@autonomaai/security-utils 1.0.0

package/dist/auth-manager.d.ts

@@ -0,0 +1,132 @@
+/**
+ * Authentication and Authorization Manager for autonoma
+ *
+ * Provides JWT-based authentication, role-based access control,
+ * and API key management for secure access to trading services.
+ */
+export interface User {
+    id: string;
+    username: string;
+    email: string;
+    roles: Role[];
+    permissions: Permission[];
+    apiKeys: ApiKey[];
+    createdAt: Date;
+    lastLoginAt?: Date;
+    isActive: boolean;
+}
+export interface Role {
+    id: string;
+    name: string;
+    description: string;
+    permissions: Permission[];
+}
+export interface Permission {
+    id: string;
+    resource: string;
+    action: string;
+    conditions?: Record<string, any>;
+}
+export interface ApiKey {
+    id: string;
+    name: string;
+    keyHash: string;
+    permissions: Permission[];
+    expiresAt?: Date;
+    lastUsedAt?: Date;
+    isActive: boolean;
+    rateLimit?: {
+        requests: number;
+        windowMs: number;
+    };
+}
+export interface AuthToken {
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    tokenType: 'Bearer';
+}
+export interface AuthConfig {
+    jwtSecret: string;
+    jwtExpiresIn?: string;
+    refreshTokenExpiresIn?: string;
+    apiKeyLength?: number;
+    maxLoginAttempts?: number;
+    lockoutDuration?: number;
+}
+export declare class AuthManager {
+    private readonly config;
+    private readonly users;
+    private readonly apiKeys;
+    private readonly loginAttempts;
+    private readonly defaultRoles;
+    constructor(config: AuthConfig);
+    /**
+     * Initialize default system users from environment variables
+     * No hardcoded credentials - admin must be configured via env vars
+     */
+    private initializeDefaultUsers;
+    /**
+     * Authenticate user with username/password
+     */
+    authenticateUser(username: string, password: string): Promise<AuthToken | null>;
+    /**
+     * Verify password (placeholder implementation)
+     */
+    private verifyPassword;
+    /**
+     * Generate JWT tokens for user
+     */
+    private generateTokens;
+    /**
+     * Validate JWT token
+     */
+    validateToken(token: string): Promise<User | null>;
+    /**
+     * Refresh access token
+     */
+    refreshToken(refreshToken: string): Promise<AuthToken | null>;
+    /**
+     * Generate API key for user
+     */
+    generateApiKey(userId: string, name: string, permissions: Permission[], expiresAt?: Date): Promise<{
+        key: string;
+        apiKey: ApiKey;
+    }>;
+    /**
+     * Validate API key
+     */
+    validateApiKey(apiKey: string): Promise<ApiKey | null>;
+    /**
+     * Check if user has permission
+     */
+    hasPermission(user: User, resource: string, action: string): boolean;
+    /**
+     * Check if API key has permission
+     */
+    apiKeyHasPermission(apiKey: ApiKey, resource: string, action: string): boolean;
+    /**
+     * Record failed login attempt
+     */
+    private recordFailedLogin;
+    /**
+     * Parse expiration time string to seconds
+     */
+    private parseExpirationTime;
+    /**
+     * Revoke API key
+     */
+    revokeApiKey(apiKeyId: string): Promise<boolean>;
+    /**
+     * Get user by ID
+     */
+    getUser(userId: string): User | undefined;
+    /**
+     * Create new user
+     */
+    createUser(userData: Partial<User> & {
+        username: string;
+        email: string;
+    }): Promise<User>;
+}
+//# sourceMappingURL=auth-manager.d.ts.map

package/dist/auth-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE;QACV,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,QAAQ,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;IACpC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA2B;IACjD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA4D;IAG1F,OAAO,CAAC,QAAQ,CAAC,YAAY,CAyC3B;gBAEU,MAAM,EAAE,UAAU;IAa9B;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAsB9B;;OAEG;IACG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAgCrF;;OAEG;YACW,cAAc;IAM5B;;OAEG;IACH,OAAO,CAAC,cAAc;IA+BtB;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAexD;;OAEG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAmBnE;;OAEG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,EAAE,SAAS,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IA4BzI;;OAEG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAiB5D;;OAEG;IACH,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAOpE;;OAEG;IACH,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAO9E;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAWzB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAgB3B;;OAEG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAatD;;OAEG;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAIzC;;OAEG;IACG,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAiB/F"}

package/dist/auth-manager.js

@@ -0,0 +1,316 @@
+/**
+ * Authentication and Authorization Manager for autonoma
+ *
+ * Provides JWT-based authentication, role-based access control,
+ * and API key management for secure access to trading services.
+ */
+import { createHash, randomBytes } from 'crypto';
+import jwt from 'jsonwebtoken';
+export class AuthManager {
+    config;
+    users = new Map();
+    apiKeys = new Map();
+    loginAttempts = new Map();
+    // Predefined roles for the trading system
+    defaultRoles = [
+        {
+            id: 'admin',
+            name: 'Administrator',
+            description: 'Full system access',
+            permissions: [
+                { id: 'system:*', resource: 'system', action: '*' },
+                { id: 'trading:*', resource: 'trading', action: '*' },
+                { id: 'portfolio:*', resource: 'portfolio', action: '*' },
+                { id: 'users:*', resource: 'users', action: '*' }
+            ]
+        },
+        {
+            id: 'trader',
+            name: 'Trader',
+            description: 'Trading and portfolio management access',
+            permissions: [
+                { id: 'trading:read', resource: 'trading', action: 'read' },
+                { id: 'trading:execute', resource: 'trading', action: 'execute' },
+                { id: 'portfolio:read', resource: 'portfolio', action: 'read' },
+                { id: 'portfolio:modify', resource: 'portfolio', action: 'modify' }
+            ]
+        },
+        {
+            id: 'viewer',
+            name: 'Viewer',
+            description: 'Read-only access to trading data',
+            permissions: [
+                { id: 'trading:read', resource: 'trading', action: 'read' },
+                { id: 'portfolio:read', resource: 'portfolio', action: 'read' }
+            ]
+        },
+        {
+            id: 'api',
+            name: 'API User',
+            description: 'Programmatic access via API keys',
+            permissions: [
+                { id: 'api:read', resource: 'api', action: 'read' },
+                { id: 'api:execute', resource: 'api', action: 'execute' }
+            ]
+        }
+    ];
+    constructor(config) {
+        this.config = {
+            jwtExpiresIn: '15m',
+            refreshTokenExpiresIn: '7d',
+            apiKeyLength: 32,
+            maxLoginAttempts: 5,
+            lockoutDuration: 15 * 60 * 1000,
+            ...config
+        };
+        this.initializeDefaultUsers();
+    }
+    /**
+     * Initialize default system users from environment variables
+     * No hardcoded credentials - admin must be configured via env vars
+     */
+    initializeDefaultUsers() {
+        // Only create admin user if explicitly configured via environment
+        const adminUsername = process.env.AUTONOMA_ADMIN_USERNAME;
+        const adminEmail = process.env.AUTONOMA_ADMIN_EMAIL;
+        if (adminUsername && adminEmail) {
+            const adminUser = {
+                id: `admin-${Date.now()}`,
+                username: adminUsername,
+                email: adminEmail,
+                roles: [this.defaultRoles[0]],
+                permissions: this.defaultRoles[0].permissions,
+                apiKeys: [],
+                createdAt: new Date(),
+                isActive: true
+            };
+            this.users.set(adminUser.id, adminUser);
+        }
+        // If no admin configured, system starts with no users (more secure default)
+    }
+    /**
+     * Authenticate user with username/password
+     */
+    async authenticateUser(username, password) {
+        // Check for account lockout
+        const attempts = this.loginAttempts.get(username);
+        if (attempts?.lockedUntil && attempts.lockedUntil > new Date()) {
+            throw new Error('Account temporarily locked due to too many failed login attempts');
+        }
+        // Find user
+        const user = Array.from(this.users.values()).find(u => u.username === username);
+        if (!user || !user.isActive) {
+            this.recordFailedLogin(username);
+            return null;
+        }
+        // In a real implementation, you would verify the password hash
+        // For now, we'll use a simple check
+        const isValidPassword = await this.verifyPassword(password, user);
+        if (!isValidPassword) {
+            this.recordFailedLogin(username);
+            return null;
+        }
+        // Clear failed login attempts
+        this.loginAttempts.delete(username);
+        // Update last login
+        user.lastLoginAt = new Date();
+        // Generate tokens
+        return this.generateTokens(user);
+    }
+    /**
+     * Verify password (placeholder implementation)
+     */
+    async verifyPassword(password, user) {
+        // In production, this would verify against a proper password hash
+        // For demo purposes, we'll use a simple check
+        return password === 'admin123' && user.username === 'admin';
+    }
+    /**
+     * Generate JWT tokens for user
+     */
+    generateTokens(user) {
+        const payload = {
+            sub: user.id,
+            username: user.username,
+            email: user.email,
+            roles: user.roles.map(r => r.name),
+            permissions: user.permissions.map(p => `${p.resource}:${p.action}`)
+        };
+        const accessToken = jwt.sign(payload, this.config.jwtSecret, {
+            expiresIn: this.config.jwtExpiresIn || '1h',
+            issuer: 'autonoma',
+            audience: 'autonoma-api'
+        });
+        const refreshToken = jwt.sign({ sub: user.id, type: 'refresh' }, this.config.jwtSecret, { expiresIn: this.config.refreshTokenExpiresIn || '7d' });
+        const expiresIn = this.parseExpirationTime(this.config.jwtExpiresIn);
+        return {
+            accessToken,
+            refreshToken,
+            expiresIn,
+            tokenType: 'Bearer'
+        };
+    }
+    /**
+     * Validate JWT token
+     */
+    async validateToken(token) {
+        try {
+            const decoded = jwt.verify(token, this.config.jwtSecret);
+            const user = this.users.get(decoded.sub);
+            if (!user || !user.isActive) {
+                return null;
+            }
+            return user;
+        }
+        catch (error) {
+            return null;
+        }
+    }
+    /**
+     * Refresh access token
+     */
+    async refreshToken(refreshToken) {
+        try {
+            const decoded = jwt.verify(refreshToken, this.config.jwtSecret);
+            if (decoded.type !== 'refresh') {
+                return null;
+            }
+            const user = this.users.get(decoded.sub);
+            if (!user || !user.isActive) {
+                return null;
+            }
+            return this.generateTokens(user);
+        }
+        catch (error) {
+            return null;
+        }
+    }
+    /**
+     * Generate API key for user
+     */
+    async generateApiKey(userId, name, permissions, expiresAt) {
+        const user = this.users.get(userId);
+        if (!user) {
+            throw new Error('User not found');
+        }
+        const key = randomBytes(this.config.apiKeyLength).toString('hex');
+        const keyHash = createHash('sha256').update(key).digest('hex');
+        const apiKey = {
+            id: randomBytes(16).toString('hex'),
+            name,
+            keyHash,
+            permissions,
+            expiresAt,
+            isActive: true,
+            rateLimit: {
+                requests: 100,
+                windowMs: 60 * 1000 // 100 requests per minute
+            }
+        };
+        user.apiKeys.push(apiKey);
+        this.apiKeys.set(apiKey.keyHash, apiKey);
+        return { key, apiKey };
+    }
+    /**
+     * Validate API key
+     */
+    async validateApiKey(apiKey) {
+        const keyHash = createHash('sha256').update(apiKey).digest('hex');
+        const key = this.apiKeys.get(keyHash);
+        if (!key || !key.isActive) {
+            return null;
+        }
+        if (key.expiresAt && key.expiresAt < new Date()) {
+            key.isActive = false;
+            return null;
+        }
+        key.lastUsedAt = new Date();
+        return key;
+    }
+    /**
+     * Check if user has permission
+     */
+    hasPermission(user, resource, action) {
+        return user.permissions.some(permission => {
+            return (permission.resource === resource || permission.resource === '*') &&
+                (permission.action === action || permission.action === '*');
+        });
+    }
+    /**
+     * Check if API key has permission
+     */
+    apiKeyHasPermission(apiKey, resource, action) {
+        return apiKey.permissions.some(permission => {
+            return (permission.resource === resource || permission.resource === '*') &&
+                (permission.action === action || permission.action === '*');
+        });
+    }
+    /**
+     * Record failed login attempt
+     */
+    recordFailedLogin(username) {
+        const attempts = this.loginAttempts.get(username) || { count: 0 };
+        attempts.count++;
+        if (attempts.count >= this.config.maxLoginAttempts) {
+            attempts.lockedUntil = new Date(Date.now() + this.config.lockoutDuration);
+        }
+        this.loginAttempts.set(username, attempts);
+    }
+    /**
+     * Parse expiration time string to seconds
+     */
+    parseExpirationTime(expiresIn) {
+        const match = expiresIn.match(/(\d+)([smhd])/);
+        if (!match)
+            return 900; // Default 15 minutes
+        const value = parseInt(match[1]);
+        const unit = match[2];
+        switch (unit) {
+            case 's': return value;
+            case 'm': return value * 60;
+            case 'h': return value * 60 * 60;
+            case 'd': return value * 60 * 60 * 24;
+            default: return 900;
+        }
+    }
+    /**
+     * Revoke API key
+     */
+    async revokeApiKey(apiKeyId) {
+        for (const user of this.users.values()) {
+            const keyIndex = user.apiKeys.findIndex(k => k.id === apiKeyId);
+            if (keyIndex !== -1) {
+                const apiKey = user.apiKeys[keyIndex];
+                apiKey.isActive = false;
+                this.apiKeys.delete(apiKey.keyHash);
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Get user by ID
+     */
+    getUser(userId) {
+        return this.users.get(userId);
+    }
+    /**
+     * Create new user
+     */
+    async createUser(userData) {
+        const user = {
+            id: randomBytes(16).toString('hex'),
+            roles: [this.defaultRoles.find(r => r.name === 'Viewer')],
+            permissions: [],
+            apiKeys: [],
+            createdAt: new Date(),
+            isActive: true,
+            ...userData
+        };
+        // Flatten permissions from roles
+        user.permissions = user.roles.flatMap(role => role.permissions);
+        this.users.set(user.id, user);
+        return user;
+    }
+}
+//# sourceMappingURL=auth-manager.js.map

package/dist/auth-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAc,MAAM,QAAQ,CAAC;AAC7D,OAAO,GAAG,MAAM,cAAc,CAAC;AA0D/B,MAAM,OAAO,WAAW;IACL,MAAM,CAAa;IACnB,KAAK,GAAG,IAAI,GAAG,EAAgB,CAAC;IAChC,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IACpC,aAAa,GAAG,IAAI,GAAG,EAAiD,CAAC;IAE1F,0CAA0C;IACzB,YAAY,GAAW;QACtC;YACE,EAAE,EAAE,OAAO;YACX,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,oBAAoB;YACjC,WAAW,EAAE;gBACX,EAAE,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE;gBACnD,EAAE,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE;gBACrD,EAAE,EAAE,EAAE,aAAa,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE;gBACzD,EAAE,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE;aAClD;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,yCAAyC;YACtD,WAAW,EAAE;gBACX,EAAE,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE;gBAC3D,EAAE,EAAE,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE;gBACjE,EAAE,EAAE,EAAE,gBAAgB,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE;gBAC/D,EAAE,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE;aACpE;SACF;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,kCAAkC;YAC/C,WAAW,EAAE;gBACX,EAAE,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE;gBAC3D,EAAE,EAAE,EAAE,gBAAgB,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE;aAChE;SACF;QACD;YACE,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,UAAU;YAChB,WAAW,EAAE,kCAAkC;YAC/C,WAAW,EAAE;gBACX,EAAE,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE;gBACnD,EAAE,EAAE,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE;aAC1D;SACF;KACF,CAAC;IAEF,YAAY,MAAkB;QAC5B,IAAI,CAAC,MAAM,GAAG;YACZ,YAAY,EAAE,KAAK;YACnB,qBAAqB,EAAE,IAAI;YAC3B,YAAY,EAAE,EAAE;YAChB,gBAAgB,EAAE,CAAC;YACnB,eAAe,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;YAC/B,GAAG,MAAM;SACV,CAAC;QAEF,IAAI,CAAC,sBAAsB,EAAE,CAAC;IAChC,CAAC;IAED;;;OAGG;IACK,sBAAsB;QAC5B,kEAAkE;QAClE,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAEpD,IAAI,aAAa,IAAI,UAAU,EAAE;YAC/B,MAAM,SAAS,GAAS;gBACtB,EAAE,EAAE,SAAS,IAAI,CAAC,GAAG,EAAE,EAAE;gBACzB,QAAQ,EAAE,aAAa;gBACvB,KAAK,EAAE,UAAU;gBACjB,KAAK,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAE,CAAC;gBAC9B,WAAW,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAE,CAAC,WAAW;gBAC9C,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,QAAQ,EAAE,IAAI;aACf,CAAC;YAEF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;SACzC;QACD,4EAA4E;IAC9E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,QAAgB;QACvD,4BAA4B;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,QAAQ,EAAE,WAAW,IAAI,QAAQ,CAAC,WAAW,GAAG,IAAI,IAAI,EAAE,EAAE;YAC9D,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,YAAY;QACZ,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;QAChF,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;YAC3B,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;SACb;QAED,+DAA+D;QAC/D,oCAAoC;QACpC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAClE,IAAI,CAAC,eAAe,EAAE;YACpB,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;SACb;QAED,8BAA8B;QAC9B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEpC,oBAAoB;QACpB,IAAI,CAAC,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;QAE9B,kBAAkB;QAClB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,IAAU;QACvD,kEAAkE;QAClE,8CAA8C;QAC9C,OAAO,QAAQ,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,KAAK,OAAO,CAAC;IAC9D,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,IAAU;QAC/B,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,IAAI,CAAC,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;SACpE,CAAC;QAEF,MAAM,WAAW,GAAI,GAAG,CAAC,IAAY,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAU,EAAE;YACrE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI;YAC3C,MAAM,EAAE,UAAU;YAClB,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAC;QAEH,MAAM,YAAY,GAAI,GAAG,CAAC,IAAY,CACpC,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,IAAI,CAAC,MAAM,CAAC,SAAU,EACtB,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,IAAI,IAAI,EAAE,CACzD,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,YAAa,CAAC,CAAC;QAEtE,OAAO;YACL,WAAW;YACX,YAAY;YACZ,SAAS;YACT,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,IAAI;YACF,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAQ,CAAC;YAChE,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAEzC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;gBAC3B,OAAO,IAAI,CAAC;aACb;YAED,OAAO,IAAI,CAAC;SACb;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,IAAI,CAAC;SACb;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB;QACrC,IAAI;YACF,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAQ,CAAC;YAEvE,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE;gBAC9B,OAAO,IAAI,CAAC;aACb;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACzC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;gBAC3B,OAAO,IAAI,CAAC;aACb;YAED,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;SAClC;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,IAAI,CAAC;SACb;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,IAAY,EAAE,WAAyB,EAAE,SAAgB;QAC5F,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI,EAAE;YACT,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;SACnC;QAED,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,YAAa,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/D,MAAM,MAAM,GAAW;YACrB,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACnC,IAAI;YACJ,OAAO;YACP,WAAW;YACX,SAAS;YACT,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE;gBACT,QAAQ,EAAE,GAAG;gBACb,QAAQ,EAAE,EAAE,GAAG,IAAI,CAAC,0BAA0B;aAC/C;SACF,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEzC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEtC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE;YACzB,OAAO,IAAI,CAAC;SACb;QAED,IAAI,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE;YAC/C,GAAG,CAAC,QAAQ,GAAG,KAAK,CAAC;YACrB,OAAO,IAAI,CAAC;SACb;QAED,GAAG,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC5B,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAU,EAAE,QAAgB,EAAE,MAAc;QACxD,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YACxC,OAAO,CAAC,UAAU,CAAC,QAAQ,KAAK,QAAQ,IAAI,UAAU,CAAC,QAAQ,KAAK,GAAG,CAAC;gBACjE,CAAC,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,UAAU,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,MAAc,EAAE,QAAgB,EAAE,MAAc;QAClE,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YAC1C,OAAO,CAAC,UAAU,CAAC,QAAQ,KAAK,QAAQ,IAAI,UAAU,CAAC,QAAQ,KAAK,GAAG,CAAC;gBACjE,CAAC,UAAU,CAAC,MAAM,KAAK,MAAM,IAAI,UAAU,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,QAAgB;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QAClE,QAAQ,CAAC,KAAK,EAAE,CAAC;QAEjB,IAAI,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAiB,EAAE;YACnD,QAAQ,CAAC,WAAW,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,eAAgB,CAAC,CAAC;SAC5E;QAED,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,SAAiB;QAC3C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAC/C,IAAI,CAAC,KAAK;YAAE,OAAO,GAAG,CAAC,CAAC,qBAAqB;QAE7C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,QAAQ,IAAI,EAAE;YACZ,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,CAAC;YACvB,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,EAAE,CAAC;YAC5B,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,EAAE,GAAG,EAAE,CAAC;YACjC,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;YACtC,OAAO,CAAC,CAAC,OAAO,GAAG,CAAC;SACrB;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE;YACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;YAChE,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE;gBACnB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAE,CAAC;gBACvC,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;gBACxB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACpC,OAAO,IAAI,CAAC;aACb;SACF;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,MAAc;QACpB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,QAA6D;QAC5E,MAAM,IAAI,GAAS;YACjB,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACnC,KAAK,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAE,CAAC;YAC1D,WAAW,EAAE,EAAE;YACf,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,QAAQ,EAAE,IAAI;YACd,GAAG,QAAQ;SACZ,CAAC;QAEF,iCAAiC;QACjC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAEhE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/credential-manager.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Secure Credential Manager for autonoma
+ *
+ * Provides encryption/decryption of sensitive environment variables
+ * and secure credential storage mechanisms.
+ */
+export interface CredentialConfig {
+    encryptionKey?: string;
+    credentialsFile?: string;
+    environment?: 'development' | 'production' | 'test';
+}
+export interface SecureCredential {
+    name: string;
+    value: string;
+    encrypted: boolean;
+    lastUpdated: Date;
+    environment: string;
+}
+export declare class CredentialManager {
+    private encryptionKey;
+    private credentialsFile;
+    private environment;
+    private credentials;
+    constructor(config?: CredentialConfig);
+    /**
+     * Generate a secure encryption key
+     */
+    private generateEncryptionKey;
+    /**
+     * Encrypt a value using AES-256-GCM (authenticated encryption)
+     */
+    private encrypt;
+    /**
+     * Decrypt a value using AES-256-GCM (authenticated encryption)
+     */
+    private decrypt;
+    /**
+     * Load credentials from encrypted file
+     */
+    private loadCredentials;
+    /**
+     * Save credentials to encrypted file
+     */
+    private saveCredentials;
+    /**
+     * Set a credential (encrypts sensitive values)
+     */
+    setCredential(name: string, value: string, encrypt?: boolean): void;
+    /**
+     * Get a credential (decrypts if needed)
+     */
+    getCredential(name: string): string | undefined;
+    /**
+     * Get all credential names (for listing purposes)
+     */
+    getCredentialNames(): string[];
+    /**
+     * Remove a credential
+     */
+    removeCredential(name: string): boolean;
+    /**
+     * Migrate plain-text environment variables to encrypted credentials
+     */
+    migrateEnvironmentVariables(sensitiveVars: string[]): void;
+    /**
+     * Validate that required credentials are present
+     */
+    validateRequiredCredentials(requiredVars: string[]): {
+        valid: boolean;
+        missing: string[];
+    };
+    /**
+     * Get secure environment configuration
+     */
+    getSecureEnvConfig(): Record<string, string>;
+    /**
+     * Health check for credential system
+     */
+    healthCheck(): {
+        status: 'healthy' | 'degraded' | 'error';
+        details: string[];
+    };
+}
+export declare const credentialManager: CredentialManager;
+export declare function getSecureEnv(name: string, defaultValue?: string): string;
+export declare function migrateSensitiveEnvVars(): void;
+//# sourceMappingURL=credential-manager.d.ts.map

package/dist/credential-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-manager.d.ts","sourceRoot":"","sources":["../src/credential-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,gBAAgB;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,aAAa,GAAG,YAAY,GAAG,MAAM,CAAC;CACrD;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,IAAI,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,eAAe,CAAS;IAChC,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,WAAW,CAA4C;gBAEnD,MAAM,GAAE,gBAAqB;IAiBzC;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAI7B;;OAEG;IACH,OAAO,CAAC,OAAO;IAkBf;;OAEG;IACH,OAAO,CAAC,OAAO;IA8Bf;;OAEG;IACH,OAAO,CAAC,eAAe;IAqBvB;;OAEG;IACH,OAAO,CAAC,eAAe;IAYvB;;OAEG;IACH,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,GAAE,OAAc,GAAG,IAAI;IAazE;;OAEG;IACH,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAe/C;;OAEG;IACH,kBAAkB,IAAI,MAAM,EAAE;IAI9B;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAQvC;;OAEG;IACH,2BAA2B,CAAC,aAAa,EAAE,MAAM,EAAE,GAAG,IAAI;IAwB1D;;OAEG;IACH,2BAA2B,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE;IAgB1F;;OAEG;IACH,kBAAkB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAqB5C;;OAEG;IACH,WAAW,IAAI;QAAE,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE;CAyC/E;AAGD,eAAO,MAAM,iBAAiB,mBAA0B,CAAC;AAGzD,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAExE;AAGD,wBAAgB,uBAAuB,IAAI,IAAI,CAwB9C"}