what the hell am I doing

This reverts commit abd233ce65.

Containerfile

@@ -1,5 +1,5 @@
 # Stage 1: Build
-FROM docker.io/golang:1.23 AS builder
+FROM registry.itzana.me/docker-proxy/golang:1.24 AS builder
 
 # Set the working directory in the container
 WORKDIR /app
@@ -14,7 +14,7 @@ COPY . .
 RUN CGO_ENABLED=0 GOOS=linux go build -o service ./cmd/maps-service/service.go
 
 # Stage 2: Run
-FROM alpine
+FROM registry.itzana.me/docker-proxy/alpine:3.21
 
 # Set up a non-root user for security
 RUN addgroup -S appgroup && adduser -S appuser -G appgroup

README.md

@@ -26,10 +26,11 @@ Prerequisite: golang installed
 
 Prerequisite: bun installed
 
-The environment variable `API_HOST` will need to be set for the middleware.
+The environment variables `API_HOST` and `AUTH_HOST` will need to be set for the middleware.
 Example `.env` in web's root:
 ```
-API_HOST="http://localhost:8082/v1/"
+API_HOST="http://localhost:8082/"
+AUTH_HOST="http://localhost:8083/"
 ```
 
 1. `cd web`

compose.yaml

@@ -33,6 +33,8 @@ services:
       "--auth-rpc-host","authrpc:8081",
       "--data-rpc-host","dataservice:9000",
     ]
+    env_file:
+      - ../auth-compose/strafesnet_staging.env
     depends_on:
       - authrpc
       - nats
@@ -50,6 +52,7 @@ services:
       - "3000:3000"
     environment:
       - API_HOST=http://submissions:8082/v1
+      - AUTH_HOST=http://localhost:8080/
 
   validation:
     image:

openapi-internal.yaml

@@ -48,12 +48,121 @@ paths:
           schema:
             type: integer
             format: int64
+            minimum: 0
         - name: ValidatedModelVersion
           in: query
           required: true
           schema:
             type: integer
             format: int64
+            minimum: 0
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /mapfixes/{MapfixID}/error:
+    post:
+      summary: Validator posts an error to the audit log
+      operationId: createMapfixAuditError
+      tags:
+        - Mapfixes
+      parameters:
+        - $ref: '#/components/parameters/MapfixID'
+        - name: ErrorMessage
+          in: query
+          required: true
+          schema:
+            type: string
+            minLength: 0
+            maxLength: 4096
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /mapfixes/{MapfixID}/checklist:
+    post:
+      summary: Validator posts a checklist to the audit log
+      operationId: createMapfixAuditCheckList
+      tags:
+        - Mapfixes
+      parameters:
+        - $ref: '#/components/parameters/MapfixID'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CheckList'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /mapfixes/{MapfixID}/status/validator-submitted:
+    post:
+      summary: (Internal endpoint) Role Validator changes status from Submitting -> Submitted
+      operationId: actionMapfixSubmitted
+      tags:
+        - Mapfixes
+      parameters:
+        - $ref: '#/components/parameters/MapfixID'
+        - name: ModelVersion
+          in: query
+          required: true
+          schema:
+            type: integer
+            format: int64
+            minimum: 0
+        - name: DisplayName
+          in: query
+          required: true
+          schema:
+            type: string
+            maxLength: 128
+        - name: Creator
+          in: query
+          required: true
+          schema:
+            type: string
+            maxLength: 128
+        - name: GameID
+          in: query
+          required: true
+          schema:
+            type: integer
+            format: int32
+            minimum: 0
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /mapfixes/{MapfixID}/status/validator-request-changes:
+    post:
+      summary: (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested
+      operationId: actionMapfixRequestChanges
+      tags:
+        - Mapfixes
+      parameters:
+        - $ref: '#/components/parameters/MapfixID'
       responses:
         "204":
           description: Successful response
@@ -88,13 +197,6 @@ paths:
         - Mapfixes
       parameters:
         - $ref: '#/components/parameters/MapfixID'
-        - name: StatusMessage
-          in: query
-          required: true
-          schema:
-            type: string
-            minLength: 0
-            maxLength: 4096
       responses:
         "204":
           description: Successful response
@@ -184,12 +286,121 @@ paths:
           schema:
             type: integer
             format: int64
+            minimum: 0
         - name: ValidatedModelVersion
           in: query
           required: true
           schema:
             type: integer
             format: int64
+            minimum: 0
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/error:
+    post:
+      summary: Validator posts an error to the audit log
+      operationId: createSubmissionAuditError
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+        - name: ErrorMessage
+          in: query
+          required: true
+          schema:
+            type: string
+            minLength: 0
+            maxLength: 4096
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/checklist:
+    post:
+      summary: Validator posts a checklist to the audit log
+      operationId: createSubmissionAuditCheckList
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CheckList'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/validator-submitted:
+    post:
+      summary: (Internal endpoint) Role Validator changes status from Submitting -> Submitted
+      operationId: actionSubmissionSubmitted
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+        - name: ModelVersion
+          in: query
+          required: true
+          schema:
+            type: integer
+            format: int64
+            minimum: 0
+        - name: DisplayName
+          in: query
+          required: true
+          schema:
+            type: string
+            maxLength: 128
+        - name: Creator
+          in: query
+          required: true
+          schema:
+            type: string
+            maxLength: 128
+        - name: GameID
+          in: query
+          required: true
+          schema:
+            type: integer
+            format: int32
+            minimum: 0
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/validator-request-changes:
+    post:
+      summary: (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested
+      operationId: actionSubmissionRequestChanges
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
       responses:
         "204":
           description: Successful response
@@ -224,13 +435,6 @@ paths:
         - Submissions
       parameters:
         - $ref: '#/components/parameters/SubmissionID'
-        - name: StatusMessage
-          in: query
-          required: true
-          schema:
-            type: string
-            minLength: 0
-            maxLength: 4096
       responses:
         "204":
           description: Successful response
@@ -254,6 +458,7 @@ paths:
           schema:
             type: integer
             format: int64
+            minimum: 0
       responses:
         "204":
           description: Successful response
@@ -283,11 +488,13 @@ paths:
         schema:
           type: integer
           format: int64
+          minimum: 0
       - name: Policy
         in: query
         schema:
           type: integer
           format: int32
+          minimum: 0
       responses:
         "200":
           description: Successful response
@@ -357,11 +564,13 @@ paths:
         schema:
           type: integer
           format: int32
+          minimum: 0
       - name: ResourceID
         in: query
         schema:
           type: integer
           format: int64
+          minimum: 0
       responses:
         "200":
           description: Successful response
@@ -432,6 +641,7 @@ components:
       schema:
         type: integer
         format: int64
+        minimum: 0
     OperationID:
       name: OperationID
       in: path
@@ -440,6 +650,7 @@ components:
       schema:
         type: integer
         format: int32
+        minimum: 0
     SubmissionID:
       name: SubmissionID
       in: path
@@ -448,6 +659,7 @@ components:
       schema:
         type: integer
         format: int64
+        minimum: 0
     ScriptID:
       name: ScriptID
       in: path
@@ -456,6 +668,7 @@ components:
       schema:
         type: integer
         format: int64
+        minimum: 0
     Page:
       name: Page
       in: query
@@ -482,6 +695,7 @@ components:
         MapfixID:
           type: integer
           format: int64
+          minimum: 0
     SubmissionID:
       required:
       - SubmissionID
@@ -490,6 +704,7 @@ components:
         SubmissionID:
           type: integer
           format: int64
+          minimum: 0
     ScriptID:
       required:
       - ScriptID
@@ -498,6 +713,7 @@ components:
         ScriptID:
           type: integer
           format: int64
+          minimum: 0
     ScriptPolicyID:
       required:
       - ScriptPolicyID
@@ -506,6 +722,7 @@ components:
         ScriptPolicyID:
           type: integer
           format: int64
+          minimum: 0
     MapfixCreate:
       required:
       - OperationID
@@ -516,14 +733,17 @@ components:
       - AssetID
       - AssetVersion
       - TargetAssetID
+      - Description
       type: object
       properties:
         OperationID:
           type: integer
           format: int32
+          minimum: 0
         AssetOwner:
           type: integer
           format: int64
+          minimum: 0
         DisplayName:
           type: string
           maxLength: 128
@@ -533,15 +753,22 @@ components:
         GameID:
           type: integer
           format: int32
+          minimum: 0
         AssetID:
           type: integer
           format: int64
+          minimum: 0
         AssetVersion:
           type: integer
           format: int64
+          minimum: 0
         TargetAssetID:
           type: integer
           format: int64
+          minimum: 0
+        Description:
+          type: string
+          maxLength: 256
     SubmissionCreate:
       required:
       - OperationID
@@ -551,14 +778,18 @@ components:
       - GameID
       - AssetID
       - AssetVersion
+      - Status
+      - Roles
       type: object
       properties:
         OperationID:
           type: integer
           format: int32
+          minimum: 0
         AssetOwner:
           type: integer
           format: int64
+          minimum: 0
         DisplayName:
           type: string
           maxLength: 128
@@ -568,12 +799,23 @@ components:
         GameID:
           type: integer
           format: int32
+          minimum: 0
         AssetID:
           type: integer
           format: int64
+          minimum: 0
         AssetVersion:
           type: integer
           format: int64
+          minimum: 0
+        Status:
+          type: integer
+          format: uint32
+          minimum: 0
+          maximum: 9
+        Roles:
+          type: integer
+          format: uint32
     Script:
       required:
       - ID
@@ -587,6 +829,7 @@ components:
         ID:
           type: integer
           format: int64
+          minimum: 0
         Name:
           type: string
           maxLength: 128
@@ -600,9 +843,11 @@ components:
         ResourceType:
           type: integer
           format: int32
+          minimum: 0
         ResourceID:
           type: integer
           format: int64
+          minimum: 0
     ScriptCreate:
       required:
       - Name
@@ -620,9 +865,11 @@ components:
         ResourceType:
           type: integer
           format: int32
+          minimum: 0
         ResourceID:
           type: integer
           format: int64
+          minimum: 0
     ScriptPolicy:
       required:
       - ID
@@ -634,6 +881,7 @@ components:
         ID:
           type: integer
           format: int64
+          minimum: 0
         FromScriptHash:
           type: string
           minLength: 16
@@ -641,9 +889,11 @@ components:
         ToScriptID:
           type: integer
           format: int64
+          minimum: 0
         Policy:
           type: integer
           format: int32
+          minimum: 0
     ScriptPolicyCreate:
       required:
       - FromScriptID
@@ -654,12 +904,34 @@ components:
         FromScriptID:
           type: integer
           format: int64
+          minimum: 0
         ToScriptID:
           type: integer
           format: int64
+          minimum: 0
         Policy:
           type: integer
           format: int32
+          minimum: 0
+    Check:
+      required:
+      - Name
+      - Summary
+      - Passed
+      type: object
+      properties:
+        Name:
+          type: string
+          maxLength: 128
+        Summary:
+          type: string
+          maxLength: 4096
+        Passed:
+          type: boolean
+    CheckList:
+      type: array
+      items:
+        $ref: "#/components/schemas/Check"
     Error:
       description: Represents error object
       type: object
@@ -667,6 +939,7 @@ components:
         code:
           type: integer
           format: int64
+          minimum: 0
         message:
           type: string
       required:

openapi.yaml

@@ -105,11 +105,22 @@ paths:
         schema:
           type: integer
           format: int32
+          minimum: 1
+          maximum: 5
       - name: Sort
         in: query
         schema:
           type: integer
           format: int32
+          minimum: 0
+          maximum: 4
+        description: >
+          Sort order:
+          * `0` - Disabled
+          * `1` - DisplayNameAscending
+          * `2` - DisplayNameDescending
+          * `3` - DateAscending
+          * `4` - DateDescending
       responses:
         "200":
           description: Successful response
@@ -147,6 +158,34 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/Error"
+  /maps/{MapID}/location:
+    get:
+      summary: Get location of asset
+      operationId: getMapAssetLocation
+      tags:
+        - Maps
+      parameters:
+      - name: MapID
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+          minimum: 0
+      responses:
+        "200":
+          description: Successful response
+          content:
+            text/plain:
+              schema:
+                type: string
+                maxLength: 1024
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
   /mapfixes:
     get:
       summary: Get list of mapfixes
@@ -172,20 +211,77 @@ paths:
         schema:
           type: integer
           format: int32
+          minimum: 1
+          maximum: 5
+        description: >
+          Game ID:
+          * `1` - Bhop
+          * `2` - Surf
+          * `5` - FlyTrials
       - name: Sort
         in: query
         schema:
           type: integer
           format: int32
+          minimum: 0
+          maximum: 4
+        description: >
+          Sort order:
+          * `0` - Disabled
+          * `1` - DisplayNameAscending
+          * `2` - DisplayNameDescending
+          * `3` - DateAscending
+          * `4` - DateDescending
+      - name: Submitter
+        in: query
+        schema:
+          type: integer
+          format: int64
+          minimum: 0
+      - name: AssetID
+        in: query
+        schema:
+          type: integer
+          format: int64
+          minimum: 0
+      - name: TargetAssetID
+        in: query
+        schema:
+          type: integer
+          format: int64
+          minimum: 0
+      - name: StatusID
+        in: query
+        schema:
+          type: integer
+          format: int32
+          minimum: 0
+          maximum: 9
+        description: >
+          // Phase: Creation
+          * `0` - UnderConstruction
+          * `1` - ChangesRequested
+
+          // Phase: Review
+          * `2` - Submitting
+          * `3` - Submitted
+
+          // Phase: Testing
+          * `4` - AcceptedUnvalidated // pending script review, can re-trigger validation
+          * `5` - Validating
+          * `6` - Validated
+          * `7` - Uploading
+
+          // Phase: Final MapfixStatus
+          * `8` - Uploaded // uploaded to the group, but pending release
+          * `9` - Rejected
       responses:
         "200":
           description: Successful response
           content:
             application/json:
               schema:
-                type: array
-                items:
-                  $ref: "#/components/schemas/Mapfix"
+                $ref: "#/components/schemas/Mapfixes"
         default:
           description: General Error
           content:
@@ -238,6 +334,56 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/Error"
+  /mapfixes/{MapfixID}/audit-events:
+    get:
+      summary: Retrieve a list of audit events
+      operationId: listMapfixAuditEvents
+      tags:
+        - Mapfixes
+      security: []
+      parameters:
+        - $ref: '#/components/parameters/MapfixID'
+        - $ref: "#/components/parameters/Page"
+        - $ref: "#/components/parameters/Limit"
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: "#/components/schemas/AuditEvent"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /mapfixes/{MapfixID}/comment:
+    post:
+      summary: Post a comment to the audit log
+      operationId: createMapfixAuditComment
+      tags:
+        - Mapfixes
+      parameters:
+        - $ref: '#/components/parameters/MapfixID'
+      requestBody:
+        required: true
+        content:
+          text/plain:
+            schema:
+              type: string
+              maxLength: 1024
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
   /mapfixes/{MapfixID}/model:
     post:
       summary: Update model following role restrictions
@@ -252,12 +398,14 @@ paths:
           schema:
             type: integer
             format: int64
-        - name: VersionID
+            minimum: 0
+        - name: ModelVersion
           in: query
           required: true
           schema:
             type: integer
             format: int64
+            minimum: 0
       responses:
         "204":
           description: Successful response
@@ -284,10 +432,44 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/Error"
-  /mapfixes/{MapfixID}/status/submit:
+  /mapfixes/{MapfixID}/status/trigger-submit:
     post:
-      summary: Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted
-      operationId: actionMapfixSubmit
+      summary: Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting
+      operationId: actionMapfixTriggerSubmit
+      tags:
+        - Mapfixes
+      parameters:
+        - $ref: '#/components/parameters/MapfixID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /mapfixes/{MapfixID}/status/trigger-submit-unchecked:
+    post:
+      summary: Role Reviewer changes status from ChangesRequested -> Submitting
+      operationId: actionMapfixTriggerSubmitUnchecked
+      tags:
+        - Mapfixes
+      parameters:
+        - $ref: '#/components/parameters/MapfixID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /mapfixes/{MapfixID}/status/reset-submitting:
+    post:
+      summary: Role Submitter manually resets submitting softlock and changes status from Submitting -> UnderConstruction
+      operationId: actionMapfixResetSubmitting
       tags:
         - Mapfixes
       parameters:
@@ -483,20 +665,78 @@ paths:
         schema:
           type: integer
           format: int32
+          minimum: 1
+          maximum: 5
+        description: >
+          Game ID:
+          * `1` - Bhop
+          * `2` - Surf
+          * `5` - FlyTrials
       - name: Sort
         in: query
         schema:
           type: integer
           format: int32
+          minimum: 0
+          maximum: 4
+        description: >
+          Sort order:
+          * `0` - Disabled
+          * `1` - DisplayNameAscending
+          * `2` - DisplayNameDescending
+          * `3` - DateAscending
+          * `4` - DateDescending
+      - name: Submitter
+        in: query
+        schema:
+          type: integer
+          format: int64
+          minimum: 0
+      - name: AssetID
+        in: query
+        schema:
+          type: integer
+          format: int64
+          minimum: 0
+      - name: UploadedAssetID
+        in: query
+        schema:
+          type: integer
+          format: int64
+          minimum: 0
+      - name: StatusID
+        in: query
+        schema:
+          type: integer
+          format: int32
+          minimum: 0
+          maximum: 10
+        description: >
+          // Phase: Creation
+          * `0` - UnderConstruction
+          * `1` - ChangesRequested
+
+          // Phase: Review
+          * `2` - Submitting
+          * `3` - Submitted
+
+          // Phase: Testing
+          * `4` - AcceptedUnvalidated // pending script review, can re-trigger validation
+          * `5` - Validating
+          * `6` - Validated
+          * `7` - Uploading
+          * `8` - Uploaded // uploaded to the group, but pending release
+
+          // Phase: Final SubmissionStatus
+          * `9` - Rejected
+          * `10` - Released
       responses:
         "200":
           description: Successful response
           content:
             application/json:
               schema:
-                type: array
-                items:
-                  $ref: "#/components/schemas/Submission"
+                $ref: "#/components/schemas/Submissions"
         default:
           description: General Error
           content:
@@ -527,6 +767,31 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/Error"
+  /submissions-admin:
+    post:
+      summary: Trigger the validator to create a new submission
+      operationId: createSubmissionAdmin
+      tags:
+        - Submissions
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SubmissionTriggerCreate'
+      responses:
+        "201":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/OperationID"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
   /submissions/{SubmissionID}:
     get:
       summary: Retrieve map with ID
@@ -549,6 +814,56 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/audit-events:
+    get:
+      summary: Retrieve a list of audit events
+      operationId: listSubmissionAuditEvents
+      tags:
+        - Submissions
+      security: []
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+        - $ref: "#/components/parameters/Page"
+        - $ref: "#/components/parameters/Limit"
+      responses:
+        "200":
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: "#/components/schemas/AuditEvent"
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/comment:
+    post:
+      summary: Post a comment to the audit log
+      operationId: createSubmissionAuditComment
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      requestBody:
+        required: true
+        content:
+          text/plain:
+            schema:
+              type: string
+              maxLength: 1024
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
   /submissions/{SubmissionID}/model:
     post:
       summary: Update model following role restrictions
@@ -563,12 +878,14 @@ paths:
           schema:
             type: integer
             format: int64
-        - name: VersionID
+            minimum: 0
+        - name: ModelVersion
           in: query
           required: true
           schema:
             type: integer
             format: int64
+            minimum: 0
       responses:
         "204":
           description: Successful response
@@ -595,10 +912,44 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/Error"
-  /submissions/{SubmissionID}/status/submit:
+  /submissions/{SubmissionID}/status/trigger-submit:
     post:
-      summary: Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted
-      operationId: actionSubmissionSubmit
+      summary: Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting
+      operationId: actionSubmissionTriggerSubmit
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/trigger-submit-unchecked:
+    post:
+      summary: Role Reviewer changes status from ChangesRequested -> Submitting
+      operationId: actionSubmissionTriggerSubmitUnchecked
+      tags:
+        - Submissions
+      parameters:
+        - $ref: '#/components/parameters/SubmissionID'
+      responses:
+        "204":
+          description: Successful response
+        default:
+          description: General Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/Error"
+  /submissions/{SubmissionID}/status/reset-submitting:
+    post:
+      summary: Role Submitter manually resets submitting softlock and changes status from Submitting -> UnderConstruction
+      operationId: actionSubmissionResetSubmitting
       tags:
         - Submissions
       parameters:
@@ -794,11 +1145,13 @@ paths:
         schema:
           type: integer
           format: int64
+          minimum: 0
       - name: Policy
         in: query
         schema:
           type: integer
           format: int32
+          minimum: 0
       responses:
         "200":
           description: Successful response
@@ -929,11 +1282,13 @@ paths:
         schema:
           type: integer
           format: int32
+          minimum: 0
       - name: ResourceID
         in: query
         schema:
           type: integer
           format: int64
+          minimum: 0
       responses:
         "200":
           description: Successful response
@@ -1048,6 +1403,7 @@ components:
       schema:
         type: integer
         format: int64
+        minimum: 0
     MapfixID:
       name: MapfixID
       in: path
@@ -1056,6 +1412,7 @@ components:
       schema:
         type: integer
         format: int64
+        minimum: 0
     OperationID:
       name: OperationID
       in: path
@@ -1064,6 +1421,7 @@ components:
       schema:
         type: integer
         format: int32
+        minimum: 0
     SubmissionID:
       name: SubmissionID
       in: path
@@ -1072,6 +1430,7 @@ components:
       schema:
         type: integer
         format: int64
+        minimum: 0
     ScriptID:
       name: ScriptID
       in: path
@@ -1080,6 +1439,7 @@ components:
       schema:
         type: integer
         format: int64
+        minimum: 0
     ScriptPolicyID:
       name: ScriptPolicyID
       in: path
@@ -1088,6 +1448,7 @@ components:
       schema:
         type: integer
         format: int64
+        minimum: 0
     Page:
       name: Page
       in: query
@@ -1103,9 +1464,47 @@ components:
       schema:
         type: integer
         format: int32
-        minimum: 1
+        minimum: 0
         maximum: 100
   schemas:
+    AuditEvent:
+      type: object
+      required:
+      - ID
+      - Date
+      - User
+      - Username
+      - ResourceType
+      - ResourceID
+      - EventType
+      - EventData
+      properties:
+        ID:
+          type: integer
+          format: int64
+        Date:
+          type: integer
+          format: int64
+        User:
+          type: integer
+          format: int64
+        Username:
+          type: string
+          maxLength: 64
+        ResourceType:
+          type: integer
+          format: int32
+          description: Is this a submission or is it a mapfix
+        ResourceID:
+          type: integer
+          format: int64
+        EventType:
+          type: integer
+          format: int32
+        EventData:
+          type: object
+          description: Arbitrary event data
+          additionalProperties: true
     OperationID:
       required:
       - OperationID
@@ -1114,6 +1513,7 @@ components:
         OperationID:
           type: integer
           format: int32
+          minimum: 0
     ScriptID:
       required:
       - ScriptID
@@ -1122,6 +1522,7 @@ components:
         ScriptID:
           type: integer
           format: int64
+          minimum: 0
     ScriptPolicyID:
       required:
       - ScriptPolicyID
@@ -1130,6 +1531,7 @@ components:
         ScriptPolicyID:
           type: integer
           format: int64
+          minimum: 0
     Roles:
       required:
       - Roles
@@ -1138,6 +1540,7 @@ components:
         Roles:
           type: integer
           format: int32
+          minimum: 0
     User:
       required:
       - UserID
@@ -1148,6 +1551,7 @@ components:
         UserID:
           type: integer
           format: int64
+          minimum: 0
         Username:
           type: string
           maxLength: 128
@@ -1166,6 +1570,7 @@ components:
         ID:
           type: integer
           format: int64
+          minimum: 0
         DisplayName:
           type: string
           maxLength: 128
@@ -1175,9 +1580,11 @@ components:
         GameID:
           type: integer
           format: int32
+          minimum: 0
         Date:
           type: integer
           format: int64
+          minimum: 0
     Mapfix:
       required:
       - ID
@@ -1192,12 +1599,13 @@ components:
       - Completed
       - TargetAssetID
       - StatusID
-      - StatusMessage
+      - Description
       type: object
       properties:
         ID:
           type: integer
           format: int64
+          minimum: 0
         DisplayName:
           type: string
           maxLength: 128
@@ -1207,44 +1615,72 @@ components:
         GameID:
           type: integer
           format: int32
+          minimum: 0
         CreatedAt:
           type: integer
           format: int64
+          minimum: 0
         UpdatedAt:
           type: integer
           format: int64
+          minimum: 0
         Submitter:
           type: integer
           format: int64
+          minimum: 0
         AssetID:
           type: integer
           format: int64
+          minimum: 0
         AssetVersion:
           type: integer
           format: int64
+          minimum: 0
         Completed:
           type: boolean
         TargetAssetID:
           type: integer
           format: int64
+          minimum: 0
         StatusID:
           type: integer
           format: int32
-        StatusMessage:
+          minimum: 0
+        Description:
           type: string
           maxLength: 256
+    Mapfixes:
+      type: object
+      required:
+      - Total
+      - Mapfixes
+      properties:
+        Total:
+          type: integer
+          format: int64
+          minimum: 0
+        Mapfixes:
+          type: array
+          items:
+            $ref: "#/components/schemas/Mapfix"
     MapfixTriggerCreate:
       required:
       - AssetID
       - TargetAssetID
+      - Description
       type: object
       properties:
         AssetID:
           type: integer
           format: int64
+          minimum: 0
         TargetAssetID:
           type: integer
           format: int64
+          minimum: 0
+        Description:
+          type: string
+          maxLength: 256
     Operation:
       required:
       - OperationID
@@ -1258,15 +1694,19 @@ components:
         OperationID:
           type: integer
           format: int32
+          minimum: 0
         Date:
           type: integer
           format: int64
+          minimum: 0
         Owner:
           type: integer
           format: int64
+          minimum: 0
         Status:
           type: integer
           format: int32
+          minimum: 0
         StatusMessage:
           type: string
           maxLength: 256
@@ -1289,12 +1729,12 @@ components:
       - Completed
 #     - UploadedAssetID
       - StatusID
-      - StatusMessage
       type: object
       properties:
         ID:
           type: integer
           format: int64
+          minimum: 0
         DisplayName:
           type: string
           maxLength: 128
@@ -1304,46 +1744,81 @@ components:
         GameID:
           type: integer
           format: int32
+          minimum: 0
         CreatedAt:
           type: integer
           format: int64
+          minimum: 0
         UpdatedAt:
           type: integer
           format: int64
+          minimum: 0
         Submitter:
           type: integer
           format: int64
+          minimum: 0
         AssetID:
           type: integer
           format: int64
+          minimum: 0
         AssetVersion:
           type: integer
           format: int64
+          minimum: 0
         ValidatedAssetID:
           type: integer
           format: int64
+          minimum: 0
         ValidatedAssetVersion:
           type: integer
           format: int64
+          minimum: 0
         Completed:
           type: boolean
         UploadedAssetID:
           type: integer
           format: int64
+          minimum: 0
         StatusID:
           type: integer
           format: int32
-        StatusMessage:
-          type: string
-          maxLength: 256
+          minimum: 0
+    Submissions:
+      required:
+      - Total
+      - Submissions
+      type: object
+      properties:
+        Total:
+          type: integer
+          format: int64
+          minimum: 0
+        Submissions:
+          type: array
+          items:
+            $ref: "#/components/schemas/Submission"
     SubmissionTriggerCreate:
       required:
       - AssetID
+      - DisplayName
+      - Creator
+      - GameID
       type: object
       properties:
         AssetID:
           type: integer
           format: int64
+          minimum: 0
+        DisplayName:
+          type: string
+          maxLength: 128
+        Creator:
+          type: string
+          maxLength: 128
+        GameID:
+          type: integer
+          format: int32
+          minimum: 0
     ReleaseInfo:
       required:
       - SubmissionID
@@ -1353,6 +1828,7 @@ components:
         SubmissionID:
           type: integer
           format: int64
+          minimum: 0
         Date:
           type: string
           format: date-time
@@ -1369,6 +1845,7 @@ components:
         ID:
           type: integer
           format: int64
+          minimum: 0
         Name:
           type: string
           maxLength: 128
@@ -1382,9 +1859,11 @@ components:
         ResourceType:
           type: integer
           format: int32
+          minimum: 0
         ResourceID:
           type: integer
           format: int64
+          minimum: 0
     ScriptCreate:
       required:
       - Name
@@ -1402,9 +1881,11 @@ components:
         ResourceType:
           type: integer
           format: int32
+          minimum: 0
         ResourceID:
           type: integer
           format: int64
+          minimum: 0
     ScriptUpdate:
       required:
       - ID
@@ -1413,6 +1894,7 @@ components:
         ID:
           type: integer
           format: int64
+          minimum: 0
         Name:
           type: string
           maxLength: 128
@@ -1422,9 +1904,11 @@ components:
         ResourceType:
           type: integer
           format: int32
+          minimum: 0
         ResourceID:
           type: integer
           format: int64
+          minimum: 0
     ScriptPolicy:
       required:
       - ID
@@ -1436,6 +1920,7 @@ components:
         ID:
           type: integer
           format: int64
+          minimum: 0
         FromScriptHash:
           type: string
           minLength: 16
@@ -1443,9 +1928,11 @@ components:
         ToScriptID:
           type: integer
           format: int64
+          minimum: 0
         Policy:
           type: integer
           format: int32
+          minimum: 0
     ScriptPolicyCreate:
       required:
       - FromScriptID
@@ -1456,12 +1943,15 @@ components:
         FromScriptID:
           type: integer
           format: int64
+          minimum: 0
         ToScriptID:
           type: integer
           format: int64
+          minimum: 0
         Policy:
           type: integer
           format: int32
+          minimum: 0
     ScriptPolicyUpdate:
       required:
       - ID
@@ -1470,15 +1960,19 @@ components:
         ID:
           type: integer
           format: int64
+          minimum: 0
         FromScriptID:
           type: integer
           format: int64
+          minimum: 0
         ToScriptID:
           type: integer
           format: int64
+          minimum: 0
         Policy:
           type: integer
           format: int32
+          minimum: 0
     Error:
       description: Represents error object
       type: object
@@ -1486,6 +1980,7 @@ components:
         code:
           type: integer
           format: int64
+          minimum: 0
         message:
           type: string
       required:

pkg/api/oas_json_gen.go

@@ -13,6 +13,277 @@ import (
 	"github.com/ogen-go/ogen/validate"
 )
 
+// Encode implements json.Marshaler.
+func (s *AuditEvent) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *AuditEvent) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("ID")
+		e.Int64(s.ID)
+	}
+	{
+		e.FieldStart("Date")
+		e.Int64(s.Date)
+	}
+	{
+		e.FieldStart("User")
+		e.Int64(s.User)
+	}
+	{
+		e.FieldStart("Username")
+		e.Str(s.Username)
+	}
+	{
+		e.FieldStart("ResourceType")
+		e.Int32(s.ResourceType)
+	}
+	{
+		e.FieldStart("ResourceID")
+		e.Int64(s.ResourceID)
+	}
+	{
+		e.FieldStart("EventType")
+		e.Int32(s.EventType)
+	}
+	{
+		e.FieldStart("EventData")
+		s.EventData.Encode(e)
+	}
+}
+
+var jsonFieldsNameOfAuditEvent = [8]string{
+	0: "ID",
+	1: "Date",
+	2: "User",
+	3: "Username",
+	4: "ResourceType",
+	5: "ResourceID",
+	6: "EventType",
+	7: "EventData",
+}
+
+// Decode decodes AuditEvent from json.
+func (s *AuditEvent) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode AuditEvent to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "ID":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Int64()
+				s.ID = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"ID\"")
+			}
+		case "Date":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				v, err := d.Int64()
+				s.Date = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Date\"")
+			}
+		case "User":
+			requiredBitSet[0] |= 1 << 2
+			if err := func() error {
+				v, err := d.Int64()
+				s.User = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"User\"")
+			}
+		case "Username":
+			requiredBitSet[0] |= 1 << 3
+			if err := func() error {
+				v, err := d.Str()
+				s.Username = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Username\"")
+			}
+		case "ResourceType":
+			requiredBitSet[0] |= 1 << 4
+			if err := func() error {
+				v, err := d.Int32()
+				s.ResourceType = int32(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"ResourceType\"")
+			}
+		case "ResourceID":
+			requiredBitSet[0] |= 1 << 5
+			if err := func() error {
+				v, err := d.Int64()
+				s.ResourceID = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"ResourceID\"")
+			}
+		case "EventType":
+			requiredBitSet[0] |= 1 << 6
+			if err := func() error {
+				v, err := d.Int32()
+				s.EventType = int32(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"EventType\"")
+			}
+		case "EventData":
+			requiredBitSet[0] |= 1 << 7
+			if err := func() error {
+				if err := s.EventData.Decode(d); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"EventData\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode AuditEvent")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b11111111,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfAuditEvent) {
+					name = jsonFieldsNameOfAuditEvent[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *AuditEvent) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *AuditEvent) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
+// Encode implements json.Marshaler.
+func (s AuditEventEventData) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields implements json.Marshaler.
+func (s AuditEventEventData) encodeFields(e *jx.Encoder) {
+	for k, elem := range s {
+		e.FieldStart(k)
+
+		if len(elem) != 0 {
+			e.Raw(elem)
+		}
+	}
+}
+
+// Decode decodes AuditEventEventData from json.
+func (s *AuditEventEventData) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode AuditEventEventData to nil")
+	}
+	m := s.init()
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		var elem jx.Raw
+		if err := func() error {
+			v, err := d.RawAppend(nil)
+			elem = jx.Raw(v)
+			if err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return errors.Wrapf(err, "decode field %q", k)
+		}
+		m[string(k)] = elem
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode AuditEventEventData")
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s AuditEventEventData) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *AuditEventEventData) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
 // Encode implements json.Marshaler.
 func (s *Error) Encode(e *jx.Encoder) {
 	e.ObjStart()
@@ -348,8 +619,8 @@ func (s *Mapfix) encodeFields(e *jx.Encoder) {
 		e.Int32(s.StatusID)
 	}
 	{
-		e.FieldStart("StatusMessage")
-		e.Str(s.StatusMessage)
+		e.FieldStart("Description")
+		e.Str(s.Description)
 	}
 }
 
@@ -366,7 +637,7 @@ var jsonFieldsNameOfMapfix = [13]string{
 	9:  "Completed",
 	10: "TargetAssetID",
 	11: "StatusID",
-	12: "StatusMessage",
+	12: "Description",
 }
 
 // Decode decodes Mapfix from json.
@@ -522,17 +793,17 @@ func (s *Mapfix) Decode(d *jx.Decoder) error {
 			}(); err != nil {
 				return errors.Wrap(err, "decode field \"StatusID\"")
 			}
-		case "StatusMessage":
+		case "Description":
 			requiredBitSet[1] |= 1 << 4
 			if err := func() error {
 				v, err := d.Str()
-				s.StatusMessage = string(v)
+				s.Description = string(v)
 				if err != nil {
 					return err
 				}
 				return nil
 			}(); err != nil {
-				return errors.Wrap(err, "decode field \"StatusMessage\"")
+				return errors.Wrap(err, "decode field \"Description\"")
 			}
 		default:
 			return d.Skip()
@@ -608,11 +879,16 @@ func (s *MapfixTriggerCreate) encodeFields(e *jx.Encoder) {
 		e.FieldStart("TargetAssetID")
 		e.Int64(s.TargetAssetID)
 	}
+	{
+		e.FieldStart("Description")
+		e.Str(s.Description)
+	}
 }
 
-var jsonFieldsNameOfMapfixTriggerCreate = [2]string{
+var jsonFieldsNameOfMapfixTriggerCreate = [3]string{
 	0: "AssetID",
 	1: "TargetAssetID",
+	2: "Description",
 }
 
 // Decode decodes MapfixTriggerCreate from json.
@@ -648,6 +924,18 @@ func (s *MapfixTriggerCreate) Decode(d *jx.Decoder) error {
 			}(); err != nil {
 				return errors.Wrap(err, "decode field \"TargetAssetID\"")
 			}
+		case "Description":
+			requiredBitSet[0] |= 1 << 2
+			if err := func() error {
+				v, err := d.Str()
+				s.Description = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Description\"")
+			}
 		default:
 			return d.Skip()
 		}
@@ -658,7 +946,7 @@ func (s *MapfixTriggerCreate) Decode(d *jx.Decoder) error {
 	// Validate required fields.
 	var failures []validate.FieldError
 	for i, mask := range [1]uint8{
-		0b00000011,
+		0b00000111,
 	} {
 		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
 			// Mask only required fields and check equality to mask using XOR.
@@ -704,6 +992,129 @@ func (s *MapfixTriggerCreate) UnmarshalJSON(data []byte) error {
 	return s.Decode(d)
 }
 
+// Encode implements json.Marshaler.
+func (s *Mapfixes) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *Mapfixes) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("Total")
+		e.Int64(s.Total)
+	}
+	{
+		e.FieldStart("Mapfixes")
+		e.ArrStart()
+		for _, elem := range s.Mapfixes {
+			elem.Encode(e)
+		}
+		e.ArrEnd()
+	}
+}
+
+var jsonFieldsNameOfMapfixes = [2]string{
+	0: "Total",
+	1: "Mapfixes",
+}
+
+// Decode decodes Mapfixes from json.
+func (s *Mapfixes) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode Mapfixes to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "Total":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Int64()
+				s.Total = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Total\"")
+			}
+		case "Mapfixes":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				s.Mapfixes = make([]Mapfix, 0)
+				if err := d.Arr(func(d *jx.Decoder) error {
+					var elem Mapfix
+					if err := elem.Decode(d); err != nil {
+						return err
+					}
+					s.Mapfixes = append(s.Mapfixes, elem)
+					return nil
+				}); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Mapfixes\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode Mapfixes")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b00000011,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfMapfixes) {
+					name = jsonFieldsNameOfMapfixes[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *Mapfixes) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *Mapfixes) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
 // Encode implements json.Marshaler.
 func (s *Operation) Encode(e *jx.Encoder) {
 	e.ObjStart()
@@ -2474,13 +2885,9 @@ func (s *Submission) encodeFields(e *jx.Encoder) {
 		e.FieldStart("StatusID")
 		e.Int32(s.StatusID)
 	}
-	{
-		e.FieldStart("StatusMessage")
-		e.Str(s.StatusMessage)
-	}
 }
 
-var jsonFieldsNameOfSubmission = [15]string{
+var jsonFieldsNameOfSubmission = [14]string{
 	0:  "ID",
 	1:  "DisplayName",
 	2:  "Creator",
@@ -2495,7 +2902,6 @@ var jsonFieldsNameOfSubmission = [15]string{
 	11: "Completed",
 	12: "UploadedAssetID",
 	13: "StatusID",
-	14: "StatusMessage",
 }
 
 // Decode decodes Submission from json.
@@ -2669,18 +3075,6 @@ func (s *Submission) Decode(d *jx.Decoder) error {
 			}(); err != nil {
 				return errors.Wrap(err, "decode field \"StatusID\"")
 			}
-		case "StatusMessage":
-			requiredBitSet[1] |= 1 << 6
-			if err := func() error {
-				v, err := d.Str()
-				s.StatusMessage = string(v)
-				if err != nil {
-					return err
-				}
-				return nil
-			}(); err != nil {
-				return errors.Wrap(err, "decode field \"StatusMessage\"")
-			}
 		default:
 			return d.Skip()
 		}
@@ -2692,7 +3086,7 @@ func (s *Submission) Decode(d *jx.Decoder) error {
 	var failures []validate.FieldError
 	for i, mask := range [2]uint8{
 		0b11111111,
-		0b01101001,
+		0b00101001,
 	} {
 		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
 			// Mask only required fields and check equality to mask using XOR.
@@ -2751,10 +3145,25 @@ func (s *SubmissionTriggerCreate) encodeFields(e *jx.Encoder) {
 		e.FieldStart("AssetID")
 		e.Int64(s.AssetID)
 	}
+	{
+		e.FieldStart("DisplayName")
+		e.Str(s.DisplayName)
+	}
+	{
+		e.FieldStart("Creator")
+		e.Str(s.Creator)
+	}
+	{
+		e.FieldStart("GameID")
+		e.Int32(s.GameID)
+	}
 }
 
-var jsonFieldsNameOfSubmissionTriggerCreate = [1]string{
+var jsonFieldsNameOfSubmissionTriggerCreate = [4]string{
 	0: "AssetID",
+	1: "DisplayName",
+	2: "Creator",
+	3: "GameID",
 }
 
 // Decode decodes SubmissionTriggerCreate from json.
@@ -2778,6 +3187,42 @@ func (s *SubmissionTriggerCreate) Decode(d *jx.Decoder) error {
 			}(); err != nil {
 				return errors.Wrap(err, "decode field \"AssetID\"")
 			}
+		case "DisplayName":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				v, err := d.Str()
+				s.DisplayName = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"DisplayName\"")
+			}
+		case "Creator":
+			requiredBitSet[0] |= 1 << 2
+			if err := func() error {
+				v, err := d.Str()
+				s.Creator = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Creator\"")
+			}
+		case "GameID":
+			requiredBitSet[0] |= 1 << 3
+			if err := func() error {
+				v, err := d.Int32()
+				s.GameID = int32(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"GameID\"")
+			}
 		default:
 			return d.Skip()
 		}
@@ -2788,7 +3233,7 @@ func (s *SubmissionTriggerCreate) Decode(d *jx.Decoder) error {
 	// Validate required fields.
 	var failures []validate.FieldError
 	for i, mask := range [1]uint8{
-		0b00000001,
+		0b00001111,
 	} {
 		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
 			// Mask only required fields and check equality to mask using XOR.
@@ -2834,6 +3279,129 @@ func (s *SubmissionTriggerCreate) UnmarshalJSON(data []byte) error {
 	return s.Decode(d)
 }
 
+// Encode implements json.Marshaler.
+func (s *Submissions) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *Submissions) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("Total")
+		e.Int64(s.Total)
+	}
+	{
+		e.FieldStart("Submissions")
+		e.ArrStart()
+		for _, elem := range s.Submissions {
+			elem.Encode(e)
+		}
+		e.ArrEnd()
+	}
+}
+
+var jsonFieldsNameOfSubmissions = [2]string{
+	0: "Total",
+	1: "Submissions",
+}
+
+// Decode decodes Submissions from json.
+func (s *Submissions) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode Submissions to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "Total":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Int64()
+				s.Total = int64(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Total\"")
+			}
+		case "Submissions":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				s.Submissions = make([]Submission, 0)
+				if err := d.Arr(func(d *jx.Decoder) error {
+					var elem Submission
+					if err := elem.Decode(d); err != nil {
+						return err
+					}
+					s.Submissions = append(s.Submissions, elem)
+					return nil
+				}); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Submissions\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode Submissions")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b00000011,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfSubmissions) {
+					name = jsonFieldsNameOfSubmissions[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *Submissions) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *Submissions) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
 // Encode implements json.Marshaler.
 func (s *User) Encode(e *jx.Encoder) {
 	e.ObjStart()

pkg/api/oas_operations_gen.go

@@ -6,49 +6,59 @@ package api
 type OperationName = string
 
 const (
-	ActionMapfixAcceptedOperation            OperationName = "ActionMapfixAccepted"
-	ActionMapfixRejectOperation              OperationName = "ActionMapfixReject"
-	ActionMapfixRequestChangesOperation      OperationName = "ActionMapfixRequestChanges"
-	ActionMapfixRetryValidateOperation       OperationName = "ActionMapfixRetryValidate"
-	ActionMapfixRevokeOperation              OperationName = "ActionMapfixRevoke"
-	ActionMapfixSubmitOperation              OperationName = "ActionMapfixSubmit"
-	ActionMapfixTriggerUploadOperation       OperationName = "ActionMapfixTriggerUpload"
-	ActionMapfixTriggerValidateOperation     OperationName = "ActionMapfixTriggerValidate"
-	ActionMapfixValidatedOperation           OperationName = "ActionMapfixValidated"
-	ActionSubmissionAcceptedOperation        OperationName = "ActionSubmissionAccepted"
-	ActionSubmissionRejectOperation          OperationName = "ActionSubmissionReject"
-	ActionSubmissionRequestChangesOperation  OperationName = "ActionSubmissionRequestChanges"
-	ActionSubmissionRetryValidateOperation   OperationName = "ActionSubmissionRetryValidate"
-	ActionSubmissionRevokeOperation          OperationName = "ActionSubmissionRevoke"
-	ActionSubmissionSubmitOperation          OperationName = "ActionSubmissionSubmit"
-	ActionSubmissionTriggerUploadOperation   OperationName = "ActionSubmissionTriggerUpload"
-	ActionSubmissionTriggerValidateOperation OperationName = "ActionSubmissionTriggerValidate"
-	ActionSubmissionValidatedOperation       OperationName = "ActionSubmissionValidated"
-	CreateMapfixOperation                    OperationName = "CreateMapfix"
-	CreateScriptOperation                    OperationName = "CreateScript"
-	CreateScriptPolicyOperation              OperationName = "CreateScriptPolicy"
-	CreateSubmissionOperation                OperationName = "CreateSubmission"
-	DeleteScriptOperation                    OperationName = "DeleteScript"
-	DeleteScriptPolicyOperation              OperationName = "DeleteScriptPolicy"
-	GetMapOperation                          OperationName = "GetMap"
-	GetMapfixOperation                       OperationName = "GetMapfix"
-	GetOperationOperation                    OperationName = "GetOperation"
-	GetScriptOperation                       OperationName = "GetScript"
-	GetScriptPolicyOperation                 OperationName = "GetScriptPolicy"
-	GetSubmissionOperation                   OperationName = "GetSubmission"
-	ListMapfixesOperation                    OperationName = "ListMapfixes"
-	ListMapsOperation                        OperationName = "ListMaps"
-	ListScriptPolicyOperation                OperationName = "ListScriptPolicy"
-	ListScriptsOperation                     OperationName = "ListScripts"
-	ListSubmissionsOperation                 OperationName = "ListSubmissions"
-	ReleaseSubmissionsOperation              OperationName = "ReleaseSubmissions"
-	SessionRolesOperation                    OperationName = "SessionRoles"
-	SessionUserOperation                     OperationName = "SessionUser"
-	SessionValidateOperation                 OperationName = "SessionValidate"
-	SetMapfixCompletedOperation              OperationName = "SetMapfixCompleted"
-	SetSubmissionCompletedOperation          OperationName = "SetSubmissionCompleted"
-	UpdateMapfixModelOperation               OperationName = "UpdateMapfixModel"
-	UpdateScriptOperation                    OperationName = "UpdateScript"
-	UpdateScriptPolicyOperation              OperationName = "UpdateScriptPolicy"
-	UpdateSubmissionModelOperation           OperationName = "UpdateSubmissionModel"
+	ActionMapfixAcceptedOperation                   OperationName = "ActionMapfixAccepted"
+	ActionMapfixRejectOperation                     OperationName = "ActionMapfixReject"
+	ActionMapfixRequestChangesOperation             OperationName = "ActionMapfixRequestChanges"
+	ActionMapfixResetSubmittingOperation            OperationName = "ActionMapfixResetSubmitting"
+	ActionMapfixRetryValidateOperation              OperationName = "ActionMapfixRetryValidate"
+	ActionMapfixRevokeOperation                     OperationName = "ActionMapfixRevoke"
+	ActionMapfixTriggerSubmitOperation              OperationName = "ActionMapfixTriggerSubmit"
+	ActionMapfixTriggerSubmitUncheckedOperation     OperationName = "ActionMapfixTriggerSubmitUnchecked"
+	ActionMapfixTriggerUploadOperation              OperationName = "ActionMapfixTriggerUpload"
+	ActionMapfixTriggerValidateOperation            OperationName = "ActionMapfixTriggerValidate"
+	ActionMapfixValidatedOperation                  OperationName = "ActionMapfixValidated"
+	ActionSubmissionAcceptedOperation               OperationName = "ActionSubmissionAccepted"
+	ActionSubmissionRejectOperation                 OperationName = "ActionSubmissionReject"
+	ActionSubmissionRequestChangesOperation         OperationName = "ActionSubmissionRequestChanges"
+	ActionSubmissionResetSubmittingOperation        OperationName = "ActionSubmissionResetSubmitting"
+	ActionSubmissionRetryValidateOperation          OperationName = "ActionSubmissionRetryValidate"
+	ActionSubmissionRevokeOperation                 OperationName = "ActionSubmissionRevoke"
+	ActionSubmissionTriggerSubmitOperation          OperationName = "ActionSubmissionTriggerSubmit"
+	ActionSubmissionTriggerSubmitUncheckedOperation OperationName = "ActionSubmissionTriggerSubmitUnchecked"
+	ActionSubmissionTriggerUploadOperation          OperationName = "ActionSubmissionTriggerUpload"
+	ActionSubmissionTriggerValidateOperation        OperationName = "ActionSubmissionTriggerValidate"
+	ActionSubmissionValidatedOperation              OperationName = "ActionSubmissionValidated"
+	CreateMapfixOperation                           OperationName = "CreateMapfix"
+	CreateMapfixAuditCommentOperation               OperationName = "CreateMapfixAuditComment"
+	CreateScriptOperation                           OperationName = "CreateScript"
+	CreateScriptPolicyOperation                     OperationName = "CreateScriptPolicy"
+	CreateSubmissionOperation                       OperationName = "CreateSubmission"
+	CreateSubmissionAdminOperation                  OperationName = "CreateSubmissionAdmin"
+	CreateSubmissionAuditCommentOperation           OperationName = "CreateSubmissionAuditComment"
+	DeleteScriptOperation                           OperationName = "DeleteScript"
+	DeleteScriptPolicyOperation                     OperationName = "DeleteScriptPolicy"
+	GetMapOperation                                 OperationName = "GetMap"
+	GetMapAssetLocationOperation                    OperationName = "GetMapAssetLocation"
+	GetMapfixOperation                              OperationName = "GetMapfix"
+	GetOperationOperation                           OperationName = "GetOperation"
+	GetScriptOperation                              OperationName = "GetScript"
+	GetScriptPolicyOperation                        OperationName = "GetScriptPolicy"
+	GetSubmissionOperation                          OperationName = "GetSubmission"
+	ListMapfixAuditEventsOperation                  OperationName = "ListMapfixAuditEvents"
+	ListMapfixesOperation                           OperationName = "ListMapfixes"
+	ListMapsOperation                               OperationName = "ListMaps"
+	ListScriptPolicyOperation                       OperationName = "ListScriptPolicy"
+	ListScriptsOperation                            OperationName = "ListScripts"
+	ListSubmissionAuditEventsOperation              OperationName = "ListSubmissionAuditEvents"
+	ListSubmissionsOperation                        OperationName = "ListSubmissions"
+	ReleaseSubmissionsOperation                     OperationName = "ReleaseSubmissions"
+	SessionRolesOperation                           OperationName = "SessionRoles"
+	SessionUserOperation                            OperationName = "SessionUser"
+	SessionValidateOperation                        OperationName = "SessionValidate"
+	SetMapfixCompletedOperation                     OperationName = "SetMapfixCompleted"
+	SetSubmissionCompletedOperation                 OperationName = "SetSubmissionCompleted"
+	UpdateMapfixModelOperation                      OperationName = "UpdateMapfixModel"
+	UpdateScriptOperation                           OperationName = "UpdateScript"
+	UpdateScriptPolicyOperation                     OperationName = "UpdateScriptPolicy"
+	UpdateSubmissionModelOperation                  OperationName = "UpdateSubmissionModel"
 )

pkg/api/oas_request_decoders_gen.go

@@ -3,13 +3,13 @@
 package api
 
 import (
+	"fmt"
 	"io"
 	"mime"
 	"net/http"
 
 	"github.com/go-faster/errors"
 	"github.com/go-faster/jx"
-	"go.uber.org/multierr"
 
 	"github.com/ogen-go/ogen/ogenerrors"
 	"github.com/ogen-go/ogen/validate"
@@ -26,13 +26,13 @@ func (s *Server) decodeCreateMapfixRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -72,12 +72,54 @@ func (s *Server) decodeCreateMapfixRequest(r *http.Request) (
 			}
 			return req, close, err
 		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
 		return &request, close, nil
 	default:
 		return req, close, validate.InvalidContentType(ct)
 	}
 }
 
+func (s *Server) decodeCreateMapfixAuditCommentRequest(r *http.Request) (
+	req CreateMapfixAuditCommentReq,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = errors.Join(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = errors.Join(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "text/plain":
+		reader := r.Body
+		request := CreateMapfixAuditCommentReq{Data: reader}
+		return request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
+
 func (s *Server) decodeCreateScriptRequest(r *http.Request) (
 	req *ScriptCreate,
 	close func() error,
@@ -89,13 +131,13 @@ func (s *Server) decodeCreateScriptRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -160,13 +202,13 @@ func (s *Server) decodeCreateScriptPolicyRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -206,6 +248,14 @@ func (s *Server) decodeCreateScriptPolicyRequest(r *http.Request) (
 			}
 			return req, close, err
 		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
 		return &request, close, nil
 	default:
 		return req, close, validate.InvalidContentType(ct)
@@ -223,13 +273,13 @@ func (s *Server) decodeCreateSubmissionRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -269,12 +319,125 @@ func (s *Server) decodeCreateSubmissionRequest(r *http.Request) (
 			}
 			return req, close, err
 		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
 		return &request, close, nil
 	default:
 		return req, close, validate.InvalidContentType(ct)
 	}
 }
 
+func (s *Server) decodeCreateSubmissionAdminRequest(r *http.Request) (
+	req *SubmissionTriggerCreate,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = errors.Join(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = errors.Join(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request SubmissionTriggerCreate
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
+		return &request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
+
+func (s *Server) decodeCreateSubmissionAuditCommentRequest(r *http.Request) (
+	req CreateSubmissionAuditCommentReq,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = errors.Join(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = errors.Join(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "text/plain":
+		reader := r.Body
+		request := CreateSubmissionAuditCommentReq{Data: reader}
+		return request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
+
 func (s *Server) decodeReleaseSubmissionsRequest(r *http.Request) (
 	req []ReleaseInfo,
 	close func() error,
@@ -286,13 +449,13 @@ func (s *Server) decodeReleaseSubmissionsRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -352,6 +515,23 @@ func (s *Server) decodeReleaseSubmissionsRequest(r *http.Request) (
 			}).ValidateLength(len(request)); err != nil {
 				return errors.Wrap(err, "array")
 			}
+			var failures []validate.FieldError
+			for i, elem := range request {
+				if err := func() error {
+					if err := elem.Validate(); err != nil {
+						return err
+					}
+					return nil
+				}(); err != nil {
+					failures = append(failures, validate.FieldError{
+						Name:  fmt.Sprintf("[%d]", i),
+						Error: err,
+					})
+				}
+			}
+			if len(failures) > 0 {
+				return &validate.Error{Fields: failures}
+			}
 			return nil
 		}(); err != nil {
 			return req, close, errors.Wrap(err, "validate")
@@ -373,13 +553,13 @@ func (s *Server) decodeUpdateScriptRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -444,13 +624,13 @@ func (s *Server) decodeUpdateScriptPolicyRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -490,6 +670,14 @@ func (s *Server) decodeUpdateScriptPolicyRequest(r *http.Request) (
 			}
 			return req, close, err
 		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
 		return &request, close, nil
 	default:
 		return req, close, validate.InvalidContentType(ct)

pkg/api/oas_request_encoders_gen.go

@@ -25,6 +25,16 @@ func encodeCreateMapfixRequest(
 	return nil
 }
 
+func encodeCreateMapfixAuditCommentRequest(
+	req CreateMapfixAuditCommentReq,
+	r *http.Request,
+) error {
+	const contentType = "text/plain"
+	body := req
+	ht.SetBody(r, body, contentType)
+	return nil
+}
+
 func encodeCreateScriptRequest(
 	req *ScriptCreate,
 	r *http.Request,
@@ -67,6 +77,30 @@ func encodeCreateSubmissionRequest(
 	return nil
 }
 
+func encodeCreateSubmissionAdminRequest(
+	req *SubmissionTriggerCreate,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}
+
+func encodeCreateSubmissionAuditCommentRequest(
+	req CreateSubmissionAuditCommentReq,
+	r *http.Request,
+) error {
+	const contentType = "text/plain"
+	body := req
+	ht.SetBody(r, body, contentType)
+	return nil
+}
+
 func encodeReleaseSubmissionsRequest(
 	req []ReleaseInfo,
 	r *http.Request,

pkg/api/oas_response_encoders_gen.go

@@ -3,6 +3,7 @@
 package api
 
 import (
+	"io"
 	"net/http"
 
 	"github.com/go-faster/errors"
@@ -34,6 +35,13 @@ func encodeActionMapfixRequestChangesResponse(response *ActionMapfixRequestChang
 	return nil
 }
 
+func encodeActionMapfixResetSubmittingResponse(response *ActionMapfixResetSubmittingNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
 func encodeActionMapfixRetryValidateResponse(response *ActionMapfixRetryValidateNoContent, w http.ResponseWriter, span trace.Span) error {
 	w.WriteHeader(204)
 	span.SetStatus(codes.Ok, http.StatusText(204))
@@ -48,7 +56,14 @@ func encodeActionMapfixRevokeResponse(response *ActionMapfixRevokeNoContent, w h
 	return nil
 }
 
-func encodeActionMapfixSubmitResponse(response *ActionMapfixSubmitNoContent, w http.ResponseWriter, span trace.Span) error {
+func encodeActionMapfixTriggerSubmitResponse(response *ActionMapfixTriggerSubmitNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionMapfixTriggerSubmitUncheckedResponse(response *ActionMapfixTriggerSubmitUncheckedNoContent, w http.ResponseWriter, span trace.Span) error {
 	w.WriteHeader(204)
 	span.SetStatus(codes.Ok, http.StatusText(204))
 
@@ -97,6 +112,13 @@ func encodeActionSubmissionRequestChangesResponse(response *ActionSubmissionRequ
 	return nil
 }
 
+func encodeActionSubmissionResetSubmittingResponse(response *ActionSubmissionResetSubmittingNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
 func encodeActionSubmissionRetryValidateResponse(response *ActionSubmissionRetryValidateNoContent, w http.ResponseWriter, span trace.Span) error {
 	w.WriteHeader(204)
 	span.SetStatus(codes.Ok, http.StatusText(204))
@@ -111,7 +133,14 @@ func encodeActionSubmissionRevokeResponse(response *ActionSubmissionRevokeNoCont
 	return nil
 }
 
-func encodeActionSubmissionSubmitResponse(response *ActionSubmissionSubmitNoContent, w http.ResponseWriter, span trace.Span) error {
+func encodeActionSubmissionTriggerSubmitResponse(response *ActionSubmissionTriggerSubmitNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionTriggerSubmitUncheckedResponse(response *ActionSubmissionTriggerSubmitUncheckedNoContent, w http.ResponseWriter, span trace.Span) error {
 	w.WriteHeader(204)
 	span.SetStatus(codes.Ok, http.StatusText(204))
 
@@ -153,6 +182,13 @@ func encodeCreateMapfixResponse(response *OperationID, w http.ResponseWriter, sp
 	return nil
 }
 
+func encodeCreateMapfixAuditCommentResponse(response *CreateMapfixAuditCommentNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
 func encodeCreateScriptResponse(response *ScriptID, w http.ResponseWriter, span trace.Span) error {
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	w.WriteHeader(201)
@@ -195,6 +231,27 @@ func encodeCreateSubmissionResponse(response *OperationID, w http.ResponseWriter
 	return nil
 }
 
+func encodeCreateSubmissionAdminResponse(response *OperationID, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(201)
+	span.SetStatus(codes.Ok, http.StatusText(201))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
+func encodeCreateSubmissionAuditCommentResponse(response *CreateSubmissionAuditCommentNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
 func encodeDeleteScriptResponse(response *DeleteScriptNoContent, w http.ResponseWriter, span trace.Span) error {
 	w.WriteHeader(204)
 	span.SetStatus(codes.Ok, http.StatusText(204))
@@ -223,6 +280,22 @@ func encodeGetMapResponse(response *Map, w http.ResponseWriter, span trace.Span)
 	return nil
 }
 
+func encodeGetMapAssetLocationResponse(response GetMapAssetLocationOK, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	writer := w
+	if closer, ok := response.Data.(io.Closer); ok {
+		defer closer.Close()
+	}
+	if _, err := io.Copy(writer, response); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
 func encodeGetMapfixResponse(response *Mapfix, w http.ResponseWriter, span trace.Span) error {
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	w.WriteHeader(200)
@@ -293,7 +366,7 @@ func encodeGetSubmissionResponse(response *Submission, w http.ResponseWriter, sp
 	return nil
 }
 
-func encodeListMapfixesResponse(response []Mapfix, w http.ResponseWriter, span trace.Span) error {
+func encodeListMapfixAuditEventsResponse(response []AuditEvent, w http.ResponseWriter, span trace.Span) error {
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	w.WriteHeader(200)
 	span.SetStatus(codes.Ok, http.StatusText(200))
@@ -311,6 +384,20 @@ func encodeListMapfixesResponse(response []Mapfix, w http.ResponseWriter, span t
 	return nil
 }
 
+func encodeListMapfixesResponse(response *Mapfixes, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
 func encodeListMapsResponse(response []Map, w http.ResponseWriter, span trace.Span) error {
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	w.WriteHeader(200)
@@ -365,7 +452,7 @@ func encodeListScriptsResponse(response []Script, w http.ResponseWriter, span tr
 	return nil
 }
 
-func encodeListSubmissionsResponse(response []Submission, w http.ResponseWriter, span trace.Span) error {
+func encodeListSubmissionAuditEventsResponse(response []AuditEvent, w http.ResponseWriter, span trace.Span) error {
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	w.WriteHeader(200)
 	span.SetStatus(codes.Ok, http.StatusText(200))
@@ -383,6 +470,20 @@ func encodeListSubmissionsResponse(response []Submission, w http.ResponseWriter,
 	return nil
 }
 
+func encodeListSubmissionsResponse(response *Submissions, w http.ResponseWriter, span trace.Span) error {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(200)
+	span.SetStatus(codes.Ok, http.StatusText(200))
+
+	e := new(jx.Encoder)
+	response.Encode(e)
+	if _, err := e.WriteTo(w); err != nil {
+		return errors.Wrap(err, "write")
+	}
+
+	return nil
+}
+
 func encodeReleaseSubmissionsResponse(response *ReleaseSubmissionsCreated, w http.ResponseWriter, span trace.Span) error {
 	w.WriteHeader(201)
 	span.SetStatus(codes.Ok, http.StatusText(201))

pkg/api/oas_router_gen.go

@@ -136,9 +136,9 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 								break
 							}
 							switch elem[0] {
-							case 'c': // Prefix: "completed"
+							case 'a': // Prefix: "audit-events"
 
-								if l := len("completed"); len(elem) >= l && elem[0:l] == "completed" {
+								if l := len("audit-events"); len(elem) >= l && elem[0:l] == "audit-events" {
 									elem = elem[l:]
 								} else {
 									break
@@ -147,17 +147,75 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 								if len(elem) == 0 {
 									// Leaf node.
 									switch r.Method {
-									case "POST":
-										s.handleSetMapfixCompletedRequest([1]string{
+									case "GET":
+										s.handleListMapfixAuditEventsRequest([1]string{
 											args[0],
 										}, elemIsEscaped, w, r)
 									default:
-										s.notAllowed(w, r, "POST")
+										s.notAllowed(w, r, "GET")
 									}
 
 									return
 								}
 
+							case 'c': // Prefix: "com"
+
+								if l := len("com"); len(elem) >= l && elem[0:l] == "com" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									break
+								}
+								switch elem[0] {
+								case 'm': // Prefix: "ment"
+
+									if l := len("ment"); len(elem) >= l && elem[0:l] == "ment" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch r.Method {
+										case "POST":
+											s.handleCreateMapfixAuditCommentRequest([1]string{
+												args[0],
+											}, elemIsEscaped, w, r)
+										default:
+											s.notAllowed(w, r, "POST")
+										}
+
+										return
+									}
+
+								case 'p': // Prefix: "pleted"
+
+									if l := len("pleted"); len(elem) >= l && elem[0:l] == "pleted" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch r.Method {
+										case "POST":
+											s.handleSetMapfixCompletedRequest([1]string{
+												args[0],
+											}, elemIsEscaped, w, r)
+										default:
+											s.notAllowed(w, r, "POST")
+										}
+
+										return
+									}
+
+								}
+
 							case 'm': // Prefix: "model"
 
 								if l := len("model"); len(elem) >= l && elem[0:l] == "model" {
@@ -260,6 +318,28 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 											break
 										}
 										switch elem[0] {
+										case 's': // Prefix: "submitting"
+
+											if l := len("submitting"); len(elem) >= l && elem[0:l] == "submitting" {
+												elem = elem[l:]
+											} else {
+												break
+											}
+
+											if len(elem) == 0 {
+												// Leaf node.
+												switch r.Method {
+												case "POST":
+													s.handleActionMapfixResetSubmittingRequest([1]string{
+														args[0],
+													}, elemIsEscaped, w, r)
+												default:
+													s.notAllowed(w, r, "POST")
+												}
+
+												return
+											}
+
 										case 'u': // Prefix: "uploading"
 
 											if l := len("uploading"); len(elem) >= l && elem[0:l] == "uploading" {
@@ -352,28 +432,6 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 									}
 
-								case 's': // Prefix: "submit"
-
-									if l := len("submit"); len(elem) >= l && elem[0:l] == "submit" {
-										elem = elem[l:]
-									} else {
-										break
-									}
-
-									if len(elem) == 0 {
-										// Leaf node.
-										switch r.Method {
-										case "POST":
-											s.handleActionMapfixSubmitRequest([1]string{
-												args[0],
-											}, elemIsEscaped, w, r)
-										default:
-											s.notAllowed(w, r, "POST")
-										}
-
-										return
-									}
-
 								case 't': // Prefix: "trigger-"
 
 									if l := len("trigger-"); len(elem) >= l && elem[0:l] == "trigger-" {
@@ -386,6 +444,51 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 										break
 									}
 									switch elem[0] {
+									case 's': // Prefix: "submit"
+
+										if l := len("submit"); len(elem) >= l && elem[0:l] == "submit" {
+											elem = elem[l:]
+										} else {
+											break
+										}
+
+										if len(elem) == 0 {
+											switch r.Method {
+											case "POST":
+												s.handleActionMapfixTriggerSubmitRequest([1]string{
+													args[0],
+												}, elemIsEscaped, w, r)
+											default:
+												s.notAllowed(w, r, "POST")
+											}
+
+											return
+										}
+										switch elem[0] {
+										case '-': // Prefix: "-unchecked"
+
+											if l := len("-unchecked"); len(elem) >= l && elem[0:l] == "-unchecked" {
+												elem = elem[l:]
+											} else {
+												break
+											}
+
+											if len(elem) == 0 {
+												// Leaf node.
+												switch r.Method {
+												case "POST":
+													s.handleActionMapfixTriggerSubmitUncheckedRequest([1]string{
+														args[0],
+													}, elemIsEscaped, w, r)
+												default:
+													s.notAllowed(w, r, "POST")
+												}
+
+												return
+											}
+
+										}
+
 									case 'u': // Prefix: "upload"
 
 										if l := len("upload"); len(elem) >= l && elem[0:l] == "upload" {
@@ -468,16 +571,15 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 						}
 
 						// Param: "MapID"
-						// Leaf parameter, slashes are prohibited
+						// Match until "/"
 						idx := strings.IndexByte(elem, '/')
-						if idx >= 0 {
-							break
+						if idx < 0 {
+							idx = len(elem)
 						}
-						args[0] = elem
-						elem = ""
+						args[0] = elem[:idx]
+						elem = elem[idx:]
 
 						if len(elem) == 0 {
-							// Leaf node.
 							switch r.Method {
 							case "GET":
 								s.handleGetMapRequest([1]string{
@@ -489,6 +591,30 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 							return
 						}
+						switch elem[0] {
+						case '/': // Prefix: "/location"
+
+							if l := len("/location"); len(elem) >= l && elem[0:l] == "/location" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								// Leaf node.
+								switch r.Method {
+								case "GET":
+									s.handleGetMapAssetLocationRequest([1]string{
+										args[0],
+									}, elemIsEscaped, w, r)
+								default:
+									s.notAllowed(w, r, "GET")
+								}
+
+								return
+							}
+
+						}
 
 					}
 
@@ -790,6 +916,26 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 						return
 					}
 					switch elem[0] {
+					case '-': // Prefix: "-admin"
+
+						if l := len("-admin"); len(elem) >= l && elem[0:l] == "-admin" {
+							elem = elem[l:]
+						} else {
+							break
+						}
+
+						if len(elem) == 0 {
+							// Leaf node.
+							switch r.Method {
+							case "POST":
+								s.handleCreateSubmissionAdminRequest([0]string{}, elemIsEscaped, w, r)
+							default:
+								s.notAllowed(w, r, "POST")
+							}
+
+							return
+						}
+
 					case '/': // Prefix: "/"
 
 						if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
@@ -832,9 +978,9 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 								break
 							}
 							switch elem[0] {
-							case 'c': // Prefix: "completed"
+							case 'a': // Prefix: "audit-events"
 
-								if l := len("completed"); len(elem) >= l && elem[0:l] == "completed" {
+								if l := len("audit-events"); len(elem) >= l && elem[0:l] == "audit-events" {
 									elem = elem[l:]
 								} else {
 									break
@@ -843,17 +989,75 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 								if len(elem) == 0 {
 									// Leaf node.
 									switch r.Method {
-									case "POST":
-										s.handleSetSubmissionCompletedRequest([1]string{
+									case "GET":
+										s.handleListSubmissionAuditEventsRequest([1]string{
 											args[0],
 										}, elemIsEscaped, w, r)
 									default:
-										s.notAllowed(w, r, "POST")
+										s.notAllowed(w, r, "GET")
 									}
 
 									return
 								}
 
+							case 'c': // Prefix: "com"
+
+								if l := len("com"); len(elem) >= l && elem[0:l] == "com" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									break
+								}
+								switch elem[0] {
+								case 'm': // Prefix: "ment"
+
+									if l := len("ment"); len(elem) >= l && elem[0:l] == "ment" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch r.Method {
+										case "POST":
+											s.handleCreateSubmissionAuditCommentRequest([1]string{
+												args[0],
+											}, elemIsEscaped, w, r)
+										default:
+											s.notAllowed(w, r, "POST")
+										}
+
+										return
+									}
+
+								case 'p': // Prefix: "pleted"
+
+									if l := len("pleted"); len(elem) >= l && elem[0:l] == "pleted" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch r.Method {
+										case "POST":
+											s.handleSetSubmissionCompletedRequest([1]string{
+												args[0],
+											}, elemIsEscaped, w, r)
+										default:
+											s.notAllowed(w, r, "POST")
+										}
+
+										return
+									}
+
+								}
+
 							case 'm': // Prefix: "model"
 
 								if l := len("model"); len(elem) >= l && elem[0:l] == "model" {
@@ -956,6 +1160,28 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 											break
 										}
 										switch elem[0] {
+										case 's': // Prefix: "submitting"
+
+											if l := len("submitting"); len(elem) >= l && elem[0:l] == "submitting" {
+												elem = elem[l:]
+											} else {
+												break
+											}
+
+											if len(elem) == 0 {
+												// Leaf node.
+												switch r.Method {
+												case "POST":
+													s.handleActionSubmissionResetSubmittingRequest([1]string{
+														args[0],
+													}, elemIsEscaped, w, r)
+												default:
+													s.notAllowed(w, r, "POST")
+												}
+
+												return
+											}
+
 										case 'u': // Prefix: "uploading"
 
 											if l := len("uploading"); len(elem) >= l && elem[0:l] == "uploading" {
@@ -1048,28 +1274,6 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 									}
 
-								case 's': // Prefix: "submit"
-
-									if l := len("submit"); len(elem) >= l && elem[0:l] == "submit" {
-										elem = elem[l:]
-									} else {
-										break
-									}
-
-									if len(elem) == 0 {
-										// Leaf node.
-										switch r.Method {
-										case "POST":
-											s.handleActionSubmissionSubmitRequest([1]string{
-												args[0],
-											}, elemIsEscaped, w, r)
-										default:
-											s.notAllowed(w, r, "POST")
-										}
-
-										return
-									}
-
 								case 't': // Prefix: "trigger-"
 
 									if l := len("trigger-"); len(elem) >= l && elem[0:l] == "trigger-" {
@@ -1082,6 +1286,51 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 										break
 									}
 									switch elem[0] {
+									case 's': // Prefix: "submit"
+
+										if l := len("submit"); len(elem) >= l && elem[0:l] == "submit" {
+											elem = elem[l:]
+										} else {
+											break
+										}
+
+										if len(elem) == 0 {
+											switch r.Method {
+											case "POST":
+												s.handleActionSubmissionTriggerSubmitRequest([1]string{
+													args[0],
+												}, elemIsEscaped, w, r)
+											default:
+												s.notAllowed(w, r, "POST")
+											}
+
+											return
+										}
+										switch elem[0] {
+										case '-': // Prefix: "-unchecked"
+
+											if l := len("-unchecked"); len(elem) >= l && elem[0:l] == "-unchecked" {
+												elem = elem[l:]
+											} else {
+												break
+											}
+
+											if len(elem) == 0 {
+												// Leaf node.
+												switch r.Method {
+												case "POST":
+													s.handleActionSubmissionTriggerSubmitUncheckedRequest([1]string{
+														args[0],
+													}, elemIsEscaped, w, r)
+												default:
+													s.notAllowed(w, r, "POST")
+												}
+
+												return
+											}
+
+										}
+
 									case 'u': // Prefix: "upload"
 
 										if l := len("upload"); len(elem) >= l && elem[0:l] == "upload" {
@@ -1319,9 +1568,9 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 								break
 							}
 							switch elem[0] {
-							case 'c': // Prefix: "completed"
+							case 'a': // Prefix: "audit-events"
 
-								if l := len("completed"); len(elem) >= l && elem[0:l] == "completed" {
+								if l := len("audit-events"); len(elem) >= l && elem[0:l] == "audit-events" {
 									elem = elem[l:]
 								} else {
 									break
@@ -1330,11 +1579,11 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 								if len(elem) == 0 {
 									// Leaf node.
 									switch method {
-									case "POST":
-										r.name = SetMapfixCompletedOperation
-										r.summary = "Called by maptest when a player completes the map"
-										r.operationID = "setMapfixCompleted"
-										r.pathPattern = "/mapfixes/{MapfixID}/completed"
+									case "GET":
+										r.name = ListMapfixAuditEventsOperation
+										r.summary = "Retrieve a list of audit events"
+										r.operationID = "listMapfixAuditEvents"
+										r.pathPattern = "/mapfixes/{MapfixID}/audit-events"
 										r.args = args
 										r.count = 1
 										return r, true
@@ -1343,6 +1592,68 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 									}
 								}
 
+							case 'c': // Prefix: "com"
+
+								if l := len("com"); len(elem) >= l && elem[0:l] == "com" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									break
+								}
+								switch elem[0] {
+								case 'm': // Prefix: "ment"
+
+									if l := len("ment"); len(elem) >= l && elem[0:l] == "ment" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch method {
+										case "POST":
+											r.name = CreateMapfixAuditCommentOperation
+											r.summary = "Post a comment to the audit log"
+											r.operationID = "createMapfixAuditComment"
+											r.pathPattern = "/mapfixes/{MapfixID}/comment"
+											r.args = args
+											r.count = 1
+											return r, true
+										default:
+											return
+										}
+									}
+
+								case 'p': // Prefix: "pleted"
+
+									if l := len("pleted"); len(elem) >= l && elem[0:l] == "pleted" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch method {
+										case "POST":
+											r.name = SetMapfixCompletedOperation
+											r.summary = "Called by maptest when a player completes the map"
+											r.operationID = "setMapfixCompleted"
+											r.pathPattern = "/mapfixes/{MapfixID}/completed"
+											r.args = args
+											r.count = 1
+											return r, true
+										default:
+											return
+										}
+									}
+
+								}
+
 							case 'm': // Prefix: "model"
 
 								if l := len("model"); len(elem) >= l && elem[0:l] == "model" {
@@ -1451,6 +1762,30 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 											break
 										}
 										switch elem[0] {
+										case 's': // Prefix: "submitting"
+
+											if l := len("submitting"); len(elem) >= l && elem[0:l] == "submitting" {
+												elem = elem[l:]
+											} else {
+												break
+											}
+
+											if len(elem) == 0 {
+												// Leaf node.
+												switch method {
+												case "POST":
+													r.name = ActionMapfixResetSubmittingOperation
+													r.summary = "Role Submitter manually resets submitting softlock and changes status from Submitting -> UnderConstruction"
+													r.operationID = "actionMapfixResetSubmitting"
+													r.pathPattern = "/mapfixes/{MapfixID}/status/reset-submitting"
+													r.args = args
+													r.count = 1
+													return r, true
+												default:
+													return
+												}
+											}
+
 										case 'u': // Prefix: "uploading"
 
 											if l := len("uploading"); len(elem) >= l && elem[0:l] == "uploading" {
@@ -1551,30 +1886,6 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 
 									}
 
-								case 's': // Prefix: "submit"
-
-									if l := len("submit"); len(elem) >= l && elem[0:l] == "submit" {
-										elem = elem[l:]
-									} else {
-										break
-									}
-
-									if len(elem) == 0 {
-										// Leaf node.
-										switch method {
-										case "POST":
-											r.name = ActionMapfixSubmitOperation
-											r.summary = "Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted"
-											r.operationID = "actionMapfixSubmit"
-											r.pathPattern = "/mapfixes/{MapfixID}/status/submit"
-											r.args = args
-											r.count = 1
-											return r, true
-										default:
-											return
-										}
-									}
-
 								case 't': // Prefix: "trigger-"
 
 									if l := len("trigger-"); len(elem) >= l && elem[0:l] == "trigger-" {
@@ -1587,6 +1898,55 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 										break
 									}
 									switch elem[0] {
+									case 's': // Prefix: "submit"
+
+										if l := len("submit"); len(elem) >= l && elem[0:l] == "submit" {
+											elem = elem[l:]
+										} else {
+											break
+										}
+
+										if len(elem) == 0 {
+											switch method {
+											case "POST":
+												r.name = ActionMapfixTriggerSubmitOperation
+												r.summary = "Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting"
+												r.operationID = "actionMapfixTriggerSubmit"
+												r.pathPattern = "/mapfixes/{MapfixID}/status/trigger-submit"
+												r.args = args
+												r.count = 1
+												return r, true
+											default:
+												return
+											}
+										}
+										switch elem[0] {
+										case '-': // Prefix: "-unchecked"
+
+											if l := len("-unchecked"); len(elem) >= l && elem[0:l] == "-unchecked" {
+												elem = elem[l:]
+											} else {
+												break
+											}
+
+											if len(elem) == 0 {
+												// Leaf node.
+												switch method {
+												case "POST":
+													r.name = ActionMapfixTriggerSubmitUncheckedOperation
+													r.summary = "Role Reviewer changes status from ChangesRequested -> Submitting"
+													r.operationID = "actionMapfixTriggerSubmitUnchecked"
+													r.pathPattern = "/mapfixes/{MapfixID}/status/trigger-submit-unchecked"
+													r.args = args
+													r.count = 1
+													return r, true
+												default:
+													return
+												}
+											}
+
+										}
+
 									case 'u': // Prefix: "upload"
 
 										if l := len("upload"); len(elem) >= l && elem[0:l] == "upload" {
@@ -1677,16 +2037,15 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 						}
 
 						// Param: "MapID"
-						// Leaf parameter, slashes are prohibited
+						// Match until "/"
 						idx := strings.IndexByte(elem, '/')
-						if idx >= 0 {
-							break
+						if idx < 0 {
+							idx = len(elem)
 						}
-						args[0] = elem
-						elem = ""
+						args[0] = elem[:idx]
+						elem = elem[idx:]
 
 						if len(elem) == 0 {
-							// Leaf node.
 							switch method {
 							case "GET":
 								r.name = GetMapOperation
@@ -1700,6 +2059,32 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 								return
 							}
 						}
+						switch elem[0] {
+						case '/': // Prefix: "/location"
+
+							if l := len("/location"); len(elem) >= l && elem[0:l] == "/location" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								// Leaf node.
+								switch method {
+								case "GET":
+									r.name = GetMapAssetLocationOperation
+									r.summary = "Get location of asset"
+									r.operationID = "getMapAssetLocation"
+									r.pathPattern = "/maps/{MapID}/location"
+									r.args = args
+									r.count = 1
+									return r, true
+								default:
+									return
+								}
+							}
+
+						}
 
 					}
 
@@ -2069,6 +2454,30 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 						}
 					}
 					switch elem[0] {
+					case '-': // Prefix: "-admin"
+
+						if l := len("-admin"); len(elem) >= l && elem[0:l] == "-admin" {
+							elem = elem[l:]
+						} else {
+							break
+						}
+
+						if len(elem) == 0 {
+							// Leaf node.
+							switch method {
+							case "POST":
+								r.name = CreateSubmissionAdminOperation
+								r.summary = "Trigger the validator to create a new submission"
+								r.operationID = "createSubmissionAdmin"
+								r.pathPattern = "/submissions-admin"
+								r.args = args
+								r.count = 0
+								return r, true
+							default:
+								return
+							}
+						}
+
 					case '/': // Prefix: "/"
 
 						if l := len("/"); len(elem) >= l && elem[0:l] == "/" {
@@ -2113,9 +2522,9 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 								break
 							}
 							switch elem[0] {
-							case 'c': // Prefix: "completed"
+							case 'a': // Prefix: "audit-events"
 
-								if l := len("completed"); len(elem) >= l && elem[0:l] == "completed" {
+								if l := len("audit-events"); len(elem) >= l && elem[0:l] == "audit-events" {
 									elem = elem[l:]
 								} else {
 									break
@@ -2124,11 +2533,11 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 								if len(elem) == 0 {
 									// Leaf node.
 									switch method {
-									case "POST":
-										r.name = SetSubmissionCompletedOperation
-										r.summary = "Called by maptest when a player completes the map"
-										r.operationID = "setSubmissionCompleted"
-										r.pathPattern = "/submissions/{SubmissionID}/completed"
+									case "GET":
+										r.name = ListSubmissionAuditEventsOperation
+										r.summary = "Retrieve a list of audit events"
+										r.operationID = "listSubmissionAuditEvents"
+										r.pathPattern = "/submissions/{SubmissionID}/audit-events"
 										r.args = args
 										r.count = 1
 										return r, true
@@ -2137,6 +2546,68 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 									}
 								}
 
+							case 'c': // Prefix: "com"
+
+								if l := len("com"); len(elem) >= l && elem[0:l] == "com" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									break
+								}
+								switch elem[0] {
+								case 'm': // Prefix: "ment"
+
+									if l := len("ment"); len(elem) >= l && elem[0:l] == "ment" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch method {
+										case "POST":
+											r.name = CreateSubmissionAuditCommentOperation
+											r.summary = "Post a comment to the audit log"
+											r.operationID = "createSubmissionAuditComment"
+											r.pathPattern = "/submissions/{SubmissionID}/comment"
+											r.args = args
+											r.count = 1
+											return r, true
+										default:
+											return
+										}
+									}
+
+								case 'p': // Prefix: "pleted"
+
+									if l := len("pleted"); len(elem) >= l && elem[0:l] == "pleted" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch method {
+										case "POST":
+											r.name = SetSubmissionCompletedOperation
+											r.summary = "Called by maptest when a player completes the map"
+											r.operationID = "setSubmissionCompleted"
+											r.pathPattern = "/submissions/{SubmissionID}/completed"
+											r.args = args
+											r.count = 1
+											return r, true
+										default:
+											return
+										}
+									}
+
+								}
+
 							case 'm': // Prefix: "model"
 
 								if l := len("model"); len(elem) >= l && elem[0:l] == "model" {
@@ -2245,6 +2716,30 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 											break
 										}
 										switch elem[0] {
+										case 's': // Prefix: "submitting"
+
+											if l := len("submitting"); len(elem) >= l && elem[0:l] == "submitting" {
+												elem = elem[l:]
+											} else {
+												break
+											}
+
+											if len(elem) == 0 {
+												// Leaf node.
+												switch method {
+												case "POST":
+													r.name = ActionSubmissionResetSubmittingOperation
+													r.summary = "Role Submitter manually resets submitting softlock and changes status from Submitting -> UnderConstruction"
+													r.operationID = "actionSubmissionResetSubmitting"
+													r.pathPattern = "/submissions/{SubmissionID}/status/reset-submitting"
+													r.args = args
+													r.count = 1
+													return r, true
+												default:
+													return
+												}
+											}
+
 										case 'u': // Prefix: "uploading"
 
 											if l := len("uploading"); len(elem) >= l && elem[0:l] == "uploading" {
@@ -2345,30 +2840,6 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 
 									}
 
-								case 's': // Prefix: "submit"
-
-									if l := len("submit"); len(elem) >= l && elem[0:l] == "submit" {
-										elem = elem[l:]
-									} else {
-										break
-									}
-
-									if len(elem) == 0 {
-										// Leaf node.
-										switch method {
-										case "POST":
-											r.name = ActionSubmissionSubmitOperation
-											r.summary = "Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted"
-											r.operationID = "actionSubmissionSubmit"
-											r.pathPattern = "/submissions/{SubmissionID}/status/submit"
-											r.args = args
-											r.count = 1
-											return r, true
-										default:
-											return
-										}
-									}
-
 								case 't': // Prefix: "trigger-"
 
 									if l := len("trigger-"); len(elem) >= l && elem[0:l] == "trigger-" {
@@ -2381,6 +2852,55 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 										break
 									}
 									switch elem[0] {
+									case 's': // Prefix: "submit"
+
+										if l := len("submit"); len(elem) >= l && elem[0:l] == "submit" {
+											elem = elem[l:]
+										} else {
+											break
+										}
+
+										if len(elem) == 0 {
+											switch method {
+											case "POST":
+												r.name = ActionSubmissionTriggerSubmitOperation
+												r.summary = "Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting"
+												r.operationID = "actionSubmissionTriggerSubmit"
+												r.pathPattern = "/submissions/{SubmissionID}/status/trigger-submit"
+												r.args = args
+												r.count = 1
+												return r, true
+											default:
+												return
+											}
+										}
+										switch elem[0] {
+										case '-': // Prefix: "-unchecked"
+
+											if l := len("-unchecked"); len(elem) >= l && elem[0:l] == "-unchecked" {
+												elem = elem[l:]
+											} else {
+												break
+											}
+
+											if len(elem) == 0 {
+												// Leaf node.
+												switch method {
+												case "POST":
+													r.name = ActionSubmissionTriggerSubmitUncheckedOperation
+													r.summary = "Role Reviewer changes status from ChangesRequested -> Submitting"
+													r.operationID = "actionSubmissionTriggerSubmitUnchecked"
+													r.pathPattern = "/submissions/{SubmissionID}/status/trigger-submit-unchecked"
+													r.args = args
+													r.count = 1
+													return r, true
+												default:
+													return
+												}
+											}
+
+										}
+
 									case 'u': // Prefix: "upload"
 
 										if l := len("upload"); len(elem) >= l && elem[0:l] == "upload" {

pkg/api/oas_schemas_gen.go

@@ -4,7 +4,10 @@ package api
 
 import (
 	"fmt"
+	"io"
 	"time"
+
+	"github.com/go-faster/jx"
 )
 
 func (s *ErrorStatusCode) Error() string {
@@ -20,14 +23,20 @@ type ActionMapfixRejectNoContent struct{}
 // ActionMapfixRequestChangesNoContent is response for ActionMapfixRequestChanges operation.
 type ActionMapfixRequestChangesNoContent struct{}
 
+// ActionMapfixResetSubmittingNoContent is response for ActionMapfixResetSubmitting operation.
+type ActionMapfixResetSubmittingNoContent struct{}
+
 // ActionMapfixRetryValidateNoContent is response for ActionMapfixRetryValidate operation.
 type ActionMapfixRetryValidateNoContent struct{}
 
 // ActionMapfixRevokeNoContent is response for ActionMapfixRevoke operation.
 type ActionMapfixRevokeNoContent struct{}
 
-// ActionMapfixSubmitNoContent is response for ActionMapfixSubmit operation.
-type ActionMapfixSubmitNoContent struct{}
+// ActionMapfixTriggerSubmitNoContent is response for ActionMapfixTriggerSubmit operation.
+type ActionMapfixTriggerSubmitNoContent struct{}
+
+// ActionMapfixTriggerSubmitUncheckedNoContent is response for ActionMapfixTriggerSubmitUnchecked operation.
+type ActionMapfixTriggerSubmitUncheckedNoContent struct{}
 
 // ActionMapfixTriggerUploadNoContent is response for ActionMapfixTriggerUpload operation.
 type ActionMapfixTriggerUploadNoContent struct{}
@@ -47,14 +56,20 @@ type ActionSubmissionRejectNoContent struct{}
 // ActionSubmissionRequestChangesNoContent is response for ActionSubmissionRequestChanges operation.
 type ActionSubmissionRequestChangesNoContent struct{}
 
+// ActionSubmissionResetSubmittingNoContent is response for ActionSubmissionResetSubmitting operation.
+type ActionSubmissionResetSubmittingNoContent struct{}
+
 // ActionSubmissionRetryValidateNoContent is response for ActionSubmissionRetryValidate operation.
 type ActionSubmissionRetryValidateNoContent struct{}
 
 // ActionSubmissionRevokeNoContent is response for ActionSubmissionRevoke operation.
 type ActionSubmissionRevokeNoContent struct{}
 
-// ActionSubmissionSubmitNoContent is response for ActionSubmissionSubmit operation.
-type ActionSubmissionSubmitNoContent struct{}
+// ActionSubmissionTriggerSubmitNoContent is response for ActionSubmissionTriggerSubmit operation.
+type ActionSubmissionTriggerSubmitNoContent struct{}
+
+// ActionSubmissionTriggerSubmitUncheckedNoContent is response for ActionSubmissionTriggerSubmitUnchecked operation.
+type ActionSubmissionTriggerSubmitUncheckedNoContent struct{}
 
 // ActionSubmissionTriggerUploadNoContent is response for ActionSubmissionTriggerUpload operation.
 type ActionSubmissionTriggerUploadNoContent struct{}
@@ -65,8 +80,115 @@ type ActionSubmissionTriggerValidateNoContent struct{}
 // ActionSubmissionValidatedNoContent is response for ActionSubmissionValidated operation.
 type ActionSubmissionValidatedNoContent struct{}
 
+// Ref: #/components/schemas/AuditEvent
+type AuditEvent struct {
+	ID       int64  `json:"ID"`
+	Date     int64  `json:"Date"`
+	User     int64  `json:"User"`
+	Username string `json:"Username"`
+	// Is this a submission or is it a mapfix.
+	ResourceType int32 `json:"ResourceType"`
+	ResourceID   int64 `json:"ResourceID"`
+	EventType    int32 `json:"EventType"`
+	// Arbitrary event data.
+	EventData AuditEventEventData `json:"EventData"`
+}
+
+// GetID returns the value of ID.
+func (s *AuditEvent) GetID() int64 {
+	return s.ID
+}
+
+// GetDate returns the value of Date.
+func (s *AuditEvent) GetDate() int64 {
+	return s.Date
+}
+
+// GetUser returns the value of User.
+func (s *AuditEvent) GetUser() int64 {
+	return s.User
+}
+
+// GetUsername returns the value of Username.
+func (s *AuditEvent) GetUsername() string {
+	return s.Username
+}
+
+// GetResourceType returns the value of ResourceType.
+func (s *AuditEvent) GetResourceType() int32 {
+	return s.ResourceType
+}
+
+// GetResourceID returns the value of ResourceID.
+func (s *AuditEvent) GetResourceID() int64 {
+	return s.ResourceID
+}
+
+// GetEventType returns the value of EventType.
+func (s *AuditEvent) GetEventType() int32 {
+	return s.EventType
+}
+
+// GetEventData returns the value of EventData.
+func (s *AuditEvent) GetEventData() AuditEventEventData {
+	return s.EventData
+}
+
+// SetID sets the value of ID.
+func (s *AuditEvent) SetID(val int64) {
+	s.ID = val
+}
+
+// SetDate sets the value of Date.
+func (s *AuditEvent) SetDate(val int64) {
+	s.Date = val
+}
+
+// SetUser sets the value of User.
+func (s *AuditEvent) SetUser(val int64) {
+	s.User = val
+}
+
+// SetUsername sets the value of Username.
+func (s *AuditEvent) SetUsername(val string) {
+	s.Username = val
+}
+
+// SetResourceType sets the value of ResourceType.
+func (s *AuditEvent) SetResourceType(val int32) {
+	s.ResourceType = val
+}
+
+// SetResourceID sets the value of ResourceID.
+func (s *AuditEvent) SetResourceID(val int64) {
+	s.ResourceID = val
+}
+
+// SetEventType sets the value of EventType.
+func (s *AuditEvent) SetEventType(val int32) {
+	s.EventType = val
+}
+
+// SetEventData sets the value of EventData.
+func (s *AuditEvent) SetEventData(val AuditEventEventData) {
+	s.EventData = val
+}
+
+// Arbitrary event data.
+type AuditEventEventData map[string]jx.Raw
+
+func (s *AuditEventEventData) init() AuditEventEventData {
+	m := *s
+	if m == nil {
+		m = map[string]jx.Raw{}
+		*s = m
+	}
+	return m
+}
+
 type CookieAuth struct {
 	APIKey string
+	Roles  []string
 }
 
 // GetAPIKey returns the value of APIKey.
@@ -74,11 +196,55 @@ func (s *CookieAuth) GetAPIKey() string {
 	return s.APIKey
 }
 
+// GetRoles returns the value of Roles.
+func (s *CookieAuth) GetRoles() []string {
+	return s.Roles
+}
+
 // SetAPIKey sets the value of APIKey.
 func (s *CookieAuth) SetAPIKey(val string) {
 	s.APIKey = val
 }
 
+// SetRoles sets the value of Roles.
+func (s *CookieAuth) SetRoles(val []string) {
+	s.Roles = val
+}
+
+// CreateMapfixAuditCommentNoContent is response for CreateMapfixAuditComment operation.
+type CreateMapfixAuditCommentNoContent struct{}
+
+type CreateMapfixAuditCommentReq struct {
+	Data io.Reader
+}
+
+// Read reads data from the Data reader.
+//
+// Kept to satisfy the io.Reader interface.
+func (s CreateMapfixAuditCommentReq) Read(p []byte) (n int, err error) {
+	if s.Data == nil {
+		return 0, io.EOF
+	}
+	return s.Data.Read(p)
+}
+
+// CreateSubmissionAuditCommentNoContent is response for CreateSubmissionAuditComment operation.
+type CreateSubmissionAuditCommentNoContent struct{}
+
+type CreateSubmissionAuditCommentReq struct {
+	Data io.Reader
+}
+
+// Read reads data from the Data reader.
+//
+// Kept to satisfy the io.Reader interface.
+func (s CreateSubmissionAuditCommentReq) Read(p []byte) (n int, err error) {
+	if s.Data == nil {
+		return 0, io.EOF
+	}
+	return s.Data.Read(p)
+}
+
 // DeleteScriptNoContent is response for DeleteScript operation.
 type DeleteScriptNoContent struct{}
 
@@ -138,6 +304,20 @@ func (s *ErrorStatusCode) SetResponse(val Error) {
 	s.Response = val
 }
 
+type GetMapAssetLocationOK struct {
+	Data io.Reader
+}
+
+// Read reads data from the Data reader.
+//
+// Kept to satisfy the io.Reader interface.
+func (s GetMapAssetLocationOK) Read(p []byte) (n int, err error) {
+	if s.Data == nil {
+		return 0, io.EOF
+	}
+	return s.Data.Read(p)
+}
+
 // Ref: #/components/schemas/Map
 type Map struct {
 	ID          int64  `json:"ID"`
@@ -211,7 +391,7 @@ type Mapfix struct {
 	Completed     bool   `json:"Completed"`
 	TargetAssetID int64  `json:"TargetAssetID"`
 	StatusID      int32  `json:"StatusID"`
-	StatusMessage string `json:"StatusMessage"`
+	Description   string `json:"Description"`
 }
 
 // GetID returns the value of ID.
@@ -274,9 +454,9 @@ func (s *Mapfix) GetStatusID() int32 {
 	return s.StatusID
 }
 
-// GetStatusMessage returns the value of StatusMessage.
-func (s *Mapfix) GetStatusMessage() string {
-	return s.StatusMessage
+// GetDescription returns the value of Description.
+func (s *Mapfix) GetDescription() string {
+	return s.Description
 }
 
 // SetID sets the value of ID.
@@ -339,15 +519,16 @@ func (s *Mapfix) SetStatusID(val int32) {
 	s.StatusID = val
 }
 
-// SetStatusMessage sets the value of StatusMessage.
-func (s *Mapfix) SetStatusMessage(val string) {
-	s.StatusMessage = val
+// SetDescription sets the value of Description.
+func (s *Mapfix) SetDescription(val string) {
+	s.Description = val
 }
 
 // Ref: #/components/schemas/MapfixTriggerCreate
 type MapfixTriggerCreate struct {
-	AssetID       int64 `json:"AssetID"`
-	TargetAssetID int64 `json:"TargetAssetID"`
+	AssetID       int64  `json:"AssetID"`
+	TargetAssetID int64  `json:"TargetAssetID"`
+	Description   string `json:"Description"`
 }
 
 // GetAssetID returns the value of AssetID.
@@ -360,6 +541,11 @@ func (s *MapfixTriggerCreate) GetTargetAssetID() int64 {
 	return s.TargetAssetID
 }
 
+// GetDescription returns the value of Description.
+func (s *MapfixTriggerCreate) GetDescription() string {
+	return s.Description
+}
+
 // SetAssetID sets the value of AssetID.
 func (s *MapfixTriggerCreate) SetAssetID(val int64) {
 	s.AssetID = val
@@ -370,6 +556,37 @@ func (s *MapfixTriggerCreate) SetTargetAssetID(val int64) {
 	s.TargetAssetID = val
 }
 
+// SetDescription sets the value of Description.
+func (s *MapfixTriggerCreate) SetDescription(val string) {
+	s.Description = val
+}
+
+// Ref: #/components/schemas/Mapfixes
+type Mapfixes struct {
+	Total    int64    `json:"Total"`
+	Mapfixes []Mapfix `json:"Mapfixes"`
+}
+
+// GetTotal returns the value of Total.
+func (s *Mapfixes) GetTotal() int64 {
+	return s.Total
+}
+
+// GetMapfixes returns the value of Mapfixes.
+func (s *Mapfixes) GetMapfixes() []Mapfix {
+	return s.Mapfixes
+}
+
+// SetTotal sets the value of Total.
+func (s *Mapfixes) SetTotal(val int64) {
+	s.Total = val
+}
+
+// SetMapfixes sets the value of Mapfixes.
+func (s *Mapfixes) SetMapfixes(val []Mapfix) {
+	s.Mapfixes = val
+}
+
 // Ref: #/components/schemas/Operation
 type Operation struct {
 	OperationID   int32  `json:"OperationID"`
@@ -999,7 +1216,6 @@ type Submission struct {
 	Completed             bool     `json:"Completed"`
 	UploadedAssetID       OptInt64 `json:"UploadedAssetID"`
 	StatusID              int32    `json:"StatusID"`
-	StatusMessage         string   `json:"StatusMessage"`
 }
 
 // GetID returns the value of ID.
@@ -1072,11 +1288,6 @@ func (s *Submission) GetStatusID() int32 {
 	return s.StatusID
 }
 
-// GetStatusMessage returns the value of StatusMessage.
-func (s *Submission) GetStatusMessage() string {
-	return s.StatusMessage
-}
-
 // SetID sets the value of ID.
 func (s *Submission) SetID(val int64) {
 	s.ID = val
@@ -1147,14 +1358,12 @@ func (s *Submission) SetStatusID(val int32) {
 	s.StatusID = val
 }
 
-// SetStatusMessage sets the value of StatusMessage.
-func (s *Submission) SetStatusMessage(val string) {
-	s.StatusMessage = val
-}
-
 // Ref: #/components/schemas/SubmissionTriggerCreate
 type SubmissionTriggerCreate struct {
-	AssetID int64 `json:"AssetID"`
+	AssetID     int64  `json:"AssetID"`
+	DisplayName string `json:"DisplayName"`
+	Creator     string `json:"Creator"`
+	GameID      int32  `json:"GameID"`
 }
 
 // GetAssetID returns the value of AssetID.
@@ -1162,11 +1371,67 @@ func (s *SubmissionTriggerCreate) GetAssetID() int64 {
 	return s.AssetID
 }
 
+// GetDisplayName returns the value of DisplayName.
+func (s *SubmissionTriggerCreate) GetDisplayName() string {
+	return s.DisplayName
+}
+
+// GetCreator returns the value of Creator.
+func (s *SubmissionTriggerCreate) GetCreator() string {
+	return s.Creator
+}
+
+// GetGameID returns the value of GameID.
+func (s *SubmissionTriggerCreate) GetGameID() int32 {
+	return s.GameID
+}
+
 // SetAssetID sets the value of AssetID.
 func (s *SubmissionTriggerCreate) SetAssetID(val int64) {
 	s.AssetID = val
 }
 
+// SetDisplayName sets the value of DisplayName.
+func (s *SubmissionTriggerCreate) SetDisplayName(val string) {
+	s.DisplayName = val
+}
+
+// SetCreator sets the value of Creator.
+func (s *SubmissionTriggerCreate) SetCreator(val string) {
+	s.Creator = val
+}
+
+// SetGameID sets the value of GameID.
+func (s *SubmissionTriggerCreate) SetGameID(val int32) {
+	s.GameID = val
+}
+
+// Ref: #/components/schemas/Submissions
+type Submissions struct {
+	Total       int64        `json:"Total"`
+	Submissions []Submission `json:"Submissions"`
+}
+
+// GetTotal returns the value of Total.
+func (s *Submissions) GetTotal() int64 {
+	return s.Total
+}
+
+// GetSubmissions returns the value of Submissions.
+func (s *Submissions) GetSubmissions() []Submission {
+	return s.Submissions
+}
+
+// SetTotal sets the value of Total.
+func (s *Submissions) SetTotal(val int64) {
+	s.Total = val
+}
+
+// SetSubmissions sets the value of Submissions.
+func (s *Submissions) SetSubmissions(val []Submission) {
+	s.Submissions = val
+}
+
 // UpdateMapfixModelNoContent is response for UpdateMapfixModel operation.
 type UpdateMapfixModelNoContent struct{}
 

pkg/api/oas_security_gen.go

@@ -33,6 +33,52 @@ func findAuthorization(h http.Header, prefix string) (string, bool) {
 	return "", false
 }
 
+var operationRolesCookieAuth = map[string][]string{
+	ActionMapfixAcceptedOperation:                   []string{},
+	ActionMapfixRejectOperation:                     []string{},
+	ActionMapfixRequestChangesOperation:             []string{},
+	ActionMapfixResetSubmittingOperation:            []string{},
+	ActionMapfixRetryValidateOperation:              []string{},
+	ActionMapfixRevokeOperation:                     []string{},
+	ActionMapfixTriggerSubmitOperation:              []string{},
+	ActionMapfixTriggerSubmitUncheckedOperation:     []string{},
+	ActionMapfixTriggerUploadOperation:              []string{},
+	ActionMapfixTriggerValidateOperation:            []string{},
+	ActionMapfixValidatedOperation:                  []string{},
+	ActionSubmissionAcceptedOperation:               []string{},
+	ActionSubmissionRejectOperation:                 []string{},
+	ActionSubmissionRequestChangesOperation:         []string{},
+	ActionSubmissionResetSubmittingOperation:        []string{},
+	ActionSubmissionRetryValidateOperation:          []string{},
+	ActionSubmissionRevokeOperation:                 []string{},
+	ActionSubmissionTriggerSubmitOperation:          []string{},
+	ActionSubmissionTriggerSubmitUncheckedOperation: []string{},
+	ActionSubmissionTriggerUploadOperation:          []string{},
+	ActionSubmissionTriggerValidateOperation:        []string{},
+	ActionSubmissionValidatedOperation:              []string{},
+	CreateMapfixOperation:                           []string{},
+	CreateMapfixAuditCommentOperation:               []string{},
+	CreateScriptOperation:                           []string{},
+	CreateScriptPolicyOperation:                     []string{},
+	CreateSubmissionOperation:                       []string{},
+	CreateSubmissionAdminOperation:                  []string{},
+	CreateSubmissionAuditCommentOperation:           []string{},
+	DeleteScriptOperation:                           []string{},
+	DeleteScriptPolicyOperation:                     []string{},
+	GetMapAssetLocationOperation:                    []string{},
+	GetOperationOperation:                           []string{},
+	ReleaseSubmissionsOperation:                     []string{},
+	SessionRolesOperation:                           []string{},
+	SessionUserOperation:                            []string{},
+	SessionValidateOperation:                        []string{},
+	SetMapfixCompletedOperation:                     []string{},
+	SetSubmissionCompletedOperation:                 []string{},
+	UpdateMapfixModelOperation:                      []string{},
+	UpdateScriptOperation:                           []string{},
+	UpdateScriptPolicyOperation:                     []string{},
+	UpdateSubmissionModelOperation:                  []string{},
+}
+
 func (s *Server) securityCookieAuth(ctx context.Context, operationName OperationName, req *http.Request) (context.Context, bool, error) {
 	var t CookieAuth
 	const parameterName = "session_id"
@@ -46,6 +92,7 @@ func (s *Server) securityCookieAuth(ctx context.Context, operationName Operation
 		return nil, false, errors.Wrap(err, "get cookie value")
 	}
 	t.APIKey = value
+	t.Roles = operationRolesCookieAuth[operationName]
 	rctx, err := s.sec.HandleCookieAuth(ctx, operationName, t)
 	if errors.Is(err, ogenerrors.ErrSkipServerSecurity) {
 		return nil, false, nil

pkg/api/oas_server_gen.go

@@ -26,6 +26,13 @@ type Handler interface {
 	//
 	// POST /mapfixes/{MapfixID}/status/request-changes
 	ActionMapfixRequestChanges(ctx context.Context, params ActionMapfixRequestChangesParams) error
+	// ActionMapfixResetSubmitting implements actionMapfixResetSubmitting operation.
+	//
+	// Role Submitter manually resets submitting softlock and changes status from Submitting ->
+	// UnderConstruction.
+	//
+	// POST /mapfixes/{MapfixID}/status/reset-submitting
+	ActionMapfixResetSubmitting(ctx context.Context, params ActionMapfixResetSubmittingParams) error
 	// ActionMapfixRetryValidate implements actionMapfixRetryValidate operation.
 	//
 	// Role Reviewer re-runs validation and changes status from Accepted -> Validating.
@@ -38,12 +45,18 @@ type Handler interface {
 	//
 	// POST /mapfixes/{MapfixID}/status/revoke
 	ActionMapfixRevoke(ctx context.Context, params ActionMapfixRevokeParams) error
-	// ActionMapfixSubmit implements actionMapfixSubmit operation.
+	// ActionMapfixTriggerSubmit implements actionMapfixTriggerSubmit operation.
 	//
-	// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted.
+	// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting.
 	//
-	// POST /mapfixes/{MapfixID}/status/submit
-	ActionMapfixSubmit(ctx context.Context, params ActionMapfixSubmitParams) error
+	// POST /mapfixes/{MapfixID}/status/trigger-submit
+	ActionMapfixTriggerSubmit(ctx context.Context, params ActionMapfixTriggerSubmitParams) error
+	// ActionMapfixTriggerSubmitUnchecked implements actionMapfixTriggerSubmitUnchecked operation.
+	//
+	// Role Reviewer changes status from ChangesRequested -> Submitting.
+	//
+	// POST /mapfixes/{MapfixID}/status/trigger-submit-unchecked
+	ActionMapfixTriggerSubmitUnchecked(ctx context.Context, params ActionMapfixTriggerSubmitUncheckedParams) error
 	// ActionMapfixTriggerUpload implements actionMapfixTriggerUpload operation.
 	//
 	// Role Admin changes status from Validated -> Uploading.
@@ -80,6 +93,13 @@ type Handler interface {
 	//
 	// POST /submissions/{SubmissionID}/status/request-changes
 	ActionSubmissionRequestChanges(ctx context.Context, params ActionSubmissionRequestChangesParams) error
+	// ActionSubmissionResetSubmitting implements actionSubmissionResetSubmitting operation.
+	//
+	// Role Submitter manually resets submitting softlock and changes status from Submitting ->
+	// UnderConstruction.
+	//
+	// POST /submissions/{SubmissionID}/status/reset-submitting
+	ActionSubmissionResetSubmitting(ctx context.Context, params ActionSubmissionResetSubmittingParams) error
 	// ActionSubmissionRetryValidate implements actionSubmissionRetryValidate operation.
 	//
 	// Role Reviewer re-runs validation and changes status from Accepted -> Validating.
@@ -92,12 +112,18 @@ type Handler interface {
 	//
 	// POST /submissions/{SubmissionID}/status/revoke
 	ActionSubmissionRevoke(ctx context.Context, params ActionSubmissionRevokeParams) error
-	// ActionSubmissionSubmit implements actionSubmissionSubmit operation.
+	// ActionSubmissionTriggerSubmit implements actionSubmissionTriggerSubmit operation.
 	//
-	// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted.
+	// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting.
 	//
-	// POST /submissions/{SubmissionID}/status/submit
-	ActionSubmissionSubmit(ctx context.Context, params ActionSubmissionSubmitParams) error
+	// POST /submissions/{SubmissionID}/status/trigger-submit
+	ActionSubmissionTriggerSubmit(ctx context.Context, params ActionSubmissionTriggerSubmitParams) error
+	// ActionSubmissionTriggerSubmitUnchecked implements actionSubmissionTriggerSubmitUnchecked operation.
+	//
+	// Role Reviewer changes status from ChangesRequested -> Submitting.
+	//
+	// POST /submissions/{SubmissionID}/status/trigger-submit-unchecked
+	ActionSubmissionTriggerSubmitUnchecked(ctx context.Context, params ActionSubmissionTriggerSubmitUncheckedParams) error
 	// ActionSubmissionTriggerUpload implements actionSubmissionTriggerUpload operation.
 	//
 	// Role Admin changes status from Validated -> Uploading.
@@ -122,6 +148,12 @@ type Handler interface {
 	//
 	// POST /mapfixes
 	CreateMapfix(ctx context.Context, req *MapfixTriggerCreate) (*OperationID, error)
+	// CreateMapfixAuditComment implements createMapfixAuditComment operation.
+	//
+	// Post a comment to the audit log.
+	//
+	// POST /mapfixes/{MapfixID}/comment
+	CreateMapfixAuditComment(ctx context.Context, req CreateMapfixAuditCommentReq, params CreateMapfixAuditCommentParams) error
 	// CreateScript implements createScript operation.
 	//
 	// Create a new script.
@@ -140,6 +172,18 @@ type Handler interface {
 	//
 	// POST /submissions
 	CreateSubmission(ctx context.Context, req *SubmissionTriggerCreate) (*OperationID, error)
+	// CreateSubmissionAdmin implements createSubmissionAdmin operation.
+	//
+	// Trigger the validator to create a new submission.
+	//
+	// POST /submissions-admin
+	CreateSubmissionAdmin(ctx context.Context, req *SubmissionTriggerCreate) (*OperationID, error)
+	// CreateSubmissionAuditComment implements createSubmissionAuditComment operation.
+	//
+	// Post a comment to the audit log.
+	//
+	// POST /submissions/{SubmissionID}/comment
+	CreateSubmissionAuditComment(ctx context.Context, req CreateSubmissionAuditCommentReq, params CreateSubmissionAuditCommentParams) error
 	// DeleteScript implements deleteScript operation.
 	//
 	// Delete the specified script by ID.
@@ -158,6 +202,12 @@ type Handler interface {
 	//
 	// GET /maps/{MapID}
 	GetMap(ctx context.Context, params GetMapParams) (*Map, error)
+	// GetMapAssetLocation implements getMapAssetLocation operation.
+	//
+	// Get location of asset.
+	//
+	// GET /maps/{MapID}/location
+	GetMapAssetLocation(ctx context.Context, params GetMapAssetLocationParams) (GetMapAssetLocationOK, error)
 	// GetMapfix implements getMapfix operation.
 	//
 	// Retrieve map with ID.
@@ -188,12 +238,18 @@ type Handler interface {
 	//
 	// GET /submissions/{SubmissionID}
 	GetSubmission(ctx context.Context, params GetSubmissionParams) (*Submission, error)
+	// ListMapfixAuditEvents implements listMapfixAuditEvents operation.
+	//
+	// Retrieve a list of audit events.
+	//
+	// GET /mapfixes/{MapfixID}/audit-events
+	ListMapfixAuditEvents(ctx context.Context, params ListMapfixAuditEventsParams) ([]AuditEvent, error)
 	// ListMapfixes implements listMapfixes operation.
 	//
 	// Get list of mapfixes.
 	//
 	// GET /mapfixes
-	ListMapfixes(ctx context.Context, params ListMapfixesParams) ([]Mapfix, error)
+	ListMapfixes(ctx context.Context, params ListMapfixesParams) (*Mapfixes, error)
 	// ListMaps implements listMaps operation.
 	//
 	// Get list of maps.
@@ -212,12 +268,18 @@ type Handler interface {
 	//
 	// GET /scripts
 	ListScripts(ctx context.Context, params ListScriptsParams) ([]Script, error)
+	// ListSubmissionAuditEvents implements listSubmissionAuditEvents operation.
+	//
+	// Retrieve a list of audit events.
+	//
+	// GET /submissions/{SubmissionID}/audit-events
+	ListSubmissionAuditEvents(ctx context.Context, params ListSubmissionAuditEventsParams) ([]AuditEvent, error)
 	// ListSubmissions implements listSubmissions operation.
 	//
 	// Get list of submissions.
 	//
 	// GET /submissions
-	ListSubmissions(ctx context.Context, params ListSubmissionsParams) ([]Submission, error)
+	ListSubmissions(ctx context.Context, params ListSubmissionsParams) (*Submissions, error)
 	// ReleaseSubmissions implements releaseSubmissions operation.
 	//
 	// Release a set of uploaded maps.

pkg/api/oas_unimplemented_gen.go

@@ -40,6 +40,16 @@ func (UnimplementedHandler) ActionMapfixRequestChanges(ctx context.Context, para
 	return ht.ErrNotImplemented
 }
 
+// ActionMapfixResetSubmitting implements actionMapfixResetSubmitting operation.
+//
+// Role Submitter manually resets submitting softlock and changes status from Submitting ->
+// UnderConstruction.
+//
+// POST /mapfixes/{MapfixID}/status/reset-submitting
+func (UnimplementedHandler) ActionMapfixResetSubmitting(ctx context.Context, params ActionMapfixResetSubmittingParams) error {
+	return ht.ErrNotImplemented
+}
+
 // ActionMapfixRetryValidate implements actionMapfixRetryValidate operation.
 //
 // Role Reviewer re-runs validation and changes status from Accepted -> Validating.
@@ -58,12 +68,21 @@ func (UnimplementedHandler) ActionMapfixRevoke(ctx context.Context, params Actio
 	return ht.ErrNotImplemented
 }
 
-// ActionMapfixSubmit implements actionMapfixSubmit operation.
+// ActionMapfixTriggerSubmit implements actionMapfixTriggerSubmit operation.
 //
-// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted.
+// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting.
 //
-// POST /mapfixes/{MapfixID}/status/submit
-func (UnimplementedHandler) ActionMapfixSubmit(ctx context.Context, params ActionMapfixSubmitParams) error {
+// POST /mapfixes/{MapfixID}/status/trigger-submit
+func (UnimplementedHandler) ActionMapfixTriggerSubmit(ctx context.Context, params ActionMapfixTriggerSubmitParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionMapfixTriggerSubmitUnchecked implements actionMapfixTriggerSubmitUnchecked operation.
+//
+// Role Reviewer changes status from ChangesRequested -> Submitting.
+//
+// POST /mapfixes/{MapfixID}/status/trigger-submit-unchecked
+func (UnimplementedHandler) ActionMapfixTriggerSubmitUnchecked(ctx context.Context, params ActionMapfixTriggerSubmitUncheckedParams) error {
 	return ht.ErrNotImplemented
 }
 
@@ -121,6 +140,16 @@ func (UnimplementedHandler) ActionSubmissionRequestChanges(ctx context.Context,
 	return ht.ErrNotImplemented
 }
 
+// ActionSubmissionResetSubmitting implements actionSubmissionResetSubmitting operation.
+//
+// Role Submitter manually resets submitting softlock and changes status from Submitting ->
+// UnderConstruction.
+//
+// POST /submissions/{SubmissionID}/status/reset-submitting
+func (UnimplementedHandler) ActionSubmissionResetSubmitting(ctx context.Context, params ActionSubmissionResetSubmittingParams) error {
+	return ht.ErrNotImplemented
+}
+
 // ActionSubmissionRetryValidate implements actionSubmissionRetryValidate operation.
 //
 // Role Reviewer re-runs validation and changes status from Accepted -> Validating.
@@ -139,12 +168,21 @@ func (UnimplementedHandler) ActionSubmissionRevoke(ctx context.Context, params A
 	return ht.ErrNotImplemented
 }
 
-// ActionSubmissionSubmit implements actionSubmissionSubmit operation.
+// ActionSubmissionTriggerSubmit implements actionSubmissionTriggerSubmit operation.
 //
-// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted.
+// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting.
 //
-// POST /submissions/{SubmissionID}/status/submit
-func (UnimplementedHandler) ActionSubmissionSubmit(ctx context.Context, params ActionSubmissionSubmitParams) error {
+// POST /submissions/{SubmissionID}/status/trigger-submit
+func (UnimplementedHandler) ActionSubmissionTriggerSubmit(ctx context.Context, params ActionSubmissionTriggerSubmitParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionTriggerSubmitUnchecked implements actionSubmissionTriggerSubmitUnchecked operation.
+//
+// Role Reviewer changes status from ChangesRequested -> Submitting.
+//
+// POST /submissions/{SubmissionID}/status/trigger-submit-unchecked
+func (UnimplementedHandler) ActionSubmissionTriggerSubmitUnchecked(ctx context.Context, params ActionSubmissionTriggerSubmitUncheckedParams) error {
 	return ht.ErrNotImplemented
 }
 
@@ -184,6 +222,15 @@ func (UnimplementedHandler) CreateMapfix(ctx context.Context, req *MapfixTrigger
 	return r, ht.ErrNotImplemented
 }
 
+// CreateMapfixAuditComment implements createMapfixAuditComment operation.
+//
+// Post a comment to the audit log.
+//
+// POST /mapfixes/{MapfixID}/comment
+func (UnimplementedHandler) CreateMapfixAuditComment(ctx context.Context, req CreateMapfixAuditCommentReq, params CreateMapfixAuditCommentParams) error {
+	return ht.ErrNotImplemented
+}
+
 // CreateScript implements createScript operation.
 //
 // Create a new script.
@@ -211,6 +258,24 @@ func (UnimplementedHandler) CreateSubmission(ctx context.Context, req *Submissio
 	return r, ht.ErrNotImplemented
 }
 
+// CreateSubmissionAdmin implements createSubmissionAdmin operation.
+//
+// Trigger the validator to create a new submission.
+//
+// POST /submissions-admin
+func (UnimplementedHandler) CreateSubmissionAdmin(ctx context.Context, req *SubmissionTriggerCreate) (r *OperationID, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
+// CreateSubmissionAuditComment implements createSubmissionAuditComment operation.
+//
+// Post a comment to the audit log.
+//
+// POST /submissions/{SubmissionID}/comment
+func (UnimplementedHandler) CreateSubmissionAuditComment(ctx context.Context, req CreateSubmissionAuditCommentReq, params CreateSubmissionAuditCommentParams) error {
+	return ht.ErrNotImplemented
+}
+
 // DeleteScript implements deleteScript operation.
 //
 // Delete the specified script by ID.
@@ -238,6 +303,15 @@ func (UnimplementedHandler) GetMap(ctx context.Context, params GetMapParams) (r
 	return r, ht.ErrNotImplemented
 }
 
+// GetMapAssetLocation implements getMapAssetLocation operation.
+//
+// Get location of asset.
+//
+// GET /maps/{MapID}/location
+func (UnimplementedHandler) GetMapAssetLocation(ctx context.Context, params GetMapAssetLocationParams) (r GetMapAssetLocationOK, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
 // GetMapfix implements getMapfix operation.
 //
 // Retrieve map with ID.
@@ -283,12 +357,21 @@ func (UnimplementedHandler) GetSubmission(ctx context.Context, params GetSubmiss
 	return r, ht.ErrNotImplemented
 }
 
+// ListMapfixAuditEvents implements listMapfixAuditEvents operation.
+//
+// Retrieve a list of audit events.
+//
+// GET /mapfixes/{MapfixID}/audit-events
+func (UnimplementedHandler) ListMapfixAuditEvents(ctx context.Context, params ListMapfixAuditEventsParams) (r []AuditEvent, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
 // ListMapfixes implements listMapfixes operation.
 //
 // Get list of mapfixes.
 //
 // GET /mapfixes
-func (UnimplementedHandler) ListMapfixes(ctx context.Context, params ListMapfixesParams) (r []Mapfix, _ error) {
+func (UnimplementedHandler) ListMapfixes(ctx context.Context, params ListMapfixesParams) (r *Mapfixes, _ error) {
 	return r, ht.ErrNotImplemented
 }
 
@@ -319,12 +402,21 @@ func (UnimplementedHandler) ListScripts(ctx context.Context, params ListScriptsP
 	return r, ht.ErrNotImplemented
 }
 
+// ListSubmissionAuditEvents implements listSubmissionAuditEvents operation.
+//
+// Retrieve a list of audit events.
+//
+// GET /submissions/{SubmissionID}/audit-events
+func (UnimplementedHandler) ListSubmissionAuditEvents(ctx context.Context, params ListSubmissionAuditEventsParams) (r []AuditEvent, _ error) {
+	return r, ht.ErrNotImplemented
+}
+
 // ListSubmissions implements listSubmissions operation.
 //
 // Get list of submissions.
 //
 // GET /submissions
-func (UnimplementedHandler) ListSubmissions(ctx context.Context, params ListSubmissionsParams) (r []Submission, _ error) {
+func (UnimplementedHandler) ListSubmissions(ctx context.Context, params ListSubmissionsParams) (r *Submissions, _ error) {
 	return r, ht.ErrNotImplemented
 }
 

pkg/cmds/serve.go

@@ -6,9 +6,11 @@ import (
 
 	"git.itzana.me/strafesnet/go-grpc/auth"
 	"git.itzana.me/strafesnet/go-grpc/maps"
+	"git.itzana.me/strafesnet/go-grpc/users"
 	"git.itzana.me/strafesnet/maps-service/pkg/api"
 	"git.itzana.me/strafesnet/maps-service/pkg/datastore/gormstore"
 	internal "git.itzana.me/strafesnet/maps-service/pkg/internal"
+	"git.itzana.me/strafesnet/maps-service/pkg/roblox"
 	"git.itzana.me/strafesnet/maps-service/pkg/service"
 	"git.itzana.me/strafesnet/maps-service/pkg/service_internal"
 	"github.com/nats-io/nats.go"
@@ -90,6 +92,12 @@ func NewServeCommand() *cli.Command {
 				EnvVars: []string{"NATS_HOST"},
 				Value:   "nats:4222",
 			},
+			&cli.StringFlag{
+				Name:     "rbx-api-key",
+				Usage:    "API Key for downloading asset locations",
+				EnvVars:  []string{"RBX_API_KEY"},
+				Required: true,
+			},
 		},
 	}
 }
@@ -125,7 +133,12 @@ func serve(ctx *cli.Context) error {
 	svc := &service.Service{
 		DB:   db,
 		Nats: js,
-		Client: maps.NewMapsServiceClient(conn),
+		Maps: maps.NewMapsServiceClient(conn),
+		Users: users.NewUsersServiceClient(conn),
+		Roblox: roblox.Client{
+			HttpClient: http.DefaultClient,
+			ApiKey: ctx.String("rbx-api-key"),
+		},
 	}
 
 	conn, err = grpc.Dial(ctx.String("auth-rpc-host"), grpc.WithTransportCredentials(insecure.NewCredentials()))

pkg/datastore/datastore.go

@@ -3,6 +3,8 @@ package datastore
 import (
 	"context"
 	"errors"
+	"time"
+
 	"git.itzana.me/strafesnet/maps-service/pkg/model"
 )
 
@@ -22,6 +24,7 @@ const (
 )
 
 type Datastore interface {
+	AuditEvents() AuditEvents
 	Mapfixes() Mapfixes
 	Operations() Operations
 	Submissions() Submissions
@@ -29,6 +32,14 @@ type Datastore interface {
 	ScriptPolicy() ScriptPolicy
 }
 
+type AuditEvents interface {
+	Get(ctx context.Context, id int64) (model.AuditEvent, error)
+	Create(ctx context.Context, smap model.AuditEvent) (model.AuditEvent, error)
+	Update(ctx context.Context, id int64, values OptionalMap) error
+	Delete(ctx context.Context, id int64) error
+	List(ctx context.Context, filters OptionalMap, page model.Page) ([]model.AuditEvent, error)
+}
+
 type Mapfixes interface {
 	Get(ctx context.Context, id int64) (model.Mapfix, error)
 	GetList(ctx context.Context, id []int64) ([]model.Mapfix, error)
@@ -38,7 +49,7 @@ type Mapfixes interface {
 	IfStatusThenUpdateAndGet(ctx context.Context, id int64, statuses []model.MapfixStatus, values OptionalMap) (model.Mapfix, error)
 	Delete(ctx context.Context, id int64) error
 	List(ctx context.Context, filters OptionalMap, page model.Page, sort ListSort) ([]model.Mapfix, error)
-	ListRestricted(ctx context.Context, filters OptionalMap, page model.Page, sort ListSort, submitter int64) ([]model.Mapfix, error)
+	ListWithTotal(ctx context.Context, filters OptionalMap, page model.Page, sort ListSort) (int64, []model.Mapfix, error)
 }
 
 type Operations interface {
@@ -46,6 +57,7 @@ type Operations interface {
 	Create(ctx context.Context, smap model.Operation) (model.Operation, error)
 	Update(ctx context.Context, id int32, values OptionalMap) error
 	Delete(ctx context.Context, id int32) error
+	CountSince(ctx context.Context, owner int64, since time.Time) (int64, error)
 }
 
 type Submissions interface {
@@ -57,7 +69,7 @@ type Submissions interface {
 	IfStatusThenUpdateAndGet(ctx context.Context, id int64, statuses []model.SubmissionStatus, values OptionalMap) (model.Submission, error)
 	Delete(ctx context.Context, id int64) error
 	List(ctx context.Context, filters OptionalMap, page model.Page, sort ListSort) ([]model.Submission, error)
-	ListRestricted(ctx context.Context, filters OptionalMap, page model.Page, sort ListSort, submitter int64) ([]model.Submission, error)
+	ListWithTotal(ctx context.Context, filters OptionalMap, page model.Page, sort ListSort) (int64, []model.Submission, error)
 }
 
 type Scripts interface {

pkg/datastore/gormstore/audit_events.go

@@ -0,0 +1,64 @@
+package gormstore
+
+import (
+	"context"
+	"errors"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+	"gorm.io/gorm"
+)
+
+type AuditEvents struct {
+	db *gorm.DB
+}
+
+func (env *AuditEvents) Get(ctx context.Context, id int64) (model.AuditEvent, error) {
+	var mdl model.AuditEvent
+	if err := env.db.First(&mdl, id).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return mdl, datastore.ErrNotExist
+		}
+		return mdl, err
+	}
+	return mdl, nil
+}
+
+func (env *AuditEvents) Create(ctx context.Context, smap model.AuditEvent) (model.AuditEvent, error) {
+	if err := env.db.Create(&smap).Error; err != nil {
+		return smap, err
+	}
+
+	return smap, nil
+}
+
+func (env *AuditEvents) Update(ctx context.Context, id int64, values datastore.OptionalMap) error {
+	if err := env.db.Model(&model.AuditEvent{}).Where("id = ?", id).Updates(values.Map()).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+func (env *AuditEvents) Delete(ctx context.Context, id int64) error {
+	if err := env.db.Delete(&model.AuditEvent{}, id).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return datastore.ErrNotExist
+		}
+		return err
+	}
+
+	return nil
+}
+
+func (env *AuditEvents) List(ctx context.Context, filters datastore.OptionalMap, page model.Page) ([]model.AuditEvent, error) {
+	var events []model.AuditEvent
+	if err := env.db.Where(filters.Map()).Offset(int((page.Number - 1) * page.Size)).Limit(int(page.Size)).Find(&events).Error; err != nil {
+		return nil, err
+	}
+
+	return events, nil
+}

pkg/datastore/gormstore/db.go

@@ -31,6 +31,7 @@ func New(ctx *cli.Context) (datastore.Datastore, error) {
 
 	if ctx.Bool("migrate") {
 		if err := db.AutoMigrate(
+			&model.AuditEvent{},
 			&model.Mapfix{},
 			&model.Operation{},
 			&model.Submission{},

pkg/datastore/gormstore/gormstore.go

@@ -9,6 +9,10 @@ type Gormstore struct {
 	db *gorm.DB
 }
 
+func (g Gormstore) AuditEvents() datastore.AuditEvents {
+	return &AuditEvents{db: g.db}
+}
+
 func (g Gormstore) Mapfixes() datastore.Mapfixes {
 	return &Mapfixes{db: g.db}
 }

pkg/datastore/gormstore/mapfixes.go

@@ -131,39 +131,18 @@ func (env *Mapfixes) List(ctx context.Context, filters datastore.OptionalMap, pa
 	return maps, nil
 }
 
-func (env *Mapfixes) ListRestricted(ctx context.Context, filters datastore.OptionalMap, page model.Page, sort datastore.ListSort, submitter int64) ([]model.Mapfix, error) {
-	var maps []model.Mapfix
-
-	db := env.db
-
-	switch sort {
-	case datastore.ListSortDisabled:
-		// No sort
-		break
-	case datastore.ListSortDisplayNameAscending:
-		db=db.Order("display_name ASC")
-		break
-	case datastore.ListSortDisplayNameDescending:
-		db=db.Order("display_name DESC")
-		break
-	case datastore.ListSortDateAscending:
-		db=db.Order("created_at ASC")
-		break
-	case datastore.ListSortDateDescending:
-		db=db.Order("created_at DESC")
-		break
-	default:
-		return nil, datastore.ErrInvalidListSort
+func (env *Mapfixes) ListWithTotal(ctx context.Context, filters datastore.OptionalMap, page model.Page, sort datastore.ListSort) (int64, []model.Mapfix, error) {
+	// grab page items
+	maps, err := env.List(ctx, filters, page, sort)
+	if err != nil{
+		return 0, nil, err
 	}
 
-	if err := db.
-		Where(filters.Map()).
-		Where("status_id NOT IN ? OR submitter = ? AND status_id IN ?",PrivateSubmissions,submitter,PrivateSubmissions).
-		Offset(int((page.Number - 1) * page.Size)).
-		Limit(int(page.Size)).
-		Find(&maps).Error; err != nil {
-		return nil, err
+	// count total with filters
+	var total int64
+	if err := env.db.Model(&model.Mapfix{}).Where(filters.Map()).Count(&total).Error; err != nil {
+		return 0, nil, err
 	}
 
-	return maps, nil
+	return total, maps, nil
 }

pkg/datastore/gormstore/operations.go

@@ -3,6 +3,7 @@ package gormstore
 import (
 	"context"
 	"errors"
+	"time"
 
 	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
 	"git.itzana.me/strafesnet/maps-service/pkg/model"
@@ -53,3 +54,12 @@ func (env *Operations) Delete(ctx context.Context, id int32) error {
 
 	return nil
 }
+
+func (env *Operations) CountSince(ctx context.Context, owner int64, since time.Time) (int64, error) {
+	var count int64
+	if err := env.db.Model(&model.Operation{}).Where("owner = ? AND created_at > ?",owner,since).Count(&count).Error; err != nil {
+		return count, err
+	}
+
+	return count, nil
+}

pkg/datastore/gormstore/submissions.go

@@ -10,13 +10,6 @@ import (
 	"gorm.io/gorm/clause"
 )
 
-var(
-	PrivateSubmissions = []model.SubmissionStatus{
-		model.SubmissionStatusUnderConstruction,
-		model.SubmissionStatusChangesRequested,
-	}
-)
-
 type Submissions struct {
 	db *gorm.DB
 }
@@ -138,43 +131,18 @@ func (env *Submissions) List(ctx context.Context, filters datastore.OptionalMap,
 	return maps, nil
 }
 
-func (env *Submissions) ListRestricted(ctx context.Context, filters datastore.OptionalMap, page model.Page, sort datastore.ListSort, submitter int64) ([]model.Submission, error) {
-	var maps []model.Submission
-
-	db := env.db
-
-	switch sort {
-	case datastore.ListSortDisabled:
-		// No sort
-		break
-	case datastore.ListSortDisplayNameAscending:
-		db=db.Order("display_name ASC")
-		break
-	case datastore.ListSortDisplayNameDescending:
-		db=db.Order("display_name DESC")
-		break
-	case datastore.ListSortDateAscending:
-		db=db.Order("created_at ASC")
-		break
-	case datastore.ListSortDateDescending:
-		db=db.Order("created_at DESC")
-		break
-	default:
-		return nil, datastore.ErrInvalidListSort
+func (env *Submissions) ListWithTotal(ctx context.Context, filters datastore.OptionalMap, page model.Page, sort datastore.ListSort) (int64, []model.Submission, error) {
+	// grab page items
+	maps, err := env.List(ctx, filters, page, sort)
+	if err != nil{
+		return 0, nil, err
 	}
 
-	if err := db.
-		Where(filters.Map()).
-		// In order to see submissions,
-		// at least one of two criteria must be met:
-		// - You are the submitter
-		// - The submission is not under construction / changes requested
-		Where("status_id NOT IN ? OR submitter = ? AND status_id IN ?",PrivateSubmissions,submitter,PrivateSubmissions).
-		Offset(int((page.Number - 1) * page.Size)).
-		Limit(int(page.Size)).
-		Find(&maps).Error; err != nil {
-		return nil, err
+	// count total with filters
+	var total int64
+	if err := env.db.Model(&model.Submission{}).Where(filters.Map()).Count(&total).Error; err != nil {
+		return 0, nil, err
 	}
 
-	return maps, nil
+	return total, maps, nil
 }

pkg/internal/oas_client_gen.go

@@ -34,6 +34,18 @@ type Invoker interface {
 	//
 	// POST /mapfixes/{MapfixID}/status/validator-failed
 	ActionMapfixAccepted(ctx context.Context, params ActionMapfixAcceptedParams) error
+	// ActionMapfixRequestChanges invokes actionMapfixRequestChanges operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested.
+	//
+	// POST /mapfixes/{MapfixID}/status/validator-request-changes
+	ActionMapfixRequestChanges(ctx context.Context, params ActionMapfixRequestChangesParams) error
+	// ActionMapfixSubmitted invokes actionMapfixSubmitted operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Submitting -> Submitted.
+	//
+	// POST /mapfixes/{MapfixID}/status/validator-submitted
+	ActionMapfixSubmitted(ctx context.Context, params ActionMapfixSubmittedParams) error
 	// ActionMapfixUploaded invokes actionMapfixUploaded operation.
 	//
 	// (Internal endpoint) Role Validator changes status from Uploading -> Uploaded.
@@ -58,6 +70,18 @@ type Invoker interface {
 	//
 	// POST /submissions/{SubmissionID}/status/validator-failed
 	ActionSubmissionAccepted(ctx context.Context, params ActionSubmissionAcceptedParams) error
+	// ActionSubmissionRequestChanges invokes actionSubmissionRequestChanges operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested.
+	//
+	// POST /submissions/{SubmissionID}/status/validator-request-changes
+	ActionSubmissionRequestChanges(ctx context.Context, params ActionSubmissionRequestChangesParams) error
+	// ActionSubmissionSubmitted invokes actionSubmissionSubmitted operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Submitting -> Submitted.
+	//
+	// POST /submissions/{SubmissionID}/status/validator-submitted
+	ActionSubmissionSubmitted(ctx context.Context, params ActionSubmissionSubmittedParams) error
 	// ActionSubmissionUploaded invokes actionSubmissionUploaded operation.
 	//
 	// (Internal endpoint) Role Validator changes status from Uploading -> Uploaded.
@@ -76,6 +100,18 @@ type Invoker interface {
 	//
 	// POST /mapfixes
 	CreateMapfix(ctx context.Context, request *MapfixCreate) (*MapfixID, error)
+	// CreateMapfixAuditCheckList invokes createMapfixAuditCheckList operation.
+	//
+	// Validator posts a checklist to the audit log.
+	//
+	// POST /mapfixes/{MapfixID}/checklist
+	CreateMapfixAuditCheckList(ctx context.Context, request CheckList, params CreateMapfixAuditCheckListParams) error
+	// CreateMapfixAuditError invokes createMapfixAuditError operation.
+	//
+	// Validator posts an error to the audit log.
+	//
+	// POST /mapfixes/{MapfixID}/error
+	CreateMapfixAuditError(ctx context.Context, params CreateMapfixAuditErrorParams) error
 	// CreateScript invokes createScript operation.
 	//
 	// Create a new script.
@@ -94,6 +130,18 @@ type Invoker interface {
 	//
 	// POST /submissions
 	CreateSubmission(ctx context.Context, request *SubmissionCreate) (*SubmissionID, error)
+	// CreateSubmissionAuditCheckList invokes createSubmissionAuditCheckList operation.
+	//
+	// Validator posts a checklist to the audit log.
+	//
+	// POST /submissions/{SubmissionID}/checklist
+	CreateSubmissionAuditCheckList(ctx context.Context, request CheckList, params CreateSubmissionAuditCheckListParams) error
+	// CreateSubmissionAuditError invokes createSubmissionAuditError operation.
+	//
+	// Validator posts an error to the audit log.
+	//
+	// POST /submissions/{SubmissionID}/error
+	CreateSubmissionAuditError(ctx context.Context, params CreateSubmissionAuditErrorParams) error
 	// GetScript invokes getScript operation.
 	//
 	// Get the specified script by ID.
@@ -242,18 +290,242 @@ func (c *Client) sendActionMapfixAccepted(ctx context.Context, params ActionMapf
 	pathParts[2] = "/status/validator-failed"
 	uri.AddPathParts(u, pathParts[:]...)
 
+	stage = "EncodeRequest"
+	r, err := ht.NewRequest(ctx, "POST", u)
+	if err != nil {
+		return res, errors.Wrap(err, "create request")
+	}
+
+	stage = "SendRequest"
+	resp, err := c.cfg.Client.Do(r)
+	if err != nil {
+		return res, errors.Wrap(err, "do request")
+	}
+	defer resp.Body.Close()
+
+	stage = "DecodeResponse"
+	result, err := decodeActionMapfixAcceptedResponse(resp)
+	if err != nil {
+		return res, errors.Wrap(err, "decode response")
+	}
+
+	return result, nil
+}
+
+// ActionMapfixRequestChanges invokes actionMapfixRequestChanges operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested.
+//
+// POST /mapfixes/{MapfixID}/status/validator-request-changes
+func (c *Client) ActionMapfixRequestChanges(ctx context.Context, params ActionMapfixRequestChangesParams) error {
+	_, err := c.sendActionMapfixRequestChanges(ctx, params)
+	return err
+}
+
+func (c *Client) sendActionMapfixRequestChanges(ctx context.Context, params ActionMapfixRequestChangesParams) (res *ActionMapfixRequestChangesNoContent, err error) {
+	otelAttrs := []attribute.KeyValue{
+		otelogen.OperationID("actionMapfixRequestChanges"),
+		semconv.HTTPRequestMethodKey.String("POST"),
+		semconv.HTTPRouteKey.String("/mapfixes/{MapfixID}/status/validator-request-changes"),
+	}
+
+	// Run stopwatch.
+	startTime := time.Now()
+	defer func() {
+		// Use floating point division here for higher precision (instead of Millisecond method).
+		elapsedDuration := time.Since(startTime)
+		c.duration.Record(ctx, float64(elapsedDuration)/float64(time.Millisecond), metric.WithAttributes(otelAttrs...))
+	}()
+
+	// Increment request counter.
+	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+
+	// Start a span for this request.
+	ctx, span := c.cfg.Tracer.Start(ctx, ActionMapfixRequestChangesOperation,
+		trace.WithAttributes(otelAttrs...),
+		clientSpanKind,
+	)
+	// Track stage for error reporting.
+	var stage string
+	defer func() {
+		if err != nil {
+			span.RecordError(err)
+			span.SetStatus(codes.Error, stage)
+			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+		}
+		span.End()
+	}()
+
+	stage = "BuildURL"
+	u := uri.Clone(c.requestURL(ctx))
+	var pathParts [3]string
+	pathParts[0] = "/mapfixes/"
+	{
+		// Encode "MapfixID" parameter.
+		e := uri.NewPathEncoder(uri.PathEncoderConfig{
+			Param:   "MapfixID",
+			Style:   uri.PathStyleSimple,
+			Explode: false,
+		})
+		if err := func() error {
+			return e.EncodeValue(conv.Int64ToString(params.MapfixID))
+		}(); err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		encoded, err := e.Result()
+		if err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		pathParts[1] = encoded
+	}
+	pathParts[2] = "/status/validator-request-changes"
+	uri.AddPathParts(u, pathParts[:]...)
+
+	stage = "EncodeRequest"
+	r, err := ht.NewRequest(ctx, "POST", u)
+	if err != nil {
+		return res, errors.Wrap(err, "create request")
+	}
+
+	stage = "SendRequest"
+	resp, err := c.cfg.Client.Do(r)
+	if err != nil {
+		return res, errors.Wrap(err, "do request")
+	}
+	defer resp.Body.Close()
+
+	stage = "DecodeResponse"
+	result, err := decodeActionMapfixRequestChangesResponse(resp)
+	if err != nil {
+		return res, errors.Wrap(err, "decode response")
+	}
+
+	return result, nil
+}
+
+// ActionMapfixSubmitted invokes actionMapfixSubmitted operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> Submitted.
+//
+// POST /mapfixes/{MapfixID}/status/validator-submitted
+func (c *Client) ActionMapfixSubmitted(ctx context.Context, params ActionMapfixSubmittedParams) error {
+	_, err := c.sendActionMapfixSubmitted(ctx, params)
+	return err
+}
+
+func (c *Client) sendActionMapfixSubmitted(ctx context.Context, params ActionMapfixSubmittedParams) (res *ActionMapfixSubmittedNoContent, err error) {
+	otelAttrs := []attribute.KeyValue{
+		otelogen.OperationID("actionMapfixSubmitted"),
+		semconv.HTTPRequestMethodKey.String("POST"),
+		semconv.HTTPRouteKey.String("/mapfixes/{MapfixID}/status/validator-submitted"),
+	}
+
+	// Run stopwatch.
+	startTime := time.Now()
+	defer func() {
+		// Use floating point division here for higher precision (instead of Millisecond method).
+		elapsedDuration := time.Since(startTime)
+		c.duration.Record(ctx, float64(elapsedDuration)/float64(time.Millisecond), metric.WithAttributes(otelAttrs...))
+	}()
+
+	// Increment request counter.
+	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+
+	// Start a span for this request.
+	ctx, span := c.cfg.Tracer.Start(ctx, ActionMapfixSubmittedOperation,
+		trace.WithAttributes(otelAttrs...),
+		clientSpanKind,
+	)
+	// Track stage for error reporting.
+	var stage string
+	defer func() {
+		if err != nil {
+			span.RecordError(err)
+			span.SetStatus(codes.Error, stage)
+			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+		}
+		span.End()
+	}()
+
+	stage = "BuildURL"
+	u := uri.Clone(c.requestURL(ctx))
+	var pathParts [3]string
+	pathParts[0] = "/mapfixes/"
+	{
+		// Encode "MapfixID" parameter.
+		e := uri.NewPathEncoder(uri.PathEncoderConfig{
+			Param:   "MapfixID",
+			Style:   uri.PathStyleSimple,
+			Explode: false,
+		})
+		if err := func() error {
+			return e.EncodeValue(conv.Int64ToString(params.MapfixID))
+		}(); err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		encoded, err := e.Result()
+		if err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		pathParts[1] = encoded
+	}
+	pathParts[2] = "/status/validator-submitted"
+	uri.AddPathParts(u, pathParts[:]...)
+
 	stage = "EncodeQueryParams"
 	q := uri.NewQueryEncoder()
 	{
-		// Encode "StatusMessage" parameter.
+		// Encode "ModelVersion" parameter.
 		cfg := uri.QueryParameterEncodingConfig{
-			Name:    "StatusMessage",
+			Name:    "ModelVersion",
 			Style:   uri.QueryStyleForm,
 			Explode: true,
 		}
 
 		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
-			return e.EncodeValue(conv.StringToString(params.StatusMessage))
+			return e.EncodeValue(conv.Int64ToString(params.ModelVersion))
+		}); err != nil {
+			return res, errors.Wrap(err, "encode query")
+		}
+	}
+	{
+		// Encode "DisplayName" parameter.
+		cfg := uri.QueryParameterEncodingConfig{
+			Name:    "DisplayName",
+			Style:   uri.QueryStyleForm,
+			Explode: true,
+		}
+
+		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
+			return e.EncodeValue(conv.StringToString(params.DisplayName))
+		}); err != nil {
+			return res, errors.Wrap(err, "encode query")
+		}
+	}
+	{
+		// Encode "Creator" parameter.
+		cfg := uri.QueryParameterEncodingConfig{
+			Name:    "Creator",
+			Style:   uri.QueryStyleForm,
+			Explode: true,
+		}
+
+		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
+			return e.EncodeValue(conv.StringToString(params.Creator))
+		}); err != nil {
+			return res, errors.Wrap(err, "encode query")
+		}
+	}
+	{
+		// Encode "GameID" parameter.
+		cfg := uri.QueryParameterEncodingConfig{
+			Name:    "GameID",
+			Style:   uri.QueryStyleForm,
+			Explode: true,
+		}
+
+		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
+			return e.EncodeValue(conv.Int32ToString(params.GameID))
 		}); err != nil {
 			return res, errors.Wrap(err, "encode query")
 		}
@@ -274,7 +546,7 @@ func (c *Client) sendActionMapfixAccepted(ctx context.Context, params ActionMapf
 	defer resp.Body.Close()
 
 	stage = "DecodeResponse"
-	result, err := decodeActionMapfixAcceptedResponse(resp)
+	result, err := decodeActionMapfixSubmittedResponse(resp)
 	if err != nil {
 		return res, errors.Wrap(err, "decode response")
 	}
@@ -642,18 +914,242 @@ func (c *Client) sendActionSubmissionAccepted(ctx context.Context, params Action
 	pathParts[2] = "/status/validator-failed"
 	uri.AddPathParts(u, pathParts[:]...)
 
+	stage = "EncodeRequest"
+	r, err := ht.NewRequest(ctx, "POST", u)
+	if err != nil {
+		return res, errors.Wrap(err, "create request")
+	}
+
+	stage = "SendRequest"
+	resp, err := c.cfg.Client.Do(r)
+	if err != nil {
+		return res, errors.Wrap(err, "do request")
+	}
+	defer resp.Body.Close()
+
+	stage = "DecodeResponse"
+	result, err := decodeActionSubmissionAcceptedResponse(resp)
+	if err != nil {
+		return res, errors.Wrap(err, "decode response")
+	}
+
+	return result, nil
+}
+
+// ActionSubmissionRequestChanges invokes actionSubmissionRequestChanges operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested.
+//
+// POST /submissions/{SubmissionID}/status/validator-request-changes
+func (c *Client) ActionSubmissionRequestChanges(ctx context.Context, params ActionSubmissionRequestChangesParams) error {
+	_, err := c.sendActionSubmissionRequestChanges(ctx, params)
+	return err
+}
+
+func (c *Client) sendActionSubmissionRequestChanges(ctx context.Context, params ActionSubmissionRequestChangesParams) (res *ActionSubmissionRequestChangesNoContent, err error) {
+	otelAttrs := []attribute.KeyValue{
+		otelogen.OperationID("actionSubmissionRequestChanges"),
+		semconv.HTTPRequestMethodKey.String("POST"),
+		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/status/validator-request-changes"),
+	}
+
+	// Run stopwatch.
+	startTime := time.Now()
+	defer func() {
+		// Use floating point division here for higher precision (instead of Millisecond method).
+		elapsedDuration := time.Since(startTime)
+		c.duration.Record(ctx, float64(elapsedDuration)/float64(time.Millisecond), metric.WithAttributes(otelAttrs...))
+	}()
+
+	// Increment request counter.
+	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+
+	// Start a span for this request.
+	ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionRequestChangesOperation,
+		trace.WithAttributes(otelAttrs...),
+		clientSpanKind,
+	)
+	// Track stage for error reporting.
+	var stage string
+	defer func() {
+		if err != nil {
+			span.RecordError(err)
+			span.SetStatus(codes.Error, stage)
+			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+		}
+		span.End()
+	}()
+
+	stage = "BuildURL"
+	u := uri.Clone(c.requestURL(ctx))
+	var pathParts [3]string
+	pathParts[0] = "/submissions/"
+	{
+		// Encode "SubmissionID" parameter.
+		e := uri.NewPathEncoder(uri.PathEncoderConfig{
+			Param:   "SubmissionID",
+			Style:   uri.PathStyleSimple,
+			Explode: false,
+		})
+		if err := func() error {
+			return e.EncodeValue(conv.Int64ToString(params.SubmissionID))
+		}(); err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		encoded, err := e.Result()
+		if err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		pathParts[1] = encoded
+	}
+	pathParts[2] = "/status/validator-request-changes"
+	uri.AddPathParts(u, pathParts[:]...)
+
+	stage = "EncodeRequest"
+	r, err := ht.NewRequest(ctx, "POST", u)
+	if err != nil {
+		return res, errors.Wrap(err, "create request")
+	}
+
+	stage = "SendRequest"
+	resp, err := c.cfg.Client.Do(r)
+	if err != nil {
+		return res, errors.Wrap(err, "do request")
+	}
+	defer resp.Body.Close()
+
+	stage = "DecodeResponse"
+	result, err := decodeActionSubmissionRequestChangesResponse(resp)
+	if err != nil {
+		return res, errors.Wrap(err, "decode response")
+	}
+
+	return result, nil
+}
+
+// ActionSubmissionSubmitted invokes actionSubmissionSubmitted operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> Submitted.
+//
+// POST /submissions/{SubmissionID}/status/validator-submitted
+func (c *Client) ActionSubmissionSubmitted(ctx context.Context, params ActionSubmissionSubmittedParams) error {
+	_, err := c.sendActionSubmissionSubmitted(ctx, params)
+	return err
+}
+
+func (c *Client) sendActionSubmissionSubmitted(ctx context.Context, params ActionSubmissionSubmittedParams) (res *ActionSubmissionSubmittedNoContent, err error) {
+	otelAttrs := []attribute.KeyValue{
+		otelogen.OperationID("actionSubmissionSubmitted"),
+		semconv.HTTPRequestMethodKey.String("POST"),
+		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/status/validator-submitted"),
+	}
+
+	// Run stopwatch.
+	startTime := time.Now()
+	defer func() {
+		// Use floating point division here for higher precision (instead of Millisecond method).
+		elapsedDuration := time.Since(startTime)
+		c.duration.Record(ctx, float64(elapsedDuration)/float64(time.Millisecond), metric.WithAttributes(otelAttrs...))
+	}()
+
+	// Increment request counter.
+	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+
+	// Start a span for this request.
+	ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionSubmittedOperation,
+		trace.WithAttributes(otelAttrs...),
+		clientSpanKind,
+	)
+	// Track stage for error reporting.
+	var stage string
+	defer func() {
+		if err != nil {
+			span.RecordError(err)
+			span.SetStatus(codes.Error, stage)
+			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+		}
+		span.End()
+	}()
+
+	stage = "BuildURL"
+	u := uri.Clone(c.requestURL(ctx))
+	var pathParts [3]string
+	pathParts[0] = "/submissions/"
+	{
+		// Encode "SubmissionID" parameter.
+		e := uri.NewPathEncoder(uri.PathEncoderConfig{
+			Param:   "SubmissionID",
+			Style:   uri.PathStyleSimple,
+			Explode: false,
+		})
+		if err := func() error {
+			return e.EncodeValue(conv.Int64ToString(params.SubmissionID))
+		}(); err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		encoded, err := e.Result()
+		if err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		pathParts[1] = encoded
+	}
+	pathParts[2] = "/status/validator-submitted"
+	uri.AddPathParts(u, pathParts[:]...)
+
 	stage = "EncodeQueryParams"
 	q := uri.NewQueryEncoder()
 	{
-		// Encode "StatusMessage" parameter.
+		// Encode "ModelVersion" parameter.
 		cfg := uri.QueryParameterEncodingConfig{
-			Name:    "StatusMessage",
+			Name:    "ModelVersion",
 			Style:   uri.QueryStyleForm,
 			Explode: true,
 		}
 
 		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
-			return e.EncodeValue(conv.StringToString(params.StatusMessage))
+			return e.EncodeValue(conv.Int64ToString(params.ModelVersion))
+		}); err != nil {
+			return res, errors.Wrap(err, "encode query")
+		}
+	}
+	{
+		// Encode "DisplayName" parameter.
+		cfg := uri.QueryParameterEncodingConfig{
+			Name:    "DisplayName",
+			Style:   uri.QueryStyleForm,
+			Explode: true,
+		}
+
+		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
+			return e.EncodeValue(conv.StringToString(params.DisplayName))
+		}); err != nil {
+			return res, errors.Wrap(err, "encode query")
+		}
+	}
+	{
+		// Encode "Creator" parameter.
+		cfg := uri.QueryParameterEncodingConfig{
+			Name:    "Creator",
+			Style:   uri.QueryStyleForm,
+			Explode: true,
+		}
+
+		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
+			return e.EncodeValue(conv.StringToString(params.Creator))
+		}); err != nil {
+			return res, errors.Wrap(err, "encode query")
+		}
+	}
+	{
+		// Encode "GameID" parameter.
+		cfg := uri.QueryParameterEncodingConfig{
+			Name:    "GameID",
+			Style:   uri.QueryStyleForm,
+			Explode: true,
+		}
+
+		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
+			return e.EncodeValue(conv.Int32ToString(params.GameID))
 		}); err != nil {
 			return res, errors.Wrap(err, "encode query")
 		}
@@ -674,7 +1170,7 @@ func (c *Client) sendActionSubmissionAccepted(ctx context.Context, params Action
 	defer resp.Body.Close()
 
 	stage = "DecodeResponse"
-	result, err := decodeActionSubmissionAcceptedResponse(resp)
+	result, err := decodeActionSubmissionSubmittedResponse(resp)
 	if err != nil {
 		return res, errors.Wrap(err, "decode response")
 	}
@@ -957,6 +1453,209 @@ func (c *Client) sendCreateMapfix(ctx context.Context, request *MapfixCreate) (r
 	return result, nil
 }
 
+// CreateMapfixAuditCheckList invokes createMapfixAuditCheckList operation.
+//
+// Validator posts a checklist to the audit log.
+//
+// POST /mapfixes/{MapfixID}/checklist
+func (c *Client) CreateMapfixAuditCheckList(ctx context.Context, request CheckList, params CreateMapfixAuditCheckListParams) error {
+	_, err := c.sendCreateMapfixAuditCheckList(ctx, request, params)
+	return err
+}
+
+func (c *Client) sendCreateMapfixAuditCheckList(ctx context.Context, request CheckList, params CreateMapfixAuditCheckListParams) (res *CreateMapfixAuditCheckListNoContent, err error) {
+	otelAttrs := []attribute.KeyValue{
+		otelogen.OperationID("createMapfixAuditCheckList"),
+		semconv.HTTPRequestMethodKey.String("POST"),
+		semconv.HTTPRouteKey.String("/mapfixes/{MapfixID}/checklist"),
+	}
+
+	// Run stopwatch.
+	startTime := time.Now()
+	defer func() {
+		// Use floating point division here for higher precision (instead of Millisecond method).
+		elapsedDuration := time.Since(startTime)
+		c.duration.Record(ctx, float64(elapsedDuration)/float64(time.Millisecond), metric.WithAttributes(otelAttrs...))
+	}()
+
+	// Increment request counter.
+	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+
+	// Start a span for this request.
+	ctx, span := c.cfg.Tracer.Start(ctx, CreateMapfixAuditCheckListOperation,
+		trace.WithAttributes(otelAttrs...),
+		clientSpanKind,
+	)
+	// Track stage for error reporting.
+	var stage string
+	defer func() {
+		if err != nil {
+			span.RecordError(err)
+			span.SetStatus(codes.Error, stage)
+			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+		}
+		span.End()
+	}()
+
+	stage = "BuildURL"
+	u := uri.Clone(c.requestURL(ctx))
+	var pathParts [3]string
+	pathParts[0] = "/mapfixes/"
+	{
+		// Encode "MapfixID" parameter.
+		e := uri.NewPathEncoder(uri.PathEncoderConfig{
+			Param:   "MapfixID",
+			Style:   uri.PathStyleSimple,
+			Explode: false,
+		})
+		if err := func() error {
+			return e.EncodeValue(conv.Int64ToString(params.MapfixID))
+		}(); err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		encoded, err := e.Result()
+		if err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		pathParts[1] = encoded
+	}
+	pathParts[2] = "/checklist"
+	uri.AddPathParts(u, pathParts[:]...)
+
+	stage = "EncodeRequest"
+	r, err := ht.NewRequest(ctx, "POST", u)
+	if err != nil {
+		return res, errors.Wrap(err, "create request")
+	}
+	if err := encodeCreateMapfixAuditCheckListRequest(request, r); err != nil {
+		return res, errors.Wrap(err, "encode request")
+	}
+
+	stage = "SendRequest"
+	resp, err := c.cfg.Client.Do(r)
+	if err != nil {
+		return res, errors.Wrap(err, "do request")
+	}
+	defer resp.Body.Close()
+
+	stage = "DecodeResponse"
+	result, err := decodeCreateMapfixAuditCheckListResponse(resp)
+	if err != nil {
+		return res, errors.Wrap(err, "decode response")
+	}
+
+	return result, nil
+}
+
+// CreateMapfixAuditError invokes createMapfixAuditError operation.
+//
+// Validator posts an error to the audit log.
+//
+// POST /mapfixes/{MapfixID}/error
+func (c *Client) CreateMapfixAuditError(ctx context.Context, params CreateMapfixAuditErrorParams) error {
+	_, err := c.sendCreateMapfixAuditError(ctx, params)
+	return err
+}
+
+func (c *Client) sendCreateMapfixAuditError(ctx context.Context, params CreateMapfixAuditErrorParams) (res *CreateMapfixAuditErrorNoContent, err error) {
+	otelAttrs := []attribute.KeyValue{
+		otelogen.OperationID("createMapfixAuditError"),
+		semconv.HTTPRequestMethodKey.String("POST"),
+		semconv.HTTPRouteKey.String("/mapfixes/{MapfixID}/error"),
+	}
+
+	// Run stopwatch.
+	startTime := time.Now()
+	defer func() {
+		// Use floating point division here for higher precision (instead of Millisecond method).
+		elapsedDuration := time.Since(startTime)
+		c.duration.Record(ctx, float64(elapsedDuration)/float64(time.Millisecond), metric.WithAttributes(otelAttrs...))
+	}()
+
+	// Increment request counter.
+	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+
+	// Start a span for this request.
+	ctx, span := c.cfg.Tracer.Start(ctx, CreateMapfixAuditErrorOperation,
+		trace.WithAttributes(otelAttrs...),
+		clientSpanKind,
+	)
+	// Track stage for error reporting.
+	var stage string
+	defer func() {
+		if err != nil {
+			span.RecordError(err)
+			span.SetStatus(codes.Error, stage)
+			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+		}
+		span.End()
+	}()
+
+	stage = "BuildURL"
+	u := uri.Clone(c.requestURL(ctx))
+	var pathParts [3]string
+	pathParts[0] = "/mapfixes/"
+	{
+		// Encode "MapfixID" parameter.
+		e := uri.NewPathEncoder(uri.PathEncoderConfig{
+			Param:   "MapfixID",
+			Style:   uri.PathStyleSimple,
+			Explode: false,
+		})
+		if err := func() error {
+			return e.EncodeValue(conv.Int64ToString(params.MapfixID))
+		}(); err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		encoded, err := e.Result()
+		if err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		pathParts[1] = encoded
+	}
+	pathParts[2] = "/error"
+	uri.AddPathParts(u, pathParts[:]...)
+
+	stage = "EncodeQueryParams"
+	q := uri.NewQueryEncoder()
+	{
+		// Encode "ErrorMessage" parameter.
+		cfg := uri.QueryParameterEncodingConfig{
+			Name:    "ErrorMessage",
+			Style:   uri.QueryStyleForm,
+			Explode: true,
+		}
+
+		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
+			return e.EncodeValue(conv.StringToString(params.ErrorMessage))
+		}); err != nil {
+			return res, errors.Wrap(err, "encode query")
+		}
+	}
+	u.RawQuery = q.Values().Encode()
+
+	stage = "EncodeRequest"
+	r, err := ht.NewRequest(ctx, "POST", u)
+	if err != nil {
+		return res, errors.Wrap(err, "create request")
+	}
+
+	stage = "SendRequest"
+	resp, err := c.cfg.Client.Do(r)
+	if err != nil {
+		return res, errors.Wrap(err, "do request")
+	}
+	defer resp.Body.Close()
+
+	stage = "DecodeResponse"
+	result, err := decodeCreateMapfixAuditErrorResponse(resp)
+	if err != nil {
+		return res, errors.Wrap(err, "decode response")
+	}
+
+	return result, nil
+}
+
 // CreateScript invokes createScript operation.
 //
 // Create a new script.
@@ -1182,6 +1881,209 @@ func (c *Client) sendCreateSubmission(ctx context.Context, request *SubmissionCr
 	return result, nil
 }
 
+// CreateSubmissionAuditCheckList invokes createSubmissionAuditCheckList operation.
+//
+// Validator posts a checklist to the audit log.
+//
+// POST /submissions/{SubmissionID}/checklist
+func (c *Client) CreateSubmissionAuditCheckList(ctx context.Context, request CheckList, params CreateSubmissionAuditCheckListParams) error {
+	_, err := c.sendCreateSubmissionAuditCheckList(ctx, request, params)
+	return err
+}
+
+func (c *Client) sendCreateSubmissionAuditCheckList(ctx context.Context, request CheckList, params CreateSubmissionAuditCheckListParams) (res *CreateSubmissionAuditCheckListNoContent, err error) {
+	otelAttrs := []attribute.KeyValue{
+		otelogen.OperationID("createSubmissionAuditCheckList"),
+		semconv.HTTPRequestMethodKey.String("POST"),
+		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/checklist"),
+	}
+
+	// Run stopwatch.
+	startTime := time.Now()
+	defer func() {
+		// Use floating point division here for higher precision (instead of Millisecond method).
+		elapsedDuration := time.Since(startTime)
+		c.duration.Record(ctx, float64(elapsedDuration)/float64(time.Millisecond), metric.WithAttributes(otelAttrs...))
+	}()
+
+	// Increment request counter.
+	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+
+	// Start a span for this request.
+	ctx, span := c.cfg.Tracer.Start(ctx, CreateSubmissionAuditCheckListOperation,
+		trace.WithAttributes(otelAttrs...),
+		clientSpanKind,
+	)
+	// Track stage for error reporting.
+	var stage string
+	defer func() {
+		if err != nil {
+			span.RecordError(err)
+			span.SetStatus(codes.Error, stage)
+			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+		}
+		span.End()
+	}()
+
+	stage = "BuildURL"
+	u := uri.Clone(c.requestURL(ctx))
+	var pathParts [3]string
+	pathParts[0] = "/submissions/"
+	{
+		// Encode "SubmissionID" parameter.
+		e := uri.NewPathEncoder(uri.PathEncoderConfig{
+			Param:   "SubmissionID",
+			Style:   uri.PathStyleSimple,
+			Explode: false,
+		})
+		if err := func() error {
+			return e.EncodeValue(conv.Int64ToString(params.SubmissionID))
+		}(); err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		encoded, err := e.Result()
+		if err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		pathParts[1] = encoded
+	}
+	pathParts[2] = "/checklist"
+	uri.AddPathParts(u, pathParts[:]...)
+
+	stage = "EncodeRequest"
+	r, err := ht.NewRequest(ctx, "POST", u)
+	if err != nil {
+		return res, errors.Wrap(err, "create request")
+	}
+	if err := encodeCreateSubmissionAuditCheckListRequest(request, r); err != nil {
+		return res, errors.Wrap(err, "encode request")
+	}
+
+	stage = "SendRequest"
+	resp, err := c.cfg.Client.Do(r)
+	if err != nil {
+		return res, errors.Wrap(err, "do request")
+	}
+	defer resp.Body.Close()
+
+	stage = "DecodeResponse"
+	result, err := decodeCreateSubmissionAuditCheckListResponse(resp)
+	if err != nil {
+		return res, errors.Wrap(err, "decode response")
+	}
+
+	return result, nil
+}
+
+// CreateSubmissionAuditError invokes createSubmissionAuditError operation.
+//
+// Validator posts an error to the audit log.
+//
+// POST /submissions/{SubmissionID}/error
+func (c *Client) CreateSubmissionAuditError(ctx context.Context, params CreateSubmissionAuditErrorParams) error {
+	_, err := c.sendCreateSubmissionAuditError(ctx, params)
+	return err
+}
+
+func (c *Client) sendCreateSubmissionAuditError(ctx context.Context, params CreateSubmissionAuditErrorParams) (res *CreateSubmissionAuditErrorNoContent, err error) {
+	otelAttrs := []attribute.KeyValue{
+		otelogen.OperationID("createSubmissionAuditError"),
+		semconv.HTTPRequestMethodKey.String("POST"),
+		semconv.HTTPRouteKey.String("/submissions/{SubmissionID}/error"),
+	}
+
+	// Run stopwatch.
+	startTime := time.Now()
+	defer func() {
+		// Use floating point division here for higher precision (instead of Millisecond method).
+		elapsedDuration := time.Since(startTime)
+		c.duration.Record(ctx, float64(elapsedDuration)/float64(time.Millisecond), metric.WithAttributes(otelAttrs...))
+	}()
+
+	// Increment request counter.
+	c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+
+	// Start a span for this request.
+	ctx, span := c.cfg.Tracer.Start(ctx, CreateSubmissionAuditErrorOperation,
+		trace.WithAttributes(otelAttrs...),
+		clientSpanKind,
+	)
+	// Track stage for error reporting.
+	var stage string
+	defer func() {
+		if err != nil {
+			span.RecordError(err)
+			span.SetStatus(codes.Error, stage)
+			c.errors.Add(ctx, 1, metric.WithAttributes(otelAttrs...))
+		}
+		span.End()
+	}()
+
+	stage = "BuildURL"
+	u := uri.Clone(c.requestURL(ctx))
+	var pathParts [3]string
+	pathParts[0] = "/submissions/"
+	{
+		// Encode "SubmissionID" parameter.
+		e := uri.NewPathEncoder(uri.PathEncoderConfig{
+			Param:   "SubmissionID",
+			Style:   uri.PathStyleSimple,
+			Explode: false,
+		})
+		if err := func() error {
+			return e.EncodeValue(conv.Int64ToString(params.SubmissionID))
+		}(); err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		encoded, err := e.Result()
+		if err != nil {
+			return res, errors.Wrap(err, "encode path")
+		}
+		pathParts[1] = encoded
+	}
+	pathParts[2] = "/error"
+	uri.AddPathParts(u, pathParts[:]...)
+
+	stage = "EncodeQueryParams"
+	q := uri.NewQueryEncoder()
+	{
+		// Encode "ErrorMessage" parameter.
+		cfg := uri.QueryParameterEncodingConfig{
+			Name:    "ErrorMessage",
+			Style:   uri.QueryStyleForm,
+			Explode: true,
+		}
+
+		if err := q.EncodeParam(cfg, func(e uri.Encoder) error {
+			return e.EncodeValue(conv.StringToString(params.ErrorMessage))
+		}); err != nil {
+			return res, errors.Wrap(err, "encode query")
+		}
+	}
+	u.RawQuery = q.Values().Encode()
+
+	stage = "EncodeRequest"
+	r, err := ht.NewRequest(ctx, "POST", u)
+	if err != nil {
+		return res, errors.Wrap(err, "create request")
+	}
+
+	stage = "SendRequest"
+	resp, err := c.cfg.Client.Do(r)
+	if err != nil {
+		return res, errors.Wrap(err, "do request")
+	}
+	defer resp.Body.Close()
+
+	stage = "DecodeResponse"
+	result, err := decodeCreateSubmissionAuditErrorResponse(resp)
+	if err != nil {
+		return res, errors.Wrap(err, "decode response")
+	}
+
+	return result, nil
+}
+
 // GetScript invokes getScript operation.
 //
 // Get the specified script by ID.

pkg/internal/oas_json_gen.go

@@ -12,6 +12,186 @@ import (
 	"github.com/ogen-go/ogen/validate"
 )
 
+// Encode implements json.Marshaler.
+func (s *Check) Encode(e *jx.Encoder) {
+	e.ObjStart()
+	s.encodeFields(e)
+	e.ObjEnd()
+}
+
+// encodeFields encodes fields.
+func (s *Check) encodeFields(e *jx.Encoder) {
+	{
+		e.FieldStart("Name")
+		e.Str(s.Name)
+	}
+	{
+		e.FieldStart("Summary")
+		e.Str(s.Summary)
+	}
+	{
+		e.FieldStart("Passed")
+		e.Bool(s.Passed)
+	}
+}
+
+var jsonFieldsNameOfCheck = [3]string{
+	0: "Name",
+	1: "Summary",
+	2: "Passed",
+}
+
+// Decode decodes Check from json.
+func (s *Check) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode Check to nil")
+	}
+	var requiredBitSet [1]uint8
+
+	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
+		switch string(k) {
+		case "Name":
+			requiredBitSet[0] |= 1 << 0
+			if err := func() error {
+				v, err := d.Str()
+				s.Name = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Name\"")
+			}
+		case "Summary":
+			requiredBitSet[0] |= 1 << 1
+			if err := func() error {
+				v, err := d.Str()
+				s.Summary = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Summary\"")
+			}
+		case "Passed":
+			requiredBitSet[0] |= 1 << 2
+			if err := func() error {
+				v, err := d.Bool()
+				s.Passed = bool(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Passed\"")
+			}
+		default:
+			return d.Skip()
+		}
+		return nil
+	}); err != nil {
+		return errors.Wrap(err, "decode Check")
+	}
+	// Validate required fields.
+	var failures []validate.FieldError
+	for i, mask := range [1]uint8{
+		0b00000111,
+	} {
+		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
+			// Mask only required fields and check equality to mask using XOR.
+			//
+			// If XOR result is not zero, result is not equal to expected, so some fields are missed.
+			// Bits of fields which would be set are actually bits of missed fields.
+			missed := bits.OnesCount8(result)
+			for bitN := 0; bitN < missed; bitN++ {
+				bitIdx := bits.TrailingZeros8(result)
+				fieldIdx := i*8 + bitIdx
+				var name string
+				if fieldIdx < len(jsonFieldsNameOfCheck) {
+					name = jsonFieldsNameOfCheck[fieldIdx]
+				} else {
+					name = strconv.Itoa(fieldIdx)
+				}
+				failures = append(failures, validate.FieldError{
+					Name:  name,
+					Error: validate.ErrFieldRequired,
+				})
+				// Reset bit.
+				result &^= 1 << bitIdx
+			}
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s *Check) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *Check) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
+// Encode encodes CheckList as json.
+func (s CheckList) Encode(e *jx.Encoder) {
+	unwrapped := []Check(s)
+
+	e.ArrStart()
+	for _, elem := range unwrapped {
+		elem.Encode(e)
+	}
+	e.ArrEnd()
+}
+
+// Decode decodes CheckList from json.
+func (s *CheckList) Decode(d *jx.Decoder) error {
+	if s == nil {
+		return errors.New("invalid: unable to decode CheckList to nil")
+	}
+	var unwrapped []Check
+	if err := func() error {
+		unwrapped = make([]Check, 0)
+		if err := d.Arr(func(d *jx.Decoder) error {
+			var elem Check
+			if err := elem.Decode(d); err != nil {
+				return err
+			}
+			unwrapped = append(unwrapped, elem)
+			return nil
+		}); err != nil {
+			return err
+		}
+		return nil
+	}(); err != nil {
+		return errors.Wrap(err, "alias")
+	}
+	*s = CheckList(unwrapped)
+	return nil
+}
+
+// MarshalJSON implements stdjson.Marshaler.
+func (s CheckList) MarshalJSON() ([]byte, error) {
+	e := jx.Encoder{}
+	s.Encode(&e)
+	return e.Bytes(), nil
+}
+
+// UnmarshalJSON implements stdjson.Unmarshaler.
+func (s *CheckList) UnmarshalJSON(data []byte) error {
+	d := jx.DecodeBytes(data)
+	return s.Decode(d)
+}
+
 // Encode implements json.Marshaler.
 func (s *Error) Encode(e *jx.Encoder) {
 	e.ObjStart()
@@ -166,9 +346,13 @@ func (s *MapfixCreate) encodeFields(e *jx.Encoder) {
 		e.FieldStart("TargetAssetID")
 		e.Int64(s.TargetAssetID)
 	}
+	{
+		e.FieldStart("Description")
+		e.Str(s.Description)
+	}
 }
 
-var jsonFieldsNameOfMapfixCreate = [8]string{
+var jsonFieldsNameOfMapfixCreate = [9]string{
 	0: "OperationID",
 	1: "AssetOwner",
 	2: "DisplayName",
@@ -177,6 +361,7 @@ var jsonFieldsNameOfMapfixCreate = [8]string{
 	5: "AssetID",
 	6: "AssetVersion",
 	7: "TargetAssetID",
+	8: "Description",
 }
 
 // Decode decodes MapfixCreate from json.
@@ -184,7 +369,7 @@ func (s *MapfixCreate) Decode(d *jx.Decoder) error {
 	if s == nil {
 		return errors.New("invalid: unable to decode MapfixCreate to nil")
 	}
-	var requiredBitSet [1]uint8
+	var requiredBitSet [2]uint8
 
 	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
 		switch string(k) {
@@ -284,6 +469,18 @@ func (s *MapfixCreate) Decode(d *jx.Decoder) error {
 			}(); err != nil {
 				return errors.Wrap(err, "decode field \"TargetAssetID\"")
 			}
+		case "Description":
+			requiredBitSet[1] |= 1 << 0
+			if err := func() error {
+				v, err := d.Str()
+				s.Description = string(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Description\"")
+			}
 		default:
 			return d.Skip()
 		}
@@ -293,8 +490,9 @@ func (s *MapfixCreate) Decode(d *jx.Decoder) error {
 	}
 	// Validate required fields.
 	var failures []validate.FieldError
-	for i, mask := range [1]uint8{
+	for i, mask := range [2]uint8{
 		0b11111111,
+		0b00000001,
 	} {
 		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
 			// Mask only required fields and check equality to mask using XOR.
@@ -1305,9 +1503,17 @@ func (s *SubmissionCreate) encodeFields(e *jx.Encoder) {
 		e.FieldStart("AssetVersion")
 		e.Int64(s.AssetVersion)
 	}
+	{
+		e.FieldStart("Status")
+		e.UInt32(s.Status)
+	}
+	{
+		e.FieldStart("Roles")
+		e.UInt32(s.Roles)
+	}
 }
 
-var jsonFieldsNameOfSubmissionCreate = [7]string{
+var jsonFieldsNameOfSubmissionCreate = [9]string{
 	0: "OperationID",
 	1: "AssetOwner",
 	2: "DisplayName",
@@ -1315,6 +1521,8 @@ var jsonFieldsNameOfSubmissionCreate = [7]string{
 	4: "GameID",
 	5: "AssetID",
 	6: "AssetVersion",
+	7: "Status",
+	8: "Roles",
 }
 
 // Decode decodes SubmissionCreate from json.
@@ -1322,7 +1530,7 @@ func (s *SubmissionCreate) Decode(d *jx.Decoder) error {
 	if s == nil {
 		return errors.New("invalid: unable to decode SubmissionCreate to nil")
 	}
-	var requiredBitSet [1]uint8
+	var requiredBitSet [2]uint8
 
 	if err := d.ObjBytes(func(d *jx.Decoder, k []byte) error {
 		switch string(k) {
@@ -1410,6 +1618,30 @@ func (s *SubmissionCreate) Decode(d *jx.Decoder) error {
 			}(); err != nil {
 				return errors.Wrap(err, "decode field \"AssetVersion\"")
 			}
+		case "Status":
+			requiredBitSet[0] |= 1 << 7
+			if err := func() error {
+				v, err := d.UInt32()
+				s.Status = uint32(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Status\"")
+			}
+		case "Roles":
+			requiredBitSet[1] |= 1 << 0
+			if err := func() error {
+				v, err := d.UInt32()
+				s.Roles = uint32(v)
+				if err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return errors.Wrap(err, "decode field \"Roles\"")
+			}
 		default:
 			return d.Skip()
 		}
@@ -1419,8 +1651,9 @@ func (s *SubmissionCreate) Decode(d *jx.Decoder) error {
 	}
 	// Validate required fields.
 	var failures []validate.FieldError
-	for i, mask := range [1]uint8{
-		0b01111111,
+	for i, mask := range [2]uint8{
+		0b11111111,
+		0b00000001,
 	} {
 		if result := (requiredBitSet[i] & mask) ^ mask; result != 0 {
 			// Mask only required fields and check equality to mask using XOR.

pkg/internal/oas_operations_gen.go

@@ -7,16 +7,24 @@ type OperationName = string
 
 const (
 	ActionMapfixAcceptedOperation           OperationName = "ActionMapfixAccepted"
+	ActionMapfixRequestChangesOperation     OperationName = "ActionMapfixRequestChanges"
+	ActionMapfixSubmittedOperation          OperationName = "ActionMapfixSubmitted"
 	ActionMapfixUploadedOperation           OperationName = "ActionMapfixUploaded"
 	ActionMapfixValidatedOperation          OperationName = "ActionMapfixValidated"
 	ActionOperationFailedOperation          OperationName = "ActionOperationFailed"
 	ActionSubmissionAcceptedOperation       OperationName = "ActionSubmissionAccepted"
+	ActionSubmissionRequestChangesOperation OperationName = "ActionSubmissionRequestChanges"
+	ActionSubmissionSubmittedOperation      OperationName = "ActionSubmissionSubmitted"
 	ActionSubmissionUploadedOperation       OperationName = "ActionSubmissionUploaded"
 	ActionSubmissionValidatedOperation      OperationName = "ActionSubmissionValidated"
 	CreateMapfixOperation                   OperationName = "CreateMapfix"
+	CreateMapfixAuditCheckListOperation     OperationName = "CreateMapfixAuditCheckList"
+	CreateMapfixAuditErrorOperation         OperationName = "CreateMapfixAuditError"
 	CreateScriptOperation                   OperationName = "CreateScript"
 	CreateScriptPolicyOperation             OperationName = "CreateScriptPolicy"
 	CreateSubmissionOperation               OperationName = "CreateSubmission"
+	CreateSubmissionAuditCheckListOperation OperationName = "CreateSubmissionAuditCheckList"
+	CreateSubmissionAuditErrorOperation     OperationName = "CreateSubmissionAuditError"
 	GetScriptOperation                      OperationName = "GetScript"
 	ListScriptPolicyOperation               OperationName = "ListScriptPolicy"
 	ListScriptsOperation                    OperationName = "ListScripts"

pkg/internal/oas_request_decoders_gen.go

@@ -9,7 +9,6 @@ import (
 
 	"github.com/go-faster/errors"
 	"github.com/go-faster/jx"
-	"go.uber.org/multierr"
 
 	"github.com/ogen-go/ogen/ogenerrors"
 	"github.com/ogen-go/ogen/validate"
@@ -26,13 +25,13 @@ func (s *Server) decodeCreateMapfixRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -86,6 +85,77 @@ func (s *Server) decodeCreateMapfixRequest(r *http.Request) (
 	}
 }
 
+func (s *Server) decodeCreateMapfixAuditCheckListRequest(r *http.Request) (
+	req CheckList,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = errors.Join(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = errors.Join(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request CheckList
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
+		return request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}
+
 func (s *Server) decodeCreateScriptRequest(r *http.Request) (
 	req *ScriptCreate,
 	close func() error,
@@ -97,13 +167,13 @@ func (s *Server) decodeCreateScriptRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -168,13 +238,13 @@ func (s *Server) decodeCreateScriptPolicyRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -214,6 +284,14 @@ func (s *Server) decodeCreateScriptPolicyRequest(r *http.Request) (
 			}
 			return req, close, err
 		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
 		return &request, close, nil
 	default:
 		return req, close, validate.InvalidContentType(ct)
@@ -231,13 +309,13 @@ func (s *Server) decodeCreateSubmissionRequest(r *http.Request) (
 		// Close in reverse order, to match defer behavior.
 		for i := len(closers) - 1; i >= 0; i-- {
 			c := closers[i]
-			merr = multierr.Append(merr, c())
+			merr = errors.Join(merr, c())
 		}
 		return merr
 	}
 	defer func() {
 		if rerr != nil {
-			rerr = multierr.Append(rerr, close())
+			rerr = errors.Join(rerr, close())
 		}
 	}()
 	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
@@ -290,3 +368,74 @@ func (s *Server) decodeCreateSubmissionRequest(r *http.Request) (
 		return req, close, validate.InvalidContentType(ct)
 	}
 }
+
+func (s *Server) decodeCreateSubmissionAuditCheckListRequest(r *http.Request) (
+	req CheckList,
+	close func() error,
+	rerr error,
+) {
+	var closers []func() error
+	close = func() error {
+		var merr error
+		// Close in reverse order, to match defer behavior.
+		for i := len(closers) - 1; i >= 0; i-- {
+			c := closers[i]
+			merr = errors.Join(merr, c())
+		}
+		return merr
+	}
+	defer func() {
+		if rerr != nil {
+			rerr = errors.Join(rerr, close())
+		}
+	}()
+	ct, _, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	if err != nil {
+		return req, close, errors.Wrap(err, "parse media type")
+	}
+	switch {
+	case ct == "application/json":
+		if r.ContentLength == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+		buf, err := io.ReadAll(r.Body)
+		if err != nil {
+			return req, close, err
+		}
+
+		if len(buf) == 0 {
+			return req, close, validate.ErrBodyRequired
+		}
+
+		d := jx.DecodeBytes(buf)
+
+		var request CheckList
+		if err := func() error {
+			if err := request.Decode(d); err != nil {
+				return err
+			}
+			if err := d.Skip(); err != io.EOF {
+				return errors.New("unexpected trailing data")
+			}
+			return nil
+		}(); err != nil {
+			err = &ogenerrors.DecodeBodyError{
+				ContentType: ct,
+				Body:        buf,
+				Err:         err,
+			}
+			return req, close, err
+		}
+		if err := func() error {
+			if err := request.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			return req, close, errors.Wrap(err, "validate")
+		}
+		return request, close, nil
+	default:
+		return req, close, validate.InvalidContentType(ct)
+	}
+}

pkg/internal/oas_request_encoders_gen.go

@@ -25,6 +25,20 @@ func encodeCreateMapfixRequest(
 	return nil
 }
 
+func encodeCreateMapfixAuditCheckListRequest(
+	req CheckList,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}
+
 func encodeCreateScriptRequest(
 	req *ScriptCreate,
 	r *http.Request,
@@ -66,3 +80,17 @@ func encodeCreateSubmissionRequest(
 	ht.SetBody(r, bytes.NewReader(encoded), contentType)
 	return nil
 }
+
+func encodeCreateSubmissionAuditCheckListRequest(
+	req CheckList,
+	r *http.Request,
+) error {
+	const contentType = "application/json"
+	e := new(jx.Encoder)
+	{
+		req.Encode(e)
+	}
+	encoded := e.Bytes()
+	ht.SetBody(r, bytes.NewReader(encoded), contentType)
+	return nil
+}

pkg/internal/oas_response_decoders_gen.go

@@ -52,6 +52,135 @@ func decodeActionMapfixAcceptedResponse(resp *http.Response) (res *ActionMapfixA
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeActionMapfixRequestChangesResponse(resp *http.Response) (res *ActionMapfixRequestChangesNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &ActionMapfixRequestChangesNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeActionMapfixSubmittedResponse(resp *http.Response) (res *ActionMapfixSubmittedNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &ActionMapfixSubmittedNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -103,6 +232,15 @@ func decodeActionMapfixUploadedResponse(resp *http.Response) (res *ActionMapfixU
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -154,6 +292,15 @@ func decodeActionMapfixValidatedResponse(resp *http.Response) (res *ActionMapfix
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -205,6 +352,15 @@ func decodeActionOperationFailedResponse(resp *http.Response) (res *ActionOperat
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -256,6 +412,135 @@ func decodeActionSubmissionAcceptedResponse(resp *http.Response) (res *ActionSub
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeActionSubmissionRequestChangesResponse(resp *http.Response) (res *ActionSubmissionRequestChangesNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &ActionSubmissionRequestChangesNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeActionSubmissionSubmittedResponse(resp *http.Response) (res *ActionSubmissionSubmittedNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &ActionSubmissionSubmittedNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -307,6 +592,15 @@ func decodeActionSubmissionUploadedResponse(resp *http.Response) (res *ActionSub
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -358,6 +652,15 @@ func decodeActionSubmissionValidatedResponse(resp *http.Response) (res *ActionSu
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -405,6 +708,15 @@ func decodeCreateMapfixResponse(resp *http.Response) (res *MapfixID, _ error) {
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &response, nil
 		default:
 			return res, validate.InvalidContentType(ct)
@@ -441,6 +753,135 @@ func decodeCreateMapfixResponse(resp *http.Response) (res *MapfixID, _ error) {
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeCreateMapfixAuditCheckListResponse(resp *http.Response) (res *CreateMapfixAuditCheckListNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &CreateMapfixAuditCheckListNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeCreateMapfixAuditErrorResponse(resp *http.Response) (res *CreateMapfixAuditErrorNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &CreateMapfixAuditErrorNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -488,6 +929,15 @@ func decodeCreateScriptResponse(resp *http.Response) (res *ScriptID, _ error) {
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &response, nil
 		default:
 			return res, validate.InvalidContentType(ct)
@@ -524,6 +974,15 @@ func decodeCreateScriptResponse(resp *http.Response) (res *ScriptID, _ error) {
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -571,6 +1030,15 @@ func decodeCreateScriptPolicyResponse(resp *http.Response) (res *ScriptPolicyID,
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &response, nil
 		default:
 			return res, validate.InvalidContentType(ct)
@@ -607,6 +1075,15 @@ func decodeCreateScriptPolicyResponse(resp *http.Response) (res *ScriptPolicyID,
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -654,6 +1131,15 @@ func decodeCreateSubmissionResponse(resp *http.Response) (res *SubmissionID, _ e
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &response, nil
 		default:
 			return res, validate.InvalidContentType(ct)
@@ -690,6 +1176,135 @@ func decodeCreateSubmissionResponse(resp *http.Response) (res *SubmissionID, _ e
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeCreateSubmissionAuditCheckListResponse(resp *http.Response) (res *CreateSubmissionAuditCheckListNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &CreateSubmissionAuditCheckListNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
+			return &ErrorStatusCode{
+				StatusCode: resp.StatusCode,
+				Response:   response,
+			}, nil
+		default:
+			return res, validate.InvalidContentType(ct)
+		}
+	}()
+	if err != nil {
+		return res, errors.Wrapf(err, "default (code %d)", resp.StatusCode)
+	}
+	return res, errors.Wrap(defRes, "error")
+}
+
+func decodeCreateSubmissionAuditErrorResponse(resp *http.Response) (res *CreateSubmissionAuditErrorNoContent, _ error) {
+	switch resp.StatusCode {
+	case 204:
+		// Code 204.
+		return &CreateSubmissionAuditErrorNoContent{}, nil
+	}
+	// Convenient error response.
+	defRes, err := func() (res *ErrorStatusCode, err error) {
+		ct, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
+		if err != nil {
+			return res, errors.Wrap(err, "parse media type")
+		}
+		switch {
+		case ct == "application/json":
+			buf, err := io.ReadAll(resp.Body)
+			if err != nil {
+				return res, err
+			}
+			d := jx.DecodeBytes(buf)
+
+			var response Error
+			if err := func() error {
+				if err := response.Decode(d); err != nil {
+					return err
+				}
+				if err := d.Skip(); err != io.EOF {
+					return errors.New("unexpected trailing data")
+				}
+				return nil
+			}(); err != nil {
+				err = &ogenerrors.DecodeBodyError{
+					ContentType: ct,
+					Body:        buf,
+					Err:         err,
+				}
+				return res, err
+			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -782,6 +1397,15 @@ func decodeGetScriptResponse(resp *http.Response) (res *Script, _ error) {
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -899,6 +1523,15 @@ func decodeListScriptPolicyResponse(resp *http.Response) (res []ScriptPolicy, _
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -1016,6 +1649,15 @@ func decodeListScriptsResponse(resp *http.Response) (res []Script, _ error) {
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -1067,6 +1709,15 @@ func decodeUpdateMapfixValidatedModelResponse(resp *http.Response) (res *UpdateM
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,
@@ -1118,6 +1769,15 @@ func decodeUpdateSubmissionValidatedModelResponse(resp *http.Response) (res *Upd
 				}
 				return res, err
 			}
+			// Validate response.
+			if err := func() error {
+				if err := response.Validate(); err != nil {
+					return err
+				}
+				return nil
+			}(); err != nil {
+				return res, errors.Wrap(err, "validate")
+			}
 			return &ErrorStatusCode{
 				StatusCode: resp.StatusCode,
 				Response:   response,

pkg/internal/oas_response_encoders_gen.go

@@ -20,6 +20,20 @@ func encodeActionMapfixAcceptedResponse(response *ActionMapfixAcceptedNoContent,
 	return nil
 }
 
+func encodeActionMapfixRequestChangesResponse(response *ActionMapfixRequestChangesNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionMapfixSubmittedResponse(response *ActionMapfixSubmittedNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
 func encodeActionMapfixUploadedResponse(response *ActionMapfixUploadedNoContent, w http.ResponseWriter, span trace.Span) error {
 	w.WriteHeader(204)
 	span.SetStatus(codes.Ok, http.StatusText(204))
@@ -48,6 +62,20 @@ func encodeActionSubmissionAcceptedResponse(response *ActionSubmissionAcceptedNo
 	return nil
 }
 
+func encodeActionSubmissionRequestChangesResponse(response *ActionSubmissionRequestChangesNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeActionSubmissionSubmittedResponse(response *ActionSubmissionSubmittedNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
 func encodeActionSubmissionUploadedResponse(response *ActionSubmissionUploadedNoContent, w http.ResponseWriter, span trace.Span) error {
 	w.WriteHeader(204)
 	span.SetStatus(codes.Ok, http.StatusText(204))
@@ -76,6 +104,20 @@ func encodeCreateMapfixResponse(response *MapfixID, w http.ResponseWriter, span
 	return nil
 }
 
+func encodeCreateMapfixAuditCheckListResponse(response *CreateMapfixAuditCheckListNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeCreateMapfixAuditErrorResponse(response *CreateMapfixAuditErrorNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
 func encodeCreateScriptResponse(response *ScriptID, w http.ResponseWriter, span trace.Span) error {
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	w.WriteHeader(201)
@@ -118,6 +160,20 @@ func encodeCreateSubmissionResponse(response *SubmissionID, w http.ResponseWrite
 	return nil
 }
 
+func encodeCreateSubmissionAuditCheckListResponse(response *CreateSubmissionAuditCheckListNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
+func encodeCreateSubmissionAuditErrorResponse(response *CreateSubmissionAuditErrorNoContent, w http.ResponseWriter, span trace.Span) error {
+	w.WriteHeader(204)
+	span.SetStatus(codes.Ok, http.StatusText(204))
+
+	return nil
+}
+
 func encodeGetScriptResponse(response *Script, w http.ResponseWriter, span trace.Span) error {
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	w.WriteHeader(200)

pkg/internal/oas_router_gen.go

@@ -113,6 +113,50 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 							break
 						}
 						switch elem[0] {
+						case 'c': // Prefix: "checklist"
+
+							if l := len("checklist"); len(elem) >= l && elem[0:l] == "checklist" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								// Leaf node.
+								switch r.Method {
+								case "POST":
+									s.handleCreateMapfixAuditCheckListRequest([1]string{
+										args[0],
+									}, elemIsEscaped, w, r)
+								default:
+									s.notAllowed(w, r, "POST")
+								}
+
+								return
+							}
+
+						case 'e': // Prefix: "error"
+
+							if l := len("error"); len(elem) >= l && elem[0:l] == "error" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								// Leaf node.
+								switch r.Method {
+								case "POST":
+									s.handleCreateMapfixAuditErrorRequest([1]string{
+										args[0],
+									}, elemIsEscaped, w, r)
+								default:
+									s.notAllowed(w, r, "POST")
+								}
+
+								return
+							}
+
 						case 's': // Prefix: "status/validator-"
 
 							if l := len("status/validator-"); len(elem) >= l && elem[0:l] == "status/validator-" {
@@ -147,6 +191,50 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 									return
 								}
 
+							case 'r': // Prefix: "request-changes"
+
+								if l := len("request-changes"); len(elem) >= l && elem[0:l] == "request-changes" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch r.Method {
+									case "POST":
+										s.handleActionMapfixRequestChangesRequest([1]string{
+											args[0],
+										}, elemIsEscaped, w, r)
+									default:
+										s.notAllowed(w, r, "POST")
+									}
+
+									return
+								}
+
+							case 's': // Prefix: "submitted"
+
+								if l := len("submitted"); len(elem) >= l && elem[0:l] == "submitted" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch r.Method {
+									case "POST":
+										s.handleActionMapfixSubmittedRequest([1]string{
+											args[0],
+										}, elemIsEscaped, w, r)
+									default:
+										s.notAllowed(w, r, "POST")
+									}
+
+									return
+								}
+
 							case 'u': // Prefix: "uploaded"
 
 								if l := len("uploaded"); len(elem) >= l && elem[0:l] == "uploaded" {
@@ -420,6 +508,50 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 								break
 							}
 							switch elem[0] {
+							case 'c': // Prefix: "checklist"
+
+								if l := len("checklist"); len(elem) >= l && elem[0:l] == "checklist" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch r.Method {
+									case "POST":
+										s.handleCreateSubmissionAuditCheckListRequest([1]string{
+											args[0],
+										}, elemIsEscaped, w, r)
+									default:
+										s.notAllowed(w, r, "POST")
+									}
+
+									return
+								}
+
+							case 'e': // Prefix: "error"
+
+								if l := len("error"); len(elem) >= l && elem[0:l] == "error" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch r.Method {
+									case "POST":
+										s.handleCreateSubmissionAuditErrorRequest([1]string{
+											args[0],
+										}, elemIsEscaped, w, r)
+									default:
+										s.notAllowed(w, r, "POST")
+									}
+
+									return
+								}
+
 							case 's': // Prefix: "status/validator-"
 
 								if l := len("status/validator-"); len(elem) >= l && elem[0:l] == "status/validator-" {
@@ -454,6 +586,50 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 										return
 									}
 
+								case 'r': // Prefix: "request-changes"
+
+									if l := len("request-changes"); len(elem) >= l && elem[0:l] == "request-changes" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch r.Method {
+										case "POST":
+											s.handleActionSubmissionRequestChangesRequest([1]string{
+												args[0],
+											}, elemIsEscaped, w, r)
+										default:
+											s.notAllowed(w, r, "POST")
+										}
+
+										return
+									}
+
+								case 's': // Prefix: "submitted"
+
+									if l := len("submitted"); len(elem) >= l && elem[0:l] == "submitted" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch r.Method {
+										case "POST":
+											s.handleActionSubmissionSubmittedRequest([1]string{
+												args[0],
+											}, elemIsEscaped, w, r)
+										default:
+											s.notAllowed(w, r, "POST")
+										}
+
+										return
+									}
+
 								case 'u': // Prefix: "uploaded"
 
 									if l := len("uploaded"); len(elem) >= l && elem[0:l] == "uploaded" {
@@ -680,6 +856,54 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 							break
 						}
 						switch elem[0] {
+						case 'c': // Prefix: "checklist"
+
+							if l := len("checklist"); len(elem) >= l && elem[0:l] == "checklist" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								// Leaf node.
+								switch method {
+								case "POST":
+									r.name = CreateMapfixAuditCheckListOperation
+									r.summary = "Validator posts a checklist to the audit log"
+									r.operationID = "createMapfixAuditCheckList"
+									r.pathPattern = "/mapfixes/{MapfixID}/checklist"
+									r.args = args
+									r.count = 1
+									return r, true
+								default:
+									return
+								}
+							}
+
+						case 'e': // Prefix: "error"
+
+							if l := len("error"); len(elem) >= l && elem[0:l] == "error" {
+								elem = elem[l:]
+							} else {
+								break
+							}
+
+							if len(elem) == 0 {
+								// Leaf node.
+								switch method {
+								case "POST":
+									r.name = CreateMapfixAuditErrorOperation
+									r.summary = "Validator posts an error to the audit log"
+									r.operationID = "createMapfixAuditError"
+									r.pathPattern = "/mapfixes/{MapfixID}/error"
+									r.args = args
+									r.count = 1
+									return r, true
+								default:
+									return
+								}
+							}
+
 						case 's': // Prefix: "status/validator-"
 
 							if l := len("status/validator-"); len(elem) >= l && elem[0:l] == "status/validator-" {
@@ -716,6 +940,54 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 									}
 								}
 
+							case 'r': // Prefix: "request-changes"
+
+								if l := len("request-changes"); len(elem) >= l && elem[0:l] == "request-changes" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch method {
+									case "POST":
+										r.name = ActionMapfixRequestChangesOperation
+										r.summary = "(Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested"
+										r.operationID = "actionMapfixRequestChanges"
+										r.pathPattern = "/mapfixes/{MapfixID}/status/validator-request-changes"
+										r.args = args
+										r.count = 1
+										return r, true
+									default:
+										return
+									}
+								}
+
+							case 's': // Prefix: "submitted"
+
+								if l := len("submitted"); len(elem) >= l && elem[0:l] == "submitted" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch method {
+									case "POST":
+										r.name = ActionMapfixSubmittedOperation
+										r.summary = "(Internal endpoint) Role Validator changes status from Submitting -> Submitted"
+										r.operationID = "actionMapfixSubmitted"
+										r.pathPattern = "/mapfixes/{MapfixID}/status/validator-submitted"
+										r.args = args
+										r.count = 1
+										return r, true
+									default:
+										return
+									}
+								}
+
 							case 'u': // Prefix: "uploaded"
 
 								if l := len("uploaded"); len(elem) >= l && elem[0:l] == "uploaded" {
@@ -1023,6 +1295,54 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 								break
 							}
 							switch elem[0] {
+							case 'c': // Prefix: "checklist"
+
+								if l := len("checklist"); len(elem) >= l && elem[0:l] == "checklist" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch method {
+									case "POST":
+										r.name = CreateSubmissionAuditCheckListOperation
+										r.summary = "Validator posts a checklist to the audit log"
+										r.operationID = "createSubmissionAuditCheckList"
+										r.pathPattern = "/submissions/{SubmissionID}/checklist"
+										r.args = args
+										r.count = 1
+										return r, true
+									default:
+										return
+									}
+								}
+
+							case 'e': // Prefix: "error"
+
+								if l := len("error"); len(elem) >= l && elem[0:l] == "error" {
+									elem = elem[l:]
+								} else {
+									break
+								}
+
+								if len(elem) == 0 {
+									// Leaf node.
+									switch method {
+									case "POST":
+										r.name = CreateSubmissionAuditErrorOperation
+										r.summary = "Validator posts an error to the audit log"
+										r.operationID = "createSubmissionAuditError"
+										r.pathPattern = "/submissions/{SubmissionID}/error"
+										r.args = args
+										r.count = 1
+										return r, true
+									default:
+										return
+									}
+								}
+
 							case 's': // Prefix: "status/validator-"
 
 								if l := len("status/validator-"); len(elem) >= l && elem[0:l] == "status/validator-" {
@@ -1059,6 +1379,54 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) {
 										}
 									}
 
+								case 'r': // Prefix: "request-changes"
+
+									if l := len("request-changes"); len(elem) >= l && elem[0:l] == "request-changes" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch method {
+										case "POST":
+											r.name = ActionSubmissionRequestChangesOperation
+											r.summary = "(Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested"
+											r.operationID = "actionSubmissionRequestChanges"
+											r.pathPattern = "/submissions/{SubmissionID}/status/validator-request-changes"
+											r.args = args
+											r.count = 1
+											return r, true
+										default:
+											return
+										}
+									}
+
+								case 's': // Prefix: "submitted"
+
+									if l := len("submitted"); len(elem) >= l && elem[0:l] == "submitted" {
+										elem = elem[l:]
+									} else {
+										break
+									}
+
+									if len(elem) == 0 {
+										// Leaf node.
+										switch method {
+										case "POST":
+											r.name = ActionSubmissionSubmittedOperation
+											r.summary = "(Internal endpoint) Role Validator changes status from Submitting -> Submitted"
+											r.operationID = "actionSubmissionSubmitted"
+											r.pathPattern = "/submissions/{SubmissionID}/status/validator-submitted"
+											r.args = args
+											r.count = 1
+											return r, true
+										default:
+											return
+										}
+									}
+
 								case 'u': // Prefix: "uploaded"
 
 									if l := len("uploaded"); len(elem) >= l && elem[0:l] == "uploaded" {

pkg/internal/oas_schemas_gen.go

@@ -13,6 +13,12 @@ func (s *ErrorStatusCode) Error() string {
 // ActionMapfixAcceptedNoContent is response for ActionMapfixAccepted operation.
 type ActionMapfixAcceptedNoContent struct{}
 
+// ActionMapfixRequestChangesNoContent is response for ActionMapfixRequestChanges operation.
+type ActionMapfixRequestChangesNoContent struct{}
+
+// ActionMapfixSubmittedNoContent is response for ActionMapfixSubmitted operation.
+type ActionMapfixSubmittedNoContent struct{}
+
 // ActionMapfixUploadedNoContent is response for ActionMapfixUploaded operation.
 type ActionMapfixUploadedNoContent struct{}
 
@@ -25,12 +31,69 @@ type ActionOperationFailedNoContent struct{}
 // ActionSubmissionAcceptedNoContent is response for ActionSubmissionAccepted operation.
 type ActionSubmissionAcceptedNoContent struct{}
 
+// ActionSubmissionRequestChangesNoContent is response for ActionSubmissionRequestChanges operation.
+type ActionSubmissionRequestChangesNoContent struct{}
+
+// ActionSubmissionSubmittedNoContent is response for ActionSubmissionSubmitted operation.
+type ActionSubmissionSubmittedNoContent struct{}
+
 // ActionSubmissionUploadedNoContent is response for ActionSubmissionUploaded operation.
 type ActionSubmissionUploadedNoContent struct{}
 
 // ActionSubmissionValidatedNoContent is response for ActionSubmissionValidated operation.
 type ActionSubmissionValidatedNoContent struct{}
 
+// Ref: #/components/schemas/Check
+type Check struct {
+	Name    string `json:"Name"`
+	Summary string `json:"Summary"`
+	Passed  bool   `json:"Passed"`
+}
+
+// GetName returns the value of Name.
+func (s *Check) GetName() string {
+	return s.Name
+}
+
+// GetSummary returns the value of Summary.
+func (s *Check) GetSummary() string {
+	return s.Summary
+}
+
+// GetPassed returns the value of Passed.
+func (s *Check) GetPassed() bool {
+	return s.Passed
+}
+
+// SetName sets the value of Name.
+func (s *Check) SetName(val string) {
+	s.Name = val
+}
+
+// SetSummary sets the value of Summary.
+func (s *Check) SetSummary(val string) {
+	s.Summary = val
+}
+
+// SetPassed sets the value of Passed.
+func (s *Check) SetPassed(val bool) {
+	s.Passed = val
+}
+
+type CheckList []Check
+
+// CreateMapfixAuditCheckListNoContent is response for CreateMapfixAuditCheckList operation.
+type CreateMapfixAuditCheckListNoContent struct{}
+
+// CreateMapfixAuditErrorNoContent is response for CreateMapfixAuditError operation.
+type CreateMapfixAuditErrorNoContent struct{}
+
+// CreateSubmissionAuditCheckListNoContent is response for CreateSubmissionAuditCheckList operation.
+type CreateSubmissionAuditCheckListNoContent struct{}
+
+// CreateSubmissionAuditErrorNoContent is response for CreateSubmissionAuditError operation.
+type CreateSubmissionAuditErrorNoContent struct{}
+
 // Represents error object.
 // Ref: #/components/schemas/Error
 type Error struct {
@@ -94,6 +157,7 @@ type MapfixCreate struct {
 	AssetID       int64  `json:"AssetID"`
 	AssetVersion  int64  `json:"AssetVersion"`
 	TargetAssetID int64  `json:"TargetAssetID"`
+	Description   string `json:"Description"`
 }
 
 // GetOperationID returns the value of OperationID.
@@ -136,6 +200,11 @@ func (s *MapfixCreate) GetTargetAssetID() int64 {
 	return s.TargetAssetID
 }
 
+// GetDescription returns the value of Description.
+func (s *MapfixCreate) GetDescription() string {
+	return s.Description
+}
+
 // SetOperationID sets the value of OperationID.
 func (s *MapfixCreate) SetOperationID(val int32) {
 	s.OperationID = val
@@ -176,6 +245,11 @@ func (s *MapfixCreate) SetTargetAssetID(val int64) {
 	s.TargetAssetID = val
 }
 
+// SetDescription sets the value of Description.
+func (s *MapfixCreate) SetDescription(val string) {
+	s.Description = val
+}
+
 // Ref: #/components/schemas/MapfixID
 type MapfixID struct {
 	MapfixID int64 `json:"MapfixID"`
@@ -571,6 +645,8 @@ type SubmissionCreate struct {
 	GameID       int32  `json:"GameID"`
 	AssetID      int64  `json:"AssetID"`
 	AssetVersion int64  `json:"AssetVersion"`
+	Status       uint32 `json:"Status"`
+	Roles        uint32 `json:"Roles"`
 }
 
 // GetOperationID returns the value of OperationID.
@@ -608,6 +684,16 @@ func (s *SubmissionCreate) GetAssetVersion() int64 {
 	return s.AssetVersion
 }
 
+// GetStatus returns the value of Status.
+func (s *SubmissionCreate) GetStatus() uint32 {
+	return s.Status
+}
+
+// GetRoles returns the value of Roles.
+func (s *SubmissionCreate) GetRoles() uint32 {
+	return s.Roles
+}
+
 // SetOperationID sets the value of OperationID.
 func (s *SubmissionCreate) SetOperationID(val int32) {
 	s.OperationID = val
@@ -643,6 +729,16 @@ func (s *SubmissionCreate) SetAssetVersion(val int64) {
 	s.AssetVersion = val
 }
 
+// SetStatus sets the value of Status.
+func (s *SubmissionCreate) SetStatus(val uint32) {
+	s.Status = val
+}
+
+// SetRoles sets the value of Roles.
+func (s *SubmissionCreate) SetRoles(val uint32) {
+	s.Roles = val
+}
+
 // Ref: #/components/schemas/SubmissionID
 type SubmissionID struct {
 	SubmissionID int64 `json:"SubmissionID"`

pkg/internal/oas_server_gen.go

@@ -14,6 +14,18 @@ type Handler interface {
 	//
 	// POST /mapfixes/{MapfixID}/status/validator-failed
 	ActionMapfixAccepted(ctx context.Context, params ActionMapfixAcceptedParams) error
+	// ActionMapfixRequestChanges implements actionMapfixRequestChanges operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested.
+	//
+	// POST /mapfixes/{MapfixID}/status/validator-request-changes
+	ActionMapfixRequestChanges(ctx context.Context, params ActionMapfixRequestChangesParams) error
+	// ActionMapfixSubmitted implements actionMapfixSubmitted operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Submitting -> Submitted.
+	//
+	// POST /mapfixes/{MapfixID}/status/validator-submitted
+	ActionMapfixSubmitted(ctx context.Context, params ActionMapfixSubmittedParams) error
 	// ActionMapfixUploaded implements actionMapfixUploaded operation.
 	//
 	// (Internal endpoint) Role Validator changes status from Uploading -> Uploaded.
@@ -38,6 +50,18 @@ type Handler interface {
 	//
 	// POST /submissions/{SubmissionID}/status/validator-failed
 	ActionSubmissionAccepted(ctx context.Context, params ActionSubmissionAcceptedParams) error
+	// ActionSubmissionRequestChanges implements actionSubmissionRequestChanges operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested.
+	//
+	// POST /submissions/{SubmissionID}/status/validator-request-changes
+	ActionSubmissionRequestChanges(ctx context.Context, params ActionSubmissionRequestChangesParams) error
+	// ActionSubmissionSubmitted implements actionSubmissionSubmitted operation.
+	//
+	// (Internal endpoint) Role Validator changes status from Submitting -> Submitted.
+	//
+	// POST /submissions/{SubmissionID}/status/validator-submitted
+	ActionSubmissionSubmitted(ctx context.Context, params ActionSubmissionSubmittedParams) error
 	// ActionSubmissionUploaded implements actionSubmissionUploaded operation.
 	//
 	// (Internal endpoint) Role Validator changes status from Uploading -> Uploaded.
@@ -56,6 +80,18 @@ type Handler interface {
 	//
 	// POST /mapfixes
 	CreateMapfix(ctx context.Context, req *MapfixCreate) (*MapfixID, error)
+	// CreateMapfixAuditCheckList implements createMapfixAuditCheckList operation.
+	//
+	// Validator posts a checklist to the audit log.
+	//
+	// POST /mapfixes/{MapfixID}/checklist
+	CreateMapfixAuditCheckList(ctx context.Context, req CheckList, params CreateMapfixAuditCheckListParams) error
+	// CreateMapfixAuditError implements createMapfixAuditError operation.
+	//
+	// Validator posts an error to the audit log.
+	//
+	// POST /mapfixes/{MapfixID}/error
+	CreateMapfixAuditError(ctx context.Context, params CreateMapfixAuditErrorParams) error
 	// CreateScript implements createScript operation.
 	//
 	// Create a new script.
@@ -74,6 +110,18 @@ type Handler interface {
 	//
 	// POST /submissions
 	CreateSubmission(ctx context.Context, req *SubmissionCreate) (*SubmissionID, error)
+	// CreateSubmissionAuditCheckList implements createSubmissionAuditCheckList operation.
+	//
+	// Validator posts a checklist to the audit log.
+	//
+	// POST /submissions/{SubmissionID}/checklist
+	CreateSubmissionAuditCheckList(ctx context.Context, req CheckList, params CreateSubmissionAuditCheckListParams) error
+	// CreateSubmissionAuditError implements createSubmissionAuditError operation.
+	//
+	// Validator posts an error to the audit log.
+	//
+	// POST /submissions/{SubmissionID}/error
+	CreateSubmissionAuditError(ctx context.Context, params CreateSubmissionAuditErrorParams) error
 	// GetScript implements getScript operation.
 	//
 	// Get the specified script by ID.

pkg/internal/oas_unimplemented_gen.go

@@ -22,6 +22,24 @@ func (UnimplementedHandler) ActionMapfixAccepted(ctx context.Context, params Act
 	return ht.ErrNotImplemented
 }
 
+// ActionMapfixRequestChanges implements actionMapfixRequestChanges operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested.
+//
+// POST /mapfixes/{MapfixID}/status/validator-request-changes
+func (UnimplementedHandler) ActionMapfixRequestChanges(ctx context.Context, params ActionMapfixRequestChangesParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionMapfixSubmitted implements actionMapfixSubmitted operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> Submitted.
+//
+// POST /mapfixes/{MapfixID}/status/validator-submitted
+func (UnimplementedHandler) ActionMapfixSubmitted(ctx context.Context, params ActionMapfixSubmittedParams) error {
+	return ht.ErrNotImplemented
+}
+
 // ActionMapfixUploaded implements actionMapfixUploaded operation.
 //
 // (Internal endpoint) Role Validator changes status from Uploading -> Uploaded.
@@ -58,6 +76,24 @@ func (UnimplementedHandler) ActionSubmissionAccepted(ctx context.Context, params
 	return ht.ErrNotImplemented
 }
 
+// ActionSubmissionRequestChanges implements actionSubmissionRequestChanges operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> ChangesRequested.
+//
+// POST /submissions/{SubmissionID}/status/validator-request-changes
+func (UnimplementedHandler) ActionSubmissionRequestChanges(ctx context.Context, params ActionSubmissionRequestChangesParams) error {
+	return ht.ErrNotImplemented
+}
+
+// ActionSubmissionSubmitted implements actionSubmissionSubmitted operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> Submitted.
+//
+// POST /submissions/{SubmissionID}/status/validator-submitted
+func (UnimplementedHandler) ActionSubmissionSubmitted(ctx context.Context, params ActionSubmissionSubmittedParams) error {
+	return ht.ErrNotImplemented
+}
+
 // ActionSubmissionUploaded implements actionSubmissionUploaded operation.
 //
 // (Internal endpoint) Role Validator changes status from Uploading -> Uploaded.
@@ -85,6 +121,24 @@ func (UnimplementedHandler) CreateMapfix(ctx context.Context, req *MapfixCreate)
 	return r, ht.ErrNotImplemented
 }
 
+// CreateMapfixAuditCheckList implements createMapfixAuditCheckList operation.
+//
+// Validator posts a checklist to the audit log.
+//
+// POST /mapfixes/{MapfixID}/checklist
+func (UnimplementedHandler) CreateMapfixAuditCheckList(ctx context.Context, req CheckList, params CreateMapfixAuditCheckListParams) error {
+	return ht.ErrNotImplemented
+}
+
+// CreateMapfixAuditError implements createMapfixAuditError operation.
+//
+// Validator posts an error to the audit log.
+//
+// POST /mapfixes/{MapfixID}/error
+func (UnimplementedHandler) CreateMapfixAuditError(ctx context.Context, params CreateMapfixAuditErrorParams) error {
+	return ht.ErrNotImplemented
+}
+
 // CreateScript implements createScript operation.
 //
 // Create a new script.
@@ -112,6 +166,24 @@ func (UnimplementedHandler) CreateSubmission(ctx context.Context, req *Submissio
 	return r, ht.ErrNotImplemented
 }
 
+// CreateSubmissionAuditCheckList implements createSubmissionAuditCheckList operation.
+//
+// Validator posts a checklist to the audit log.
+//
+// POST /submissions/{SubmissionID}/checklist
+func (UnimplementedHandler) CreateSubmissionAuditCheckList(ctx context.Context, req CheckList, params CreateSubmissionAuditCheckListParams) error {
+	return ht.ErrNotImplemented
+}
+
+// CreateSubmissionAuditError implements createSubmissionAuditError operation.
+//
+// Validator posts an error to the audit log.
+//
+// POST /submissions/{SubmissionID}/error
+func (UnimplementedHandler) CreateSubmissionAuditError(ctx context.Context, params CreateSubmissionAuditErrorParams) error {
+	return ht.ErrNotImplemented
+}
+
 // GetScript implements getScript operation.
 //
 // Get the specified script by ID.

pkg/internal/oas_validators_gen.go

@@ -3,17 +3,189 @@
 package api
 
 import (
+	"fmt"
+
 	"github.com/go-faster/errors"
 
 	"github.com/ogen-go/ogen/validate"
 )
 
+func (s *Check) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    128,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Name)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Name",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    4096,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Summary)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Summary",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s CheckList) Validate() error {
+	alias := ([]Check)(s)
+	if alias == nil {
+		return errors.New("nil is invalid value")
+	}
+	var failures []validate.FieldError
+	for i, elem := range alias {
+		if err := func() error {
+			if err := elem.Validate(); err != nil {
+				return err
+			}
+			return nil
+		}(); err != nil {
+			failures = append(failures, validate.FieldError{
+				Name:  fmt.Sprintf("[%d]", i),
+				Error: err,
+			})
+		}
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *Error) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.Code)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "code",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *ErrorStatusCode) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := s.Response.Validate(); err != nil {
+			return err
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Response",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
 func (s *MapfixCreate) Validate() error {
 	if s == nil {
 		return validate.ErrNilPointer
 	}
 
 	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.OperationID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "OperationID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.AssetOwner)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "AssetOwner",
+			Error: err,
+		})
+	}
 	if err := func() error {
 		if err := (validate.String{
 			MinLength:    0,
@@ -52,6 +224,137 @@ func (s *MapfixCreate) Validate() error {
 			Error: err,
 		})
 	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.GameID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "GameID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.AssetID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "AssetID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.AssetVersion)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "AssetVersion",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.TargetAssetID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "TargetAssetID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.String{
+			MinLength:    0,
+			MinLengthSet: false,
+			MaxLength:    256,
+			MaxLengthSet: true,
+			Email:        false,
+			Hostname:     false,
+			Regex:        nil,
+		}).Validate(string(s.Description)); err != nil {
+			return errors.Wrap(err, "string")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Description",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *MapfixID) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.MapfixID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "MapfixID",
+			Error: err,
+		})
+	}
 	if len(failures) > 0 {
 		return &validate.Error{Fields: failures}
 	}
@@ -64,6 +367,26 @@ func (s *Script) Validate() error {
 	}
 
 	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.ID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ID",
+			Error: err,
+		})
+	}
 	if err := func() error {
 		if err := (validate.String{
 			MinLength:    0,
@@ -121,6 +444,46 @@ func (s *Script) Validate() error {
 			Error: err,
 		})
 	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.ResourceType)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ResourceType",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.ResourceID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ResourceID",
+			Error: err,
+		})
+	}
 	if len(failures) > 0 {
 		return &validate.Error{Fields: failures}
 	}
@@ -171,6 +534,85 @@ func (s *ScriptCreate) Validate() error {
 			Error: err,
 		})
 	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.ResourceType)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ResourceType",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if value, ok := s.ResourceID.Get(); ok {
+			if err := func() error {
+				if err := (validate.Int{
+					MinSet:        true,
+					Min:           0,
+					MaxSet:        false,
+					Max:           0,
+					MinExclusive:  false,
+					MaxExclusive:  false,
+					MultipleOfSet: false,
+					MultipleOf:    0,
+				}).Validate(int64(value)); err != nil {
+					return errors.Wrap(err, "int")
+				}
+				return nil
+			}(); err != nil {
+				return err
+			}
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ResourceID",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *ScriptID) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.ScriptID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ScriptID",
+			Error: err,
+		})
+	}
 	if len(failures) > 0 {
 		return &validate.Error{Fields: failures}
 	}
@@ -183,6 +625,26 @@ func (s *ScriptPolicy) Validate() error {
 	}
 
 	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.ID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ID",
+			Error: err,
+		})
+	}
 	if err := func() error {
 		if err := (validate.String{
 			MinLength:    16,
@@ -202,6 +664,150 @@ func (s *ScriptPolicy) Validate() error {
 			Error: err,
 		})
 	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.ToScriptID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ToScriptID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.Policy)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Policy",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *ScriptPolicyCreate) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.FromScriptID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "FromScriptID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.ToScriptID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ToScriptID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.Policy)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Policy",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *ScriptPolicyID) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.ScriptPolicyID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "ScriptPolicyID",
+			Error: err,
+		})
+	}
 	if len(failures) > 0 {
 		return &validate.Error{Fields: failures}
 	}
@@ -214,6 +820,46 @@ func (s *SubmissionCreate) Validate() error {
 	}
 
 	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.OperationID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "OperationID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.AssetOwner)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "AssetOwner",
+			Error: err,
+		})
+	}
 	if err := func() error {
 		if err := (validate.String{
 			MinLength:    0,
@@ -252,6 +898,118 @@ func (s *SubmissionCreate) Validate() error {
 			Error: err,
 		})
 	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.GameID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "GameID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.AssetID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "AssetID",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.AssetVersion)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "AssetVersion",
+			Error: err,
+		})
+	}
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        true,
+			Max:           9,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.Status)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "Status",
+			Error: err,
+		})
+	}
+	if len(failures) > 0 {
+		return &validate.Error{Fields: failures}
+	}
+	return nil
+}
+
+func (s *SubmissionID) Validate() error {
+	if s == nil {
+		return validate.ErrNilPointer
+	}
+
+	var failures []validate.FieldError
+	if err := func() error {
+		if err := (validate.Int{
+			MinSet:        true,
+			Min:           0,
+			MaxSet:        false,
+			Max:           0,
+			MinExclusive:  false,
+			MaxExclusive:  false,
+			MultipleOfSet: false,
+			MultipleOf:    0,
+		}).Validate(int64(s.SubmissionID)); err != nil {
+			return errors.Wrap(err, "int")
+		}
+		return nil
+	}(); err != nil {
+		failures = append(failures, validate.FieldError{
+			Name:  "SubmissionID",
+			Error: err,
+		})
+	}
 	if len(failures) > 0 {
 		return &validate.Error{Fields: failures}
 	}

pkg/model/audit_event.go

@@ -0,0 +1,72 @@
+package model
+
+import (
+	"encoding/json"
+	"time"
+)
+
+type AuditEventType int32
+
+// User clicked "Submit", "Accept" etc
+const AuditEventTypeAction    AuditEventType = 0
+type AuditEventDataAction struct {
+	TargetStatus uint32 `json:"target_status"`
+}
+
+// User wrote a comment
+const AuditEventTypeComment   AuditEventType = 1
+type AuditEventDataComment struct {
+	Comment string `json:"comment"`
+}
+
+// User changed Model
+const AuditEventTypeChangeModel AuditEventType = 2
+type AuditEventDataChangeModel struct {
+	OldModelID      uint64 `json:"old_model_id"`
+	OldModelVersion uint64 `json:"old_model_version"`
+	NewModelID      uint64 `json:"new_model_id"`
+	NewModelVersion uint64 `json:"new_model_version"`
+}
+// Validator validates model
+const AuditEventTypeChangeValidatedModel AuditEventType = 3
+type AuditEventDataChangeValidatedModel struct {
+	ValidatedModelID      uint64 `json:"validated_model_id"`
+	ValidatedModelVersion uint64 `json:"validated_model_version"`
+}
+
+// User changed DisplayName / Creator
+const AuditEventTypeChangeDisplayName AuditEventType = 4
+const AuditEventTypeChangeCreator AuditEventType = 5
+type AuditEventDataChangeName struct {
+	OldName string `json:"old_name"`
+	NewName string `json:"new_name"`
+}
+
+// Validator had an error
+const AuditEventTypeError   AuditEventType = 6
+type AuditEventDataError struct {
+	Error string `json:"error"`
+}
+
+type Check struct {
+	Name    string `json:"name"`
+	Summary string `json:"summary"`
+	Passed  bool   `json:"passed"`
+}
+
+// Validator map checks details
+const AuditEventTypeCheckList AuditEventType = 7
+
+type AuditEventDataCheckList struct {
+	CheckList []Check `json:"check_list"`
+}
+
+type AuditEvent struct {
+	ID           int64 `gorm:"primaryKey"`
+	CreatedAt    time.Time
+	User         uint64
+	ResourceType ResourceType // is this a submission or is it a mapfix
+	ResourceID   int64 // submission / mapfix / map ID
+	EventType    AuditEventType
+	EventData    json.RawMessage `gorm:"type:jsonb"`
+}

pkg/model/mapfix.go

@@ -5,36 +5,39 @@ import "time"
 type MapfixStatus int32
 
 const (
-	// Phase: Final MapfixStatus
-	MapfixStatusRejected  MapfixStatus = 8
-	MapfixStatusUploaded   MapfixStatus = 7 // uploaded to the group, final status for mapfixes
+	// Phase: Creation
+	MapfixStatusUnderConstruction   MapfixStatus = 0
+	MapfixStatusChangesRequested    MapfixStatus = 1
+
+	// Phase: Review
+	MapfixStatusSubmitting          MapfixStatus = 2
+	MapfixStatusSubmitted           MapfixStatus = 3
 
 	// Phase: Testing
-	MapfixStatusUploading  MapfixStatus = 6
-	MapfixStatusValidated  MapfixStatus = 5
-	MapfixStatusValidating MapfixStatus = 4
-	MapfixStatusAccepted   MapfixStatus = 3 // pending script review, can re-trigger validation
+	MapfixStatusAcceptedUnvalidated MapfixStatus = 4 // pending script review, can re-trigger validation
+	MapfixStatusValidating          MapfixStatus = 5
+	MapfixStatusValidated           MapfixStatus = 6
+	MapfixStatusUploading           MapfixStatus = 7
 
-	// Phase: Creation
-	MapfixStatusChangesRequested  MapfixStatus = 2
-	MapfixStatusSubmitted         MapfixStatus = 1
-	MapfixStatusUnderConstruction MapfixStatus = 0
+	// Phase: Final MapfixStatus
+	MapfixStatusUploaded            MapfixStatus = 8 // uploaded to the group, but pending release
+	MapfixStatusRejected            MapfixStatus = 9
 )
 
 type Mapfix struct {
 	ID            int64 `gorm:"primaryKey"`
 	DisplayName   string
 	Creator       string
-	GameID        int32
+	GameID        uint32
 	CreatedAt     time.Time
 	UpdatedAt     time.Time
-	Submitter     int64 // UserID
-	AssetID       int64
-	AssetVersion  int64
-	ValidatedAssetID       int64
-	ValidatedAssetVersion  int64
+	Submitter     uint64 // UserID
+	AssetID       uint64
+	AssetVersion  uint64
+	ValidatedAssetID       uint64
+	ValidatedAssetVersion  uint64
 	Completed     bool   // Has this version of the map been completed at least once on maptest
-	TargetAssetID int64 // where to upload map fix.  if the TargetAssetID is 0, it's a new map.
+	TargetAssetID uint64 // where to upload map fix.  if the TargetAssetID is 0, it's a new map.
 	StatusID      MapfixStatus
-	StatusMessage string
+	Description   string // mapfix description
 }

pkg/model/nats.go

@@ -7,42 +7,61 @@ package model
 
 type CreateSubmissionRequest struct {
 	// operation_id is passed back in the response message
-	OperationID   int32
-	ModelID       int64
+	OperationID    int32
+	ModelID       uint64
+	DisplayName   string
+	Creator       string
+	GameID        uint32
+	Status        uint32
+	Roles         uint32
 }
 
 type CreateMapfixRequest struct {
-	OperationID   int32
-	ModelID       int64
-	TargetAssetID int64
+	OperationID    int32
+	ModelID       uint64
+	TargetAssetID uint64
+	Description   string
+}
+
+
+type CheckSubmissionRequest struct{
+	SubmissionID int64
+	ModelID      uint64
+	SkipChecks   bool
+}
+
+type CheckMapfixRequest struct{
+	MapfixID   int64
+	ModelID    uint64
+	SkipChecks bool
 }
 
 type ValidateSubmissionRequest struct {
 	// submission_id is passed back in the response message
-	SubmissionID     int64
-	ModelID          int64
-	ModelVersion     int64
-	ValidatedModelID *int64 // optional value
+	SubmissionID       int64
+	ModelID           uint64
+	ModelVersion      uint64
+	ValidatedModelID *uint64 // optional value
 }
 
 type ValidateMapfixRequest struct {
-	MapfixID     int64
-	ModelID          int64
-	ModelVersion     int64
-	ValidatedModelID *int64 // optional value
+	MapfixID           int64
+	ModelID           uint64
+	ModelVersion      uint64
+	ValidatedModelID *uint64 // optional value
 }
 
 // Create a new map
 type UploadSubmissionRequest struct {
-	SubmissionID int64
-	ModelID      int64
-	ModelVersion int64
+	SubmissionID  int64
+	ModelID      uint64
+	ModelVersion uint64
 	ModelName    string
 }
 
 type UploadMapfixRequest struct {
-	MapfixID  int64
-	ModelID       int64
-	ModelVersion  int64
-	TargetAssetID int64
+	MapfixID       int64
+	ModelID       uint64
+	ModelVersion  uint64
+	TargetAssetID uint64
 }

pkg/model/operation.go

@@ -12,7 +12,7 @@ const (
 type Operation struct {
 	ID            int32 `gorm:"primaryKey"`
 	CreatedAt     time.Time
-	Owner         int64 // UserID
+	Owner         uint64 // UserID
 	StatusID      OperationStatus
 	StatusMessage string
 	Path          string // redirect to view completed operation e.g. "/mapfixes/4"

pkg/model/policy.go

@@ -17,11 +17,12 @@ type ScriptPolicy struct {
 	// Hash of the source code that leads to this policy.
 	// If this is a replacement mapping, the original source may not be pointed to by any policy.
 	// The original source should still exist in the scripts table, which can be located by the same hash.
-	FromScriptHash int64 // postgres does not support unsigned integers, so we have to pretend
+	// postgres does not support unsigned integers, so we have to manually pretend this is an unsigned integer
+	FromScriptHash int64 `gorm:"uniqueIndex;constraint:fk_script_policies_from_script_hash,onUpdate:NO ACTION,onDelete:NO ACTION;foreignKey:FromScriptHash;references:Hash"`
 	// The ID of the replacement source (ScriptPolicyReplace)
 	// or verbatim source (ScriptPolicyAllowed)
 	// or 0 (other)
-	ToScriptID int64
+	ToScriptID int64 `gorm:"constraint:fk_script_policies_to_script_id,onUpdate:NO ACTION,onDelete:NO ACTION;foreignKey:ToScriptID;references:ID"`
 	Policy     Policy
 	CreatedAt  time.Time
 	UpdatedAt  time.Time

pkg/model/resource.go

@@ -0,0 +1,13 @@
+package model
+
+type ResourceType int32
+const (
+	ResourceUnknown    ResourceType = 0
+	ResourceMapfix     ResourceType = 1
+	ResourceSubmission ResourceType = 2
+)
+
+type Resource struct{
+	ID int64
+	Type ResourceType
+}

pkg/model/script.go

@@ -23,17 +23,11 @@ func HashParse(hash string) (uint64, error){
 	return strconv.ParseUint(hash, 16, 64)
 }
 
-type ResourceType int32
-const (
-	ResourceUnknown    ResourceType = 0
-	ResourceMapfix     ResourceType = 1
-	ResourceSubmission ResourceType = 2
-)
-
 type Script struct {
 	ID           int64 `gorm:"primaryKey"`
 	Name         string
-	Hash         int64 // postgres does not support unsigned integers, so we have to pretend
+	// postgres does not support unsigned integers, so we have to pretend
+	Hash         int64 `gorm:"uniqueIndex;constraint:fk_script_hash,onUpdate:CASCADE,onDelete:CASCADE;foreignKey:Hash;references:FromScriptHash"`
 	Source       string
 	ResourceType ResourceType // is this a submission or is it a mapfix
 	ResourceID   int64 // which submission / mapfix did this script first appear in

pkg/model/submission.go

@@ -5,37 +5,39 @@ import "time"
 type SubmissionStatus int32
 
 const (
-	// Phase: Final SubmissionStatus
-	SubmissionStatusReleased  SubmissionStatus = 9
-	SubmissionStatusRejected  SubmissionStatus = 8
+	// Phase: Creation
+	SubmissionStatusUnderConstruction   SubmissionStatus = 0
+	SubmissionStatusChangesRequested    SubmissionStatus = 1
+
+	// Phase: Review
+	SubmissionStatusSubmitting          SubmissionStatus = 2
+	SubmissionStatusSubmitted           SubmissionStatus = 3
 
 	// Phase: Testing
-	SubmissionStatusUploaded   SubmissionStatus = 7 // uploaded to the group, but pending release
-	SubmissionStatusUploading  SubmissionStatus = 6
-	SubmissionStatusValidated  SubmissionStatus = 5
-	SubmissionStatusValidating SubmissionStatus = 4
-	SubmissionStatusAccepted   SubmissionStatus = 3 // pending script review, can re-trigger validation
+	SubmissionStatusAcceptedUnvalidated SubmissionStatus = 4 // pending script review, can re-trigger validation
+	SubmissionStatusValidating          SubmissionStatus = 5
+	SubmissionStatusValidated           SubmissionStatus = 6
+	SubmissionStatusUploading           SubmissionStatus = 7
+	SubmissionStatusUploaded            SubmissionStatus = 8 // uploaded to the group, but pending release
 
-	// Phase: Creation
-	SubmissionStatusChangesRequested  SubmissionStatus = 2
-	SubmissionStatusSubmitted         SubmissionStatus = 1
-	SubmissionStatusUnderConstruction SubmissionStatus = 0
+	// Phase: Final SubmissionStatus
+	SubmissionStatusRejected            SubmissionStatus = 9
+	SubmissionStatusReleased            SubmissionStatus = 10
 )
 
 type Submission struct {
 	ID            int64 `gorm:"primaryKey"`
 	DisplayName   string
 	Creator       string
-	GameID        int32
+	GameID        uint32
 	CreatedAt     time.Time
 	UpdatedAt     time.Time
-	Submitter     int64 // UserID
-	AssetID       int64
-	AssetVersion  int64
-	ValidatedAssetID       int64
-	ValidatedAssetVersion  int64
+	Submitter     uint64 // UserID
+	AssetID       uint64
+	AssetVersion  uint64
+	ValidatedAssetID       uint64
+	ValidatedAssetVersion  uint64
 	Completed     bool   // Has this version of the map been completed at least once on maptest
-	UploadedAssetID        int64 // where to upload map fix.  if the TargetAssetID is 0, it's a new map.
+	UploadedAssetID        uint64 // where to upload map fix.  if the TargetAssetID is 0, it's a new map.
 	StatusID      SubmissionStatus
-	StatusMessage string
 }

pkg/roblox/asset_location.go

@@ -0,0 +1,72 @@
+package roblox
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"io"
+)
+
+// Struct equivalent to Rust's AssetLocationInfo
+type AssetLocationInfo struct {
+	Location             string `json:"location"`
+	RequestId            string `json:"requestId"`
+	IsHashDynamic        bool   `json:"IsHashDynamic"`
+	IsCopyrightProtected bool   `json:"IsCopyrightProtected"`
+	IsArchived           bool   `json:"isArchived"`
+	AssetTypeId          uint32 `json:"assetTypeId"`
+}
+
+// Input struct for getAssetLocation
+type GetAssetLatestRequest struct {
+	AssetID uint64
+}
+
+// Custom error type if needed
+type GetError string
+
+func (e GetError) Error() string { return string(e) }
+
+// Example client with a Get method
+type Client struct {
+	HttpClient *http.Client
+	ApiKey string
+}
+
+func (c *Client) GetAssetLocation(config GetAssetLatestRequest) (*AssetLocationInfo, error) {
+	rawURL := fmt.Sprintf("https://apis.roblox.com/asset-delivery-api/v1/assetId/%d", config.AssetID)
+	parsedURL, err := url.Parse(rawURL)
+	if err != nil {
+		return nil, GetError("ParseError: " + err.Error())
+	}
+
+	req, err := http.NewRequest("GET", parsedURL.String(), nil)
+	if err != nil {
+		return nil, GetError("RequestCreationError: " + err.Error())
+	}
+
+	req.Header.Set("x-api-key", c.ApiKey)
+
+	resp, err := c.HttpClient.Do(req)
+	if err != nil {
+		return nil, GetError("ReqwestError: " + err.Error())
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, GetError(fmt.Sprintf("ResponseError: status code %d", resp.StatusCode))
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, GetError("ReadBodyError: " + err.Error())
+	}
+
+	var info AssetLocationInfo
+	if err := json.Unmarshal(body, &info); err != nil {
+		return nil, GetError("JSONError: " + err.Error())
+	}
+
+	return &info, nil
+}

pkg/service/audit_events.go

@@ -0,0 +1,132 @@
+package service
+
+import (
+	"context"
+	"encoding/json"
+
+	"git.itzana.me/strafesnet/go-grpc/users"
+	"git.itzana.me/strafesnet/maps-service/pkg/api"
+	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+)
+
+func (svc *Service) ListAuditEvents(ctx context.Context, resource model.Resource, page model.Page) ([]api.AuditEvent, error){
+	filter := datastore.Optional()
+
+	filter.Add("resource_type", resource.Type)
+	filter.Add("resource_id", resource.ID)
+
+	items, err := svc.DB.AuditEvents().List(ctx, filter, page)
+	if err != nil {
+		return nil, err
+	}
+
+	idMap := make(map[int64]bool)
+	for _, item := range items {
+		idMap[int64(item.User)] = true
+	}
+
+	var idList users.IdList
+	idList.ID = make([]int64,len(idMap))
+	for userId := range idMap {
+		idList.ID = append(idList.ID, userId)
+	}
+
+	userList, err := svc.Users.GetList(ctx, &idList)
+	if err != nil {
+		return nil, err
+	}
+
+	userMap := make(map[int64]*users.UserResponse)
+	for _,user := range userList.Users {
+		userMap[user.ID] = user
+	}
+
+	var resp []api.AuditEvent
+	for _, item := range items {
+		EventData := api.AuditEventEventData{}
+		err = EventData.UnmarshalJSON(item.EventData)
+		if err != nil {
+			return nil, err
+		}
+		username := ""
+		if userMap[int64(item.User)] != nil {
+			username = userMap[int64(item.User)].Username
+		}
+		resp = append(resp, api.AuditEvent{
+			ID:           item.ID,
+			Date:         item.CreatedAt.Unix(),
+			User:         int64(item.User),
+			Username:     username,
+			ResourceType: int32(item.ResourceType),
+			ResourceID:   item.ResourceID,
+			EventType:    int32(item.EventType),
+			EventData:    EventData,
+		})
+	}
+
+	return resp, nil
+}
+
+func (svc *Service) CreateAuditEventAction(ctx context.Context, userId uint64, resource model.Resource, event_data model.AuditEventDataAction) error {
+	EventData, err := json.Marshal(event_data)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.DB.AuditEvents().Create(ctx, model.AuditEvent{
+		ID:           0,
+		User:         userId,
+		ResourceType: resource.Type,
+		ResourceID:   resource.ID,
+		EventType:    model.AuditEventTypeAction,
+		EventData:    EventData,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (svc *Service) CreateAuditEventComment(ctx context.Context, userId uint64, resource model.Resource, event_data model.AuditEventDataComment) error {
+	EventData, err := json.Marshal(event_data)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.DB.AuditEvents().Create(ctx, model.AuditEvent{
+		ID:           0,
+		User:         userId,
+		ResourceType: resource.Type,
+		ResourceID:   resource.ID,
+		EventType:    model.AuditEventTypeComment,
+		EventData:    EventData,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (svc *Service) CreateAuditEventChangeModel(ctx context.Context, userId uint64, resource model.Resource, event_data model.AuditEventDataChangeModel) error {
+	EventData, err := json.Marshal(event_data)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.DB.AuditEvents().Create(ctx, model.AuditEvent{
+		ID:           0,
+		User:         userId,
+		ResourceType: resource.Type,
+		ResourceID:   resource.ID,
+		EventType:    model.AuditEventTypeChangeModel,
+		EventData:    EventData,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/service/mapfixes.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
 	"time"
 
 	"git.itzana.me/strafesnet/go-grpc/maps"
@@ -25,18 +26,29 @@ var(
 		model.MapfixStatusUploading,
 		model.MapfixStatusValidated,
 		model.MapfixStatusValidating,
-		model.MapfixStatusAccepted,
+		model.MapfixStatusAcceptedUnvalidated,
 	}
+	// Allow 5 mapfixes every 10 minutes
+	CreateMapfixRateLimit int64 = 5
+	CreateMapfixRecencyWindow = time.Second*600
 )
 
 var (
 	ErrCreationPhaseMapfixesLimit = errors.New("Active mapfixes limited to 20")
 	ErrActiveMapfixSameTargetAssetID = errors.New("There is an active mapfix with the same TargetAssetID")
 	ErrAcceptOwnMapfix = fmt.Errorf("%w: You cannot accept your own mapfix as the submitter", ErrPermissionDenied)
+	ErrCreateMapfixRateLimit = errors.New("You must not create more than 5 mapfixes every 10 minutes")
 )
 
 // POST /mapfixes
 func (svc *Service) CreateMapfix(ctx context.Context, request *api.MapfixTriggerCreate) (*api.OperationID, error) {
+	// sanitization
+	if request.AssetID<0 || request.TargetAssetID<0{
+		return nil, ErrNegativeID
+	}
+	var ModelID=uint64(request.AssetID);
+	var TargetAssetID=uint64(request.TargetAssetID);
+
 	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
 	if !ok {
 		return nil, ErrUserInfo
@@ -67,7 +79,7 @@ func (svc *Service) CreateMapfix(ctx context.Context, request *api.MapfixTrigger
 
 	// Check if TargetAssetID actually exists
 	{
-		_, err := svc.Client.Get(ctx, &maps.IdMessage{
+		_, err := svc.Maps.Get(ctx, &maps.IdMessage{
 			ID: request.TargetAssetID,
 		})
 		if err != nil {
@@ -76,8 +88,23 @@ func (svc *Service) CreateMapfix(ctx context.Context, request *api.MapfixTrigger
 		}
 	}
 
+	// Check if too many operations have been created recently
+	{
+		count, err := svc.DB.Operations().CountSince(ctx,
+			int64(userId),
+			time.Now().Add(-CreateMapfixRecencyWindow),
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		if CreateMapfixRateLimit < count {
+			return nil, ErrCreateMapfixRateLimit
+		}
+	}
+
 	operation, err := svc.DB.Operations().Create(ctx, model.Operation{
-		Owner:         int64(userId),
+		Owner:         userId,
 		StatusID:      model.OperationStatusCreated,
 	})
 	if err != nil {
@@ -86,8 +113,9 @@ func (svc *Service) CreateMapfix(ctx context.Context, request *api.MapfixTrigger
 
 	create_request := model.CreateMapfixRequest{
 		OperationID:   operation.ID,
-		ModelID:       request.AssetID,
-		TargetAssetID: request.TargetAssetID,
+		ModelID:       ModelID,
+		TargetAssetID: TargetAssetID,
+		Description:   request.Description,
 	}
 
 	j, err := json.Marshal(create_request)
@@ -95,7 +123,10 @@ func (svc *Service) CreateMapfix(ctx context.Context, request *api.MapfixTrigger
 		return nil, err
 	}
 
-	svc.Nats.Publish("maptest.mapfixes.create", []byte(j))
+	_, err = svc.Nats.Publish("maptest.mapfixes.create", []byte(j))
+	if err != nil {
+		return nil, err
+	}
 
 	return &api.OperationID{
 		OperationID: operation.ID,
@@ -116,7 +147,7 @@ func (svc *Service) GetMapfix(ctx context.Context, params api.GetMapfixParams) (
 		ID:            mapfix.ID,
 		DisplayName:   mapfix.DisplayName,
 		Creator:       mapfix.Creator,
-		GameID:        mapfix.GameID,
+		GameID:        int32(mapfix.GameID),
 		CreatedAt:     mapfix.CreatedAt.Unix(),
 		UpdatedAt:     mapfix.UpdatedAt.Unix(),
 		Submitter:     int64(mapfix.Submitter),
@@ -125,7 +156,7 @@ func (svc *Service) GetMapfix(ctx context.Context, params api.GetMapfixParams) (
 		Completed:     mapfix.Completed,
 		TargetAssetID: int64(mapfix.TargetAssetID),
 		StatusID:      int32(mapfix.StatusID),
-		StatusMessage: mapfix.StatusMessage,
+		Description:   mapfix.Description,
 	}, nil
 }
 
@@ -134,7 +165,7 @@ func (svc *Service) GetMapfix(ctx context.Context, params api.GetMapfixParams) (
 // Get list of mapfixes.
 //
 // GET /mapfixes
-func (svc *Service) ListMapfixes(ctx context.Context, params api.ListMapfixesParams) ([]api.Mapfix, error) {
+func (svc *Service) ListMapfixes(ctx context.Context, params api.ListMapfixesParams) (*api.Mapfixes, error) {
 	filter := datastore.Optional()
 
 	if params.DisplayName.IsSet(){
@@ -146,10 +177,22 @@ func (svc *Service) ListMapfixes(ctx context.Context, params api.ListMapfixesPar
 	if params.GameID.IsSet(){
 		filter.Add("game_id", params.GameID.Value)
 	}
+	if params.Submitter.IsSet(){
+		filter.Add("submitter", params.Submitter.Value)
+	}
+	if params.AssetID.IsSet(){
+		filter.Add("asset_id", params.AssetID.Value)
+	}
+	if params.TargetAssetID.IsSet(){
+		filter.Add("target_asset_id", params.TargetAssetID.Value)
+	}
+	if params.StatusID.IsSet(){
+		filter.Add("status_id", params.StatusID.Value)
+	}
 
 	sort := datastore.ListSort(params.Sort.Or(int32(datastore.ListSortDisabled)))
 
-	items, err := svc.DB.Mapfixes().List(ctx, filter, model.Page{
+	total, items, err := svc.DB.Mapfixes().ListWithTotal(ctx, filter, model.Page{
 		Number: params.Page,
 		Size:   params.Limit,
 	},sort)
@@ -157,13 +200,14 @@ func (svc *Service) ListMapfixes(ctx context.Context, params api.ListMapfixesPar
 		return nil, err
 	}
 
-	var resp []api.Mapfix
+	var resp api.Mapfixes
+	resp.Total=total
 	for _, item := range items {
-		resp = append(resp, api.Mapfix{
+		resp.Mapfixes = append(resp.Mapfixes, api.Mapfix{
 			ID:            item.ID,
 			DisplayName:   item.DisplayName,
 			Creator:       item.Creator,
-			GameID:        item.GameID,
+			GameID:        int32(item.GameID),
 			CreatedAt:     item.CreatedAt.Unix(),
 			UpdatedAt:     item.UpdatedAt.Unix(),
 			Submitter:     int64(item.Submitter),
@@ -172,10 +216,11 @@ func (svc *Service) ListMapfixes(ctx context.Context, params api.ListMapfixesPar
 			Completed:     item.Completed,
 			TargetAssetID: int64(item.TargetAssetID),
 			StatusID:      int32(item.StatusID),
+			Description:   item.Description,
 		})
 	}
 
-	return resp, nil
+	return &resp, nil
 }
 
 // PatchMapfixCompleted implements patchMapfixCompleted operation.
@@ -220,22 +265,49 @@ func (svc *Service) UpdateMapfixModel(ctx context.Context, params api.UpdateMapf
 		return err
 	}
 
-	has_role, err := userInfo.IsSubmitter(uint64(mapfix.Submitter))
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
+
 	// check if caller is the submitter
+	has_role := userId == mapfix.Submitter
 	if !has_role {
 		return ErrPermissionDeniedNotSubmitter
 	}
 
+	OldModelID := mapfix.AssetID
+	OldModelVersion := mapfix.AssetVersion
+	NewModelID := uint64(params.ModelID)
+	NewModelVersion := uint64(params.ModelVersion)
+
 	// check if Status is ChangesRequested|Submitted|UnderConstruction
 	pmap := datastore.Optional()
-	pmap.AddNotNil("asset_id", params.ModelID)
-	pmap.AddNotNil("asset_version", params.VersionID)
+	pmap.Add("asset_id", NewModelID)
+	pmap.Add("asset_version", NewModelVersion)
 	//always reset completed when model changes
 	pmap.Add("completed", false)
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusChangesRequested, model.MapfixStatusSubmitted, model.MapfixStatusUnderConstruction}, pmap)
+	err = svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusChangesRequested, model.MapfixStatusSubmitted, model.MapfixStatusUnderConstruction}, pmap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataChangeModel{
+		OldModelID: OldModelID,
+		OldModelVersion: OldModelVersion,
+		NewModelID: NewModelID,
+		NewModelVersion: NewModelVersion,
+	}
+
+	return svc.CreateAuditEventChangeModel(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixReject invokes actionMapfixReject operation.
@@ -255,13 +327,36 @@ func (svc *Service) ActionMapfixReject(ctx context.Context, params api.ActionMap
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleMapfixReview
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// transaction
+	target_status := model.MapfixStatusRejected
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusRejected)
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusSubmitted}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusSubmitted}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixRequestChanges invokes actionMapfixRequestChanges operation.
@@ -281,13 +376,36 @@ func (svc *Service) ActionMapfixRequestChanges(ctx context.Context, params api.A
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleMapfixReview
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// transaction
+	target_status := model.MapfixStatusChangesRequested
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusChangesRequested)
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusValidated, model.MapfixStatusAccepted, model.MapfixStatusSubmitted}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusValidated, model.MapfixStatusAcceptedUnvalidated, model.MapfixStatusSubmitted}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixRevoke invokes actionMapfixRevoke operation.
@@ -307,27 +425,47 @@ func (svc *Service) ActionMapfixRevoke(ctx context.Context, params api.ActionMap
 		return err
 	}
 
-	has_role, err := userInfo.IsSubmitter(uint64(mapfix.Submitter))
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
+
 	// check if caller is the submitter
+	has_role := userId == mapfix.Submitter
 	if !has_role {
 		return ErrPermissionDeniedNotSubmitter
 	}
 
 	// transaction
+	target_status := model.MapfixStatusUnderConstruction
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusUnderConstruction)
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusSubmitted, model.MapfixStatusChangesRequested}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusSubmitted, model.MapfixStatusChangesRequested}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
-// ActionMapfixSubmit invokes actionMapfixSubmit operation.
+// ActionMapfixTriggerSubmit invokes actionMapfixTriggerSubmit operation.
 //
-// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted.
+// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting.
 //
-// POST /mapfixes/{MapfixID}/status/submit
-func (svc *Service) ActionMapfixSubmit(ctx context.Context, params api.ActionMapfixSubmitParams) error {
+// POST /mapfixes/{MapfixID}/status/trigger-submit
+func (svc *Service) ActionMapfixTriggerSubmit(ctx context.Context, params api.ActionMapfixTriggerSubmitParams) error {
 	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
 	if !ok {
 		return ErrUserInfo
@@ -339,19 +477,188 @@ func (svc *Service) ActionMapfixSubmit(ctx context.Context, params api.ActionMap
 		return err
 	}
 
-	has_role, err := userInfo.IsSubmitter(uint64(mapfix.Submitter))
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
+
 	// check if caller is the submitter
+	has_role := userId == mapfix.Submitter
 	if !has_role {
 		return ErrPermissionDeniedNotSubmitter
 	}
 
 	// transaction
+	target_status := model.MapfixStatusSubmitting
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusSubmitted)
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusUnderConstruction, model.MapfixStatusChangesRequested}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusUnderConstruction, model.MapfixStatusChangesRequested}, smap)
+	if err != nil {
+		return err
+	}
+
+	validate_request := model.CheckMapfixRequest{
+		MapfixID:   mapfix.ID,
+		ModelID:    mapfix.AssetID,
+		SkipChecks: false,
+	}
+
+	j, err := json.Marshal(validate_request)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.Nats.Publish("maptest.mapfixes.check", []byte(j))
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
+}
+
+// ActionMapfixTriggerSubmitUnchecked invokes actionMapfixTriggerSubmitUnchecked operation.
+//
+// Role Reviewer changes status from ChangesRequested -> Submitting.
+//
+// POST /mapfixes/{MapfixID}/status/trigger-submit-unchecked
+func (svc *Service) ActionMapfixTriggerSubmitUnchecked(ctx context.Context, params api.ActionMapfixTriggerSubmitUncheckedParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// read mapfix (this could be done with a transaction WHERE clause)
+	mapfix, err := svc.DB.Mapfixes().Get(ctx, params.MapfixID)
+	if err != nil {
+		return err
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
+	}
+
+	// check if caller is the submitter
+	is_submitter := userId == mapfix.Submitter
+	if is_submitter {
+		return ErrAcceptOwnMapfix
+	}
+
+	has_mapfix_review, err := userInfo.HasRoleMapfixReview()
+	if err != nil {
+		return err
+	}
+
+	if !has_mapfix_review {
+		return ErrPermissionDeniedNeedRoleMapfixReview
+	}
+
+	// transaction
+	target_status := model.MapfixStatusSubmitting
+	smap := datastore.Optional()
+	smap.Add("status_id", target_status)
+	err = svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusChangesRequested}, smap)
+	if err != nil {
+		return err
+	}
+
+	validate_request := model.CheckMapfixRequest{
+		MapfixID:   mapfix.ID,
+		ModelID:    mapfix.AssetID,
+		SkipChecks: true,
+	}
+
+	j, err := json.Marshal(validate_request)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.Nats.Publish("maptest.mapfixes.check", []byte(j))
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
+}
+
+// ActionMapfixResetSubmitting implements actionMapfixResetSubmitting operation.
+//
+// Role MapfixReview changes status from Submitting -> UnderConstruction.
+//
+// POST /mapfixes/{MapfixID}/status/reset-submitting
+func (svc *Service) ActionMapfixResetSubmitting(ctx context.Context, params api.ActionMapfixResetSubmittingParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
+	}
+
+	// check when mapfix was updated
+	mapfix, err := svc.DB.Mapfixes().Get(ctx, params.MapfixID)
+	if err != nil {
+		return err
+	}
+	if time.Now().Before(mapfix.UpdatedAt.Add(time.Second*10)) {
+		// the last time the mapfix was updated must be longer than 10 seconds ago
+		return ErrDelayReset
+	}
+
+	// check if caller has required role
+	has_role := userId == mapfix.Submitter
+	if !has_role {
+		return ErrPermissionDeniedNotSubmitter
+	}
+
+	// transaction
+	target_status := model.MapfixStatusUnderConstruction
+	smap := datastore.Optional()
+	smap.Add("status_id", target_status)
+	err = svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusSubmitting}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixTriggerUpload invokes actionMapfixTriggerUpload operation.
@@ -371,12 +678,18 @@ func (svc *Service) ActionMapfixTriggerUpload(ctx context.Context, params api.Ac
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapUpload
+		return ErrPermissionDeniedNeedRoleMapfixUpload
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// transaction
+	target_status := model.MapfixStatusUploading
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusUploading)
+	smap.Add("status_id", target_status)
 	mapfix, err := svc.DB.Mapfixes().IfStatusThenUpdateAndGet(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusValidated}, smap)
 	if err != nil {
 		return err
@@ -395,9 +708,24 @@ func (svc *Service) ActionMapfixTriggerUpload(ctx context.Context, params api.Ac
 		return err
 	}
 
-	svc.Nats.Publish("maptest.mapfixes.uploadfix", []byte(j))
+	_, err = svc.Nats.Publish("maptest.mapfixes.upload", []byte(j))
+	if err != nil {
+		return err
+	}
 
-	return nil
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixValidate invokes actionMapfixValidate operation.
@@ -417,7 +745,12 @@ func (svc *Service) ActionMapfixValidated(ctx context.Context, params api.Action
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapUpload
+		return ErrPermissionDeniedNeedRoleMapfixUpload
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// check when mapfix was updated
@@ -431,9 +764,27 @@ func (svc *Service) ActionMapfixValidated(ctx context.Context, params api.Action
 	}
 
 	// transaction
+	target_status := model.MapfixStatusValidated
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusValidated)
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusUploading}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusUploading}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixTriggerValidate invokes actionMapfixTriggerValidate operation.
@@ -453,7 +804,7 @@ func (svc *Service) ActionMapfixTriggerValidate(ctx context.Context, params api.
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleMapfixReview
 	}
 
 	// read mapfix (this could be done with a transaction WHERE clause)
@@ -462,11 +813,13 @@ func (svc *Service) ActionMapfixTriggerValidate(ctx context.Context, params api.
 		return err
 	}
 
-	has_role, err = userInfo.IsSubmitter(uint64(mapfix.Submitter))
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
+
 	// check if caller is NOT the submitter
+	has_role = userId == mapfix.Submitter
 	if has_role {
 		return ErrAcceptOwnMapfix
 	}
@@ -489,8 +842,9 @@ func (svc *Service) ActionMapfixTriggerValidate(ctx context.Context, params api.
 	}
 
 	// transaction
+	target_status := model.MapfixStatusValidating
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusValidating)
+	smap.Add("status_id", target_status)
 	mapfix, err = svc.DB.Mapfixes().IfStatusThenUpdateAndGet(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusSubmitted}, smap)
 	if err != nil {
 		return err
@@ -513,9 +867,24 @@ func (svc *Service) ActionMapfixTriggerValidate(ctx context.Context, params api.
 		return err
 	}
 
-	svc.Nats.Publish("maptest.mapfixes.validate", []byte(j))
+	_, err = svc.Nats.Publish("maptest.mapfixes.validate", []byte(j))
+	if err != nil {
+		return err
+	}
 
-	return nil
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixRetryValidate invokes actionMapfixRetryValidate operation.
@@ -535,13 +904,19 @@ func (svc *Service) ActionMapfixRetryValidate(ctx context.Context, params api.Ac
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleMapfixReview
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// transaction
+	target_status := model.MapfixStatusValidating
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusValidating)
-	mapfix, err := svc.DB.Mapfixes().IfStatusThenUpdateAndGet(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusAccepted}, smap)
+	smap.Add("status_id", target_status)
+	mapfix, err := svc.DB.Mapfixes().IfStatusThenUpdateAndGet(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusAcceptedUnvalidated}, smap)
 	if err != nil {
 		return err
 	}
@@ -563,9 +938,24 @@ func (svc *Service) ActionMapfixRetryValidate(ctx context.Context, params api.Ac
 		return err
 	}
 
-	svc.Nats.Publish("maptest.mapfixes.validate", []byte(j))
+	_, err = svc.Nats.Publish("maptest.mapfixes.validate", []byte(j))
+	if err != nil {
+		return err
+	}
 
-	return nil
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixAccepted implements actionMapfixAccepted operation.
@@ -585,7 +975,12 @@ func (svc *Service) ActionMapfixAccepted(ctx context.Context, params api.ActionM
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleMapfixReview
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// check when mapfix was updated
@@ -599,8 +994,97 @@ func (svc *Service) ActionMapfixAccepted(ctx context.Context, params api.ActionM
 	}
 
 	// transaction
+	target_status := model.MapfixStatusAcceptedUnvalidated
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusAccepted)
-	smap.Add("status_message", "Manually forced reset")
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusValidating}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusValidating}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
+}
+
+// CreateMapfixAuditComment implements createMapfixAuditComment operation.
+//
+// Post a comment to the audit log
+//
+// POST /mapfixes/{MapfixID}/comment
+func (svc *Service) CreateMapfixAuditComment(ctx context.Context, req api.CreateMapfixAuditCommentReq, params api.CreateMapfixAuditCommentParams) (error) {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	has_role, err := userInfo.HasRoleMapfixReview()
+	if err != nil {
+		return err
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
+	}
+
+	if !has_role {
+		// Submitter has special permission to comment on their mapfix
+		mapfix, err := svc.DB.Mapfixes().Get(ctx, params.MapfixID)
+		if err != nil {
+			return err
+		}
+
+		if mapfix.Submitter != userId {
+			return ErrPermissionDeniedNeedRoleMapfixReview
+		}
+	}
+
+	data, err := io.ReadAll(req)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataComment{
+		Comment: string(data),
+	}
+
+	return svc.CreateAuditEventComment(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
+}
+
+// ListMapfixAuditEvents invokes listMapfixAuditEvents operation.
+//
+// Retrieve a list of audit events.
+//
+// GET /mapfixes/{MapfixID}/audit-events
+func (svc *Service) ListMapfixAuditEvents(ctx context.Context, params api.ListMapfixAuditEventsParams) ([]api.AuditEvent, error) {
+	return svc.ListAuditEvents(
+		ctx,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		model.Page{
+			Number: params.Page,
+			Size:   params.Limit,
+		},
+	)
 }

pkg/service/maps.go

@@ -2,9 +2,11 @@ package service
 
 import (
 	"context"
+	"strings"
 
 	"git.itzana.me/strafesnet/go-grpc/maps"
 	"git.itzana.me/strafesnet/maps-service/pkg/api"
+	"git.itzana.me/strafesnet/maps-service/pkg/roblox"
 )
 
 // ListMaps implements listMaps operation.
@@ -25,7 +27,7 @@ func (svc *Service) ListMaps(ctx context.Context, params api.ListMapsParams) ([]
 		filter.GameID = &params.GameID.Value
 	}
 
-	mapList, err := svc.Client.List(ctx, &maps.ListRequest{
+	mapList, err := svc.Maps.List(ctx, &maps.ListRequest{
 		Filter: &filter,
 		Page: &maps.Pagination{
 			Size:   params.Limit,
@@ -56,7 +58,7 @@ func (svc *Service) ListMaps(ctx context.Context, params api.ListMapsParams) ([]
 //
 // GET /maps/{MapID}
 func (svc *Service) GetMap(ctx context.Context, params api.GetMapParams) (*api.Map, error) {
-	mapResponse, err := svc.Client.Get(ctx, &maps.IdMessage{
+	mapResponse, err := svc.Maps.Get(ctx, &maps.IdMessage{
 		ID:          params.MapID,
 	})
 	if err != nil {
@@ -71,3 +73,29 @@ func (svc *Service) GetMap(ctx context.Context, params api.GetMapParams) (*api.M
 		Date:         mapResponse.Date,
 	}, nil
 }
+
+// GetMapAssetLocation invokes getMapAssetLocation operation.
+//
+// Get location of map asset.
+//
+// GET /maps/{MapID}/location
+func (svc *Service) GetMapAssetLocation(ctx context.Context, params api.GetMapAssetLocationParams) (ok api.GetMapAssetLocationOK, err error) {
+	// Ensure map exists in the db!
+	// This could otherwise be used to access any asset
+	_, err = svc.Maps.Get(ctx, &maps.IdMessage{
+		ID: params.MapID,
+	})
+	if err != nil {
+		return ok, err
+	}
+
+	info, err := svc.Roblox.GetAssetLocation(roblox.GetAssetLatestRequest{
+		AssetID: uint64(params.MapID),
+	})
+	if err != nil{
+		return ok, err
+	}
+
+	ok.Data = strings.NewReader(info.Location)
+	return ok, nil
+}

pkg/service/operations.go

@@ -24,11 +24,13 @@ func (svc *Service) GetOperation(ctx context.Context, params api.GetOperationPar
 		return nil, err
 	}
 
-	has_role, err := userInfo.IsSubmitter(uint64(operation.Owner))
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return nil, err
 	}
-	// check if caller is operation owner
+
+	// check if caller is the submitter
+	has_role := userId == operation.Owner
 	if !has_role {
 		return nil, ErrPermissionDeniedNotSubmitter
 	}
@@ -36,7 +38,7 @@ func (svc *Service) GetOperation(ctx context.Context, params api.GetOperationPar
 	return &api.Operation{
 		OperationID:   operation.ID,
 		Date:          operation.CreatedAt.Unix(),
-		Owner:         operation.Owner,
+		Owner:         int64(operation.Owner),
 		Status:        int32(operation.StatusID),
 		StatusMessage: operation.StatusMessage,
 		Path:          operation.Path,

pkg/service/script_policy.go

@@ -63,13 +63,13 @@ func (svc *Service) ListScriptPolicy(ctx context.Context, params api.ListScriptP
 		if err != nil {
 			return nil, err
 		}
-		filter.AddNotNil("from_script_hash", int64(hash)) // No type safety!
+		filter.Add("from_script_hash", int64(hash)) // No type safety!
 	}
 	if params.ToScriptID.IsSet(){
-		filter.AddNotNil("to_script_id", params.ToScriptID.Value)
+		filter.Add("to_script_id", params.ToScriptID.Value)
 	}
 	if params.Policy.IsSet(){
-		filter.AddNotNil("policy", params.Policy.Value)
+		filter.Add("policy", params.Policy.Value)
 	}
 
 	items, err := svc.DB.ScriptPolicy().List(ctx, filter, model.Page{
@@ -121,13 +121,6 @@ func (svc *Service) DeleteScriptPolicy(ctx context.Context, params api.DeleteScr
 //
 // GET /script-policy/{ScriptPolicyID}
 func (svc *Service) GetScriptPolicy(ctx context.Context, params api.GetScriptPolicyParams) (*api.ScriptPolicy, error) {
-	_, ok := ctx.Value("UserInfo").(UserInfoHandle)
-	if !ok {
-		return nil, ErrUserInfo
-	}
-
-	// Read permission for script policy only requires you to be logged in
-
 	policy, err := svc.DB.ScriptPolicy().Get(ctx, params.ScriptPolicyID)
 	if err != nil {
 		return nil, err

pkg/service/scripts.go

@@ -57,19 +57,19 @@ func (svc *Service) ListScripts(ctx context.Context, params api.ListScriptsParam
 		if err != nil {
 			return nil, err
 		}
-		filter.AddNotNil("hash", int64(hash)) // No type safety!
+		filter.Add("hash", int64(hash)) // No type safety!
 	}
 	if params.Name.IsSet(){
-		filter.AddNotNil("name", params.Name.Value)
+		filter.Add("name", params.Name.Value)
 	}
 	if params.Source.IsSet(){
-		filter.AddNotNil("source", params.Source.Value)
+		filter.Add("source", params.Source.Value)
 	}
 	if params.ResourceType.IsSet(){
-		filter.AddNotNil("resource_type", params.ResourceType.Value)
+		filter.Add("resource_type", params.ResourceType.Value)
 	}
 	if params.ResourceID.IsSet(){
-		filter.AddNotNil("resource_id", params.ResourceID.Value)
+		filter.Add("resource_id", params.ResourceID.Value)
 	}
 
 	items, err := svc.DB.Scripts().List(ctx, filter, model.Page{
@@ -84,6 +84,7 @@ func (svc *Service) ListScripts(ctx context.Context, params api.ListScriptsParam
 	for _, item := range items {
 		resp = append(resp, api.Script{
 			ID:           item.ID,
+			Name:         item.Name,
 			Hash:         model.HashFormat(uint64(item.Hash)),
 			Source:       item.Source,
 			ResourceType: int32(item.ResourceType),
@@ -122,13 +123,6 @@ func (svc *Service) DeleteScript(ctx context.Context, params api.DeleteScriptPar
 //
 // GET /scripts/{ScriptID}
 func (svc *Service) GetScript(ctx context.Context, params api.GetScriptParams) (*api.Script, error) {
-	_, ok := ctx.Value("UserInfo").(UserInfoHandle)
-	if !ok {
-		return nil, ErrUserInfo
-	}
-
-	// Read permission for scripts only requires you to be logged in
-
 	script, err := svc.DB.Scripts().Get(ctx, params.ScriptID)
 	if err != nil {
 		return nil, err

pkg/service/security.go

@@ -88,13 +88,6 @@ func (usr UserInfoHandle) Validate() (bool, error) {
 	}
 	return validate.Valid, nil
 }
-func (usr UserInfoHandle) IsSubmitter(submitter uint64) (bool, error) {
-	userId, err := usr.GetUserID()
-	if err != nil {
-		return false, err
-	}
-	return userId == submitter, nil
-}
 func (usr UserInfoHandle) hasRoles(wantRoles Roles) (bool, error) {
 	haveroles, err := usr.GetRoles()
 	if err != nil {

pkg/service/service.go

@@ -6,8 +6,10 @@ import (
 	"fmt"
 
 	"git.itzana.me/strafesnet/go-grpc/maps"
+	"git.itzana.me/strafesnet/go-grpc/users"
 	"git.itzana.me/strafesnet/maps-service/pkg/api"
 	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
+	"git.itzana.me/strafesnet/maps-service/pkg/roblox"
 	"github.com/nats-io/nats.go"
 )
 
@@ -19,17 +21,22 @@ var (
 	ErrDelayReset = errors.New("Please give the validator at least 10 seconds to operate before attempting to reset the status")
 	ErrPermissionDeniedNotSubmitter = fmt.Errorf("%w: You must be the submitter to perform this action", ErrPermissionDenied)
 	ErrPermissionDeniedNeedRoleSubmissionRelease = fmt.Errorf("%w: Need Role SubmissionRelease", ErrPermissionDenied)
-	ErrPermissionDeniedNeedRoleMapUpload = fmt.Errorf("%w: Need Role MapUpload", ErrPermissionDenied)
-	ErrPermissionDeniedNeedRoleMapReview = fmt.Errorf("%w: Need Role MapReview", ErrPermissionDenied)
+	ErrPermissionDeniedNeedRoleMapfixUpload = fmt.Errorf("%w: Need Role MapfixUpload", ErrPermissionDenied)
+	ErrPermissionDeniedNeedRoleMapfixReview = fmt.Errorf("%w: Need Role MapfixReview", ErrPermissionDenied)
+	ErrPermissionDeniedNeedRoleSubmissionUpload = fmt.Errorf("%w: Need Role SubmissionUpload", ErrPermissionDenied)
+	ErrPermissionDeniedNeedRoleSubmissionReview = fmt.Errorf("%w: Need Role SubmissionReview", ErrPermissionDenied)
 	ErrPermissionDeniedNeedRoleMapDownload = fmt.Errorf("%w: Need Role MapDownload", ErrPermissionDenied)
 	ErrPermissionDeniedNeedRoleScriptWrite = fmt.Errorf("%w: Need Role ScriptWrite", ErrPermissionDenied)
 	ErrPermissionDeniedNeedRoleMaptest = fmt.Errorf("%w: Need Role Maptest", ErrPermissionDenied)
+	ErrNegativeID = errors.New("A negative ID was provided")
 )
 
 type Service struct {
 	DB   datastore.Datastore
 	Nats nats.JetStreamContext
-	Client maps.MapsServiceClient
+	Maps maps.MapsServiceClient
+	Users users.UsersServiceClient
+	Roblox roblox.Client
 }
 
 // NewError creates *ErrorStatusCode from error returned by handler.

pkg/service/submissions.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
 	"time"
 
 	"git.itzana.me/strafesnet/go-grpc/maps"
@@ -20,13 +21,16 @@ var(
 		model.SubmissionStatusSubmitted,
 		model.SubmissionStatusUnderConstruction,
 	}
-	// limit mapfixes in the pipeline to one per target map
+	// limit submissions in the pipeline to one per target map
 	ActiveAcceptedSubmissionStatuses = []model.SubmissionStatus{
 		model.SubmissionStatusUploading,
 		model.SubmissionStatusValidated,
 		model.SubmissionStatusValidating,
-		model.SubmissionStatusAccepted,
+		model.SubmissionStatusAcceptedUnvalidated,
 	}
+	// Allow 5 submissions every 10 minutes
+	CreateSubmissionRateLimit int64 = 5
+	CreateSubmissionRecencyWindow = time.Second*600
 )
 
 var (
@@ -35,10 +39,17 @@ var (
 	ErrReleaseInvalidStatus = errors.New("Only submissions with Uploaded status can be released")
 	ErrReleaseNoUploadedAssetID = errors.New("Only submissions with a UploadedAssetID can be released")
 	ErrAcceptOwnSubmission = fmt.Errorf("%w: You cannot accept your own submission as the submitter", ErrPermissionDenied)
+	ErrCreateSubmissionRateLimit = errors.New("You must not create more than 5 submissions every 10 minutes")
 )
 
 // POST /submissions
 func (svc *Service) CreateSubmission(ctx context.Context, request *api.SubmissionTriggerCreate) (*api.OperationID, error) {
+	// sanitization
+	if request.AssetID<0{
+		return nil, ErrNegativeID
+	}
+	var ModelID=uint64(request.AssetID);
+
 	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
 	if !ok {
 		return nil, ErrUserInfo
@@ -66,8 +77,24 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *api.Submissio
 			return nil, ErrCreationPhaseSubmissionsLimit
 		}
 	}
+
+	// Check if too many operations have been created recently
+	{
+		count, err := svc.DB.Operations().CountSince(ctx,
+			int64(userId),
+			time.Now().Add(-CreateSubmissionRecencyWindow),
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		if CreateSubmissionRateLimit < count {
+			return nil, ErrCreateSubmissionRateLimit
+		}
+	}
+
 	operation, err := svc.DB.Operations().Create(ctx, model.Operation{
-		Owner:         int64(userId),
+		Owner:         userId,
 		StatusID:      model.OperationStatusCreated,
 	})
 	if err != nil {
@@ -75,8 +102,13 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *api.Submissio
 	}
 
 	create_request := model.CreateSubmissionRequest{
-		OperationID:   operation.ID,
-		ModelID:       request.AssetID,
+		OperationID: operation.ID,
+		ModelID:     ModelID,
+		DisplayName: request.DisplayName,
+		Creator:     request.Creator,
+		GameID:      uint32(request.GameID),
+		Status:      uint32(model.SubmissionStatusUnderConstruction),
+		Roles:       uint32(RolesEmpty),
 	}
 
 	j, err := json.Marshal(create_request)
@@ -84,7 +116,86 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *api.Submissio
 		return nil, err
 	}
 
-	svc.Nats.Publish("maptest.submissions.create", []byte(j))
+	_, err = svc.Nats.Publish("maptest.submissions.create", []byte(j))
+	if err != nil {
+		return nil, err
+	}
+
+	return &api.OperationID{
+		OperationID: operation.ID,
+	}, nil
+}
+// POST /submissions-admin
+func (svc *Service) CreateSubmissionAdmin(ctx context.Context, request *api.SubmissionTriggerCreate) (*api.OperationID, error) {
+	// sanitization
+	if request.AssetID<0{
+		return nil, ErrNegativeID
+	}
+	var ModelID=uint64(request.AssetID);
+
+	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
+	if !ok {
+		return nil, ErrUserInfo
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return nil, err
+	}
+
+	roles, err := userInfo.GetRoles()
+	if err != nil {
+		return nil, err
+	}
+
+	// check if caller has required role
+	has_role := roles & RolesSubmissionReview == RolesSubmissionReview
+	if !has_role {
+		return nil, ErrPermissionDeniedNeedRoleSubmissionReview
+	}
+
+	// Check if too many operations have been created recently
+	{
+		count, err := svc.DB.Operations().CountSince(ctx,
+			int64(userId),
+			time.Now().Add(-CreateSubmissionRecencyWindow),
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		if CreateSubmissionRateLimit < count {
+			return nil, ErrCreateSubmissionRateLimit
+		}
+	}
+
+	operation, err := svc.DB.Operations().Create(ctx, model.Operation{
+		Owner:         userId,
+		StatusID:      model.OperationStatusCreated,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	create_request := model.CreateSubmissionRequest{
+		OperationID: operation.ID,
+		ModelID:     ModelID,
+		DisplayName: request.DisplayName,
+		Creator:     request.Creator,
+		GameID:      uint32(request.GameID),
+		Status:      uint32(model.SubmissionStatusChangesRequested),
+		Roles:       uint32(roles),
+	}
+
+	j, err := json.Marshal(create_request)
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = svc.Nats.Publish("maptest.submissions.create", []byte(j))
+	if err != nil {
+		return nil, err
+	}
 
 	return &api.OperationID{
 		OperationID: operation.ID,
@@ -105,7 +216,7 @@ func (svc *Service) GetSubmission(ctx context.Context, params api.GetSubmissionP
 		ID:            submission.ID,
 		DisplayName:   submission.DisplayName,
 		Creator:       submission.Creator,
-		GameID:        submission.GameID,
+		GameID:        int32(submission.GameID),
 		CreatedAt:     submission.CreatedAt.Unix(),
 		UpdatedAt:     submission.UpdatedAt.Unix(),
 		Submitter:     int64(submission.Submitter),
@@ -114,7 +225,6 @@ func (svc *Service) GetSubmission(ctx context.Context, params api.GetSubmissionP
 		Completed:     submission.Completed,
 		UploadedAssetID: api.NewOptInt64(int64(submission.UploadedAssetID)),
 		StatusID:      int32(submission.StatusID),
-		StatusMessage: submission.StatusMessage,
 	}, nil
 }
 
@@ -123,7 +233,7 @@ func (svc *Service) GetSubmission(ctx context.Context, params api.GetSubmissionP
 // Get list of submissions.
 //
 // GET /submissions
-func (svc *Service) ListSubmissions(ctx context.Context, params api.ListSubmissionsParams) ([]api.Submission, error) {
+func (svc *Service) ListSubmissions(ctx context.Context, params api.ListSubmissionsParams) (*api.Submissions, error) {
 	filter := datastore.Optional()
 
 	if params.DisplayName.IsSet(){
@@ -135,10 +245,22 @@ func (svc *Service) ListSubmissions(ctx context.Context, params api.ListSubmissi
 	if params.GameID.IsSet(){
 		filter.Add("game_id", params.GameID.Value)
 	}
+	if params.Submitter.IsSet(){
+		filter.Add("submitter", params.Submitter.Value)
+	}
+	if params.AssetID.IsSet(){
+		filter.Add("asset_id", params.AssetID.Value)
+	}
+	if params.UploadedAssetID.IsSet(){
+		filter.Add("uploaded_asset_id", params.UploadedAssetID.Value)
+	}
+	if params.StatusID.IsSet(){
+		filter.Add("status_id", params.StatusID.Value)
+	}
 
 	sort := datastore.ListSort(params.Sort.Or(int32(datastore.ListSortDisabled)))
 
-	items, err := svc.DB.Submissions().List(ctx, filter, model.Page{
+	total, items, err := svc.DB.Submissions().ListWithTotal(ctx, filter, model.Page{
 		Number: params.Page,
 		Size:   params.Limit,
 	},sort)
@@ -146,13 +268,14 @@ func (svc *Service) ListSubmissions(ctx context.Context, params api.ListSubmissi
 		return nil, err
 	}
 
-	var resp []api.Submission
+	var resp api.Submissions
+	resp.Total=total
 	for _, item := range items {
-		resp = append(resp, api.Submission{
+		resp.Submissions = append(resp.Submissions, api.Submission{
 			ID:            item.ID,
 			DisplayName:   item.DisplayName,
 			Creator:       item.Creator,
-			GameID:        item.GameID,
+			GameID:        int32(item.GameID),
 			CreatedAt:     item.CreatedAt.Unix(),
 			UpdatedAt:     item.UpdatedAt.Unix(),
 			Submitter:     int64(item.Submitter),
@@ -164,7 +287,7 @@ func (svc *Service) ListSubmissions(ctx context.Context, params api.ListSubmissi
 		})
 	}
 
-	return resp, nil
+	return &resp, nil
 }
 
 // PatchSubmissionCompleted implements patchSubmissionCompleted operation.
@@ -209,22 +332,49 @@ func (svc *Service) UpdateSubmissionModel(ctx context.Context, params api.Update
 		return err
 	}
 
-	has_role, err := userInfo.IsSubmitter(uint64(submission.Submitter))
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
+
 	// check if caller is the submitter
+	has_role := userId == submission.Submitter
 	if !has_role {
 		return ErrPermissionDeniedNotSubmitter
 	}
 
+	OldModelID := submission.AssetID
+	OldModelVersion := submission.AssetVersion
+	NewModelID := uint64(params.ModelID)
+	NewModelVersion := uint64(params.ModelVersion)
+
 	// check if Status is ChangesRequested|Submitted|UnderConstruction
 	pmap := datastore.Optional()
-	pmap.AddNotNil("asset_id", params.ModelID)
-	pmap.AddNotNil("asset_version", params.VersionID)
+	pmap.Add("asset_id", NewModelID)
+	pmap.Add("asset_version", NewModelVersion)
 	//always reset completed when model changes
 	pmap.Add("completed", false)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusChangesRequested, model.SubmissionStatusSubmitted, model.SubmissionStatusUnderConstruction}, pmap)
+	err = svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusChangesRequested, model.SubmissionStatusUnderConstruction}, pmap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataChangeModel{
+		OldModelID: OldModelID,
+		OldModelVersion: OldModelVersion,
+		NewModelID: NewModelID,
+		NewModelVersion: NewModelVersion,
+	}
+
+	return svc.CreateAuditEventChangeModel(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionReject invokes actionSubmissionReject operation.
@@ -244,13 +394,36 @@ func (svc *Service) ActionSubmissionReject(ctx context.Context, params api.Actio
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleSubmissionReview
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// transaction
+	target_status := model.SubmissionStatusRejected
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusRejected)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusSubmitted}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusSubmitted}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionRequestChanges invokes actionSubmissionRequestChanges operation.
@@ -270,13 +443,36 @@ func (svc *Service) ActionSubmissionRequestChanges(ctx context.Context, params a
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleSubmissionReview
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// transaction
+	target_status := model.SubmissionStatusChangesRequested
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusChangesRequested)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidated, model.SubmissionStatusAccepted, model.SubmissionStatusSubmitted}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidated, model.SubmissionStatusAcceptedUnvalidated, model.SubmissionStatusSubmitted}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionRevoke invokes actionSubmissionRevoke operation.
@@ -296,27 +492,47 @@ func (svc *Service) ActionSubmissionRevoke(ctx context.Context, params api.Actio
 		return err
 	}
 
-	has_role, err := userInfo.IsSubmitter(uint64(submission.Submitter))
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
+
 	// check if caller is the submitter
+	has_role := userId == submission.Submitter
 	if !has_role {
 		return ErrPermissionDeniedNotSubmitter
 	}
 
 	// transaction
+	target_status := model.SubmissionStatusUnderConstruction
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusUnderConstruction)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusSubmitted, model.SubmissionStatusChangesRequested}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusSubmitted, model.SubmissionStatusChangesRequested}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
-// ActionSubmissionSubmit invokes actionSubmissionSubmit operation.
+// ActionSubmissionTriggerSubmit invokes actionSubmissionTriggerSubmit operation.
 //
-// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted.
+// Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitting.
 //
-// POST /submissions/{SubmissionID}/status/submit
-func (svc *Service) ActionSubmissionSubmit(ctx context.Context, params api.ActionSubmissionSubmitParams) error {
+// POST /submissions/{SubmissionID}/status/trigger-submit
+func (svc *Service) ActionSubmissionTriggerSubmit(ctx context.Context, params api.ActionSubmissionTriggerSubmitParams) error {
 	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
 	if !ok {
 		return ErrUserInfo
@@ -328,19 +544,196 @@ func (svc *Service) ActionSubmissionSubmit(ctx context.Context, params api.Actio
 		return err
 	}
 
-	has_role, err := userInfo.IsSubmitter(uint64(submission.Submitter))
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
+
 	// check if caller is the submitter
+	is_submitter := userId == submission.Submitter
+	// neither = deny
+	if !is_submitter {
+		has_submission_review, err := userInfo.HasRoleSubmissionReview()
+		if err != nil {
+			return err
+		}
+
+		if !has_submission_review {
+			return ErrPermissionDeniedNotSubmitter
+		}
+	}
+
+	// transaction
+	target_status := model.SubmissionStatusSubmitting
+	smap := datastore.Optional()
+	smap.Add("status_id", target_status)
+	err = svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusUnderConstruction, model.SubmissionStatusChangesRequested}, smap)
+	if err != nil {
+		return err
+	}
+
+	validate_request := model.CheckSubmissionRequest{
+		SubmissionID: submission.ID,
+		ModelID:      submission.AssetID,
+		SkipChecks:   false,
+	}
+
+	j, err := json.Marshal(validate_request)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.Nats.Publish("maptest.submissions.check", []byte(j))
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
+}
+
+// ActionSubmissionTriggerSubmitUnchecked invokes actionSubmissionTriggerSubmitUnchecked operation.
+//
+// Role Reviewer changes status from ChangesRequested -> Submitting.
+//
+// POST /submissions/{SubmissionID}/status/trigger-submit-unchecked
+func (svc *Service) ActionSubmissionTriggerSubmitUnchecked(ctx context.Context, params api.ActionSubmissionTriggerSubmitUncheckedParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	// read submission (this could be done with a transaction WHERE clause)
+	submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
+	if err != nil {
+		return err
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
+	}
+
+	// check if caller is the submitter
+	is_submitter := userId == submission.Submitter
+	if is_submitter {
+		return ErrAcceptOwnSubmission
+	}
+
+	has_submission_review, err := userInfo.HasRoleSubmissionReview()
+	if err != nil {
+		return err
+	}
+
+	if !has_submission_review {
+		return ErrPermissionDeniedNeedRoleSubmissionReview
+	}
+
+	// transaction
+	target_status := model.SubmissionStatusSubmitting
+	smap := datastore.Optional()
+	smap.Add("status_id", target_status)
+	err = svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusChangesRequested}, smap)
+	if err != nil {
+		return err
+	}
+
+	validate_request := model.CheckSubmissionRequest{
+		SubmissionID: submission.ID,
+		ModelID:      submission.AssetID,
+		SkipChecks:   true,
+	}
+
+	j, err := json.Marshal(validate_request)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.Nats.Publish("maptest.submissions.check", []byte(j))
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
+}
+
+// ActionSubmissionResetSubmitting implements actionSubmissionResetSubmitting operation.
+//
+// Role SubmissionReview changes status from Submitting -> UnderConstruction.
+//
+// POST /submissions/{SubmissionID}/status/reset-submitting
+func (svc *Service) ActionSubmissionResetSubmitting(ctx context.Context, params api.ActionSubmissionResetSubmittingParams) error {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
+	}
+
+	// check when submission was updated
+	submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
+	if err != nil {
+		return err
+	}
+	if time.Now().Before(submission.UpdatedAt.Add(time.Second*10)) {
+		// the last time the submission was updated must be longer than 10 seconds ago
+		return ErrDelayReset
+	}
+
+	// check if caller has required role
+	has_role := userId == submission.Submitter
 	if !has_role {
 		return ErrPermissionDeniedNotSubmitter
 	}
 
 	// transaction
+	target_status := model.SubmissionStatusUnderConstruction
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusSubmitted)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusUnderConstruction, model.SubmissionStatusChangesRequested}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusSubmitting}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionTriggerUpload invokes actionSubmissionTriggerUpload operation.
@@ -360,12 +753,18 @@ func (svc *Service) ActionSubmissionTriggerUpload(ctx context.Context, params ap
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapUpload
+		return ErrPermissionDeniedNeedRoleSubmissionUpload
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// transaction
+	target_status := model.SubmissionStatusUploading
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusUploading)
+	smap.Add("status_id", target_status)
 	submission, err := svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidated}, smap)
 	if err != nil {
 		return err
@@ -387,13 +786,28 @@ func (svc *Service) ActionSubmissionTriggerUpload(ctx context.Context, params ap
 			return err
 		}
 
-		svc.Nats.Publish("maptest.submissions.upload", []byte(j))
+		_, err = svc.Nats.Publish("maptest.submissions.upload", []byte(j))
+		if err != nil {
+			return err
+		}
 	} else {
 		// refuse to operate
 		return ErrUploadedAssetIDAlreadyExists
 	}
 
-	return nil
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionValidate invokes actionSubmissionValidate operation.
@@ -413,7 +827,12 @@ func (svc *Service) ActionSubmissionValidated(ctx context.Context, params api.Ac
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapUpload
+		return ErrPermissionDeniedNeedRoleSubmissionUpload
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// check when submission was updated
@@ -427,9 +846,27 @@ func (svc *Service) ActionSubmissionValidated(ctx context.Context, params api.Ac
 	}
 
 	// transaction
+	target_status := model.SubmissionStatusValidated
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusValidated)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusUploading}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusUploading}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionTriggerValidate invokes actionSubmissionTriggerValidate operation.
@@ -449,7 +886,7 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleSubmissionReview
 	}
 
 	// read submission (this could be done with a transaction WHERE clause)
@@ -458,18 +895,21 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
 		return err
 	}
 
-	has_role, err = userInfo.IsSubmitter(uint64(submission.Submitter))
+	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
+
 	// check if caller is NOT the submitter
+	has_role = userId == submission.Submitter
 	if has_role {
 		return ErrAcceptOwnSubmission
 	}
 
 	// transaction
+	target_status := model.SubmissionStatusValidating
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusValidating)
+	smap.Add("status_id", target_status)
 	submission, err = svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusSubmitted}, smap)
 	if err != nil {
 		return err
@@ -492,9 +932,24 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
 		return err
 	}
 
-	svc.Nats.Publish("maptest.submissions.validate", []byte(j))
+	_, err = svc.Nats.Publish("maptest.submissions.validate", []byte(j))
+	if err != nil {
+		return err
+	}
 
-	return nil
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionRetryValidate invokes actionSubmissionRetryValidate operation.
@@ -514,13 +969,19 @@ func (svc *Service) ActionSubmissionRetryValidate(ctx context.Context, params ap
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleSubmissionReview
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// transaction
+	target_status := model.SubmissionStatusValidating
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusValidating)
-	submission, err := svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusAccepted}, smap)
+	smap.Add("status_id", target_status)
+	submission, err := svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusAcceptedUnvalidated}, smap)
 	if err != nil {
 		return err
 	}
@@ -542,9 +1003,24 @@ func (svc *Service) ActionSubmissionRetryValidate(ctx context.Context, params ap
 		return err
 	}
 
-	svc.Nats.Publish("maptest.submissions.validate", []byte(j))
+	_, err = svc.Nats.Publish("maptest.submissions.validate", []byte(j))
+	if err != nil {
+		return err
+	}
 
-	return nil
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionAccepted implements actionSubmissionAccepted operation.
@@ -564,7 +1040,12 @@ func (svc *Service) ActionSubmissionAccepted(ctx context.Context, params api.Act
 	}
 	// check if caller has required role
 	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapReview
+		return ErrPermissionDeniedNeedRoleSubmissionReview
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
 	}
 
 	// check when submission was updated
@@ -578,10 +1059,27 @@ func (svc *Service) ActionSubmissionAccepted(ctx context.Context, params api.Act
 	}
 
 	// transaction
+	target_status := model.SubmissionStatusAcceptedUnvalidated
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusAccepted)
-	smap.Add("status_message", "Manually forced reset")
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidating}, smap)
+	smap.Add("status_id", target_status)
+	err = svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidating}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ReleaseSubmissions invokes releaseSubmissions operation.
@@ -627,12 +1125,13 @@ func (svc *Service) ReleaseSubmissions(ctx context.Context, request []api.Releas
 
 	for i,submission := range submissions{
 		date := request[i].Date.Unix()
+		var GameID = int32(submission.GameID)
 		// create each map with go-grpc
-		_, err := svc.Client.Create(ctx, &maps.MapRequest{
-			ID:          submission.UploadedAssetID,
+		_, err := svc.Maps.Create(ctx, &maps.MapRequest{
+			ID:          int64(submission.UploadedAssetID),
 			DisplayName: &submission.DisplayName,
 			Creator:     &submission.Creator,
-			GameID:      &submission.GameID,
+			GameID:      &GameID,
 			Date:        &date,
 		})
 		if err != nil {
@@ -650,3 +1149,75 @@ func (svc *Service) ReleaseSubmissions(ctx context.Context, request []api.Releas
 
 	return nil
 }
+
+// CreateSubmissionAuditComment implements createSubmissionAuditComment operation.
+//
+// Post a comment to the audit log
+//
+// POST /submissions/{SubmissionID}/comment
+func (svc *Service) CreateSubmissionAuditComment(ctx context.Context, req api.CreateSubmissionAuditCommentReq, params api.CreateSubmissionAuditCommentParams) (error) {
+	userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle)
+	if !ok {
+		return ErrUserInfo
+	}
+
+	has_role, err := userInfo.HasRoleSubmissionReview()
+	if err != nil {
+		return err
+	}
+
+	userId, err := userInfo.GetUserID()
+	if err != nil {
+		return err
+	}
+
+	if !has_role {
+		// Submitter has special permission to comment on their submission
+		submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
+		if err != nil {
+			return err
+		}
+
+		if submission.Submitter != userId {
+			return ErrPermissionDeniedNeedRoleSubmissionReview
+		}
+	}
+
+	data, err := io.ReadAll(req)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataComment{
+		Comment: string(data),
+	}
+
+	return svc.CreateAuditEventComment(
+		ctx,
+		userId,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
+}
+
+// ListSubmissionAuditEvents invokes listSubmissionAuditEvents operation.
+//
+// Retrieve a list of audit events.
+//
+// GET /submissions/{SubmissionID}/audit-events
+func (svc *Service) ListSubmissionAuditEvents(ctx context.Context, params api.ListSubmissionAuditEventsParams) ([]api.AuditEvent, error) {
+	return svc.ListAuditEvents(
+		ctx,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		model.Page{
+			Number: params.Page,
+			Size:   params.Limit,
+		},
+	)
+}

pkg/service_internal/audit_events.go

@@ -0,0 +1,92 @@
+package service_internal
+
+import (
+	"context"
+	"encoding/json"
+
+	"git.itzana.me/strafesnet/maps-service/pkg/model"
+)
+
+func (svc *Service) CreateAuditEventAction(ctx context.Context, userId uint64, resource model.Resource, event_data model.AuditEventDataAction) error {
+	EventData, err := json.Marshal(event_data)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.DB.AuditEvents().Create(ctx, model.AuditEvent{
+		ID:           0,
+		User:         userId,
+		ResourceType: resource.Type,
+		ResourceID:   resource.ID,
+		EventType:    model.AuditEventTypeAction,
+		EventData:    EventData,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (svc *Service) CreateAuditEventChangeValidatedModel(ctx context.Context, userId uint64, resource model.Resource, event_data model.AuditEventDataChangeValidatedModel) error {
+	EventData, err := json.Marshal(event_data)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.DB.AuditEvents().Create(ctx, model.AuditEvent{
+		ID:           0,
+		User:         userId,
+		ResourceType: resource.Type,
+		ResourceID:   resource.ID,
+		EventType:    model.AuditEventTypeChangeValidatedModel,
+		EventData:    EventData,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (svc *Service) CreateAuditEventError(ctx context.Context, userId uint64, resource model.Resource, event_data model.AuditEventDataError) error {
+	EventData, err := json.Marshal(event_data)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.DB.AuditEvents().Create(ctx, model.AuditEvent{
+		ID:           0,
+		User:         userId,
+		ResourceType: resource.Type,
+		ResourceID:   resource.ID,
+		EventType:    model.AuditEventTypeError,
+		EventData:    EventData,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (svc *Service) CreateAuditEventCheckList(ctx context.Context, userId uint64, resource model.Resource, event_data model.AuditEventDataCheckList) error {
+	EventData, err := json.Marshal(event_data)
+	if err != nil {
+		return err
+	}
+
+	_, err = svc.DB.AuditEvents().Create(ctx, model.AuditEvent{
+		ID:           0,
+		User:         userId,
+		ResourceType: resource.Type,
+		ResourceID:   resource.ID,
+		EventType:    model.AuditEventTypeCheckList,
+		EventData:    EventData,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/service_internal/mapfixes.go

@@ -16,7 +16,7 @@ var(
 		model.MapfixStatusUploading,
 		model.MapfixStatusValidated,
 		model.MapfixStatusValidating,
-		model.MapfixStatusAccepted,
+		model.MapfixStatusAcceptedUnvalidated,
 		model.MapfixStatusChangesRequested,
 		model.MapfixStatusSubmitted,
 		model.MapfixStatusUnderConstruction,
@@ -34,13 +34,98 @@ var(
 //
 // POST /mapfixes/{MapfixID}/validated-model
 func (svc *Service) UpdateMapfixValidatedModel(ctx context.Context, params internal.UpdateMapfixValidatedModelParams) error {
+	ValidatedModelID := uint64(params.ValidatedModelID)
+	ValidatedModelVersion := uint64(params.ValidatedModelVersion)
+
 	// check if Status is ChangesRequested|Submitted|UnderConstruction
 	pmap := datastore.Optional()
-	pmap.AddNotNil("validated_asset_id", params.ValidatedModelID)
-	pmap.AddNotNil("validated_asset_version", params.ValidatedModelVersion)
+	pmap.Add("validated_asset_id", ValidatedModelID)
+	pmap.Add("validated_asset_version", ValidatedModelVersion)
 	// DO NOT reset completed when validated model is updated
 	// pmap.Add("completed", false)
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusValidating}, pmap)
+	err := svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusValidating}, pmap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataChangeValidatedModel{
+		ValidatedModelID: ValidatedModelID,
+		ValidatedModelVersion: ValidatedModelVersion,
+	}
+
+	return svc.CreateAuditEventChangeValidatedModel(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
+}
+
+// ActionMapfixSubmitted invokes actionMapfixSubmitted operation.
+//
+// Role Validator changes status from Submitting -> Submitted.
+//
+// POST /mapfixes/{MapfixID}/status/validator-submitted
+func (svc *Service) ActionMapfixSubmitted(ctx context.Context, params internal.ActionMapfixSubmittedParams) error {
+	// transaction
+	target_status := model.MapfixStatusSubmitted
+	smap := datastore.Optional()
+	smap.Add("status_id", target_status)
+	smap.Add("asset_version", params.ModelVersion)
+	smap.Add("display_name", params.DisplayName)
+	smap.Add("creator", params.Creator)
+	smap.Add("game_id", params.GameID)
+	err := svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusSubmitting}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
+}
+
+// ActionMapfixRequestChanges implements actionMapfixRequestChanges operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> RequestChanges.
+//
+// POST /mapfixes/{MapfixID}/status/validator-request-changes
+func (svc *Service) ActionMapfixRequestChanges(ctx context.Context, params internal.ActionMapfixRequestChangesParams) error {
+	// transaction
+	target_status := model.MapfixStatusChangesRequested
+	smap := datastore.Optional()
+	smap.Add("status_id", target_status)
+	err := svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusSubmitting}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixValidate invokes actionMapfixValidate operation.
@@ -62,10 +147,28 @@ func (svc *Service) ActionMapfixValidated(ctx context.Context, params internal.A
 // POST /mapfixes/{MapfixID}/status/validator-failed
 func (svc *Service) ActionMapfixAccepted(ctx context.Context, params internal.ActionMapfixAcceptedParams) error {
 	// transaction
+	target_status := model.MapfixStatusAcceptedUnvalidated
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusAccepted)
-	smap.Add("status_message", params.StatusMessage)
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusValidating}, smap)
+	smap.Add("status_id", target_status)
+	err := svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusValidating}, smap)
+	if err != nil {
+		return err
+	}
+
+	// push an action audit event
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // ActionMapfixUploaded implements actionMapfixUploaded operation.
@@ -75,13 +178,96 @@ func (svc *Service) ActionMapfixAccepted(ctx context.Context, params internal.Ac
 // POST /mapfixes/{MapfixID}/status/validator-uploaded
 func (svc *Service) ActionMapfixUploaded(ctx context.Context, params internal.ActionMapfixUploadedParams) error {
 	// transaction
+	target_status := model.MapfixStatusUploaded
 	smap := datastore.Optional()
-	smap.Add("status_id", model.MapfixStatusUploaded)
-	return svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusUploading}, smap)
+	smap.Add("status_id", target_status)
+	err := svc.DB.Mapfixes().IfStatusThenUpdate(ctx, params.MapfixID, []model.MapfixStatus{model.MapfixStatusUploading}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
+}
+
+// CreateMapfixAuditError implements createMapfixAuditError operation.
+//
+// Post an error to the audit log
+//
+// POST /mapfixes/{MapfixID}/error
+func (svc *Service) CreateMapfixAuditError(ctx context.Context, params internal.CreateMapfixAuditErrorParams) (error) {
+	event_data := model.AuditEventDataError{
+		Error: params.ErrorMessage,
+	}
+
+	return svc.CreateAuditEventError(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
+}
+
+// CreateMapfixAuditCheckList implements createMapfixAuditCheckList operation.
+//
+// Post a checklist to the audit log
+//
+// POST /mapfixes/{MapfixID}/checklist
+func (svc *Service) CreateMapfixAuditCheckList(ctx context.Context, check_list internal.CheckList, params internal.CreateMapfixAuditCheckListParams) (error) {
+	check_list2 := make([]model.Check, len(check_list))
+	for i, check := range check_list {
+		check_list2[i] = model.Check{
+			Name:    check.Name,
+			Summary: check.Summary,
+			Passed:  check.Passed,
+		}
+	}
+
+	event_data := model.AuditEventDataCheckList{
+		CheckList: check_list2,
+	}
+
+	return svc.CreateAuditEventCheckList(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.MapfixID,
+			Type: model.ResourceMapfix,
+		},
+		event_data,
+	)
 }
 
 // POST /mapfixes
 func (svc *Service) CreateMapfix(ctx context.Context, request *internal.MapfixCreate) (*internal.MapfixID, error) {
+	// sanitization
+	if request.GameID<0||
+	request.AssetOwner<0||
+	request.AssetID<0||
+	request.AssetVersion<0||
+	request.TargetAssetID<0{
+		return nil, ErrNegativeID
+	}
+	var GameID=uint32(request.GameID);
+	var Submitter=uint64(request.AssetOwner);
+	var AssetID=uint64(request.AssetID);
+	var AssetVersion=uint64(request.AssetVersion);
+	var TargetAssetID=uint64(request.TargetAssetID);
+
 	// Check if an active mapfix with the same asset id exists
 	{
 		filter := datastore.Optional()
@@ -107,7 +293,7 @@ func (svc *Service) CreateMapfix(ctx context.Context, request *internal.MapfixCr
 
 	// check if user owns asset
 	// TODO: allow bypass by admin
-	if operation.Owner != request.AssetOwner {
+	if operation.Owner != Submitter {
 		return nil, ErrNotAssetOwner
 	}
 
@@ -115,13 +301,14 @@ func (svc *Service) CreateMapfix(ctx context.Context, request *internal.MapfixCr
 		ID:            0,
 		DisplayName:   request.DisplayName,
 		Creator:       request.Creator,
-		GameID:        request.GameID,
-		Submitter:     request.AssetOwner,
-		AssetID:       request.AssetID,
-		AssetVersion:  request.AssetVersion,
+		GameID:        GameID,
+		Submitter:     Submitter,
+		AssetID:       AssetID,
+		AssetVersion:  AssetVersion,
 		Completed:     false,
-		TargetAssetID: request.TargetAssetID,
+		TargetAssetID: TargetAssetID,
 		StatusID:      model.MapfixStatusUnderConstruction,
+		Description:   request.Description,
 	})
 	if err != nil {
 		return nil, err

pkg/service_internal/script_policy.go

@@ -4,7 +4,7 @@ import (
 	"context"
 
 	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
-	"git.itzana.me/strafesnet/maps-service/pkg/internal"
+	api "git.itzana.me/strafesnet/maps-service/pkg/internal"
 	"git.itzana.me/strafesnet/maps-service/pkg/model"
 )
 
@@ -49,13 +49,13 @@ func (svc *Service) ListScriptPolicy(ctx context.Context, params api.ListScriptP
 		if err != nil {
 			return nil, err
 		}
-		filter.AddNotNil("from_script_hash", int64(hash)) // No type safety!
+		filter.Add("from_script_hash", int64(hash)) // No type safety!
 	}
 	if params.ToScriptID.IsSet(){
-		filter.AddNotNil("to_script_id", params.ToScriptID.Value)
+		filter.Add("to_script_id", params.ToScriptID.Value)
 	}
 	if params.Policy.IsSet(){
-		filter.AddNotNil("policy", params.Policy.Value)
+		filter.Add("policy", params.Policy.Value)
 	}
 
 	items, err := svc.DB.ScriptPolicy().List(ctx, filter, model.Page{

pkg/service_internal/scripts.go

@@ -4,7 +4,7 @@ import (
 	"context"
 
 	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
-	"git.itzana.me/strafesnet/maps-service/pkg/internal"
+	api "git.itzana.me/strafesnet/maps-service/pkg/internal"
 	"git.itzana.me/strafesnet/maps-service/pkg/model"
 )
 
@@ -44,19 +44,19 @@ func (svc *Service) ListScripts(ctx context.Context, params api.ListScriptsParam
 		if err != nil {
 			return nil, err
 		}
-		filter.AddNotNil("hash", int64(hash)) // No type safety!
+		filter.Add("hash", int64(hash)) // No type safety!
 	}
 	if params.Name.IsSet(){
-		filter.AddNotNil("name", params.Name.Value)
+		filter.Add("name", params.Name.Value)
 	}
 	if params.Source.IsSet(){
-		filter.AddNotNil("source", params.Source.Value)
+		filter.Add("source", params.Source.Value)
 	}
 	if params.ResourceType.IsSet(){
-		filter.AddNotNil("resource_type", params.ResourceType.Value)
+		filter.Add("resource_type", params.ResourceType.Value)
 	}
 	if params.ResourceID.IsSet(){
-		filter.AddNotNil("resource_id", params.ResourceID.Value)
+		filter.Add("resource_id", params.ResourceID.Value)
 	}
 
 	items, err := svc.DB.Scripts().List(ctx, filter, model.Page{
@@ -71,6 +71,7 @@ func (svc *Service) ListScripts(ctx context.Context, params api.ListScriptsParam
 	for _, item := range items {
 		resp = append(resp, api.Script{
 			ID:           item.ID,
+			Name:         item.Name,
 			Hash:         model.HashFormat(uint64(item.Hash)),
 			Source:       item.Source,
 			ResourceType: int32(item.ResourceType),

pkg/service_internal/service_internal.go

@@ -3,12 +3,21 @@ package service_internal
 import (
 	"context"
 	"errors"
+	"math"
 
 	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
 	internal "git.itzana.me/strafesnet/maps-service/pkg/internal"
 	"github.com/nats-io/nats.go"
 )
 
+const (
+	ValidtorUserID uint64 = uint64(math.MaxInt64)
+)
+
+var (
+	ErrNegativeID = errors.New("A negative ID was provided")
+)
+
 type Service struct {
 	DB   datastore.Datastore
 	Nats nats.JetStreamContext

pkg/service_internal/submissions.go

@@ -8,6 +8,7 @@ import (
 	"git.itzana.me/strafesnet/maps-service/pkg/datastore"
 	internal "git.itzana.me/strafesnet/maps-service/pkg/internal"
 	"git.itzana.me/strafesnet/maps-service/pkg/model"
+	"git.itzana.me/strafesnet/maps-service/pkg/service"
 )
 
 var(
@@ -16,7 +17,7 @@ var(
 		model.SubmissionStatusUploading,
 		model.SubmissionStatusValidated,
 		model.SubmissionStatusValidating,
-		model.SubmissionStatusAccepted,
+		model.SubmissionStatusAcceptedUnvalidated,
 		model.SubmissionStatusChangesRequested,
 		model.SubmissionStatusSubmitted,
 		model.SubmissionStatusUnderConstruction,
@@ -33,13 +34,99 @@ var(
 //
 // POST /submissions/{SubmissionID}/validated-model
 func (svc *Service) UpdateSubmissionValidatedModel(ctx context.Context, params internal.UpdateSubmissionValidatedModelParams) error {
+	ValidatedModelID := uint64(params.ValidatedModelID)
+	ValidatedModelVersion := uint64(params.ValidatedModelVersion)
+
 	// check if Status is ChangesRequested|Submitted|UnderConstruction
 	pmap := datastore.Optional()
-	pmap.AddNotNil("validated_asset_id", params.ValidatedModelID)
-	pmap.AddNotNil("validated_asset_version", params.ValidatedModelVersion)
+	pmap.Add("validated_asset_id", ValidatedModelID)
+	pmap.Add("validated_asset_version", ValidatedModelVersion)
 	// DO NOT reset completed when validated model is updated
 	// pmap.Add("completed", false)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidating}, pmap)
+	err := svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidating}, pmap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataChangeValidatedModel{
+		ValidatedModelID: ValidatedModelID,
+		ValidatedModelVersion: ValidatedModelVersion,
+	}
+
+	return svc.CreateAuditEventChangeValidatedModel(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
+}
+
+// ActionSubmissionSubmitted invokes actionSubmissionSubmitted operation.
+//
+// Role Validator changes status from Submitting -> Submitted.
+//
+// POST /submissions/{SubmissionID}/status/validator-submitted
+func (svc *Service) ActionSubmissionSubmitted(ctx context.Context, params internal.ActionSubmissionSubmittedParams) error {
+	// transaction
+	target_status := model.SubmissionStatusSubmitted
+	smap := datastore.Optional()
+	smap.Add("status_id", target_status)
+	smap.Add("asset_version", params.ModelVersion)
+	smap.Add("display_name", params.DisplayName)
+	smap.Add("creator", params.Creator)
+	smap.Add("game_id", params.GameID)
+	err := svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusSubmitting}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
+}
+
+// ActionSubmissionRequestChanges implements actionSubmissionRequestChanges operation.
+//
+// (Internal endpoint) Role Validator changes status from Submitting -> RequestChanges.
+//
+// POST /submissions/{SubmissionID}/status/validator-request-changes
+func (svc *Service) ActionSubmissionRequestChanges(ctx context.Context, params internal.ActionSubmissionRequestChangesParams) error {
+	// transaction
+	target_status := model.SubmissionStatusChangesRequested
+	smap := datastore.Optional()
+	smap.Add("status_id", target_status)
+	err := svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusSubmitting}, smap)
+	if err != nil {
+		return err
+	}
+
+	// push an action audit event
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionValidate invokes actionSubmissionValidate operation.
@@ -49,9 +136,27 @@ func (svc *Service) UpdateSubmissionValidatedModel(ctx context.Context, params i
 // POST /submissions/{SubmissionID}/status/validator-validated
 func (svc *Service) ActionSubmissionValidated(ctx context.Context, params internal.ActionSubmissionValidatedParams) error {
 	// transaction
+	target_status := model.SubmissionStatusValidated
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusValidated)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidating}, smap)
+	smap.Add("status_id", target_status)
+	err := svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidating}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionAccepted implements actionSubmissionAccepted operation.
@@ -61,10 +166,28 @@ func (svc *Service) ActionSubmissionValidated(ctx context.Context, params intern
 // POST /submissions/{SubmissionID}/status/validator-failed
 func (svc *Service) ActionSubmissionAccepted(ctx context.Context, params internal.ActionSubmissionAcceptedParams) error {
 	// transaction
+	target_status := model.SubmissionStatusAcceptedUnvalidated
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusAccepted)
-	smap.Add("status_message", params.StatusMessage)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidating}, smap)
+	smap.Add("status_id", target_status)
+	err := svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusValidating}, smap)
+	if err != nil {
+		return err
+	}
+
+	// push an action audit event
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // ActionSubmissionUploaded implements actionSubmissionUploaded operation.
@@ -74,14 +197,97 @@ func (svc *Service) ActionSubmissionAccepted(ctx context.Context, params interna
 // POST /submissions/{SubmissionID}/status/validator-uploaded
 func (svc *Service) ActionSubmissionUploaded(ctx context.Context, params internal.ActionSubmissionUploadedParams) error {
 	// transaction
+	target_status := model.SubmissionStatusUploaded
 	smap := datastore.Optional()
-	smap.Add("status_id", model.SubmissionStatusUploaded)
+	smap.Add("status_id", target_status)
 	smap.Add("uploaded_asset_id", params.UploadedAssetID)
-	return svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusUploading}, smap)
+	err := svc.DB.Submissions().IfStatusThenUpdate(ctx, params.SubmissionID, []model.SubmissionStatus{model.SubmissionStatusUploading}, smap)
+	if err != nil {
+		return err
+	}
+
+	event_data := model.AuditEventDataAction{
+		TargetStatus: uint32(target_status),
+	}
+
+	return svc.CreateAuditEventAction(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
+}
+
+// CreateSubmissionAuditError implements createSubmissionAuditError operation.
+//
+// Post an error to the audit log
+//
+// POST /submissions/{SubmissionID}/error
+func (svc *Service) CreateSubmissionAuditError(ctx context.Context, params internal.CreateSubmissionAuditErrorParams) (error) {
+	event_data := model.AuditEventDataError{
+		Error: params.ErrorMessage,
+	}
+
+	return svc.CreateAuditEventError(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
+}
+
+// CreateSubmissionAuditCheckList implements createSubmissionAuditCheckList operation.
+//
+// Post a checklist to the audit log
+//
+// POST /submissions/{SubmissionID}/checklist
+func (svc *Service) CreateSubmissionAuditCheckList(ctx context.Context, check_list internal.CheckList, params internal.CreateSubmissionAuditCheckListParams) (error) {
+	check_list2 := make([]model.Check, len(check_list))
+	for i, check := range check_list {
+		check_list2[i] = model.Check{
+			Name:    check.Name,
+			Summary: check.Summary,
+			Passed:  check.Passed,
+		}
+	}
+
+	event_data := model.AuditEventDataCheckList{
+		CheckList: check_list2,
+	}
+
+	return svc.CreateAuditEventCheckList(
+		ctx,
+		ValidtorUserID,
+		model.Resource{
+			ID: params.SubmissionID,
+			Type: model.ResourceSubmission,
+		},
+		event_data,
+	)
 }
 
 // POST /submissions
 func (svc *Service) CreateSubmission(ctx context.Context, request *internal.SubmissionCreate) (*internal.SubmissionID, error) {
+	// sanitization
+	if request.GameID<0||
+	request.AssetOwner<0||
+	request.AssetID<0||
+	request.AssetVersion<0{
+		return nil, ErrNegativeID
+	}
+	var GameID=uint32(request.GameID);
+	var Submitter=uint64(request.AssetOwner);
+	var AssetID=uint64(request.AssetID);
+	var AssetVersion=uint64(request.AssetVersion);
+	var Status=model.SubmissionStatus(request.Status);
+	var roles=service.Roles(request.Roles);
+
 	// Check if an active submission with the same asset id exists
 	{
 		filter := datastore.Optional()
@@ -106,8 +312,11 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *internal.Subm
 	}
 
 	// check if user owns asset
-	// TODO: allow bypass by admin
-	if operation.Owner != request.AssetOwner {
+	is_submitter := operation.Owner == Submitter
+	// check if user is map admin
+	has_submission_review := roles & service.RolesSubmissionReview == service.RolesSubmissionReview
+	// if neither, u not allowed
+	if !is_submitter && !has_submission_review {
 		return nil, ErrNotAssetOwner
 	}
 
@@ -115,12 +324,12 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *internal.Subm
 		ID:            0,
 		DisplayName:   request.DisplayName,
 		Creator:       request.Creator,
-		GameID:        request.GameID,
-		Submitter:     request.AssetOwner,
-		AssetID:       request.AssetID,
-		AssetVersion:  request.AssetVersion,
+		GameID:        GameID,
+		Submitter:     Submitter,
+		AssetID:       AssetID,
+		AssetVersion:  AssetVersion,
 		Completed:     false,
-		StatusID:      model.SubmissionStatusUnderConstruction,
+		StatusID:      Status,
 	})
 	if err != nil {
 		return nil, err

validation/Cargo.toml

@@ -5,14 +5,16 @@ edition = "2021"
 
 [dependencies]
 submissions-api = { path = "api", features = ["internal"], default-features = false, registry = "strafesnet" }
-async-nats = "0.40.0"
+async-nats = "0.41.0"
 futures = "0.3.31"
-rbx_asset = { version = "0.3.3", registry = "strafesnet" }
-rbx_binary = { version = "0.7.4", registry = "strafesnet"}
-rbx_dom_weak = { version = "2.9.0", registry = "strafesnet"}
-rbx_reflection_database = { version = "0.2.12", registry = "strafesnet"}
-rbx_xml = { version = "0.13.3", registry = "strafesnet"}
+rbx_asset = { version = "0.4.5", registry = "strafesnet" }
+rbx_binary = "1.0.0"
+rbx_dom_weak = "3.0.0"
+rbx_reflection_database = "1.0.3"
+rbx_xml = "1.0.0"
 serde = { version = "1.0.215", features = ["derive"] }
 serde_json = "1.0.133"
 siphasher = "1.0.1"
 tokio = { version = "1.41.1", features = ["macros", "rt-multi-thread", "signal"] }
+heck = "0.5.0"
+lazy-regex = "3.4.1"

validation/Containerfile

@@ -1,6 +1,6 @@
 # Using the `rust-musl-builder` as base image, instead of
 # the official Rust toolchain
-FROM docker.io/clux/muslrust:stable AS chef
+FROM registry.itzana.me/docker-proxy/clux/muslrust:1.86.0-stable AS chef
 USER root
 RUN cargo install cargo-chef
 WORKDIR /app
@@ -17,7 +17,7 @@ RUN cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path r
 COPY . .
 RUN cargo build --release --target x86_64-unknown-linux-musl --bin maps-validation
 
-FROM docker.io/alpine:latest AS runtime
+FROM registry.itzana.me/docker-proxy/alpine:3.21 AS runtime
 RUN addgroup -S myuser && adduser -S myuser -G myuser
 COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/maps-validation /usr/local/bin/
 USER myuser

validation/api/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "submissions-api"
-version = "0.6.1"
+version = "0.8.1"
 edition = "2021"
 publish = ["strafesnet"]
 repository = "https://git.itzana.me/StrafesNET/maps-service"
@@ -11,6 +11,7 @@ authors = ["Rhys Lloyd <krakow20@gmail.com>"]
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+chrono = { version = "0.4.41", features = ["serde"] }
 reqwest = { version = "0", features = ["json"] }
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"

validation/api/src/context.rs

@@ -44,4 +44,8 @@ impl Context{
     	.body(body)
 		.send().await
 	}
+	pub async fn delete(&self,url:impl reqwest::IntoUrl)->Result<reqwest::Response,reqwest::Error>{
+		self.client.delete(url)
+		.send().await
+	}
 }

validation/api/src/external.rs

@@ -16,7 +16,7 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
-	pub async fn get_scripts<'a>(&self,config:GetScriptsRequest<'a>)->Result<Vec<ScriptResponse>,Error>{
+	pub async fn get_scripts(&self,config:GetScriptsRequest<'_>)->Result<Vec<ScriptResponse>,Error>{
 		let url_raw=format!("{}/scripts",self.0.base_url);
 		let mut url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
 
@@ -36,7 +36,7 @@ impl Context{
 			if let Some(resource_type)=config.ResourceType{
 				query_pairs.append_pair("ResourceType",(resource_type as i32).to_string().as_str());
 			}
-			if let Some(resource_id)=config.ResourceID{
+			if let Some(ResourceID(resource_id))=config.ResourceID{
 				query_pairs.append_pair("ResourceID",resource_id.to_string().as_str());
 			}
 		}
@@ -46,7 +46,7 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
-	pub async fn get_script_from_hash<'a>(&self,config:HashRequest<'a>)->Result<Option<ScriptResponse>,SingleItemError>{
+	pub async fn get_script_from_hash(&self,config:HashRequest<'_>)->Result<Option<ScriptResponse>,ScriptSingleItemError>{
 		let scripts=self.get_scripts(GetScriptsRequest{
 			Page:1,
 			Limit:2,
@@ -57,11 +57,11 @@ impl Context{
 			ResourceID:None,
 		}).await.map_err(SingleItemError::Other)?;
 		if 1<scripts.len(){
-			return Err(SingleItemError::DuplicateItems);
+			return Err(SingleItemError::DuplicateItems(scripts.into_iter().map(|item|item.ID).collect()));
 		}
 		Ok(scripts.into_iter().next())
 	}
-	pub async fn create_script<'a>(&self,config:CreateScriptRequest<'a>)->Result<ScriptIDResponse,Error>{
+	pub async fn create_script(&self,config:CreateScriptRequest<'_>)->Result<ScriptIDResponse,Error>{
 		let url_raw=format!("{}/scripts",self.0.base_url);
 		let url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
 
@@ -72,7 +72,17 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
-	pub async fn get_script_policies<'a>(&self,config:GetScriptPoliciesRequest<'a>)->Result<Vec<ScriptPolicyResponse>,Error>{
+	pub async fn delete_script(&self,config:GetScriptRequest)->Result<(),Error>{
+		let url_raw=format!("{}/scripts/{}",self.0.base_url,config.ScriptID.0);
+		let url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
+
+		response_ok(
+			self.0.delete(url).await.map_err(Error::Reqwest)?
+		).await.map_err(Error::Response)?;
+
+		Ok(())
+	}
+	pub async fn get_script_policies(&self,config:GetScriptPoliciesRequest<'_>)->Result<Vec<ScriptPolicyResponse>,Error>{
 		let url_raw=format!("{}/script-policy",self.0.base_url);
 		let mut url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
 
@@ -96,7 +106,7 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
-	pub async fn get_script_policy_from_hash<'a>(&self,config:HashRequest<'a>)->Result<Option<ScriptPolicyResponse>,SingleItemError>{
+	pub async fn get_script_policy_from_hash(&self,config:HashRequest<'_>)->Result<Option<ScriptPolicyResponse>,ScriptPolicySingleItemError>{
 		let policies=self.get_script_policies(GetScriptPoliciesRequest{
 			Page:1,
 			Limit:2,
@@ -105,7 +115,7 @@ impl Context{
 			Policy:None,
 		}).await.map_err(SingleItemError::Other)?;
 		if 1<policies.len(){
-			return Err(SingleItemError::DuplicateItems);
+			return Err(SingleItemError::DuplicateItems(policies.into_iter().map(|item|item.ID).collect()));
 		}
 		Ok(policies.into_iter().next())
 	}
@@ -130,6 +140,94 @@ impl Context{
 			self.0.post(url,body).await.map_err(Error::Reqwest)?
 		).await.map_err(Error::Response)?;
 
+		Ok(())
+	}
+	pub async fn delete_script_policy(&self,config:GetScriptPolicyRequest)->Result<(),Error>{
+		let url_raw=format!("{}/script-policy/{}",self.0.base_url,config.ScriptPolicyID.0);
+		let url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
+
+		response_ok(
+			self.0.delete(url).await.map_err(Error::Reqwest)?
+		).await.map_err(Error::Response)?;
+
+		Ok(())
+	}
+	pub async fn get_submissions(&self,config:GetSubmissionsRequest<'_>)->Result<SubmissionsResponse,Error>{
+		let url_raw=format!("{}/submissions",self.0.base_url);
+		let mut url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
+
+		{
+			let mut query_pairs=url.query_pairs_mut();
+			query_pairs.append_pair("Page",config.Page.to_string().as_str());
+			query_pairs.append_pair("Limit",config.Limit.to_string().as_str());
+			if let Some(sort)=config.Sort{
+				query_pairs.append_pair("Sort",(sort as u8).to_string().as_str());
+			}
+			if let Some(display_name)=config.DisplayName{
+				query_pairs.append_pair("DisplayName",display_name);
+			}
+			if let Some(creator)=config.Creator{
+				query_pairs.append_pair("Creator",creator);
+			}
+			if let Some(game_id)=config.GameID{
+				query_pairs.append_pair("GameID",(game_id as u8).to_string().as_str());
+			}
+			if let Some(submitter)=config.Submitter{
+				query_pairs.append_pair("Submitter",submitter.to_string().as_str());
+			}
+			if let Some(asset_id)=config.AssetID{
+				query_pairs.append_pair("AssetID",asset_id.to_string().as_str());
+			}
+			if let Some(uploaded_asset_id)=config.UploadedAssetID{
+				query_pairs.append_pair("UploadedAssetID",uploaded_asset_id.to_string().as_str());
+			}
+			if let Some(status_id)=config.StatusID{
+				query_pairs.append_pair("StatusID",(status_id as u8).to_string().as_str());
+			}
+		}
+
+		response_ok(
+			self.0.get(url).await.map_err(Error::Reqwest)?
+		).await.map_err(Error::Response)?
+		.json().await.map_err(Error::ReqwestJson)
+	}
+	pub async fn get_maps(&self,config:GetMapsRequest<'_>)->Result<Vec<MapResponse>,Error>{
+		let url_raw=format!("{}/maps",self.0.base_url);
+		let mut url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
+
+		{
+			let mut query_pairs=url.query_pairs_mut();
+			query_pairs.append_pair("Page",config.Page.to_string().as_str());
+			query_pairs.append_pair("Limit",config.Limit.to_string().as_str());
+			if let Some(sort)=config.Sort{
+				query_pairs.append_pair("Sort",(sort as u8).to_string().as_str());
+			}
+			if let Some(display_name)=config.DisplayName{
+				query_pairs.append_pair("DisplayName",display_name);
+			}
+			if let Some(creator)=config.Creator{
+				query_pairs.append_pair("Creator",creator);
+			}
+			if let Some(game_id)=config.GameID{
+				query_pairs.append_pair("GameID",(game_id as u8).to_string().as_str());
+			}
+		}
+
+		response_ok(
+			self.0.get(url).await.map_err(Error::Reqwest)?
+		).await.map_err(Error::Response)?
+		.json().await.map_err(Error::ReqwestJson)
+	}
+	pub async fn release_submissions(&self,config:ReleaseRequest<'_>)->Result<(),Error>{
+		let url_raw=format!("{}/release-submissions",self.0.base_url);
+		let url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
+
+		let body=serde_json::to_string(config.schedule).map_err(Error::JSON)?;
+
+		response_ok(
+			self.0.post(url,body).await.map_err(Error::Reqwest)?
+		).await.map_err(Error::Response)?;
+
 		Ok(())
 	}
 }

validation/api/src/internal.rs

@@ -22,7 +22,7 @@ macro_rules! query_pairs{
 macro_rules! action{
 	($system:expr,$fname:ident,$config:ident,$config_type:ident,$action:expr,$config_submission_id:expr,$(($param:expr,$value:expr))*)=>{
 		pub async fn $fname(&self,$config:$config_type)->Result<(),Error>{
-			let url_raw=format!(concat!("{}/",$system,"/{}/status/",$action),self.0.base_url,$config_submission_id);
+			let url_raw=format!(concat!("{}/",$system,"/{}/",$action),self.0.base_url,$config_submission_id);
 			let url=query_pairs!(reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?,$(($param,$value))*);
 
 			response_ok(
@@ -46,7 +46,7 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
-	pub async fn get_scripts<'a>(&self,config:GetScriptsRequest<'a>)->Result<Vec<ScriptResponse>,Error>{
+	pub async fn get_scripts(&self,config:GetScriptsRequest<'_>)->Result<Vec<ScriptResponse>,Error>{
 		let url_raw=format!("{}/scripts",self.0.base_url);
 		let mut url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
 
@@ -66,7 +66,7 @@ impl Context{
 			if let Some(resource_type)=config.ResourceType{
 				query_pairs.append_pair("ResourceType",(resource_type as i32).to_string().as_str());
 			}
-			if let Some(resource_id)=config.ResourceID{
+			if let Some(ResourceID(resource_id))=config.ResourceID{
 				query_pairs.append_pair("ResourceID",resource_id.to_string().as_str());
 			}
 		}
@@ -76,7 +76,7 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
-	pub async fn get_script_from_hash<'a>(&self,config:HashRequest<'a>)->Result<Option<ScriptResponse>,SingleItemError>{
+	pub async fn get_script_from_hash(&self,config:HashRequest<'_>)->Result<Option<ScriptResponse>,ScriptSingleItemError>{
 		let scripts=self.get_scripts(GetScriptsRequest{
 			Page:1,
 			Limit:2,
@@ -87,11 +87,11 @@ impl Context{
 			ResourceID:None,
 		}).await.map_err(SingleItemError::Other)?;
 		if 1<scripts.len(){
-			return Err(SingleItemError::DuplicateItems);
+			return Err(SingleItemError::DuplicateItems(scripts.into_iter().map(|item|item.ID).collect()));
 		}
 		Ok(scripts.into_iter().next())
 	}
-	pub async fn create_script<'a>(&self,config:CreateScriptRequest<'a>)->Result<ScriptIDResponse,Error>{
+	pub async fn create_script(&self,config:CreateScriptRequest<'_>)->Result<ScriptIDResponse,Error>{
 		let url_raw=format!("{}/scripts",self.0.base_url);
 		let url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
 
@@ -102,7 +102,7 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
-	pub async fn get_script_policies<'a>(&self,config:GetScriptPoliciesRequest<'a>)->Result<Vec<ScriptPolicyResponse>,Error>{
+	pub async fn get_script_policies(&self,config:GetScriptPoliciesRequest<'_>)->Result<Vec<ScriptPolicyResponse>,Error>{
 		let url_raw=format!("{}/script-policy",self.0.base_url);
 		let mut url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
 
@@ -126,7 +126,7 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
-	pub async fn get_script_policy_from_hash<'a>(&self,config:HashRequest<'a>)->Result<Option<ScriptPolicyResponse>,SingleItemError>{
+	pub async fn get_script_policy_from_hash(&self,config:HashRequest<'_>)->Result<Option<ScriptPolicyResponse>,ScriptPolicySingleItemError>{
 		let policies=self.get_script_policies(GetScriptPoliciesRequest{
 			Page:1,
 			Limit:2,
@@ -135,7 +135,7 @@ impl Context{
 			Policy:None,
 		}).await.map_err(SingleItemError::Other)?;
 		if 1<policies.len(){
-			return Err(SingleItemError::DuplicateItems);
+			return Err(SingleItemError::DuplicateItems(policies.into_iter().map(|item|item.ID).collect()));
 		}
 		Ok(policies.into_iter().next())
 	}
@@ -150,7 +150,7 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
-	pub async fn create_submission<'a>(&self,config:CreateSubmissionRequest<'a>)->Result<SubmissionIDResponse,Error>{
+	pub async fn create_submission(&self,config:CreateSubmissionRequest<'_>)->Result<SubmissionIDResponse,Error>{
 		let url_raw=format!("{}/submissions",self.0.base_url);
 		let url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
 
@@ -161,19 +161,39 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
+	pub async fn create_submission_audit_check_list(&self,config:CreateSubmissionAuditCheckListRequest<'_>)->Result<(),Error>{
+		let url_raw=format!("{}/submissions/{}/checklist",self.0.base_url,config.SubmissionID.0);
+		let url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
+
+		let body=serde_json::to_string(&config.CheckList).map_err(Error::JSON)?;
+
+		response_ok(
+			self.0.post(url,body).await.map_err(Error::Reqwest)?
+		).await.map_err(Error::Response)?;
+
+		Ok(())
+	}
 	// simple submission endpoints
-	action!("submissions",action_submission_validated,config,SubmissionID,"validator-validated",config.0,);
-	action!("submissions",update_submission_validated_model,config,UpdateSubmissionModelRequest,"validated-model",config.SubmissionID,
+	action!("submissions",action_submission_request_changes,config,ActionSubmissionRequestChangesRequest,"status/validator-request-changes",config.SubmissionID.0,);
+	action!("submissions",action_submission_submitted,config,ActionSubmissionSubmittedRequest,"status/validator-submitted",config.SubmissionID.0,
+		("ModelVersion",config.ModelVersion.to_string().as_str())
+		("DisplayName",config.DisplayName.as_str())
+		("Creator",config.Creator.as_str())
+		("GameID",(config.GameID as u8).to_string().as_str())
+	);
+	action!("submissions",action_submission_validated,config,SubmissionID,"status/validator-validated",config.0,);
+	action!("submissions",update_submission_validated_model,config,UpdateSubmissionModelRequest,"validated-model",config.SubmissionID.0,
 		("ValidatedModelID",config.ModelID.to_string().as_str())
 		("ValidatedModelVersion",config.ModelVersion.to_string().as_str())
 	);
-	action!("submissions",action_submission_uploaded,config,ActionSubmissionUploadedRequest,"validator-uploaded",config.SubmissionID,
+	action!("submissions",action_submission_uploaded,config,ActionSubmissionUploadedRequest,"status/validator-uploaded",config.SubmissionID.0,
 		("UploadedAssetID",config.UploadedAssetID.to_string().as_str())
 	);
-	action!("submissions",action_submission_accepted,config,ActionSubmissionAcceptedRequest,"validator-failed",config.SubmissionID,
-		("StatusMessage",config.StatusMessage.as_str())
+	action!("submissions",action_submission_accepted,config,ActionSubmissionAcceptedRequest,"status/validator-failed",config.SubmissionID.0,);
+	action!("submissions",create_submission_audit_error,config,CreateSubmissionAuditErrorRequest,"error",config.SubmissionID.0,
+		("ErrorMessage",config.ErrorMessage.as_str())
 	);
-	pub async fn create_mapfix<'a>(&self,config:CreateMapfixRequest<'a>)->Result<MapfixIDResponse,Error>{
+	pub async fn create_mapfix(&self,config:CreateMapfixRequest<'_>)->Result<MapfixIDResponse,Error>{
 		let url_raw=format!("{}/mapfixes",self.0.base_url);
 		let url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
 
@@ -184,18 +204,38 @@ impl Context{
 		).await.map_err(Error::Response)?
 		.json().await.map_err(Error::ReqwestJson)
 	}
+	pub async fn create_mapfix_audit_check_list(&self,config:CreateMapfixAuditCheckListRequest<'_>)->Result<(),Error>{
+		let url_raw=format!("{}/mapfixes/{}/checklist",self.0.base_url,config.MapfixID.0);
+		let url=reqwest::Url::parse(url_raw.as_str()).map_err(Error::Parse)?;
+
+		let body=serde_json::to_string(&config.CheckList).map_err(Error::JSON)?;
+
+		response_ok(
+			self.0.post(url,body).await.map_err(Error::Reqwest)?
+		).await.map_err(Error::Response)?;
+
+		Ok(())
+	}
 	// simple mapfixes endpoints
-	action!("mapfixes",action_mapfix_validated,config,MapfixID,"validator-validated",config.0,);
-	action!("mapfixes",update_mapfix_validated_model,config,UpdateMapfixModelRequest,"validated-model",config.MapfixID,
+	action!("mapfixes",action_mapfix_request_changes,config,ActionMapfixRequestChangesRequest,"status/validator-request-changes",config.MapfixID.0,);
+	action!("mapfixes",action_mapfix_submitted,config,ActionMapfixSubmittedRequest,"status/validator-submitted",config.MapfixID.0,
+		("ModelVersion",config.ModelVersion.to_string().as_str())
+		("DisplayName",config.DisplayName.as_str())
+		("Creator",config.Creator.as_str())
+		("GameID",(config.GameID as u8).to_string().as_str())
+	);
+	action!("mapfixes",action_mapfix_validated,config,MapfixID,"status/validator-validated",config.0,);
+	action!("mapfixes",update_mapfix_validated_model,config,UpdateMapfixModelRequest,"validated-model",config.MapfixID.0,
 		("ValidatedModelID",config.ModelID.to_string().as_str())
 		("ValidatedModelVersion",config.ModelVersion.to_string().as_str())
 	);
-	action!("mapfixes",action_mapfix_uploaded,config,ActionMapfixUploadedRequest,"validator-uploaded",config.MapfixID,);
-	action!("mapfixes",action_mapfix_accepted,config,ActionMapfixAcceptedRequest,"validator-failed",config.MapfixID,
+	action!("mapfixes",action_mapfix_uploaded,config,ActionMapfixUploadedRequest,"status/validator-uploaded",config.MapfixID.0,);
+	action!("mapfixes",action_mapfix_accepted,config,ActionMapfixAcceptedRequest,"status/validator-failed",config.MapfixID.0,);
+	// simple operation endpoint
+	action!("operations",action_operation_failed,config,ActionOperationFailedRequest,"status/operation-failed",config.OperationID.0,
 		("StatusMessage",config.StatusMessage.as_str())
 	);
-	// simple operation endpoint
-	action!("operations",action_operation_failed,config,ActionOperationFailedRequest,"operation-failed",config.OperationID,
-		("StatusMessage",config.StatusMessage.as_str())
+	action!("mapfixes",create_mapfix_audit_error,config,CreateMapfixAuditErrorRequest,"error",config.MapfixID.0,
+		("ErrorMessage",config.ErrorMessage.as_str())
 	);
 }

validation/api/src/types.rs

@@ -14,21 +14,25 @@ impl std::fmt::Display for Error{
 impl std::error::Error for Error{}
 
 #[derive(Debug)]
-pub enum SingleItemError{
-	DuplicateItems,
+pub enum SingleItemError<Items>{
+	DuplicateItems(Items),
 	Other(Error),
 }
-impl std::fmt::Display for SingleItemError{
+impl<Items> std::fmt::Display for SingleItemError<Items>
+where
+	Items:std::fmt::Debug
+{
 	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
 		write!(f,"{self:?}")
 	}
 }
-impl std::error::Error for SingleItemError{}
+impl<Items> std::error::Error for SingleItemError<Items> where Items:std::fmt::Debug{}
+pub type ScriptSingleItemError=SingleItemError<Vec<ScriptID>>;
+pub type ScriptPolicySingleItemError=SingleItemError<Vec<ScriptPolicyID>>;
 
 #[allow(dead_code)]
 #[derive(Debug)]
-pub struct StatusCodeWithUrlAndBody{
-	pub status_code:reqwest::StatusCode,
+pub struct UrlAndBody{
 	pub url:url::Url,
 	pub body:String,
 }
@@ -36,7 +40,10 @@ pub struct StatusCodeWithUrlAndBody{
 #[derive(Debug)]
 pub enum ResponseError{
 	Reqwest(reqwest::Error),
-	StatusCodeWithUrlAndBody(StatusCodeWithUrlAndBody),
+	Details{
+		status_code:reqwest::StatusCode,
+		url_and_body:Box<UrlAndBody>,
+	},
 }
 impl std::fmt::Display for ResponseError{
 	fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
@@ -53,26 +60,34 @@ pub async fn response_ok(response:reqwest::Response)->Result<reqwest::Response,R
 		let url=response.url().to_owned();
 		let bytes=response.bytes().await.map_err(ResponseError::Reqwest)?;
 		let body=String::from_utf8_lossy(&bytes).to_string();
-		Err(ResponseError::StatusCodeWithUrlAndBody(StatusCodeWithUrlAndBody{
+		Err(ResponseError::Details{
 			status_code,
-			url,
-			body,
-		}))
+			url_and_body:Box::new(UrlAndBody{url,body})
+		})
 	}
 }
 
+#[derive(Clone,Copy,Debug,Hash,Eq,PartialEq,Ord,PartialOrd,serde_repr::Serialize_repr,serde_repr::Deserialize_repr)]
+#[repr(u8)]
+pub enum GameID{
+	Bhop=1,
+	Surf=2,
+	KreedzClimb=3,
+	FlyTrials=5,
+}
 
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug,serde::Serialize)]
 pub struct CreateMapfixRequest<'a>{
-	pub OperationID:i32,
+	pub OperationID:OperationID,
 	pub AssetOwner:i64,
 	pub DisplayName:&'a str,
 	pub Creator:&'a str,
-	pub GameID:i32,
+	pub GameID:GameID,
 	pub AssetID:u64,
 	pub AssetVersion:u64,
 	pub TargetAssetID:u64,
+	pub Description:&'a str,
 }
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug,serde::Deserialize)]
@@ -83,13 +98,15 @@ pub struct MapfixIDResponse{
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug,serde::Serialize)]
 pub struct CreateSubmissionRequest<'a>{
-	pub OperationID:i32,
+	pub OperationID:OperationID,
 	pub AssetOwner:i64,
 	pub DisplayName:&'a str,
 	pub Creator:&'a str,
-	pub GameID:i32,
+	pub GameID:GameID,
 	pub AssetID:u64,
 	pub AssetVersion:u64,
+	pub Status:u32,
+	pub Roles:u32,
 }
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug,serde::Deserialize)]
@@ -128,7 +145,7 @@ pub struct GetScriptsRequest<'a>{
 	#[serde(skip_serializing_if="Option::is_none")]
 	pub ResourceType:Option<ResourceType>,
 	#[serde(skip_serializing_if="Option::is_none")]
-	pub ResourceID:Option<i64>,
+	pub ResourceID:Option<ResourceID>,
 }
 #[derive(Clone,Copy,Debug)]
 pub struct HashRequest<'a>{
@@ -142,7 +159,7 @@ pub struct ScriptResponse{
 	pub Hash:String,
 	pub Source:String,
 	pub ResourceType:ResourceType,
-	pub ResourceID:i64,
+	pub ResourceID:ResourceID,
 }
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug,serde::Serialize)]
@@ -151,7 +168,7 @@ pub struct CreateScriptRequest<'a>{
 	pub Source:&'a str,
 	pub ResourceType:ResourceType,
 	#[serde(skip_serializing_if="Option::is_none")]
-	pub ResourceID:Option<i64>,
+	pub ResourceID:Option<ResourceID>,
 }
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug,serde::Deserialize)]
@@ -169,6 +186,10 @@ pub enum Policy{
 	Replace=4,
 }
 
+#[allow(nonstandard_style)]
+pub struct GetScriptPolicyRequest{
+	pub ScriptPolicyID:ScriptPolicyID,
+}
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug,serde::Serialize)]
 pub struct GetScriptPoliciesRequest<'a>{
@@ -217,55 +238,243 @@ pub struct UpdateScriptPolicyRequest{
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug)]
 pub struct UpdateSubmissionModelRequest{
-	pub SubmissionID:i64,
+	pub SubmissionID:SubmissionID,
 	pub ModelID:u64,
 	pub ModelVersion:u64,
 }
 
+#[derive(Clone,Debug)]
+pub enum Sort{
+	Disabled=0,
+	DisplayNameAscending=1,
+	DisplayNameDescending=2,
+	DateAscending=3,
+	DateDescending=4,
+}
+
+#[derive(Clone,Debug,serde_repr::Deserialize_repr)]
+#[repr(u8)]
+pub enum SubmissionStatus{
+	// Phase: Creation
+	UnderConstruction=0,
+	ChangesRequested=1,
+
+	// Phase: Review
+	Submitting=2,
+	Submitted=3,
+
+	// Phase: Testing
+	AcceptedUnvalidated=4, // pending script review, can re-trigger validation
+	Validating=5,
+	Validated=6,
+	Uploading=7,
+	Uploaded=8, // uploaded to the group, but pending release
+
+	// Phase: Final SubmissionStatus
+	Rejected=9,
+	Released=10,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct GetSubmissionsRequest<'a>{
+	pub Page:u32,
+	pub Limit:u32,
+	pub Sort:Option<Sort>,
+	pub DisplayName:Option<&'a str>,
+	pub Creator:Option<&'a str>,
+	pub GameID:Option<GameID>,
+	pub Submitter:Option<u64>,
+	pub AssetID:Option<u64>,
+	pub UploadedAssetID:Option<u64>,
+	pub StatusID:Option<SubmissionStatus>,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug,serde::Deserialize)]
+pub struct SubmissionResponse{
+	pub ID:SubmissionID,
+	pub DisplayName:String,
+	pub Creator:String,
+	pub GameID:GameID,
+	pub CreatedAt:i64,
+	pub UpdatedAt:i64,
+	pub Submitter:u64,
+	pub AssetID:u64,
+	pub AssetVersion:u64,
+	pub UploadedAssetID:u64,
+	pub StatusID:SubmissionStatus,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug,serde::Deserialize)]
+pub struct SubmissionsResponse{
+	pub Total:u64,
+	pub Submissions:Vec<SubmissionResponse>,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct GetMapsRequest<'a>{
+	pub Page:u32,
+	pub Limit:u32,
+	pub Sort:Option<Sort>,
+	pub DisplayName:Option<&'a str>,
+	pub Creator:Option<&'a str>,
+	pub GameID:Option<GameID>,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug,serde::Deserialize)]
+pub struct MapResponse{
+	pub ID:i64,
+	pub DisplayName:String,
+	pub Creator:String,
+	pub GameID:GameID,
+	pub Date:i64,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug,serde::Serialize)]
+pub struct Check{
+	pub Name:&'static str,
+	pub Summary:String,
+	pub Passed:bool,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct ActionSubmissionSubmittedRequest{
+	pub SubmissionID:SubmissionID,
+	pub ModelVersion:u64,
+	pub DisplayName:String,
+	pub Creator:String,
+	pub GameID:GameID,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct ActionSubmissionRequestChangesRequest{
+	pub SubmissionID:SubmissionID,
+}
+
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug)]
 pub struct ActionSubmissionUploadedRequest{
-	pub SubmissionID:i64,
+	pub SubmissionID:SubmissionID,
 	pub UploadedAssetID:u64,
 }
 
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug)]
 pub struct ActionSubmissionAcceptedRequest{
-	pub SubmissionID:i64,
-	pub StatusMessage:String,
+	pub SubmissionID:SubmissionID,
 }
 
-#[derive(Clone,Copy,Debug,serde::Deserialize)]
-pub struct SubmissionID(pub i64);
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct CreateSubmissionAuditErrorRequest{
+	pub SubmissionID:SubmissionID,
+	pub ErrorMessage:String,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct CreateSubmissionAuditCheckListRequest<'a>{
+	pub SubmissionID:SubmissionID,
+	pub CheckList:&'a [Check],
+}
+
+#[derive(Clone,Copy,Debug,serde::Serialize,serde::Deserialize)]
+pub struct SubmissionID(pub(crate)i64);
 
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug)]
 pub struct UpdateMapfixModelRequest{
-	pub MapfixID:i64,
+	pub MapfixID:MapfixID,
 	pub ModelID:u64,
 	pub ModelVersion:u64,
 }
 
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct ActionMapfixSubmittedRequest{
+	pub MapfixID:MapfixID,
+	pub ModelVersion:u64,
+	pub DisplayName:String,
+	pub Creator:String,
+	pub GameID:GameID,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct ActionMapfixRequestChangesRequest{
+	pub MapfixID:MapfixID,
+}
+
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug)]
 pub struct ActionMapfixUploadedRequest{
-	pub MapfixID:i64,
+	pub MapfixID:MapfixID,
 }
 
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug)]
 pub struct ActionMapfixAcceptedRequest{
-	pub MapfixID:i64,
-	pub StatusMessage:String,
+	pub MapfixID:MapfixID,
 }
 
-#[derive(Clone,Copy,Debug,serde::Deserialize)]
-pub struct MapfixID(pub i64);
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct CreateMapfixAuditErrorRequest{
+	pub MapfixID:MapfixID,
+	pub ErrorMessage:String,
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug)]
+pub struct CreateMapfixAuditCheckListRequest<'a>{
+	pub MapfixID:MapfixID,
+	pub CheckList:&'a [Check],
+}
+
+#[derive(Clone,Copy,Debug,serde::Serialize,serde::Deserialize)]
+pub struct MapfixID(pub(crate)i64);
 
 #[allow(nonstandard_style)]
 #[derive(Clone,Debug)]
 pub struct ActionOperationFailedRequest{
-	pub OperationID:i32,
+	pub OperationID:OperationID,
 	pub StatusMessage:String,
 }
+
+#[derive(Clone,Copy,Debug,serde::Serialize,serde::Deserialize)]
+pub struct OperationID(pub(crate)i64);
+
+#[derive(Clone,Copy,Debug,serde::Serialize,serde::Deserialize)]
+pub struct ResourceID(pub(crate)i64);
+
+#[derive(Clone,Copy,Debug)]
+pub enum Resource{
+	Submission(SubmissionID),
+	Mapfix(MapfixID),
+}
+impl Resource{
+	pub fn split(self)->(ResourceType,ResourceID){
+		match self{
+			Resource::Mapfix(MapfixID(mapfix_id))=>(ResourceType::Mapfix,ResourceID(mapfix_id)),
+			Resource::Submission(SubmissionID(submission_id))=>(ResourceType::Submission,ResourceID(submission_id)),
+		}
+	}
+}
+
+#[allow(nonstandard_style)]
+#[derive(Clone,Debug,serde::Serialize)]
+pub struct ReleaseInfo{
+	pub SubmissionID:SubmissionID,
+	pub Date:chrono::DateTime<chrono::Utc>,
+}
+
+pub struct ReleaseRequest<'a>{
+	pub schedule:&'a [ReleaseInfo],
+}

validation/src/check.rs

@@ -0,0 +1,863 @@
+use std::collections::{HashSet,HashMap};
+use crate::download::download_asset_version;
+use crate::rbx_util::{get_mapinfo,get_root_instance,read_dom,ReadDomError,GameID,ParseGameIDError,MapInfo,GetRootInstanceError,StringValueError};
+
+use heck::{ToSnakeCase,ToTitleCase};
+use submissions_api::types::Check;
+
+#[allow(dead_code)]
+#[derive(Debug)]
+pub enum Error{
+	ModelInfoDownload(rbx_asset::cloud::GetError),
+	CreatorTypeMustBeUser,
+	Download(crate::download::Error),
+	ModelFileDecode(ReadDomError),
+	GetRootInstance(GetRootInstanceError),
+	IntoMapInfoOwned(IntoMapInfoOwnedError),
+	ToJsonValue(serde_json::Error),
+}
+impl std::fmt::Display for Error{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		write!(f,"{self:?}")
+	}
+}
+impl std::error::Error for Error{}
+
+#[allow(nonstandard_style)]
+pub struct CheckRequest{
+	ModelID:u64,
+	SkipChecks:bool,
+}
+
+impl From<crate::nats_types::CheckMapfixRequest> for CheckRequest{
+	fn from(value:crate::nats_types::CheckMapfixRequest)->Self{
+		Self{
+			ModelID:value.ModelID,
+			SkipChecks:value.SkipChecks,
+		}
+	}
+}
+impl From<crate::nats_types::CheckSubmissionRequest> for CheckRequest{
+	fn from(value:crate::nats_types::CheckSubmissionRequest)->Self{
+		Self{
+			ModelID:value.ModelID,
+			SkipChecks:value.SkipChecks,
+		}
+	}
+}
+
+#[derive(Clone,Copy,Debug,Hash,Eq,PartialEq)]
+struct ModeID(u64);
+impl ModeID{
+	const MAIN:Self=Self(0);
+	const BONUS:Self=Self(1);
+}
+enum Zone{
+	Start,
+	Finish,
+	Anticheat,
+}
+struct ModeElement{
+	zone:Zone,
+	mode_id:ModeID,
+}
+#[allow(dead_code)]
+pub enum IDParseError{
+	NoCaptures,
+	ParseInt(core::num::ParseIntError),
+}
+// Parse a Zone from a part name
+impl std::str::FromStr for ModeElement{
+	type Err=IDParseError;
+	fn from_str(s:&str)->Result<Self,Self::Err>{
+		match s{
+			"MapStart"=>Ok(Self{zone:Zone::Start,mode_id:ModeID::MAIN}),
+			"MapFinish"=>Ok(Self{zone:Zone::Finish,mode_id:ModeID::MAIN}),
+			"MapAnticheat"=>Ok(Self{zone:Zone::Anticheat,mode_id:ModeID::MAIN}),
+			"BonusStart"=>Ok(Self{zone:Zone::Start,mode_id:ModeID::BONUS}),
+			"BonusFinish"=>Ok(Self{zone:Zone::Finish,mode_id:ModeID::BONUS}),
+			"BonusAnticheat"=>Ok(Self{zone:Zone::Anticheat,mode_id:ModeID::BONUS}),
+			other=>{
+				let everything_pattern=lazy_regex::lazy_regex!(r"^Bonus(\d+)Start$|^BonusStart(\d+)$|^Bonus(\d+)Finish$|^BonusFinish(\d+)$|^Bonus(\d+)Anticheat$|^BonusAnticheat(\d+)$");
+				if let Some(captures)=everything_pattern.captures(other){
+					if let Some(mode_id)=captures.get(1).or(captures.get(2)){
+						return Ok(Self{
+							zone:Zone::Start,
+							mode_id:ModeID(mode_id.as_str().parse().map_err(IDParseError::ParseInt)?),
+						});
+					}
+					if let Some(mode_id)=captures.get(3).or(captures.get(4)){
+						return Ok(Self{
+							zone:Zone::Finish,
+							mode_id:ModeID(mode_id.as_str().parse().map_err(IDParseError::ParseInt)?),
+						});
+					}
+					if let Some(mode_id)=captures.get(5).or(captures.get(6)){
+						return Ok(Self{
+							zone:Zone::Anticheat,
+							mode_id:ModeID(mode_id.as_str().parse().map_err(IDParseError::ParseInt)?),
+						});
+					}
+				}
+				Err(IDParseError::NoCaptures)
+			}
+		}
+	}
+}
+impl std::fmt::Display for ModeElement{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		match self{
+			ModeElement{zone:Zone::Start,mode_id:ModeID::MAIN}=>write!(f,"MapStart"),
+			ModeElement{zone:Zone::Start,mode_id:ModeID::BONUS}=>write!(f,"BonusStart"),
+			ModeElement{zone:Zone::Start,mode_id:ModeID(mode_id)}=>write!(f,"Bonus{mode_id}Start"),
+			ModeElement{zone:Zone::Finish,mode_id:ModeID::MAIN}=>write!(f,"MapFinish"),
+			ModeElement{zone:Zone::Finish,mode_id:ModeID::BONUS}=>write!(f,"BonusFinish"),
+			ModeElement{zone:Zone::Finish,mode_id:ModeID(mode_id)}=>write!(f,"Bonus{mode_id}Finish"),
+			ModeElement{zone:Zone::Anticheat,mode_id:ModeID::MAIN}=>write!(f,"MapAnticheat"),
+			ModeElement{zone:Zone::Anticheat,mode_id:ModeID::BONUS}=>write!(f,"BonusAnticheat"),
+			ModeElement{zone:Zone::Anticheat,mode_id:ModeID(mode_id)}=>write!(f,"Bonus{mode_id}Anticheat"),
+		}
+	}
+}
+
+#[derive(Clone,Copy,Debug,Hash,Eq,PartialEq)]
+struct StageID(u64);
+impl StageID{
+	const FIRST:Self=Self(1);
+}
+enum StageElementBehaviour{
+	Teleport,
+	Spawn,
+}
+struct StageElement{
+	stage_id:StageID,
+	behaviour:StageElementBehaviour,
+}
+// Parse a SpawnTeleport from a part name
+impl std::str::FromStr for StageElement{
+	type Err=IDParseError;
+	fn from_str(s:&str)->Result<Self,Self::Err>{
+		// Trigger ForceTrigger Teleport ForceTeleport SpawnAt ForceSpawnAt
+		let bonus_start_pattern=lazy_regex::lazy_regex!(r"^(?:Force)?(Teleport|SpawnAt|Trigger)(\d+)$");
+		if let Some(captures)=bonus_start_pattern.captures(s){
+			return Ok(StageElement{
+				behaviour:StageElementBehaviour::Teleport,
+				stage_id:StageID(captures[1].parse().map_err(IDParseError::ParseInt)?),
+			});
+		}
+		// Spawn
+		let bonus_finish_pattern=lazy_regex::lazy_regex!(r"^Spawn(\d+)$");
+		if let Some(captures)=bonus_finish_pattern.captures(s){
+			return Ok(StageElement{
+				behaviour:StageElementBehaviour::Spawn,
+				stage_id:StageID(captures[1].parse().map_err(IDParseError::ParseInt)?),
+			});
+		}
+		Err(IDParseError::NoCaptures)
+	}
+}
+impl std::fmt::Display for StageElement{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		match self{
+			StageElement{behaviour:StageElementBehaviour::Spawn,stage_id:StageID(stage_id)}=>write!(f,"Spawn{stage_id}"),
+			StageElement{behaviour:StageElementBehaviour::Teleport,stage_id:StageID(stage_id)}=>write!(f,"Teleport{stage_id}"),
+		}
+	}
+}
+
+#[derive(Clone,Copy,Debug,Hash,Eq,PartialEq)]
+struct WormholeID(u64);
+enum WormholeBehaviour{
+	In,
+	Out,
+}
+struct WormholeElement{
+	behaviour:WormholeBehaviour,
+	wormhole_id:WormholeID,
+}
+// Parse a Wormhole from a part name
+impl std::str::FromStr for WormholeElement{
+	type Err=IDParseError;
+	fn from_str(s:&str)->Result<Self,Self::Err>{
+		let bonus_start_pattern=lazy_regex::lazy_regex!(r"^WormholeIn(\d+)$");
+		if let Some(captures)=bonus_start_pattern.captures(s){
+			return Ok(Self{
+				behaviour:WormholeBehaviour::In,
+				wormhole_id:WormholeID(captures[1].parse().map_err(IDParseError::ParseInt)?),
+			});
+		}
+		let bonus_finish_pattern=lazy_regex::lazy_regex!(r"^WormholeOut(\d+)$");
+		if let Some(captures)=bonus_finish_pattern.captures(s){
+			return Ok(Self{
+				behaviour:WormholeBehaviour::Out,
+				wormhole_id:WormholeID(captures[1].parse().map_err(IDParseError::ParseInt)?),
+			});
+		}
+		Err(IDParseError::NoCaptures)
+	}
+}
+impl std::fmt::Display for WormholeElement{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		match self{
+			WormholeElement{behaviour:WormholeBehaviour::In,wormhole_id:WormholeID(wormhole_id)}=>write!(f,"WormholeIn{wormhole_id}"),
+			WormholeElement{behaviour:WormholeBehaviour::Out,wormhole_id:WormholeID(wormhole_id)}=>write!(f,"WormholeOut{wormhole_id}"),
+		}
+	}
+}
+
+/// Count various map elements
+#[derive(Default)]
+struct Counts<'a>{
+	mode_start_counts:HashMap<ModeID,Vec<&'a str>>,
+	mode_finish_counts:HashMap<ModeID,Vec<&'a str>>,
+	mode_anticheat_counts:HashMap<ModeID,Vec<&'a str>>,
+	teleport_counts:HashMap<StageID,Vec<&'a str>>,
+	spawn_counts:HashMap<StageID,u64>,
+	wormhole_in_counts:HashMap<WormholeID,u64>,
+	wormhole_out_counts:HashMap<WormholeID,u64>,
+}
+
+pub struct ModelInfo<'a>{
+	model_class:&'a str,
+	model_name:&'a str,
+	map_info:MapInfo<'a>,
+	counts:Counts<'a>,
+}
+
+pub fn get_model_info<'a>(dom:&'a rbx_dom_weak::WeakDom,model_instance:&'a rbx_dom_weak::Instance)->ModelInfo<'a>{
+	// extract model info
+	let map_info=get_mapinfo(dom,model_instance);
+
+	// count objects (default count is 0)
+	let mut counts=Counts::default();
+
+	let db=rbx_reflection_database::get();
+	let base_part=&db.classes["BasePart"];
+	let base_parts=dom.descendants_of(model_instance.referent()).filter(|&instance|
+		db.classes.get(instance.class.as_str()).is_some_and(|class|
+			db.has_superclass(class,base_part)
+		)
+	);
+	for instance in base_parts{
+		// Zones
+		match instance.name.parse(){
+			Ok(ModeElement{zone:Zone::Start,mode_id})=>counts.mode_start_counts.entry(mode_id).or_default().push(instance.name.as_str()),
+			Ok(ModeElement{zone:Zone::Finish,mode_id})=>counts.mode_finish_counts.entry(mode_id).or_default().push(instance.name.as_str()),
+			Ok(ModeElement{zone:Zone::Anticheat,mode_id})=>counts.mode_anticheat_counts.entry(mode_id).or_default().push(instance.name.as_str()),
+			Err(_)=>(),
+		}
+		// Spawns & Teleports
+		match instance.name.parse(){
+			Ok(StageElement{behaviour:StageElementBehaviour::Teleport,stage_id})=>counts.teleport_counts.entry(stage_id).or_default().push(instance.name.as_str()),
+			Ok(StageElement{behaviour:StageElementBehaviour::Spawn,stage_id})=>*counts.spawn_counts.entry(stage_id).or_insert(0)+=1,
+			Err(_)=>(),
+		}
+		// Wormholes
+		match instance.name.parse(){
+			Ok(WormholeElement{behaviour:WormholeBehaviour::In,wormhole_id})=>*counts.wormhole_in_counts.entry(wormhole_id).or_insert(0)+=1,
+			Ok(WormholeElement{behaviour:WormholeBehaviour::Out,wormhole_id})=>*counts.wormhole_out_counts.entry(wormhole_id).or_insert(0)+=1,
+			Err(_)=>(),
+		}
+	}
+
+	ModelInfo{
+		model_class:model_instance.class.as_str(),
+		model_name:model_instance.name.as_str(),
+		map_info,
+		counts,
+	}
+}
+
+// check if an observed string matches an expected string
+pub struct StringCheck<'a,T,Str>(Result<T,StringCheckContext<'a,Str>>);
+pub struct StringCheckContext<'a,Str>{
+	observed:&'a str,
+	expected:Str,
+}
+impl<'a,Str> StringCheckContext<'a,Str>
+	where
+		&'a str:PartialEq<Str>,
+{
+	/// Compute the StringCheck, passing through the provided value on success.
+	fn check<T>(self,value:T)->StringCheck<'a,T,Str>{
+		if self.observed==self.expected{
+			StringCheck(Ok(value))
+		}else{
+			StringCheck(Err(self))
+		}
+	}
+}
+impl<Str:std::fmt::Display> std::fmt::Display for StringCheckContext<'_,Str>{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		write!(f,"expected: {}, observed: {}",self.expected,self.observed)
+	}
+}
+
+// check if a string is empty
+pub struct StringEmpty;
+impl std::fmt::Display for StringEmpty{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		write!(f,"Empty string")
+	}
+}
+fn check_empty(value:&str)->Result<&str,StringEmpty>{
+	(!value.is_empty()).then_some(value).ok_or(StringEmpty)
+}
+
+// check for duplicate objects
+pub struct DuplicateCheckContext<ID,T>(HashMap<ID,T>);
+pub struct DuplicateCheck<ID,T>(Result<(),DuplicateCheckContext<ID,T>>);
+impl<ID,T> DuplicateCheckContext<ID,T>{
+	/// Compute the DuplicateCheck using the contents predicate.
+	fn check(self,f:impl Fn(&T)->bool)->DuplicateCheck<ID,T>{
+		let Self(mut set)=self;
+		// remove correct entries
+		set.retain(|_,c|f(c));
+		// if any entries remain, they are incorrect
+		if set.is_empty(){
+			DuplicateCheck(Ok(()))
+		}else{
+			DuplicateCheck(Err(Self(set)))
+		}
+	}
+}
+
+// Check that there are no items which do not have a matching item in a reference set
+pub struct SetDifferenceCheckContextAllowNone<ID,T>{
+	extra:HashMap<ID,T>,
+}
+// Check that there is at least one matching item for each item in a reference set, and no extra items
+pub struct SetDifferenceCheckContextAtLeastOne<ID,T>{
+	extra:HashMap<ID,T>,
+	missing:HashSet<ID>,
+}
+pub struct SetDifferenceCheck<Context>(Result<(),Context>);
+impl<ID,T> SetDifferenceCheckContextAllowNone<ID,T>{
+	fn new(initial_set:HashMap<ID,T>)->Self{
+		Self{
+			extra:initial_set,
+		}
+	}
+}
+impl<ID:Eq+std::hash::Hash,T> SetDifferenceCheckContextAllowNone<ID,T>{
+	/// Compute the SetDifferenceCheck result for the specified reference set.
+	fn check<U>(mut self,reference_set:&HashMap<ID,U>)->SetDifferenceCheck<Self>{
+		// remove correct entries
+		for id in reference_set.keys(){
+			self.extra.remove(id);
+		}
+		// if any entries remain, they are incorrect
+		if self.extra.is_empty(){
+			SetDifferenceCheck(Ok(()))
+		}else{
+			SetDifferenceCheck(Err(self))
+		}
+	}
+}
+impl<ID,T> SetDifferenceCheckContextAtLeastOne<ID,T>{
+	fn new(initial_set:HashMap<ID,T>)->Self{
+		Self{
+			extra:initial_set,
+			missing:HashSet::new(),
+		}
+	}
+}
+impl<ID:Copy+Eq+std::hash::Hash,T> SetDifferenceCheckContextAtLeastOne<ID,T>{
+	/// Compute the SetDifferenceCheck result for the specified reference set.
+	fn check<U>(mut self,reference_set:&HashMap<ID,U>)->SetDifferenceCheck<Self>{
+		// remove correct entries
+		for id in reference_set.keys(){
+			if self.extra.remove(id).is_none(){
+				// the set did not contain a required item.  This is a fail
+				self.missing.insert(*id);
+			}
+		}
+		// if any entries remain, they are incorrect
+		if self.extra.is_empty()&&self.missing.is_empty(){
+			SetDifferenceCheck(Ok(()))
+		}else{
+			SetDifferenceCheck(Err(self))
+		}
+	}
+}
+
+/// Info lifted out of a fully compliant map
+pub struct MapInfoOwned{
+	pub display_name:String,
+	pub creator:String,
+	pub game_id:GameID,
+}
+#[allow(dead_code)]
+#[derive(Debug)]
+pub enum IntoMapInfoOwnedError{
+	DisplayName(StringValueError),
+	Creator(StringValueError),
+	GameID(ParseGameIDError),
+}
+impl TryFrom<MapInfo<'_>> for MapInfoOwned{
+	type Error=IntoMapInfoOwnedError;
+	fn try_from(value:MapInfo<'_>)->Result<Self,Self::Error>{
+		Ok(Self{
+			display_name:value.display_name.map_err(IntoMapInfoOwnedError::DisplayName)?.to_owned(),
+			creator:value.creator.map_err(IntoMapInfoOwnedError::Creator)?.to_owned(),
+			game_id:value.game_id.map_err(IntoMapInfoOwnedError::GameID)?,
+		})
+	}
+}
+
+// Named dummy types for readability
+struct Exists;
+struct Absent;
+
+/// The result of every map check.
+struct MapCheck<'a>{
+	// === METADATA CHECKS ===
+	// The root must be of class Model
+	model_class:StringCheck<'a,(),&'static str>,
+	// Model's name must be in snake case
+	model_name:StringCheck<'a,(),String>,
+	// Map must have a StringValue named DisplayName.
+	// Value must not be empty, must be in title case.
+	display_name:Result<Result<StringCheck<'a,&'a str,String>,StringEmpty>,StringValueError>,
+	// Map must have a StringValue named Creator.
+	// Value must not be empty.
+	creator:Result<Result<&'a str,StringEmpty>,StringValueError>,
+	// The prefix of the model's name must match the game it was submitted for.
+	// bhop_ for bhop, and surf_ for surf
+	game_id:Result<GameID,ParseGameIDError>,
+
+	// === MODE CHECKS ===
+	// MapStart must exist
+	mapstart:Result<Exists,Absent>,
+	// No duplicate map starts (including bonuses)
+	mode_start_counts:DuplicateCheck<ModeID,Vec<&'a str>>,
+	// At least one finish zone for each start zone, and no finishes with no start
+	mode_finish_counts:SetDifferenceCheck<SetDifferenceCheckContextAtLeastOne<ModeID,Vec<&'a str>>>,
+	// Check for dangling MapAnticheat zones (no associated MapStart)
+	mode_anticheat_counts:SetDifferenceCheck<SetDifferenceCheckContextAllowNone<ModeID,Vec<&'a str>>>,
+	// Spawn1 must exist
+	spawn1:Result<Exists,Absent>,
+	// Check for dangling Teleport# (no associated Spawn#)
+	teleport_counts:SetDifferenceCheck<SetDifferenceCheckContextAllowNone<StageID,Vec<&'a str>>>,
+	// No duplicate Spawn#
+	spawn_counts:DuplicateCheck<StageID,u64>,
+	// Check for dangling WormholeIn# (no associated WormholeOut#)
+	wormhole_in_counts:SetDifferenceCheck<SetDifferenceCheckContextAtLeastOne<WormholeID,u64>>,
+	// No duplicate WormholeOut# (duplicate WormholeIn# ok)
+	// No dangling WormholeOut#
+	wormhole_out_counts:DuplicateCheck<WormholeID,u64>,
+}
+
+impl<'a> ModelInfo<'a>{
+	fn check(self)->MapCheck<'a>{
+		// Check class is exactly "Model"
+		let model_class=StringCheckContext{
+			observed:self.model_class,
+			expected:"Model",
+		}.check(());
+
+		// Check model name is snake case
+		let model_name=StringCheckContext{
+			observed:self.model_name,
+			expected:self.model_name.to_snake_case(),
+		}.check(());
+
+		// Check display name is not empty and has title case
+		let display_name=self.map_info.display_name.map(|display_name|{
+			check_empty(display_name).map(|display_name|StringCheckContext{
+				observed:display_name,
+				expected:display_name.to_title_case(),
+			}.check(display_name))
+		});
+
+		// Check Creator is not empty
+		let creator=self.map_info.creator.map(check_empty);
+
+		// Check GameID (model name was prefixed with bhop_ surf_ etc)
+		let game_id=self.map_info.game_id;
+
+		// MapStart must exist
+		let mapstart=if self.counts.mode_start_counts.contains_key(&ModeID::MAIN){
+			Ok(Exists)
+		}else{
+			Err(Absent)
+		};
+
+		// Spawn1 must exist
+		let spawn1=if self.counts.spawn_counts.contains_key(&StageID::FIRST){
+			Ok(Exists)
+		}else{
+			Err(Absent)
+		};
+
+		// Check that at least one finish zone exists for each start zone.
+		// This also checks that there are no finish zones without a corresponding start zone.
+		let mode_finish_counts=SetDifferenceCheckContextAtLeastOne::new(self.counts.mode_finish_counts)
+			.check(&self.counts.mode_start_counts);
+
+		// Check that there are no anticheat zones without a corresponding start zone.
+		// Modes are allowed to have 0 anticheat zones.
+		let mode_anticheat_counts=SetDifferenceCheckContextAllowNone::new(self.counts.mode_anticheat_counts)
+			.check(&self.counts.mode_start_counts);
+
+		// There must be exactly one start zone for every mode in the map.
+		let mode_start_counts=DuplicateCheckContext(self.counts.mode_start_counts).check(|c|1<c.len());
+
+		// Check that there are no Teleports without a corresponding Spawn.
+		// Spawns are allowed to have 0 Teleports.
+		let teleport_counts=SetDifferenceCheckContextAllowNone::new(self.counts.teleport_counts)
+			.check(&self.counts.spawn_counts);
+
+		// There must be exactly one of any perticular spawn id in the map.
+		let spawn_counts=DuplicateCheckContext(self.counts.spawn_counts).check(|&c|1<c);
+
+		// Check that at least one WormholeIn exists for each WormholeOut.
+		// This also checks that there are no WormholeIn without a corresponding WormholeOut.
+		let wormhole_in_counts=SetDifferenceCheckContextAtLeastOne::new(self.counts.wormhole_in_counts)
+			.check(&self.counts.wormhole_out_counts);
+
+		// There must be exactly one of any perticular wormhole out id in the map.
+		let wormhole_out_counts=DuplicateCheckContext(self.counts.wormhole_out_counts).check(|&c|1<c);
+
+		MapCheck{
+			model_class,
+			model_name,
+			display_name,
+			creator,
+			game_id,
+			mapstart,
+			mode_start_counts,
+			mode_finish_counts,
+			mode_anticheat_counts,
+			spawn1,
+			teleport_counts,
+			spawn_counts,
+			wormhole_in_counts,
+			wormhole_out_counts,
+		}
+	}
+}
+
+impl MapCheck<'_>{
+	fn result(self)->Result<MapInfoOwned,Result<MapCheckList,serde_json::Error>>{
+		match self{
+			MapCheck{
+				model_class:StringCheck(Ok(())),
+				model_name:StringCheck(Ok(())),
+				display_name:Ok(Ok(StringCheck(Ok(display_name)))),
+				creator:Ok(Ok(creator)),
+				game_id:Ok(game_id),
+				mapstart:Ok(Exists),
+				mode_start_counts:DuplicateCheck(Ok(())),
+				mode_finish_counts:SetDifferenceCheck(Ok(())),
+				mode_anticheat_counts:SetDifferenceCheck(Ok(())),
+				spawn1:Ok(Exists),
+				teleport_counts:SetDifferenceCheck(Ok(())),
+				spawn_counts:DuplicateCheck(Ok(())),
+				wormhole_in_counts:SetDifferenceCheck(Ok(())),
+				wormhole_out_counts:DuplicateCheck(Ok(())),
+			}=>{
+				Ok(MapInfoOwned{
+					display_name:display_name.to_owned(),
+					creator:creator.to_owned(),
+					game_id,
+				})
+			},
+			other=>Err(other.itemize()),
+		}
+	}
+}
+
+struct Separated<F>{
+	f:F,
+	separator:&'static str,
+}
+impl<F> Separated<F>{
+	fn new(separator:&'static str,f:F)->Self{
+		Self{separator,f}
+	}
+}
+impl<F,I,D> std::fmt::Display for Separated<F>
+	where
+		D:std::fmt::Display,
+		I:IntoIterator<Item=D>,
+		F:Fn()->I,
+{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		let mut it=(self.f)().into_iter();
+		if let Some(first)=it.next(){
+			write!(f,"{first}")?;
+			for item in it{
+				write!(f,"{}{item}",self.separator)?;
+			}
+		}
+		Ok(())
+	}
+}
+
+struct Duplicates<D>{
+	display:D,
+	duplicates:usize,
+}
+impl<D> Duplicates<D>{
+	fn new(display:D,duplicates:usize)->Self{
+		Self{
+			display,
+			duplicates,
+		}
+	}
+}
+impl<D:std::fmt::Display> std::fmt::Display for Duplicates<D>{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		write!(f,"{} ({} duplicates)",self.display,self.duplicates)
+	}
+}
+
+
+macro_rules! passed{
+	($name:literal)=>{
+		Check{
+			Name:$name,
+			Summary:String::new(),
+			Passed:true,
+		}
+	}
+}
+macro_rules! summary{
+	($name:literal,$summary:expr)=>{
+		Check{
+			Name:$name,
+			Summary:$summary,
+			Passed:false,
+		}
+	};
+}
+macro_rules! summary_format{
+	($name:literal,$fmt:literal)=>{
+		Check{
+			Name:$name,
+			Summary:format!($fmt),
+			Passed:false,
+		}
+	};
+}
+
+// Generate an error message for each observed issue separated by newlines.
+// This defines MapCheck.to_string() which is used in MapCheck.result()
+impl MapCheck<'_>{
+	fn itemize(&self)->Result<MapCheckList,serde_json::Error>{
+		let model_class=match &self.model_class{
+			StringCheck(Ok(()))=>passed!("ModelClass"),
+			StringCheck(Err(context))=>summary_format!("ModelClass","Invalid model class: {context}"),
+		};
+		let model_name=match &self.model_name{
+			StringCheck(Ok(()))=>passed!("ModelName"),
+			StringCheck(Err(context))=>summary_format!("ModelName","Model name must have snake_case: {context}"),
+		};
+		let display_name=match &self.display_name{
+			Ok(Ok(StringCheck(Ok(_))))=>passed!("DisplayName"),
+			Ok(Ok(StringCheck(Err(context))))=>summary_format!("DisplayName","DisplayName must have Title Case: {context}"),
+			Ok(Err(context))=>summary_format!("DisplayName","Invalid DisplayName: {context}"),
+			Err(StringValueError::ObjectNotFound)=>summary!("DisplayName","Missing DisplayName StringValue".to_owned()),
+			Err(StringValueError::ValueNotSet)=>summary!("DisplayName","DisplayName Value not set".to_owned()),
+			Err(StringValueError::NonStringValue)=>summary!("DisplayName","DisplayName Value is not a String".to_owned()),
+		};
+		let creator=match &self.creator{
+			Ok(Ok(_))=>passed!("Creator"),
+			Ok(Err(context))=>summary_format!("Creator","Invalid Creator: {context}"),
+			Err(StringValueError::ObjectNotFound)=>summary!("Creator","Missing Creator StringValue".to_owned()),
+			Err(StringValueError::ValueNotSet)=>summary!("Creator","Creator Value not set".to_owned()),
+			Err(StringValueError::NonStringValue)=>summary!("Creator","Creator Value is not a String".to_owned()),
+		};
+		let game_id=match &self.game_id{
+			Ok(_)=>passed!("GameID"),
+			Err(ParseGameIDError)=>summary!("GameID","Model name must be prefixed with bhop_ surf_ or flytrials_".to_owned()),
+		};
+		let mapstart=match &self.mapstart{
+			Ok(Exists)=>passed!("MapStart"),
+			Err(Absent)=>summary_format!("MapStart","Model has no MapStart"),
+		};
+		let duplicate_start=match &self.mode_start_counts{
+			DuplicateCheck(Ok(()))=>passed!("DuplicateStart"),
+			DuplicateCheck(Err(DuplicateCheckContext(context)))=>{
+				let context=Separated::new(", ",||context.iter().map(|(&mode_id,names)|
+					Duplicates::new(ModeElement{zone:Zone::Start,mode_id},names.len())
+				));
+				summary_format!("DuplicateStart","Duplicate start zones: {context}")
+			}
+		};
+		let (extra_finish,missing_finish)=match &self.mode_finish_counts{
+			SetDifferenceCheck(Ok(()))=>(passed!("DanglingFinish"),passed!("MissingFinish")),
+			SetDifferenceCheck(Err(context))=>(
+				if context.extra.is_empty(){
+					passed!("DanglingFinish")
+				}else{
+					let plural=if context.extra.len()==1{"zone"}else{"zones"};
+					let context=Separated::new(", ",||context.extra.iter().map(|(&mode_id,_names)|
+						ModeElement{zone:Zone::Finish,mode_id}
+					));
+					summary_format!("DanglingFinish","No matching start zone for finish {plural}: {context}")
+				},
+				if context.missing.is_empty(){
+					passed!("MissingFinish")
+				}else{
+					let plural=if context.missing.len()==1{"zone"}else{"zones"};
+					let context=Separated::new(", ",||context.missing.iter().map(|&mode_id|
+						ModeElement{zone:Zone::Finish,mode_id}
+					));
+					summary_format!("MissingFinish","Missing finish {plural}: {context}")
+				}
+			),
+		};
+		let dangling_anticheat=match &self.mode_anticheat_counts{
+			SetDifferenceCheck(Ok(()))=>passed!("DanglingAnticheat"),
+			SetDifferenceCheck(Err(context))=>{
+				if context.extra.is_empty(){
+					passed!("DanglingAnticheat")
+				}else{
+					let plural=if context.extra.len()==1{"zone"}else{"zones"};
+					let context=Separated::new(", ",||context.extra.iter().map(|(&mode_id,_names)|
+						ModeElement{zone:Zone::Anticheat,mode_id}
+					));
+					summary_format!("DanglingAnticheat","No matching start zone for anticheat {plural}: {context}")
+				}
+			}
+		};
+		let spawn1=match &self.spawn1{
+			Ok(Exists)=>passed!("Spawn1"),
+			Err(Absent)=>summary_format!("Spawn1","Model has no Spawn1"),
+		};
+		let dangling_teleport=match &self.teleport_counts{
+			SetDifferenceCheck(Ok(()))=>passed!("DanglingTeleport"),
+			SetDifferenceCheck(Err(context))=>{
+				let unique_names:HashSet<_>=context.extra.values().flat_map(|names|names.iter().copied()).collect();
+				let plural=if unique_names.len()==1{"object"}else{"objects"};
+				let context=Separated::new(", ",||&unique_names);
+				summary_format!("DanglingTeleport","No matching Spawn for {plural}: {context}")
+			}
+		};
+		let duplicate_spawns=match &self.spawn_counts{
+			DuplicateCheck(Ok(()))=>passed!("DuplicateSpawn"),
+			DuplicateCheck(Err(DuplicateCheckContext(context)))=>{
+				let context=Separated::new(", ",||context.iter().map(|(&stage_id,&names)|
+					Duplicates::new(StageElement{behaviour:StageElementBehaviour::Spawn,stage_id},names as usize)
+				));
+				summary_format!("DuplicateSpawn","Duplicate Spawn: {context}")
+			}
+		};
+		let (extra_wormhole_in,missing_wormhole_in)=match &self.wormhole_in_counts{
+			SetDifferenceCheck(Ok(()))=>(passed!("ExtraWormholeIn"),passed!("MissingWormholeIn")),
+			SetDifferenceCheck(Err(context))=>(
+				if context.extra.is_empty(){
+					passed!("ExtraWormholeIn")
+				}else{
+					let context=Separated::new(", ",||context.extra.iter().map(|(&wormhole_id,_names)|
+						WormholeElement{behaviour:WormholeBehaviour::In,wormhole_id}
+					));
+					summary_format!("ExtraWormholeIn","WormholeIn with no matching WormholeOut: {context}")
+				},
+				if context.missing.is_empty(){
+					passed!("MissingWormholeIn")
+				}else{
+					// This counts WormholeIn objects, but
+					// flipped logic is easier to understand
+					let context=Separated::new(", ",||context.missing.iter().map(|&wormhole_id|
+						WormholeElement{behaviour:WormholeBehaviour::Out,wormhole_id}
+					));
+					summary_format!("MissingWormholeIn","WormholeOut with no matching WormholeIn: {context}")
+				}
+			)
+		};
+		let duplicate_wormhole_out=match &self.wormhole_out_counts{
+			DuplicateCheck(Ok(()))=>passed!("DuplicateWormholeOut"),
+			DuplicateCheck(Err(DuplicateCheckContext(context)))=>{
+				let context=Separated::new(", ",||context.iter().map(|(&wormhole_id,&names)|
+					Duplicates::new(WormholeElement{behaviour:WormholeBehaviour::Out,wormhole_id},names as usize)
+				));
+				summary_format!("DuplicateWormholeOut","Duplicate WormholeOut: {context}")
+			}
+		};
+		Ok(MapCheckList{checks:Box::new([
+			model_class,
+			model_name,
+			display_name,
+			creator,
+			game_id,
+			mapstart,
+			duplicate_start,
+			extra_finish,
+			missing_finish,
+			dangling_anticheat,
+			spawn1,
+			dangling_teleport,
+			duplicate_spawns,
+			extra_wormhole_in,
+			missing_wormhole_in,
+			duplicate_wormhole_out,
+		])})
+	}
+}
+
+#[derive(serde::Serialize)]
+pub struct MapCheckList{
+	pub checks:Box<[Check;16]>,
+}
+
+pub struct CheckListAndVersion{
+	pub status:Result<MapInfoOwned,MapCheckList>,
+	pub version:u64,
+}
+
+impl crate::message_handler::MessageHandler{
+	pub async fn check_inner(&self,check_info:CheckRequest)->Result<CheckListAndVersion,Error>{
+		// discover asset creator and latest version
+		let info=self.cloud_context.get_asset_info(
+			rbx_asset::cloud::GetAssetLatestRequest{asset_id:check_info.ModelID}
+		).await.map_err(Error::ModelInfoDownload)?;
+
+		// reject models created by a group
+		let rbx_asset::cloud::Creator::userId(_user_id)=info.creationContext.creator else{
+			return Err(Error::CreatorTypeMustBeUser);
+		};
+
+		// parse model version string
+		let version=info.revisionId;
+
+		let maybe_gzip=download_asset_version(&self.cloud_context,rbx_asset::cloud::GetAssetVersionRequest{
+			asset_id:check_info.ModelID,
+			version,
+		}).await.map_err(Error::Download)?;
+
+		// decode dom (slow!)
+		let dom=maybe_gzip.read_with(read_dom,read_dom).map_err(Error::ModelFileDecode)?;
+
+		// extract the root instance
+		let model_instance=get_root_instance(&dom).map_err(Error::GetRootInstance)?;
+
+		// skip checks
+		if check_info.SkipChecks{
+			// extract required fields
+			let map_info=get_mapinfo(&dom,model_instance);
+			let map_info_owned=map_info.try_into().map_err(Error::IntoMapInfoOwned)?;
+			let status=Ok(map_info_owned);
+
+			// return early
+			return Ok(CheckListAndVersion{status,version});
+		}
+
+		// extract information from the model
+		let model_info=get_model_info(&dom,model_instance);
+
+		// convert the model information into a structured report
+		let map_check=model_info.check();
+
+		// check the report, generate an error message if it fails the check
+		let status=match map_check.result(){
+			Ok(map_info)=>Ok(map_info),
+			Err(Ok(check_list))=>Err(check_list),
+			Err(Err(e))=>return Err(Error::ToJsonValue(e)),
+		};
+
+		Ok(CheckListAndVersion{status,version})
+	}
+}

validation/src/check_mapfix.rs

@@ -0,0 +1,67 @@
+use crate::check::CheckListAndVersion;
+use crate::nats_types::CheckMapfixRequest;
+
+#[allow(dead_code)]
+#[derive(Debug)]
+pub enum Error{
+	Check(crate::check::Error),
+	ApiActionMapfixCheck(submissions_api::Error),
+}
+impl std::fmt::Display for Error{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		write!(f,"{self:?}")
+	}
+}
+impl std::error::Error for Error{}
+
+impl crate::message_handler::MessageHandler{
+	pub async fn check_mapfix(&self,check_info:CheckMapfixRequest)->Result<(),Error>{
+		let mapfix_id=check_info.MapfixID;
+		let check_result=self.check_inner(check_info.into()).await;
+
+		// update the mapfix depending on the result
+		match check_result{
+			Ok(CheckListAndVersion{status:Ok(map_info),version})=>{
+				self.api.action_mapfix_submitted(
+					submissions_api::types::ActionMapfixSubmittedRequest{
+						MapfixID:mapfix_id,
+						ModelVersion:version,
+						DisplayName:map_info.display_name,
+						Creator:map_info.creator,
+						GameID:map_info.game_id.into(),
+					}
+				).await.map_err(Error::ApiActionMapfixCheck)?;
+
+				// Do not proceed to request changes
+				return Ok(());
+			},
+			// update the mapfix model status to request changes
+			Ok(CheckListAndVersion{status:Err(check_list),..})=>self.api.create_mapfix_audit_check_list(
+				submissions_api::types::CreateMapfixAuditCheckListRequest{
+					MapfixID:mapfix_id,
+					CheckList:check_list.checks.as_slice(),
+				}
+			).await.map_err(Error::ApiActionMapfixCheck)?,
+			// update the mapfix model status to request changes
+			Err(e)=>{
+				// log error
+				println!("[check_mapfix] Error: {e}");
+
+				self.api.create_mapfix_audit_error(
+					submissions_api::types::CreateMapfixAuditErrorRequest{
+						MapfixID:mapfix_id,
+						ErrorMessage:e.to_string(),
+					}
+				).await.map_err(Error::ApiActionMapfixCheck)?;
+			},
+		}
+
+		self.api.action_mapfix_request_changes(
+			submissions_api::types::ActionMapfixRequestChangesRequest{
+				MapfixID:mapfix_id,
+			}
+		).await.map_err(Error::ApiActionMapfixCheck)?;
+
+		Ok(())
+	}
+}

validation/src/check_submission.rs

@@ -0,0 +1,68 @@
+use crate::check::CheckListAndVersion;
+use crate::nats_types::CheckSubmissionRequest;
+
+#[allow(dead_code)]
+#[derive(Debug)]
+pub enum Error{
+	Check(crate::check::Error),
+	ApiActionSubmissionCheck(submissions_api::Error),
+}
+impl std::fmt::Display for Error{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		write!(f,"{self:?}")
+	}
+}
+impl std::error::Error for Error{}
+
+impl crate::message_handler::MessageHandler{
+	pub async fn check_submission(&self,check_info:CheckSubmissionRequest)->Result<(),Error>{
+		let submission_id=check_info.SubmissionID;
+		let check_result=self.check_inner(check_info.into()).await;
+
+		// update the submission depending on the result
+		match check_result{
+			// update the submission model status to submitted
+			Ok(CheckListAndVersion{status:Ok(map_info),version})=>{
+				self.api.action_submission_submitted(
+					submissions_api::types::ActionSubmissionSubmittedRequest{
+						SubmissionID:submission_id,
+						ModelVersion:version,
+						DisplayName:map_info.display_name,
+						Creator:map_info.creator,
+						GameID:map_info.game_id.into(),
+					}
+				).await.map_err(Error::ApiActionSubmissionCheck)?;
+
+				// Do not proceed to request changes
+				return Ok(());
+			},
+			// update the submission model status to request changes
+			Ok(CheckListAndVersion{status:Err(check_list),..})=>self.api.create_submission_audit_check_list(
+				submissions_api::types::CreateSubmissionAuditCheckListRequest{
+					SubmissionID:submission_id,
+					CheckList:check_list.checks.as_slice(),
+				}
+			).await.map_err(Error::ApiActionSubmissionCheck)?,
+			// update the submission model status to request changes
+			Err(e)=>{
+				// log error
+				println!("[check_submission] Error: {e}");
+
+				self.api.create_submission_audit_error(
+					submissions_api::types::CreateSubmissionAuditErrorRequest{
+						SubmissionID:submission_id,
+						ErrorMessage:e.to_string(),
+					}
+				).await.map_err(Error::ApiActionSubmissionCheck)?;
+			},
+		}
+
+		self.api.action_submission_request_changes(
+			submissions_api::types::ActionSubmissionRequestChangesRequest{
+				SubmissionID:submission_id,
+			}
+		).await.map_err(Error::ApiActionSubmissionCheck)?;
+
+		Ok(())
+	}
+}

validation/src/create.rs

@@ -1,18 +1,14 @@
-use crate::rbx_util::{get_mapinfo,read_dom,MapInfo,ReadDomError,GetMapInfoError,ParseGameIDError};
+use crate::download::download_asset_version;
+use crate::rbx_util::{get_root_instance,get_mapinfo,read_dom,MapInfo,ReadDomError,GetRootInstanceError,GameID};
 
 #[allow(dead_code)]
 #[derive(Debug)]
 pub enum Error{
-	ModelVersionsPage(rbx_asset::cookie::PageError),
-	EmptyVersionsPage,
-	CreatorTypeMustBeUser(rbx_asset::cookie::CreatorType),
-	ModelDetails(rbx_asset::cookie::GetError),
-	ModelInfoDownload(rbx_asset::cookie::GetAssetV2Error),
-	ModelFileDownload(rbx_asset::cookie::GetError),
-	NoLocations,
+	CreatorTypeMustBeUser,
+	ModelInfoDownload(rbx_asset::cloud::GetError),
+	Download(crate::download::Error),
 	ModelFileDecode(ReadDomError),
-	GetMapInfo(GetMapInfoError),
-	ParseGameID(ParseGameIDError),
+	GetRootInstance(GetRootInstanceError),
 }
 impl std::fmt::Display for Error{
 	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
@@ -27,57 +23,50 @@ pub struct CreateRequest{
 }
 #[allow(nonstandard_style)]
 pub struct CreateResult{
-	pub AssetOwner:i64,
-	pub DisplayName:String,
-	pub Creator:String,
-	pub GameID:i32,
+	pub AssetOwner:u64,
+	pub DisplayName:Option<String>,
+	pub Creator:Option<String>,
+	pub GameID:Option<GameID>,
 	pub AssetVersion:u64,
 }
 impl crate::message_handler::MessageHandler{
 	pub async fn create_inner(&self,create_info:CreateRequest)->Result<CreateResult,Error>{
-		// discover asset creator
-		let creator_fut=async{
-			self.cookie_context.get_asset_details(
-				rbx_asset::cookie::GetAssetDetailsRequest{asset_id:create_info.ModelID}
-			).await.map_err(Error::ModelDetails)
+		// discover asset creator and latest version
+		let info=self.cloud_context.get_asset_info(
+			rbx_asset::cloud::GetAssetLatestRequest{asset_id:create_info.ModelID}
+		).await.map_err(Error::ModelInfoDownload)?;
+
+		// reject models created by a group
+		let rbx_asset::cloud::Creator::userId(user_id)=info.creationContext.creator else{
+			return Err(Error::CreatorTypeMustBeUser);
 		};
 
+		let asset_version=info.revisionId;
+
 		// download the map model
-		let asset_fut=async{
-			let asset_info=self.cookie_context.get_asset_v2(rbx_asset::cookie::GetAssetRequest{
-				asset_id:create_info.ModelID,
-				version:None,
-			}).await.map_err(Error::ModelInfoDownload)?;
-
-			let location=asset_info.info.locations.first().ok_or(Error::NoLocations)?;
-			let data=self.cookie_context.get_asset_v2_download(location).await.map_err(Error::ModelFileDownload)?;
-
-			Ok((asset_info.version,data))
-		};
-
-		let (details,(asset_version,model_data))=tokio::try_join!(creator_fut,asset_fut)?;
-
-		if details.Creator.CreatorType!=rbx_asset::cookie::CreatorType::User{
-			return Err(Error::CreatorTypeMustBeUser(details.Creator.CreatorType));
-		}
+		let maybe_gzip=download_asset_version(&self.cloud_context,rbx_asset::cloud::GetAssetVersionRequest{
+			asset_id:create_info.ModelID,
+			version:asset_version,
+		}).await.map_err(Error::Download)?;
 
 		// decode dom (slow!)
-		let dom=read_dom(&mut std::io::Cursor::new(model_data)).map_err(Error::ModelFileDecode)?;
+		let dom=maybe_gzip.read_with(read_dom,read_dom).map_err(Error::ModelFileDecode)?;
+
+		// extract the root instance
+		let model_instance=get_root_instance(&dom).map_err(Error::GetRootInstance)?;
 
 		// parse create fields out of asset
 		let MapInfo{
 			display_name,
 			creator,
 			game_id,
-		}=get_mapinfo(&dom).map_err(Error::GetMapInfo)?;
-
-		let game_id=game_id.map_err(Error::ParseGameID)?;
+		}=get_mapinfo(&dom,model_instance);
 
 		Ok(CreateResult{
-			AssetOwner:details.Creator.Id as i64,
-			DisplayName:display_name.unwrap_or_default().to_owned(),
-			Creator:creator.unwrap_or_default().to_owned(),
-			GameID:game_id as i32,
+			AssetOwner:user_id,
+			DisplayName:display_name.ok().map(ToOwned::to_owned),
+			Creator:creator.ok().map(ToOwned::to_owned),
+			GameID:game_id.ok(),
 			AssetVersion:asset_version,
 		})
 	}

validation/src/create_mapfix.rs

@@ -24,13 +24,15 @@ impl crate::message_handler::MessageHandler{
 		// call create on api
 		self.api.create_mapfix(submissions_api::types::CreateMapfixRequest{
 			OperationID:create_info.OperationID,
-			AssetOwner:create_request.AssetOwner,
-			DisplayName:create_request.DisplayName.as_str(),
-			Creator:create_request.Creator.as_str(),
-			GameID:create_request.GameID,
+			AssetOwner:create_request.AssetOwner as i64,
+			DisplayName:create_request.DisplayName.as_deref().unwrap_or_default(),
+			Creator:create_request.Creator.as_deref().unwrap_or_default(),
+			// not great TODO: make this great
+			GameID:create_request.GameID.unwrap_or(crate::rbx_util::GameID::Bhop).into(),
 			AssetID:create_info.ModelID,
 			AssetVersion:create_request.AssetVersion,
 			TargetAssetID:create_info.TargetAssetID,
+			Description:create_info.Description.as_str(),
 		}).await.map_err(Error::ApiActionMapfixCreate)?;
 
 		Ok(())
@@ -41,9 +43,12 @@ impl crate::message_handler::MessageHandler{
 		let create_result=self.create_mapfix_inner(create_info).await;
 
 		if let Err(e)=create_result{
+			// log error
+			println!("[create_mapfix] Error: {e}");
+
 			self.api.action_operation_failed(submissions_api::types::ActionOperationFailedRequest{
 				OperationID:operation_id,
-				StatusMessage:format!("{e}"),
+				StatusMessage:e.to_string(),
 			}).await?;
 		}
 

validation/src/create_submission.rs

@@ -1,5 +1,6 @@
 use crate::nats_types::CreateSubmissionRequest;
 use crate::create::CreateRequest;
+use crate::rbx_util::GameID;
 
 #[allow(dead_code)]
 #[derive(Debug)]
@@ -19,15 +20,33 @@ impl crate::message_handler::MessageHandler{
 		let create_request=self.create_inner(CreateRequest{
 			ModelID:create_info.ModelID,
 		}).await.map_err(Error::Create)?;
+
+		// grab values from submission form, otherwise try to fill blanks from map data
+		let display_name=if create_info.DisplayName.is_empty(){
+			create_request.DisplayName.as_deref().unwrap_or_default()
+		}else{
+			create_info.DisplayName.as_str()
+		};
+
+		let creator=if create_info.Creator.is_empty(){
+			create_request.Creator.as_deref().unwrap_or_default()
+		}else{
+			create_info.Creator.as_str()
+		};
+
+		let game_id=create_info.GameID.try_into().ok().or(create_request.GameID).unwrap_or(GameID::Bhop);
+
 		// call create on api
 		self.api.create_submission(submissions_api::types::CreateSubmissionRequest{
 			OperationID:create_info.OperationID,
-			AssetOwner:create_request.AssetOwner,
-			DisplayName:create_request.DisplayName.as_str(),
-			Creator:create_request.Creator.as_str(),
-			GameID:create_request.GameID,
+			AssetOwner:create_request.AssetOwner as i64,
+			DisplayName:display_name,
+			Creator:creator,
+			GameID:game_id.into(),
 			AssetID:create_info.ModelID,
 			AssetVersion:create_request.AssetVersion,
+			Status:create_info.Status,
+			Roles:create_info.Roles,
 		}).await.map_err(Error::ApiActionSubmissionCreate)?;
 
 		Ok(())
@@ -38,9 +57,12 @@ impl crate::message_handler::MessageHandler{
 		let create_result=self.create_submission_inner(create_info).await;
 
 		if let Err(e)=create_result{
+			// log error
+			println!("[create_submission] Error: {e}");
+
 			self.api.action_operation_failed(submissions_api::types::ActionOperationFailedRequest{
 				OperationID:operation_id,
-				StatusMessage:format!("{e}"),
+				StatusMessage:e.to_string(),
 			}).await?;
 		}
 

validation/src/download.rs

@@ -0,0 +1,26 @@
+#[allow(dead_code)]
+#[derive(Debug)]
+pub enum Error{
+	ModelLocationDownload(rbx_asset::cloud::GetError),
+	NonFreeModel,
+	ModelFileDownload(rbx_asset::cloud::GetError),
+}
+impl std::fmt::Display for Error{
+	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
+		write!(f,"{self:?}")
+	}
+}
+impl std::error::Error for Error{}
+
+pub async fn download_asset_version(cloud_context:&rbx_asset::cloud::Context,request:rbx_asset::cloud::GetAssetVersionRequest)->Result<rbx_asset::types::MaybeGzippedBytes,Error>{
+	// download the location of the map model
+	let location=cloud_context.get_asset_version_location(request).await.map_err(Error::ModelLocationDownload)?;
+
+	// if the location does not exist, you are not allowed to download it
+	let location=location.location.ok_or(Error::NonFreeModel)?;
+
+	// download the map model
+	let maybe_gzip=cloud_context.get_asset(&location).await.map_err(Error::ModelFileDownload)?;
+
+	Ok(maybe_gzip)
+}

validation/src/main.rs

@@ -3,7 +3,10 @@ use futures::StreamExt;
 mod rbx_util;
 mod message_handler;
 mod nats_types;
-mod types;
+mod download;
+mod check;
+mod check_mapfix;
+mod check_submission;
 mod create;
 mod create_mapfix;
 mod create_submission;
@@ -20,6 +23,7 @@ pub enum StartupError{
 	NatsConnect(async_nats::ConnectError),
 	NatsGetStream(async_nats::jetstream::context::GetStreamError),
 	NatsConsumer(async_nats::jetstream::stream::ConsumerError),
+	NatsConsumerUpdate(async_nats::jetstream::stream::ConsumerUpdateError),
 	NatsStream(async_nats::jetstream::consumer::StreamError),
 }
 impl std::fmt::Display for StartupError{
@@ -38,12 +42,15 @@ async fn main()->Result<(),StartupError>{
 			"None"=>None,
 			_=>Some(s.parse().expect("ROBLOX_GROUP_ID int parse")),
 		},
-		Err(e)=>Err(e).expect("ROBLOX_GROUP_ID env required"),
+		Err(e)=>panic!("{e}: ROBLOX_GROUP_ID env required"),
 	};
 
-	// talk to roblox through STRAFESNET_CI2 account
+	// create / upload models through STRAFESNET_CI2 account
 	let cookie=std::env::var("RBXCOOKIE").expect("RBXCOOKIE env required");
-	let cookie_context=rbx_asset::cookie::CookieContext::new(rbx_asset::cookie::Cookie::new(cookie));
+	let cookie_context=rbx_asset::cookie::Context::new(rbx_asset::cookie::Cookie::new(cookie));
+	// download models through cloud api
+	let api_key=std::env::var("RBX_API_KEY").expect("RBX_API_KEY env required");
+	let cloud_context=rbx_asset::cloud::Context::new(rbx_asset::cloud::ApiKey::new(api_key));
 
 	// maps-service api
 	let api_host_internal=std::env::var("API_HOST_INTERNAL").expect("API_HOST_INTERNAL env required");
@@ -52,20 +59,35 @@ async fn main()->Result<(),StartupError>{
 	// nats
 	let nats_host=std::env::var("NATS_HOST").expect("NATS_HOST env required");
 	let nats_fut=async{
+		const STREAM_NAME:&str="maptest";
+		const DURABLE_NAME:&str="validation";
+		const FILTER_SUBJECT:&str="maptest.>";
+
+		let nats_config=async_nats::jetstream::consumer::pull::Config{
+			name:Some(DURABLE_NAME.to_owned()),
+			durable_name:Some(DURABLE_NAME.to_owned()),
+			filter_subject:FILTER_SUBJECT.to_owned(),
+			..Default::default()
+		};
+
 		let nasty=async_nats::connect(nats_host).await.map_err(StartupError::NatsConnect)?;
+
 		// use nats jetstream
-		async_nats::jetstream::new(nasty)
-			.get_stream("maptest").await.map_err(StartupError::NatsGetStream)?
-			.get_or_create_consumer("validation",async_nats::jetstream::consumer::pull::Config{
-				name:Some("validation".to_owned()),
-				durable_name:Some("validation".to_owned()),
-				filter_subject:"maptest.>".to_owned(),
-				..Default::default()
-			}).await.map_err(StartupError::NatsConsumer)?
-			.messages().await.map_err(StartupError::NatsStream)
+		let stream=async_nats::jetstream::new(nasty)
+			.get_stream(STREAM_NAME).await.map_err(StartupError::NatsGetStream)?;
+
+		let consumer=stream.get_or_create_consumer(DURABLE_NAME,nats_config.clone()).await.map_err(StartupError::NatsConsumer)?;
+
+		// check if config matches expected config
+		if consumer.cached_info().config.filter_subject!=FILTER_SUBJECT{
+			stream.update_consumer(nats_config).await.map_err(StartupError::NatsConsumerUpdate)?;
+		}
+
+		// only need messages
+		consumer.messages().await.map_err(StartupError::NatsStream)
 	};
 
-	let message_handler=message_handler::MessageHandler::new(cookie_context,group_id,api);
+	let message_handler=message_handler::MessageHandler::new(cloud_context,cookie_context,group_id,api);
 
 	// Create a signal listener for SIGTERM
 	let mut sig_term=tokio::signal::unix::signal(tokio::signal::unix::SignalKind::terminate()).expect("Failed to create SIGTERM signal listener");

validation/src/message_handler.rs

@@ -7,6 +7,8 @@ pub enum HandleMessageError{
 	UnknownSubject(String),
 	CreateMapfix(submissions_api::Error),
 	CreateSubmission(submissions_api::Error),
+	CheckMapfix(crate::check_mapfix::Error),
+	CheckSubmission(crate::check_submission::Error),
 	UploadMapfix(crate::upload_mapfix::Error),
 	UploadSubmission(crate::upload_submission::Error),
 	ValidateMapfix(crate::validate_mapfix::Error),
@@ -26,18 +28,21 @@ fn from_slice<'a,T:serde::de::Deserialize<'a>>(slice:&'a [u8])->Result<T,HandleM
 }
 
 pub struct MessageHandler{
-	pub(crate) cookie_context:rbx_asset::cookie::CookieContext,
+	pub(crate) cloud_context:rbx_asset::cloud::Context,
+	pub(crate) cookie_context:rbx_asset::cookie::Context,
 	pub(crate) group_id:Option<u64>,
 	pub(crate) api:submissions_api::internal::Context,
 }
 
 impl MessageHandler{
 	pub fn new(
-		cookie_context:rbx_asset::cookie::CookieContext,
+		cloud_context:rbx_asset::cloud::Context,
+		cookie_context:rbx_asset::cookie::Context,
 		group_id:Option<u64>,
 		api:submissions_api::internal::Context,
 	)->Self{
 		Self{
+			cloud_context,
 			cookie_context,
 			group_id,
 			api,
@@ -49,6 +54,8 @@ impl MessageHandler{
 		match message.subject.as_str(){
 			"maptest.mapfixes.create"=>self.create_mapfix(from_slice(&message.payload)?).await.map_err(HandleMessageError::CreateMapfix),
 			"maptest.submissions.create"=>self.create_submission(from_slice(&message.payload)?).await.map_err(HandleMessageError::CreateSubmission),
+			"maptest.mapfixes.check"=>self.check_mapfix(from_slice(&message.payload)?).await.map_err(HandleMessageError::CheckMapfix),
+			"maptest.submissions.check"=>self.check_submission(from_slice(&message.payload)?).await.map_err(HandleMessageError::CheckSubmission),
 			"maptest.mapfixes.upload"=>self.upload_mapfix(from_slice(&message.payload)?).await.map_err(HandleMessageError::UploadMapfix),
 			"maptest.submissions.upload"=>self.upload_submission(from_slice(&message.payload)?).await.map_err(HandleMessageError::UploadSubmission),
 			"maptest.mapfixes.validate"=>self.validate_mapfix(from_slice(&message.payload)?).await.map_err(HandleMessageError::ValidateMapfix),

validation/src/nats_types.rs

@@ -1,3 +1,5 @@
+use submissions_api::types::{SubmissionID,MapfixID,OperationID};
+
 // These represent the information needed in the nats message
 // to perform the operation, not necessarily the over-the-wire format
 
@@ -8,23 +10,46 @@
 #[derive(serde::Deserialize)]
 pub struct CreateSubmissionRequest{
 	// operation_id is passed back in the response message
-	pub OperationID:i32,
+	pub OperationID:OperationID,
 	pub ModelID:u64,
+	pub DisplayName:String,
+	pub Creator:String,
+	pub GameID:u32,
+	// initial status is passed back on create
+	pub Status:u32,
+	pub Roles:u32,
 }
 
 #[allow(nonstandard_style)]
 #[derive(serde::Deserialize)]
 pub struct CreateMapfixRequest{
-	pub OperationID:i32,
+	pub OperationID:OperationID,
 	pub ModelID:u64,
 	pub TargetAssetID:u64,
+	pub Description:String,
+}
+
+#[allow(nonstandard_style)]
+#[derive(serde::Deserialize)]
+pub struct CheckSubmissionRequest{
+	pub SubmissionID:SubmissionID,
+	pub ModelID:u64,
+	pub SkipChecks:bool,
+}
+
+#[allow(nonstandard_style)]
+#[derive(serde::Deserialize)]
+pub struct CheckMapfixRequest{
+	pub MapfixID:MapfixID,
+	pub ModelID:u64,
+	pub SkipChecks:bool,
 }
 
 #[allow(nonstandard_style)]
 #[derive(serde::Deserialize)]
 pub struct ValidateSubmissionRequest{
 	// submission_id is passed back in the response message
-	pub SubmissionID:i64,
+	pub SubmissionID:SubmissionID,
 	pub ModelID:u64,
 	pub ModelVersion:u64,
 	pub ValidatedModelID:Option<u64>,
@@ -34,7 +59,7 @@ pub struct ValidateSubmissionRequest{
 #[derive(serde::Deserialize)]
 pub struct ValidateMapfixRequest{
 	// submission_id is passed back in the response message
-	pub MapfixID:i64,
+	pub MapfixID:MapfixID,
 	pub ModelID:u64,
 	pub ModelVersion:u64,
 	pub ValidatedModelID:Option<u64>,
@@ -44,7 +69,7 @@ pub struct ValidateMapfixRequest{
 #[allow(nonstandard_style)]
 #[derive(serde::Deserialize)]
 pub struct UploadSubmissionRequest{
-	pub SubmissionID:i64,
+	pub SubmissionID:SubmissionID,
 	pub ModelID:u64,
 	pub ModelVersion:u64,
 	pub ModelName:String,
@@ -53,7 +78,7 @@ pub struct UploadSubmissionRequest{
 #[allow(nonstandard_style)]
 #[derive(serde::Deserialize)]
 pub struct UploadMapfixRequest{
-	pub MapfixID:i64,
+	pub MapfixID:MapfixID,
 	pub ModelID:u64,
 	pub ModelVersion:u64,
 	pub TargetAssetID:u64,

validation/src/rbx_util.rs

@@ -5,8 +5,7 @@ pub enum ReadDomError{
 	Binary(rbx_binary::DecodeError),
 	Xml(rbx_xml::DecodeError),
 	Read(std::io::Error),
-	Seek(std::io::Error),
-	UnknownFormat([u8;8]),
+	UnknownFormat(Vec<u8>),
 }
 impl std::fmt::Display for ReadDomError{
 	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
@@ -15,44 +14,22 @@ impl std::fmt::Display for ReadDomError{
 }
 impl std::error::Error for ReadDomError{}
 
-pub fn read_dom<R:std::io::Read+std::io::Seek>(input:&mut R)->Result<rbx_dom_weak::WeakDom,ReadDomError>{
-	let mut first_8=[0u8;8];
-	std::io::Read::read_exact(input,&mut first_8).map_err(ReadDomError::Read)?;
-	std::io::Seek::rewind(input).map_err(ReadDomError::Seek)?;
-	match &first_8[0..4]{
-		b"<rob"=>{
-			match &first_8[4..8]{
-				b"lox!"=>rbx_binary::from_reader(input).map_err(ReadDomError::Binary),
-				b"lox "=>rbx_xml::from_reader(input,rbx_xml::DecodeOptions::default()).map_err(ReadDomError::Xml),
-				_=>Err(ReadDomError::UnknownFormat(first_8)),
-			}
-		},
-		_=>Err(ReadDomError::UnknownFormat(first_8)),
+pub fn read_dom<R:std::io::Read>(input:R)->Result<rbx_dom_weak::WeakDom,ReadDomError>{
+	let mut buf=std::io::BufReader::new(input);
+	let peek=std::io::BufRead::fill_buf(&mut buf).map_err(ReadDomError::Read)?;
+	match peek.get(0..8){
+		Some(b"<roblox!")=>rbx_binary::from_reader(buf).map_err(ReadDomError::Binary),
+		Some(b"<roblox ")=>rbx_xml::from_reader_default(buf).map_err(ReadDomError::Xml),
+		_=>Err(ReadDomError::UnknownFormat(peek.to_owned())),
 	}
 }
 
-pub fn class_is_a(class:&str,superclass:&str)->bool{
-	if class==superclass{
-		return true
-	}
-	let class_descriptor=rbx_reflection_database::get().classes.get(class);
-	if let Some(descriptor)=&class_descriptor{
-		if let Some(class_super)=&descriptor.superclass{
-			return class_is_a(&class_super,superclass)
-		}
-	}
-	false
+pub fn static_ustr(s:&'static str)->rbx_dom_weak::Ustr{
+	rbx_dom_weak::ustr(s)
 }
 
-pub fn find_first_child_class<'a>(dom:&'a rbx_dom_weak::WeakDom,instance:&rbx_dom_weak::Instance,name:&str,class:&str)->Option<&'a rbx_dom_weak::Instance>{
-	for &referent in instance.children(){
-		if let Some(c)=dom.get_by_ref(referent){
-			if c.name==name&&class_is_a(c.class.as_str(),class) {
-				return Some(c);
-			}
-		}
-	}
-	None
+fn find_first_child_name_and_class<'a>(dom:&'a rbx_dom_weak::WeakDom,instance:&rbx_dom_weak::Instance,name:&str,class:&str)->Option<&'a rbx_dom_weak::Instance>{
+	instance.children().iter().filter_map(|&r|dom.get_by_ref(r)).find(|inst|inst.name==name&&inst.class==class)
 }
 
 pub enum GameID{
@@ -60,6 +37,15 @@ pub enum GameID{
 	Surf=2,
 	FlyTrials=5,
 }
+impl From<GameID> for submissions_api::types::GameID{
+	fn from(value:GameID)->Self{
+		match value{
+			GameID::Bhop=>submissions_api::types::GameID::Bhop,
+			GameID::Surf=>submissions_api::types::GameID::Surf,
+			GameID::FlyTrials=>submissions_api::types::GameID::FlyTrials,
+		}
+	}
+}
 #[derive(Debug)]
 pub struct ParseGameIDError;
 impl std::str::FromStr for GameID{
@@ -74,7 +60,19 @@ impl std::str::FromStr for GameID{
 		if s.starts_with("flytrials_"){
 			return Ok(GameID::FlyTrials);
 		}
-		return Err(ParseGameIDError);
+		Err(ParseGameIDError)
+	}
+}
+pub struct GameIDError;
+impl TryFrom<u32> for GameID{
+	type Error=GameIDError;
+	fn try_from(value:u32)->Result<Self,Self::Error>{
+		match value{
+			1=>Ok(GameID::Bhop),
+			2=>Ok(GameID::Surf),
+			5=>Ok(GameID::FlyTrials),
+			_=>Err(GameIDError)
+		}
 	}
 }
 
@@ -84,6 +82,7 @@ pub struct MapInfo<'a>{
 	pub game_id:Result<GameID,ParseGameIDError>,
 }
 
+#[derive(Debug)]
 pub enum StringValueError{
 	ObjectNotFound,
 	ValueNotSet,
@@ -92,7 +91,7 @@ pub enum StringValueError{
 
 fn string_value(instance:Option<&rbx_dom_weak::Instance>)->Result<&str,StringValueError>{
 	let instance=instance.ok_or(StringValueError::ObjectNotFound)?;
-	let value=instance.properties.get("Value").ok_or(StringValueError::ValueNotSet)?;
+	let value=instance.properties.get(&static_ustr("Value")).ok_or(StringValueError::ValueNotSet)?;
 	match value{
 		rbx_dom_weak::types::Variant::String(value)=>Ok(value),
 		_=>Err(StringValueError::NonStringValue),
@@ -100,20 +99,24 @@ fn string_value(instance:Option<&rbx_dom_weak::Instance>)->Result<&str,StringVal
 }
 
 #[derive(Debug)]
-pub enum GetMapInfoError{
+pub enum GetRootInstanceError{
 	ModelFileRootMustHaveOneChild,
 	ModelFileChildRefIsNil,
 }
 
-pub fn get_mapinfo(dom:&rbx_dom_weak::WeakDom)->Result<MapInfo,GetMapInfoError>{
+pub fn get_root_instance(dom:&rbx_dom_weak::WeakDom)->Result<&rbx_dom_weak::Instance,GetRootInstanceError>{
 	let &[map_ref]=dom.root().children()else{
-		return Err(GetMapInfoError::ModelFileRootMustHaveOneChild);
+		return Err(GetRootInstanceError::ModelFileRootMustHaveOneChild);
 	};
-	let model_instance=dom.get_by_ref(map_ref).ok_or(GetMapInfoError::ModelFileChildRefIsNil)?;
+	let model_instance=dom.get_by_ref(map_ref).ok_or(GetRootInstanceError::ModelFileChildRefIsNil)?;
 
-	Ok(MapInfo{
-		display_name:string_value(find_first_child_class(dom,model_instance,"DisplayName","StringValue")),
-		creator:string_value(find_first_child_class(dom,model_instance,"Creator","StringValue")),
-		game_id:model_instance.name.parse(),
-	})
+	Ok(model_instance)
+}
+
+pub fn get_mapinfo<'a>(dom:&'a rbx_dom_weak::WeakDom,model_instance:&rbx_dom_weak::Instance)->MapInfo<'a>{
+	MapInfo{
+		display_name:string_value(find_first_child_name_and_class(dom,model_instance,"DisplayName","StringValue")),
+		creator:string_value(find_first_child_name_and_class(dom,model_instance,"Creator","StringValue")),
+		game_id:model_instance.name.parse(),
+	}
 }

validation/src/types.rs

@@ -1,4 +0,0 @@
-pub enum ResourceID{
-	Mapfix(i64),
-	Submission(i64),
-}

validation/src/upload_mapfix.rs

@@ -1,9 +1,11 @@
+use crate::download::download_asset_version;
 use crate::nats_types::UploadMapfixRequest;
 
 #[allow(dead_code)]
 #[derive(Debug)]
 pub enum Error{
-	Get(rbx_asset::cookie::GetError),
+	Download(crate::download::Error),
+	IO(std::io::Error),
 	Json(serde_json::Error),
 	Upload(rbx_asset::cookie::UploadError),
 	ApiActionMapfixUploaded(submissions_api::Error),
@@ -17,11 +19,14 @@ impl std::error::Error for Error{}
 
 impl crate::message_handler::MessageHandler{
 	pub async fn upload_mapfix(&self,upload_info:UploadMapfixRequest)->Result<(),Error>{
-		// download the map model version
-		let model_data=self.cookie_context.get_asset(rbx_asset::cookie::GetAssetRequest{
+		// download the map model
+		let maybe_gzip=download_asset_version(&self.cloud_context,rbx_asset::cloud::GetAssetVersionRequest{
 			asset_id:upload_info.ModelID,
-			version:Some(upload_info.ModelVersion),
-		}).await.map_err(Error::Get)?;
+			version:upload_info.ModelVersion,
+		}).await.map_err(Error::Download)?;
+
+		// transparently handle gzipped models
+		let model_data=maybe_gzip.to_vec().map_err(Error::IO)?;
 
 		// upload the map to the strafesnet group
 		let _upload_response=self.cookie_context.upload(rbx_asset::cookie::UploadRequest{

validation/src/upload_submission.rs

@@ -1,9 +1,11 @@
+use crate::download::download_asset_version;
 use crate::nats_types::UploadSubmissionRequest;
 
 #[allow(dead_code)]
 #[derive(Debug)]
 pub enum Error{
-	Get(rbx_asset::cookie::GetError),
+	Download(crate::download::Error),
+	IO(std::io::Error),
 	Json(serde_json::Error),
 	Create(rbx_asset::cookie::CreateError),
 	SystemTime(std::time::SystemTimeError),
@@ -18,11 +20,14 @@ impl std::error::Error for Error{}
 
 impl crate::message_handler::MessageHandler{
 	pub async fn upload_submission(&self,upload_info:UploadSubmissionRequest)->Result<(),Error>{
-		// download the map model version
-		let model_data=self.cookie_context.get_asset(rbx_asset::cookie::GetAssetRequest{
+		// download the map model
+		let maybe_gzip=download_asset_version(&self.cloud_context,rbx_asset::cloud::GetAssetVersionRequest{
 			asset_id:upload_info.ModelID,
-			version:Some(upload_info.ModelVersion),
-		}).await.map_err(Error::Get)?;
+			version:upload_info.ModelVersion,
+		}).await.map_err(Error::Download)?;
+
+		// transparently handle gzipped models
+		let model_data=maybe_gzip.to_vec().map_err(Error::IO)?;
 
 		// upload the map to the strafesnet group
 		let upload_response=self.cookie_context.create(rbx_asset::cookie::CreateRequest{

validation/src/validate_mapfix.rs

@@ -22,14 +22,23 @@ impl crate::message_handler::MessageHandler{
 			Ok(())=>{
 				// update the mapfix model status to validated
 				self.api.action_mapfix_validated(
-					submissions_api::types::MapfixID(mapfix_id)
+					mapfix_id
 				).await.map_err(Error::ApiActionMapfixValidate)?;
 			},
 			Err(e)=>{
+				// log error
+				println!("[validate_mapfix] Error: {e}");
+
+				self.api.create_mapfix_audit_error(
+					submissions_api::types::CreateMapfixAuditErrorRequest{
+						MapfixID:mapfix_id,
+						ErrorMessage:e.to_string(),
+					}
+				).await.map_err(Error::ApiActionMapfixValidate)?;
+
 				// update the mapfix model status to accepted
 				self.api.action_mapfix_accepted(submissions_api::types::ActionMapfixAcceptedRequest{
 					MapfixID:mapfix_id,
-					StatusMessage:format!("{e}"),
 				}).await.map_err(Error::ApiActionMapfixValidate)?;
 			},
 		}

validation/src/validate_submission.rs

@@ -22,14 +22,23 @@ impl crate::message_handler::MessageHandler{
 			Ok(())=>{
 				// update the submission model status to validated
 				self.api.action_submission_validated(
-					submissions_api::types::SubmissionID(submission_id)
+					submission_id
 				).await.map_err(Error::ApiActionSubmissionValidate)?;
 			},
 			Err(e)=>{
+				// log error
+				println!("[validate_submission] Error: {e}");
+
+				self.api.create_submission_audit_error(
+					submissions_api::types::CreateSubmissionAuditErrorRequest{
+						SubmissionID:submission_id,
+						ErrorMessage:e.to_string(),
+					}
+				).await.map_err(Error::ApiActionSubmissionValidate)?;
+
 				// update the submission model status to accepted
 				self.api.action_submission_accepted(submissions_api::types::ActionSubmissionAcceptedRequest{
 					SubmissionID:submission_id,
-					StatusMessage:format!("{e}"),
 				}).await.map_err(Error::ApiActionSubmissionValidate)?;
 			},
 		}

validation/src/validator.rs

@@ -1,8 +1,8 @@
 use futures::TryStreamExt;
-use submissions_api::types::ResourceType;
+use submissions_api::types::Resource;
 
-use crate::rbx_util::{class_is_a,read_dom,ReadDomError};
-use crate::types::ResourceID;
+use crate::download::download_asset_version;
+use crate::rbx_util::{read_dom,static_ustr,ReadDomError};
 
 const SCRIPT_CONCURRENCY:usize=16;
 
@@ -20,7 +20,7 @@ struct NamePolicy{
 }
 
 fn source_has_illegal_keywords(source:&str)->bool{
-	source.find("getfenv").is_some()||source.find("require").is_some()
+	source.contains("getfenv")||source.contains("require")
 }
 
 fn hash_source(source:&str)->String{
@@ -32,17 +32,23 @@ fn hash_source(source:&str)->String{
 
 #[allow(dead_code)]
 #[derive(Debug)]
-pub enum ValidateError{
+pub enum Error{
+	ModelInfoDownload(rbx_asset::cloud::GetError),
+	CreatorTypeMustBeUser,
+	RevisionMismatch{
+		current:u64,
+		submitted:u64,
+	},
 	ScriptFlaggedIllegalKeyword(String),
 	ScriptBlocked(Option<submissions_api::types::ScriptID>),
 	ScriptNotYetReviewed(Option<submissions_api::types::ScriptID>),
-	ModelFileDownload(rbx_asset::cookie::GetError),
+	Download(crate::download::Error),
 	ModelFileDecode(ReadDomError),
-	ApiGetScriptPolicyFromHash(submissions_api::types::SingleItemError),
+	ApiGetScriptPolicyFromHash(submissions_api::types::ScriptPolicySingleItemError),
 	ApiGetScript(submissions_api::Error),
 	ApiCreateScript(submissions_api::Error),
 	ApiCreateScriptPolicy(submissions_api::Error),
-	ApiGetScriptFromHash(submissions_api::types::SingleItemError),
+	ApiGetScriptFromHash(submissions_api::types::ScriptSingleItemError),
 	ApiUpdateMapfixModel(submissions_api::Error),
 	ApiUpdateSubmissionModel(submissions_api::Error),
 	ModelFileRootMustHaveOneChild,
@@ -51,19 +57,19 @@ pub enum ValidateError{
 	AssetUpload(rbx_asset::cookie::UploadError),
 	AssetCreate(rbx_asset::cookie::CreateError),
 }
-impl std::fmt::Display for ValidateError{
+impl std::fmt::Display for Error{
 	fn fmt(&self,f:&mut std::fmt::Formatter<'_>)->std::fmt::Result{
 		write!(f,"{self:?}")
 	}
 }
-impl std::error::Error for ValidateError{}
+impl std::error::Error for Error{}
 
 #[allow(nonstandard_style)]
 pub struct ValidateRequest{
 	pub ModelID:u64,
 	pub ModelVersion:u64,
 	pub ValidatedModelID:Option<u64>,
-	pub ResourceID:ResourceID,
+	pub Resource:Resource,
 }
 
 impl From<crate::nats_types::ValidateMapfixRequest> for ValidateRequest{
@@ -72,7 +78,7 @@ impl From<crate::nats_types::ValidateMapfixRequest> for ValidateRequest{
 			ModelID:value.ModelID,
 			ModelVersion:value.ModelVersion,
 			ValidatedModelID:value.ValidatedModelID,
-			ResourceID:ResourceID::Mapfix(value.MapfixID),
+			Resource:Resource::Mapfix(value.MapfixID),
 		}
 	}
 }
@@ -82,36 +88,57 @@ impl From<crate::nats_types::ValidateSubmissionRequest> for ValidateRequest{
 			ModelID:value.ModelID,
 			ModelVersion:value.ModelVersion,
 			ValidatedModelID:value.ValidatedModelID,
-			ResourceID:ResourceID::Submission(value.SubmissionID),
+			Resource:Resource::Submission(value.SubmissionID),
 		}
 	}
 }
 
 impl crate::message_handler::MessageHandler{
-	pub async fn validate_inner(&self,validate_info:ValidateRequest)->Result<(),ValidateError>{
-		// download map
-		let data=self.cookie_context.get_asset(rbx_asset::cookie::GetAssetRequest{
+	pub async fn validate_inner(&self,validate_info:ValidateRequest)->Result<(),Error>{
+		// discover asset creator and latest version
+		let info=self.cloud_context.get_asset_info(
+			rbx_asset::cloud::GetAssetLatestRequest{asset_id:validate_info.ModelID}
+		).await.map_err(Error::ModelInfoDownload)?;
+
+		// reject models created by a group
+		let rbx_asset::cloud::Creator::userId(_user_id)=info.creationContext.creator else{
+			return Err(Error::CreatorTypeMustBeUser);
+		};
+
+		// Has the map been updated since it was submitted?
+		if info.revisionId!=validate_info.ModelVersion{
+			return Err(Error::RevisionMismatch{
+				current:info.revisionId,
+				submitted:validate_info.ModelVersion,
+			});
+		}
+
+		// download the map model
+		let maybe_gzip=download_asset_version(&self.cloud_context,rbx_asset::cloud::GetAssetVersionRequest{
 			asset_id:validate_info.ModelID,
-			version:Some(validate_info.ModelVersion),
-		}).await.map_err(ValidateError::ModelFileDownload)?;
+			version:validate_info.ModelVersion,
+		}).await.map_err(Error::Download)?;
 
 		// decode dom (slow!)
-		let mut dom=read_dom(&mut std::io::Cursor::new(data)).map_err(ValidateError::ModelFileDecode)?;
+		let mut dom=maybe_gzip.read_with(read_dom,read_dom).map_err(Error::ModelFileDecode)?;
 
 		/* VALIDATE MAP */
 
+		// stupid ustr thing
+		let source_property=static_ustr("Source");
+
 		// collect unique scripts
 		let script_refs=get_script_refs(&dom);
 		let mut script_map=std::collections::HashMap::<String,NamePolicy>::new();
 		for &script_ref in &script_refs{
 			if let Some(script)=dom.get_by_ref(script_ref){
-				if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get("Source"){
+				if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get(&source_property){
 					// check the source for illegal keywords
 					if source_has_illegal_keywords(source){
 						// immediately abort
 						// grab path to offending script
 						let path=get_partial_path(&dom,script);
-						return Err(ValidateError::ScriptFlaggedIllegalKeyword(path));
+						return Err(Error::ScriptFlaggedIllegalKeyword(path));
 					}
 					// associate a name and policy with the source code
 					// policy will be fetched from the database to replace the default policy
@@ -132,7 +159,7 @@ impl crate::message_handler::MessageHandler{
 			// fetch the script policy
 			let script_policy=self.api.get_script_policy_from_hash(submissions_api::types::HashRequest{
 				hash:hash.as_str(),
-			}).await.map_err(ValidateError::ApiGetScriptPolicyFromHash)?;
+			}).await.map_err(Error::ApiGetScriptPolicyFromHash)?;
 
 			// write the policy to the script_map, fetching the replacement code if necessary
 			if let Some(script_policy)=script_policy{
@@ -144,15 +171,12 @@ impl crate::message_handler::MessageHandler{
 					submissions_api::types::Policy::Replace=>{
 						let script=self.api.get_script(submissions_api::types::GetScriptRequest{
 							ScriptID:script_policy.ToScriptID,
-						}).await.map_err(ValidateError::ApiGetScript)?;
+						}).await.map_err(Error::ApiGetScript)?;
 						Policy::Replace(script.Source)
 					},
 				};
 			}else{
-				let (resource_type,resource_id)=match validate_info.ResourceID{
-					ResourceID::Mapfix(mapfix_id)=>(ResourceType::Mapfix,mapfix_id),
-					ResourceID::Submission(submission_id)=>(ResourceType::Submission,submission_id),
-				};
+				let (resource_type,resource_id)=validate_info.Resource.split();
 
 				// upload the script
 				let script=self.api.create_script(submissions_api::types::CreateScriptRequest{
@@ -160,14 +184,14 @@ impl crate::message_handler::MessageHandler{
 					Source:source.as_str(),
 					ResourceType:resource_type,
 					ResourceID:Some(resource_id),
-				}).await.map_err(ValidateError::ApiCreateScript)?;
+				}).await.map_err(Error::ApiCreateScript)?;
 
 				// create a None policy (pending review by yours truly)
 				self.api.create_script_policy(submissions_api::types::CreateScriptPolicyRequest{
 					ToScriptID:script.ScriptID,
 					FromScriptID:script.ScriptID,
 					Policy:submissions_api::types::Policy::None,
-				}).await.map_err(ValidateError::ApiCreateScriptPolicy)?;
+				}).await.map_err(Error::ApiCreateScriptPolicy)?;
 			}
 
 			Ok(())
@@ -175,17 +199,17 @@ impl crate::message_handler::MessageHandler{
 		.await?;
 
 		// make the replacements
-		let mut modified=true;
+		let mut modified=false;
 		for &script_ref in &script_refs{
 			if let Some(script)=dom.get_by_ref_mut(script_ref){
-				if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get_mut("Source"){
+				if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get_mut(&source_property){
 					match script_map.get(source.as_str()).map(|p|&p.policy){
 						Some(Policy::Blocked)=>{
 							let hash=hash_source(source.as_str());
 							let script=self.api.get_script_from_hash(submissions_api::types::HashRequest{
 								hash:hash.as_str(),
-							}).await.map_err(ValidateError::ApiGetScriptFromHash)?;
-							return Err(ValidateError::ScriptBlocked(script.map(|s|s.ID)));
+							}).await.map_err(Error::ApiGetScriptFromHash)?;
+							return Err(Error::ScriptBlocked(script.map(|s|s.ID)));
 						},
 						None
 						|Some(Policy::None)
@@ -193,8 +217,8 @@ impl crate::message_handler::MessageHandler{
 							let hash=hash_source(source.as_str());
 							let script=self.api.get_script_from_hash(submissions_api::types::HashRequest{
 								hash:hash.as_str(),
-							}).await.map_err(ValidateError::ApiGetScriptFromHash)?;
-							return Err(ValidateError::ScriptNotYetReviewed(script.map(|s|s.ID)));
+							}).await.map_err(Error::ApiGetScriptFromHash)?;
+							return Err(Error::ScriptNotYetReviewed(script.map(|s|s.ID)));
 						},
 						Some(Policy::Allowed)=>(),
 						Some(Policy::Delete)=>{
@@ -211,19 +235,17 @@ impl crate::message_handler::MessageHandler{
 			}
 		}
 
-		println!("[Validator] Forcing model upload! modified=true");
-
 		// if the model was validated, the submission must be changed to use the modified model
-		if modified{
+		let (validated_model_id,validated_model_version)=if modified{
 			// serialize model (slow!)
 			let mut data=Vec::new();
 			let &[map_ref]=dom.root().children()else{
-				return Err(ValidateError::ModelFileRootMustHaveOneChild);
+				return Err(Error::ModelFileRootMustHaveOneChild);
 			};
-			rbx_binary::to_writer(&mut data,&dom,&[map_ref]).map_err(ValidateError::ModelFileEncode)?;
+			rbx_binary::to_writer(&mut data,&dom,&[map_ref]).map_err(Error::ModelFileEncode)?;
 
 			// upload a model lol
-			let model_id=if let Some(model_id)=validate_info.ValidatedModelID{
+			if let Some(model_id)=validate_info.ValidatedModelID{
 				// upload to existing id
 				let response=self.cookie_context.upload(rbx_asset::cookie::UploadRequest{
 					assetid:model_id,
@@ -232,13 +254,13 @@ impl crate::message_handler::MessageHandler{
 					ispublic:None,
 					allowComments:None,
 					groupId:None,
-				},data).await.map_err(ValidateError::AssetUpload)?;
+				},data).await.map_err(Error::AssetUpload)?;
 
-				response.AssetId
+				(response.AssetId,response.AssetVersion)
 			}else{
-				// grab the map instance from the map re
+				// grab the map instance from the map ref
 				let Some(map_instance)=dom.get_by_ref(map_ref)else{
-					return Err(ValidateError::ModelFileChildRefIsNil);
+					return Err(Error::ModelFileChildRefIsNil);
 				};
 				// create new model
 				let response=self.cookie_context.create(rbx_asset::cookie::CreateRequest{
@@ -247,46 +269,37 @@ impl crate::message_handler::MessageHandler{
 					ispublic:true,
 					allowComments:true,
 					groupId:None,
-				},data).await.map_err(ValidateError::AssetCreate)?;
+				},data).await.map_err(Error::AssetCreate)?;
 
-				response.AssetId
-			};
-
-			match validate_info.ResourceID{
-				ResourceID::Mapfix(mapfix_id)=>{
-					// update the mapfix to use the validated model
-					self.api.update_mapfix_validated_model(submissions_api::types::UpdateMapfixModelRequest{
-						MapfixID:mapfix_id,
-						ModelID:model_id,
-						ModelVersion:1, //TODO
-					}).await.map_err(ValidateError::ApiUpdateMapfixModel)?;
-				},
-				ResourceID::Submission(submission_id)=>{
-					// update the submission to use the validated model
-					self.api.update_submission_validated_model(submissions_api::types::UpdateSubmissionModelRequest{
-						SubmissionID:submission_id,
-						ModelID:model_id,
-						ModelVersion:1, //TODO
-					}).await.map_err(ValidateError::ApiUpdateSubmissionModel)?;
-				},
+				(response.AssetId,response.AssetVersion)
 			}
+		}else{
+			(validate_info.ModelID,validate_info.ModelVersion)
+		};
+
+		match validate_info.Resource{
+			Resource::Mapfix(mapfix_id)=>{
+				// update the mapfix to use the validated model
+				self.api.update_mapfix_validated_model(submissions_api::types::UpdateMapfixModelRequest{
+					MapfixID:mapfix_id,
+					ModelID:validated_model_id,
+					ModelVersion:validated_model_version,
+				}).await.map_err(Error::ApiUpdateMapfixModel)?;
+			},
+			Resource::Submission(submission_id)=>{
+				// update the submission to use the validated model
+				self.api.update_submission_validated_model(submissions_api::types::UpdateSubmissionModelRequest{
+					SubmissionID:submission_id,
+					ModelID:validated_model_id,
+					ModelVersion:validated_model_version,
+				}).await.map_err(Error::ApiUpdateSubmissionModel)?;
+			},
 		}
 
 		Ok(())
 	}
 }
 
-fn recursive_collect_superclass(objects:&mut std::vec::Vec<rbx_dom_weak::types::Ref>,dom:&rbx_dom_weak::WeakDom,instance:&rbx_dom_weak::Instance,superclass:&str){
-	for &referent in instance.children(){
-		if let Some(c)=dom.get_by_ref(referent){
-			if class_is_a(c.class.as_str(),superclass){
-				objects.push(c.referent());//copy ref
-			}
-			recursive_collect_superclass(objects,dom,c,superclass);
-		}
-	}
-}
-
 fn get_partial_path(dom:&rbx_dom_weak::WeakDom,instance:&rbx_dom_weak::Instance)->String{
 	let mut names:Vec<_>=core::iter::successors(
 		Some(instance),
@@ -301,7 +314,11 @@ fn get_partial_path(dom:&rbx_dom_weak::WeakDom,instance:&rbx_dom_weak::Instance)
 }
 
 fn get_script_refs(dom:&rbx_dom_weak::WeakDom)->Vec<rbx_dom_weak::types::Ref>{
-	let mut scripts=std::vec::Vec::new();
-	recursive_collect_superclass(&mut scripts,dom,dom.root(),"LuaSourceContainer");
-	scripts
+	let db=rbx_reflection_database::get();
+	let superclass=&db.classes["LuaSourceContainer"];
+	dom.descendants().filter_map(|inst|{
+		let class=db.classes.get(inst.class.as_str())?;
+		db.has_superclass(class,superclass)
+			.then_some(inst.referent())
+	}).collect()
 }

web/Containerfile

@@ -1,4 +1,4 @@
-FROM oven/bun:latest
+FROM registry.itzana.me/docker-proxy/oven/bun:1.2.8
 
 WORKDIR /app
 
@@ -10,4 +10,4 @@ ENV NEXT_TELEMETRY_DISABLED=1
 
 RUN bun install
 RUN bun run build
-ENTRYPOINT ["bun", "run", "start"]
+ENTRYPOINT ["bun", "run", "start"]

web/package.json

@@ -13,18 +13,19 @@
     "@emotion/styled": "^11.14.0",
     "@mui/icons-material": "^6.1.10",
     "@mui/material": "^6.1.10",
+    "date-fns": "^4.1.0",
     "next": "^15.1.0",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "sass": "^1.82.0"
   },
   "devDependencies": {
-    "typescript": "^5.7.2",
+    "@eslint/eslintrc": "^3.2.0",
     "@types/node": "^20.17.9",
     "@types/react": "^19.0.1",
     "@types/react-dom": "^19.0.2",
     "eslint": "^9.16.0",
     "eslint-config-next": "15.1.0",
-    "@eslint/eslintrc": "^3.2.0"
+    "typescript": "^5.7.2"
   }
 }

web/src/app/_components/ErrorDisplay.tsx

@@ -0,0 +1,43 @@
+import { Button, Container, Paper, Typography } from "@mui/material";
+import Webpage from "@/app/_components/webpage";
+
+interface ErrorDisplayProps {
+    title: string;
+    message: string;
+    buttonText?: string;
+    onButtonClick?: () => void;
+}
+
+export function ErrorDisplay({
+                                 title,
+                                 message,
+                                 buttonText,
+                                 onButtonClick
+                             }: ErrorDisplayProps) {
+    return (
+        <Webpage>
+            <Container maxWidth="lg" sx={{ py: 6 }}>
+                <Paper
+                    elevation={3}
+                    sx={{
+                        p: 4,
+                        textAlign: 'center',
+                        borderRadius: 2
+                    }}
+                >
+                    <Typography variant="h5" gutterBottom>{title}</Typography>
+                    <Typography variant="body1">{message}</Typography>
+                    {buttonText && onButtonClick && (
+                        <Button
+                            variant="contained"
+                            onClick={onButtonClick}
+                            sx={{ mt: 3 }}
+                        >
+                            {buttonText}
+                        </Button>
+                    )}
+                </Paper>
+            </Container>
+        </Webpage>
+    );
+}

web/src/app/_components/carousel.tsx

@@ -0,0 +1,151 @@
+import {Box, IconButton, Typography} from "@mui/material";
+import {useEffect, useRef, useState} from "react";
+import Link from "next/link";
+import ArrowBackIosNewIcon from "@mui/icons-material/ArrowBackIosNew";
+import ArrowForwardIosIcon from "@mui/icons-material/ArrowForwardIos";
+import {SubmissionInfo} from "@/app/ts/Submission";
+import {MapfixInfo} from "@/app/ts/Mapfix";
+
+// Type for the items in the carousel
+type CarouselItem = SubmissionInfo | MapfixInfo;
+
+// Props for the Carousel component
+interface CarouselProps<T extends CarouselItem> {
+    title: string;
+    items: T[] | undefined;
+    renderItem: (item: T) => React.ReactNode;
+    viewAllLink: string;
+}
+
+export function Carousel<T extends CarouselItem>({ title, items, renderItem, viewAllLink }: CarouselProps<T>) {
+    const carouselRef = useRef<HTMLDivElement | null>(null);
+    const [scrollPosition, setScrollPosition] = useState<number>(0);
+    const [maxScroll, setMaxScroll] = useState<number>(0);
+
+    const SCROLL_AMOUNT = 300;
+
+    useEffect(() => {
+        if (carouselRef.current) {
+            const scrollWidth = carouselRef.current.scrollWidth;
+            const clientWidth = carouselRef.current.clientWidth;
+            setMaxScroll(scrollWidth - clientWidth);
+        }
+    }, [items]);
+
+    const scroll = (direction: 'left' | 'right'): void => {
+        if (carouselRef.current) {
+            const scrollAmount = direction === 'left' ? -SCROLL_AMOUNT : SCROLL_AMOUNT;
+
+            carouselRef.current.scrollBy({
+                left: scrollAmount,
+                behavior: 'smooth'
+            });
+
+            setTimeout(() => {
+                if (carouselRef.current) {
+                    setScrollPosition(carouselRef.current.scrollLeft);
+                }
+            }, 300);
+        }
+    };
+
+    useEffect(() => {
+        const handleScroll = () => {
+            if (carouselRef.current) {
+                setScrollPosition(carouselRef.current.scrollLeft);
+            }
+        };
+
+        const ref = carouselRef.current;
+        if (ref) {
+            ref.addEventListener('scroll', handleScroll);
+            return () => ref.removeEventListener('scroll', handleScroll);
+        }
+    }, []);
+
+    return (
+        <Box mb={6}>
+            <Box display="flex" justifyContent="space-between" alignItems="center" mb={2}>
+                <Typography variant="h4" component="h2" fontWeight="bold">
+                    {title}
+                </Typography>
+                <Link href={viewAllLink} style={{textDecoration: 'none'}}>
+                    <Typography component="span" color="primary">
+                        View All →
+                    </Typography>
+                </Link>
+            </Box>
+
+            <Box position="relative">
+                <IconButton
+                    sx={{
+                        position: 'absolute',
+                        left: -20,
+                        top: '50%',
+                        transform: 'translateY(-50%)',
+                        zIndex: 2,
+                        backgroundColor: 'background.paper',
+                        boxShadow: 2,
+                        '&:hover': {
+                            backgroundColor: 'action.hover',
+                        },
+                        visibility: scrollPosition <= 5 ? 'hidden' : 'visible',
+                    }}
+                    onClick={() => scroll('left')}
+                >
+                    <ArrowBackIosNewIcon />
+                </IconButton>
+
+                <Box
+                    ref={carouselRef}
+                    sx={{
+                        display: 'flex',
+                        overflowX: 'auto',
+                        scrollbarWidth: 'none',
+                        msOverflowStyle: 'none',
+                        '&::-webkit-scrollbar': {
+                            display: 'none',
+                        },
+                        gap: '16px', // Fixed 16px gap - using string with px unit to ensure it's absolute
+                        padding: '8px 4px',
+                    }}
+                >
+                    {items?.map((item, index) => (
+                        <Box
+                            key={index}
+                            sx={{
+                                flex: '0 0 auto',
+                                width: {
+                                    xs: '260px', // Fixed width at different breakpoints
+                                    sm: '280px',
+                                    md: '300px'
+                                }
+                            }}
+                        >
+                            {renderItem(item)}
+                        </Box>
+                    ))}
+                </Box>
+
+                <IconButton
+                    sx={{
+                        position: 'absolute',
+                        right: -20,
+                        top: '50%',
+                        transform: 'translateY(-50%)',
+                        zIndex: 2,
+                        backgroundColor: 'background.paper',
+                        boxShadow: 2,
+                        '&:hover': {
+                            backgroundColor: 'action.hover',
+                        },
+                        visibility: scrollPosition >= maxScroll - 5 ? 'hidden' : 'visible',
+                    }}
+                    onClick={() => scroll('right')}
+                >
+                    <ArrowForwardIosIcon />
+                </IconButton>
+            </Box>
+        </Box>
+    );
+}

web/src/app/_components/comments/AuditEventItem.tsx

@@ -0,0 +1,52 @@
+import React from 'react';
+import {
+    Box,
+    Avatar,
+    Typography,
+    Tooltip
+} from "@mui/material";
+import PersonIcon from '@mui/icons-material/Person';
+import { formatDistanceToNow, format } from "date-fns";
+import { AuditEvent, decodeAuditEvent as auditEventMessage } from "@/app/ts/AuditEvent";
+
+interface AuditEventItemProps {
+    event: AuditEvent;
+    validatorUser: number;
+}
+
+export default function AuditEventItem({ event, validatorUser }: AuditEventItemProps) {
+    return (
+        <Box sx={{ display: 'flex', gap: 2 }}>
+            <Avatar
+                src={event.User === validatorUser ? undefined : `/thumbnails/user/${event.User}`}
+            >
+                <PersonIcon />
+            </Avatar>
+            <Box sx={{ flexGrow: 1 }}>
+                <Box sx={{ display: 'flex', justifyContent: 'space-between' }}>
+                    <Typography variant="subtitle2">
+                        {event.User === validatorUser ? "Validator" : event.Username || "Unknown"}
+                    </Typography>
+                    <DateDisplay date={event.Date} />
+                </Box>
+                <Typography variant="body2">{auditEventMessage(event)}</Typography>
+            </Box>
+        </Box>
+    );
+}
+
+interface DateDisplayProps {
+    date: number;
+}
+
+function DateDisplay({ date }: DateDisplayProps) {
+    return (
+        <Typography variant="caption" color="text.secondary">
+            <Tooltip title={format(new Date(date * 1000), 'PPpp')}>
+                <Typography variant="caption" color="text.secondary">
+                    {formatDistanceToNow(new Date(date * 1000), { addSuffix: true })}
+                </Typography>
+            </Tooltip>
+        </Typography>
+    );
+}

web/src/app/_components/comments/AuditEventsTabPanel.tsx

@@ -0,0 +1,39 @@
+import React from 'react';
+import {
+    Box,
+    Stack,
+} from "@mui/material";
+import { AuditEvent, AuditEventType } from "@/app/ts/AuditEvent";
+import AuditEventItem from './AuditEventItem';
+
+interface AuditEventsTabPanelProps {
+    activeTab: number;
+    auditEvents: AuditEvent[];
+    validatorUser: number;
+}
+
+export default function AuditEventsTabPanel({
+                                                activeTab,
+                                                auditEvents,
+                                                validatorUser
+                                            }: AuditEventsTabPanelProps) {
+    const filteredEvents = auditEvents.filter(
+        event => event.EventType !== AuditEventType.Comment
+    );
+
+    return (
+        <Box role="tabpanel" hidden={activeTab !== 1}>
+            {activeTab === 1 && (
+                <Stack spacing={2}>
+                    {filteredEvents.map((event, index) => (
+                        <AuditEventItem
+                            key={index}
+                            event={event}
+                            validatorUser={validatorUser}
+                        />
+                    ))}
+                </Stack>
+            )}
+        </Box>
+    );
+}

web/src/app/_components/comments/CommentItem.tsx

@@ -0,0 +1,52 @@
+import React from 'react';
+import {
+    Box,
+    Avatar,
+    Typography,
+    Tooltip
+} from "@mui/material";
+import PersonIcon from '@mui/icons-material/Person';
+import { formatDistanceToNow, format } from "date-fns";
+import { AuditEvent, decodeAuditEvent } from "@/app/ts/AuditEvent";
+
+interface CommentItemProps {
+    event: AuditEvent;
+    validatorUser: number;
+}
+
+export default function CommentItem({ event, validatorUser }: CommentItemProps) {
+    return (
+        <Box sx={{ display: 'flex', gap: 2 }}>
+            <Avatar
+                src={event.User === validatorUser ? undefined : `/thumbnails/user/${event.User}`}
+            >
+                <PersonIcon />
+            </Avatar>
+            <Box sx={{ flexGrow: 1 }}>
+                <Box sx={{ display: 'flex', justifyContent: 'space-between' }}>
+                    <Typography variant="subtitle2">
+                        {event.User === validatorUser ? "Validator" : event.Username || "Unknown"}
+                    </Typography>
+                    <DateDisplay date={event.Date} />
+                </Box>
+                <Typography variant="body2">{decodeAuditEvent(event)}</Typography>
+            </Box>
+        </Box>
+    );
+}
+
+interface DateDisplayProps {
+    date: number;
+}
+
+function DateDisplay({ date }: DateDisplayProps) {
+    return (
+        <Typography variant="caption" color="text.secondary">
+            <Tooltip title={format(new Date(date * 1000), 'PPpp')}>
+                <Typography variant="caption" color="text.secondary">
+                    {formatDistanceToNow(new Date(date * 1000), { addSuffix: true })}
+                </Typography>
+            </Tooltip>
+        </Typography>
+    );
+}