@benchcubed/today-cli 1.0.0

package/dist/services/secret-manager-simple.js

@@ -0,0 +1,119 @@
+"use strict";
+/**
+ * Enterprise Secret Management & Discovery Service (Simplified)
+ * Routes through authenticated backend API
+ *
+ * SECURITY-FIRST APPROACH:
+ * - Never stores actual secret values externally
+ * - Provides discovery, cataloging, and workflow management
+ * - Generates secure deployment templates
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.enterpriseSecretManagerService = exports.EnterpriseSecretManagerService = void 0;
+const aws_api_1 = require("./aws-api");
+class EnterpriseSecretManagerService {
+    constructor() {
+        // API endpoint managed by awsApiService
+    }
+    /**
+     * Process detected secrets - DISCOVERY ONLY, no storage of actual values
+     */
+    async processDetectedSecrets(detections, originalContent, context) {
+        const discoveries = [];
+        for (const detection of detections) {
+            // Skip low-risk detections that don't need management
+            if (detection.riskLevel === 'low' && detection.type === 'pii') {
+                continue;
+            }
+            const discovery = this.createSecretDiscovery(detection, originalContent, context);
+            discoveries.push(discovery);
+        }
+        return discoveries;
+    }
+    /**
+     * Create a secret discovery record - METADATA ONLY
+     */
+    createSecretDiscovery(detection, originalContent, context) {
+        const secretName = this.generateSecretName(detection, context.teamId);
+        const environment = this.detectEnvironment(detection.value, originalContent);
+        return {
+            id: `disc_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`,
+            discoveredBy: context.authorId,
+            teamId: context.teamId,
+            secretType: this.mapDetectionToSecretType(detection),
+            secretName,
+            description: this.generateSecretDescription(detection, originalContent),
+            environment,
+            status: detection.riskLevel === 'low' ? 'approved' : 'discovered',
+            riskLevel: detection.riskLevel,
+            valuePreview: this.createSecretPreview(detection.value),
+            discoveredAt: new Date()
+        };
+    }
+    /**
+     * SECURITY: Create safe preview of secret value
+     */
+    createSecretPreview(value) {
+        if (value.length <= 8) {
+            return '***';
+        }
+        else if (value.length <= 16) {
+            return value.substring(0, 2) + '***' + value.substring(value.length - 2);
+        }
+        else {
+            return value.substring(0, 4) + '***' + value.substring(value.length - 4);
+        }
+    }
+    generateSecretName(detection, teamId) {
+        const type = detection.type.replace('_', '-');
+        const env = this.detectEnvironment(detection.value, '');
+        const timestamp = Date.now().toString().slice(-6);
+        return `${teamId}/${env}/${type}-${timestamp}`;
+    }
+    detectEnvironment(value, content) {
+        const lowerValue = value.toLowerCase();
+        const lowerContent = content.toLowerCase();
+        if (lowerValue.includes('prod') || lowerValue.includes('live') || lowerContent.includes('production')) {
+            return 'production';
+        }
+        else if (lowerValue.includes('staging') || lowerValue.includes('stage') || lowerContent.includes('staging')) {
+            return 'staging';
+        }
+        else if (lowerValue.includes('test') || lowerContent.includes('test')) {
+            return 'test';
+        }
+        else {
+            return 'development';
+        }
+    }
+    mapDetectionToSecretType(detection) {
+        if (detection.value.startsWith('http')) {
+            return 'url';
+        }
+        return detection.type;
+    }
+    generateSecretDescription(detection, content) {
+        const context = detection.context || 'Detected in knowledge entry';
+        const preview = content.substring(0, 100).replace(/\n/g, ' ');
+        return `${context}. Found in: "${preview}..."`;
+    }
+    /**
+     * Check if service is available (authenticated backend API)
+     */
+    async isAvailable() {
+        try {
+            if (!aws_api_1.awsApiService.isAuthenticated()) {
+                return false;
+            }
+            const response = await aws_api_1.awsApiService.callAPI('/secrets/list', 'GET');
+            return response.success;
+        }
+        catch (error) {
+            console.warn('Enterprise Secret Manager service not available:', error);
+            return false;
+        }
+    }
+}
+exports.EnterpriseSecretManagerService = EnterpriseSecretManagerService;
+exports.enterpriseSecretManagerService = new EnterpriseSecretManagerService();
+//# sourceMappingURL=secret-manager-simple.js.map

package/dist/services/secret-manager-simple.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-manager-simple.js","sourceRoot":"","sources":["../../src/services/secret-manager-simple.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEH,uCAA0C;AAiB1C,MAAa,8BAA8B;IACzC;QACE,wCAAwC;IAC1C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAC1B,UAAqC,EACrC,eAAuB,EACvB,OAA6C;QAE7C,MAAM,WAAW,GAAsB,EAAE,CAAC;QAE1C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,sDAAsD;YACtD,IAAI,SAAS,CAAC,SAAS,KAAK,KAAK,IAAI,SAAS,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;gBAC9D,SAAS;YACX,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,qBAAqB,CAAC,SAAS,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;YAClF,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,qBAAqB,CAC3B,SAAkC,EAClC,eAAuB,EACvB,OAA6C;QAE7C,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;QAE7E,OAAO;YACL,EAAE,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YACnE,YAAY,EAAE,OAAO,CAAC,QAAQ;YAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,IAAI,CAAC,wBAAwB,CAAC,SAAS,CAAC;YACpD,UAAU;YACV,WAAW,EAAE,IAAI,CAAC,yBAAyB,CAAC,SAAS,EAAE,eAAe,CAAC;YACvE,WAAW;YACX,MAAM,EAAE,SAAS,CAAC,SAAS,KAAK,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,YAAY;YACjE,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,YAAY,EAAE,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,KAAK,CAAC;YACvD,YAAY,EAAE,IAAI,IAAI,EAAE;SACzB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,KAAa;QACvC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,SAAkC,EAAE,MAAc;QAC3E,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAElD,OAAO,GAAG,MAAM,IAAI,GAAG,IAAI,IAAI,IAAI,SAAS,EAAE,CAAC;IACjD,CAAC;IAEO,iBAAiB,CAAC,KAAa,EAAE,OAAe;QACtD,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3C,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACtG,OAAO,YAAY,CAAC;QACtB,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9G,OAAO,SAAS,CAAC;QACnB,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACxE,OAAO,MAAM,CAAC;QAChB,CAAC;aAAM,CAAC;YACN,OAAO,aAAa,CAAC;QACvB,CAAC;IACH,CAAC;IAEO,wBAAwB,CAAC,SAAkC;QACjE,IAAI,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,SAAS,CAAC,IAAqC,CAAC;IACzD,CAAC;IAEO,yBAAyB,CAAC,SAAkC,EAAE,OAAe;QACnF,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,IAAI,6BAA6B,CAAC;QACnE,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAE9D,OAAO,GAAG,OAAO,gBAAgB,OAAO,MAAM,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,IAAI,CAAC,uBAAa,CAAC,eAAe,EAAE,EAAE,CAAC;gBACrC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,uBAAa,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;YACrE,OAAO,QAAQ,CAAC,OAAO,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,kDAAkD,EAAE,KAAK,CAAC,CAAC;YACxE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAvHD,wEAuHC;AAEY,QAAA,8BAA8B,GAAG,IAAI,8BAA8B,EAAE,CAAC"}

package/dist/services/secret-manager.d.ts

@@ -0,0 +1,150 @@
+/**
+ * Enterprise Secret Management & Discovery Service
+ *
+ * SECURITY-FIRST APPROACH:
+ * - Never stores actual secret values externally
+ * - Deploys to customer's own AWS account
+ * - Provides discovery, cataloging, and workflow management
+ * - Generates secure deployment templates
+ * - Maintains compliance with enterprise security policies
+ *
+ * Features:
+ * 1. Secret Discovery & Cataloging (metadata only)
+ * 2. Approval Workflow Management
+ * 3. AWS Secrets Manager Template Generation
+ * 4. Team Secret Registry (references only)
+ * 5. Compliance & Audit Trail
+ */
+import { EnhancedSecretDetection } from './secret-detection';
+export interface SecretDiscovery {
+    id: string;
+    discoveredBy: string;
+    teamId: string;
+    secretType: 'api_key' | 'password' | 'token' | 'connection_string' | 'url' | 'endpoint';
+    secretName: string;
+    description: string;
+    context: string;
+    environment: 'production' | 'staging' | 'development' | 'test';
+    status: 'discovered' | 'approval_requested' | 'approved' | 'managed' | 'deprecated';
+    approvalRequired: boolean;
+    approvedBy?: string;
+    approvedAt?: Date;
+    discoveredAt: Date;
+    tags: string[];
+    riskLevel: 'low' | 'medium' | 'high' | 'critical';
+    valueHash: string;
+    valuePreview: string;
+}
+export interface SecretTemplate {
+    name: string;
+    description: string;
+    environment: string;
+    secretType: string;
+    terraformTemplate: string;
+    cloudFormationTemplate: string;
+    awsCliCommands: string[];
+    tags: Record<string, string>;
+}
+export interface TeamSecretRegistry {
+    id: string;
+    name: string;
+    description: string;
+    environment: string;
+    secretType: string;
+    teamId: string;
+    awsSecretArn?: string;
+    status: 'active' | 'deprecated' | 'rotated';
+    createdBy: string;
+    createdAt: Date;
+    lastRotated?: Date;
+    rotationSchedule?: string;
+    accessInstructions: string;
+    tags: string[];
+}
+export interface URLRegistry {
+    id: string;
+    url: string;
+    name: string;
+    description: string;
+    environment: string;
+    teamId: string;
+    category: 'api' | 'webhook' | 'database' | 'service' | 'documentation' | 'other';
+    status: 'active' | 'deprecated' | 'testing';
+    addedBy: string;
+    addedAt: Date;
+    lastVerified?: Date;
+    tags: string[];
+    accessInstructions?: string;
+}
+export declare class EnterpriseSecretManagerService {
+    constructor();
+    /**
+     * Process detected secrets - DISCOVERY ONLY, no storage of actual values
+     */
+    processDetectedSecrets(detections: EnhancedSecretDetection[], originalContent: string, context: {
+        authorId: string;
+        teamId: string;
+    }): Promise<SecretDiscovery[]>;
+    /**
+     * Create a secret discovery record - METADATA ONLY
+     */
+    private createSecretDiscovery;
+    /**
+     * Send approval notification for high-risk secrets
+     */
+    private sendApprovalNotification;
+    /**
+     * Generate secret name for cataloging
+     */
+    private generateSecretName;
+    /**
+     * Detect environment from secret value and content
+     */
+    private detectEnvironment;
+    /**
+     * Map detection type to secret type
+     */
+    private mapDetectionToSecretType;
+    /**
+     * Generate description for secret
+     */
+    private generateSecretDescription;
+    /**
+     * Generate tags for secret
+     */
+    private generateSecretTags;
+    /**
+     * Hash secret value for duplicate detection
+     */
+    private hashSecretValue;
+    /**
+     * Create safe preview of secret value
+     */
+    private createSecretPreview;
+    /**
+     * Store secret discovery (metadata only)
+     */
+    private storeSecretDiscovery;
+    /**
+     * Generate deployment templates for customer's AWS account
+     */
+    generateSecretTemplate(discovery: SecretDiscovery): Promise<SecretTemplate>;
+    /**
+     * Generate Terraform template for customer deployment
+     */
+    private generateTerraformTemplate;
+    /**
+     * Generate CloudFormation template
+     */
+    private generateCloudFormationTemplate;
+    /**
+     * Generate AWS CLI commands for manual deployment
+     */
+    private generateAWSCliCommands;
+    /**
+     * Check if service is available (authenticated backend API)
+     */
+    isAvailable(): Promise<boolean>;
+}
+export declare const enterpriseSecretManagerService: EnterpriseSecretManagerService;
+//# sourceMappingURL=secret-manager.d.ts.map

package/dist/services/secret-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-manager.d.ts","sourceRoot":"","sources":["../../src/services/secret-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAG7D,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,SAAS,GAAG,UAAU,GAAG,OAAO,GAAG,mBAAmB,GAAG,KAAK,GAAG,UAAU,CAAC;IACxF,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,YAAY,GAAG,SAAS,GAAG,aAAa,GAAG,MAAM,CAAC;IAC/D,MAAM,EAAE,YAAY,GAAG,oBAAoB,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;IACpF,gBAAgB,EAAE,OAAO,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,YAAY,EAAE,IAAI,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAElD,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,QAAQ,GAAG,YAAY,GAAG,SAAS,CAAC;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,KAAK,GAAG,SAAS,GAAG,UAAU,GAAG,SAAS,GAAG,eAAe,GAAG,OAAO,CAAC;IACjF,MAAM,EAAE,QAAQ,GAAG,YAAY,GAAG,SAAS,CAAC;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,IAAI,CAAC;IACd,YAAY,CAAC,EAAE,IAAI,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,qBAAa,8BAA8B;;IAKzC;;OAEG;IACG,sBAAsB,CAC1B,UAAU,EAAE,uBAAuB,EAAE,EACrC,eAAe,EAAE,MAAM,EACvB,OAAO,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,GAC5C,OAAO,CAAC,eAAe,EAAE,CAAC;IAqB7B;;OAEG;YACW,qBAAqB;IAiCnC;;OAEG;YACW,wBAAwB;IAKtC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAQ1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAezB;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAOhC;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAOjC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiB1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAIvB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAU3B;;OAEG;YACW,oBAAoB;IAMlC;;OAEG;IACG,sBAAsB,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IAsBjF;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAqCjC;;OAEG;IACH,OAAO,CAAC,8BAA8B;IAoBtC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAO9B;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;CAYtC;AAED,eAAO,MAAM,8BAA8B,gCAAuC,CAAC"}

package/dist/services/secret-manager.js

@@ -0,0 +1,287 @@
+"use strict";
+/**
+ * Enterprise Secret Management & Discovery Service
+ *
+ * SECURITY-FIRST APPROACH:
+ * - Never stores actual secret values externally
+ * - Deploys to customer's own AWS account
+ * - Provides discovery, cataloging, and workflow management
+ * - Generates secure deployment templates
+ * - Maintains compliance with enterprise security policies
+ *
+ * Features:
+ * 1. Secret Discovery & Cataloging (metadata only)
+ * 2. Approval Workflow Management
+ * 3. AWS Secrets Manager Template Generation
+ * 4. Team Secret Registry (references only)
+ * 5. Compliance & Audit Trail
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.enterpriseSecretManagerService = exports.EnterpriseSecretManagerService = void 0;
+const aws_api_1 = require("./aws-api");
+const crypto_1 = __importDefault(require("crypto"));
+class EnterpriseSecretManagerService {
+    constructor() {
+        // API endpoint managed by awsApiService
+    }
+    /**
+     * Process detected secrets - DISCOVERY ONLY, no storage of actual values
+     */
+    async processDetectedSecrets(detections, originalContent, context) {
+        const discoveries = [];
+        for (const detection of detections) {
+            // Skip low-risk detections that don't need management
+            if (detection.riskLevel === 'low' && detection.type === 'pii') {
+                continue;
+            }
+            const discovery = await this.createSecretDiscovery(detection, originalContent, context);
+            discoveries.push(discovery);
+            // Send approval notification for high-risk secrets
+            if (detection.riskLevel === 'critical' || detection.riskLevel === 'high') {
+                await this.sendApprovalNotification(discovery);
+            }
+        }
+        return discoveries;
+    }
+    /**
+     * Create a secret discovery record - METADATA ONLY
+     */
+    async createSecretDiscovery(detection, originalContent, context) {
+        const secretName = this.generateSecretName(detection, context.teamId);
+        const environment = this.detectEnvironment(detection.value, originalContent);
+        const discovery = {
+            id: `disc_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`,
+            discoveredBy: context.authorId,
+            teamId: context.teamId,
+            secretType: this.mapDetectionToSecretType(detection),
+            secretName,
+            description: this.generateSecretDescription(detection, originalContent),
+            context: detection.context || 'Detected in knowledge entry',
+            environment,
+            approvalRequired: detection.riskLevel === 'critical' || detection.riskLevel === 'high',
+            status: detection.riskLevel === 'low' ? 'approved' : 'discovered',
+            discoveredAt: new Date(),
+            tags: this.generateSecretTags(detection, originalContent),
+            riskLevel: detection.riskLevel,
+            // SECURITY: Only store hash and preview, never full value
+            valueHash: this.hashSecretValue(detection.value),
+            valuePreview: this.createSecretPreview(detection.value)
+        };
+        // Store discovery record (metadata only)
+        await this.storeSecretDiscovery(discovery);
+        return discovery;
+    }
+    /**
+     * Send approval notification for high-risk secrets
+     */
+    async sendApprovalNotification(discovery) {
+        // Log the notification for tracking
+        console.log(`📧 Approval notification sent for ${discovery.secretName} (${discovery.riskLevel} risk)`);
+    }
+    /**
+     * Generate secret name for cataloging
+     */
+    generateSecretName(detection, teamId) {
+        const type = detection.type.replace('_', '-');
+        const env = this.detectEnvironment(detection.value, '');
+        const timestamp = Date.now().toString().slice(-6);
+        return `${teamId}/${env}/${type}-${timestamp}`;
+    }
+    /**
+     * Detect environment from secret value and content
+     */
+    detectEnvironment(value, content) {
+        const lowerValue = value.toLowerCase();
+        const lowerContent = content.toLowerCase();
+        if (lowerValue.includes('prod') || lowerValue.includes('live') || lowerContent.includes('production')) {
+            return 'production';
+        }
+        else if (lowerValue.includes('staging') || lowerValue.includes('stage') || lowerContent.includes('staging')) {
+            return 'staging';
+        }
+        else if (lowerValue.includes('test') || lowerContent.includes('test')) {
+            return 'test';
+        }
+        else {
+            return 'development';
+        }
+    }
+    /**
+     * Map detection type to secret type
+     */
+    mapDetectionToSecretType(detection) {
+        if (detection.value.startsWith('http')) {
+            return 'url';
+        }
+        return detection.type;
+    }
+    /**
+     * Generate description for secret
+     */
+    generateSecretDescription(detection, content) {
+        const context = detection.context || 'Detected in knowledge entry';
+        const preview = content.substring(0, 100).replace(/\n/g, ' ');
+        return `${context}. Found in: "${preview}..."`;
+    }
+    /**
+     * Generate tags for secret
+     */
+    generateSecretTags(detection, content) {
+        const tags = [];
+        // Add risk level tag
+        tags.push(`risk-${detection.riskLevel}`);
+        // Add source tag
+        tags.push(`source-${detection.source || 'pattern'}`);
+        // Add content-based tags
+        if (content.toLowerCase().includes('api'))
+            tags.push('api');
+        if (content.toLowerCase().includes('database'))
+            tags.push('database');
+        if (content.toLowerCase().includes('auth'))
+            tags.push('authentication');
+        return tags;
+    }
+    /**
+     * Hash secret value for duplicate detection
+     */
+    hashSecretValue(value) {
+        return crypto_1.default.createHash('sha256').update(value).digest('hex');
+    }
+    /**
+     * Create safe preview of secret value
+     */
+    createSecretPreview(value) {
+        if (value.length <= 8) {
+            return '***';
+        }
+        else if (value.length <= 16) {
+            return value.substring(0, 2) + '***' + value.substring(value.length - 2);
+        }
+        else {
+            return value.substring(0, 4) + '***' + value.substring(value.length - 4);
+        }
+    }
+    /**
+     * Store secret discovery (metadata only)
+     */
+    async storeSecretDiscovery(discovery) {
+        // Store in customer's cloud infrastructure
+        // This would integrate with the team's DynamoDB or other storage
+        console.log(`🔍 Secret discovery stored: ${discovery.secretName}`);
+    }
+    /**
+     * Generate deployment templates for customer's AWS account
+     */
+    async generateSecretTemplate(discovery) {
+        const template = {
+            name: discovery.secretName,
+            description: discovery.description,
+            environment: discovery.environment,
+            secretType: discovery.secretType,
+            terraformTemplate: this.generateTerraformTemplate(discovery),
+            cloudFormationTemplate: this.generateCloudFormationTemplate(discovery),
+            awsCliCommands: this.generateAWSCliCommands(discovery),
+            tags: {
+                Environment: discovery.environment,
+                Team: discovery.teamId,
+                Type: discovery.secretType,
+                RiskLevel: discovery.riskLevel,
+                ManagedBy: 'today-cli',
+                ...discovery.tags.reduce((acc, tag) => ({ ...acc, [tag]: 'true' }), {})
+            }
+        };
+        return template;
+    }
+    /**
+     * Generate Terraform template for customer deployment
+     */
+    generateTerraformTemplate(discovery) {
+        const secretNameSafe = discovery.secretName.replace(/[^a-zA-Z0-9]/g, '_');
+        return `# Terraform template for ${discovery.secretName}
+# Deploy this in your own AWS account
+
+resource "aws_secretsmanager_secret" "${secretNameSafe}" {
+  name        = "${discovery.secretName}"
+  description = "${discovery.description}"
+  
+  tags = {
+    Environment = "${discovery.environment}"
+    Team        = "${discovery.teamId}"
+    Type        = "${discovery.secretType}"
+    RiskLevel   = "${discovery.riskLevel}"
+    ManagedBy   = "today-cli"
+  }
+}
+
+resource "aws_secretsmanager_secret_version" "${secretNameSafe}_version" {
+  secret_id = aws_secretsmanager_secret.${secretNameSafe}.id
+  
+  # SECURITY: You must manually set the secret value
+  secret_string = jsonencode({
+    value       = "YOUR_ACTUAL_SECRET_VALUE_HERE"
+    type        = "${discovery.secretType}"
+    environment = "${discovery.environment}"
+    created_by  = "${discovery.discoveredBy}"
+    team_id     = "${discovery.teamId}"
+  })
+}
+
+output "${secretNameSafe}_arn" {
+  description = "ARN of the created secret"
+  value       = aws_secretsmanager_secret.${secretNameSafe}.arn
+}`;
+    }
+    /**
+     * Generate CloudFormation template
+     */
+    generateCloudFormationTemplate(discovery) {
+        const secretNameSafe = discovery.secretName.replace(/[^a-zA-Z0-9]/g, '');
+        return `AWSTemplateFormatVersion: '2010-09-09'
+Description: 'Secret management for ${discovery.secretName}'
+Resources:
+  ${secretNameSafe}Secret:
+    Type: AWS::SecretsManager::Secret
+    Properties:
+      Name: ${discovery.secretName}
+      Description: ${discovery.description}
+      Tags:
+        - Key: Environment
+          Value: ${discovery.environment}
+        - Key: Team
+          Value: ${discovery.teamId}
+Outputs:
+  SecretArn:
+    Value: !Ref ${secretNameSafe}Secret`;
+    }
+    /**
+     * Generate AWS CLI commands for manual deployment
+     */
+    generateAWSCliCommands(discovery) {
+        return [
+            '# Create the secret in your AWS account',
+            `aws secretsmanager create-secret --name "${discovery.secretName}" --description "${discovery.description}"`
+        ];
+    }
+    /**
+     * Check if service is available (authenticated backend API)
+     */
+    async isAvailable() {
+        try {
+            if (!aws_api_1.awsApiService.isAuthenticated()) {
+                return false;
+            }
+            const response = await aws_api_1.awsApiService.callAPI('/secrets/list', 'GET');
+            return response.success;
+        }
+        catch (error) {
+            console.warn('Enterprise Secret Manager service not available:', error);
+            return false;
+        }
+    }
+}
+exports.EnterpriseSecretManagerService = EnterpriseSecretManagerService;
+exports.enterpriseSecretManagerService = new EnterpriseSecretManagerService();
+//# sourceMappingURL=secret-manager.js.map

package/dist/services/secret-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-manager.js","sourceRoot":"","sources":["../../src/services/secret-manager.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;;;;AAEH,uCAA0C;AAE1C,oDAA4B;AAmE5B,MAAa,8BAA8B;IACzC;QACE,wCAAwC;IAC1C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAC1B,UAAqC,EACrC,eAAuB,EACvB,OAA6C;QAE7C,MAAM,WAAW,GAAsB,EAAE,CAAC;QAE1C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,sDAAsD;YACtD,IAAI,SAAS,CAAC,SAAS,KAAK,KAAK,IAAI,SAAS,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;gBAC9D,SAAS;YACX,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,SAAS,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;YACxF,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAE5B,mDAAmD;YACnD,IAAI,SAAS,CAAC,SAAS,KAAK,UAAU,IAAI,SAAS,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;gBACzE,MAAM,IAAI,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,qBAAqB,CACjC,SAAkC,EAClC,eAAuB,EACvB,OAA6C;QAE7C,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;QAE7E,MAAM,SAAS,GAAoB;YACjC,EAAE,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YACtE,YAAY,EAAE,OAAO,CAAC,QAAQ;YAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,IAAI,CAAC,wBAAwB,CAAC,SAAS,CAAC;YACpD,UAAU;YACV,WAAW,EAAE,IAAI,CAAC,yBAAyB,CAAC,SAAS,EAAE,eAAe,CAAC;YACvE,OAAO,EAAE,SAAS,CAAC,OAAO,IAAI,6BAA6B;YAC3D,WAAW;YACX,gBAAgB,EAAE,SAAS,CAAC,SAAS,KAAK,UAAU,IAAI,SAAS,CAAC,SAAS,KAAK,MAAM;YACtF,MAAM,EAAE,SAAS,CAAC,SAAS,KAAK,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,YAAY;YACjE,YAAY,EAAE,IAAI,IAAI,EAAE;YACxB,IAAI,EAAE,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,eAAe,CAAC;YACzD,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,0DAA0D;YAC1D,SAAS,EAAE,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,KAAK,CAAC;YAChD,YAAY,EAAE,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,KAAK,CAAC;SACxD,CAAC;QAEF,yCAAyC;QACzC,MAAM,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAE3C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,wBAAwB,CAAC,SAA0B;QAC/D,oCAAoC;QACpC,OAAO,CAAC,GAAG,CAAC,qCAAqC,SAAS,CAAC,UAAU,KAAK,SAAS,CAAC,SAAS,QAAQ,CAAC,CAAC;IACzG,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,SAAkC,EAAE,MAAc;QAC3E,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAElD,OAAO,GAAG,MAAM,IAAI,GAAG,IAAI,IAAI,IAAI,SAAS,EAAE,CAAC;IACjD,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,KAAa,EAAE,OAAe;QACtD,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3C,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACtG,OAAO,YAAY,CAAC;QACtB,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9G,OAAO,SAAS,CAAC;QACnB,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACxE,OAAO,MAAM,CAAC;QAChB,CAAC;aAAM,CAAC;YACN,OAAO,aAAa,CAAC;QACvB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,wBAAwB,CAAC,SAAkC;QACjE,IAAI,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,SAAS,CAAC,IAAqC,CAAC;IACzD,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,SAAkC,EAAE,OAAe;QACnF,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,IAAI,6BAA6B,CAAC;QACnE,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAE9D,OAAO,GAAG,OAAO,gBAAgB,OAAO,MAAM,CAAC;IACjD,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,SAAkC,EAAE,OAAe;QAC5E,MAAM,IAAI,GAAa,EAAE,CAAC;QAE1B,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,QAAQ,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;QAEzC,iBAAiB;QACjB,IAAI,CAAC,IAAI,CAAC,UAAU,SAAS,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;QAErD,yBAAyB;QACzB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5D,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAExE,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAa;QACnC,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,KAAa;QACvC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAAC,SAA0B;QAC3D,2CAA2C;QAC3C,iEAAiE;QACjE,OAAO,CAAC,GAAG,CAAC,+BAA+B,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,SAA0B;QACrD,MAAM,QAAQ,GAAmB;YAC/B,IAAI,EAAE,SAAS,CAAC,UAAU;YAC1B,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,iBAAiB,EAAE,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC;YAC5D,sBAAsB,EAAE,IAAI,CAAC,8BAA8B,CAAC,SAAS,CAAC;YACtE,cAAc,EAAE,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC;YACtD,IAAI,EAAE;gBACJ,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,IAAI,EAAE,SAAS,CAAC,MAAM;gBACtB,IAAI,EAAE,SAAS,CAAC,UAAU;gBAC1B,SAAS,EAAE,SAAS,CAAC,SAAS;gBAC9B,SAAS,EAAE,WAAW;gBACtB,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;aACxE;SACF,CAAC;QAEF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,SAA0B;QAC1D,MAAM,cAAc,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;QAC1E,OAAO,4BAA4B,SAAS,CAAC,UAAU;;;wCAGnB,cAAc;mBACnC,SAAS,CAAC,UAAU;mBACpB,SAAS,CAAC,WAAW;;;qBAGnB,SAAS,CAAC,WAAW;qBACrB,SAAS,CAAC,MAAM;qBAChB,SAAS,CAAC,UAAU;qBACpB,SAAS,CAAC,SAAS;;;;;gDAKQ,cAAc;0CACpB,cAAc;;;;;qBAKnC,SAAS,CAAC,UAAU;qBACpB,SAAS,CAAC,WAAW;qBACrB,SAAS,CAAC,YAAY;qBACtB,SAAS,CAAC,MAAM;;;;UAI3B,cAAc;;4CAEoB,cAAc;EACxD,CAAC;IACD,CAAC;IAED;;OAEG;IACK,8BAA8B,CAAC,SAA0B;QAC/D,MAAM,cAAc,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QACzE,OAAO;sCAC2B,SAAS,CAAC,UAAU;;IAEtD,cAAc;;;cAGJ,SAAS,CAAC,UAAU;qBACb,SAAS,CAAC,WAAW;;;mBAGvB,SAAS,CAAC,WAAW;;mBAErB,SAAS,CAAC,MAAM;;;kBAGjB,cAAc,QAAQ,CAAC;IACvC,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,SAA0B;QACvD,OAAO;YACL,yCAAyC;YACzC,4CAA4C,SAAS,CAAC,UAAU,oBAAoB,SAAS,CAAC,WAAW,GAAG;SAC7G,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,IAAI,CAAC,uBAAa,CAAC,eAAe,EAAE,EAAE,CAAC;gBACrC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,QAAQ,GAAG,MAAM,uBAAa,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;YACrE,OAAO,QAAQ,CAAC,OAAO,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,kDAAkD,EAAE,KAAK,CAAC,CAAC;YACxE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAhSD,wEAgSC;AAEY,QAAA,8BAA8B,GAAG,IAAI,8BAA8B,EAAE,CAAC"}

package/dist/services/vector-embeddings.d.ts

@@ -0,0 +1,70 @@
+export interface EmbeddingResult {
+    embedding: number[];
+    model: string;
+    dimensions: number;
+}
+export declare class VectorEmbeddingService {
+    private embeddingCache;
+    private readonly embeddingModel;
+    constructor();
+    /**
+     * Generate embedding for a single text
+     * Routes through authenticated backend API
+     */
+    generateEmbedding(text: string): Promise<number[]>;
+    /**
+     * Generate embeddings for multiple texts in batches
+     * Routes through authenticated backend API
+     */
+    batchGenerateEmbeddings(texts: string[]): Promise<number[][]>;
+    /**
+     * Calculate cosine similarity between two vectors
+     */
+    cosineSimilarity(a: number[], b: number[]): number;
+    /**
+     * Find most similar embeddings from a collection
+     */
+    findMostSimilar(queryEmbedding: number[], candidateEmbeddings: Array<{
+        id: string;
+        embedding: number[];
+    }>, topK?: number, threshold?: number): Array<{
+        id: string;
+        similarity: number;
+    }>;
+    /**
+     * Preprocess text for better embedding quality
+     */
+    private _preprocessText;
+    /**
+     * Generate cache key for text
+     */
+    private getCacheKey;
+    /**
+     * Utility delay function
+     */
+    private _delay;
+    /**
+     * Check if embedding service is available
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * Get embedding model information
+     */
+    getModelInfo(): {
+        model: string;
+        dimensions: number;
+    };
+    /**
+     * Clear embedding cache
+     */
+    clearCache(): void;
+    /**
+     * Get cache statistics
+     */
+    getCacheStats(): {
+        size: number;
+        hitRate?: number;
+    };
+}
+export declare const vectorEmbeddingService: VectorEmbeddingService;
+//# sourceMappingURL=vector-embeddings.d.ts.map

package/dist/services/vector-embeddings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vector-embeddings.d.ts","sourceRoot":"","sources":["../../src/services/vector-embeddings.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,cAAc,CAA+B;IACrD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAkC;;IAMjE;;;OAGG;IACG,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAsCxD;;;OAGG;IACG,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;IAuBnE;;OAEG;IACH,gBAAgB,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM;IAgBlD;;OAEG;IACH,eAAe,CACb,cAAc,EAAE,MAAM,EAAE,EACxB,mBAAmB,EAAE,KAAK,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,EAAE,CAAA;KAAC,CAAC,EAC7D,IAAI,GAAE,MAAW,EACjB,SAAS,GAAE,MAAY,GACtB,KAAK,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,CAAC;IAa1C;;OAEG;IACH,OAAO,CAAC,eAAe;IAQvB;;OAEG;IACH,OAAO,CAAC,WAAW;IAInB;;OAEG;IACH,OAAO,CAAC,MAAM;IAId;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAUrC;;OAEG;IACH,YAAY,IAAI;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC;IAOnD;;OAEG;IACH,UAAU,IAAI,IAAI;IAIlB;;OAEG;IACH,aAAa,IAAI;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAC;CAKlD;AAED,eAAO,MAAM,sBAAsB,wBAA+B,CAAC"}