped locally) +### `/api/v0/education-enrollments` ```bash -curl -i http://localhost:8000/api/edu +curl -i --request POST http://localhost:8000/api/v0/education-enrollments \ + --header 'Content-Type: application/json' \ + --data '{ + "firstName": "Lynette", + "lastName": "Oyola", + "dateOfBirth": "1988-10-24", + "ssn": "123-45-6789" + }' ``` -## Example: `/api/v0/veteran-disability-ratings` +### `/api/v0/veteran-disability-ratings` ```bash curl -i --request POST http://localhost:8000/api/v0/veteran-disability-ratings \ --header 'Content-Type: application/json' \ - --header 'Authorization: Bearer ' \ --data '{ "firstName": "Lynette", "lastName": "Oyola", @@ -120,14 +98,18 @@ curl -i --request POST http://localhost:8000/api/v0/veteran-disability-ratings \ ## Current-State Caveats -- `/api/edu` currently does not accept caller-provided payload; it submits a hardcoded sample request from handler code. -- `main` now injects Redis into `api.New`, so the health route has the Redis client it expects. -- The intended public contract for this branch is versioned under `api-spec/v0/`, and the veteran disability route matches that contract while `/api/edu` remains a runtime-only scaffold. -- Error response bodies come from Fiber error handling and may be plain text. +- The route surface now matches the checked-in v0 contract for both public + verification operations, but the runtime still serves plain-text error bodies + instead of a versioned public error envelope. +- `GET /api-spec/v1/verify` is a runtime convenience route; the design-time + source of truth remains `api-spec/v0/openapi.yaml`. +- The current branch does not enforce the contract's documented OAuth 2.0 + security scheme in Fiber middleware. ## Assumptions - **High confidence:** This page is a runtime reference, not the public API contract reference. -- **Medium confidence:** `/api/edu` will be removed or reshaped as the runtime - converges on the published v0 contract. +- **High confidence:** `POST /api/v0/education-enrollments` and + `POST /api/v0/veteran-disability-ratings` are the current verification + endpoints exposed by the Go service. diff --git a/docs/architecture.md b/docs/architecture.md index cd17991..2e1f278 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -48,7 +48,7 @@ flowchart LR ## Interfaces and Abstractions - `pkg/education/service.go` - - `type EducationService interface { Submit(ctx context.Context, req Request) (Response, error) }` + - `type Service interface { LookupEnrollmentStatus(ctx context.Context, req Request) (Response, error) }` - `type HTTPTransport interface { Do(req *http.Request) (*http.Response, error) }` - `pkg/core/otel.go` - `type OtelService interface { SpanFromContext; LoggerProvider; Shutdown }` @@ -64,7 +64,7 @@ without route-layer rewrites. - `runServer` starts `app.Listen` in a goroutine and selects on server error or signal context cancellation. - graceful shutdown uses `app.ShutdownWithTimeout(5 * time.Second)`. - Request lifecycle: - - handlers create per-request contexts with timeout (`/health`: 2s, `/api/edu`: 5s, `/api/v0/veteran-disability-ratings`: 5s). + - handlers create per-request contexts with timeout (`/health`: 2s, `/api/v0/education-enrollments`: 30s, `/api/v0/veteran-disability-ratings`: 5s). - Circuit-breaker middleware: - breaker registry map guarded with `sync.RWMutex`. - lazy breaker initialization via double-check lock pattern. @@ -82,11 +82,13 @@ without route-layer rewrites. Ordered middleware in `api.New`: -1. Recover -2. CORS (`*` origin/headers/methods) -3. OpenTelemetry Fiber middleware -4. Structured request logging (trace/span/request IDs) -5. Conditional Cognito auth middleware +1. Request ID context propagation +2. Structured request logging (trace/span/request IDs) +3. Panic recovery +4. CORS (`*` origin/headers/methods) +5. OpenTelemetry Fiber middleware +6. `GET /health` registration +7. Conditional local skip-auth middleware when `SKIP_AUTH=true` ## Dependency Injection Pattern @@ -102,10 +104,9 @@ injects it. ## Technical Caveats (Current State) -- `/api/edu` handler builds a hardcoded request payload instead of binding user input. -- `/health` is registered before the auth middleware, so it remains a runtime-only unauthenticated health route. -- Current runtime routes are a mix of scaffold and contract-aligned paths: `GET /`, `GET /health`, `GET /api/edu`, and `POST /api/v0/veteran-disability-ratings`. -- `GET /api/edu` remains runtime scaffolding, while `POST /api/v0/veteran-disability-ratings` matches the checked-in v0 contract in `api-spec/v0/openapi.yaml`. +- `/health` is registered before the optional skip-auth middleware, so it does not depend on injected local identity. +- Current runtime routes are `GET /`, `GET /health`, `GET /api-spec/v1/verify`, `POST /api/v0/education-enrollments`, and `POST /api/v0/veteran-disability-ratings`. +- The public contract is maintained separately in `api-spec/v0/openapi.yaml`; runtime error bodies are still plain text from Fiber rather than a shared JSON error envelope. - Some tests require local Redis and fail when unavailable. ## Assumptions diff --git a/docs/audit/2026-04-15_09:02:39.md b/docs/audit/2026-04-15_09:02:39.md new file mode 100644 index 0000000..a621a8a --- /dev/null +++ b/docs/audit/2026-04-15_09:02:39.md @@ -0,0 +1,110 @@ +# Documentation Accuracy Review (as of April 15, 2026) + +## Section A: Executive Summary + +Score: `95/100` + +Risk statement: Primary runtime docs had drifted around live route shape, +auth wiring, setup envs, and several feature pages. This audit-and-fix pass +corrected the verified branch-local mismatches without changing Terraform +behavior or the public OpenAPI source contract. + +Gate: `PASS` + +Scope reviewed: repository root docs plus `docs/**/*.md`, with runtime code, +config, and tests treated as source of truth. + +## Section B: Severity-Ranked Findings + +| Severity | Doc location | Observed mismatch | Source-of-truth evidence on current branch | Recommended fix | +|---|---|---|---|---| +| `P1` | `docs/api.md`; `docs/overview.md`; `docs/architecture.md`; `docs/features/security/cognito-auth.md`; `docs/guides/02-authentication.md` | Runtime docs still described a removed `/api/edu` path and Cognito/JWKS validation, but the current branch registers `POST /api/v0/education-enrollments` and has no checked-in bearer-token validation middleware. | `api/routes/router.go:24`; `api/routes/router.go:45`; `api/routes/router.go:46`; `api/app.go:121`; `api/middleware/middleware.go:23`; `api/middleware/middleware.go:108` | Rewrite runtime and security docs to reflect the live route surface, the optional skip-auth identity injection, and the absence of current request-token enforcement. | +| `P2` | `docs/setup.md`; `docs/features/infrastructure/redis.md` | Setup docs listed unsupported Cognito config keys, understated the compose services, and missed the checked-in OTLP env-name mismatch; Redis feature docs still claimed a stale nil-Redis wiring caveat. | `pkg/core/config.go:15`; `pkg/core/config.go:93`; `.env.example:1`; `docker-compose.yml:1`; `docker-compose.yml:4`; `main.go:74`; `main.go:95`; `api/handlers/openapi_spec_handler.go:11` | Update setup and Redis docs to match current config keys, compose services, Redis injection, and the observed OTLP env mismatch. | +| `P2` | `docs/features/core/nsc-education.md` | The NSC feature page still claimed the handler built a hardcoded payload and lacked validation, but the current handler parses request JSON and validates required identity fields before lookup. | `api/handlers/education_handler.go:43`; `api/handlers/education_handler.go:50`; `api/handlers/education_handler.go:56`; `pkg/education/service.go:15` | Refresh the NSC feature page around the live request flow, current status codes, and remaining future work. | +| `P2` | `AGENTS.md`; `docs/research/auth-token-validation-strategy.md` | Root agent guidance and research notes overstated current contract and auth paths by pointing at stale artifact paths or presenting the old Cognito direction as current-state behavior. | `api-spec/v0/openapi.yaml:1`; `api-spec/v0/dist/openapi.bundled.json`; `api-spec/dist/v0/openapi.json`; `api/middleware/middleware.go:23`; `api/app.go:126` | Repair the observable contract paths in `AGENTS.md` and explicitly relabel the auth research note as historical rather than live runtime documentation. | + +No unresolved `P1` findings remain after this pass. + +## Section C: Update Backlog Checklist by Doc File + +- [x] `docs/api.md`: replace stale `/api/edu` and Cognito claims with the live + endpoint surface, runtime auth caveat, and current error semantics. +- [x] `docs/overview.md`: update system context, package summary, and request + flow to match the current branch. +- [x] `docs/architecture.md`: correct middleware order, route inventory, + timeout values, and runtime caveats. +- [x] `docs/setup.md`: align supported env vars, compose services, and OTLP env + caveat with checked-in config. +- [x] `docs/features/core/nsc-education.md`: update handler behavior and status + semantics. +- [x] `docs/features/security/cognito-auth.md`: replace nonexistent Cognito + verifier claims with current auth wiring. +- [x] `docs/features/README.md`: rename the security entry so the index matches + the repaired feature page. +- [x] `docs/features/infrastructure/redis.md`: remove the stale nil-Redis + injection caveat. +- [x] `docs/guides/01-getting-started.md`: fix the malformed email link. +- [x] `docs/guides/02-authentication.md`: add a contract-vs-runtime caveat. +- [x] `docs/research/auth-token-validation-strategy.md`: relabel the Cognito + note as historical research instead of current implementation guidance. +- [x] `AGENTS.md`: repair versioned OpenAPI entry-point and bundled-artifact + paths. + +## Section D: Hygiene Appendix + +Commands run: + +- `git status --short --branch` +- `git log --oneline -n 12` +- `sed -n '1,240p' main.go` +- `sed -n '1,220p' api/routes/router.go` +- `sed -n '1,220p' api/routes/status_router.go` +- `sed -n '1,220p' api/app.go` +- `sed -n '1,260p' pkg/core/config.go` +- `sed -n '1,240p' .env.example` +- `sed -n '1,260p' docker-compose.yml` +- `sed -n '1,220p' api/handlers/education_handler.go` +- `sed -n '1,240p' api/handlers/veteran_handler.go` +- `sed -n '1,260p' api/middleware/middleware.go` +- `sed -n '1,220p' pkg/education/service.go` +- `sed -n '1,220p' pkg/veteran/service.go` +- `sed -n '1,260p' api-spec/README.md` +- `sed -n '1,260p' api-spec/v0/openapi.yaml` +- `git ls-files -z | xargs -0 rg -n --hidden --no-ignore "(BEGIN (RSA|EC|OPENSSH|DSA) PRIVATE KEY|AKIA[0-9A-Z]{16}|ASIA[0-9A-Z]{16}|ghp_[A-Za-z0-9]{36}|xox[baprs]-[A-Za-z0-9-]+|aws_secret_access_key|AIza[0-9A-Za-z_-]{35})" || true` +- `node - <<'EOF' ... EOF` for relative Markdown link/path validation across `README.md`, `AGENTS.md`, `api-spec/README.md`, `schema/README.md`, and `docs/**/*.md` +- `pnpm exec markdownlint-cli2 "**/*.md" "**/*.MD" "#node_modules" "#.github"` + +Sensitive-file scan: + +- The regex scan found no committed private keys, access tokens, or live + credential material in the tracked documentation or config files reviewed for + this run. +- Existing `public.jwk` remains untouched and outside the edit set. + +Markdown validation: + +- Relative link/path validation passed after fixing the malformed contact link + in `docs/guides/01-getting-started.md`. +- `markdownlint-cli2` completed successfully with `0 error(s)`. + +Hygiene verdict: + +- `PASS` + +## Section E: Deferred Watchlist (Non-blocking) + +- If real bearer-token validation returns to the runtime, update: + - `docs/api.md` + - `docs/overview.md` + - `docs/architecture.md` + - `docs/features/security/cognito-auth.md` + - `docs/guides/01-getting-started.md` + - `docs/guides/02-authentication.md` + - `docs/research/auth-token-validation-strategy.md` +- If compose or app config is changed to use the same OTLP env key, update: + - `docs/setup.md` + - `docs/features/infrastructure/opentelemetry.md` +- If the public contract adopts a versioned non-2xx error envelope, update: + - `docs/api.md` + - `docs/features/core/nsc-education.md` + - `docs/features/core/edu-openapi-spec.md` diff --git a/docs/features/README.md b/docs/features/README.md index d19f278..5bfd40b 100644 --- a/docs/features/README.md +++ b/docs/features/README.md @@ -24,7 +24,7 @@ controls, and resilience patterns without scanning a single flat list. | Component | Purpose | Functionality | |---|---|---| -| [Cognito Auth](security/cognito-auth.md) | Document Cognito access-token validation middleware. | Covers token header/claims checks, local context propagation, and auth-related edge cases. | +| [Skip Auth Identity](security/cognito-auth.md) | Document the local identity shim used when auth is skipped. | Covers `SKIP_AUTH` behavior, override headers, local context propagation, and current limitations. | ## Resilience diff --git a/docs/features/core/nsc-education.md b/docs/features/core/nsc-education.md index 94f1644..56c7be8 100644 --- a/docs/features/core/nsc-education.md +++ b/docs/features/core/nsc-education.md @@ -60,11 +60,10 @@ if err != nil { ## Future Improvements -- Accept caller-provided request payload in HTTP handler. -- Add validation for required request fields before submit. - Introduce retry policy with bounded backoff for transient 5xx errors. - Add contract tests against NSC sandbox with fixtures. +- Decide whether the public error contract should move beyond the current plain-text Fiber error responses. ## Assumptions -- **Medium confidence:** Current handler payload is a scaffold for integration testing, not final business API behavior. +- **High confidence:** The current handler accepts caller JSON, validates `firstName`, `lastName`, and `dateOfBirth`, and then forwards the request through the NSC service abstraction. diff --git a/docs/features/infrastructure/redis.md b/docs/features/infrastructure/redis.md index d0bbedd..6f5662f 100644 --- a/docs/features/infrastructure/redis.md +++ b/docs/features/infrastructure/redis.md @@ -75,7 +75,7 @@ if err := redisotel.InstrumentMetrics(rdb); err != nil { ## Assumptions - **High confidence:** Redis is an operational dependency for current startup and status-check behavior. -- **High confidence:** There is an active wiring caveat on `main` where status route setup may receive nil Redis via `api.New` config path until Redis injection is corrected there. +- **High confidence:** `main.run` now injects the Redis client into `api.New`, and the same dependency is reused by the status route and circuit breaker wiring. --- @@ -95,4 +95,8 @@ if err := redisotel.InstrumentMetrics(rdb); err != nil { `redis-server` -- [ ] Replace with docker container option +Or run the repo's compose stack: + +```bash +docker compose up redis +``` diff --git a/docs/features/security/cognito-auth.md b/docs/features/security/cognito-auth.md index 08f79e6..30a294a 100644 --- a/docs/features/security/cognito-auth.md +++ b/docs/features/security/cognito-auth.md @@ -1,16 +1,18 @@ -# Feature: Cognito Auth +# Feature: Skip Auth Identity ## Feature Overview -Validates AWS Cognito access tokens for incoming requests when auth is enabled. +Injects a stable local identity into Fiber locals when `SKIP_AUTH=true`. ## Business Logic -- Read token from `x-amzn-oidc-accesstoken`. -- Load JWKS from Cognito issuer URL. -- Parse and validate JWT claims/signature. -- Enforce `client_id` match with configured app client. -- Add selected claims (`sub`, `username`, `scope`, `groups`) to Fiber locals. +- Read optional override headers: + - `x-skip-auth-sub` + - `x-skip-auth-username` + - `x-skip-auth-scope` + - `x-skip-auth-groups` +- Fall back to deterministic local defaults when headers are absent. +- Add `sub`, `username`, `scope`, and `groups` values to Fiber locals. ## Package Location @@ -19,45 +21,44 @@ Validates AWS Cognito access tokens for incoming requests when auth is enabled. ## Key Structs and Interfaces -- `CognitoConfig` -- `CognitoVerifier` -- `NewCognitoVerifier` -- `FiberMiddleware` +- `SkipAuthMiddleware` +- `parseGroups` ## Real Code Excerpt ```go -tok, err := jwt.Parse( - []byte(raw), - jwt.WithKeySet(keyset), - jwt.WithValidate(true), - jwt.WithIssuer(v.issuer), - jwt.WithClaimValue("token_use", "access"), -) -if err != nil { - return fiber.ErrUnauthorized +sub := c.Get(skipAuthHeaderSub) +if sub == "" { + sub = defaultSkipAuthSub } + +scope := c.Get(skipAuthHeaderScope) +if scope == "" { + scope = defaultSkipAuthScope +} + +c.Locals("sub", sub) +c.Locals("scope", scope) ``` ## Edge Cases Handled Today -- Missing token header returns `401`. -- JWKS retrieval failures return unauthorized error. -- Invalid or mismatched `client_id` returns `401`. -- Config validation blocks startup if required cognito settings are missing. +- Missing override headers fall back to stable defaults. +- Empty values in `x-skip-auth-groups` are trimmed out. +- Empty `x-skip-auth-username` falls back to the resolved `sub`. ## Performance and Operational Considerations -- JWKS uses `jwk.Cache` to avoid repeated key fetches. -- Request-time auth check includes a 5-second context timeout. -- Middleware is globally applied unless `SKIP_AUTH=true`. +- No network calls or token parsing happen in this middleware. +- Middleware is only added when `SKIP_AUTH=true`. +- This branch does not wire alternate request-auth middleware when `SKIP_AUTH=false`. ## Future Improvements -- Add explicit middleware unit/integration tests. -- Support configurable token header name for proxy variations. -- Improve unauthorized response detail for operator troubleshooting while preserving security posture. +- Add the production request-auth path back to the docs once it returns to the branch. +- Document how upstream infrastructure should enforce auth when `SKIP_AUTH=false`. +- Add an explicit feature page for the non-local auth path if it lands as a separate middleware implementation. ## Assumptions -- **High confidence:** Current claim checks are intentionally minimal and focused on access-token validity plus client binding. +- **High confidence:** This file now documents the only auth-related middleware behavior observable in the current branch. diff --git a/docs/guides/01-getting-started.md b/docs/guides/01-getting-started.md index 4fcbcd3..96ef8a8 100644 --- a/docs/guides/01-getting-started.md +++ b/docs/guides/01-getting-started.md @@ -13,7 +13,7 @@ You must be able to: | Requirement | Details | | --------------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Obtain Credentials | Reach out to [emmy@cms.hhs.gov](emmy@cms.hhs.gov), requesting a sandbox credential and working with the CMS emmy team to get onboarded and receive your client ID and secret via encrypted channel. | +| Obtain Credentials | Reach out to [emmy@cms.hhs.gov](mailto:emmy@cms.hhs.gov), requesting a sandbox credential and working with the CMS emmy team to get onboarded and receive your client ID and secret via encrypted channel. | | Access Emmy API Endpoints | The onboarding process will have provided you the endpoint URL. You must have outbound network/firewall access to this host. | | Make HTTP POST (REST) Calls | Your system (or testing tool) must be capable of making HTTP POST calls where you can supply specific headers in the request. | diff --git a/docs/guides/02-authentication.md b/docs/guides/02-authentication.md index b1df537..777bbf2 100644 --- a/docs/guides/02-authentication.md +++ b/docs/guides/02-authentication.md @@ -1,5 +1,10 @@ # Authenticating with the Emmy API +This guide reflects the checked-in v0 public contract. The current Go runtime +does not yet enforce bearer-token validation in Fiber middleware, so treat the +steps below as contract-first integration guidance rather than a statement about +present runtime enforcement. + ## OAuth 2.0 Client Credentials The v0 contract uses the `OAuth2ClientCredentials` security scheme. Clients diff --git a/docs/overview.md b/docs/overview.md index 4a81059..ce3ed5c 100644 --- a/docs/overview.md +++ b/docs/overview.md @@ -3,34 +3,40 @@ ## Purpose The Verification Service API provides a unified HTTP interface for eligibility -verification workflows, currently focused on a runtime education scaffold, a -Redis-backed health check, and the checked-in v0 veteran disability contract. +verification workflows, currently centered on Redis-backed health checks, a +versioned education enrollment endpoint, and a versioned veteran disability +endpoint. This service evolved from consent-based verification work and is intended to reduce manual burden during benefits eligibility evaluation. The intended public API contract for this branch is defined in `api-spec/v0/openapi.yaml` and the reusable schemas in `schema/v0/`. This page -describes the current repository and runtime shape, which still contains a mix -of contract-aligned routes and implementation scaffolding. +describes the current repository and runtime shape on the checked-out branch. ## System Context Runtime dependencies in current implementation: - Fiber (`github.com/gofiber/fiber/v2`) for HTTP server and routing. -- Redis (`github.com/redis/go-redis/v9`) for health checks and distributed circuit-breaker state. +- Redis (`github.com/redis/go-redis/v9`) for startup health checks and + distributed circuit-breaker state. - NSC endpoints (`NSC_TOKEN_URL`, `NSC_SUBMIT_URL`) for education verification. -- AWS Cognito JWKS/JWT validation for request authentication (when `SKIP_AUTH=false`). +- VA endpoints (`VA_TOKEN_URL`, `VA_BASE_URL`) for veteran verification. +- Optional local skip-auth identity injection when `SKIP_AUTH=true`. - OpenTelemetry OTLP exporter for tracing/metrics/log fanout. ## Key Packages -- `main`: process bootstrap, env/config load, OTel startup, Redis client init, route registration, graceful shutdown. +- `main`: process bootstrap, env/config load, OTel startup, Redis client init, + route registration, graceful shutdown. - `api`: Fiber app construction and shared middleware setup. -- `api/routes`: endpoint registration (`/`, `/health`, `/api/edu`, `/api/v0/veteran-disability-ratings`). -- `api/handlers`: HTTP handlers for Redis health, education scaffolding, and veteran verification. -- `api/middleware`: Cognito auth and circuit-breaker middleware. +- `api/routes`: endpoint registration (`/`, `/health`, `/api-spec/v1/verify`, + `/api/v0/education-enrollments`, `/api/v0/veteran-disability-ratings`). +- `api/handlers`: HTTP handlers for Redis health, education verification, + OpenAPI artifact serving, and veteran verification. +- `api/middleware`: skip-auth identity injection and circuit-breaker + middleware. - `pkg/core`: configuration, logger, OTel service abstractions/utilities. - `pkg/education`: NSC service abstraction and HTTP/OAuth submit flow. - `pkg/veteran`: VA service abstraction and JWT client-assertion flow. @@ -40,46 +46,50 @@ Runtime dependencies in current implementation: ## Design Principles (Observed) - Explicit startup configuration from environment via `core.NewConfigFromEnv()`. -- Interface-driven boundaries for integration points (`EducationService`, `HTTPTransport`, `OtelService`, `Breaker`). -- Middleware-first cross-cutting concerns (recovery, CORS, tracing, request logging, auth, circuit breaking). -- Operational defaults favoring availability in unknown breaker state (`FailOpen=true` by default). +- Interface-driven boundaries for provider integrations and shared services. +- Middleware-first cross-cutting concerns for request IDs, logging, recovery, + tracing, optional local identity injection, and breaker checks. +- Operational startup fails fast when Redis is unavailable. ## High-Level Request Flow ```mermaid flowchart TD A[Client] --> B[Fiber App] - B --> C[Recover + CORS + OTel + Slog middleware] - C --> D{SKIP_AUTH == false?} - D -->|Yes| E[Cognito JWT Verifier] - D -->|No| F[Route Handler] - E --> F - - F --> G{Circuit Breaker Allow?} - G -->|No| H[503 Service Unavailable] - - G -->|Yes: /health| I[Redis Ping] - I --> J[200 OK or Fiber Error] - - G -->|Yes: /api/edu| K[EducationService.Submit] - K --> L[OAuth2 client credentials token] - L --> M[NSC submit endpoint] - M --> N[JSON response] - - G -->|Yes: /api/v0/veteran-disability-ratings| V[VeteranService.LookupDisabilityRating] - V --> W[VA token exchange] - W --> X[VA disability endpoint] - X --> Y[JSON response] - - B -.-> O[OpenTelemetry exporter] - I -.-> O - K -.-> O - V -.-> O + B --> C[Request ID + slog + recover + CORS + OTel] + C --> D{SKIP_AUTH == true?} + D -->|Yes| E[Inject local identity locals] + D -->|No| F[Continue without additional auth middleware] + E --> G[Route Handler] + F --> G + + G --> H{Circuit Breaker Allow?} + H -->|No| I[503 Service Unavailable] + + H -->|Yes: /health| J[Redis Ping] + J --> K[200 OK or handler error] + + H -->|Yes: /api/v0/education-enrollments| L[EducationHandler] + L --> M[EducationService.LookupEnrollmentStatus] + M --> N[NSC OAuth token] + N --> O[NSC submit endpoint] + O --> P[JSON response] + + H -->|Yes: /api/v0/veteran-disability-ratings| Q[VeteranDisabilityHandler] + Q --> R[VeteranService.LookupDisabilityRating] + R --> S[VA token exchange] + S --> T[VA disability endpoint] + T --> U[JSON response] + + B -.-> V[OpenTelemetry exporter] + J -.-> V + M -.-> V + R -.-> V ``` -Current wiring caveat on `main`: `api.New` now receives a Redis client from -`main`, so `/health` can use the same Redis dependency that powers the breaker -and health checks. +`main` injects the same Redis client into `api.New` and `routes.RegisterRoutes`, +so startup health checks, `/health`, and breaker state share a single runtime +dependency. ## Documentation Map @@ -104,9 +114,8 @@ Initial requirements referenced `/docs/planing`; this repo standardizes on - **High confidence:** Redis is the only persistent/shared runtime store currently used by this service. -- **High confidence:** `/api/edu` is presently implementation scaffolding and - should not be treated as the public contract for this branch. -- **High confidence:** `POST /api/v0/veteran-disability-ratings` is the current - checked-in v0 contract path for veteran verification. -- **Medium confidence:** Additional verification domains beyond the current - runtime routes may be introduced in future versions. +- **High confidence:** The branch exposes both checked-in v0 verification + routes at `POST /api/v0/education-enrollments` and + `POST /api/v0/veteran-disability-ratings`. +- **High confidence:** `SKIP_AUTH` currently controls local identity injection, + not a real bearer-token verifier toggle. diff --git a/docs/research/auth-token-validation-strategy.md b/docs/research/auth-token-validation-strategy.md index c6c38b1..a388f50 100644 --- a/docs/research/auth-token-validation-strategy.md +++ b/docs/research/auth-token-validation-strategy.md @@ -2,11 +2,13 @@ ## Problem Statement -The API requires request authentication that can validate Cognito-issued access tokens efficiently and securely. +This note captures an earlier Cognito/JWKS direction that is not currently +implemented on this branch. Keep it as historical research rather than current +runtime documentation. ## Alternatives Considered -- Offline JWT validation using Cognito JWKS (current). +- Offline JWT validation using Cognito JWKS (previously explored). - Token introspection against upstream auth server. - API gateway-only auth with no in-app verification. @@ -24,7 +26,9 @@ The API requires request authentication that can validate Cognito-issued access ## Why Current Approach Was Selected (Inferred) -The middleware design and `jwk.Cache` usage imply preference for low-latency local validation with explicit issuer/client claim checks. +Earlier middleware design appears to have preferred low-latency local +validation with explicit issuer/client claim checks, but that implementation is +not present in the current branch. ## Benchmarks / Status @@ -35,8 +39,10 @@ The middleware design and `jwk.Cache` usage imply preference for low-latency loc - `api/middleware/middleware.go` - `api/app.go` -- Dependencies: `github.com/lestrrat-go/jwx/v2` +- Review git history if you need the prior Cognito-specific implementation details. ## Assumptions -- **Medium confidence:** Upstream architecture expects service-level auth enforcement even when requests may already pass through trusted infrastructure. +- **Medium confidence:** A production auth layer still exists outside the + currently committed skip-auth middleware, but this repository snapshot does + not document it in runnable code. diff --git a/docs/setup.md b/docs/setup.md index e345c32..46a3383 100644 --- a/docs/setup.md +++ b/docs/setup.md @@ -4,7 +4,7 @@ - Go `1.25.x` (`go.mod` sets `go 1.25`). - Docker and Docker Compose for containerized local workflows. The committed - compose file currently provides API and observability services only. + compose file provides API, Redis, and observability services. - Local Redis at `localhost:6379` for runtime health checks and several tests. ## Environment Variables @@ -15,14 +15,14 @@ |---|---|---| | Service | `ENVIRONMENT`, `PORT`, `SKIP_AUTH` | `development`, `3000`, `false` | | OTel | `OTEL_DISABLE`, `OTEL_OTLP_EXPORTER_ENDPOINT`, `OTEL_OTLP_EXPORTER_INSECURE` | `true`, `localhost:4317`, `false` | -| Cognito | `COGNITO_REGION`, `COGNITO_USER_POOL_ID`, `COGNITO_APP_CLIENT_ID` | `us-east-1`, `UNSET`, `UNSET` | | Redis | `REDIS_ADDR`, `REDIS_PASSWORD`, `REDIS_DB`, `REDIS_USE_TLS`, `REDIS_INSECURE_SKIP_VERIFY` | `localhost:6379`, empty, `0`, `true`, `false` | | NSC | `NSC_SUBMIT_URL`, `NSC_TOKEN_URL`, `NSC_CLIENT_SECRET`, `NSC_CLIENT_ID`, `NSC_ACCOUNT_ID` | empty | | VA | `VA_BASE_URL`, `VA_TOKEN_URL`, `VA_CLIENT_ID`, `VA_AUD`, `VA_PRIVATE_KEY_PATH`, `VA_TIMEOUT_SECONDS` | empty, empty, empty, empty, empty, `5` | - The table above reflects code defaults from `pkg/core/config.go`. -- `.env.example` overrides the local example port to `PORT=8000` and includes - placeholders for VA veteran-verification credentials. +- `.env.example` is a partial local-development example, not a complete list of + all supported configuration keys. +- `.env.example` sets `PORT=8000` and `SKIP_AUTH=true` for local development. - VA authentication uses a signed JWT client assertion, so the configured private key path must point to a readable RSA PEM file on disk. - Populate the VA values before exercising @@ -30,28 +30,28 @@ ## Local Run -### 1) Configure env +### 1. Configure env Create `.env.local` and/or `.env` from `.env.example`. Adjust variables to your preferred values. For local Redis started via `docker compose` or `redis-server`, set `REDIS_USE_TLS=false`. The code default is `true`, which is appropriate for -TLS-enabled deployments but will cause local startup to hang or fail against -the plain `redis:7` container in this repo's compose stack. +TLS-enabled deployments but will cause local startup to fail against the plain +`redis:7` container in this repo's compose stack. -### 2) Run service directly +### 2. Run service directly ```bash go run . ``` -### 3) Run with live reload (Air) +### 3. Run with live reload (Air) Air is a development watcher that rebuilds and restarts the app when Go files change, so you can iterate without re-running `go run .` manually. -Install Air (Go toolchain install): +Install Air: ```bash go install github.com/air-verse/air@latest @@ -74,7 +74,7 @@ go build -o ./tmp/main -ldflags "-X github.com/cmsgov/emmy-api/pkg/core.ServiceV ## Docker Workflows -### App + Observability stack +### App + Redis + observability stack ```bash docker compose up --build @@ -88,11 +88,13 @@ Services: - Jaeger UI (`:16686`) - Prometheus (`:9090`) -The API container is configured with `REDIS_ADDR=redis:6379`, so the compose -stack now includes the Redis dependency needed for local startup and -circuit-breaker/status behavior. -It also sets `REDIS_USE_TLS=false` because the local Redis container does not -serve TLS. +The compose file configures the API container with `REDIS_ADDR=redis:6379` and +`REDIS_USE_TLS=false`. + +Compose currently sets `OTEL_EXPORTER_OTLP_ENDPOINT`, but the application reads +`OTEL_OTLP_EXPORTER_ENDPOINT`. As checked in today, the collector endpoint is +not wired into app config by compose alone unless you also provide the +app-specific variable name. ## Build @@ -123,19 +125,20 @@ go test ./... - Without Redis, Redis-dependent tests fail with connection refused/timeouts. - `pkg/core/TestLoadEnv` currently expects a non-nil error even when - `LoadEnv()` may return `nil`; behavior appears logically inconsistent with the - assertion message. + `LoadEnv()` may return `nil`; the assertion wording and the runtime behavior + do not currently line up cleanly. ## Telemetry Notes -- OTel service is enabled unless `OTEL_DISABLE=true`. +- OTel service is disabled by default because `OTEL_DISABLE=true`. - OTel collector config: `otel-collector-config.yml`. - Prometheus scrape config: `prometheus.yml`. -- Logger fanout can include OTEL log bridge via `core.NewLoggerWithOtel`. +- Logger fanout can include the OTel log bridge via `core.NewLoggerWithOtel`. ## Assumptions - **High confidence:** Local Redis is mandatory for meaningful integration testing in this repo's current state. -- **Medium confidence:** CI test behavior may differ if CI provisions Redis - implicitly. +- **High confidence:** Compose is intended for local observability, but the OTLP + endpoint env wiring still needs manual alignment if you want app exports to + reach the collector.