@atlascrew/apparatus 0.9.0

package/dist/imposter/providers/aws.js

@@ -0,0 +1,103 @@
+import { Router } from "express";
+import { generateAwsCreds } from "../creds.js";
+import { logger } from "../../logger.js";
+const router = Router();
+const START_TIME = new Date().toISOString();
+// Simulated State
+let instanceId = `i-${Math.random().toString(16).substring(2, 10)}`;
+let region = process.env.IMPOSTER_REGION || "us-east-1";
+let az = `${region}a`;
+let privateIp = "10.0.0.50";
+let instanceType = "t3.micro";
+// Honey Creds are generated once per session usually, or rotated
+const currentCreds = generateAwsCreds("imposter-role");
+// IMDSv2 Token (Mock)
+const activeTokens = new Set();
+router.put("/latest/api/token", (req, res) => {
+    const ttl = req.headers["x-aws-ec2-metadata-token-ttl-seconds"];
+    const token = Buffer.from(`imposterv2-${Date.now()}`).toString("base64");
+    activeTokens.add(token);
+    logger.info({ ip: req.ip, ttl }, "Cloud Imposter: Minted IMDSv2 Token");
+    res.send(token);
+});
+// Middleware to check IMDSv2 Token if strict mode is simulated
+// (Skipping strict enforcement to be compatible with v1 apps, but logging usage)
+// Metadata Categories
+router.get("/latest/meta-data/", (req, res) => {
+    res.send(`ami-id
+ami-launch-index
+ami-manifest-path
+block-device-mapping/
+events/
+hostname
+iam/
+instance-action
+instance-id
+instance-type
+local-hostname
+local-ipv4
+mac
+metrics/
+network/
+placement/
+profile
+public-hostname
+public-ipv4
+public-keys/
+reservation-id
+security-groups
+services/
+spot/`);
+});
+router.get("/latest/meta-data/instance-id", (req, res) => res.send(instanceId));
+router.get("/latest/meta-data/instance-type", (req, res) => res.send(instanceType));
+router.get("/latest/meta-data/local-ipv4", (req, res) => res.send(privateIp));
+router.get("/latest/meta-data/placement/availability-zone", (req, res) => res.send(az));
+router.get("/latest/meta-data/placement/region", (req, res) => res.send(region));
+// IAM Credentials (The Honey)
+router.get("/latest/meta-data/iam/security-credentials", (req, res) => {
+    res.send("imposter-role");
+});
+router.get("/latest/meta-data/iam/security-credentials/:role", (req, res) => {
+    const role = req.params.role;
+    logger.warn({ ip: req.ip, role }, "Cloud Imposter: Client requested IAM Credentials (Honey-Creds served)");
+    res.json({
+        Code: "Success",
+        LastUpdated: START_TIME,
+        Type: "AWS-HMAC",
+        AccessKeyId: currentCreds.AccessKeyId,
+        SecretAccessKey: currentCreds.SecretAccessKey,
+        Token: currentCreds.Token,
+        Expiration: currentCreds.Expiration
+    });
+});
+// Spot Termination Simulation
+// To simulate termination, the user can call a control endpoint, or we just randomly return it?
+// Let's implement a control mechanism later. For now, it returns 404 (no action) unless toggled.
+let terminationTime = null;
+router.get("/latest/meta-data/spot/instance-action", (req, res) => {
+    if (terminationTime) {
+        res.json({
+            action: "terminate",
+            time: terminationTime
+        });
+    }
+    else {
+        res.status(404).send();
+    }
+});
+// Admin Control for Simulation
+router.post("/_imposter/aws/terminate", (req, res) => {
+    // Simulate a spot termination notice 2 minutes from now
+    const now = new Date();
+    now.setMinutes(now.getMinutes() + 2);
+    terminationTime = now.toISOString();
+    logger.info("Cloud Imposter: Scheduled Spot Termination");
+    res.json({ status: "scheduled", time: terminationTime });
+});
+router.post("/_imposter/aws/reset", (req, res) => {
+    terminationTime = null;
+    res.json({ status: "cleared" });
+});
+export const awsRouter = router;
+//# sourceMappingURL=aws.js.map

package/dist/imposter/providers/aws.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/imposter/providers/aws.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;AACxB,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;AAE5C,kBAAkB;AAClB,IAAI,UAAU,GAAG,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AACpE,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,WAAW,CAAC;AACxD,IAAI,EAAE,GAAG,GAAG,MAAM,GAAG,CAAC;AACtB,IAAI,SAAS,GAAG,WAAW,CAAC;AAC5B,IAAI,YAAY,GAAG,UAAU,CAAC;AAE9B,iEAAiE;AACjE,MAAM,YAAY,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC;AAEvD,sBAAsB;AACtB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;AAEvC,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACzC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,sCAAsC,CAAC,CAAC;IAChE,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzE,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACxB,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,qCAAqC,CAAC,CAAC;IACxE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC;AAEH,+DAA+D;AAC/D,iFAAiF;AAEjF,sBAAsB;AACtB,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC1C,GAAG,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;MAuBP,CAAC,CAAC;AACR,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,GAAG,CAAC,+BAA+B,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;AAChF,MAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;AACpF,MAAM,CAAC,GAAG,CAAC,8BAA8B,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;AAC9E,MAAM,CAAC,GAAG,CAAC,+CAA+C,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AACxF,MAAM,CAAC,GAAG,CAAC,oCAAoC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;AAEjF,8BAA8B;AAC9B,MAAM,CAAC,GAAG,CAAC,4CAA4C,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAClE,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AAC9B,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,GAAG,CAAC,kDAAkD,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACxE,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;IAC7B,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,uEAAuE,CAAC,CAAC;IAE3G,GAAG,CAAC,IAAI,CAAC;QACL,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,UAAU;QACvB,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,YAAY,CAAC,WAAW;QACrC,eAAe,EAAE,YAAY,CAAC,eAAe;QAC7C,KAAK,EAAE,YAAY,CAAC,KAAK;QACzB,UAAU,EAAE,YAAY,CAAC,UAAU;KACtC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,8BAA8B;AAC9B,gGAAgG;AAChG,iGAAiG;AACjG,IAAI,eAAe,GAAkB,IAAI,CAAC;AAE1C,MAAM,CAAC,GAAG,CAAC,wCAAwC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC9D,IAAI,eAAe,EAAE,CAAC;QAClB,GAAG,CAAC,IAAI,CAAC;YACL,MAAM,EAAE,WAAW;YACnB,IAAI,EAAE,eAAe;SACxB,CAAC,CAAC;IACP,CAAC;SAAM,CAAC;QACJ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3B,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,+BAA+B;AAC/B,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACjD,wDAAwD;IACxD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;IACrC,eAAe,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;IAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC7C,eAAe,GAAG,IAAI,CAAC;IACvB,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC"}

package/dist/imposter/providers/gcp.js

@@ -0,0 +1,26 @@
+import { Router } from "express";
+import { logger } from "../../logger.js";
+const router = Router();
+// GCP requires this header
+const HEADER_CHECK = (req, res, next) => {
+    if (req.headers["metadata-flavor"] !== "Google") {
+        return res.status(403).send("Missing Metadata-Flavor: Google header");
+    }
+    next();
+};
+router.use("/computeMetadata/v1", HEADER_CHECK);
+router.get("/computeMetadata/v1/project/project-id", (req, res) => res.send("imposter-project-dev"));
+router.get("/computeMetadata/v1/instance/id", (req, res) => res.send("1234567890123456789"));
+router.get("/computeMetadata/v1/instance/zone", (req, res) => res.send("projects/imposter-project-dev/zones/us-central1-a"));
+router.get("/computeMetadata/v1/instance/hostname", (req, res) => res.send("imposter-host.c.imposter-project-dev.internal"));
+// Service Account Token (The Honey)
+router.get("/computeMetadata/v1/instance/service-accounts/default/token", (req, res) => {
+    logger.warn({ ip: req.ip }, "Cloud Imposter: Client requested GCP Service Account Token");
+    res.json({
+        access_token: "ya29.imposter.fake.token.v1." + Date.now(),
+        expires_in: 3600,
+        token_type: "Bearer"
+    });
+});
+export const gcpRouter = router;
+//# sourceMappingURL=gcp.js.map

package/dist/imposter/providers/gcp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gcp.js","sourceRoot":"","sources":["../../../src/imposter/providers/gcp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;AAExB,2BAA2B;AAC3B,MAAM,YAAY,GAAG,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;IACnD,IAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC9C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,EAAE,CAAC;AACX,CAAC,CAAC;AAEF,MAAM,CAAC,GAAG,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;AAEhD,MAAM,CAAC,GAAG,CAAC,wCAAwC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC;AACrG,MAAM,CAAC,GAAG,CAAC,iCAAiC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC;AAC7F,MAAM,CAAC,GAAG,CAAC,mCAAmC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC,CAAC;AAC7H,MAAM,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC,CAAC;AAE7H,oCAAoC;AACpC,MAAM,CAAC,GAAG,CAAC,6DAA6D,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACnF,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,EAAE,4DAA4D,CAAC,CAAC;IAE1F,GAAG,CAAC,IAAI,CAAC;QACL,YAAY,EAAE,8BAA8B,GAAG,IAAI,CAAC,GAAG,EAAE;QACzD,UAAU,EAAE,IAAI;QAChB,UAAU,EAAE,QAAQ;KACvB,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC"}

package/dist/index.js

@@ -0,0 +1,53 @@
+import { cfg } from "./config.js";
+import { logger } from "./logger.js";
+import { createHttp1Server } from "./server-http1.js";
+import { createHttp2Server, createH2CServerIfEnabled } from "./server-http2.js";
+import { setupWebSocket } from "./server-ws.js";
+import { startL4Servers } from "./server-l4.js";
+import { startGrpcServer } from "./server-grpc.js";
+import { startBadSslServer } from "./server-bad-ssl.js";
+import { startProtocolServers } from "./server-protocols.js";
+import { startMqttServer } from "./server-mqtt.js";
+import { startIcapServer } from "./server-icap.js";
+import { startClusterNode } from "./cluster.js";
+import { startRedisServer } from "./server-redis.js";
+import { startSmtpServer } from "./server-smtp.js";
+import { startSyslogServer } from "./server-syslog.js";
+async function main() {
+    const app1 = createHttp1Server();
+    const server1 = app1.listen(cfg.portHttp1, cfg.host, () => logger.info({ port: cfg.portHttp1 }, "HTTP/1.1 server listening"));
+    // Attach WebSocket server to HTTP/1.1 server
+    setupWebSocket(server1);
+    logger.info({ path: "/ws" }, "WebSocket server attached");
+    const h2 = createHttp2Server();
+    h2.listen(cfg.portHttp2, cfg.host, () => logger.info({ port: cfg.portHttp2 }, "HTTP/2 TLS server listening"));
+    const h2c = createH2CServerIfEnabled();
+    if (h2c) {
+        const h2cPort = (cfg.portHttp1 || 8080) + 1;
+        h2c.listen(h2cPort, cfg.host, () => logger.info({ port: h2cPort }, "HTTP/2 cleartext (h2c) server listening"));
+    }
+    // Start additional protocols
+    startL4Servers();
+    startGrpcServer();
+    startBadSslServer();
+    startProtocolServers();
+    startMqttServer();
+    startIcapServer();
+    startClusterNode();
+    startRedisServer();
+    startSmtpServer();
+    startSyslogServer();
+    // Graceful shutdown
+    const shutdown = (signal) => {
+        logger.info({ signal }, "Shutdown signal received, cleaning up...");
+        // Allow some time for other processes to cleanup if they have listeners
+        setTimeout(() => process.exit(0), 500);
+    };
+    process.on("SIGTERM", () => shutdown("SIGTERM"));
+    process.on("SIGINT", () => shutdown("SIGINT"));
+}
+main().catch((err) => {
+    console.error(err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAChF,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAEvD,KAAK,UAAU,IAAI;IACf,MAAM,IAAI,GAAG,iBAAiB,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,CACtD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,EAAE,2BAA2B,CAAC,CACpE,CAAC;IAEF,6CAA6C;IAC7C,cAAc,CAAC,OAAO,CAAC,CAAC;IACxB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,2BAA2B,CAAC,CAAC;IAE1D,MAAM,EAAE,GAAG,iBAAiB,EAAE,CAAC;IAC/B,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,CACpC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,EAAE,6BAA6B,CAAC,CACtE,CAAC;IAEF,MAAM,GAAG,GAAG,wBAAwB,EAAE,CAAC;IACvC,IAAI,GAAG,EAAE,CAAC;QACN,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,CAC/B,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,yCAAyC,CAAC,CAC5E,CAAC;IACN,CAAC;IAED,6BAA6B;IAC7B,cAAc,EAAE,CAAC;IACjB,eAAe,EAAE,CAAC;IAClB,iBAAiB,EAAE,CAAC;IACpB,oBAAoB,EAAE,CAAC;IACvB,eAAe,EAAE,CAAC;IAClB,eAAe,EAAE,CAAC;IAClB,gBAAgB,EAAE,CAAC;IAEnB,gBAAgB,EAAE,CAAC;IACnB,eAAe,EAAE,CAAC;IAClB,iBAAiB,EAAE,CAAC;IAEpB,oBAAoB;IACpB,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAE,EAAE;QAChC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,0CAA0C,CAAC,CAAC;QAEpE,wEAAwE;QACxE,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnD,CAAC;AACD,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACjB,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC"}

package/dist/infra-debug.js

@@ -0,0 +1,68 @@
+import dns from "dns/promises";
+import net from "net";
+export async function dnsHandler(req, res) {
+    const target = req.query.target;
+    const type = (req.query.type || "A").toUpperCase();
+    if (!target) {
+        return res.status(400).json({ error: "Missing 'target' query parameter" });
+    }
+    try {
+        let result;
+        switch (type) {
+            case "A":
+                result = await dns.resolve4(target);
+                break;
+            case "AAAA":
+                result = await dns.resolve6(target);
+                break;
+            case "MX":
+                result = await dns.resolveMx(target);
+                break;
+            case "TXT":
+                result = await dns.resolveTxt(target);
+                break;
+            case "SRV":
+                result = await dns.resolveSrv(target);
+                break;
+            case "NS":
+                result = await dns.resolveNs(target);
+                break;
+            case "CNAME":
+                result = await dns.resolveCname(target);
+                break;
+            default:
+                return res.status(400).json({ error: `Unsupported record type: ${type}` });
+        }
+        res.json({ target, type, result });
+    }
+    catch (e) {
+        res.status(500).json({ error: e.message });
+    }
+}
+export function pingHandler(req, res) {
+    const target = req.query.target;
+    if (!target) {
+        return res.status(400).json({ error: "Missing 'target' query parameter (host:port)" });
+    }
+    const [host, portStr] = target.split(":");
+    const port = parseInt(portStr);
+    if (!host || isNaN(port)) {
+        return res.status(400).json({ error: "Invalid format. Use host:port" });
+    }
+    const start = Date.now();
+    const socket = new net.Socket();
+    socket.setTimeout(2000); // 2s timeout
+    socket.connect(port, host, () => {
+        const duration = Date.now() - start;
+        res.json({ status: "success", target, duration_ms: duration });
+        socket.destroy();
+    });
+    socket.on("error", (err) => {
+        res.status(500).json({ status: "failed", target, error: err.message });
+    });
+    socket.on("timeout", () => {
+        res.status(504).json({ status: "timeout", target });
+        socket.destroy();
+    });
+}
+//# sourceMappingURL=infra-debug.js.map

package/dist/infra-debug.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"infra-debug.js","sourceRoot":"","sources":["../src/infra-debug.ts"],"names":[],"mappings":"AACA,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,GAAG,MAAM,KAAK,CAAC;AAEtB,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,GAAY,EAAE,GAAa;IACxD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAgB,CAAC;IAC1C,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,IAAc,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAE7D,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,IAAI,CAAC;QACD,IAAI,MAAM,CAAC;QACX,QAAQ,IAAI,EAAE,CAAC;YACX,KAAK,GAAG;gBACJ,MAAM,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACpC,MAAM;YACV,KAAK,MAAM;gBACP,MAAM,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACpC,MAAM;YACV,KAAK,IAAI;gBACL,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBACrC,MAAM;YACV,KAAK,KAAK;gBACN,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;gBACtC,MAAM;YACV,KAAK,KAAK;gBACN,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;gBACtC,MAAM;YACV,KAAK,IAAI;gBACL,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBACrC,MAAM;YACV,KAAK,OAAO;gBACR,MAAM,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;gBACxC,MAAM;YACV;gBACI,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,IAAI,EAAE,EAAE,CAAC,CAAC;QACnF,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/C,CAAC;AACL,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAY,EAAE,GAAa;IACnD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAgB,CAAC;IAE1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8CAA8C,EAAE,CAAC,CAAC;IAC3F,CAAC;IAED,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IAE/B,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;IAEhC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa;IAEtC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACpC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC/D,MAAM,CAAC,OAAO,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QACvB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;QACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/jwt-debug.js

@@ -0,0 +1,272 @@
+import jwt from "jsonwebtoken";
+import * as jose from "jose";
+import { getOidcSigningMaterial } from "./oidc.js";
+const TOKEN_ISSUER = "urn:apparatus:token-forge";
+const TOKEN_AUDIENCE = "urn:apparatus:client";
+const WEAK_KEYS = ["secret", "password", "123456", "letmein", "apparatus"];
+const MAX_TOKEN_LIFETIME_SECONDS = 24 * 60 * 60;
+const EXPIRY_UNIT_SECONDS = {
+    s: 1,
+    m: 60,
+    h: 60 * 60,
+    d: 24 * 60 * 60,
+};
+const DEFAULT_FLAGS = {
+    allowNoneAlg: false,
+    allowWeakKey: false,
+    allowKeyConfusion: false,
+};
+function getBearerToken(authHeader) {
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+        return undefined;
+    }
+    const token = authHeader.slice("Bearer ".length).trim();
+    return token || undefined;
+}
+function parseDecodedJwt(token) {
+    const decoded = jwt.decode(token, { complete: true });
+    if (!decoded || typeof decoded === "string") {
+        return null;
+    }
+    return decoded;
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function sanitizeClaims(value) {
+    return isRecord(value) ? value : {};
+}
+function tokenFromRequest(req) {
+    const tokenFromBody = isRecord(req.body) && typeof req.body.token === "string"
+        ? req.body.token.trim()
+        : undefined;
+    return tokenFromBody || getBearerToken(req.headers.authorization);
+}
+/**
+ * Strips PEM armor to produce raw base64 key material used as an HMAC secret
+ * in the key-confusion simulation path.
+ */
+function toPublicKeySecret(publicKeyPem) {
+    return publicKeyPem
+        .replace(/-----BEGIN PUBLIC KEY-----/g, "")
+        .replace(/-----END PUBLIC KEY-----/g, "")
+        .replace(/\s+/g, "")
+        .trim();
+}
+function normalizeExpiresIn(value) {
+    if (!value)
+        return "1h";
+    const match = /^(\d+)([smhd])$/i.exec(value.trim());
+    if (!match)
+        return "1h";
+    const amount = Number(match[1]);
+    const unit = match[2].toLowerCase();
+    if (!Number.isFinite(amount) || amount <= 0) {
+        return "1h";
+    }
+    const seconds = amount * EXPIRY_UNIT_SECONDS[unit];
+    if (seconds > MAX_TOKEN_LIFETIME_SECONDS) {
+        return "24h";
+    }
+    return `${amount}${unit}`;
+}
+export function jwtDebugHandler(req, res) {
+    const token = getBearerToken(req.headers.authorization);
+    if (!token) {
+        return res.status(400).json({ error: "Missing or invalid Authorization header (Bearer token required)" });
+    }
+    const decoded = parseDecodedJwt(token);
+    if (!decoded) {
+        return res.status(400).json({ error: "Invalid JWT token structure" });
+    }
+    return res.json({
+        token,
+        header: decoded.header,
+        payload: decoded.payload,
+        signature: decoded.signature,
+    });
+}
+export async function jwtDebugPostHandler(req, res) {
+    const token = tokenFromRequest(req);
+    if (!token) {
+        return res.status(400).json({
+            valid: false,
+            header: {},
+            payload: {},
+            error: "Missing token in body (token) or Authorization header",
+        });
+    }
+    const decoded = parseDecodedJwt(token);
+    if (!decoded) {
+        return res.status(400).json({
+            valid: false,
+            header: {},
+            payload: {},
+            error: "Invalid JWT token structure",
+        });
+    }
+    const { keyPair } = await getOidcSigningMaterial();
+    let valid = false;
+    let error;
+    try {
+        await jose.jwtVerify(token, keyPair.publicKey, { algorithms: ["RS256"] });
+        valid = true;
+    }
+    catch (verificationError) {
+        const message = verificationError instanceof Error ? verificationError.message : "Signature verification failed";
+        error = message;
+    }
+    return res.json({
+        valid,
+        header: decoded.header,
+        payload: decoded.payload,
+        error,
+    });
+}
+export async function authForgeHandler(req, res) {
+    try {
+        const body = isRecord(req.body) ? req.body : {};
+        const claims = sanitizeClaims(body.claims);
+        const sub = typeof body.sub === "string" ? body.sub : (typeof claims.sub === "string" ? claims.sub : "analyst@example.local");
+        const role = typeof body.role === "string" ? body.role : (typeof claims.role === "string" ? claims.role : "user");
+        const expiresIn = normalizeExpiresIn(typeof body.expiresIn === "string" ? body.expiresIn : undefined);
+        const jwtPayload = {
+            ...claims,
+            iss: TOKEN_ISSUER,
+            aud: TOKEN_AUDIENCE,
+            sub,
+            role,
+        };
+        const { keyPair } = await getOidcSigningMaterial();
+        const token = await new jose.SignJWT(jwtPayload)
+            .setProtectedHeader({ alg: "RS256", kid: "simulated-key-id-1", typ: "JWT" })
+            .setIssuedAt()
+            .setExpirationTime(expiresIn)
+            .sign(keyPair.privateKey);
+        const decoded = parseDecodedJwt(token);
+        const publicKeyPem = await jose.exportSPKI(keyPair.publicKey);
+        const publicKey = toPublicKeySecret(publicKeyPem);
+        return res.json({
+            token,
+            token_type: "Bearer",
+            header: decoded?.header ?? {},
+            payload: decoded?.payload ?? {},
+            hints: {
+                weakKeys: WEAK_KEYS,
+                publicKey,
+            },
+        });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : "Token forge failed";
+        return res.status(500).json({ error: "Token forge failed", details: message });
+    }
+}
+export async function authVerifyHandler(req, res) {
+    const body = isRecord(req.body) ? req.body : {};
+    const token = typeof body.token === "string" ? body.token.trim() : "";
+    if (!token) {
+        return res.status(400).json({
+            valid: false,
+            bypassed: false,
+            mode: "invalid",
+            message: "Missing token",
+        });
+    }
+    const decoded = parseDecodedJwt(token);
+    if (!decoded) {
+        return res.status(400).json({
+            valid: false,
+            bypassed: false,
+            mode: "invalid",
+            message: "Malformed JWT",
+        });
+    }
+    const flags = {
+        allowNoneAlg: body.vulnerabilities?.allowNoneAlg ?? DEFAULT_FLAGS.allowNoneAlg,
+        allowWeakKey: body.vulnerabilities?.allowWeakKey ?? DEFAULT_FLAGS.allowWeakKey,
+        allowKeyConfusion: body.vulnerabilities?.allowKeyConfusion ?? DEFAULT_FLAGS.allowKeyConfusion,
+    };
+    const headerAlg = typeof decoded.header.alg === "string" ? decoded.header.alg : "unknown";
+    if (headerAlg === "none") {
+        if (flags.allowNoneAlg) {
+            return res.json({
+                valid: true,
+                bypassed: true,
+                mode: "none_alg",
+                message: "Signature bypass accepted via alg=none (intentional vulnerable mode)",
+                header: decoded.header,
+                payload: decoded.payload,
+            });
+        }
+        return res.status(401).json({
+            valid: false,
+            bypassed: false,
+            mode: "invalid",
+            message: "alg=none rejected",
+            header: decoded.header,
+            payload: decoded.payload,
+        });
+    }
+    const { keyPair } = await getOidcSigningMaterial();
+    try {
+        const verified = await jose.jwtVerify(token, keyPair.publicKey, { algorithms: ["RS256"] });
+        return res.json({
+            valid: true,
+            bypassed: false,
+            mode: "secure",
+            message: "Token verified against RS256 public key",
+            header: decoded.header,
+            payload: verified.payload,
+        });
+    }
+    catch {
+        // continue into vulnerable verification paths
+    }
+    if (flags.allowWeakKey) {
+        for (const weakKey of WEAK_KEYS) {
+            try {
+                const weakPayload = jwt.verify(token, weakKey, { algorithms: ["HS256"] });
+                return res.json({
+                    valid: true,
+                    bypassed: true,
+                    mode: "weak_key",
+                    message: `Token accepted with weak HMAC key: ${weakKey}`,
+                    matchedKey: weakKey,
+                    header: decoded.header,
+                    payload: weakPayload,
+                });
+            }
+            catch {
+                // continue trying dictionary entries
+            }
+        }
+    }
+    if (flags.allowKeyConfusion) {
+        const publicKeyPem = await jose.exportSPKI(keyPair.publicKey);
+        const publicKeySecret = toPublicKeySecret(publicKeyPem);
+        try {
+            const confusedPayload = jwt.verify(token, publicKeySecret, { algorithms: ["HS256"] });
+            return res.json({
+                valid: true,
+                bypassed: true,
+                mode: "key_confusion",
+                message: "Token accepted using public-key material as HMAC secret (algorithm confusion)",
+                header: decoded.header,
+                payload: confusedPayload,
+            });
+        }
+        catch {
+            // fall through to invalid response
+        }
+    }
+    return res.status(401).json({
+        valid: false,
+        bypassed: false,
+        mode: "invalid",
+        message: `Signature verification failed for alg=${headerAlg}`,
+        header: decoded.header,
+        payload: decoded.payload,
+    });
+}
+//# sourceMappingURL=jwt-debug.js.map

package/dist/jwt-debug.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-debug.js","sourceRoot":"","sources":["../src/jwt-debug.ts"],"names":[],"mappings":"AACA,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AAsBnD,MAAM,YAAY,GAAG,2BAA2B,CAAC;AACjD,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAC9C,MAAM,SAAS,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAU,CAAC;AACpF,MAAM,0BAA0B,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAChD,MAAM,mBAAmB,GAAG;IACxB,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,EAAE;IACL,CAAC,EAAE,EAAE,GAAG,EAAE;IACV,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE;CACT,CAAC;AAEX,MAAM,aAAa,GAAiC;IAChD,YAAY,EAAE,KAAK;IACnB,YAAY,EAAE,KAAK;IACnB,iBAAiB,EAAE,KAAK;CAC3B,CAAC;AAEF,SAAS,cAAc,CAAC,UAAmB;IACvC,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,KAAK,IAAI,SAAS,CAAC;AAC9B,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IAClC,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC5B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAChF,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IAClC,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAY;IAClC,MAAM,aAAa,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,QAAQ;QAC1E,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QACvB,CAAC,CAAC,SAAS,CAAC;IAChB,OAAO,aAAa,IAAI,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;AACtE,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,YAAoB;IAC3C,OAAO,YAAY;SACd,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC;SAC1C,OAAO,CAAC,2BAA2B,EAAE,EAAE,CAAC;SACxC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;SACnB,IAAI,EAAE,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAyB;IACjD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAsC,CAAC;IAExE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,OAAO,GAAG,0BAA0B,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,GAAG,MAAM,GAAG,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,GAAY,EAAE,GAAa;IACvD,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAExD,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iEAAiE,EAAE,CAAC,CAAC;IAC9G,CAAC;IAED,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;QACZ,KAAK;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS,EAAE,OAAO,CAAC,SAAS;KAC/B,CAAC,CAAC;AACP,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAY,EAAE,GAAa;IACjE,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAEpC,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACxB,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,uDAAuD;SACjE,CAAC,CAAC;IACP,CAAC;IAED,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACxB,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,6BAA6B;SACvC,CAAC,CAAC;IACP,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,sBAAsB,EAAE,CAAC;IAEnD,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,IAAI,KAAyB,CAAC;IAE9B,IAAI,CAAC;QACD,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC1E,KAAK,GAAG,IAAI,CAAC;IACjB,CAAC;IAAC,OAAO,iBAAiB,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,iBAAiB,YAAY,KAAK,CAAC,CAAC,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,+BAA+B,CAAC;QACjH,KAAK,GAAG,OAAO,CAAC;IACpB,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;QACZ,KAAK;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,KAAK;KACR,CAAC,CAAC;AACP,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAY,EAAE,GAAa;IAC9D,IAAI,CAAC;QACD,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAoB,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE3C,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;QAC9H,MAAM,IAAI,GAAG,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAClH,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAEtG,MAAM,UAAU,GAAoB;YAChC,GAAG,MAAM;YACT,GAAG,EAAE,YAAY;YACjB,GAAG,EAAE,cAAc;YACnB,GAAG;YACH,IAAI;SACP,CAAC;QAEF,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,sBAAsB,EAAE,CAAC;QAEnD,MAAM,KAAK,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;aAC3C,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,oBAAoB,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;aAC3E,WAAW,EAAE;aACb,iBAAiB,CAAC,SAAS,CAAC;aAC5B,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE9B,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QACvC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;QAElD,OAAO,GAAG,CAAC,IAAI,CAAC;YACZ,KAAK;YACL,UAAU,EAAE,QAAQ;YACpB,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,EAAE;YAC7B,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE;YAC/B,KAAK,EAAE;gBACH,QAAQ,EAAE,SAAS;gBACnB,SAAS;aACZ;SACJ,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC;QAC9E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IACnF,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,GAAY,EAAE,GAAa;IAC/D,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAqB,CAAC,CAAC,CAAC,EAAE,CAAC;IACjE,MAAM,KAAK,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAEtE,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACxB,KAAK,EAAE,KAAK;YACZ,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,eAAe;SAC3B,CAAC,CAAC;IACP,CAAC;IAED,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACxB,KAAK,EAAE,KAAK;YACZ,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,eAAe;SAC3B,CAAC,CAAC;IACP,CAAC;IAED,MAAM,KAAK,GAAiC;QACxC,YAAY,EAAE,IAAI,CAAC,eAAe,EAAE,YAAY,IAAI,aAAa,CAAC,YAAY;QAC9E,YAAY,EAAE,IAAI,CAAC,eAAe,EAAE,YAAY,IAAI,aAAa,CAAC,YAAY;QAC9E,iBAAiB,EAAE,IAAI,CAAC,eAAe,EAAE,iBAAiB,IAAI,aAAa,CAAC,iBAAiB;KAChG,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;IAE1F,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;QACvB,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACrB,OAAO,GAAG,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,IAAI;gBACd,IAAI,EAAE,UAAU;gBAChB,OAAO,EAAE,sEAAsE;gBAC/E,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;aAC3B,CAAC,CAAC;QACP,CAAC;QAED,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACxB,KAAK,EAAE,KAAK;YACZ,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,mBAAmB;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;SAC3B,CAAC,CAAC;IACP,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,sBAAsB,EAAE,CAAC;IAEnD,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3F,OAAO,GAAG,CAAC,IAAI,CAAC;YACZ,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,yCAAyC;YAClD,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,QAAQ,CAAC,OAAO;SAC5B,CAAC,CAAC;IACP,CAAC;IAAC,MAAM,CAAC;QACL,8CAA8C;IAClD,CAAC;IAED,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACrB,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACD,MAAM,WAAW,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAC1E,OAAO,GAAG,CAAC,IAAI,CAAC;oBACZ,KAAK,EAAE,IAAI;oBACX,QAAQ,EAAE,IAAI;oBACd,IAAI,EAAE,UAAU;oBAChB,OAAO,EAAE,sCAAsC,OAAO,EAAE;oBACxD,UAAU,EAAE,OAAO;oBACnB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,WAAW;iBACvB,CAAC,CAAC;YACP,CAAC;YAAC,MAAM,CAAC;gBACL,qCAAqC;YACzC,CAAC;QACL,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;QAExD,IAAI,CAAC;YACD,MAAM,eAAe,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YACtF,OAAO,GAAG,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,IAAI;gBACd,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,+EAA+E;gBACxF,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,eAAe;aAC3B,CAAC,CAAC;QACP,CAAC;QAAC,MAAM,CAAC;YACL,mCAAmC;QACvC,CAAC;IACL,CAAC;IAED,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACxB,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,yCAAyC,SAAS,EAAE;QAC7D,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;KAC3B,CAAC,CAAC;AACP,CAAC"}

package/dist/kv.js

@@ -0,0 +1,22 @@
+const store = new Map();
+export function kvHandler(req, res) {
+    const key = req.params.key;
+    if (req.method === "GET") {
+        if (store.has(key)) {
+            return res.json({ key, value: store.get(key) });
+        }
+        else {
+            return res.status(404).json({ error: "Key not found" });
+        }
+    }
+    if (req.method === "POST" || req.method === "PUT") {
+        const value = req.body;
+        store.set(key, value);
+        return res.json({ message: "Set", key, value });
+    }
+    if (req.method === "DELETE") {
+        store.delete(key);
+        return res.sendStatus(204);
+    }
+}
+//# sourceMappingURL=kv.js.map

package/dist/kv.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kv.js","sourceRoot":"","sources":["../src/kv.ts"],"names":[],"mappings":"AAEA,MAAM,KAAK,GAAG,IAAI,GAAG,EAAe,CAAC;AAErC,MAAM,UAAU,SAAS,CAAC,GAAY,EAAE,GAAa;IACjD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;IAE3B,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACvB,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACjB,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACJ,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC;QACvB,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACtB,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1B,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;AACL,CAAC"}

package/dist/lib/generators.js

@@ -0,0 +1,43 @@
+// Mock generators for DLP testing
+function generateLuhn(prefix, length) {
+    let payload = prefix;
+    while (payload.length < length - 1)
+        payload += Math.floor(Math.random() * 10);
+    const digits = payload.split("").map(Number);
+    let sum = 0;
+    let shouldDouble = true;
+    for (let i = digits.length - 1; i >= 0; i--) {
+        let digit = digits[i];
+        if (shouldDouble) {
+            digit *= 2;
+            if (digit > 9)
+                digit -= 9;
+        }
+        sum += digit;
+        shouldDouble = !shouldDouble;
+    }
+    const checkDigit = (10 - (sum % 10)) % 10;
+    return payload + checkDigit;
+}
+export const generators = {
+    cc: () => {
+        // 16-digit Visa-like (starts with 4) with valid Luhn checksum.
+        return generateLuhn("4", 16);
+    },
+    ssn: () => {
+        // Generate a valid-looking SSN
+        const area = Math.floor(Math.random() * 900) + 100;
+        const group = Math.floor(Math.random() * 90) + 10;
+        const serial = Math.floor(Math.random() * 9000) + 1000;
+        return `${area}-${group}-${serial}`;
+    },
+    email: () => {
+        // Generate a random email
+        const domains = ["example.com", "test.org", "corp.net"];
+        const users = ["alice", "bob", "charlie", "admin", "support"];
+        const user = users[Math.floor(Math.random() * users.length)];
+        const domain = domains[Math.floor(Math.random() * domains.length)];
+        return `${user}@${domain}`;
+    }
+};
+//# sourceMappingURL=generators.js.map

package/dist/lib/generators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generators.js","sourceRoot":"","sources":["../../src/lib/generators.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,SAAS,YAAY,CAAC,MAAc,EAAE,MAAc;IAChD,IAAI,OAAO,GAAG,MAAM,CAAC;IACrB,OAAO,OAAO,CAAC,MAAM,GAAG,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAE9E,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,YAAY,GAAG,IAAI,CAAC;IACxB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,IAAI,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,YAAY,EAAE,CAAC;YACf,KAAK,IAAI,CAAC,CAAC;YACX,IAAI,KAAK,GAAG,CAAC;gBAAE,KAAK,IAAI,CAAC,CAAC;QAC9B,CAAC;QACD,GAAG,IAAI,KAAK,CAAC;QACb,YAAY,GAAG,CAAC,YAAY,CAAC;IACjC,CAAC;IACD,MAAM,UAAU,GAAG,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC;IAC1C,OAAO,OAAO,GAAG,UAAU,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAG;IACtB,EAAE,EAAE,GAAG,EAAE;QACL,+DAA+D;QAC/D,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACjC,CAAC;IACD,GAAG,EAAE,GAAG,EAAE;QACN,+BAA+B;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QACnD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;QACvD,OAAO,GAAG,IAAI,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;IACxC,CAAC;IACD,KAAK,EAAE,GAAG,EAAE;QACR,0BAA0B;QAC1B,MAAM,OAAO,GAAG,CAAC,aAAa,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QACnE,OAAO,GAAG,IAAI,IAAI,MAAM,EAAE,CAAC;IAC/B,CAAC;CACJ,CAAC"}