🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

@pidgr/proto

Package Overview
Dependencies
Maintainers
1
Versions
60
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@pidgr/proto - npm Package Compare versions

Comparing version
0.73.0
to
0.74.0
+173
pidgr/v1/integrations_pb.ts
// @generated by protoc-gen-es v2.12.0 with parameter "target=ts"
// @generated from file pidgr/v1/integrations.proto (package pidgr.v1, syntax proto3)
/* eslint-disable */
import type { GenEnum, GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2";
import { enumDesc, fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv2";
import type { Timestamp } from "@bufbuild/protobuf/wkt";
import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
import type { ChannelName } from "./channel_events_pb";
import { file_pidgr_v1_channel_events } from "./channel_events_pb";
import type { Message } from "@bufbuild/protobuf";
/**
* Describes the file pidgr/v1/integrations.proto.
*/
export const file_pidgr_v1_integrations: GenFile = /*@__PURE__*/
fileDesc("ChtwaWRnci92MS9pbnRlZ3JhdGlvbnMucHJvdG8SCHBpZGdyLnYxIvkBCgxSZWFjaGFiaWxpdHkSCgoCaWQYASABKAkSDgoGb3JnX2lkGAIgASgJEg8KB3VzZXJfaWQYAyABKAkSJgoHY2hhbm5lbBgEIAEoDjIVLnBpZGdyLnYxLkNoYW5uZWxOYW1lEi4KCmNyZWF0ZWRfYXQYBSABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEi4KCnVwZGF0ZWRfYXQYBiABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEh4KEXJlZ2lvbl9jb25zdHJhaW50GAcgASgJSACIAQFCFAoSX3JlZ2lvbl9jb25zdHJhaW50Io8BCgxSZWdpb25Qb2xpY3kSDgoGb3JnX2lkGAEgASgJEiYKB2NoYW5uZWwYAiABKA4yFS5waWRnci52MS5DaGFubmVsTmFtZRIXCg9hbGxvd2VkX3JlZ2lvbnMYAyADKAkSLgoKdXBkYXRlZF9hdBgEIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXAqhAEKDkRpc3BhdGNoU3RhdHVzEh8KG0RJU1BBVENIX1NUQVRVU19VTlNQRUNJRklFRBAAEhgKFERJU1BBVENIX1NUQVRVU19TRU5UEAESGgoWRElTUEFUQ0hfU1RBVFVTX0ZBSUxFRBACEhsKF0RJU1BBVENIX1NUQVRVU19ERURVUEVEEANCNlo0Z2l0aHViLmNvbS9waWRnci9waWRnci1wcm90by9nZW4vZ28vcGlkZ3IvdjE7cGlkZ3J2MWIGcHJvdG8z", [file_google_protobuf_timestamp, file_pidgr_v1_channel_events]);
/**
* A single reachability registry row, returned by `GetReachability` and
* `ListReachabilityForUser`. The plaintext identifier and envelope ciphertext
* are NEVER returned over the wire — only metadata. The dispatch worker reads
* the plaintext directly from the database and decrypts via KMS.
*
* @generated from message pidgr.v1.Reachability
*/
export type Reachability = Message<"pidgr.v1.Reachability"> & {
/**
* Server-assigned row identifier (UUID).
*
* @generated from field: string id = 1;
*/
id: string;
/**
* Organization that owns this reachability entry.
*
* @generated from field: string org_id = 2;
*/
orgId: string;
/**
* User this reachability entry is for.
*
* @generated from field: string user_id = 3;
*/
userId: string;
/**
* Channel for which this entry stores a contact identifier.
*
* @generated from field: pidgr.v1.ChannelName channel = 4;
*/
channel: ChannelName;
/**
* When the row was first written.
*
* @generated from field: google.protobuf.Timestamp created_at = 5;
*/
createdAt?: Timestamp | undefined;
/**
* When the row was last upserted.
*
* @generated from field: google.protobuf.Timestamp updated_at = 6;
*/
updatedAt?: Timestamp | undefined;
/**
* Optional AWS region identifier (e.g. "eu-west-1") this user's data must
* remain in for GDPR/residency reasons. Unset means "no constraint."
* Enforcement happens at dispatch time, not write time.
*
* @generated from field: optional string region_constraint = 7;
*/
regionConstraint?: string | undefined;
};
/**
* Describes the message pidgr.v1.Reachability.
* Use `create(ReachabilitySchema)` to create a new message.
*/
export const ReachabilitySchema: GenMessage<Reachability> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations, 0);
/**
* Per-(org, channel) region allowlist used by the dispatch worker to enforce
* data-residency policy. An empty `allowed_regions` list means "no policy
* configured" — NOT "no regions allowed."
*
* @generated from message pidgr.v1.RegionPolicy
*/
export type RegionPolicy = Message<"pidgr.v1.RegionPolicy"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 2;
*/
channel: ChannelName;
/**
* AWS region identifiers (e.g. "eu-west-1", "us-east-1"). Empty list ==
* "no policy configured" — the dispatch worker SHALL NOT block on empty.
*
* @generated from field: repeated string allowed_regions = 3;
*/
allowedRegions: string[];
/**
* @generated from field: google.protobuf.Timestamp updated_at = 4;
*/
updatedAt?: Timestamp | undefined;
};
/**
* Describes the message pidgr.v1.RegionPolicy.
* Use `create(RegionPolicySchema)` to create a new message.
*/
export const RegionPolicySchema: GenMessage<RegionPolicy> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations, 1);
/**
* Terminal status of a single dispatch attempt as returned by the worker-mode
* `DispatchToChannel` RPC. Distinct from the richer `ChannelEventStatus` in
* `channel_events.proto`, which models the audit-trail row for every state
* transition (SENT → DELIVERED → OPENED → …). DispatchStatus is the immediate
* outcome of one worker call.
*
* @generated from enum pidgr.v1.DispatchStatus
*/
export enum DispatchStatus {
/**
* Default value; should not be used explicitly.
*
* @generated from enum value: DISPATCH_STATUS_UNSPECIFIED = 0;
*/
UNSPECIFIED = 0,
/**
* The adapter accepted the message for delivery (provider returned success).
*
* @generated from enum value: DISPATCH_STATUS_SENT = 1;
*/
SENT = 1,
/**
* The adapter returned a terminal error (e.g. recipient blocked, domain not
* verified). Retries SHALL NOT be attempted; consult `failure_reason`.
*
* @generated from enum value: DISPATCH_STATUS_FAILED = 2;
*/
FAILED = 2,
/**
* An existing `(dispatch_id, SENT)` row was found by the idempotency guard
* before the adapter was called; the prior receipt was returned without a
* second provider call.
*
* @generated from enum value: DISPATCH_STATUS_DEDUPED = 3;
*/
DEDUPED = 3,
}
/**
* Describes the enum pidgr.v1.DispatchStatus.
*/
export const DispatchStatusSchema: GenEnum<DispatchStatus> = /*@__PURE__*/
enumDesc(file_pidgr_v1_integrations, 0);
// @generated by protoc-gen-es v2.12.0 with parameter "target=ts"
// @generated from file pidgr/v1/integrations_service.proto (package pidgr.v1, syntax proto3)
/* eslint-disable */
import type { GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
import type { ChannelName } from "./channel_events_pb";
import { file_pidgr_v1_channel_events } from "./channel_events_pb";
import type { DispatchStatus, Reachability, RegionPolicy } from "./integrations_pb";
import { file_pidgr_v1_integrations } from "./integrations_pb";
import type { Message } from "@bufbuild/protobuf";
/**
* Describes the file pidgr/v1/integrations_service.proto.
*/
export const file_pidgr_v1_integrations_service: GenFile = /*@__PURE__*/
fileDesc("CiNwaWRnci92MS9pbnRlZ3JhdGlvbnNfc2VydmljZS5wcm90bxIIcGlkZ3IudjEi1QIKGERpc3BhdGNoVG9DaGFubmVsUmVxdWVzdBITCgtkaXNwYXRjaF9pZBgBIAEoCRIOCgZvcmdfaWQYAiABKAkSDwoHdXNlcl9pZBgDIAEoCRImCgdjaGFubmVsGAQgASgOMhUucGlkZ3IudjEuQ2hhbm5lbE5hbWUSEwoLdGVtcGxhdGVfaWQYBSABKAkSSwoNdGVtcGxhdGVfdmFycxgGIAMoCzI0LnBpZGdyLnYxLkRpc3BhdGNoVG9DaGFubmVsUmVxdWVzdC5UZW1wbGF0ZVZhcnNFbnRyeRIOCgZsb2NhbGUYByABKAkSHgoRcmVnaW9uX2NvbnN0cmFpbnQYCCABKAlIAIgBARozChFUZW1wbGF0ZVZhcnNFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBQhQKEl9yZWdpb25fY29uc3RyYWludCKKAQoZRGlzcGF0Y2hUb0NoYW5uZWxSZXNwb25zZRITCgtkaXNwYXRjaF9pZBgBIAEoCRIoCgZzdGF0dXMYAiABKA4yGC5waWRnci52MS5EaXNwYXRjaFN0YXR1cxIbCg5mYWlsdXJlX3JlYXNvbhgDIAEoCUgAiAEBQhEKD19mYWlsdXJlX3JlYXNvbiK4AQoZVXBzZXJ0UmVhY2hhYmlsaXR5UmVxdWVzdBIOCgZvcmdfaWQYASABKAkSDwoHdXNlcl9pZBgCIAEoCRImCgdjaGFubmVsGAMgASgOMhUucGlkZ3IudjEuQ2hhbm5lbE5hbWUSHAoUaWRlbnRpZmllcl9wbGFpbnRleHQYBCABKAkSHgoRcmVnaW9uX2NvbnN0cmFpbnQYBSABKAlIAIgBAUIUChJfcmVnaW9uX2NvbnN0cmFpbnQiSgoaVXBzZXJ0UmVhY2hhYmlsaXR5UmVzcG9uc2USLAoMcmVhY2hhYmlsaXR5GAEgASgLMhYucGlkZ3IudjEuUmVhY2hhYmlsaXR5ImQKGVJlbW92ZVJlYWNoYWJpbGl0eVJlcXVlc3QSDgoGb3JnX2lkGAEgASgJEg8KB3VzZXJfaWQYAiABKAkSJgoHY2hhbm5lbBgDIAEoDjIVLnBpZGdyLnYxLkNoYW5uZWxOYW1lIi0KGlJlbW92ZVJlYWNoYWJpbGl0eVJlc3BvbnNlEg8KB3JlbW92ZWQYASABKAgiYQoWR2V0UmVhY2hhYmlsaXR5UmVxdWVzdBIOCgZvcmdfaWQYASABKAkSDwoHdXNlcl9pZBgCIAEoCRImCgdjaGFubmVsGAMgASgOMhUucGlkZ3IudjEuQ2hhbm5lbE5hbWUiRwoXR2V0UmVhY2hhYmlsaXR5UmVzcG9uc2USLAoMcmVhY2hhYmlsaXR5GAEgASgLMhYucGlkZ3IudjEuUmVhY2hhYmlsaXR5IkEKHkxpc3RSZWFjaGFiaWxpdHlGb3JVc2VyUmVxdWVzdBIOCgZvcmdfaWQYASABKAkSDwoHdXNlcl9pZBgCIAEoCSJRCh9MaXN0UmVhY2hhYmlsaXR5Rm9yVXNlclJlc3BvbnNlEi4KDnJlYWNoYWJpbGl0aWVzGAEgAygLMhYucGlkZ3IudjEuUmVhY2hhYmlsaXR5IlAKFkdldFJlZ2lvblBvbGljeVJlcXVlc3QSDgoGb3JnX2lkGAEgASgJEiYKB2NoYW5uZWwYAiABKA4yFS5waWRnci52MS5DaGFubmVsTmFtZSJBChdHZXRSZWdpb25Qb2xpY3lSZXNwb25zZRImCgZwb2xpY3kYASABKAsyFi5waWRnci52MS5SZWdpb25Qb2xpY3kiaQoWU2V0UmVnaW9uUG9saWN5UmVxdWVzdBIOCgZvcmdfaWQYASABKAkSJgoHY2hhbm5lbBgCIAEoDjIVLnBpZGdyLnYxLkNoYW5uZWxOYW1lEhcKD2FsbG93ZWRfcmVnaW9ucxgDIAMoCSJBChdTZXRSZWdpb25Qb2xpY3lSZXNwb25zZRImCgZwb2xpY3kYASABKAsyFi5waWRnci52MS5SZWdpb25Qb2xpY3kiUQoXR2V0Q29zdENhcFBvbGljeVJlcXVlc3QSDgoGb3JnX2lkGAEgASgJEiYKB2NoYW5uZWwYAiABKA4yFS5waWRnci52MS5DaGFubmVsTmFtZSKSAQoYR2V0Q29zdENhcFBvbGljeVJlc3BvbnNlEg4KBm9yZ19pZBgBIAEoCRImCgdjaGFubmVsGAIgASgOMhUucGlkZ3IudjEuQ2hhbm5lbE5hbWUSEgoKY2FwX21pY3JvcxgDIAEoAxITCgt1c2VkX21pY3JvcxgEIAEoAxIVCg1wZXJpb2RfeXl5eW1tGAUgASgFImUKF1NldENvc3RDYXBQb2xpY3lSZXF1ZXN0Eg4KBm9yZ19pZBgBIAEoCRImCgdjaGFubmVsGAIgASgOMhUucGlkZ3IudjEuQ2hhbm5lbE5hbWUSEgoKY2FwX21pY3JvcxgDIAEoAyKSAQoYU2V0Q29zdENhcFBvbGljeVJlc3BvbnNlEg4KBm9yZ19pZBgBIAEoCRImCgdjaGFubmVsGAIgASgOMhUucGlkZ3IudjEuQ2hhbm5lbE5hbWUSEgoKY2FwX21pY3JvcxgDIAEoAxITCgt1c2VkX21pY3JvcxgEIAEoAxIVCg1wZXJpb2RfeXl5eW1tGAUgASgFMuMGChNJbnRlZ3JhdGlvbnNTZXJ2aWNlElwKEURpc3BhdGNoVG9DaGFubmVsEiIucGlkZ3IudjEuRGlzcGF0Y2hUb0NoYW5uZWxSZXF1ZXN0GiMucGlkZ3IudjEuRGlzcGF0Y2hUb0NoYW5uZWxSZXNwb25zZRJfChJVcHNlcnRSZWFjaGFiaWxpdHkSIy5waWRnci52MS5VcHNlcnRSZWFjaGFiaWxpdHlSZXF1ZXN0GiQucGlkZ3IudjEuVXBzZXJ0UmVhY2hhYmlsaXR5UmVzcG9uc2USXwoSUmVtb3ZlUmVhY2hhYmlsaXR5EiMucGlkZ3IudjEuUmVtb3ZlUmVhY2hhYmlsaXR5UmVxdWVzdBokLnBpZGdyLnYxLlJlbW92ZVJlYWNoYWJpbGl0eVJlc3BvbnNlElYKD0dldFJlYWNoYWJpbGl0eRIgLnBpZGdyLnYxLkdldFJlYWNoYWJpbGl0eVJlcXVlc3QaIS5waWRnci52MS5HZXRSZWFjaGFiaWxpdHlSZXNwb25zZRJuChdMaXN0UmVhY2hhYmlsaXR5Rm9yVXNlchIoLnBpZGdyLnYxLkxpc3RSZWFjaGFiaWxpdHlGb3JVc2VyUmVxdWVzdBopLnBpZGdyLnYxLkxpc3RSZWFjaGFiaWxpdHlGb3JVc2VyUmVzcG9uc2USVgoPR2V0UmVnaW9uUG9saWN5EiAucGlkZ3IudjEuR2V0UmVnaW9uUG9saWN5UmVxdWVzdBohLnBpZGdyLnYxLkdldFJlZ2lvblBvbGljeVJlc3BvbnNlElYKD1NldFJlZ2lvblBvbGljeRIgLnBpZGdyLnYxLlNldFJlZ2lvblBvbGljeVJlcXVlc3QaIS5waWRnci52MS5TZXRSZWdpb25Qb2xpY3lSZXNwb25zZRJZChBHZXRDb3N0Q2FwUG9saWN5EiEucGlkZ3IudjEuR2V0Q29zdENhcFBvbGljeVJlcXVlc3QaIi5waWRnci52MS5HZXRDb3N0Q2FwUG9saWN5UmVzcG9uc2USWQoQU2V0Q29zdENhcFBvbGljeRIhLnBpZGdyLnYxLlNldENvc3RDYXBQb2xpY3lSZXF1ZXN0GiIucGlkZ3IudjEuU2V0Q29zdENhcFBvbGljeVJlc3BvbnNlQjZaNGdpdGh1Yi5jb20vcGlkZ3IvcGlkZ3ItcHJvdG8vZ2VuL2dvL3BpZGdyL3YxO3BpZGdydjFiBnByb3RvMw", [file_pidgr_v1_channel_events, file_pidgr_v1_integrations]);
/**
* Worker-mode entry point invoked by the Temporal worker for one recipient.
* Idempotent on `dispatch_id`: if a `(dispatch_id, SENT)` row already exists
* in `channel_dispatches`, the worker SHALL return DISPATCH_STATUS_DEDUPED
* without re-invoking the channel adapter.
*
* @generated from message pidgr.v1.DispatchToChannelRequest
*/
export type DispatchToChannelRequest = Message<"pidgr.v1.DispatchToChannelRequest"> & {
/**
* Idempotency key. Must be stable across retries from pidgr-api side.
*
* @generated from field: string dispatch_id = 1;
*/
dispatchId: string;
/**
* @generated from field: string org_id = 2;
*/
orgId: string;
/**
* @generated from field: string user_id = 3;
*/
userId: string;
/**
* Which channel adapter to invoke (EMAIL is the Wave 1 implementation).
*
* @generated from field: pidgr.v1.ChannelName channel = 4;
*/
channel: ChannelName;
/**
* Template to render before dispatch.
*
* @generated from field: string template_id = 5;
*/
templateId: string;
/**
* Per-recipient template variables.
*
* @generated from field: map<string, string> template_vars = 6;
*/
templateVars: { [key: string]: string };
/**
* BCP-47 locale used to select the template translation.
*
* @generated from field: string locale = 7;
*/
locale: string;
/**
* Optional AWS region the worker MUST dispatch from (typically copied from
* the recipient's reachability row). Unset means "no constraint."
*
* @generated from field: optional string region_constraint = 8;
*/
regionConstraint?: string | undefined;
};
/**
* Describes the message pidgr.v1.DispatchToChannelRequest.
* Use `create(DispatchToChannelRequestSchema)` to create a new message.
*/
export const DispatchToChannelRequestSchema: GenMessage<DispatchToChannelRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 0);
/**
* @generated from message pidgr.v1.DispatchToChannelResponse
*/
export type DispatchToChannelResponse = Message<"pidgr.v1.DispatchToChannelResponse"> & {
/**
* Echoes back the request's `dispatch_id`.
*
* @generated from field: string dispatch_id = 1;
*/
dispatchId: string;
/**
* Terminal outcome of this call.
*
* @generated from field: pidgr.v1.DispatchStatus status = 2;
*/
status: DispatchStatus;
/**
* Human-readable failure reason; set only when `status` is
* DISPATCH_STATUS_FAILED.
*
* @generated from field: optional string failure_reason = 3;
*/
failureReason?: string | undefined;
};
/**
* Describes the message pidgr.v1.DispatchToChannelResponse.
* Use `create(DispatchToChannelResponseSchema)` to create a new message.
*/
export const DispatchToChannelResponseSchema: GenMessage<DispatchToChannelResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 1);
/**
* Records a recipient identifier for a (user, channel) tuple. The plaintext
* identifier is column-level KMS-encrypted on insert and never logged or
* returned. The server computes the org-scoped HMAC lookup hash so opt-out
* webhooks can find the row without decrypt.
*
* @generated from message pidgr.v1.UpsertReachabilityRequest
*/
export type UpsertReachabilityRequest = Message<"pidgr.v1.UpsertReachabilityRequest"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: string user_id = 2;
*/
userId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 3;
*/
channel: ChannelName;
/**
* The plaintext identifier (email address, phone number, Slack user ID,
* Telegram chat ID, etc.). Encrypted at rest server-side. Servers MUST NOT
* log this field. Clients SHOULD treat this message as sensitive.
*
* @generated from field: string identifier_plaintext = 4;
*/
identifierPlaintext: string;
/**
* Optional AWS region this user's data must remain in (e.g. "eu-west-1").
* Recorded but NOT enforced at write time; enforcement is at dispatch.
*
* @generated from field: optional string region_constraint = 5;
*/
regionConstraint?: string | undefined;
};
/**
* Describes the message pidgr.v1.UpsertReachabilityRequest.
* Use `create(UpsertReachabilityRequestSchema)` to create a new message.
*/
export const UpsertReachabilityRequestSchema: GenMessage<UpsertReachabilityRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 2);
/**
* @generated from message pidgr.v1.UpsertReachabilityResponse
*/
export type UpsertReachabilityResponse = Message<"pidgr.v1.UpsertReachabilityResponse"> & {
/**
* The metadata for the upserted row. Plaintext identifier and envelope
* ciphertext are intentionally absent.
*
* @generated from field: pidgr.v1.Reachability reachability = 1;
*/
reachability?: Reachability | undefined;
};
/**
* Describes the message pidgr.v1.UpsertReachabilityResponse.
* Use `create(UpsertReachabilityResponseSchema)` to create a new message.
*/
export const UpsertReachabilityResponseSchema: GenMessage<UpsertReachabilityResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 3);
/**
* Idempotent removal. GDPR Recital 30 audit row is appended via internal-mTLS
* BEFORE the registry row is deleted (see AuditService.Append). If no row
* existed, `removed = false` and no audit row is emitted.
*
* @generated from message pidgr.v1.RemoveReachabilityRequest
*/
export type RemoveReachabilityRequest = Message<"pidgr.v1.RemoveReachabilityRequest"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: string user_id = 2;
*/
userId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 3;
*/
channel: ChannelName;
};
/**
* Describes the message pidgr.v1.RemoveReachabilityRequest.
* Use `create(RemoveReachabilityRequestSchema)` to create a new message.
*/
export const RemoveReachabilityRequestSchema: GenMessage<RemoveReachabilityRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 4);
/**
* @generated from message pidgr.v1.RemoveReachabilityResponse
*/
export type RemoveReachabilityResponse = Message<"pidgr.v1.RemoveReachabilityResponse"> & {
/**
* True if a row was deleted. False if no row existed for the tuple
* (idempotent success).
*
* @generated from field: bool removed = 1;
*/
removed: boolean;
};
/**
* Describes the message pidgr.v1.RemoveReachabilityResponse.
* Use `create(RemoveReachabilityResponseSchema)` to create a new message.
*/
export const RemoveReachabilityResponseSchema: GenMessage<RemoveReachabilityResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 5);
/**
* Returns the reachability metadata for a single (user, channel) tuple.
* Returns NOT_FOUND if no row exists.
*
* @generated from message pidgr.v1.GetReachabilityRequest
*/
export type GetReachabilityRequest = Message<"pidgr.v1.GetReachabilityRequest"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: string user_id = 2;
*/
userId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 3;
*/
channel: ChannelName;
};
/**
* Describes the message pidgr.v1.GetReachabilityRequest.
* Use `create(GetReachabilityRequestSchema)` to create a new message.
*/
export const GetReachabilityRequestSchema: GenMessage<GetReachabilityRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 6);
/**
* @generated from message pidgr.v1.GetReachabilityResponse
*/
export type GetReachabilityResponse = Message<"pidgr.v1.GetReachabilityResponse"> & {
/**
* Plaintext identifier and envelope ciphertext are intentionally absent.
*
* @generated from field: pidgr.v1.Reachability reachability = 1;
*/
reachability?: Reachability | undefined;
};
/**
* Describes the message pidgr.v1.GetReachabilityResponse.
* Use `create(GetReachabilityResponseSchema)` to create a new message.
*/
export const GetReachabilityResponseSchema: GenMessage<GetReachabilityResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 7);
/**
* Returns one Reachability entry per channel configured for a (org, user)
* pair. Used by the admin-side per-user matrix view. Plaintext identifiers
* and envelope ciphertext are intentionally absent — the admin UI only needs
* to know which channels are configured.
*
* @generated from message pidgr.v1.ListReachabilityForUserRequest
*/
export type ListReachabilityForUserRequest = Message<"pidgr.v1.ListReachabilityForUserRequest"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: string user_id = 2;
*/
userId: string;
};
/**
* Describes the message pidgr.v1.ListReachabilityForUserRequest.
* Use `create(ListReachabilityForUserRequestSchema)` to create a new message.
*/
export const ListReachabilityForUserRequestSchema: GenMessage<ListReachabilityForUserRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 8);
/**
* @generated from message pidgr.v1.ListReachabilityForUserResponse
*/
export type ListReachabilityForUserResponse = Message<"pidgr.v1.ListReachabilityForUserResponse"> & {
/**
* One entry per channel that has a row for the (org_id, user_id) pair.
*
* @generated from field: repeated pidgr.v1.Reachability reachabilities = 1;
*/
reachabilities: Reachability[];
};
/**
* Describes the message pidgr.v1.ListReachabilityForUserResponse.
* Use `create(ListReachabilityForUserResponseSchema)` to create a new message.
*/
export const ListReachabilityForUserResponseSchema: GenMessage<ListReachabilityForUserResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 9);
/**
* @generated from message pidgr.v1.GetRegionPolicyRequest
*/
export type GetRegionPolicyRequest = Message<"pidgr.v1.GetRegionPolicyRequest"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 2;
*/
channel: ChannelName;
};
/**
* Describes the message pidgr.v1.GetRegionPolicyRequest.
* Use `create(GetRegionPolicyRequestSchema)` to create a new message.
*/
export const GetRegionPolicyRequestSchema: GenMessage<GetRegionPolicyRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 10);
/**
* @generated from message pidgr.v1.GetRegionPolicyResponse
*/
export type GetRegionPolicyResponse = Message<"pidgr.v1.GetRegionPolicyResponse"> & {
/**
* Always populated. Empty `allowed_regions` means "no policy configured"
* — NOT "no regions allowed."
*
* @generated from field: pidgr.v1.RegionPolicy policy = 1;
*/
policy?: RegionPolicy | undefined;
};
/**
* Describes the message pidgr.v1.GetRegionPolicyResponse.
* Use `create(GetRegionPolicyResponseSchema)` to create a new message.
*/
export const GetRegionPolicyResponseSchema: GenMessage<GetRegionPolicyResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 11);
/**
* Admin-only upsert. Empty `allowed_regions` clears the policy.
*
* @generated from message pidgr.v1.SetRegionPolicyRequest
*/
export type SetRegionPolicyRequest = Message<"pidgr.v1.SetRegionPolicyRequest"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 2;
*/
channel: ChannelName;
/**
* AWS region identifiers (e.g. "eu-west-1"). Empty list == "no policy."
*
* @generated from field: repeated string allowed_regions = 3;
*/
allowedRegions: string[];
};
/**
* Describes the message pidgr.v1.SetRegionPolicyRequest.
* Use `create(SetRegionPolicyRequestSchema)` to create a new message.
*/
export const SetRegionPolicyRequestSchema: GenMessage<SetRegionPolicyRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 12);
/**
* @generated from message pidgr.v1.SetRegionPolicyResponse
*/
export type SetRegionPolicyResponse = Message<"pidgr.v1.SetRegionPolicyResponse"> & {
/**
* @generated from field: pidgr.v1.RegionPolicy policy = 1;
*/
policy?: RegionPolicy | undefined;
};
/**
* Describes the message pidgr.v1.SetRegionPolicyResponse.
* Use `create(SetRegionPolicyResponseSchema)` to create a new message.
*/
export const SetRegionPolicyResponseSchema: GenMessage<SetRegionPolicyResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 13);
/**
* Get the cost-cap state for the current calendar-month period (UTC). When
* no row exists for `(org_id, channel, period_yyyymm)`, the server returns
* the channel default cap from server config
* (`COST_CAP_DEFAULT_${CHANNEL}_MICROS`) with `used_micros = 0`.
*
* @generated from message pidgr.v1.GetCostCapPolicyRequest
*/
export type GetCostCapPolicyRequest = Message<"pidgr.v1.GetCostCapPolicyRequest"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 2;
*/
channel: ChannelName;
};
/**
* Describes the message pidgr.v1.GetCostCapPolicyRequest.
* Use `create(GetCostCapPolicyRequestSchema)` to create a new message.
*/
export const GetCostCapPolicyRequestSchema: GenMessage<GetCostCapPolicyRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 14);
/**
* @generated from message pidgr.v1.GetCostCapPolicyResponse
*/
export type GetCostCapPolicyResponse = Message<"pidgr.v1.GetCostCapPolicyResponse"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 2;
*/
channel: ChannelName;
/**
* Current period's cap in micros (1/1_000_000 of a USD).
*
* @generated from field: int64 cap_micros = 3;
*/
capMicros: bigint;
/**
* Current period's accumulated spend in micros.
*
* @generated from field: int64 used_micros = 4;
*/
usedMicros: bigint;
/**
* Calendar-month period in integer YYYYMM form (e.g. 202605 for May 2026).
*
* @generated from field: int32 period_yyyymm = 5;
*/
periodYyyymm: number;
};
/**
* Describes the message pidgr.v1.GetCostCapPolicyResponse.
* Use `create(GetCostCapPolicyResponseSchema)` to create a new message.
*/
export const GetCostCapPolicyResponseSchema: GenMessage<GetCostCapPolicyResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 15);
/**
* Admin-only upsert of the cap for the current calendar-month period. Future
* periods inherit the most recent SetCostCapPolicy value until the next call.
*
* @generated from message pidgr.v1.SetCostCapPolicyRequest
*/
export type SetCostCapPolicyRequest = Message<"pidgr.v1.SetCostCapPolicyRequest"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 2;
*/
channel: ChannelName;
/**
* @generated from field: int64 cap_micros = 3;
*/
capMicros: bigint;
};
/**
* Describes the message pidgr.v1.SetCostCapPolicyRequest.
* Use `create(SetCostCapPolicyRequestSchema)` to create a new message.
*/
export const SetCostCapPolicyRequestSchema: GenMessage<SetCostCapPolicyRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 16);
/**
* @generated from message pidgr.v1.SetCostCapPolicyResponse
*/
export type SetCostCapPolicyResponse = Message<"pidgr.v1.SetCostCapPolicyResponse"> & {
/**
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* @generated from field: pidgr.v1.ChannelName channel = 2;
*/
channel: ChannelName;
/**
* @generated from field: int64 cap_micros = 3;
*/
capMicros: bigint;
/**
* @generated from field: int64 used_micros = 4;
*/
usedMicros: bigint;
/**
* @generated from field: int32 period_yyyymm = 5;
*/
periodYyyymm: number;
};
/**
* Describes the message pidgr.v1.SetCostCapPolicyResponse.
* Use `create(SetCostCapPolicyResponseSchema)` to create a new message.
*/
export const SetCostCapPolicyResponseSchema: GenMessage<SetCostCapPolicyResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_integrations_service, 17);
/**
* IntegrationsService is the gRPC surface of the pidgr-integrations service.
*
* Auth model:
* - DispatchToChannel: internal-mTLS only. Called by the Temporal worker
* on behalf of pidgr-api dispatch activities. Never exposed publicly.
* - UpsertReachability / RemoveReachability / GetReachability /
* ListReachabilityForUser: Cognito JWT (admin RPCs, org-scoped on the
* caller's `custom:org_id` claim).
* - GetRegionPolicy / SetRegionPolicy / GetCostCapPolicy /
* SetCostCapPolicy: Cognito JWT (admin only, org-scoped).
*
* Cross-org access is denied with `permission_denied`.
*
* @generated from service pidgr.v1.IntegrationsService
*/
export const IntegrationsService: GenService<{
/**
* Dispatch a single rendered message to one channel. Idempotent on
* `dispatch_id`. Internal-mTLS only.
*
* @generated from rpc pidgr.v1.IntegrationsService.DispatchToChannel
*/
dispatchToChannel: {
methodKind: "unary";
input: typeof DispatchToChannelRequestSchema;
output: typeof DispatchToChannelResponseSchema;
},
/**
* Upsert a reachability identifier for a (user, channel) tuple. Encrypts
* and HMAC-hashes server-side before insert; emits a `REACHABILITY_UPSERT`
* audit row BEFORE the registry commit.
*
* @generated from rpc pidgr.v1.IntegrationsService.UpsertReachability
*/
upsertReachability: {
methodKind: "unary";
input: typeof UpsertReachabilityRequestSchema;
output: typeof UpsertReachabilityResponseSchema;
},
/**
* Remove a reachability identifier. Idempotent. Emits a
* `REACHABILITY_REMOVE` audit row BEFORE the registry delete.
*
* @generated from rpc pidgr.v1.IntegrationsService.RemoveReachability
*/
removeReachability: {
methodKind: "unary";
input: typeof RemoveReachabilityRequestSchema;
output: typeof RemoveReachabilityResponseSchema;
},
/**
* Read a single reachability row's metadata. Returns NOT_FOUND if missing.
* Does not return plaintext or envelope ciphertext.
*
* @generated from rpc pidgr.v1.IntegrationsService.GetReachability
*/
getReachability: {
methodKind: "unary";
input: typeof GetReachabilityRequestSchema;
output: typeof GetReachabilityResponseSchema;
},
/**
* List per-channel reachability metadata for a single user. Used by the
* admin per-user matrix view. Does not return plaintext or ciphertext.
*
* @generated from rpc pidgr.v1.IntegrationsService.ListReachabilityForUser
*/
listReachabilityForUser: {
methodKind: "unary";
input: typeof ListReachabilityForUserRequestSchema;
output: typeof ListReachabilityForUserResponseSchema;
},
/**
* Read the per-(org, channel) region allowlist. Returns an empty list when
* no policy is configured — NOT a NOT_FOUND.
*
* @generated from rpc pidgr.v1.IntegrationsService.GetRegionPolicy
*/
getRegionPolicy: {
methodKind: "unary";
input: typeof GetRegionPolicyRequestSchema;
output: typeof GetRegionPolicyResponseSchema;
},
/**
* Admin-only upsert of the per-(org, channel) region allowlist.
*
* @generated from rpc pidgr.v1.IntegrationsService.SetRegionPolicy
*/
setRegionPolicy: {
methodKind: "unary";
input: typeof SetRegionPolicyRequestSchema;
output: typeof SetRegionPolicyResponseSchema;
},
/**
* Read the current calendar-month cost-cap state. Returns the channel
* default cap when no row exists; never NOT_FOUND.
*
* @generated from rpc pidgr.v1.IntegrationsService.GetCostCapPolicy
*/
getCostCapPolicy: {
methodKind: "unary";
input: typeof GetCostCapPolicyRequestSchema;
output: typeof GetCostCapPolicyResponseSchema;
},
/**
* Admin-only upsert of the current calendar-month cost cap.
*
* @generated from rpc pidgr.v1.IntegrationsService.SetCostCapPolicy
*/
setCostCapPolicy: {
methodKind: "unary";
input: typeof SetCostCapPolicyRequestSchema;
output: typeof SetCostCapPolicyResponseSchema;
},
}> = /*@__PURE__*/
serviceDesc(file_pidgr_v1_integrations_service, 0);
// @generated by protoc-gen-es v2.12.0 with parameter "target=ts"
// @generated from file pidgr/v1/org_security_keys_service.proto (package pidgr.v1, syntax proto3)
/* eslint-disable */
import type { GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
import type { Message } from "@bufbuild/protobuf";
/**
* Describes the file pidgr/v1/org_security_keys_service.proto.
*/
export const file_pidgr_v1_org_security_keys_service: GenFile = /*@__PURE__*/
fileDesc("CihwaWRnci92MS9vcmdfc2VjdXJpdHlfa2V5c19zZXJ2aWNlLnByb3RvEghwaWRnci52MSIvCgZQZXBwZXISDwoHdmVyc2lvbhgBIAEoBRIUCgxrZXlfbWF0ZXJpYWwYAiABKAwiNAoRR2V0UGVwcGVyc1JlcXVlc3QSDgoGb3JnX2lkGAEgASgJEg8KB3B1cnBvc2UYAiABKAkiNwoSR2V0UGVwcGVyc1Jlc3BvbnNlEiEKB3BlcHBlcnMYASADKAsyEC5waWRnci52MS5QZXBwZXIyYQoWT3JnU2VjdXJpdHlLZXlzU2VydmljZRJHCgpHZXRQZXBwZXJzEhsucGlkZ3IudjEuR2V0UGVwcGVyc1JlcXVlc3QaHC5waWRnci52MS5HZXRQZXBwZXJzUmVzcG9uc2VCNlo0Z2l0aHViLmNvbS9waWRnci9waWRnci1wcm90by9nZW4vZ28vcGlkZ3IvdjE7cGlkZ3J2MWIGcHJvdG8z");
/**
* A single non-retired pepper version. Returned by GetPeppers.
*
* During a rotation overlap, multiple versions are returned — callers
* (e.g. pidgr-integrations) compute lookup hashes under EVERY returned
* version to write or match against `identifier_lookup_hash_v1` and
* `identifier_lookup_hash_v2` on the reachability registry.
*
* @generated from message pidgr.v1.Pepper
*/
export type Pepper = Message<"pidgr.v1.Pepper"> & {
/**
* Monotonically-increasing version number. Lower versions retire first.
*
* @generated from field: int32 version = 1;
*/
version: number;
/**
* Raw HMAC key material. Sensitive — callers MUST NOT log or persist
* this value to disk. In-memory caching keyed on (org_id, version) with
* a short TTL is permitted and expected.
*
* @generated from field: bytes key_material = 2;
*/
keyMaterial: Uint8Array;
};
/**
* Describes the message pidgr.v1.Pepper.
* Use `create(PepperSchema)` to create a new message.
*/
export const PepperSchema: GenMessage<Pepper> = /*@__PURE__*/
messageDesc(file_pidgr_v1_org_security_keys_service, 0);
/**
* Request to fetch the active (non-retired) peppers for one org/purpose.
*
* Auth: internal-mTLS only. This RPC exposes raw cryptographic key material
* and MUST NOT be reachable from the public ingress or from JWT-authenticated
* clients. The server SHALL reject any caller whose mTLS identity is not on
* the configured allowlist.
*
* @generated from message pidgr.v1.GetPeppersRequest
*/
export type GetPeppersRequest = Message<"pidgr.v1.GetPeppersRequest"> & {
/**
* Organization whose peppers are requested.
*
* @generated from field: string org_id = 1;
*/
orgId: string;
/**
* Purpose identifier scoping which key family to return. Use
* `"reachability_lookup"` for the pidgr-integrations registry lookup hash.
*
* @generated from field: string purpose = 2;
*/
purpose: string;
};
/**
* Describes the message pidgr.v1.GetPeppersRequest.
* Use `create(GetPeppersRequestSchema)` to create a new message.
*/
export const GetPeppersRequestSchema: GenMessage<GetPeppersRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_org_security_keys_service, 1);
/**
* @generated from message pidgr.v1.GetPeppersResponse
*/
export type GetPeppersResponse = Message<"pidgr.v1.GetPeppersResponse"> & {
/**
* All non-retired pepper versions for the (org_id, purpose) pair, in
* ascending version order. Typically exactly one entry; two during a
* rotation overlap window; zero only when no pepper has ever been
* generated for this (org, purpose).
*
* @generated from field: repeated pidgr.v1.Pepper peppers = 1;
*/
peppers: Pepper[];
};
/**
* Describes the message pidgr.v1.GetPeppersResponse.
* Use `create(GetPeppersResponseSchema)` to create a new message.
*/
export const GetPeppersResponseSchema: GenMessage<GetPeppersResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_org_security_keys_service, 2);
/**
* OrgSecurityKeysService exposes per-org secret key material to internal
* services that need it for HMAC computation, signature verification, or
* envelope-key derivation.
*
* AUTH: INTERNAL-mTLS ONLY. Every RPC on this service returns raw key
* material. The server MUST require a client certificate from a known
* internal service (allowlisted by subject DN) and MUST reject any request
* presenting only a JWT. The service MUST NOT be exposed on the public ALB.
*
* Callers (today: pidgr-integrations) cache returned peppers in-process
* keyed on (org_id, purpose, version) with a short TTL (≤ 5 minutes) to
* keep dispatch hot-path latency bounded.
*
* @generated from service pidgr.v1.OrgSecurityKeysService
*/
export const OrgSecurityKeysService: GenService<{
/**
* Return all non-retired pepper versions for one (org_id, purpose). Used
* by pidgr-integrations to compute `identifier_lookup_hash_v1` /
* `identifier_lookup_hash_v2` during pepper-rotation overlap windows.
*
* @generated from rpc pidgr.v1.OrgSecurityKeysService.GetPeppers
*/
getPeppers: {
methodKind: "unary";
input: typeof GetPeppersRequestSchema;
output: typeof GetPeppersResponseSchema;
},
}> = /*@__PURE__*/
serviceDesc(file_pidgr_v1_org_security_keys_service, 0);
+1
-1
{
"name": "@pidgr/proto",
"version": "0.73.0",
"version": "0.74.0",
"description": "TypeScript protobuf and gRPC client stubs for the Pidgr internal communications platform",

@@ -5,0 +5,0 @@ "keywords": [

@@ -8,6 +8,6 @@ // @generated by protoc-gen-es v2.12.0 with parameter "target=ts"

import type { Timestamp } from "@bufbuild/protobuf/wkt";
import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
import { file_google_protobuf_struct, file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
import type { PrivacyRequestStatus } from "./privacy_pb";
import { file_pidgr_v1_privacy } from "./privacy_pb";
import type { Message } from "@bufbuild/protobuf";
import type { JsonObject, Message } from "@bufbuild/protobuf";

@@ -18,3 +18,3 @@ /**

export const file_pidgr_v1_audit: GenFile = /*@__PURE__*/
fileDesc("ChRwaWRnci92MS9hdWRpdC5wcm90bxIIcGlkZ3IudjEipwIKCkF1ZGl0RXZlbnQSCgoCaWQYASABKAkSDgoGb3JnX2lkGAIgASgJEhAKCGFjdG9yX2lkGAMgASgJEiwKCmV2ZW50X3R5cGUYBCABKA4yGC5waWRnci52MS5BdWRpdEV2ZW50VHlwZRITCgtlbnRpdHlfdHlwZRgFIAEoCRIRCgllbnRpdHlfaWQYBiABKAkSNAoIbWV0YWRhdGEYByADKAsyIi5waWRnci52MS5BdWRpdEV2ZW50Lk1ldGFkYXRhRW50cnkSLgoKY3JlYXRlZF9hdBgKIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXAaLwoNTWV0YWRhdGFFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBIt0BChZMaXN0QXVkaXRFdmVudHNSZXF1ZXN0EhIKCnBhZ2VfdG9rZW4YASABKAkSEQoJcGFnZV9zaXplGAIgASgFEiwKCmV2ZW50X3R5cGUYAyABKA4yGC5waWRnci52MS5BdWRpdEV2ZW50VHlwZRIQCghhY3Rvcl9pZBgEIAEoCRIuCgpzdGFydF90aW1lGAUgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIsCghlbmRfdGltZRgGIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXAiWAoXTGlzdEF1ZGl0RXZlbnRzUmVzcG9uc2USJAoGZXZlbnRzGAEgAygLMhQucGlkZ3IudjEuQXVkaXRFdmVudBIXCg9uZXh0X3BhZ2VfdG9rZW4YAiABKAkipAEKF0V4cG9ydEF1ZGl0VHJhaWxSZXF1ZXN0EisKBmZvcm1hdBgBIAEoDjIbLnBpZGdyLnYxLkF1ZGl0RXhwb3J0Rm9ybWF0Ei4KCnN0YXJ0X3RpbWUYAiABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEiwKCGVuZF90aW1lGAMgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCJeChhFeHBvcnRBdWRpdFRyYWlsUmVzcG9uc2USEgoKZXhwb3J0X3VybBgBIAEoCRIuCgZzdGF0dXMYAiABKA4yHi5waWRnci52MS5Qcml2YWN5UmVxdWVzdFN0YXR1cyKCAgoLQXVkaXRFeHBvcnQSCgoCaWQYASABKAkSDgoGZm9ybWF0GAIgASgJEi4KBnN0YXR1cxgDIAEoDjIeLnBpZGdyLnYxLlByaXZhY3lSZXF1ZXN0U3RhdHVzEhIKCnJlc3VsdF91cmwYBCABKAkSFQoNZXJyb3JfbWVzc2FnZRgFIAEoCRIaChJyZXF1ZXN0ZWRfYnlfZW1haWwYBiABKAkSLgoKY3JlYXRlZF9hdBgHIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASMAoMY29tcGxldGVkX2F0GAggASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCIZChdMaXN0QXVkaXRFeHBvcnRzUmVxdWVzdCJCChhMaXN0QXVkaXRFeHBvcnRzUmVzcG9uc2USJgoHZXhwb3J0cxgBIAMoCzIVLnBpZGdyLnYxLkF1ZGl0RXhwb3J0KvcRCg5BdWRpdEV2ZW50VHlwZRIgChxBVURJVF9FVkVOVF9UWVBFX1VOU1BFQ0lGSUVEEAASJQohQVVESVRfRVZFTlRfVFlQRV9DQU1QQUlHTl9DUkVBVEVEEAESIQodQVVESVRfRVZFTlRfVFlQRV9NRVNTQUdFX1NFTlQQAhIjCh9BVURJVF9FVkVOVF9UWVBFX01FU1NBR0VfT1BFTkVEEAMSIwofQVVESVRfRVZFTlRfVFlQRV9BQ0tfUkVHSVNURVJFRBAEEigKJEFVRElUX0VWRU5UX1RZUEVfRVNDQUxBVElPTl9FWEVDVVRFRBAFEiUKIUFVRElUX0VWRU5UX1RZUEVfQ0FNUEFJR05fU1RBUlRFRBAMEicKI0FVRElUX0VWRU5UX1RZUEVfQ0FNUEFJR05fQ0FOQ0VMTEVEEA0SJQohQVVESVRfRVZFTlRfVFlQRV9DQU1QQUlHTl9VUERBVEVEEA4SIQodQVVESVRfRVZFTlRfVFlQRV9VU0VSX0lOVklURUQQBhIlCiFBVURJVF9FVkVOVF9UWVBFX1VTRVJfREVBQ1RJVkFURUQQBxIlCiFBVURJVF9FVkVOVF9UWVBFX1VTRVJfUkVBQ1RJVkFURUQQDxIhCh1BVURJVF9FVkVOVF9UWVBFX1JPTEVfQ0hBTkdFRBAKEiMKH0FVRElUX0VWRU5UX1RZUEVfSU5WSVRFX1JFVk9LRUQQEBIkCiBBVURJVF9FVkVOVF9UWVBFX1BST0ZJTEVfVVBEQVRFRBAREiUKIUFVRElUX0VWRU5UX1RZUEVfU0VUVElOR1NfVVBEQVRFRBASEiUKIUFVRElUX0VWRU5UX1RZUEVfUEFTU0tFWV9FTlJPTExFRBATEioKJkFVRElUX0VWRU5UX1RZUEVfREFUQV9FWFBPUlRfUkVRVUVTVEVEEAgSLAooQVVESVRfRVZFTlRfVFlQRV9EQVRBX0RFTEVUSU9OX1JFUVVFU1RFRBAJEiMKH0FVRElUX0VWRU5UX1RZUEVfREFUQV9SRUNUSUZJRUQQFBIqCiZBVURJVF9FVkVOVF9UWVBFX1BST0NFU1NJTkdfUkVTVFJJQ1RFRBAVEicKI0FVRElUX0VWRU5UX1RZUEVfREVMRVRJT05fQ0FOQ0VMTEVEEBYSJwojQVVESVRfRVZFTlRfVFlQRV9ERUxFVElPTl9JTU1FRElBVEUQFxIjCh9BVURJVF9FVkVOVF9UWVBFX1NTT19DT05GSUdVUkVEEAsSKQolQVVESVRfRVZFTlRfVFlQRV9TU09fUFJPVklERVJfQ1JFQVRFRBAYEikKJUFVRElUX0VWRU5UX1RZUEVfU1NPX1BST1ZJREVSX0RFTEVURUQQGRIgChxBVURJVF9FVkVOVF9UWVBFX09SR19VUERBVEVEEBoSIQodQVVESVRfRVZFTlRfVFlQRV9ST0xFX0NSRUFURUQQGxIhCh1BVURJVF9FVkVOVF9UWVBFX1JPTEVfVVBEQVRFRBAcEiEKHUFVRElUX0VWRU5UX1RZUEVfUk9MRV9ERUxFVEVEEB0SJQohQVVESVRfRVZFTlRfVFlQRV9URU1QTEFURV9DUkVBVEVEEB4SJQohQVVESVRfRVZFTlRfVFlQRV9URU1QTEFURV9VUERBVEVEEB8SJAogQVVESVRfRVZFTlRfVFlQRV9BUElfS0VZX0NSRUFURUQQIBIkCiBBVURJVF9FVkVOVF9UWVBFX0FQSV9LRVlfUkVWT0tFRBAhEigKJEFVRElUX0VWRU5UX1RZUEVfSU5WSVRFX0xJTktfQ1JFQVRFRBAiEigKJEFVRElUX0VWRU5UX1RZUEVfSU5WSVRFX0xJTktfUkVWT0tFRBAjEiIKHkFVRElUX0VWRU5UX1RZUEVfR1JPVVBfQ1JFQVRFRBAkEiIKHkFVRElUX0VWRU5UX1RZUEVfR1JPVVBfVVBEQVRFRBAlEiIKHkFVRElUX0VWRU5UX1RZUEVfR1JPVVBfREVMRVRFRBAmEigKJEFVRElUX0VWRU5UX1RZUEVfR1JPVVBfTUVNQkVSU19BRERFRBAnEioKJkFVRElUX0VWRU5UX1RZUEVfR1JPVVBfTUVNQkVSU19SRU1PVkVEECgSIQodQVVESVRfRVZFTlRfVFlQRV9URUFNX0NSRUFURUQQKRIhCh1BVURJVF9FVkVOVF9UWVBFX1RFQU1fVVBEQVRFRBAqEiEKHUFVRElUX0VWRU5UX1RZUEVfVEVBTV9ERUxFVEVEECsSJwojQVVESVRfRVZFTlRfVFlQRV9URUFNX01FTUJFUlNfQURERUQQLBIpCiVBVURJVF9FVkVOVF9UWVBFX1RFQU1fTUVNQkVSU19SRU1PVkVEEC0SKgomQVVESVRfRVZFTlRfVFlQRV9TQ0lNX1VTRVJfUFJPVklTSU9ORUQQLhIsCihBVURJVF9FVkVOVF9UWVBFX1NDSU1fVVNFUl9ERVBST1ZJU0lPTkVEEC8SJgoiQVVESVRfRVZFTlRfVFlQRV9TQ0lNX1VTRVJfVVBEQVRFRBAwEigKJEFVRElUX0VWRU5UX1RZUEVfVFJBTlNMQVRJT05fQ1JFQVRFRBAxEikKJUFVRElUX0VWRU5UX1RZUEVfVFJBTlNMQVRJT05fQVBQUk9WRUQQMhIkCiBBVURJVF9FVkVOVF9UWVBFX1NBTkRCT1hfQ1JFQVRFRBAzEiQKIEFVRElUX0VWRU5UX1RZUEVfU0FOREJPWF9FWFBJUkVEEDQSKQolQVVESVRfRVZFTlRfVFlQRV9BSV9QUkVESUNUSU9OX0xPR0dFRBA1EioKJkFVRElUX0VWRU5UX1RZUEVfTUxfUElQRUxJTkVfVFJJR0dFUkVEEDYSMwovQVVESVRfRVZFTlRfVFlQRV9BUkNIRVRZUEVfQ0xVU1RFUklOR19UUklHR0VSRUQQNxIgChxBVURJVF9FVkVOVF9UWVBFX09SR19DUkVBVEVEEDgSIAocQVVESVRfRVZFTlRfVFlQRV9PUkdfREVMRVRFRBA5KpQBChFBdWRpdEV4cG9ydEZvcm1hdBIjCh9BVURJVF9FWFBPUlRfRk9STUFUX1VOU1BFQ0lGSUVEEAASGwoXQVVESVRfRVhQT1JUX0ZPUk1BVF9DU1YQARIcChhBVURJVF9FWFBPUlRfRk9STUFUX0pTT04QAhIfChtBVURJVF9FWFBPUlRfRk9STUFUX1BBUlFVRVQQAzKcAgoMQXVkaXRTZXJ2aWNlElYKD0xpc3RBdWRpdEV2ZW50cxIgLnBpZGdyLnYxLkxpc3RBdWRpdEV2ZW50c1JlcXVlc3QaIS5waWRnci52MS5MaXN0QXVkaXRFdmVudHNSZXNwb25zZRJZChBFeHBvcnRBdWRpdFRyYWlsEiEucGlkZ3IudjEuRXhwb3J0QXVkaXRUcmFpbFJlcXVlc3QaIi5waWRnci52MS5FeHBvcnRBdWRpdFRyYWlsUmVzcG9uc2USWQoQTGlzdEF1ZGl0RXhwb3J0cxIhLnBpZGdyLnYxLkxpc3RBdWRpdEV4cG9ydHNSZXF1ZXN0GiIucGlkZ3IudjEuTGlzdEF1ZGl0RXhwb3J0c1Jlc3BvbnNlQjZaNGdpdGh1Yi5jb20vcGlkZ3IvcGlkZ3ItcHJvdG8vZ2VuL2dvL3BpZGdyL3YxO3BpZGdydjFiBnByb3RvMw", [file_google_protobuf_timestamp, file_pidgr_v1_privacy]);
fileDesc("ChRwaWRnci92MS9hdWRpdC5wcm90bxIIcGlkZ3IudjEipwIKCkF1ZGl0RXZlbnQSCgoCaWQYASABKAkSDgoGb3JnX2lkGAIgASgJEhAKCGFjdG9yX2lkGAMgASgJEiwKCmV2ZW50X3R5cGUYBCABKA4yGC5waWRnci52MS5BdWRpdEV2ZW50VHlwZRITCgtlbnRpdHlfdHlwZRgFIAEoCRIRCgllbnRpdHlfaWQYBiABKAkSNAoIbWV0YWRhdGEYByADKAsyIi5waWRnci52MS5BdWRpdEV2ZW50Lk1ldGFkYXRhRW50cnkSLgoKY3JlYXRlZF9hdBgKIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXAaLwoNTWV0YWRhdGFFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBIt0BChZMaXN0QXVkaXRFdmVudHNSZXF1ZXN0EhIKCnBhZ2VfdG9rZW4YASABKAkSEQoJcGFnZV9zaXplGAIgASgFEiwKCmV2ZW50X3R5cGUYAyABKA4yGC5waWRnci52MS5BdWRpdEV2ZW50VHlwZRIQCghhY3Rvcl9pZBgEIAEoCRIuCgpzdGFydF90aW1lGAUgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIsCghlbmRfdGltZRgGIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXAiWAoXTGlzdEF1ZGl0RXZlbnRzUmVzcG9uc2USJAoGZXZlbnRzGAEgAygLMhQucGlkZ3IudjEuQXVkaXRFdmVudBIXCg9uZXh0X3BhZ2VfdG9rZW4YAiABKAkipAEKF0V4cG9ydEF1ZGl0VHJhaWxSZXF1ZXN0EisKBmZvcm1hdBgBIAEoDjIbLnBpZGdyLnYxLkF1ZGl0RXhwb3J0Rm9ybWF0Ei4KCnN0YXJ0X3RpbWUYAiABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEiwKCGVuZF90aW1lGAMgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCJeChhFeHBvcnRBdWRpdFRyYWlsUmVzcG9uc2USEgoKZXhwb3J0X3VybBgBIAEoCRIuCgZzdGF0dXMYAiABKA4yHi5waWRnci52MS5Qcml2YWN5UmVxdWVzdFN0YXR1cyKCAgoLQXVkaXRFeHBvcnQSCgoCaWQYASABKAkSDgoGZm9ybWF0GAIgASgJEi4KBnN0YXR1cxgDIAEoDjIeLnBpZGdyLnYxLlByaXZhY3lSZXF1ZXN0U3RhdHVzEhIKCnJlc3VsdF91cmwYBCABKAkSFQoNZXJyb3JfbWVzc2FnZRgFIAEoCRIaChJyZXF1ZXN0ZWRfYnlfZW1haWwYBiABKAkSLgoKY3JlYXRlZF9hdBgHIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASMAoMY29tcGxldGVkX2F0GAggASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCIZChdMaXN0QXVkaXRFeHBvcnRzUmVxdWVzdCJCChhMaXN0QXVkaXRFeHBvcnRzUmVzcG9uc2USJgoHZXhwb3J0cxgBIAMoCzIVLnBpZGdyLnYxLkF1ZGl0RXhwb3J0IrMBCg1BcHBlbmRSZXF1ZXN0EhIKCmV2ZW50X3R5cGUYASABKAkSDgoGb3JnX2lkGAIgASgJEhwKD3N1YmplY3RfdXNlcl9pZBgDIAEoCUgAiAEBEhUKCGFjdG9yX2lkGAQgASgJSAGIAQESKAoHZGV0YWlscxgFIAEoCzIXLmdvb2dsZS5wcm90b2J1Zi5TdHJ1Y3RCEgoQX3N1YmplY3RfdXNlcl9pZEILCglfYWN0b3JfaWQiIgoOQXBwZW5kUmVzcG9uc2USEAoIZXZlbnRfaWQYASABKAkqyxIKDkF1ZGl0RXZlbnRUeXBlEiAKHEFVRElUX0VWRU5UX1RZUEVfVU5TUEVDSUZJRUQQABIlCiFBVURJVF9FVkVOVF9UWVBFX0NBTVBBSUdOX0NSRUFURUQQARIhCh1BVURJVF9FVkVOVF9UWVBFX01FU1NBR0VfU0VOVBACEiMKH0FVRElUX0VWRU5UX1RZUEVfTUVTU0FHRV9PUEVORUQQAxIjCh9BVURJVF9FVkVOVF9UWVBFX0FDS19SRUdJU1RFUkVEEAQSKAokQVVESVRfRVZFTlRfVFlQRV9FU0NBTEFUSU9OX0VYRUNVVEVEEAUSJQohQVVESVRfRVZFTlRfVFlQRV9DQU1QQUlHTl9TVEFSVEVEEAwSJwojQVVESVRfRVZFTlRfVFlQRV9DQU1QQUlHTl9DQU5DRUxMRUQQDRIlCiFBVURJVF9FVkVOVF9UWVBFX0NBTVBBSUdOX1VQREFURUQQDhIhCh1BVURJVF9FVkVOVF9UWVBFX1VTRVJfSU5WSVRFRBAGEiUKIUFVRElUX0VWRU5UX1RZUEVfVVNFUl9ERUFDVElWQVRFRBAHEiUKIUFVRElUX0VWRU5UX1RZUEVfVVNFUl9SRUFDVElWQVRFRBAPEiEKHUFVRElUX0VWRU5UX1RZUEVfUk9MRV9DSEFOR0VEEAoSIwofQVVESVRfRVZFTlRfVFlQRV9JTlZJVEVfUkVWT0tFRBAQEiQKIEFVRElUX0VWRU5UX1RZUEVfUFJPRklMRV9VUERBVEVEEBESJQohQVVESVRfRVZFTlRfVFlQRV9TRVRUSU5HU19VUERBVEVEEBISJQohQVVESVRfRVZFTlRfVFlQRV9QQVNTS0VZX0VOUk9MTEVEEBMSKgomQVVESVRfRVZFTlRfVFlQRV9EQVRBX0VYUE9SVF9SRVFVRVNURUQQCBIsCihBVURJVF9FVkVOVF9UWVBFX0RBVEFfREVMRVRJT05fUkVRVUVTVEVEEAkSIwofQVVESVRfRVZFTlRfVFlQRV9EQVRBX1JFQ1RJRklFRBAUEioKJkFVRElUX0VWRU5UX1RZUEVfUFJPQ0VTU0lOR19SRVNUUklDVEVEEBUSJwojQVVESVRfRVZFTlRfVFlQRV9ERUxFVElPTl9DQU5DRUxMRUQQFhInCiNBVURJVF9FVkVOVF9UWVBFX0RFTEVUSU9OX0lNTUVESUFURRAXEiMKH0FVRElUX0VWRU5UX1RZUEVfU1NPX0NPTkZJR1VSRUQQCxIpCiVBVURJVF9FVkVOVF9UWVBFX1NTT19QUk9WSURFUl9DUkVBVEVEEBgSKQolQVVESVRfRVZFTlRfVFlQRV9TU09fUFJPVklERVJfREVMRVRFRBAZEiAKHEFVRElUX0VWRU5UX1RZUEVfT1JHX1VQREFURUQQGhIhCh1BVURJVF9FVkVOVF9UWVBFX1JPTEVfQ1JFQVRFRBAbEiEKHUFVRElUX0VWRU5UX1RZUEVfUk9MRV9VUERBVEVEEBwSIQodQVVESVRfRVZFTlRfVFlQRV9ST0xFX0RFTEVURUQQHRIlCiFBVURJVF9FVkVOVF9UWVBFX1RFTVBMQVRFX0NSRUFURUQQHhIlCiFBVURJVF9FVkVOVF9UWVBFX1RFTVBMQVRFX1VQREFURUQQHxIkCiBBVURJVF9FVkVOVF9UWVBFX0FQSV9LRVlfQ1JFQVRFRBAgEiQKIEFVRElUX0VWRU5UX1RZUEVfQVBJX0tFWV9SRVZPS0VEECESKAokQVVESVRfRVZFTlRfVFlQRV9JTlZJVEVfTElOS19DUkVBVEVEECISKAokQVVESVRfRVZFTlRfVFlQRV9JTlZJVEVfTElOS19SRVZPS0VEECMSIgoeQVVESVRfRVZFTlRfVFlQRV9HUk9VUF9DUkVBVEVEECQSIgoeQVVESVRfRVZFTlRfVFlQRV9HUk9VUF9VUERBVEVEECUSIgoeQVVESVRfRVZFTlRfVFlQRV9HUk9VUF9ERUxFVEVEECYSKAokQVVESVRfRVZFTlRfVFlQRV9HUk9VUF9NRU1CRVJTX0FEREVEECcSKgomQVVESVRfRVZFTlRfVFlQRV9HUk9VUF9NRU1CRVJTX1JFTU9WRUQQKBIhCh1BVURJVF9FVkVOVF9UWVBFX1RFQU1fQ1JFQVRFRBApEiEKHUFVRElUX0VWRU5UX1RZUEVfVEVBTV9VUERBVEVEECoSIQodQVVESVRfRVZFTlRfVFlQRV9URUFNX0RFTEVURUQQKxInCiNBVURJVF9FVkVOVF9UWVBFX1RFQU1fTUVNQkVSU19BRERFRBAsEikKJUFVRElUX0VWRU5UX1RZUEVfVEVBTV9NRU1CRVJTX1JFTU9WRUQQLRIqCiZBVURJVF9FVkVOVF9UWVBFX1NDSU1fVVNFUl9QUk9WSVNJT05FRBAuEiwKKEFVRElUX0VWRU5UX1RZUEVfU0NJTV9VU0VSX0RFUFJPVklTSU9ORUQQLxImCiJBVURJVF9FVkVOVF9UWVBFX1NDSU1fVVNFUl9VUERBVEVEEDASKAokQVVESVRfRVZFTlRfVFlQRV9UUkFOU0xBVElPTl9DUkVBVEVEEDESKQolQVVESVRfRVZFTlRfVFlQRV9UUkFOU0xBVElPTl9BUFBST1ZFRBAyEiQKIEFVRElUX0VWRU5UX1RZUEVfU0FOREJPWF9DUkVBVEVEEDMSJAogQVVESVRfRVZFTlRfVFlQRV9TQU5EQk9YX0VYUElSRUQQNBIpCiVBVURJVF9FVkVOVF9UWVBFX0FJX1BSRURJQ1RJT05fTE9HR0VEEDUSKgomQVVESVRfRVZFTlRfVFlQRV9NTF9QSVBFTElORV9UUklHR0VSRUQQNhIzCi9BVURJVF9FVkVOVF9UWVBFX0FSQ0hFVFlQRV9DTFVTVEVSSU5HX1RSSUdHRVJFRBA3EiAKHEFVRElUX0VWRU5UX1RZUEVfT1JHX0NSRUFURUQQOBIgChxBVURJVF9FVkVOVF9UWVBFX09SR19ERUxFVEVEEDkSKAokQVVESVRfRVZFTlRfVFlQRV9SRUFDSEFCSUxJVFlfVVBTRVJUEDoSKAokQVVESVRfRVZFTlRfVFlQRV9SRUFDSEFCSUxJVFlfUkVNT1ZFEDsqlAEKEUF1ZGl0RXhwb3J0Rm9ybWF0EiMKH0FVRElUX0VYUE9SVF9GT1JNQVRfVU5TUEVDSUZJRUQQABIbChdBVURJVF9FWFBPUlRfRk9STUFUX0NTVhABEhwKGEFVRElUX0VYUE9SVF9GT1JNQVRfSlNPThACEh8KG0FVRElUX0VYUE9SVF9GT1JNQVRfUEFSUVVFVBADMtkCCgxBdWRpdFNlcnZpY2USVgoPTGlzdEF1ZGl0RXZlbnRzEiAucGlkZ3IudjEuTGlzdEF1ZGl0RXZlbnRzUmVxdWVzdBohLnBpZGdyLnYxLkxpc3RBdWRpdEV2ZW50c1Jlc3BvbnNlElkKEEV4cG9ydEF1ZGl0VHJhaWwSIS5waWRnci52MS5FeHBvcnRBdWRpdFRyYWlsUmVxdWVzdBoiLnBpZGdyLnYxLkV4cG9ydEF1ZGl0VHJhaWxSZXNwb25zZRJZChBMaXN0QXVkaXRFeHBvcnRzEiEucGlkZ3IudjEuTGlzdEF1ZGl0RXhwb3J0c1JlcXVlc3QaIi5waWRnci52MS5MaXN0QXVkaXRFeHBvcnRzUmVzcG9uc2USOwoGQXBwZW5kEhcucGlkZ3IudjEuQXBwZW5kUmVxdWVzdBoYLnBpZGdyLnYxLkFwcGVuZFJlc3BvbnNlQjZaNGdpdGh1Yi5jb20vcGlkZ3IvcGlkZ3ItcHJvdG8vZ2VuL2dvL3BpZGdyL3YxO3BpZGdydjFiBnByb3RvMw", [file_google_protobuf_struct, file_google_protobuf_timestamp, file_pidgr_v1_privacy]);

@@ -358,2 +358,88 @@ /**

/**
* Request to append a single audit event from an internal service.
*
* Auth: INTERNAL-mTLS ONLY. Unlike the read-side RPCs which authenticate
* via Cognito JWT and infer `org_id` from the caller's claim, this RPC is
* invoked by sibling services (e.g. pidgr-integrations) over the internal
* mTLS mesh and therefore carries `org_id` in the request payload. The
* server MUST reject any caller presenting only a JWT.
*
* @generated from message pidgr.v1.AppendRequest
*/
export type AppendRequest = Message<"pidgr.v1.AppendRequest"> & {
/**
* String form of the event type. Sibling services use a stable string
* identifier (e.g. "REACHABILITY_UPSERT", "REACHABILITY_REMOVE") so a
* new event type does not require a coordinated proto release across
* every internal service before it can be recorded. The audit server
* is responsible for mapping the string into its internal taxonomy.
*
* @generated from field: string event_type = 1;
*/
eventType: string;
/**
* Organization in which the event occurred. UUID.
*
* @generated from field: string org_id = 2;
*/
orgId: string;
/**
* User the audit event is about, if applicable. UUID. Unset when the
* event is not subject-bound (e.g. an org-wide policy change).
*
* @generated from field: optional string subject_user_id = 3;
*/
subjectUserId?: string | undefined;
/**
* Actor who initiated the action, if any. UUID. Unset for system-initiated
* or sibling-service-initiated events.
*
* @generated from field: optional string actor_id = 4;
*/
actorId?: string | undefined;
/**
* Structured event-specific payload. Used in lieu of the rigid
* `map<string, string> metadata` on `AuditEvent` so sibling services
* can record nested objects (e.g. a `prefetch_signals` block) without
* string-encoding every value. Servers SHOULD redact PII before persist
* and MUST NOT log this field at INFO or above. Sensitive cryptographic
* material (plaintext identifiers, envelope ciphertext, raw HMAC keys)
* MUST NOT be placed here.
*
* @generated from field: google.protobuf.Struct details = 5;
*/
details?: JsonObject | undefined;
};
/**
* Describes the message pidgr.v1.AppendRequest.
* Use `create(AppendRequestSchema)` to create a new message.
*/
export const AppendRequestSchema: GenMessage<AppendRequest> = /*@__PURE__*/
messageDesc(file_pidgr_v1_audit, 8);
/**
* @generated from message pidgr.v1.AppendResponse
*/
export type AppendResponse = Message<"pidgr.v1.AppendResponse"> & {
/**
* Server-assigned audit event identifier (UUID).
*
* @generated from field: string event_id = 1;
*/
eventId: string;
};
/**
* Describes the message pidgr.v1.AppendResponse.
* Use `create(AppendResponseSchema)` to create a new message.
*/
export const AppendResponseSchema: GenMessage<AppendResponse> = /*@__PURE__*/
messageDesc(file_pidgr_v1_audit, 9);
/**
* Type of auditable platform action.

@@ -784,2 +870,19 @@ *

ORG_DELETED = 57,
/**
* ── Reachability registry (pidgr-integrations) ──────────────────────────
* A reachability identifier (email, phone, Slack ID, etc.) was upserted.
* GDPR-relevant per Chikorita audit classification.
*
* @generated from enum value: AUDIT_EVENT_TYPE_REACHABILITY_UPSERT = 58;
*/
REACHABILITY_UPSERT = 58,
/**
* A reachability identifier was removed. GDPR Art. 17 "right to erasure"
* event; written BEFORE the registry row is deleted per Recital 30.
*
* @generated from enum value: AUDIT_EVENT_TYPE_REACHABILITY_REMOVE = 59;
*/
REACHABILITY_REMOVE = 59,
}

@@ -835,5 +938,10 @@

/**
* AuditService provides read access to the append-only audit trail.
* All RPCs extract org_id from the JWT — it is never in request messages.
* AuditService provides read access to the append-only audit trail, plus an
* internal-mTLS-only Append RPC for sibling services that need to record
* their own audit events into the shared trail.
*
* All read RPCs extract org_id from the JWT — it is never in request
* messages. The Append RPC carries org_id explicitly because it is
* invoked over the internal mTLS mesh, not by a JWT-authenticated user.
*
* @generated from service pidgr.v1.AuditService

@@ -877,4 +985,20 @@ */

},
/**
* Append one audit event to the trail. Used by sibling services
* (pidgr-integrations, future internal services) to record GDPR-relevant
* events that originate outside pidgr-api.
*
* Auth: INTERNAL-mTLS ONLY. The server MUST reject any caller that
* presents only a JWT. The server MUST allowlist callers by their mTLS
* client-certificate subject DN.
*
* @generated from rpc pidgr.v1.AuditService.Append
*/
append: {
methodKind: "unary";
input: typeof AppendRequestSchema;
output: typeof AppendResponseSchema;
},
}> = /*@__PURE__*/
serviceDesc(file_pidgr_v1_audit, 0);