@blokjs/runner 0.6.20 → 0.7.0

package/dist/security/AuditLogger.js

@@ -1,317 +0,0 @@
-/**
- * Audit Logger for Blok Framework
- *
- * Provides comprehensive audit logging for security and compliance:
- * - All authentication attempts (success and failure)
- * - Authorization decisions
- * - Workflow executions
- * - Node executions
- * - Configuration changes
- * - System events
- *
- * Supports multiple output destinations via AuditSink interface.
- *
- * @example
- * ```typescript
- * const audit = new AuditLogger({
- *   sinks: [
- *     new ConsoleAuditSink(),
- *     new FileAuditSink({ path: "./audit.log" }),
- *   ],
- *   includeTimestamp: true,
- *   includeRequestId: true,
- * });
- *
- * audit.logAuth({
- *   action: "login",
- *   success: true,
- *   identity: { sub: "user-123", provider: "jwt" },
- *   ip: "192.168.1.1",
- * });
- * ```
- */
-import { appendFile, mkdir } from "node:fs/promises";
-import { dirname } from "node:path";
-const SEVERITY_ORDER = {
-    info: 0,
-    warn: 1,
-    error: 2,
-    critical: 3,
-};
-export class AuditLogger {
-    config;
-    buffer = [];
-    flushTimer = null;
-    entryCounter = 0;
-    pendingFlush = null;
-    constructor(config) {
-        this.config = {
-            includeRequestId: true,
-            minSeverity: "info",
-            bufferSize: 100,
-            flushIntervalMs: 5000,
-            serviceName: "blok",
-            ...config,
-        };
-        // Start auto-flush timer
-        if (this.config.flushIntervalMs > 0) {
-            this.flushTimer = setInterval(() => this.flush(), this.config.flushIntervalMs);
-            // Don't block Node.js from exiting
-            if (this.flushTimer.unref) {
-                this.flushTimer.unref();
-            }
-        }
-    }
-    /**
-     * Log an authentication event
-     */
-    logAuth(params) {
-        this.log({
-            category: "auth",
-            severity: params.success ? "info" : "warn",
-            action: params.action,
-            success: params.success,
-            actor: params.identity
-                ? {
-                    sub: params.identity.sub,
-                    name: params.identity.name,
-                    ip: params.ip,
-                    userAgent: params.userAgent,
-                    provider: params.identity.provider,
-                }
-                : undefined,
-            error: params.error ? { message: params.error } : undefined,
-            requestId: params.requestId,
-        });
-    }
-    /**
-     * Log an authorization event
-     */
-    logAuthz(params) {
-        this.log({
-            category: "authz",
-            severity: params.allowed ? "info" : "warn",
-            action: params.action,
-            success: params.allowed,
-            actor: params.actor,
-            resource: params.resource,
-            details: { roles: params.roles },
-            requestId: params.requestId,
-        });
-    }
-    /**
-     * Log a workflow execution event
-     */
-    logWorkflowExecution(params) {
-        this.log({
-            category: "workflow",
-            severity: params.success ? "info" : "error",
-            action: "execute",
-            success: params.success,
-            actor: params.actor,
-            resource: {
-                type: "workflow",
-                id: params.workflowPath,
-                name: params.workflowName,
-            },
-            durationMs: params.durationMs,
-            error: params.error ? { message: params.error } : undefined,
-            requestId: params.requestId,
-        });
-    }
-    /**
-     * Log a configuration change event
-     */
-    logConfigChange(params) {
-        this.log({
-            category: "config",
-            severity: "warn",
-            action: `config.${params.action}`,
-            success: true,
-            actor: params.actor,
-            resource: {
-                type: params.resourceType,
-                id: params.resourceId,
-            },
-            details: params.details,
-        });
-    }
-    /**
-     * Log a security event
-     */
-    logSecurityEvent(params) {
-        this.log({
-            category: "security",
-            severity: params.severity,
-            action: params.action,
-            success: false,
-            actor: params.actor,
-            details: params.details,
-            requestId: params.requestId,
-        });
-    }
-    /**
-     * Core logging method
-     */
-    log(params) {
-        // Check severity threshold
-        if (SEVERITY_ORDER[params.severity] < SEVERITY_ORDER[this.config.minSeverity]) {
-            return;
-        }
-        const entry = {
-            id: `${this.config.serviceName}-${Date.now()}-${++this.entryCounter}`,
-            timestamp: new Date().toISOString(),
-            ...params,
-        };
-        this.buffer.push(entry);
-        // Flush if buffer is full
-        if (this.buffer.length >= this.config.bufferSize) {
-            this.pendingFlush = this.flush();
-        }
-    }
-    /**
-     * Flush buffered entries to all sinks
-     */
-    async flush() {
-        // Wait for any auto-triggered flush to complete
-        if (this.pendingFlush) {
-            const pending = this.pendingFlush;
-            this.pendingFlush = null;
-            await pending;
-        }
-        if (this.buffer.length === 0)
-            return;
-        const entries = [...this.buffer];
-        this.buffer = [];
-        for (const sink of this.config.sinks) {
-            for (const entry of entries) {
-                try {
-                    await sink.write(entry);
-                }
-                catch {
-                    // Don't let sink errors break the audit log
-                }
-            }
-            try {
-                await sink.flush?.();
-            }
-            catch {
-                // Silent
-            }
-        }
-    }
-    /**
-     * Close the audit logger and flush remaining entries
-     */
-    async close() {
-        if (this.flushTimer) {
-            clearInterval(this.flushTimer);
-            this.flushTimer = null;
-        }
-        await this.flush();
-        for (const sink of this.config.sinks) {
-            try {
-                await sink.close?.();
-            }
-            catch {
-                // Silent
-            }
-        }
-    }
-    /**
-     * Get entry count since creation
-     */
-    getEntryCount() {
-        return this.entryCounter;
-    }
-}
-/**
- * Console audit sink - outputs audit entries to stdout as JSON
- */
-export class ConsoleAuditSink {
-    name = "console";
-    write(entry) {
-        const output = JSON.stringify(entry);
-        if (entry.severity === "error" || entry.severity === "critical") {
-            console.error(`[AUDIT] ${output}`);
-        }
-        else if (entry.severity === "warn") {
-            console.warn(`[AUDIT] ${output}`);
-        }
-        else {
-            console.log(`[AUDIT] ${output}`);
-        }
-    }
-}
-/**
- * File audit sink - appends audit entries as JSONL to a file
- */
-export class FileAuditSink {
-    name = "file";
-    filePath;
-    buffer = [];
-    initialized = false;
-    constructor(config) {
-        this.filePath = config.path;
-    }
-    async write(entry) {
-        this.buffer.push(JSON.stringify(entry));
-    }
-    async flush() {
-        if (this.buffer.length === 0)
-            return;
-        if (!this.initialized) {
-            await mkdir(dirname(this.filePath), { recursive: true });
-            this.initialized = true;
-        }
-        const data = `${this.buffer.join("\n")}\n`;
-        this.buffer = [];
-        await appendFile(this.filePath, data, "utf-8");
-    }
-    async close() {
-        await this.flush();
-    }
-}
-/**
- * In-memory audit sink - stores entries in memory (useful for testing)
- */
-export class InMemoryAuditSink {
-    name = "memory";
-    entries = [];
-    maxEntries;
-    constructor(maxEntries = 10000) {
-        this.maxEntries = maxEntries;
-    }
-    write(entry) {
-        this.entries.push(entry);
-        // Ring buffer behavior
-        if (this.entries.length > this.maxEntries) {
-            this.entries.shift();
-        }
-    }
-    getEntries() {
-        return [...this.entries];
-    }
-    query(filter) {
-        let results = this.entries;
-        if (filter.category)
-            results = results.filter((e) => e.category === filter.category);
-        if (filter.severity)
-            results = results.filter((e) => e.severity === filter.severity);
-        if (filter.actorSub)
-            results = results.filter((e) => e.actor?.sub === filter.actorSub);
-        if (filter.action)
-            results = results.filter((e) => e.action === filter.action);
-        if (filter.since) {
-            const since = filter.since;
-            results = results.filter((e) => e.timestamp >= since);
-        }
-        if (filter.limit)
-            results = results.slice(-filter.limit);
-        return results;
-    }
-    clear() {
-        this.entries = [];
-    }
-}
-//# sourceMappingURL=AuditLogger.js.map

package/dist/security/AuditLogger.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuditLogger.js","sourceRoot":"","sources":["../../src/security/AuditLogger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA2EpC,MAAM,cAAc,GAAkC;IACrD,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;IACR,QAAQ,EAAE,CAAC;CACX,CAAC;AAEF,MAAM,OAAO,WAAW;IACf,MAAM,CAA8B;IACpC,MAAM,GAAiB,EAAE,CAAC;IAC1B,UAAU,GAA0B,IAAI,CAAC;IACzC,YAAY,GAAG,CAAC,CAAC;IACjB,YAAY,GAAyB,IAAI,CAAC;IAElD,YAAY,MAAyB;QACpC,IAAI,CAAC,MAAM,GAAG;YACb,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,MAAM;YACnB,UAAU,EAAE,GAAG;YACf,eAAe,EAAE,IAAI;YACrB,WAAW,EAAE,MAAM;YACnB,GAAG,MAAM;SACT,CAAC;QAEF,yBAAyB;QACzB,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;YACrC,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YAC/E,mCAAmC;YACnC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBAC3B,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACzB,CAAC;QACF,CAAC;IACF,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,MAQP;QACA,IAAI,CAAC,GAAG,CAAC;YACR,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YAC1C,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,MAAM,CAAC,QAAQ;gBACrB,CAAC,CAAC;oBACA,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG;oBACxB,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;oBAC1B,EAAE,EAAE,MAAM,CAAC,EAAE;oBACb,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;iBAClC;gBACF,CAAC,CAAC,SAAS;YACZ,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS;YAC3D,SAAS,EAAE,MAAM,CAAC,SAAS;SAC3B,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,MAOR;QACA,IAAI,CAAC,GAAG,CAAC;YACR,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YAC1C,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE;YAChC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC3B,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,MAQpB;QACA,IAAI,CAAC,GAAG,CAAC;YACR,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;YAC3C,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE;gBACT,IAAI,EAAE,UAAU;gBAChB,EAAE,EAAE,MAAM,CAAC,YAAY;gBACvB,IAAI,EAAE,MAAM,CAAC,YAAY;aACzB;YACD,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS;YAC3D,SAAS,EAAE,MAAM,CAAC,SAAS;SAC3B,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,MAMf;QACA,IAAI,CAAC,GAAG,CAAC;YACR,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE;YACjC,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE;gBACT,IAAI,EAAE,MAAM,CAAC,YAAY;gBACzB,EAAE,EAAE,MAAM,CAAC,UAAU;aACrB;YACD,OAAO,EAAE,MAAM,CAAC,OAAO;SACvB,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,MAMhB;QACA,IAAI,CAAC,GAAG,CAAC;YACR,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS;SAC3B,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,MAA4C;QAC/C,2BAA2B;QAC3B,IAAI,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/E,OAAO;QACR,CAAC;QAED,MAAM,KAAK,GAAe;YACzB,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE;YACrE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,GAAG,MAAM;SACT,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAExB,0BAA0B;QAC1B,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YAClD,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QAClC,CAAC;IACF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACV,gDAAgD;QAChD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC;YAClC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YACzB,MAAM,OAAO,CAAC;QACf,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAErC,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC7B,IAAI,CAAC;oBACJ,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACzB,CAAC;gBAAC,MAAM,CAAC;oBACR,4CAA4C;gBAC7C,CAAC;YACF,CAAC;YACD,IAAI,CAAC;gBACJ,MAAM,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YACtB,CAAC;YAAC,MAAM,CAAC;gBACR,SAAS;YACV,CAAC;QACF,CAAC;IACF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACV,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACxB,CAAC;QAED,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QAEnB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtC,IAAI,CAAC;gBACJ,MAAM,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YACtB,CAAC;YAAC,MAAM,CAAC;gBACR,SAAS;YACV,CAAC;QACF,CAAC;IACF,CAAC;IAED;;OAEG;IACH,aAAa;QACZ,OAAO,IAAI,CAAC,YAAY,CAAC;IAC1B,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,gBAAgB;IACnB,IAAI,GAAG,SAAS,CAAC;IAE1B,KAAK,CAAC,KAAiB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,IAAI,KAAK,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;YACjE,OAAO,CAAC,KAAK,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;QACpC,CAAC;aAAM,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;QACnC,CAAC;aAAM,CAAC;YACP,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;QAClC,CAAC;IACF,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,aAAa;IAChB,IAAI,GAAG,MAAM,CAAC;IACf,QAAQ,CAAS;IACjB,MAAM,GAAa,EAAE,CAAC;IACtB,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,MAAwB;QACnC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAiB;QAC5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,KAAK;QACV,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAErC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACvB,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACzB,CAAC;QAED,MAAM,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAC3C,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;QACjB,MAAM,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,KAAK;QACV,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;IACpB,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,iBAAiB;IACpB,IAAI,GAAG,QAAQ,CAAC;IACjB,OAAO,GAAiB,EAAE,CAAC;IAC3B,UAAU,CAAS;IAE3B,YAAY,UAAU,GAAG,KAAK;QAC7B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,KAAiB;QACtB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzB,uBAAuB;QACvB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YAC3C,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;IACF,CAAC;IAED,UAAU;QACT,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,MAOL;QACA,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAE3B,IAAI,MAAM,CAAC,QAAQ;YAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrF,IAAI,MAAM,CAAC,QAAQ;YAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrF,IAAI,MAAM,CAAC,QAAQ;YAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvF,IAAI,MAAM,CAAC,MAAM;YAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/E,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;YAC3B,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,MAAM,CAAC,KAAK;YAAE,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEzD,OAAO,OAAO,CAAC;IAChB,CAAC;IAED,KAAK;QACJ,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;IACnB,CAAC;CACD"}

package/dist/security/AuthMiddleware.d.ts

@@ -1,162 +0,0 @@
-/**
- * Authentication Middleware for Blok Triggers
- *
- * @deprecated Since v0.4.1. Will be removed in v0.5. This class ships as
- * example-grade code (HS256-only JWT verification, no JWKS, no key
- * rotation, non-constant-time API-key lookup) and is not wired into any
- * trigger. Production deployments should compose auth from a hardened
- * library (`jose`, `hono/jwt`, `node-jsonwebtoken`) at the trigger or
- * workflow layer instead. See `docs/d/security/cookbook.mdx` for the
- * recommended patterns.
- *
- * @example
- * ```typescript
- * // Recommended (jose):
- * import { jwtVerify } from "jose";
- * const { payload } = await jwtVerify(token, secret, { issuer, audience });
- * ```
- */
-export interface AuthIdentity {
-    /** Unique identifier for the authenticated entity */
-    sub: string;
-    /** Display name */
-    name?: string;
-    /** Email address */
-    email?: string;
-    /** Assigned roles */
-    roles: string[];
-    /** Additional claims/metadata */
-    claims: Record<string, unknown>;
-    /** Authentication provider that verified this identity */
-    provider: string;
-    /** When the token/key was issued */
-    issuedAt?: number;
-    /** When the token/key expires */
-    expiresAt?: number;
-}
-export interface AuthRequest {
-    headers: Record<string, string | string[] | undefined>;
-    query?: Record<string, string | string[] | undefined>;
-    path?: string;
-    method?: string;
-}
-export interface AuthResult {
-    authenticated: boolean;
-    identity?: AuthIdentity;
-    error?: string;
-    statusCode?: number;
-}
-/**
- * Base interface for authentication providers
- */
-export interface AuthProvider {
-    /** Unique name for this provider */
-    readonly name: string;
-    /** Try to authenticate the request */
-    authenticate(request: AuthRequest): Promise<AuthResult>;
-}
-export interface AuthMiddlewareConfig {
-    /** Authentication providers to use (tried in order) */
-    providers: AuthProvider[];
-    /** Paths to exclude from authentication (e.g., ["/health-check", "/metrics"]) */
-    excludePaths?: string[];
-    /** Whether authentication is required (default: true) */
-    required?: boolean;
-    /** Custom error handler */
-    onAuthFailure?: (result: AuthResult, request: AuthRequest) => void;
-}
-/**
- * @deprecated Since v0.4.1. See file-level JSDoc; will be removed in v0.5.
- */
-export declare class AuthMiddleware {
-    private config;
-    constructor(config: AuthMiddlewareConfig);
-    /**
-     * Authenticate a request against all registered providers.
-     * Returns the first successful authentication result.
-     */
-    authenticate(request: AuthRequest): Promise<AuthResult>;
-    /**
-     * Express-compatible middleware function
-     */
-    expressMiddleware(): (req: {
-        headers: Record<string, string>;
-        query: Record<string, string>;
-        path: string;
-        method: string;
-        auth?: AuthIdentity;
-    }, res: {
-        status: (code: number) => {
-            json: (body: unknown) => void;
-        };
-    }, next: () => void) => Promise<void>;
-    private isExcludedPath;
-}
-/**
- * JWT Authentication Provider
- *
- * Verifies JWT tokens from the Authorization: Bearer header.
- * Supports HS256 (shared secret) out of the box.
- */
-export interface JWTAuthProviderConfig {
-    /** Secret key for HS256 verification */
-    secret: string;
-    /** Expected issuer (iss claim) */
-    issuer?: string;
-    /** Expected audience (aud claim) */
-    audience?: string;
-    /** Header name to read token from (default: "authorization") */
-    headerName?: string;
-    /** Clock tolerance in seconds for exp/nbf validation (default: 30) */
-    clockToleranceSec?: number;
-    /** Map JWT claims to roles (claim name → role mapping function) */
-    rolesClaim?: string;
-}
-/**
- * @deprecated Since v0.4.1. See file-level JSDoc; will be removed in v0.5.
- */
-export declare class JWTAuthProvider implements AuthProvider {
-    readonly name = "jwt";
-    private config;
-    constructor(config: JWTAuthProviderConfig);
-    authenticate(request: AuthRequest): Promise<AuthResult>;
-    /**
-     * Verify JWT token using HS256
-     */
-    private verifyToken;
-}
-/**
- * API Key Authentication Provider
- *
- * Verifies API keys from headers or query parameters.
- */
-export interface APIKeyInfo {
-    /** Name/label for this API key */
-    name: string;
-    /** Roles assigned to this key */
-    roles: string[];
-    /** Additional metadata */
-    metadata?: Record<string, unknown>;
-    /** Expiration timestamp (Unix seconds) */
-    expiresAt?: number;
-}
-export interface APIKeyAuthProviderConfig {
-    /** Map of API key → key info */
-    keys: Map<string, APIKeyInfo>;
-    /** Header name to read key from (default: "x-api-key") */
-    headerName?: string;
-    /** Query parameter name to read key from (default: "api_key") */
-    queryParam?: string;
-    /** Custom key validation function (e.g., for database lookups) */
-    validate?: (key: string) => Promise<APIKeyInfo | null>;
-}
-/**
- * @deprecated Since v0.4.1. See file-level JSDoc; will be removed in v0.5.
- */
-export declare class APIKeyAuthProvider implements AuthProvider {
-    readonly name = "api-key";
-    private config;
-    constructor(config: APIKeyAuthProviderConfig);
-    authenticate(request: AuthRequest): Promise<AuthResult>;
-    private buildResult;
-}