@arcis/node 1.3.0 → 1.4.0

package/dist/sanitizers/sanitize.d.ts

@@ -0,0 +1,51 @@
+/**
+ * @module @arcis/node/sanitizers/sanitize
+ * Main sanitization functions that combine all sanitizers
+ */
+import type { RequestHandler } from 'express';
+import type { SanitizeOptions } from '../core/types';
+/**
+ * Sanitize a string value against multiple attack vectors.
+ *
+ * Order matters: We do XSS encoding LAST because:
+ * 1. Other sanitizers need to see the original patterns (e.g., SQL keywords)
+ * 2. HTML encoding is the final safe output transformation
+ * 3. Encoded entities like < shouldn't be treated as SQL/command threats
+ *
+ * @param value - The string to sanitize
+ * @param options - Sanitization options
+ * @returns The sanitized string
+ *
+ * @example
+ * sanitizeString("<script>alert('xss')</script>")
+ * // Returns: "&lt;script&gt;alert(&#x27;xss&#x27;)&lt;/script&gt;"
+ *
+ * @example
+ * sanitizeString("../../etc/passwd")
+ * // Returns: "etc/passwd"
+ */
+export declare function sanitizeString(value: string, options?: SanitizeOptions): string;
+/**
+ * Sanitize an object recursively, including nested objects and arrays.
+ * Also removes prototype pollution and NoSQL injection keys.
+ *
+ * @param obj - The object to sanitize
+ * @param options - Sanitization options
+ * @returns The sanitized object
+ */
+export declare function sanitizeObject(obj: unknown, options?: SanitizeOptions): unknown;
+/**
+ * Create Express middleware for request sanitization.
+ * Sanitizes req.body, req.query, and req.params.
+ *
+ * @param options - Sanitization options
+ * @returns Express middleware
+ *
+ * @example
+ * app.use(createSanitizer());
+ *
+ * @example
+ * app.use(createSanitizer({ xss: true, sql: true, nosql: true }));
+ */
+export declare function createSanitizer(options?: SanitizeOptions): RequestHandler;
+//# sourceMappingURL=sanitize.d.ts.map

package/dist/sanitizers/sanitize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../../src/sanitizers/sanitize.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAG/E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAMrD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,GAAE,eAAoB,GAAG,MAAM,CA8CnF;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,GAAE,eAAoB,GAAG,OAAO,CAQnF;AA+CD;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAAC,OAAO,GAAE,eAAoB,GAAG,cAAc,CAoB7E"}

package/dist/sanitizers/sql.d.ts

@@ -0,0 +1,28 @@
+/**
+ * @module @arcis/node/sanitizers/sql
+ * SQL injection prevention
+ */
+import type { SanitizeResult } from '../core/types';
+/**
+ * Sanitizes a string to prevent SQL injection attacks.
+ * Replaces dangerous SQL patterns with [BLOCKED].
+ *
+ * @param input - The string to sanitize
+ * @param collectThreats - Whether to collect threat information (default: false for performance)
+ * @returns Sanitized string or SanitizeResult if collectThreats is true
+ *
+ * @example
+ * sanitizeSql("'; DROP TABLE users; --")
+ * // Returns: "';  TABLE users  "
+ */
+export declare function sanitizeSql(input: string, collectThreats?: false): string;
+export declare function sanitizeSql(input: string, collectThreats: true): SanitizeResult;
+/**
+ * Checks if a string contains potential SQL injection patterns.
+ * Does not sanitize — use sanitizeSql() for that.
+ *
+ * @param input - The string to check
+ * @returns True if SQL injection patterns detected
+ */
+export declare function detectSql(input: string): boolean;
+//# sourceMappingURL=sql.d.ts.map

package/dist/sanitizers/sql.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sql.d.ts","sourceRoot":"","sources":["../../src/sanitizers/sql.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAc,MAAM,eAAe,CAAC;AAEhE;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;AAC3E,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,GAAG,cAAc,CAAC;AA8CjF;;;;;;GAMG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAWhD"}

package/dist/sanitizers/ssti.d.ts

@@ -0,0 +1,20 @@
+/**
+ * @module @arcis/node/sanitizers/ssti
+ * Server-Side Template Injection (SSTI) prevention
+ */
+import type { SanitizeResult } from '../core/types';
+/**
+ * Sanitizes a string to prevent SSTI attacks.
+ * Removes template expression syntax.
+ */
+export declare function sanitizeSsti(input: string, collectThreats?: false): string;
+export declare function sanitizeSsti(input: string, collectThreats: true): SanitizeResult;
+/**
+ * Checks if a string contains SSTI patterns.
+ * Does not sanitize — use sanitizeSsti() for that.
+ *
+ * @param input - The string to check
+ * @returns True if SSTI patterns detected
+ */
+export declare function detectSsti(input: string): boolean;
+//# sourceMappingURL=ssti.d.ts.map

package/dist/sanitizers/ssti.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssti.d.ts","sourceRoot":"","sources":["../../src/sanitizers/ssti.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAc,MAAM,eAAe,CAAC;AAkChE;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;AAC5E,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,GAAG,cAAc,CAAC;AA0ClF;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAWjD"}

package/dist/sanitizers/utils.d.ts

@@ -0,0 +1,19 @@
+/**
+ * @module @arcis/node/sanitizers/utils
+ * Shared utilities for sanitizers
+ */
+/**
+ * Encodes HTML entities to prevent interpretation as markup.
+ *
+ * @param str - The string to encode
+ * @returns The encoded string
+ */
+export declare function encodeHtmlEntities(str: string): string;
+/**
+ * Checks if a value is a plain object (not null, array, Date, etc.)
+ *
+ * @param value - Value to check
+ * @returns True if plain object
+ */
+export declare function isPlainObject(value: unknown): value is Record<string, unknown>;
+//# sourceMappingURL=utils.d.ts.map

package/dist/sanitizers/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/sanitizers/utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAOtD;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAS9E"}

package/dist/sanitizers/xss.d.ts

@@ -0,0 +1,35 @@
+/**
+ * @module @arcis/node/sanitizers/xss
+ * XSS (Cross-Site Scripting) prevention
+ */
+import type { SanitizeResult } from '../core/types';
+/**
+ * Sanitizes a string to prevent XSS attacks.
+ *
+ * Strategy:
+ * 1. Remove dangerous patterns (script tags, event handlers, etc.)
+ * 2. HTML-encode the remaining content
+ *
+ * @param input - The string to sanitize
+ * @param collectThreats - Whether to collect threat information (default: false for performance)
+ * @returns Sanitized string or SanitizeResult if collectThreats is true
+ *
+ * @example
+ * sanitizeXss("<script>alert('xss')</script>")
+ * // Returns: "&lt;script&gt;alert(&#x27;xss&#x27;)&lt;/script&gt;"
+ *
+ * @example
+ * sanitizeXss("<img onerror='alert(1)'>")
+ * // Returns: "&lt;img&gt;" (event handler removed)
+ */
+export declare function sanitizeXss(input: string, collectThreats?: false, htmlEncode?: boolean): string;
+export declare function sanitizeXss(input: string, collectThreats: true, htmlEncode?: boolean): SanitizeResult;
+/**
+ * Checks if a string contains potential XSS patterns.
+ * Does not sanitize — use sanitizeXss() for that.
+ *
+ * @param input - The string to check
+ * @returns True if XSS patterns detected
+ */
+export declare function detectXss(input: string): boolean;
+//# sourceMappingURL=xss.d.ts.map

package/dist/sanitizers/xss.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"xss.d.ts","sourceRoot":"","sources":["../../src/sanitizers/xss.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAc,MAAM,eAAe,CAAC;AAEhE;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;AACjG,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,OAAO,GAAG,cAAc,CAAC;AAwDvG;;;;;;GAMG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAoBhD"}

package/dist/sanitizers/xxe.d.ts

@@ -0,0 +1,20 @@
+/**
+ * @module @arcis/node/sanitizers/xxe
+ * XML External Entity (XXE) injection prevention
+ */
+import type { SanitizeResult } from '../core/types';
+/**
+ * Sanitizes a string to prevent XXE attacks.
+ * Removes DOCTYPE, ENTITY, and CDATA constructs.
+ */
+export declare function sanitizeXxe(input: string, collectThreats?: false): string;
+export declare function sanitizeXxe(input: string, collectThreats: true): SanitizeResult;
+/**
+ * Checks if a string contains XXE patterns.
+ * Does not sanitize — use sanitizeXxe() for that.
+ *
+ * @param input - The string to check
+ * @returns True if XXE patterns detected
+ */
+export declare function detectXxe(input: string): boolean;
+//# sourceMappingURL=xxe.d.ts.map

package/dist/sanitizers/xxe.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"xxe.d.ts","sourceRoot":"","sources":["../../src/sanitizers/xxe.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAc,MAAM,eAAe,CAAC;AAiChE;;;GAGG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;AAC3E,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,GAAG,cAAc,CAAC;AA0CjF;;;;;;GAMG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAWhD"}

package/dist/stores/index.d.ts

@@ -1,106 +1,8 @@
-import { g as RateLimitStore, R as RateLimitEntry } from '../types-BOkx5YJc.js';
-import 'express';
-
 /**
- * @module @arcis/node/stores/memory
- * In-memory rate limit store
+ * @module @arcis/node/stores
+ * Rate limit stores for Arcis
  */
-
-/**
- * In-memory rate limit store.
- * Suitable for single-instance deployments.
- * For distributed systems, use RedisStore or a custom store.
- *
- * @example
- * const store = new MemoryStore(60000); // 1 minute window
- * const limiter = createRateLimiter({ store });
- */
-declare class MemoryStore implements RateLimitStore {
-    private store;
-    private cleanupInterval;
-    private windowMs;
-    constructor(windowMs?: number);
-    /**
-     * Start the cleanup interval to remove expired entries.
-     */
-    private startCleanup;
-    get(key: string): Promise<RateLimitEntry | null>;
-    set(key: string, entry: RateLimitEntry): Promise<void>;
-    increment(key: string): Promise<number>;
-    decrement(key: string): Promise<void>;
-    reset(key: string): Promise<void>;
-    close(): Promise<void>;
-    /**
-     * Get current store size (for monitoring).
-     */
-    get size(): number;
-}
-
-/**
- * @module @arcis/node/stores/redis
- * Redis rate limit store
- *
- * Note: This is a reference implementation. You'll need to install
- * the 'ioredis' or 'redis' package and pass your client instance.
- */
-
-/** Generic Redis client interface (works with ioredis, redis, etc.) */
-interface RedisClientLike {
-    get(key: string): Promise<string | null>;
-    set(key: string, value: string, mode?: string, duration?: number): Promise<unknown>;
-    setex(key: string, seconds: number, value: string): Promise<unknown>;
-    expire(key: string, seconds: number): Promise<unknown>;
-    incr(key: string): Promise<number>;
-    decr(key: string): Promise<number>;
-    del(key: string): Promise<number>;
-    ttl(key: string): Promise<number>;
-    quit?(): Promise<unknown>;
-    disconnect?(): Promise<unknown>;
-}
-interface RedisStoreOptions {
-    /** Redis client instance */
-    client: RedisClientLike;
-    /** Key prefix. Default: 'arcis:rl:' */
-    prefix?: string;
-    /** Window size in milliseconds. Default: 60000 */
-    windowMs?: number;
-}
-/**
- * Redis rate limit store for distributed deployments.
- *
- * @example
- * import Redis from 'ioredis';
- *
- * const redis = new Redis();
- * const store = new RedisStore({ client: redis });
- * const limiter = createRateLimiter({ store });
- *
- * // Cleanup on shutdown
- * process.on('SIGTERM', async () => {
- *   await store.close();
- * });
- */
-declare class RedisStore implements RateLimitStore {
-    private client;
-    private prefix;
-    private windowMs;
-    private windowSec;
-    constructor(options: RedisStoreOptions);
-    private getKey;
-    get(key: string): Promise<RateLimitEntry | null>;
-    set(key: string, entry: RateLimitEntry): Promise<void>;
-    increment(key: string): Promise<number>;
-    decrement(key: string): Promise<void>;
-    reset(key: string): Promise<void>;
-    close(): Promise<void>;
-}
-/**
- * Create a Redis store with the given options.
- * Convenience function for functional programming style.
- *
- * @example
- * const store = createRedisStore({ client: redisClient });
- */
-declare function createRedisStore(options: RedisStoreOptions): RedisStore;
-
-export { MemoryStore, type RedisClientLike, RedisStore, type RedisStoreOptions, createRedisStore };
+export { MemoryStore } from './memory';
+export { RedisStore, createRedisStore } from './redis';
+export type { RedisClientLike, RedisStoreOptions } from './redis';
+//# sourceMappingURL=index.d.ts.map

package/dist/stores/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/stores/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AACvD,YAAY,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC"}

package/dist/stores/memory.d.ts

@@ -0,0 +1,35 @@
+/**
+ * @module @arcis/node/stores/memory
+ * In-memory rate limit store
+ */
+import type { RateLimitStore, RateLimitEntry } from '../core/types';
+/**
+ * In-memory rate limit store.
+ * Suitable for single-instance deployments.
+ * For distributed systems, use RedisStore or a custom store.
+ *
+ * @example
+ * const store = new MemoryStore(60000); // 1 minute window
+ * const limiter = createRateLimiter({ store });
+ */
+export declare class MemoryStore implements RateLimitStore {
+    private store;
+    private cleanupInterval;
+    private windowMs;
+    constructor(windowMs?: number);
+    /**
+     * Start the cleanup interval to remove expired entries.
+     */
+    private startCleanup;
+    get(key: string): Promise<RateLimitEntry | null>;
+    set(key: string, entry: RateLimitEntry): Promise<void>;
+    increment(key: string): Promise<number>;
+    decrement(key: string): Promise<void>;
+    reset(key: string): Promise<void>;
+    close(): Promise<void>;
+    /**
+     * Get current store size (for monitoring).
+     */
+    get size(): number;
+}
+//# sourceMappingURL=memory.d.ts.map

package/dist/stores/memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../src/stores/memory.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGpE;;;;;;;;GAQG;AACH,qBAAa,WAAY,YAAW,cAAc;IAChD,OAAO,CAAC,KAAK,CAA0C;IACvD,OAAO,CAAC,eAAe,CAA+C;IACtE,OAAO,CAAC,QAAQ,CAAS;gBAEb,QAAQ,GAAE,MAAqC;IAU3D;;OAEG;IACH,OAAO,CAAC,YAAY;IAuBd,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAahD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAItD,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAcvC,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOrC,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ5B;;OAEG;IACH,IAAI,IAAI,IAAI,MAAM,CAEjB;CACF"}

package/dist/stores/{index.d.mts → redis.d.ts}

@@ -1,41 +1,3 @@
-import { g as RateLimitStore, R as RateLimitEntry } from '../types-BOkx5YJc.mjs';
-import 'express';
-
-/**
- * @module @arcis/node/stores/memory
- * In-memory rate limit store
- */
-
-/**
- * In-memory rate limit store.
- * Suitable for single-instance deployments.
- * For distributed systems, use RedisStore or a custom store.
- *
- * @example
- * const store = new MemoryStore(60000); // 1 minute window
- * const limiter = createRateLimiter({ store });
- */
-declare class MemoryStore implements RateLimitStore {
-    private store;
-    private cleanupInterval;
-    private windowMs;
-    constructor(windowMs?: number);
-    /**
-     * Start the cleanup interval to remove expired entries.
-     */
-    private startCleanup;
-    get(key: string): Promise<RateLimitEntry | null>;
-    set(key: string, entry: RateLimitEntry): Promise<void>;
-    increment(key: string): Promise<number>;
-    decrement(key: string): Promise<void>;
-    reset(key: string): Promise<void>;
-    close(): Promise<void>;
-    /**
-     * Get current store size (for monitoring).
-     */
-    get size(): number;
-}
-
 /**
  * @module @arcis/node/stores/redis
  * Redis rate limit store
@@ -43,9 +5,9 @@ declare class MemoryStore implements RateLimitStore {
  * Note: This is a reference implementation. You'll need to install
  * the 'ioredis' or 'redis' package and pass your client instance.
  */
-
+import type { RateLimitStore, RateLimitEntry } from '../core/types';
 /** Generic Redis client interface (works with ioredis, redis, etc.) */
-interface RedisClientLike {
+export interface RedisClientLike {
     get(key: string): Promise<string | null>;
     set(key: string, value: string, mode?: string, duration?: number): Promise<unknown>;
     setex(key: string, seconds: number, value: string): Promise<unknown>;
@@ -57,7 +19,7 @@ interface RedisClientLike {
     quit?(): Promise<unknown>;
     disconnect?(): Promise<unknown>;
 }
-interface RedisStoreOptions {
+export interface RedisStoreOptions {
     /** Redis client instance */
     client: RedisClientLike;
     /** Key prefix. Default: 'arcis:rl:' */
@@ -80,7 +42,7 @@ interface RedisStoreOptions {
  *   await store.close();
  * });
  */
-declare class RedisStore implements RateLimitStore {
+export declare class RedisStore implements RateLimitStore {
     private client;
     private prefix;
     private windowMs;
@@ -101,6 +63,5 @@ declare class RedisStore implements RateLimitStore {
  * @example
  * const store = createRedisStore({ client: redisClient });
  */
-declare function createRedisStore(options: RedisStoreOptions): RedisStore;
-
-export { MemoryStore, type RedisClientLike, RedisStore, type RedisStoreOptions, createRedisStore };
+export declare function createRedisStore(options: RedisStoreOptions): RedisStore;
+//# sourceMappingURL=redis.d.ts.map

package/dist/stores/redis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redis.d.ts","sourceRoot":"","sources":["../../src/stores/redis.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGpE,uEAAuE;AACvE,MAAM,WAAW,eAAe;IAC9B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACpF,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACrE,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACvD,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACnC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACnC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,IAAI,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1B,UAAU,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,iBAAiB;IAChC,4BAA4B;IAC5B,MAAM,EAAE,eAAe,CAAC;IACxB,uCAAuC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,UAAW,YAAW,cAAc;IAC/C,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,SAAS,CAAS;gBAEd,OAAO,EAAE,iBAAiB;IAOtC,OAAO,CAAC,MAAM;IAIR,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAwBhD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAQtD,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgBvC,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKrC,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKjC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAI7B;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,iBAAiB,GAAG,UAAU,CAEvE"}

package/dist/utils/duration.d.ts

@@ -0,0 +1,34 @@
+/**
+ * @module @arcis/node/utils/duration
+ * Parse human-readable duration strings into milliseconds.
+ *
+ * Supports: ms, s, m, h, d
+ *
+ * @example
+ * parseDuration('5m')    // 300000
+ * parseDuration('2h')    // 7200000
+ * parseDuration(60000)   // 60000 (passthrough)
+ * parseDuration('500ms') // 500
+ */
+/**
+ * Parse a duration string or number into milliseconds.
+ *
+ * @param value - Duration string (e.g. "5m", "2h", "30s") or number (ms)
+ * @returns Duration in milliseconds
+ * @throws {Error} If the value is not a valid duration
+ *
+ * @example
+ * parseDuration('15m')   // 900000
+ * parseDuration('1d')    // 86400000
+ * parseDuration('500ms') // 500
+ * parseDuration(60000)   // 60000
+ */
+export declare function parseDuration(value: string | number): number;
+/**
+ * Format milliseconds into a human-readable duration string.
+ *
+ * @param ms - Duration in milliseconds
+ * @returns Human-readable string (e.g. "5m", "2h 30m")
+ */
+export declare function formatDuration(ms: number): string;
+//# sourceMappingURL=duration.d.ts.map

package/dist/utils/duration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"duration.d.ts","sourceRoot":"","sources":["../../src/utils/duration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAeH;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CA4B5D;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAiBjD"}

package/dist/utils/fingerprint.d.ts

@@ -0,0 +1,64 @@
+/**
+ * @module @arcis/node/utils/fingerprint
+ * Deterministic request fingerprinting via SHA-256.
+ *
+ * Generates a stable hash from request characteristics for
+ * rate limiting keys, abuse detection, and analytics.
+ *
+ * @example
+ * const fp = await fingerprint(req);
+ * // "a3f2b8c1d4e5..."
+ */
+import type { DetectIpOptions } from './ip';
+export interface FingerprintOptions {
+    /** Include IP address in fingerprint. Default: true */
+    ip?: boolean;
+    /** Include User-Agent header. Default: true */
+    userAgent?: boolean;
+    /** Include Accept header. Default: true */
+    accept?: boolean;
+    /** Include Accept-Language header. Default: true */
+    acceptLanguage?: boolean;
+    /** Include Accept-Encoding header. Default: true */
+    acceptEncoding?: boolean;
+    /** Additional custom components to include */
+    custom?: string[];
+    /** IP detection options */
+    ipOptions?: DetectIpOptions;
+}
+interface RequestLike {
+    headers: Record<string, string | string[] | undefined>;
+    socket?: {
+        remoteAddress?: string;
+    };
+    connection?: {
+        remoteAddress?: string;
+    };
+    ip?: string;
+}
+/**
+ * Generate a deterministic fingerprint for a request.
+ *
+ * Creates a SHA-256 hash from configurable request components.
+ * The fingerprint is stable across requests from the same client
+ * (same IP, browser, language settings).
+ *
+ * @param req - HTTP request object
+ * @param options - Fingerprint configuration
+ * @returns Hex-encoded SHA-256 hash (64 characters)
+ *
+ * @example
+ * // Default fingerprint (IP + UA + Accept headers)
+ * const fp = fingerprint(req);
+ *
+ * @example
+ * // IP-only fingerprint (for simple rate limiting)
+ * const fp = fingerprint(req, { userAgent: false, accept: false, acceptLanguage: false, acceptEncoding: false });
+ *
+ * @example
+ * // With custom components
+ * const fp = fingerprint(req, { custom: [req.body?.userId] });
+ */
+export declare function fingerprint(req: RequestLike, options?: FingerprintOptions): string;
+export {};
+//# sourceMappingURL=fingerprint.d.ts.map

package/dist/utils/fingerprint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fingerprint.d.ts","sourceRoot":"","sources":["../../src/utils/fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAE5C,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,+CAA+C;IAC/C,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,2CAA2C;IAC3C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,oDAAoD;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,oDAAoD;IACpD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,8CAA8C;IAC9C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,2BAA2B;IAC3B,SAAS,CAAC,EAAE,eAAe,CAAC;CAC7B;AAED,UAAU,WAAW;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,MAAM,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACpC,UAAU,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAQD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,GAAE,kBAAuB,GAAG,MAAM,CAuCtF"}

package/dist/utils/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * @module @arcis/node/utils
+ * Utility functions for Arcis
+ */
+export { parseDuration, formatDuration } from './duration';
+export { detectClientIp, isPrivateIp } from './ip';
+export { fingerprint } from './fingerprint';
+export type { Platform, DetectIpOptions } from './ip';
+export type { FingerprintOptions } from './fingerprint';
+//# sourceMappingURL=index.d.ts.map

package/dist/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AACtD,YAAY,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}