npm - @autonomaai/security-utils - Versions diffs - 1.0.0 - Mend

@autonomaai/security-utils 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/auth-manager.d.ts +132 -0
package/dist/auth-manager.d.ts.map +1 -0
package/dist/auth-manager.js +316 -0
package/dist/auth-manager.js.map +1 -0
package/dist/credential-manager.d.ts +87 -0
package/dist/credential-manager.d.ts.map +1 -0
package/dist/credential-manager.js +300 -0
package/dist/credential-manager.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +26 -0
package/dist/index.js.map +1 -0
package/dist/secret-manager.d.ts +114 -0
package/dist/secret-manager.d.ts.map +1 -0
package/dist/secret-manager.js +312 -0
package/dist/secret-manager.js.map +1 -0
package/package.json +52 -0

package/dist/credential-manager.js ADDED Viewed

@@ -0,0 +1,300 @@
+/**
+ * Secure Credential Manager for autonoma
+ *
+ * Provides encryption/decryption of sensitive environment variables
+ * and secure credential storage mechanisms.
+ */
+import { createCipheriv, createDecipheriv, randomBytes, createHash } from 'crypto';
+import { readFileSync, writeFileSync, existsSync } from 'fs';
+import { join } from 'path';
+export class CredentialManager {
+    encryptionKey;
+    credentialsFile;
+    environment;
+    credentials = new Map();
+    constructor(config = {}) {
+        this.environment = config.environment || process.env.NODE_ENV || 'development';
+        this.credentialsFile = config.credentialsFile || join(process.cwd(), '.credentials.enc');
+        // Generate or use provided encryption key
+        this.encryptionKey = config.encryptionKey ||
+            process.env.ENCRYPTION_KEY ||
+            this.generateEncryptionKey();
+        // Validate encryption key length
+        if (this.encryptionKey.length < 32) {
+            throw new Error('Encryption key must be at least 32 characters long');
+        }
+        this.loadCredentials();
+    }
+    /**
+     * Generate a secure encryption key
+     */
+    generateEncryptionKey() {
+        return randomBytes(32).toString('hex');
+    }
+    /**
+     * Encrypt a value using AES-256-GCM (authenticated encryption)
+     */
+    encrypt(text) {
+        try {
+            const algorithm = 'aes-256-gcm';
+            const key = createHash('sha256').update(this.encryptionKey).digest();
+            const iv = randomBytes(12); // 96-bit IV for GCM
+            const cipher = createCipheriv(algorithm, key, iv);
+            let encrypted = cipher.update(text, 'utf8', 'hex');
+            encrypted += cipher.final('hex');
+            const authTag = cipher.getAuthTag().toString('hex');
+            // Format: iv:authTag:encrypted
+            return iv.toString('hex') + ':' + authTag + ':' + encrypted;
+        }
+        catch (error) {
+            throw new Error(`Encryption failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Decrypt a value using AES-256-GCM (authenticated encryption)
+     */
+    decrypt(encryptedText) {
+        try {
+            const algorithm = 'aes-256-gcm';
+            const key = createHash('sha256').update(this.encryptionKey).digest();
+            const parts = encryptedText.split(':');
+            if (parts.length !== 3) {
+                throw new Error('Invalid encrypted text format (expected iv:authTag:encrypted)');
+            }
+            const [ivHex, authTagHex, encrypted] = parts;
+            if (!ivHex || !authTagHex || !encrypted) {
+                throw new Error('Missing encrypted data components');
+            }
+            const iv = Buffer.from(ivHex, 'hex');
+            const authTag = Buffer.from(authTagHex, 'hex');
+            const decipher = createDecipheriv(algorithm, key, iv);
+            decipher.setAuthTag(authTag);
+            let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+            decrypted += decipher.final('utf8');
+            return decrypted;
+        }
+        catch (error) {
+            throw new Error(`Decryption failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Load credentials from encrypted file
+     */
+    loadCredentials() {
+        if (!existsSync(this.credentialsFile)) {
+            return; // No credentials file exists yet
+        }
+        try {
+            const encryptedData = readFileSync(this.credentialsFile, 'utf8');
+            const decryptedData = this.decrypt(encryptedData);
+            const credentialData = JSON.parse(decryptedData);
+            for (const cred of credentialData) {
+                this.credentials.set(cred.name, {
+                    ...cred,
+                    lastUpdated: new Date(cred.lastUpdated)
+                });
+            }
+        }
+        catch (error) {
+            console.warn(`Failed to load credentials: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Save credentials to encrypted file
+     */
+    saveCredentials() {
+        try {
+            const credentialArray = Array.from(this.credentials.values());
+            const jsonData = JSON.stringify(credentialArray, null, 2);
+            const encryptedData = this.encrypt(jsonData);
+            writeFileSync(this.credentialsFile, encryptedData, 'utf8');
+        }
+        catch (error) {
+            throw new Error(`Failed to save credentials: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Set a credential (encrypts sensitive values)
+     */
+    setCredential(name, value, encrypt = true) {
+        const credential = {
+            name,
+            value: encrypt ? this.encrypt(value) : value,
+            encrypted: encrypt,
+            lastUpdated: new Date(),
+            environment: this.environment
+        };
+        this.credentials.set(name, credential);
+        this.saveCredentials();
+    }
+    /**
+     * Get a credential (decrypts if needed)
+     */
+    getCredential(name) {
+        const credential = this.credentials.get(name);
+        if (!credential) {
+            // Fallback to environment variable
+            return process.env[name];
+        }
+        try {
+            return credential.encrypted ? this.decrypt(credential.value) : credential.value;
+        }
+        catch (error) {
+            console.warn(`Failed to decrypt credential ${name}: ${error instanceof Error ? error.message : 'Unknown error'}`);
+            return process.env[name]; // Fallback to env var
+        }
+    }
+    /**
+     * Get all credential names (for listing purposes)
+     */
+    getCredentialNames() {
+        return Array.from(this.credentials.keys());
+    }
+    /**
+     * Remove a credential
+     */
+    removeCredential(name) {
+        const deleted = this.credentials.delete(name);
+        if (deleted) {
+            this.saveCredentials();
+        }
+        return deleted;
+    }
+    /**
+     * Migrate plain-text environment variables to encrypted credentials
+     */
+    migrateEnvironmentVariables(sensitiveVars) {
+        for (const varName of sensitiveVars) {
+            const value = process.env[varName];
+            if (value && !this.credentials.has(varName)) {
+                this.setCredential(varName, value, true);
+                // Use structured logging format
+                const logEntry = {
+                    timestamp: new Date().toISOString(),
+                    level: 'INFO',
+                    component: 'CredentialManager',
+                    message: 'Credential migrated to encrypted storage',
+                    variable: varName
+                };
+                if (process.env.NODE_ENV === 'production') {
+                    console.log(JSON.stringify(logEntry));
+                }
+                else {
+                    console.log(`[${logEntry.timestamp}] ${logEntry.level} [${logEntry.component}] Migrated ${varName} to encrypted storage`);
+                }
+            }
+        }
+    }
+    /**
+     * Validate that required credentials are present
+     */
+    validateRequiredCredentials(requiredVars) {
+        const missing = [];
+        for (const varName of requiredVars) {
+            const value = this.getCredential(varName);
+            if (!value || value.trim() === '') {
+                missing.push(varName);
+            }
+        }
+        return {
+            valid: missing.length === 0,
+            missing
+        };
+    }
+    /**
+     * Get secure environment configuration
+     */
+    getSecureEnvConfig() {
+        const config = {};
+        // Add non-sensitive environment variables
+        for (const [key, value] of Object.entries(process.env)) {
+            if (value && !this.credentials.has(key)) {
+                config[key] = value;
+            }
+        }
+        // Add decrypted credentials
+        for (const name of this.credentials.keys()) {
+            const value = this.getCredential(name);
+            if (value) {
+                config[name] = value;
+            }
+        }
+        return config;
+    }
+    /**
+     * Health check for credential system
+     */
+    healthCheck() {
+        const details = [];
+        let status = 'healthy';
+        // Check encryption key
+        if (this.encryptionKey.length < 32) {
+            details.push('Encryption key is too short');
+            status = 'error';
+        }
+        // Check credentials file access
+        try {
+            if (existsSync(this.credentialsFile)) {
+                readFileSync(this.credentialsFile, 'utf8');
+                details.push('Credentials file accessible');
+            }
+            else {
+                details.push('No credentials file found (will be created on first write)');
+            }
+        }
+        catch (error) {
+            details.push(`Credentials file access error: ${error instanceof Error ? error.message : 'Unknown error'}`);
+            status = 'error';
+        }
+        // Test encryption/decryption
+        try {
+            const testValue = 'test_encryption';
+            const encrypted = this.encrypt(testValue);
+            const decrypted = this.decrypt(encrypted);
+            if (decrypted === testValue) {
+                details.push('Encryption/decryption working');
+            }
+            else {
+                details.push('Encryption/decryption test failed');
+                status = 'error';
+            }
+        }
+        catch (error) {
+            details.push(`Encryption test failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
+            status = 'error';
+        }
+        return { status, details };
+    }
+}
+// Default instance for convenience
+export const credentialManager = new CredentialManager();
+// Helper function to get secure environment variables
+export function getSecureEnv(name, defaultValue) {
+    return credentialManager.getCredential(name) || defaultValue || '';
+}
+// Helper function to migrate sensitive environment variables
+export function migrateSensitiveEnvVars() {
+    const sensitiveVars = [
+        'POSTGRES_PASSWORD',
+        'REDIS_PASSWORD',
+        'HUMMINGBOT_PASSWORD',
+        'HUMMINGBOT_API_KEY',
+        'API_SECRET_KEY',
+        'JWT_SECRET',
+        'ENCRYPTION_KEY',
+        'BINANCE_API_KEY',
+        'BINANCE_SECRET_KEY',
+        'KUCOIN_API_KEY',
+        'KUCOIN_SECRET_KEY',
+        'KUCOIN_PASSPHRASE',
+        'COINBASE_API_KEY',
+        'COINBASE_SECRET',
+        'COINBASE_PASSPHRASE',
+        'HYPERLIQUID_PRIVATE_KEY',
+        'SUPABASE_SERVICE_ROLE_KEY',
+        'OPENAI_API_KEY',
+        'MORALIS_API_KEY'
+    ];
+    credentialManager.migrateEnvironmentVariables(sensitiveVars);
+}
+//# sourceMappingURL=credential-manager.js.map

package/dist/credential-manager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"credential-manager.js","sourceRoot":"","sources":["../src/credential-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACnF,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAgB5B,MAAM,OAAO,iBAAiB;IACpB,aAAa,CAAS;IACtB,eAAe,CAAS;IACxB,WAAW,CAAS;IACpB,WAAW,GAAkC,IAAI,GAAG,EAAE,CAAC;IAE/D,YAAY,SAA2B,EAAE;QACvC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,aAAa,CAAC;QAC/E,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAEzF,0CAA0C;QAC1C,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa;YACrB,OAAO,CAAC,GAAG,CAAC,cAAc;YAC1B,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAEjD,iCAAiC;QACjC,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE,EAAE;YAClC,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;SACvE;QAED,IAAI,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,qBAAqB;QAC3B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACK,OAAO,CAAC,IAAY;QAC1B,IAAI;YACF,MAAM,SAAS,GAAG,aAAa,CAAC;YAChC,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC;YACrE,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,oBAAoB;YAEhD,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YAClD,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;YACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEpD,+BAA+B;YAC/B,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,OAAO,GAAG,GAAG,GAAG,SAAS,CAAC;SAC7D;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;SACnG;IACH,CAAC;IAED;;OAEG;IACK,OAAO,CAAC,aAAqB;QACnC,IAAI;YACF,MAAM,SAAS,GAAG,aAAa,CAAC;YAChC,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC;YAErE,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;gBACtB,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;aAClF;YAED,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;YAC7C,IAAI,CAAC,KAAK,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE;gBACvC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;aACtD;YAED,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YAE/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACtD,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAE7B,IAAI,SAAS,GAAW,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAClE,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAEpC,OAAO,SAAS,CAAC;SAClB;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;SACnG;IACH,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE;YACrC,OAAO,CAAC,iCAAiC;SAC1C;QAED,IAAI;YACF,MAAM,aAAa,GAAG,YAAY,CAAC,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAClD,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAEjD,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE;gBACjC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;oBAC9B,GAAG,IAAI;oBACP,WAAW,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;iBACxC,CAAC,CAAC;aACJ;SACF;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,CAAC,IAAI,CAAC,+BAA+B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;SACzG;IACH,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,IAAI;YACF,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YAC1D,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAE7C,aAAa,CAAC,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;SAC5D;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,KAAK,CAAC,+BAA+B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;SAC5G;IACH,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAY,EAAE,KAAa,EAAE,UAAmB,IAAI;QAChE,MAAM,UAAU,GAAqB;YACnC,IAAI;YACJ,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK;YAC5C,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,IAAI,IAAI,EAAE;YACvB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAY;QACxB,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,EAAE;YACf,mCAAmC;YACnC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;SAC1B;QAED,IAAI;YACF,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC;SACjF;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,CAAC,IAAI,CAAC,gCAAgC,IAAI,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;YAClH,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,sBAAsB;SACjD;IACH,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,IAAY;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE;YACX,IAAI,CAAC,eAAe,EAAE,CAAC;SACxB;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,2BAA2B,CAAC,aAAuB;QACjD,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE;YACnC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;gBAC3C,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;gBAEzC,gCAAgC;gBAChC,MAAM,QAAQ,GAAG;oBACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,MAAM;oBACb,SAAS,EAAE,mBAAmB;oBAC9B,OAAO,EAAE,0CAA0C;oBACnD,QAAQ,EAAE,OAAO;iBAClB,CAAC;gBAEF,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE;oBACzC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;iBACvC;qBAAM;oBACL,OAAO,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,SAAS,KAAK,QAAQ,CAAC,KAAK,KAAK,QAAQ,CAAC,SAAS,cAAc,OAAO,uBAAuB,CAAC,CAAC;iBAC3H;aACF;SACF;IACH,CAAC;IAED;;OAEG;IACH,2BAA2B,CAAC,YAAsB;QAChD,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE;YAClC,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBACjC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;aACvB;SACF;QAED,OAAO;YACL,KAAK,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;YAC3B,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,MAAM,MAAM,GAA2B,EAAE,CAAC;QAE1C,0CAA0C;QAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;YACtD,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBACvC,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;aACrB;SACF;QAED,4BAA4B;QAC5B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE;YAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YACvC,IAAI,KAAK,EAAE;gBACT,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;aACtB;SACF;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,WAAW;QACT,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,MAAM,GAAqC,SAAS,CAAC;QAEzD,uBAAuB;QACvB,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE,EAAE;YAClC,OAAO,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAC5C,MAAM,GAAG,OAAO,CAAC;SAClB;QAED,gCAAgC;QAChC,IAAI;YACF,IAAI,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE;gBACpC,YAAY,CAAC,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;aAC7C;iBAAM;gBACL,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;aAC5E;SACF;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,CAAC,IAAI,CAAC,kCAAkC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;YAC3G,MAAM,GAAG,OAAO,CAAC;SAClB;QAED,6BAA6B;QAC7B,IAAI;YACF,MAAM,SAAS,GAAG,iBAAiB,CAAC;YACpC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,SAAS,KAAK,SAAS,EAAE;gBAC3B,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;aAC/C;iBAAM;gBACL,OAAO,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;gBAClD,MAAM,GAAG,OAAO,CAAC;aAClB;SACF;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,CAAC,IAAI,CAAC,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;YACpG,MAAM,GAAG,OAAO,CAAC;SAClB;QAED,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;CACF;AAED,mCAAmC;AACnC,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,iBAAiB,EAAE,CAAC;AAEzD,sDAAsD;AACtD,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,YAAqB;IAC9D,OAAO,iBAAiB,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,YAAY,IAAI,EAAE,CAAC;AACrE,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,uBAAuB;IACrC,MAAM,aAAa,GAAG;QACpB,mBAAmB;QACnB,gBAAgB;QAChB,qBAAqB;QACrB,oBAAoB;QACpB,gBAAgB;QAChB,YAAY;QACZ,gBAAgB;QAChB,iBAAiB;QACjB,oBAAoB;QACpB,gBAAgB;QAChB,mBAAmB;QACnB,mBAAmB;QACnB,kBAAkB;QAClB,iBAAiB;QACjB,qBAAqB;QACrB,yBAAyB;QACzB,2BAA2B;QAC3B,gBAAgB;QAChB,iBAAiB;KAClB,CAAC;IAEF,iBAAiB,CAAC,2BAA2B,CAAC,aAAa,CAAC,CAAC;AAC/D,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Security Utilities for autonoma
+ *
+ * Provides credential management, secret storage, and security utilities
+ * for the autonoma trading platform.
+ */
+export { CredentialManager, type CredentialConfig, type SecureCredential } from './credential-manager.js';
+export { SecretManager, RuntimeSecretInjector, type SecretConfig, type SecretMetadata, type RotationPolicy } from './secret-manager.js';
+import { SecretManager, RuntimeSecretInjector } from './secret-manager.js';
+export declare function initializeSecureEnvironment(encryptionKey?: string): {
+    secretManager: SecretManager;
+    injector: RuntimeSecretInjector;
+};
+export declare function generateSecureDefaults(): Record<string, string>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,iBAAiB,EAAE,KAAK,gBAAgB,EAAE,KAAK,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC1G,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,cAAc,EACpB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAG3E,wBAAgB,2BAA2B,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG;IACnE,aAAa,EAAE,aAAa,CAAC;IAC7B,QAAQ,EAAE,qBAAqB,CAAC;CACjC,CAKA;AAED,wBAAgB,sBAAsB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAU/D"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Security Utilities for autonoma
+ *
+ * Provides credential management, secret storage, and security utilities
+ * for the autonoma trading platform.
+ */
+export { CredentialManager } from './credential-manager.js';
+export { SecretManager, RuntimeSecretInjector } from './secret-manager.js';
+import { SecretManager, RuntimeSecretInjector } from './secret-manager.js';
+// Utility functions for environment setup
+export function initializeSecureEnvironment(encryptionKey) {
+    const secretManager = new SecretManager(encryptionKey);
+    const injector = new RuntimeSecretInjector(secretManager);
+    return { secretManager, injector };
+}
+export function generateSecureDefaults() {
+    const secretManager = new SecretManager();
+    return {
+        ENCRYPTION_KEY: secretManager.generateSecretValue(32),
+        JWT_SECRET: secretManager.generateSecretValue(64),
+        API_SECRET_KEY: secretManager.generateSecretValue(32),
+        POSTGRES_PASSWORD: secretManager.generateSecretValue(24),
+        REDIS_PASSWORD: secretManager.generateSecretValue(24)
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,iBAAiB,EAAgD,MAAM,yBAAyB,CAAC;AAC1G,OAAO,EACL,aAAa,EACb,qBAAqB,EAItB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAE3E,0CAA0C;AAC1C,MAAM,UAAU,2BAA2B,CAAC,aAAsB;IAIhE,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC,aAAa,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,IAAI,qBAAqB,CAAC,aAAa,CAAC,CAAC;IAE1D,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;IAE1C,OAAO;QACL,cAAc,EAAE,aAAa,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACrD,UAAU,EAAE,aAAa,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACjD,cAAc,EAAE,aAAa,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACrD,iBAAiB,EAAE,aAAa,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACxD,cAAc,EAAE,aAAa,CAAC,mBAAmB,CAAC,EAAE,CAAC;KACtD,CAAC;AACJ,CAAC"}

package/dist/secret-manager.d.ts ADDED Viewed

@@ -0,0 +1,114 @@
+/**
+ * Secret Management System for autonoma
+ *
+ * Provides secure secret storage, runtime injection, and rotation capabilities
+ * for sensitive configuration values like API keys and database credentials.
+ */
+export interface SecretConfig {
+    name: string;
+    value: string;
+    description?: string;
+    rotationPolicy?: RotationPolicy;
+    tags?: string[];
+    createdAt: Date;
+    updatedAt: Date;
+    expiresAt?: Date;
+}
+export interface RotationPolicy {
+    enabled: boolean;
+    intervalDays: number;
+    autoRotate: boolean;
+    notifyBeforeExpiry: number;
+}
+export interface SecretMetadata {
+    name: string;
+    description?: string;
+    tags?: string[];
+    createdAt: Date;
+    updatedAt: Date;
+    expiresAt?: Date;
+    rotationPolicy?: RotationPolicy;
+}
+export declare class SecretManager {
+    private readonly credentialManager;
+    private readonly secrets;
+    private readonly secretsFile;
+    constructor(encryptionKey?: string, secretsFile?: string);
+    /**
+     * Store a secret with optional rotation policy
+     */
+    setSecret(name: string, value: string, options?: {
+        description?: string;
+        rotationPolicy?: RotationPolicy;
+        tags?: string[];
+        expiresAt?: Date;
+    }): Promise<void>;
+    /**
+     * Retrieve a secret value
+     */
+    getSecret(name: string): Promise<string | null>;
+    /**
+     * Get secret metadata without exposing the value
+     */
+    getSecretMetadata(name: string): SecretMetadata | null;
+    /**
+     * List all secret names and metadata
+     */
+    listSecrets(): SecretMetadata[];
+    /**
+     * Rotate a secret value
+     */
+    rotateSecret(name: string, newValue: string): Promise<void>;
+    /**
+     * Delete a secret
+     */
+    deleteSecret(name: string): Promise<boolean>;
+    /**
+     * Get secrets that need rotation
+     */
+    getSecretsNeedingRotation(): SecretMetadata[];
+    /**
+     * Inject secrets into environment variables
+     */
+    injectSecretsIntoEnv(): Promise<void>;
+    /**
+     * Generate secure random secret value
+     */
+    generateSecretValue(length?: number): string;
+    /**
+     * Validate secret strength
+     */
+    validateSecretStrength(value: string): {
+        isStrong: boolean;
+        score: number;
+        feedback: string[];
+    };
+    /**
+     * Load secrets from encrypted file
+     */
+    private loadSecrets;
+    /**
+     * Save secrets to encrypted file
+     */
+    private saveSecrets;
+}
+/**
+ * Runtime secret injection utility
+ */
+export declare class RuntimeSecretInjector {
+    private readonly secretManager;
+    constructor(secretManager: SecretManager);
+    /**
+     * Replace placeholders in configuration with actual secret values
+     */
+    injectSecrets(config: Record<string, any>): Promise<Record<string, any>>;
+    /**
+     * Recursively find and replace secret placeholders
+     */
+    private recursivelyInjectSecrets;
+    /**
+     * Create environment variable mapping from secrets
+     */
+    createEnvMapping(): Promise<Record<string, string>>;
+}
+//# sourceMappingURL=secret-manager.d.ts.map

package/dist/secret-manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secret-manager.d.ts","sourceRoot":"","sources":["../src/secret-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAoB;IACtD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAmC;IAC3D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;gBAEzB,aAAa,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM;IAUxD;;OAEG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QACrD,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,cAAc,CAAC;QAChC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,SAAS,CAAC,EAAE,IAAI,CAAC;KAClB,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBjB;;OAEG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAerD;;OAEG;IACH,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IAiBtD;;OAEG;IACH,WAAW,IAAI,cAAc,EAAE;IAY/B;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBjE;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAQlD;;OAEG;IACH,yBAAyB,IAAI,cAAc,EAAE;IAa7C;;OAEG;IACG,oBAAoB,IAAI,OAAO,CAAC,IAAI,CAAC;IAS3C;;OAEG;IACH,mBAAmB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM;IAIhD;;OAEG;IACH,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG;QACrC,QAAQ,EAAE,OAAO,CAAC;QAClB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB;IAmED;;OAEG;IACH,OAAO,CAAC,WAAW;IAuBnB;;OAEG;YACW,WAAW;CAW1B;AAED;;GAEG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;gBAElC,aAAa,EAAE,aAAa;IAIxC;;OAEG;IACG,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAQ9E;;OAEG;YACW,wBAAwB;IAmCtC;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAa1D"}