npm - @brightchain/brightchain-api-lib - Versions diffs - 0.14.0 → 0.15.0 - Mend

@brightchain/brightchain-api-lib 0.14.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/package.json +5 -5
package/src/index.d.ts +3 -0
package/src/index.d.ts.map +1 -1
package/src/index.js +5 -0
package/src/index.js.map +1 -1
package/src/lib/application.d.ts +1 -0
package/src/lib/application.d.ts.map +1 -1
package/src/lib/application.js +23 -0
package/src/lib/application.js.map +1 -1
package/src/lib/auth/aclEnforcedAvailability.d.ts +57 -0
package/src/lib/auth/aclEnforcedAvailability.d.ts.map +1 -0
package/src/lib/auth/aclEnforcedAvailability.js +87 -0
package/src/lib/auth/aclEnforcedAvailability.js.map +1 -0
package/src/lib/auth/aclEnforcedBlockStore.d.ts +66 -0
package/src/lib/auth/aclEnforcedBlockStore.d.ts.map +1 -0
package/src/lib/auth/aclEnforcedBlockStore.js +83 -0
package/src/lib/auth/aclEnforcedBlockStore.js.map +1 -0
package/src/lib/auth/ecdsaNodeAuthenticator.d.ts +46 -0
package/src/lib/auth/ecdsaNodeAuthenticator.d.ts.map +1 -0
package/src/lib/auth/ecdsaNodeAuthenticator.js +110 -0
package/src/lib/auth/ecdsaNodeAuthenticator.js.map +1 -0
package/src/lib/auth/index.d.ts +7 -0
package/src/lib/auth/index.d.ts.map +1 -0
package/src/lib/auth/index.js +13 -0
package/src/lib/auth/index.js.map +1 -0
package/src/lib/auth/poolAclBootstrap.d.ts +36 -0
package/src/lib/auth/poolAclBootstrap.d.ts.map +1 -0
package/src/lib/auth/poolAclBootstrap.js +64 -0
package/src/lib/auth/poolAclBootstrap.js.map +1 -0
package/src/lib/auth/poolAclStore.d.ts +77 -0
package/src/lib/auth/poolAclStore.d.ts.map +1 -0
package/src/lib/auth/poolAclStore.js +189 -0
package/src/lib/auth/poolAclStore.js.map +1 -0
package/src/lib/auth/poolAclUpdater.d.ts +79 -0
package/src/lib/auth/poolAclUpdater.d.ts.map +1 -0
package/src/lib/auth/poolAclUpdater.js +144 -0
package/src/lib/auth/poolAclUpdater.js.map +1 -0
package/src/lib/availability/availabilityService.d.ts +2 -2
package/src/lib/availability/availabilityService.d.ts.map +1 -1
package/src/lib/availability/availabilityService.js +12 -5
package/src/lib/availability/availabilityService.js.map +1 -1
package/src/lib/availability/blockRegistry.d.ts +45 -3
package/src/lib/availability/blockRegistry.d.ts.map +1 -1
package/src/lib/availability/blockRegistry.js +123 -5
package/src/lib/availability/blockRegistry.js.map +1 -1
package/src/lib/availability/discoveryProtocol.d.ts +30 -1
package/src/lib/availability/discoveryProtocol.d.ts.map +1 -1
package/src/lib/availability/discoveryProtocol.js +76 -0
package/src/lib/availability/discoveryProtocol.js.map +1 -1
package/src/lib/availability/gossipService.d.ts +45 -6
package/src/lib/availability/gossipService.d.ts.map +1 -1
package/src/lib/availability/gossipService.js +177 -5
package/src/lib/availability/gossipService.js.map +1 -1
package/src/lib/availability/reconciliationService.d.ts +88 -1
package/src/lib/availability/reconciliationService.d.ts.map +1 -1
package/src/lib/availability/reconciliationService.js +246 -48
package/src/lib/availability/reconciliationService.js.map +1 -1
package/src/lib/blockFetch/blockFetcher.d.ts +100 -0
package/src/lib/blockFetch/blockFetcher.d.ts.map +1 -0
package/src/lib/blockFetch/blockFetcher.js +279 -0
package/src/lib/blockFetch/blockFetcher.js.map +1 -0
package/src/lib/blockFetch/fetchQueue.d.ts +88 -0
package/src/lib/blockFetch/fetchQueue.d.ts.map +1 -0
package/src/lib/blockFetch/fetchQueue.js +204 -0
package/src/lib/blockFetch/fetchQueue.js.map +1 -0
package/src/lib/blockFetch/httpBlockFetchTransport.d.ts +65 -0
package/src/lib/blockFetch/httpBlockFetchTransport.d.ts.map +1 -0
package/src/lib/blockFetch/httpBlockFetchTransport.js +104 -0
package/src/lib/blockFetch/httpBlockFetchTransport.js.map +1 -0
package/src/lib/blockFetch/index.d.ts +10 -0
package/src/lib/blockFetch/index.d.ts.map +1 -0
package/src/lib/blockFetch/index.js +13 -0
package/src/lib/blockFetch/index.js.map +1 -0
package/src/lib/controllers/api/brightpass.d.ts +72 -0
package/src/lib/controllers/api/brightpass.d.ts.map +1 -0
package/src/lib/controllers/api/brightpass.js +577 -0
package/src/lib/controllers/api/brightpass.js.map +1 -0
package/src/lib/controllers/api/channels.d.ts +122 -0
package/src/lib/controllers/api/channels.d.ts.map +1 -0
package/src/lib/controllers/api/channels.js +701 -0
package/src/lib/controllers/api/channels.js.map +1 -0
package/src/lib/controllers/api/conversations.d.ts +89 -0
package/src/lib/controllers/api/conversations.d.ts.map +1 -0
package/src/lib/controllers/api/conversations.js +259 -0
package/src/lib/controllers/api/conversations.js.map +1 -0
package/src/lib/controllers/api/emails.d.ts +122 -0
package/src/lib/controllers/api/emails.d.ts.map +1 -0
package/src/lib/controllers/api/emails.js +494 -0
package/src/lib/controllers/api/emails.js.map +1 -0
package/src/lib/controllers/api/explodingMessages.d.ts +79 -0
package/src/lib/controllers/api/explodingMessages.d.ts.map +1 -0
package/src/lib/controllers/api/explodingMessages.js +378 -0
package/src/lib/controllers/api/explodingMessages.js.map +1 -0
package/src/lib/controllers/api/groups.d.ts +94 -0
package/src/lib/controllers/api/groups.d.ts.map +1 -0
package/src/lib/controllers/api/groups.js +484 -0
package/src/lib/controllers/api/groups.js.map +1 -0
package/src/lib/controllers/api/index.d.ts +6 -0
package/src/lib/controllers/api/index.d.ts.map +1 -1
package/src/lib/controllers/api/index.js +6 -0
package/src/lib/controllers/api/index.js.map +1 -1
package/src/lib/controllers/api/messages.d.ts.map +1 -1
package/src/lib/controllers/api/messages.js +2 -1
package/src/lib/controllers/api/messages.js.map +1 -1
package/src/lib/controllers/api/sync.d.ts +38 -2
package/src/lib/controllers/api/sync.d.ts.map +1 -1
package/src/lib/controllers/api/sync.js +89 -0
package/src/lib/controllers/api/sync.js.map +1 -1
package/src/lib/controllers/crypto/gitController.d.ts +70 -0
package/src/lib/controllers/crypto/gitController.d.ts.map +1 -0
package/src/lib/controllers/crypto/gitController.js +306 -0
package/src/lib/controllers/crypto/gitController.js.map +1 -0
package/src/lib/controllers/crypto/index.d.ts +3 -0
package/src/lib/controllers/crypto/index.d.ts.map +1 -0
package/src/lib/controllers/crypto/index.js +6 -0
package/src/lib/controllers/crypto/index.js.map +1 -0
package/src/lib/controllers/crypto/walletController.d.ts +64 -0
package/src/lib/controllers/crypto/walletController.d.ts.map +1 -0
package/src/lib/controllers/crypto/walletController.js +260 -0
package/src/lib/controllers/crypto/walletController.js.map +1 -0
package/src/lib/controllers/identity/deviceController.d.ts +96 -0
package/src/lib/controllers/identity/deviceController.d.ts.map +1 -0
package/src/lib/controllers/identity/deviceController.js +355 -0
package/src/lib/controllers/identity/deviceController.js.map +1 -0
package/src/lib/controllers/identity/directoryController.d.ts +75 -0
package/src/lib/controllers/identity/directoryController.d.ts.map +1 -0
package/src/lib/controllers/identity/directoryController.js +288 -0
package/src/lib/controllers/identity/directoryController.js.map +1 -0
package/src/lib/controllers/identity/identityProofController.d.ts +94 -0
package/src/lib/controllers/identity/identityProofController.d.ts.map +1 -0
package/src/lib/controllers/identity/identityProofController.js +454 -0
package/src/lib/controllers/identity/identityProofController.js.map +1 -0
package/src/lib/controllers/identity/index.d.ts +4 -0
package/src/lib/controllers/identity/index.d.ts.map +1 -0
package/src/lib/controllers/identity/index.js +7 -0
package/src/lib/controllers/identity/index.js.map +1 -0
package/src/lib/controllers/index.d.ts +2 -0
package/src/lib/controllers/index.d.ts.map +1 -1
package/src/lib/controllers/index.js +2 -0
package/src/lib/controllers/index.js.map +1 -1
package/src/lib/encryption/encryptedMetadataService.d.ts +87 -0
package/src/lib/encryption/encryptedMetadataService.d.ts.map +1 -0
package/src/lib/encryption/encryptedMetadataService.js +224 -0
package/src/lib/encryption/encryptedMetadataService.js.map +1 -0
package/src/lib/encryption/encryptionAwareReplication.d.ts +76 -0
package/src/lib/encryption/encryptionAwareReplication.d.ts.map +1 -0
package/src/lib/encryption/encryptionAwareReplication.js +116 -0
package/src/lib/encryption/encryptionAwareReplication.js.map +1 -0
package/src/lib/encryption/errors.d.ts +49 -0
package/src/lib/encryption/errors.d.ts.map +1 -0
package/src/lib/encryption/errors.js +80 -0
package/src/lib/encryption/errors.js.map +1 -0
package/src/lib/encryption/index.d.ts +6 -0
package/src/lib/encryption/index.d.ts.map +1 -0
package/src/lib/encryption/index.js +9 -0
package/src/lib/encryption/index.js.map +1 -0
package/src/lib/encryption/poolEncryptionService.d.ts +94 -0
package/src/lib/encryption/poolEncryptionService.d.ts.map +1 -0
package/src/lib/encryption/poolEncryptionService.js +252 -0
package/src/lib/encryption/poolEncryptionService.js.map +1 -0
package/src/lib/encryption/poolKeyManager.d.ts +82 -0
package/src/lib/encryption/poolKeyManager.d.ts.map +1 -0
package/src/lib/encryption/poolKeyManager.js +156 -0
package/src/lib/encryption/poolKeyManager.js.map +1 -0
package/src/lib/environment.d.ts +3 -0
package/src/lib/environment.d.ts.map +1 -1
package/src/lib/environment.js +5 -0
package/src/lib/environment.js.map +1 -1
package/src/lib/interfaces/environment.d.ts +7 -1
package/src/lib/interfaces/environment.d.ts.map +1 -1
package/src/lib/interfaces/index.d.ts +0 -1
package/src/lib/interfaces/index.d.ts.map +1 -1
package/src/lib/interfaces/requests/getBlockDataRequest.d.ts +12 -0
package/src/lib/interfaces/requests/getBlockDataRequest.d.ts.map +1 -0
package/src/lib/interfaces/{blockStore.js → requests/getBlockDataRequest.js} +1 -1
package/src/lib/interfaces/requests/getBlockDataRequest.js.map +1 -0
package/src/lib/interfaces/requests/index.d.ts +1 -0
package/src/lib/interfaces/requests/index.d.ts.map +1 -1
package/src/lib/routers/api.d.ts +54 -1
package/src/lib/routers/api.d.ts.map +1 -1
package/src/lib/routers/api.js +77 -0
package/src/lib/routers/api.js.map +1 -1
package/src/lib/services/blockStore.d.ts +5 -2
package/src/lib/services/blockStore.d.ts.map +1 -1
package/src/lib/services/blockStore.js +4 -0
package/src/lib/services/blockStore.js.map +1 -1
package/src/lib/services/brightpass/auditLogger.d.ts +77 -0
package/src/lib/services/brightpass/auditLogger.d.ts.map +1 -0
package/src/lib/services/brightpass/auditLogger.js +184 -0
package/src/lib/services/brightpass/auditLogger.js.map +1 -0
package/src/lib/services/brightpass/vaultEncryption.d.ts +82 -0
package/src/lib/services/brightpass/vaultEncryption.d.ts.map +1 -0
package/src/lib/services/brightpass/vaultEncryption.js +144 -0
package/src/lib/services/brightpass/vaultEncryption.js.map +1 -0
package/src/lib/services/brightpass.d.ts +294 -0
package/src/lib/services/brightpass.d.ts.map +1 -0
package/src/lib/services/brightpass.js +1260 -0
package/src/lib/services/brightpass.js.map +1 -0
package/src/lib/services/eventNotificationSystem.d.ts +69 -3
package/src/lib/services/eventNotificationSystem.d.ts.map +1 -1
package/src/lib/services/eventNotificationSystem.js +200 -0
package/src/lib/services/eventNotificationSystem.js.map +1 -1
package/src/lib/services/expirationScheduler.d.ts +90 -0
package/src/lib/services/expirationScheduler.d.ts.map +1 -0
package/src/lib/services/expirationScheduler.js +131 -0
package/src/lib/services/expirationScheduler.js.map +1 -0
package/src/lib/services/fecUsageExample.d.ts +2 -2
package/src/lib/services/index.d.ts +2 -0
package/src/lib/services/index.d.ts.map +1 -1
package/src/lib/services/index.js +2 -0
package/src/lib/services/index.js.map +1 -1
package/src/lib/services/paginationService.d.ts +18 -0
package/src/lib/services/paginationService.d.ts.map +1 -0
package/src/lib/services/paginationService.js +32 -0
package/src/lib/services/paginationService.js.map +1 -0
package/src/lib/services/presenceService.d.ts +76 -0
package/src/lib/services/presenceService.d.ts.map +1 -0
package/src/lib/services/presenceService.js +143 -0
package/src/lib/services/presenceService.js.map +1 -0
package/src/lib/services/wireConversationPromotion.d.ts +23 -0
package/src/lib/services/wireConversationPromotion.d.ts.map +1 -0
package/src/lib/services/wireConversationPromotion.js +26 -0
package/src/lib/services/wireConversationPromotion.js.map +1 -0
package/src/lib/stores/availabilityAwareBlockStore.d.ts +115 -10
package/src/lib/stores/availabilityAwareBlockStore.d.ts.map +1 -1
package/src/lib/stores/availabilityAwareBlockStore.js +267 -23
package/src/lib/stores/availabilityAwareBlockStore.js.map +1 -1
package/src/lib/stores/diskBlockAsyncStore.d.ts +81 -2
package/src/lib/stores/diskBlockAsyncStore.d.ts.map +1 -1
package/src/lib/stores/diskBlockAsyncStore.js +297 -10
package/src/lib/stores/diskBlockAsyncStore.js.map +1 -1
package/src/lib/utils/communicationValidation.d.ts +44 -0
package/src/lib/utils/communicationValidation.d.ts.map +1 -0
package/src/lib/utils/communicationValidation.js +291 -0
package/src/lib/utils/communicationValidation.js.map +1 -0
package/src/lib/utils/emailValidation.d.ts +19 -0
package/src/lib/utils/emailValidation.d.ts.map +1 -0
package/src/lib/utils/emailValidation.js +232 -0
package/src/lib/utils/emailValidation.js.map +1 -0
package/src/lib/interfaces/blockStore.d.ts +0 -7
package/src/lib/interfaces/blockStore.d.ts.map +0 -1
package/src/lib/interfaces/blockStore.js.map +0 -1

package/src/lib/services/brightpass.d.ts ADDED Viewed

@@ -0,0 +1,294 @@
+/**
+ * BrightPassService — core vault operations for the BrightPass password manager.
+ *
+ * Manages vault lifecycle (create, open, list, delete), entry CRUD,
+ * search, sharing, emergency access, and import operations.
+ *
+ * Uses IBlockStore for persistent storage, VCBLService for VCBL operations,
+ * BlockService for encryption, and maintains a lightweight in-memory index
+ * for quick lookups.
+ *
+ * Requirements: 1.1–1.8, 2.1–2.9, 3.1–3.5, 4.1–4.4
+ */
+import { AttachmentReference, AuditLogEntry, AutofillPayload, BlockService, DecryptedVault, EmergencyAccessConfig, EncryptedShare, EntryPropertyRecord, EntrySearchQuery, IBlockStore, ImportFormat, ImportResult, VaultEntry, VaultMetadata, VCBLService } from '@brightchain/brightchain-lib';
+import { Member, PlatformID } from '@digitaldefiance/ecies-lib';
+/**
+ * Errors specific to BrightPass operations
+ */
+export declare class VaultNotFoundError extends Error {
+    constructor(vaultId: string);
+}
+export declare class VaultAuthenticationError extends Error {
+    constructor();
+}
+export declare class VaultConflictError extends Error {
+    constructor(name: string);
+}
+export declare class EntryNotFoundError extends Error {
+    constructor(entryId: string);
+}
+export declare class EmergencyAccessError extends Error {
+    constructor(message: string);
+}
+export declare class BrightPassService<TID extends PlatformID = Uint8Array> {
+    /** Block store for persistent storage (injected) */
+    private readonly blockStore;
+    /** VCBL service for vault operations (injected) */
+    private readonly vcblService;
+    /** Block service for encryption/decryption (injected) */
+    private readonly blockService;
+    /** Member for block creation (injected) */
+    private readonly member;
+    /** vaultId → StoredVault for vault data management */
+    private readonly vaults;
+    /** vaultId → VaultIndexEntry for lightweight lookups */
+    private readonly vaultIndex;
+    /** memberId → Set<vaultId> for quick listing */
+    private readonly memberVaults;
+    /**
+     * Create a new BrightPassService.
+     *
+     * @param blockStore - Block store for persistent storage (defaults to MemoryBlockStore)
+     * @param vcblService - VCBL service for vault operations
+     * @param blockService - Block service for encryption
+     * @param member - Member for block creation
+     *
+     * Requirements: 1.1, 1.5
+     */
+    constructor(blockStore?: IBlockStore, vcblService?: VCBLService<TID>, blockService?: BlockService<TID>, member?: Member<TID>);
+    /** bcrypt cost factor - 12 rounds provides ~300ms hash time on modern hardware */
+    private static readonly BCRYPT_ROUNDS;
+    /**
+     * Hash a master password using bcrypt for secure storage and comparison.
+     * Uses bcrypt with 12 rounds for strong protection against brute-force attacks.
+     *
+     * Security: bcrypt includes salt automatically and is designed to be slow,
+     * making brute-force attacks computationally expensive.
+     */
+    private hashMasterPasswordAsync;
+    /**
+     * Verify a master password against a stored bcrypt hash.
+     * Uses constant-time comparison internally via bcrypt.compare().
+     */
+    private verifyMasterPassword;
+    /**
+     * Generate a new BIP39 mnemonic and seed for a vault.
+     * Each vault has its own independent mnemonic that can be cycled/regenerated.
+     *
+     * Security: Uses 256 bits of entropy for a 24-word mnemonic.
+     * The mnemonic should be stored encrypted and can be backed up separately.
+     *
+     * @returns Object containing the mnemonic (24 words) and derived seed (64 bytes)
+     */
+    private generateVaultBip39;
+    /**
+     * Regenerate a vault's BIP39 seed (key rotation).
+     * This creates a new mnemonic and re-encrypts all entries with the new key.
+     *
+     * Security: This is a critical operation that should be used when:
+     * - A share has been revoked and the vault needs re-keying
+     * - The vault owner suspects key compromise
+     * - Periodic key rotation policy requires it
+     *
+     * @param vaultId - The vault to regenerate
+     * @param masterPassword - Current master password for verification
+     * @returns The new mnemonic (should be backed up by the user)
+     */
+    regenerateVaultSeed(vaultId: string, masterPassword: string): Promise<string>;
+    /**
+     * Extract an EntryPropertyRecord from a VaultEntry.
+     */
+    private entryToPropertyRecord;
+    /**
+     * Check if block store operations are safe to perform.
+     * Block store operations require the global service provider to be initialized.
+     * Returns false if the service provider is not available.
+     */
+    private isBlockStoreOperationsSafe;
+    /**
+     * Get a vault or throw VaultNotFoundError.
+     */
+    private getVaultOrThrow;
+    /**
+     * Update the VCBL in the block store after entry changes.
+     * Creates a new VCBL with updated property records and entry addresses,
+     * encrypts it, and stores it in the block store.
+     * Requirements: 2.2, 2.3, 2.4, 3.2
+     */
+    private updateVcblInBlockStore;
+    /**
+     * Create a new vault.
+     * Generates a vault-specific BIP39 mnemonic and derives the vault key from it.
+     * Uses bcrypt for secure password hashing.
+     *
+     * Security: Each vault has its own independent BIP39 seed that can be
+     * regenerated/cycled without affecting other vaults or the member's identity.
+     *
+     * Requirements: 1.1, 3.1, 3.2
+     */
+    createVault(memberId: string, name: string, masterPassword: string): Promise<VaultMetadata>;
+    /**
+     * Open an existing vault with the correct master password.
+     * Returns vault metadata and property records (no entry decryption).
+     * When VCBLService is available, retrieves and parses VCBL from block store.
+     * Requirements: 1.2, 1.3, 3.3, 3.4
+     */
+    openVault(memberId: string, vaultId: string, masterPassword: string): Promise<DecryptedVault>;
+    /**
+     * List all vaults owned by or shared with a member.
+     * Returns metadata only — no decryption needed.
+     * Requirements: 1.4
+     */
+    listVaults(memberId: string): Promise<VaultMetadata[]>;
+    /**
+     * Delete a vault and all its entries.
+     * Requirements: 1.5
+     */
+    deleteVault(memberId: string, vaultId: string, masterPassword: string): Promise<void>;
+    /**
+     * Add a new entry to a vault.
+     * Encrypts the entry using AES-256-GCM, stores in block store (when available),
+     * and appends block checksum + property record to VCBL parallel arrays.
+     * Requirements: 2.1, 2.2, 3.2
+     */
+    addEntry(vaultId: string, entry: VaultEntry): Promise<VaultEntry>;
+    /**
+     * Get a single entry by ID from a vault.
+     * Retrieves from block store and decrypts the entry using AES-256-GCM.
+     * Requirements: 2.2, 2.3, 3.2
+     */
+    getEntry(vaultId: string, entryId: string): Promise<VaultEntry>;
+    /**
+     * Update an existing entry in a vault.
+     * Decrypts, updates, re-encrypts using AES-256-GCM, stores in block store (when available),
+     * and updates the VCBL property record.
+     * Requirements: 2.3, 2.4, 3.2
+     */
+    updateEntry(vaultId: string, entryId: string, updates: Partial<VaultEntry>): Promise<VaultEntry>;
+    /**
+     * Delete an entry from a vault.
+     * Removes the entry block from block store (when available), and removes from VCBL at the matching index.
+     * Requirements: 2.4
+     */
+    deleteEntry(vaultId: string, entryId: string): Promise<void>;
+    /**
+     * Search entries in a vault by filtering VCBL property records.
+     * Requirements: 2.9
+     */
+    searchEntries(vaultId: string, query: EntrySearchQuery): Promise<EntryPropertyRecord[]>;
+    /**
+     * Share a vault with one or more recipients.
+     * Updates the VCBL header shared list and tracks member→vault mapping.
+     * Requirements: 4.1, 4.2
+     */
+    shareVault(vaultId: string, recipientMemberIds: string[]): Promise<void>;
+    /**
+     * Revoke a member's access to a shared vault.
+     * Removes from VCBL header shared list and re-keys the vault.
+     * Requirements: 4.3
+     */
+    revokeShare(vaultId: string, memberId: string): Promise<void>;
+    /**
+     * Configure quorum governance for a shared vault.
+     * When threshold > 0, opening the vault requires that many member approvals.
+     * Requirements: 4.4
+     */
+    configureQuorumGovernance(vaultId: string, threshold: number): Promise<void>;
+    /**
+     * Submit a quorum approval for a vault.
+     * The member must be the owner or a shared member.
+     * Returns true if the quorum threshold has been met.
+     * Requirements: 4.4
+     */
+    approveQuorumAccess(vaultId: string, memberId: string): boolean;
+    /**
+     * Check whether the quorum threshold has been met for a vault.
+     */
+    isQuorumMet(vaultId: string): boolean;
+    /**
+     * Reset quorum approvals (e.g. after vault is closed or session ends).
+     */
+    resetQuorumApprovals(vaultId: string): void;
+    /**
+     * Change the master password for a vault.
+     * Verifies old password, re-derives vault key with new password,
+     * decrypts all entries with old key, and re-encrypts with new key.
+     *
+     * Note: This only changes the password, not the vault's BIP39 seed.
+     * Use regenerateVaultSeed() for full key rotation.
+     *
+     * Requirements: 3.4, 3.2
+     */
+    changeMasterPassword(memberId: string, vaultId: string, oldPassword: string, newPassword: string): Promise<void>;
+    /**
+     * Split the vault key into Shamir shares for emergency recovery.
+     * Uses proper Shamir Secret Sharing (polynomial interpolation over GF(256)).
+     * Each trustee receives an encrypted share; threshold shares are needed to reconstruct.
+     *
+     * Security: Uses @digitaldefiance/secrets library which implements proper
+     * Shamir Secret Sharing with cryptographically secure random coefficients.
+     *
+     * Requirements: 10.1, 10.2, 10.3
+     */
+    configureEmergencyAccess(vaultId: string, threshold: number, trustees: string[]): Promise<EmergencyAccessConfig>;
+    /**
+     * Recover a vault using emergency shares.
+     * Uses proper Shamir Secret Sharing reconstruction (polynomial interpolation).
+     * Requires at least threshold shares to reconstruct the vault key.
+     *
+     * Security: The combine() function performs Lagrange interpolation over GF(256)
+     * to reconstruct the secret. With fewer than threshold shares, reconstruction
+     * is cryptographically impossible.
+     *
+     * Requirements: 10.2, 10.3, 10.4
+     */
+    recoverWithShares(vaultId: string, shares: EncryptedShare[]): Promise<DecryptedVault>;
+    /**
+     * Revoke emergency access configuration, invalidating all existing shares.
+     * Requirements: 10.5
+     */
+    revokeEmergencyAccess(vaultId: string): Promise<void>;
+    /**
+     * Get the encrypted shares for a vault's emergency access.
+     * In production, shares would be distributed to trustees via secure channels.
+     * Requirements: 10.2
+     */
+    getEmergencyShares(vaultId: string): EncryptedShare[];
+    /**
+     * Get autofill payload for a given site URL.
+     * Searches VCBL property records by siteUrl, decrypts matching login entries,
+     * and includes TOTP code if configured.
+     * Requirements: 5.7
+     */
+    getAutofillPayload(vaultId: string, siteUrl: string): Promise<AutofillPayload>;
+    /**
+     * Add an attachment to a vault entry.
+     * Stores the file as an encrypted block and adds a reference to the entry.
+     * Requirements: 1.7, 2.8
+     */
+    addAttachment(vaultId: string, entryId: string, file: Buffer, filename: string, mimeType?: string): Promise<AttachmentReference>;
+    /**
+     * Get an attachment's data by ID.
+     * Decrypts the attachment using AES-256-GCM.
+     * Requirements: 2.8, 3.2
+     */
+    getAttachment(vaultId: string, entryId: string, attachmentId: string): Promise<Buffer>;
+    /**
+     * Delete an attachment from a vault entry.
+     * Removes the attachment block and updates the entry reference.
+     * Requirements: 2.8, 3.2
+     */
+    deleteAttachment(vaultId: string, entryId: string, attachmentId: string): Promise<void>;
+    /**
+     * Import entries from a password manager export file.
+     * Parses the file, maps to VaultEntry types, and adds each to the vault.
+     * Requirements: 12.1–12.10
+     */
+    importFromFile(vaultId: string, format: ImportFormat, fileContent: Buffer): Promise<ImportResult>;
+    /**
+     * Get audit log entries for a vault.
+     * Requirements: 9.3
+     */
+    getAuditLog(vaultId: string): Promise<AuditLogEntry[]>;
+}
+//# sourceMappingURL=brightpass.d.ts.map

package/src/lib/services/brightpass.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"brightpass.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/services/brightpass.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,mBAAmB,EAEnB,aAAa,EACb,eAAe,EAEf,YAAY,EAKZ,cAAc,EACd,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAEhB,WAAW,EACX,YAAY,EAEZ,YAAY,EAIZ,UAAU,EAEV,aAAa,EAGb,WAAW,EACZ,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AA+EhE;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,wBAAyB,SAAQ,KAAK;;CAKlD;AAED,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,IAAI,EAAE,MAAM;CAIzB;AAED,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,oBAAqB,SAAQ,KAAK;gBACjC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,iBAAiB,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAChE,oDAAoD;IACpD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAc;IACzC,mDAAmD;IACnD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAmB;IAC/C,yDAAyD;IACzD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,2CAA2C;IAC3C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IAErC,sDAAsD;IACtD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkC;IACzD,wDAAwD;IACxD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAsC;IACjE,gDAAgD;IAChD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAE/D;;;;;;;;;OASG;gBAED,UAAU,CAAC,EAAE,WAAW,EACxB,WAAW,CAAC,EAAE,WAAW,CAAC,GAAG,CAAC,EAC9B,YAAY,CAAC,EAAE,YAAY,CAAC,GAAG,CAAC,EAChC,MAAM,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC;IAUtB,kFAAkF;IAClF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAM;IAE3C;;;;;;OAMG;YACW,uBAAuB;IAIrC;;;OAGG;YACW,oBAAoB;IAOlC;;;;;;;;OAQG;IACH,OAAO,CAAC,kBAAkB;IAW1B;;;;;;;;;;;;OAYG;IACG,mBAAmB,CACvB,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,MAAM,CAAC;IAiElB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAY7B;;;;OAIG;IACH,OAAO,CAAC,0BAA0B;IAWlC;;OAEG;IACH,OAAO,CAAC,eAAe;IAQvB;;;;;OAKG;YACW,sBAAsB;IAmEpC;;;;;;;;;OASG;IACG,WAAW,CACf,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,aAAa,CAAC;IA2HzB;;;;;OAKG;IACG,SAAS,CACb,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,cAAc,CAAC;IAoF1B;;;;OAIG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAa5D;;;OAGG;IACG,WAAW,CACf,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC;IAqChB;;;;;OAKG;IACG,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAuDvE;;;;OAIG;IACG,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA2BrE;;;;;OAKG;IACG,WAAW,CACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,GAC3B,OAAO,CAAC,UAAU,CAAC;IA+EtB;;;;OAIG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgDlE;;;OAGG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,gBAAgB,GACtB,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAwCjC;;;;OAIG;IACG,UAAU,CACd,OAAO,EAAE,MAAM,EACf,kBAAkB,EAAE,MAAM,EAAE,GAC3B,OAAO,CAAC,IAAI,CAAC;IAmChB;;;;OAIG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkEnE;;;;OAIG;IACG,yBAAyB,CAC7B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC;IA2BhB;;;;;OAKG;IACH,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO;IAc/D;;OAEG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAMrC;;OAEG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAO3C;;;;;;;;;OASG;IACG,oBAAoB,CACxB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IA6ChB;;;;;;;;;OASG;IACG,wBAAwB,CAC5B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAAE,GACjB,OAAO,CAAC,qBAAqB,CAAC;IAkEjC;;;;;;;;;;OAUG;IACG,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,cAAc,EAAE,GACvB,OAAO,CAAC,cAAc,CAAC;IA6F1B;;;OAGG;IACG,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM3D;;;;OAIG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc,EAAE;IAarD;;;;;OAKG;IACG,kBAAkB,CACtB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,eAAe,CAAC;IAkD3B;;;;OAIG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,SAA6B,GACpC,OAAO,CAAC,mBAAmB,CAAC;IA8D/B;;;;OAIG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC;IAiClB;;;;OAIG;IACG,gBAAgB,CACpB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,IAAI,CAAC;IAmDhB;;;;OAIG;IACG,cAAc,CAClB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,YAAY,EACpB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,YAAY,CAAC;IAkCxB;;;OAGG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;CAI7D"}