chore(release): publish new version

- @standardnotes/analytics@2.21.6
 - @standardnotes/api-gateway@1.49.9
 - @standardnotes/auth-server@1.95.2
 - @standardnotes/domain-events-infra@1.10.0
 - @standardnotes/domain-events@2.109.0
 - @standardnotes/event-store@1.7.8
 - @standardnotes/files-server@1.10.10
 - @standardnotes/revisions-server@1.12.13
 - @standardnotes/scheduler-server@1.17.10
 - @standardnotes/syncing-server@1.32.6
 - @standardnotes/websockets-server@1.6.11

.pnp.cjs

@@ -4175,7 +4175,7 @@ const RAW_RUNTIME_STATE =
           ["@standardnotes/domain-core", "workspace:packages/domain-core"],\
           ["@standardnotes/domain-events", "workspace:packages/domain-events"],\
           ["@standardnotes/domain-events-infra", "workspace:packages/domain-events-infra"],\
-          ["@standardnotes/features", "npm:1.58.9"],\
+          ["@standardnotes/features", "npm:1.58.12"],\
           ["@standardnotes/predicates", "workspace:packages/predicates"],\
           ["@standardnotes/responses", "npm:1.13.9"],\
           ["@standardnotes/security", "workspace:packages/security"],\
@@ -4360,10 +4360,10 @@ const RAW_RUNTIME_STATE =
       }]\
     ]],\
     ["@standardnotes/features", [\
-      ["npm:1.58.8", {\
-        "packageLocation": "./.yarn/cache/@standardnotes-features-npm-1.58.8-d97ff2aae1-77bac7d0a0.zip/node_modules/@standardnotes/features/",\
+      ["npm:1.58.12", {\
+        "packageLocation": "./.yarn/cache/@standardnotes-features-npm-1.58.12-9778b78276-3fcd9a9488.zip/node_modules/@standardnotes/features/",\
         "packageDependencies": [\
-          ["@standardnotes/features", "npm:1.58.8"],\
+          ["@standardnotes/features", "npm:1.58.12"],\
           ["@standardnotes/common", "workspace:packages/common"],\
           ["@standardnotes/domain-core", "workspace:packages/domain-core"],\
           ["@standardnotes/security", "workspace:packages/security"],\
@@ -4371,10 +4371,10 @@ const RAW_RUNTIME_STATE =
         ],\
         "linkType": "HARD"\
       }],\
-      ["npm:1.58.9", {\
-        "packageLocation": "./.yarn/cache/@standardnotes-features-npm-1.58.9-c278f712cd-218350ee55.zip/node_modules/@standardnotes/features/",\
+      ["npm:1.58.8", {\
+        "packageLocation": "./.yarn/cache/@standardnotes-features-npm-1.58.8-d97ff2aae1-77bac7d0a0.zip/node_modules/@standardnotes/features/",\
         "packageDependencies": [\
-          ["@standardnotes/features", "npm:1.58.9"],\
+          ["@standardnotes/features", "npm:1.58.8"],\
           ["@standardnotes/common", "workspace:packages/common"],\
           ["@standardnotes/domain-core", "workspace:packages/domain-core"],\
           ["@standardnotes/security", "workspace:packages/security"],\

docker/docker-entrypoint.sh

@@ -190,7 +190,7 @@ if [ -z "$AUTH_SERVER_U2F_RELYING_PARTY_NAME" ]; then
   export AUTH_SERVER_U2F_RELYING_PARTY_NAME="Standard Notes"
 fi
 if [ -z "$AUTH_SERVER_U2F_EXPECTED_ORIGIN" ]; then
-  export AUTH_SERVER_U2F_EXPECTED_ORIGIN="http://localhost,http://localhost:3001"
+  export AUTH_SERVER_U2F_EXPECTED_ORIGIN="http://localhost,http://localhost:3001,https://app.standardnotes.com,android:apk-key-hash:WD_EG0kMOAtW--nuRzgetO9T4DcZpVA_wfKdzY4okCo"
 fi
 if [ -z "$AUTH_SERVER_U2F_REQUIRE_USER_VERIFICATION" ]; then
   export AUTH_SERVER_U2F_REQUIRE_USER_VERIFICATION=false

packages/analytics/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [2.21.6](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.21.5...@standardnotes/analytics@2.21.6) (2023-04-21)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
 ## [2.21.5](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.21.4...@standardnotes/analytics@2.21.5) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/analytics

packages/analytics/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/analytics",
-  "version": "2.21.5",
+  "version": "2.21.6",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/api-gateway/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.49.9](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.49.8...@standardnotes/api-gateway@1.49.9) (2023-04-21)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
 ## [1.49.8](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.49.7...@standardnotes/api-gateway@1.49.8) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/api-gateway

packages/api-gateway/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/api-gateway",
-  "version": "1.49.8",
+  "version": "1.49.9",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/auth/CHANGELOG.md

@@ -3,6 +3,44 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.95.2](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.95.1...@standardnotes/auth-server@1.95.2) (2023-04-21)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+## [1.95.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.95.0...@standardnotes/auth-server@1.95.1) (2023-04-20)
+
+### Bug Fixes
+
+* **auth:** add u2f permissions for pro users ([d211249](https://github.com/standardnotes/server/commit/d21124908652e89a7995c8f58e6b95394268967f))
+
+# [1.95.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.94.1...@standardnotes/auth-server@1.95.0) (2023-04-04)
+
+### Features
+
+* **auth:** add initial emergency access invitations model ([#528](https://github.com/standardnotes/server/issues/528)) ([8242f13](https://github.com/standardnotes/server/commit/8242f13aff63ea9f3007308fe4f65973fa1478e1))
+
+## [1.94.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.94.0...@standardnotes/auth-server@1.94.1) (2023-04-04)
+
+### Bug Fixes
+
+* **auth:** change status code for updating a subscription setting without a subscription ([3417407](https://github.com/standardnotes/server/commit/3417407cbe3b8e19069f6003e767d707e14b4501))
+
+# [1.94.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.93.14...@standardnotes/auth-server@1.94.0) (2023-04-03)
+
+### Bug Fixes
+
+* **auth:** feature service specs ([b88f560](https://github.com/standardnotes/server/commit/b88f560b07de183d4101220626785d3ba994b44c))
+
+### Features
+
+* **auth:** feature entitlement check for u2f endpoints ([51b264c](https://github.com/standardnotes/server/commit/51b264ca13fffc66e2dc31e87b0934ba61a48435))
+
+## [1.93.14](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.93.13...@standardnotes/auth-server@1.93.14) (2023-04-03)
+
+### Bug Fixes
+
+* **auth:** relying party id ([aca8d29](https://github.com/standardnotes/server/commit/aca8d2948da67b32445dc8da54b561ff08bf5c62))
+
 ## [1.93.13](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.93.12...@standardnotes/auth-server@1.93.13) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/auth-server

packages/auth/migrations/1680597887475-emergency-access-invitations.ts

@@ -0,0 +1,23 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class emergencyAccessInvitations1680597887475 implements MigrationInterface {
+  name = 'emergencyAccessInvitations1680597887475'
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      'CREATE TABLE `emergency_access_invitations` (`uuid` varchar(36) NOT NULL, `grantor_uuid` varchar(36) NOT NULL, `grantee_uuid` varchar(36) NOT NULL, `status` varchar(36) NOT NULL, `expires_at` datetime NOT NULL, `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL, PRIMARY KEY (`uuid`)) ENGINE=InnoDB',
+    )
+    await queryRunner.query(
+      'ALTER TABLE `emergency_access_invitations` ADD CONSTRAINT `grantor_uuid_fk` FOREIGN KEY (`grantor_uuid`) REFERENCES `users`(`uuid`) ON DELETE CASCADE ON UPDATE NO ACTION',
+    )
+    await queryRunner.query(
+      'ALTER TABLE `emergency_access_invitations` ADD CONSTRAINT `grantee_uuid_fk` FOREIGN KEY (`grantee_uuid`) REFERENCES `users`(`uuid`) ON DELETE CASCADE ON UPDATE NO ACTION',
+    )
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query('ALTER TABLE `emergency_access_invitations` DROP FOREIGN KEY `grantee_uuid_fk`')
+    await queryRunner.query('ALTER TABLE `emergency_access_invitations` DROP FOREIGN KEY `grantor_uuid_fk`')
+    await queryRunner.query('DROP TABLE `emergency_access_invitations`')
+  }
+}

packages/auth/migrations/1681984540867-enable-u2f.ts

@@ -0,0 +1,14 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class enableU2f1681984540867 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    // add u2f permission for pro users
+    await queryRunner.query(
+      'INSERT INTO `role_permissions` (role_uuid, permission_uuid) VALUES ("8047edbb-a10a-4ff8-8d53-c2cae600a8e8", "fb13e7d3-936f-4ded-a543-e1650cc99dfd")',
+    )
+  }
+
+  public async down(): Promise<void> {
+    return
+  }
+}

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/auth-server",
-  "version": "1.93.13",
+  "version": "1.95.2",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },
@@ -46,7 +46,7 @@
     "@standardnotes/domain-core": "workspace:^",
     "@standardnotes/domain-events": "workspace:*",
     "@standardnotes/domain-events-infra": "workspace:*",
-    "@standardnotes/features": "^1.58.9",
+    "@standardnotes/features": "^1.58.12",
     "@standardnotes/predicates": "workspace:*",
     "@standardnotes/responses": "^1.13.9",
     "@standardnotes/security": "workspace:*",

packages/auth/src/Bootstrap/Container.ts

@@ -452,7 +452,7 @@ export class ContainerConfigLoader {
       .toConstantValue(env.get('U2F_RELYING_PARTY_NAME', true) ?? 'Standard Notes')
     container
       .bind(TYPES.U2F_RELYING_PARTY_ID)
-      .toConstantValue(env.get('U2F_RELYING_PARTY_ID', true) ?? 'standardnotes.com')
+      .toConstantValue(env.get('U2F_RELYING_PARTY_ID', true) ?? 'app.standardnotes.com')
     container
       .bind(TYPES.U2F_EXPECTED_ORIGIN)
       .toConstantValue(
@@ -563,6 +563,8 @@ export class ContainerConfigLoader {
           container.get(TYPES.AuthenticatorChallengeRepository),
           container.get(TYPES.U2F_RELYING_PARTY_NAME),
           container.get(TYPES.U2F_RELYING_PARTY_ID),
+          container.get(TYPES.UserRepository),
+          container.get(TYPES.FeatureService),
         ),
       )
     container
@@ -574,6 +576,8 @@ export class ContainerConfigLoader {
           container.get(TYPES.U2F_RELYING_PARTY_ID),
           container.get(TYPES.U2F_EXPECTED_ORIGIN),
           container.get(TYPES.U2F_REQUIRE_USER_VERIFICATION),
+          container.get(TYPES.UserRepository),
+          container.get(TYPES.FeatureService),
         ),
       )
     container
@@ -599,10 +603,22 @@ export class ContainerConfigLoader {
       )
     container
       .bind<ListAuthenticators>(TYPES.ListAuthenticators)
-      .toConstantValue(new ListAuthenticators(container.get(TYPES.AuthenticatorRepository)))
+      .toConstantValue(
+        new ListAuthenticators(
+          container.get(TYPES.AuthenticatorRepository),
+          container.get(TYPES.UserRepository),
+          container.get(TYPES.FeatureService),
+        ),
+      )
     container
       .bind<DeleteAuthenticator>(TYPES.DeleteAuthenticator)
-      .toConstantValue(new DeleteAuthenticator(container.get(TYPES.AuthenticatorRepository)))
+      .toConstantValue(
+        new DeleteAuthenticator(
+          container.get(TYPES.AuthenticatorRepository),
+          container.get(TYPES.UserRepository),
+          container.get(TYPES.FeatureService),
+        ),
+      )
     container
       .bind<GenerateRecoveryCodes>(TYPES.GenerateRecoveryCodes)
       .toConstantValue(

packages/auth/src/Bootstrap/DataSource.ts

@@ -12,6 +12,7 @@ import { UserSubscription } from '../Domain/Subscription/UserSubscription'
 import { User } from '../Domain/User/User'
 import { TypeORMAuthenticator } from '../Infra/TypeORM/TypeORMAuthenticator'
 import { TypeORMAuthenticatorChallenge } from '../Infra/TypeORM/TypeORMAuthenticatorChallenge'
+import { TypeORMEmergencyAccessInvitation } from '../Infra/TypeORM/TypeORMEmergencyAccessInvitation'
 import { TypeORMSessionTrace } from '../Infra/TypeORM/TypeORMSessionTrace'
 import { Env } from './Env'
 
@@ -72,6 +73,7 @@ export const AppDataSource = new DataSource({
     TypeORMSessionTrace,
     TypeORMAuthenticator,
     TypeORMAuthenticatorChallenge,
+    TypeORMEmergencyAccessInvitation,
   ],
   migrations: [env.get('DB_MIGRATIONS_PATH', true) ?? 'dist/migrations/*.js'],
   migrationsRun: true,

packages/auth/src/Controller/AuthenticatorsController.ts

@@ -34,6 +34,17 @@ export class AuthenticatorsController {
       userUuid: params.userUuid,
     })
 
+    if (result.isFailed()) {
+      return {
+        status: HttpStatusCode.Unauthorized,
+        data: {
+          error: {
+            message: result.getError(),
+          },
+        },
+      }
+    }
+
     return {
       status: HttpStatusCode.Success,
       data: {
@@ -50,6 +61,17 @@ export class AuthenticatorsController {
       authenticatorId: params.authenticatorId,
     })
 
+    if (result.isFailed()) {
+      return {
+        status: HttpStatusCode.Unauthorized,
+        data: {
+          error: {
+            message: result.getError(),
+          },
+        },
+      }
+    }
+
     return {
       status: HttpStatusCode.Success,
       data: {

packages/auth/src/Domain/EmergencyAccess/EmergencyAccessInvitation.ts

@@ -0,0 +1,17 @@
+import { Entity, Result, UniqueEntityId } from '@standardnotes/domain-core'
+
+import { EmergencyAccessInvitationProps } from './EmergencyAccessInvitationProps'
+
+export class EmergencyAccessInvitation extends Entity<EmergencyAccessInvitationProps> {
+  get id(): UniqueEntityId {
+    return this._id
+  }
+
+  private constructor(props: EmergencyAccessInvitationProps, id?: UniqueEntityId) {
+    super(props, id)
+  }
+
+  static create(props: EmergencyAccessInvitationProps, id?: UniqueEntityId): Result<EmergencyAccessInvitation> {
+    return Result.ok<EmergencyAccessInvitation>(new EmergencyAccessInvitation(props, id))
+  }
+}

packages/auth/src/Domain/EmergencyAccess/EmergencyAccessInvitationProps.ts

@@ -0,0 +1,11 @@
+import { Dates, Uuid } from '@standardnotes/domain-core'
+
+import { EmergencyAccessInvitationStatus } from './EmergencyAccessInvitationStatus'
+
+export interface EmergencyAccessInvitationProps {
+  grantorUuid: Uuid
+  granteeUuid: Uuid
+  status: EmergencyAccessInvitationStatus
+  expiresAt: Date
+  dates: Dates
+}

packages/auth/src/Domain/EmergencyAccess/EmergencyAccessInvitationStatus.ts

@@ -0,0 +1,30 @@
+import { Result, ValueObject } from '@standardnotes/domain-core'
+
+import { EmergencyAccessInvitationStatusProps } from './EmergencyAccessInvitationStatusProps'
+
+export class EmergencyAccessInvitationStatus extends ValueObject<EmergencyAccessInvitationStatusProps> {
+  static readonly NAMES = {
+    Sent: 'sent',
+    Accepted: 'accepted',
+    Confirmed: 'confirmed',
+    Expired: 'expired',
+    Revoked: 'revoked',
+  }
+
+  get value(): string {
+    return this.props.value
+  }
+
+  private constructor(props: EmergencyAccessInvitationStatusProps) {
+    super(props)
+  }
+
+  static create(name: string): Result<EmergencyAccessInvitationStatus> {
+    const isValidName = Object.values(this.NAMES).includes(name)
+    if (!isValidName) {
+      return Result.fail<EmergencyAccessInvitationStatus>(`Invalid status name: ${name}`)
+    } else {
+      return Result.ok<EmergencyAccessInvitationStatus>(new EmergencyAccessInvitationStatus({ value: name }))
+    }
+  }
+}

packages/auth/src/Domain/EmergencyAccess/EmergencyAccessInvitationStatusProps.ts

@@ -0,0 +1,3 @@
+export interface EmergencyAccessInvitationStatusProps {
+  value: string
+}

packages/auth/src/Domain/Feature/FeatureService.spec.ts

@@ -30,7 +30,7 @@ jest.mock('@standardnotes/features', () => {
 const { GetFeatures } = jest.requireMock('@standardnotes/features')
 
 import { FeatureService } from './FeatureService'
-import { Permission, PermissionName } from '@standardnotes/features'
+import { FeatureIdentifier, Permission, PermissionName } from '@standardnotes/features'
 import { OfflineUserSubscriptionRepositoryInterface } from '../Subscription/OfflineUserSubscriptionRepositoryInterface'
 import { TimerInterface } from '@standardnotes/time'
 import { OfflineUserSubscription } from '../Subscription/OfflineUserSubscription'
@@ -201,6 +201,62 @@ describe('FeatureService', () => {
   })
 
   describe('online subscribers', () => {
+    it('should tell if a user is entitled to a feature', async () => {
+      expect(await createService().userIsEntitledToFeature(user, FeatureIdentifier.AutobiographyTheme)).toBe(true)
+      expect(await createService().userIsEntitledToFeature(user, FeatureIdentifier.DeprecatedBoldEditor)).toBe(false)
+    })
+
+    it('should tell if a user is not entitled to a feature because it is expired', async () => {
+      timer.getTimestampInMicroseconds = jest.fn().mockReturnValue(777)
+      expect(await createService().userIsEntitledToFeature(user, FeatureIdentifier.AutobiographyTheme)).toBe(false)
+    })
+
+    it('should tell if a user is entitled to a feature that does not expire', async () => {
+      const nonSubscriptionPermission = {
+        uuid: 'files-beta-permission-1-1-1',
+        name: 'files-beta' as PermissionName,
+      } as jest.Mocked<Permission>
+
+      GetFeatures.mockImplementation(() => [
+        {
+          identifier: 'org.standardnotes.theme-autobiography',
+          permission_name: PermissionName.AutobiographyTheme,
+          expires_at: 555,
+        },
+        {
+          identifier: 'org.standardnotes.bold-editor',
+          permission_name: PermissionName.BoldEditor,
+          expires_at: 777,
+        },
+        {
+          identifier: 'files-beta',
+          permission_name: 'files-beta' as PermissionName,
+          expires_at: undefined,
+          no_expire: true,
+        },
+      ])
+
+      const nonSubscriptionRole = {
+        name: RoleName.NAMES.InternalTeamUser,
+        uuid: 'role-files-beta',
+        permissions: Promise.resolve([nonSubscriptionPermission]),
+      } as jest.Mocked<Role>
+
+      roleToSubscriptionMap.filterNonSubscriptionRoles = jest.fn().mockReturnValue([nonSubscriptionRole])
+      roleToSubscriptionMap.getSubscriptionNameForRoleName = jest
+        .fn()
+        .mockReturnValueOnce(SubscriptionName.PlusPlan)
+        .mockReturnValueOnce(SubscriptionName.ProPlan)
+
+      user = {
+        uuid: 'user-1-1-1',
+        roles: Promise.resolve([role1, role2, nonSubscriptionRole]),
+        subscriptions: Promise.resolve([subscription1, subscription2]),
+      } as jest.Mocked<User>
+
+      expect(await createService().userIsEntitledToFeature(user, 'files-beta')).toBe(true)
+    })
+
     it('should return user features with `expires_at` field', async () => {
       const features = await createService().getFeaturesForUser(user)
       expect(features).toEqual(
@@ -321,7 +377,7 @@ describe('FeatureService', () => {
     it('should return user features along with features related to non subscription roles', async () => {
       const nonSubscriptionPermission = {
         uuid: 'files-beta-permission-1-1-1',
-        name: PermissionName.FilesBeta,
+        name: 'files-beta' as PermissionName,
       } as jest.Mocked<Permission>
 
       GetFeatures.mockImplementation(() => [
@@ -336,7 +392,8 @@ describe('FeatureService', () => {
           expires_at: 777,
         },
         {
-          permission_name: PermissionName.FilesBeta,
+          identifier: 'files-beta',
+          permission_name: 'files-beta' as PermissionName,
           expires_at: undefined,
           no_expire: true,
         },

packages/auth/src/Domain/Feature/FeatureService.ts

@@ -21,6 +21,25 @@ export class FeatureService implements FeatureServiceInterface {
     @inject(TYPES.Timer) private timer: TimerInterface,
   ) {}
 
+  async userIsEntitledToFeature(user: User, featureIdentifier: string): Promise<boolean> {
+    const userFeatures = await this.getFeaturesForUser(user)
+
+    const feature = userFeatures.find((userFeature) => userFeature.identifier === featureIdentifier)
+
+    if (feature === undefined) {
+      return false
+    }
+
+    if (feature.no_expire) {
+      return true
+    }
+
+    const featureIsExpired =
+      feature.expires_at !== undefined && feature.expires_at < this.timer.getTimestampInMicroseconds()
+
+    return !featureIsExpired
+  }
+
   async getFeaturesForOfflineUser(email: string): Promise<{ features: FeatureDescription[]; roles: string[] }> {
     const userSubscriptions = await this.offlineUserSubscriptionRepository.findByEmail(
       email,

packages/auth/src/Domain/Feature/FeatureServiceInterface.ts

@@ -4,5 +4,6 @@ import { User } from '../User/User'
 
 export interface FeatureServiceInterface {
   getFeaturesForUser(user: User): Promise<Array<FeatureDescription>>
+  userIsEntitledToFeature(user: User, featureIdentifier: string): Promise<boolean>
   getFeaturesForOfflineUser(email: string): Promise<{ features: FeatureDescription[]; roles: string[] }>
 }

packages/auth/src/Domain/UseCase/DeleteAuthenticator/DeleteAuthenticator.spec.ts

@@ -2,12 +2,18 @@ import { Dates, Uuid } from '@standardnotes/domain-core'
 
 import { Authenticator } from '../../Authenticator/Authenticator'
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
+import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
+import { User } from '../../User/User'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { DeleteAuthenticator } from './DeleteAuthenticator'
 
 describe('DeleteAuthenticator', () => {
   let authenticatorRepository: AuthenticatorRepositoryInterface
   let authenticator: Authenticator
-  const createUseCase = () => new DeleteAuthenticator(authenticatorRepository)
+  let userRepository: UserRepositoryInterface
+  let featureService: FeatureServiceInterface
+
+  const createUseCase = () => new DeleteAuthenticator(authenticatorRepository, userRepository, featureService)
 
   beforeEach(() => {
     authenticator = Authenticator.create({
@@ -24,6 +30,12 @@ describe('DeleteAuthenticator', () => {
     authenticatorRepository = {} as jest.Mocked<AuthenticatorRepositoryInterface>
     authenticatorRepository.findById = jest.fn().mockReturnValue(authenticator)
     authenticatorRepository.remove = jest.fn()
+
+    userRepository = {} as jest.Mocked<UserRepositoryInterface>
+    userRepository.findOneByUuid = jest.fn().mockReturnValue({} as jest.Mocked<User>)
+
+    featureService = {} as jest.Mocked<FeatureServiceInterface>
+    featureService.userIsEntitledToFeature = jest.fn().mockReturnValue(true)
   })
 
   it('should return error if authenticator not found', async () => {
@@ -38,6 +50,40 @@ describe('DeleteAuthenticator', () => {
     expect(result.getError()).toEqual('Authenticator not found')
   })
 
+  it('should return error if user is not found', async () => {
+    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)
+
+    const result = await createUseCase().execute({
+      userUuid: '00000000-0000-0000-0000-000000000000',
+      authenticatorId: '00000000-0000-0000-0000-000000000000',
+    })
+
+    expect(result.isFailed()).toBe(true)
+    expect(result.getError()).toEqual('Could not delete authenticator: user not found.')
+  })
+
+  it('should return error if user is not entitled to U2F', async () => {
+    featureService.userIsEntitledToFeature = jest.fn().mockReturnValue(false)
+
+    const result = await createUseCase().execute({
+      userUuid: '00000000-0000-0000-0000-000000000000',
+      authenticatorId: '00000000-0000-0000-0000-000000000000',
+    })
+
+    expect(result.isFailed()).toBe(true)
+    expect(result.getError()).toEqual('Could not delete authenticator: user is not entitled to U2F.')
+  })
+
+  it('should return error if user uuid is not valid', async () => {
+    const result = await createUseCase().execute({
+      userUuid: 'invalid',
+      authenticatorId: '00000000-0000-0000-0000-000000000000',
+    })
+
+    expect(result.isFailed()).toBe(true)
+    expect(result.getError()).toEqual('Could not delete authenticator: Given value is not a valid uuid: invalid')
+  })
+
   it('should return error if authenticator does not belong to user', async () => {
     authenticatorRepository.findById = jest.fn().mockReturnValue({
       ...authenticator,

packages/auth/src/Domain/UseCase/DeleteAuthenticator/DeleteAuthenticator.ts

@@ -1,12 +1,41 @@
-import { Result, UniqueEntityId, UseCaseInterface } from '@standardnotes/domain-core'
+import { Result, UniqueEntityId, UseCaseInterface, Uuid } from '@standardnotes/domain-core'
+import { FeatureIdentifier } from '@standardnotes/features'
+
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
+import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { DeleteAuthenticatorDTO } from './DeleteAuthenticatorDTO'
 
 export class DeleteAuthenticator implements UseCaseInterface<string> {
-  constructor(private authenticatorRepository: AuthenticatorRepositoryInterface) {}
+  constructor(
+    private authenticatorRepository: AuthenticatorRepositoryInterface,
+    private userRepository: UserRepositoryInterface,
+    private featureService: FeatureServiceInterface,
+  ) {}
+
   async execute(dto: DeleteAuthenticatorDTO): Promise<Result<string>> {
+    const userUuidOrError = Uuid.create(dto.userUuid)
+    if (userUuidOrError.isFailed()) {
+      return Result.fail(`Could not delete authenticator: ${userUuidOrError.getError()}`)
+    }
+    const userUuid = userUuidOrError.getValue()
+
+    const user = await this.userRepository.findOneByUuid(userUuid.value)
+    if (user === null) {
+      return Result.fail('Could not delete authenticator: user not found.')
+    }
+
+    const userIsEntitledToU2F = await this.featureService.userIsEntitledToFeature(
+      user,
+      FeatureIdentifier.UniversalSecondFactor,
+    )
+
+    if (!userIsEntitledToU2F) {
+      return Result.fail('Could not delete authenticator: user is not entitled to U2F.')
+    }
+
     const authenticator = await this.authenticatorRepository.findById(new UniqueEntityId(dto.authenticatorId))
-    if (!authenticator || authenticator.props.userUuid.value !== dto.userUuid) {
+    if (!authenticator || authenticator.props.userUuid.value !== userUuid.value) {
       return Result.fail('Authenticator not found')
     }
 

packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.spec.ts

@@ -4,11 +4,16 @@ import { Authenticator } from '../../Authenticator/Authenticator'
 import { AuthenticatorChallenge } from '../../Authenticator/AuthenticatorChallenge'
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
+import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
+import { User } from '../../User/User'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { GenerateAuthenticatorRegistrationOptions } from './GenerateAuthenticatorRegistrationOptions'
 
 describe('GenerateAuthenticatorRegistrationOptions', () => {
   let authenticatorRepository: AuthenticatorRepositoryInterface
   let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface
+  let userRepository: UserRepositoryInterface
+  let featureService: FeatureServiceInterface
 
   const createUseCase = () =>
     new GenerateAuthenticatorRegistrationOptions(
@@ -16,6 +21,8 @@ describe('GenerateAuthenticatorRegistrationOptions', () => {
       authenticatorChallengeRepository,
       'Standard Notes',
       'standardnotes.com',
+      userRepository,
+      featureService,
     )
 
   beforeEach(() => {
@@ -35,6 +42,12 @@ describe('GenerateAuthenticatorRegistrationOptions', () => {
 
     authenticatorChallengeRepository = {} as jest.Mocked<AuthenticatorChallengeRepositoryInterface>
     authenticatorChallengeRepository.save = jest.fn()
+
+    userRepository = {} as jest.Mocked<UserRepositoryInterface>
+    userRepository.findOneByUuid = jest.fn().mockReturnValue({} as jest.Mocked<User>)
+
+    featureService = {} as jest.Mocked<FeatureServiceInterface>
+    featureService.userIsEntitledToFeature = jest.fn().mockReturnValue(true)
   })
 
   it('should return error if userUuid is invalid', async () => {
@@ -63,6 +76,36 @@ describe('GenerateAuthenticatorRegistrationOptions', () => {
     expect(result.getError()).toBe('Could not generate authenticator registration options: Username cannot be empty')
   })
 
+  it('should return error if user is not entitled to u2f feature', async () => {
+    featureService.userIsEntitledToFeature = jest.fn().mockReturnValue(false)
+
+    const useCase = createUseCase()
+
+    const result = await useCase.execute({
+      userUuid: '00000000-0000-0000-0000-000000000000',
+      username: 'username',
+    })
+
+    expect(result.isFailed()).toBe(true)
+    expect(result.getError()).toBe(
+      'Could not generate authenticator registration options: user is not entitled to U2F.',
+    )
+  })
+
+  it('should return error if user is not found', async () => {
+    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)
+
+    const useCase = createUseCase()
+
+    const result = await useCase.execute({
+      userUuid: '00000000-0000-0000-0000-000000000000',
+      username: 'username',
+    })
+
+    expect(result.isFailed()).toBe(true)
+    expect(result.getError()).toBe('Could not generate authenticator registration options: user not found.')
+  })
+
   it('should return error if authenticator challenge is invalid', async () => {
     const mock = jest.spyOn(AuthenticatorChallenge, 'create')
     mock.mockReturnValue(Result.fail('Oops'))

packages/auth/src/Domain/UseCase/GenerateAuthenticatorRegistrationOptions/GenerateAuthenticatorRegistrationOptions.ts

@@ -5,6 +5,9 @@ import { GenerateAuthenticatorRegistrationOptionsDTO } from './GenerateAuthentic
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
 import { AuthenticatorChallenge } from '../../Authenticator/AuthenticatorChallenge'
+import { FeatureIdentifier } from '@standardnotes/features'
+import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 
 export class GenerateAuthenticatorRegistrationOptions implements UseCaseInterface<Record<string, unknown>> {
   constructor(
@@ -12,6 +15,8 @@ export class GenerateAuthenticatorRegistrationOptions implements UseCaseInterfac
     private authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface,
     private relyingPartyName: string,
     private relyingPartyId: string,
+    private userRepository: UserRepositoryInterface,
+    private featureService: FeatureServiceInterface,
   ) {}
 
   async execute(dto: GenerateAuthenticatorRegistrationOptionsDTO): Promise<Result<Record<string, unknown>>> {
@@ -27,6 +32,20 @@ export class GenerateAuthenticatorRegistrationOptions implements UseCaseInterfac
     }
     const username = usernameOrError.getValue()
 
+    const user = await this.userRepository.findOneByUuid(userUuid.value)
+    if (user === null) {
+      return Result.fail('Could not generate authenticator registration options: user not found.')
+    }
+
+    const userIsEntitledToU2F = await this.featureService.userIsEntitledToFeature(
+      user,
+      FeatureIdentifier.UniversalSecondFactor,
+    )
+
+    if (!userIsEntitledToU2F) {
+      return Result.fail('Could not generate authenticator registration options: user is not entitled to U2F.')
+    }
+
     const authenticators = await this.authenticatorRepository.findByUserUuid(userUuid)
     const options = generateRegistrationOptions({
       rpID: this.relyingPartyId,

packages/auth/src/Domain/UseCase/ListAuthenticators/ListAuthenticators.spec.ts

@@ -1,14 +1,25 @@
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
+import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
+import { User } from '../../User/User'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { ListAuthenticators } from './ListAuthenticators'
 
 describe('ListAuthenticators', () => {
   let authenticatorRepository: AuthenticatorRepositoryInterface
+  let userRepository: UserRepositoryInterface
+  let featureService: FeatureServiceInterface
 
-  const createUseCase = () => new ListAuthenticators(authenticatorRepository)
+  const createUseCase = () => new ListAuthenticators(authenticatorRepository, userRepository, featureService)
 
   beforeEach(() => {
     authenticatorRepository = {} as jest.Mocked<AuthenticatorRepositoryInterface>
     authenticatorRepository.findByUserUuid = jest.fn().mockReturnValue([])
+
+    userRepository = {} as jest.Mocked<UserRepositoryInterface>
+    userRepository.findOneByUuid = jest.fn().mockReturnValue({} as jest.Mocked<User>)
+
+    featureService = {} as jest.Mocked<FeatureServiceInterface>
+    featureService.userIsEntitledToFeature = jest.fn().mockReturnValue(true)
   })
 
   it('should list authenticators', async () => {
@@ -27,4 +38,24 @@ describe('ListAuthenticators', () => {
 
     expect(result.isFailed()).toBeTruthy()
   })
+
+  it('should fail if user is not found', async () => {
+    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)
+
+    const useCase = createUseCase()
+
+    const result = await useCase.execute({ userUuid: '00000000-0000-0000-0000-000000000000' })
+
+    expect(result.isFailed()).toBeTruthy()
+  })
+
+  it('should fail if user is not entitled to U2F', async () => {
+    featureService.userIsEntitledToFeature = jest.fn().mockReturnValue(false)
+
+    const useCase = createUseCase()
+
+    const result = await useCase.execute({ userUuid: '00000000-0000-0000-0000-000000000000' })
+
+    expect(result.isFailed()).toBeTruthy()
+  })
 })

packages/auth/src/Domain/UseCase/ListAuthenticators/ListAuthenticators.ts

@@ -1,11 +1,19 @@
 import { Result, UseCaseInterface, Uuid } from '@standardnotes/domain-core'
+import { FeatureIdentifier } from '@standardnotes/features'
 
 import { Authenticator } from '../../Authenticator/Authenticator'
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
+import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { ListAuthenticatorsDTO } from './ListAuthenticatorsDTO'
 
 export class ListAuthenticators implements UseCaseInterface<Authenticator[]> {
-  constructor(private authenticatorRepository: AuthenticatorRepositoryInterface) {}
+  constructor(
+    private authenticatorRepository: AuthenticatorRepositoryInterface,
+    private userRepository: UserRepositoryInterface,
+    private featureService: FeatureServiceInterface,
+  ) {}
+
   async execute(dto: ListAuthenticatorsDTO): Promise<Result<Authenticator[]>> {
     const userUuidOrError = Uuid.create(dto.userUuid)
     if (userUuidOrError.isFailed()) {
@@ -13,6 +21,20 @@ export class ListAuthenticators implements UseCaseInterface<Authenticator[]> {
     }
     const userUuid = userUuidOrError.getValue()
 
+    const user = await this.userRepository.findOneByUuid(userUuid.value)
+    if (user === null) {
+      return Result.fail('Could not list authenticators: user not found.')
+    }
+
+    const userIsEntitledToU2F = await this.featureService.userIsEntitledToFeature(
+      user,
+      FeatureIdentifier.UniversalSecondFactor,
+    )
+
+    if (!userIsEntitledToU2F) {
+      return Result.fail('Could not list authenticators: user is not entitled to U2F.')
+    }
+
     const authenticators = await this.authenticatorRepository.findByUserUuid(userUuid)
 
     return Result.ok(authenticators)

packages/auth/src/Domain/UseCase/UpdateSetting/UpdateSetting.spec.ts

@@ -168,7 +168,7 @@ describe('UpdateSetting', () => {
         error: {
           message: 'User 1-2-3 has no subscription to change a subscription setting.',
         },
-        statusCode: 401,
+        statusCode: 400,
       })
     })
 

packages/auth/src/Domain/UseCase/UpdateSetting/UpdateSetting.ts

@@ -83,7 +83,7 @@ export class UpdateSetting implements UseCaseInterface {
           error: {
             message: `User ${userUuid} has no subscription to change a subscription setting.`,
           },
-          statusCode: 401,
+          statusCode: 400,
         }
       }
 

packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.spec.ts

@@ -7,11 +7,16 @@ import { Authenticator } from '../../Authenticator/Authenticator'
 import { AuthenticatorChallenge } from '../../Authenticator/AuthenticatorChallenge'
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
+import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
+import { User } from '../../User/User'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 import { VerifyAuthenticatorRegistrationResponse } from './VerifyAuthenticatorRegistrationResponse'
 
 describe('VerifyAuthenticatorRegistrationResponse', () => {
   let authenticatorRepository: AuthenticatorRepositoryInterface
   let authenticatorChallengeRepository: AuthenticatorChallengeRepositoryInterface
+  let userRepository: UserRepositoryInterface
+  let featureService: FeatureServiceInterface
 
   const createUseCase = () =>
     new VerifyAuthenticatorRegistrationResponse(
@@ -20,6 +25,8 @@ describe('VerifyAuthenticatorRegistrationResponse', () => {
       'standardnotes.com',
       ['localhost', 'https://app.standardnotes.com'],
       true,
+      userRepository,
+      featureService,
     )
 
   beforeEach(() => {
@@ -32,6 +39,12 @@ describe('VerifyAuthenticatorRegistrationResponse', () => {
         challenge: Buffer.from('challenge'),
       },
     } as jest.Mocked<AuthenticatorChallenge>)
+
+    userRepository = {} as jest.Mocked<UserRepositoryInterface>
+    userRepository.findOneByUuid = jest.fn().mockReturnValue({} as jest.Mocked<User>)
+
+    featureService = {} as jest.Mocked<FeatureServiceInterface>
+    featureService.userIsEntitledToFeature = jest.fn().mockReturnValue(true)
   })
 
   it('should return error if user uuid is invalid', async () => {
@@ -57,6 +70,54 @@ describe('VerifyAuthenticatorRegistrationResponse', () => {
     )
   })
 
+  it('should return error if user is not entitled to feature', async () => {
+    featureService.userIsEntitledToFeature = jest.fn().mockReturnValue(false)
+
+    const useCase = createUseCase()
+
+    const result = await useCase.execute({
+      userUuid: '00000000-0000-0000-0000-000000000000',
+      attestationResponse: {
+        id: 'id',
+        rawId: 'rawId',
+        response: {
+          attestationObject: 'attestationObject',
+          clientDataJSON: 'clientDataJSON',
+        },
+        type: 'public-key',
+        clientExtensionResults: {},
+      } as jest.Mocked<RegistrationResponseJSON>,
+    })
+
+    expect(result.isFailed()).toBeTruthy()
+    expect(result.getError()).toEqual(
+      'Could not verify authenticator registration response: user is not entitled to U2F.',
+    )
+  })
+
+  it('should return error if user is not found', async () => {
+    userRepository.findOneByUuid = jest.fn().mockReturnValue(null)
+
+    const useCase = createUseCase()
+
+    const result = await useCase.execute({
+      userUuid: '00000000-0000-0000-0000-000000000000',
+      attestationResponse: {
+        id: 'id',
+        rawId: 'rawId',
+        response: {
+          attestationObject: 'attestationObject',
+          clientDataJSON: 'clientDataJSON',
+        },
+        type: 'public-key',
+        clientExtensionResults: {},
+      } as jest.Mocked<RegistrationResponseJSON>,
+    })
+
+    expect(result.isFailed()).toBeTruthy()
+    expect(result.getError()).toEqual('Could not verify authenticator registration response: user not found.')
+  })
+
   it('should return error if challenge is not found', async () => {
     authenticatorChallengeRepository.findByUserUuid = jest.fn().mockReturnValue(null)
 

packages/auth/src/Domain/UseCase/VerifyAuthenticatorRegistrationResponse/VerifyAuthenticatorRegistrationResponse.ts

@@ -1,10 +1,13 @@
 import { Dates, Result, UniqueEntityId, UseCaseInterface, Uuid } from '@standardnotes/domain-core'
 import { VerifiedRegistrationResponse, verifyRegistrationResponse } from '@simplewebauthn/server'
+import { FeatureIdentifier } from '@standardnotes/features'
 
 import { AuthenticatorChallengeRepositoryInterface } from '../../Authenticator/AuthenticatorChallengeRepositoryInterface'
 import { AuthenticatorRepositoryInterface } from '../../Authenticator/AuthenticatorRepositoryInterface'
 import { Authenticator } from '../../Authenticator/Authenticator'
 import { VerifyAuthenticatorRegistrationResponseDTO } from './VerifyAuthenticatorRegistrationResponseDTO'
+import { FeatureServiceInterface } from '../../Feature/FeatureServiceInterface'
+import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
 
 export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface<UniqueEntityId> {
   constructor(
@@ -13,6 +16,8 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface
     private relyingPartyId: string,
     private expectedOrigin: string[],
     private requireUserVerification: boolean,
+    private userRepository: UserRepositoryInterface,
+    private featureService: FeatureServiceInterface,
   ) {}
 
   async execute(dto: VerifyAuthenticatorRegistrationResponseDTO): Promise<Result<UniqueEntityId>> {
@@ -22,6 +27,20 @@ export class VerifyAuthenticatorRegistrationResponse implements UseCaseInterface
     }
     const userUuid = userUuidOrError.getValue()
 
+    const user = await this.userRepository.findOneByUuid(userUuid.value)
+    if (user === null) {
+      return Result.fail('Could not verify authenticator registration response: user not found.')
+    }
+
+    const userIsEntitledToU2F = await this.featureService.userIsEntitledToFeature(
+      user,
+      FeatureIdentifier.UniversalSecondFactor,
+    )
+
+    if (!userIsEntitledToU2F) {
+      return Result.fail('Could not verify authenticator registration response: user is not entitled to U2F.')
+    }
+
     const authenticatorChallenge = await this.authenticatorChallengeRepository.findByUserUuid(userUuid)
     if (!authenticatorChallenge) {
       return Result.fail('Could not verify authenticator registration response: challenge not found')

packages/auth/src/Domain/User/User.ts

@@ -4,6 +4,7 @@ import { Role } from '../Role/Role'
 import { Setting } from '../Setting/Setting'
 import { UserSubscription } from '../Subscription/UserSubscription'
 import { ProtocolVersion } from '@standardnotes/common'
+import { TypeORMEmergencyAccessInvitation } from '../../Infra/TypeORM/TypeORMEmergencyAccessInvitation'
 
 @Entity({ name: 'users' })
 export class User {
@@ -181,6 +182,22 @@ export class User {
   )
   declare subscriptions: Promise<UserSubscription[]>
 
+  @OneToMany(
+    /* istanbul ignore next */
+    () => TypeORMEmergencyAccessInvitation,
+    /* istanbul ignore next */
+    (invitation) => invitation.grantor,
+  )
+  declare emergencyAccessInvitationsCreated: Promise<TypeORMEmergencyAccessInvitation[]>
+
+  @OneToMany(
+    /* istanbul ignore next */
+    () => TypeORMEmergencyAccessInvitation,
+    /* istanbul ignore next */
+    (invitation) => invitation.grantee,
+  )
+  declare emergencyAccessInvitationsReceived: Promise<TypeORMEmergencyAccessInvitation[]>
+
   supportsSessions(): boolean {
     return parseInt(this.version) >= parseInt(ProtocolVersion.V004)
   }

packages/auth/src/Infra/TypeORM/TypeORMEmergencyAccessInvitation.ts

@@ -0,0 +1,66 @@
+import { Column, Entity, JoinColumn, ManyToOne, PrimaryGeneratedColumn } from 'typeorm'
+import { User } from '../../Domain/User/User'
+
+@Entity({ name: 'emergency_access_invitations' })
+export class TypeORMEmergencyAccessInvitation {
+  @PrimaryGeneratedColumn('uuid')
+  declare uuid: string
+
+  @Column({
+    name: 'grantor_uuid',
+    length: 36,
+  })
+  declare grantorUuid: string
+
+  @ManyToOne(
+    /* istanbul ignore next */
+    () => User,
+    /* istanbul ignore next */
+    (user) => user.emergencyAccessInvitationsCreated,
+    /* istanbul ignore next */
+    { onDelete: 'CASCADE', nullable: false },
+  )
+  @JoinColumn({ name: 'grantor_uuid', referencedColumnName: 'uuid', foreignKeyConstraintName: 'grantor_uuid_fk' })
+  declare grantor: Promise<User>
+
+  @Column({
+    name: 'grantee_uuid',
+    length: 36,
+  })
+  declare granteeUuid: string
+
+  @ManyToOne(
+    /* istanbul ignore next */
+    () => User,
+    /* istanbul ignore next */
+    (user) => user.emergencyAccessInvitationsReceived,
+    /* istanbul ignore next */
+    { onDelete: 'CASCADE', nullable: false },
+  )
+  @JoinColumn({ name: 'grantee_uuid', referencedColumnName: 'uuid', foreignKeyConstraintName: 'grantee_uuid_fk' })
+  declare grantee: Promise<User>
+
+  @Column({
+    name: 'status',
+    length: 36,
+  })
+  declare status: string
+
+  @Column({
+    name: 'expires_at',
+    type: 'datetime',
+  })
+  declare expiresAt: Date
+
+  @Column({
+    name: 'created_at',
+    type: 'datetime',
+  })
+  declare createdAt: Date
+
+  @Column({
+    name: 'updated_at',
+    type: 'datetime',
+  })
+  declare updatedAt: Date
+}

packages/auth/src/Mapping/EmergencyAccessInvitationPersistenceMapper.ts

@@ -0,0 +1,63 @@
+import { Dates, MapperInterface, UniqueEntityId, Uuid } from '@standardnotes/domain-core'
+
+import { EmergencyAccessInvitation } from '../Domain/EmergencyAccess/EmergencyAccessInvitation'
+import { EmergencyAccessInvitationStatus } from '../Domain/EmergencyAccess/EmergencyAccessInvitationStatus'
+import { TypeORMEmergencyAccessInvitation } from '../Infra/TypeORM/TypeORMEmergencyAccessInvitation'
+
+export class EmergencyAccessInvitationPersistenceMapper
+  implements MapperInterface<EmergencyAccessInvitation, TypeORMEmergencyAccessInvitation>
+{
+  toDomain(projection: TypeORMEmergencyAccessInvitation): EmergencyAccessInvitation {
+    const grantorUuidOrError = Uuid.create(projection.grantorUuid)
+    if (grantorUuidOrError.isFailed()) {
+      throw new Error(grantorUuidOrError.getError())
+    }
+    const grantorUuid = grantorUuidOrError.getValue()
+
+    const granteeUuidOrError = Uuid.create(projection.granteeUuid)
+    if (granteeUuidOrError.isFailed()) {
+      throw new Error(granteeUuidOrError.getError())
+    }
+    const granteeUuid = granteeUuidOrError.getValue()
+
+    const emergencyAccessInvitationStatusOrError = EmergencyAccessInvitationStatus.create(projection.status)
+    if (emergencyAccessInvitationStatusOrError.isFailed()) {
+      throw new Error(emergencyAccessInvitationStatusOrError.getError())
+    }
+    const emergencyAccessInvitationStatus = emergencyAccessInvitationStatusOrError.getValue()
+
+    const datesOrError = Dates.create(projection.createdAt, projection.updatedAt)
+    if (datesOrError.isFailed()) {
+      throw new Error(datesOrError.getError())
+    }
+    const dates = datesOrError.getValue()
+
+    const emergencyAccessInvitationOrError = EmergencyAccessInvitation.create(
+      {
+        grantorUuid,
+        granteeUuid,
+        status: emergencyAccessInvitationStatus,
+        expiresAt: projection.expiresAt,
+        dates,
+      },
+      new UniqueEntityId(projection.uuid),
+    )
+    const emergencyAccessInvitation = emergencyAccessInvitationOrError.getValue()
+
+    return emergencyAccessInvitation
+  }
+
+  toProjection(domain: EmergencyAccessInvitation): TypeORMEmergencyAccessInvitation {
+    const typeorm = new TypeORMEmergencyAccessInvitation()
+
+    typeorm.uuid = domain.id.toString()
+    typeorm.grantorUuid = domain.props.grantorUuid.value
+    typeorm.granteeUuid = domain.props.granteeUuid.value
+    typeorm.status = domain.props.status.value
+    typeorm.expiresAt = domain.props.expiresAt
+    typeorm.createdAt = domain.props.dates.createdAt
+    typeorm.updatedAt = domain.props.dates.updatedAt
+
+    return typeorm
+  }
+}

packages/domain-events-infra/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.10.0](https://github.com/standardnotes/server/compare/@standardnotes/domain-events-infra@1.9.74...@standardnotes/domain-events-infra@1.10.0) (2023-04-21)
+
+### Features
+
+* **domain-events-infra:** add SES email bounce notifications handler ([#569](https://github.com/standardnotes/server/issues/569)) ([9b9f10d](https://github.com/standardnotes/server/commit/9b9f10d4ca9ceef1defa868b7c96f570e46d8053))
+
 ## [1.9.74](https://github.com/standardnotes/server/compare/@standardnotes/domain-events-infra@1.9.73...@standardnotes/domain-events-infra@1.9.74) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/domain-events-infra

packages/domain-events-infra/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/domain-events-infra",
-  "version": "1.9.74",
+  "version": "1.10.0",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/domain-events-infra/src/Infra/SQS/SQSNewRelicBounceNotificiationHandler.spec.ts

@@ -0,0 +1,72 @@
+import 'reflect-metadata'
+
+import { DomainEventHandlerInterface } from '@standardnotes/domain-events'
+
+import { startBackgroundTransaction } from 'newrelic'
+jest.mock('newrelic')
+
+import { Logger } from 'winston'
+
+import { SQSNewRelicBounceNotificiationHandler } from './SQSNewRelicBounceNotificiationHandler'
+
+describe('SQSNewRelicBounceNotificiationHandler', () => {
+  let handler: DomainEventHandlerInterface
+  let handlers: Map<string, DomainEventHandlerInterface>
+  let logger: Logger
+  let mockedStartBackgroundTransaction: unknown
+
+  const createHandler = () => new SQSNewRelicBounceNotificiationHandler(handlers, logger)
+
+  beforeEach(() => {
+    handler = {} as jest.Mocked<DomainEventHandlerInterface>
+    handler.handle = jest.fn()
+
+    handlers = new Map([['EMAIL_BOUNCED', handler]])
+
+    logger = {} as jest.Mocked<Logger>
+    logger.debug = jest.fn()
+    logger.error = jest.fn()
+
+    mockedStartBackgroundTransaction = startBackgroundTransaction as jest.Mocked<unknown>
+  })
+
+  it('should handle messages', async () => {
+    const sqsMessage = `{
+      "Message" : "{\\"notificationType\\":\\"Bounce\\",\\"bounce\\":{\\"feedbackId\\":\\"010001879d0a9def-d9882210-6467-48ed-8088-2193c66a349b-000000\\",\\"bounceType\\":\\"Transient\\",\\"bounceSubType\\":\\"General\\",\\"bouncedRecipients\\":[{\\"emailAddress\\":\\"test@test.te\\",\\"action\\":\\"failed\\",\\"status\\":\\"5.7.1\\",\\"diagnosticCode\\":\\"smtp; 550 5.7.1 <test@test.te>: Recipient address rejected: Recipient not found\\"}],\\"timestamp\\":\\"2023-04-20T05:02:11.000Z\\",\\"remoteMtaIp\\":\\"1.2.3.4\\",\\"reportingMTA\\":\\"dns; test.smtp-out.amazonses.com\\"},\\"mail\\":{\\"timestamp\\":\\"2023-04-20T05:02:08.589Z\\",\\"source\\":\\"Standard Notes <backups@standardnotes.org>\\",\\"sourceArn\\":\\"arn:aws:ses:us-east-1:336603415364:identity/backups@standardnotes.org\\",\\"sourceIp\\":\\"1.2.3.4\\",\\"callerIdentity\\":\\"test\\",\\"sendingAccountId\\":\\"123456\\",\\"messageId\\":\\"010001879d0a92cd-00ed31d1-bf9e-4ce4-abb9-8c6e95a30733-000000\\",\\"destination\\":[\\"test@test.te\\"]}}"
+    }`
+
+    await createHandler().handleMessage(sqsMessage)
+
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    expect((<any>mockedStartBackgroundTransaction).mock.calls[0][0]).toBe('EMAIL_BOUNCED')
+  })
+
+  it('should not handle unsupported messages', async () => {
+    const sqsMessage = `{
+      "Message" : "{\\"notificationType\\":\\"TEST\\",\\"bounce\\":{\\"feedbackId\\":\\"010001879d0a9def-d9882210-6467-48ed-8088-2193c66a349b-000000\\",\\"bounceType\\":\\"Transient\\",\\"bounceSubType\\":\\"General\\",\\"bouncedRecipients\\":[{\\"emailAddress\\":\\"test@test.te\\",\\"action\\":\\"failed\\",\\"status\\":\\"5.7.1\\",\\"diagnosticCode\\":\\"smtp; 550 5.7.1 <test@test.te>: Recipient address rejected: Recipient not found\\"}],\\"timestamp\\":\\"2023-04-20T05:02:11.000Z\\",\\"remoteMtaIp\\":\\"1.2.3.4\\",\\"reportingMTA\\":\\"dns; test.smtp-out.amazonses.com\\"},\\"mail\\":{\\"timestamp\\":\\"2023-04-20T05:02:08.589Z\\",\\"source\\":\\"Standard Notes <backups@standardnotes.org>\\",\\"sourceArn\\":\\"arn:aws:ses:us-east-1:336603415364:identity/backups@standardnotes.org\\",\\"sourceIp\\":\\"1.2.3.4\\",\\"callerIdentity\\":\\"test\\",\\"sendingAccountId\\":\\"123456\\",\\"messageId\\":\\"010001879d0a92cd-00ed31d1-bf9e-4ce4-abb9-8c6e95a30733-000000\\",\\"destination\\":[\\"test@test.te\\"]}}"
+    }`
+
+    await createHandler().handleMessage(sqsMessage)
+
+    expect(handler.handle).not.toHaveBeenCalled()
+  })
+
+  it('should handle errors', async () => {
+    await createHandler().handleError(new Error('test'))
+
+    expect(logger.error).toHaveBeenCalled()
+  })
+
+  it('should tell if there is no handler for an event', async () => {
+    const sqsMessage = `{
+      "Message" : "{\\"notificationType\\":\\"Bounce\\",\\"bounce\\":{\\"feedbackId\\":\\"010001879d0a9def-d9882210-6467-48ed-8088-2193c66a349b-000000\\",\\"bounceType\\":\\"Transient\\",\\"bounceSubType\\":\\"General\\",\\"bouncedRecipients\\":[{\\"emailAddress\\":\\"test@test.te\\",\\"action\\":\\"failed\\",\\"status\\":\\"5.7.1\\",\\"diagnosticCode\\":\\"smtp; 550 5.7.1 <test@test.te>: Recipient address rejected: Recipient not found\\"}],\\"timestamp\\":\\"2023-04-20T05:02:11.000Z\\",\\"remoteMtaIp\\":\\"1.2.3.4\\",\\"reportingMTA\\":\\"dns; test.smtp-out.amazonses.com\\"},\\"mail\\":{\\"timestamp\\":\\"2023-04-20T05:02:08.589Z\\",\\"source\\":\\"Standard Notes <backups@standardnotes.org>\\",\\"sourceArn\\":\\"arn:aws:ses:us-east-1:336603415364:identity/backups@standardnotes.org\\",\\"sourceIp\\":\\"1.2.3.4\\",\\"callerIdentity\\":\\"test\\",\\"sendingAccountId\\":\\"123456\\",\\"messageId\\":\\"010001879d0a92cd-00ed31d1-bf9e-4ce4-abb9-8c6e95a30733-000000\\",\\"destination\\":[\\"test@test.te\\"]}}"
+    }`
+
+    const bounceHandler = new SQSNewRelicBounceNotificiationHandler(new Map([]), logger)
+    await bounceHandler.handleMessage(sqsMessage)
+
+    expect(logger.debug).toHaveBeenCalledWith('Event handler for event type EMAIL_BOUNCED does not exist')
+
+    expect(handler.handle).not.toHaveBeenCalled()
+  })
+})

packages/domain-events-infra/src/Infra/SQS/SQSNewRelicBounceNotificiationHandler.ts

@@ -0,0 +1,68 @@
+import { Logger } from 'winston'
+import * as newrelic from 'newrelic'
+
+import {
+  DomainEventHandlerInterface,
+  DomainEventMessageHandlerInterface,
+  DomainEventService,
+  EmailBouncedEvent,
+} from '@standardnotes/domain-events'
+
+export class SQSNewRelicBounceNotificiationHandler implements DomainEventMessageHandlerInterface {
+  private readonly ALLOWED_NOTIFICATION_TYPES = ['Bounce']
+
+  constructor(private handlers: Map<string, DomainEventHandlerInterface>, private logger: Logger) {}
+
+  async handleMessage(message: string): Promise<void> {
+    const messageParsed = JSON.parse(JSON.parse(message).Message)
+
+    if (!this.ALLOWED_NOTIFICATION_TYPES.includes(messageParsed.notificationType)) {
+      this.logger.error(`Received notification of type ${messageParsed.notificationType} which is not allowed`)
+
+      return
+    }
+
+    for (const bouncedRecipient of messageParsed.bounce.bouncedRecipients) {
+      const domainEvent: EmailBouncedEvent = {
+        type: 'EMAIL_BOUNCED',
+        payload: {
+          bounceType: messageParsed.bounce.bounceType,
+          bounceSubType: messageParsed.bounce.bounceSubType,
+          recipientEmail: bouncedRecipient.emailAddress,
+          diagnosticCode: bouncedRecipient.diagnosticCode,
+        },
+        createdAt: new Date(),
+        meta: {
+          correlation: {
+            userIdentifier: bouncedRecipient.emailAddress,
+            userIdentifierType: 'email',
+          },
+          origin: DomainEventService.SES,
+        },
+      }
+
+      const handler = this.handlers.get(domainEvent.type)
+      if (!handler) {
+        this.logger.debug(`Event handler for event type ${domainEvent.type} does not exist`)
+
+        return
+      }
+
+      this.logger.debug(`Received event: ${domainEvent.type}`)
+
+      await newrelic.startBackgroundTransaction(
+        domainEvent.type,
+        /* istanbul ignore next */
+        () => {
+          newrelic.getTransaction()
+
+          return handler.handle(domainEvent)
+        },
+      )
+    }
+  }
+
+  async handleError(error: Error): Promise<void> {
+    this.logger.error('Error occured while handling SQS message: %O', error)
+  }
+}

packages/domain-events-infra/src/Infra/index.ts

@@ -5,6 +5,7 @@ export * from './Redis/RedisEventMessageHandler'
 
 export * from './SNS/SNSDomainEventPublisher'
 
+export * from './SQS/SQSNewRelicBounceNotificiationHandler'
 export * from './SQS/SQSDomainEventSubscriberFactory'
 export * from './SQS/SQSEventMessageHandler'
 export * from './SQS/SQSNewRelicEventMessageHandler'

packages/domain-events/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [2.109.0](https://github.com/standardnotes/server/compare/@standardnotes/domain-events@2.108.1...@standardnotes/domain-events@2.109.0) (2023-04-21)
+
+### Features
+
+* **domain-events-infra:** add SES email bounce notifications handler ([#569](https://github.com/standardnotes/server/issues/569)) ([9b9f10d](https://github.com/standardnotes/server/commit/9b9f10d4ca9ceef1defa868b7c96f570e46d8053))
+
 ## [2.108.1](https://github.com/standardnotes/server/compare/@standardnotes/domain-events@2.108.0...@standardnotes/domain-events@2.108.1) (2023-02-23)
 
 **Note:** Version bump only for package @standardnotes/domain-events

packages/domain-events/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/domain-events",
-  "version": "2.108.1",
+  "version": "2.109.0",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/domain-events/src/Domain/Event/DomainEventService.ts

@@ -12,4 +12,5 @@ export enum DomainEventService {
   Revisions = 'revisions',
   Email = 'email',
   Settings = 'settings',
+  SES = 'ses',
 }

packages/domain-events/src/Domain/Event/EmailBouncedEvent.ts

@@ -0,0 +1,7 @@
+import { DomainEventInterface } from './DomainEventInterface'
+import { EmailBouncedEventPayload } from './EmailBouncedEventPayload'
+
+export interface EmailBouncedEvent extends DomainEventInterface {
+  type: 'EMAIL_BOUNCED'
+  payload: EmailBouncedEventPayload
+}

packages/domain-events/src/Domain/Event/EmailBouncedEventPayload.ts

@@ -0,0 +1,6 @@
+export interface EmailBouncedEventPayload {
+  recipientEmail: string
+  bounceType: string
+  bounceSubType: string
+  diagnosticCode?: string
+}

packages/domain-events/src/Domain/index.ts

@@ -12,6 +12,8 @@ export * from './Event/DuplicateItemSyncedEvent'
 export * from './Event/DuplicateItemSyncedEventPayload'
 export * from './Event/EmailBackupRequestedEvent'
 export * from './Event/EmailBackupRequestedEventPayload'
+export * from './Event/EmailBouncedEvent'
+export * from './Event/EmailBouncedEventPayload'
 export * from './Event/EmailRequestedEvent'
 export * from './Event/EmailRequestedEventPayload'
 export * from './Event/EmailSentEvent'

packages/event-store/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.7.8](https://github.com/standardnotes/server/compare/@standardnotes/event-store@1.7.7...@standardnotes/event-store@1.7.8) (2023-04-21)
+
+**Note:** Version bump only for package @standardnotes/event-store
+
 ## [1.7.7](https://github.com/standardnotes/server/compare/@standardnotes/event-store@1.7.6...@standardnotes/event-store@1.7.7) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/event-store

packages/event-store/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/event-store",
-  "version": "1.7.7",
+  "version": "1.7.8",
   "description": "Event Store Service",
   "private": true,
   "main": "dist/src/index.js",

packages/files/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.10.10](https://github.com/standardnotes/files/compare/@standardnotes/files-server@1.10.9...@standardnotes/files-server@1.10.10) (2023-04-21)
+
+**Note:** Version bump only for package @standardnotes/files-server
+
 ## [1.10.9](https://github.com/standardnotes/files/compare/@standardnotes/files-server@1.10.8...@standardnotes/files-server@1.10.9) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/files-server

packages/files/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/files-server",
-  "version": "1.10.9",
+  "version": "1.10.10",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/revisions/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.12.13](https://github.com/standardnotes/server/compare/@standardnotes/revisions-server@1.12.12...@standardnotes/revisions-server@1.12.13) (2023-04-21)
+
+**Note:** Version bump only for package @standardnotes/revisions-server
+
 ## [1.12.12](https://github.com/standardnotes/server/compare/@standardnotes/revisions-server@1.12.11...@standardnotes/revisions-server@1.12.12) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/revisions-server

packages/revisions/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/revisions-server",
-  "version": "1.12.12",
+  "version": "1.12.13",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/scheduler/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.17.10](https://github.com/standardnotes/server/compare/@standardnotes/scheduler-server@1.17.9...@standardnotes/scheduler-server@1.17.10) (2023-04-21)
+
+**Note:** Version bump only for package @standardnotes/scheduler-server
+
 ## [1.17.9](https://github.com/standardnotes/server/compare/@standardnotes/scheduler-server@1.17.8...@standardnotes/scheduler-server@1.17.9) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/scheduler-server

packages/scheduler/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/scheduler-server",
-  "version": "1.17.9",
+  "version": "1.17.10",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/syncing-server/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.32.6](https://github.com/standardnotes/syncing-server-js/compare/@standardnotes/syncing-server@1.32.5...@standardnotes/syncing-server@1.32.6) (2023-04-21)
+
+**Note:** Version bump only for package @standardnotes/syncing-server
+
 ## [1.32.5](https://github.com/standardnotes/syncing-server-js/compare/@standardnotes/syncing-server@1.32.4...@standardnotes/syncing-server@1.32.5) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/syncing-server

packages/syncing-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/syncing-server",
-  "version": "1.32.5",
+  "version": "1.32.6",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

packages/websockets/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.6.11](https://github.com/standardnotes/server/compare/@standardnotes/websockets-server@1.6.10...@standardnotes/websockets-server@1.6.11) (2023-04-21)
+
+**Note:** Version bump only for package @standardnotes/websockets-server
+
 ## [1.6.10](https://github.com/standardnotes/server/compare/@standardnotes/websockets-server@1.6.9...@standardnotes/websockets-server@1.6.10) (2023-03-30)
 
 **Note:** Version bump only for package @standardnotes/websockets-server

packages/websockets/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/websockets-server",
-  "version": "1.6.10",
+  "version": "1.6.11",
   "engines": {
     "node": ">=18.0.0 <19.0.0"
   },

yarn.lock

@@ -3299,7 +3299,7 @@ __metadata:
     "@standardnotes/domain-core": "workspace:^"
     "@standardnotes/domain-events": "workspace:*"
     "@standardnotes/domain-events-infra": "workspace:*"
-    "@standardnotes/features": "npm:^1.58.9"
+    "@standardnotes/features": "npm:^1.58.12"
     "@standardnotes/predicates": "workspace:*"
     "@standardnotes/responses": "npm:^1.13.9"
     "@standardnotes/security": "workspace:*"
@@ -3482,15 +3482,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@standardnotes/features@npm:^1.58.9":
-  version: 1.58.9
-  resolution: "@standardnotes/features@npm:1.58.9"
+"@standardnotes/features@npm:^1.58.12":
+  version: 1.58.12
+  resolution: "@standardnotes/features@npm:1.58.12"
   dependencies:
     "@standardnotes/common": "npm:^1.46.6"
     "@standardnotes/domain-core": "npm:^1.11.3"
     "@standardnotes/security": "npm:^1.7.6"
     reflect-metadata: "npm:^0.1.13"
-  checksum: 218350ee55d2f920e26c4041e1e307655cf9e755b83c7fd2165be2222d95b40154c0d325a362cc84ce960ccf8c07c6d95c6a8558ddabf6ee335462cf6bd22508
+  checksum: 3fcd9a948848cf6fe567390a7740222fd96d10b8a9bceeaf608befcd7e24ac7374e1c87ed51c12ab62a9ed6036b3c6da82c78ab58f6b0c3f0c3c9aaa2b7ffdfe
   languageName: node
   linkType: hard