@brightchain/brightchain-lib 0.13.0 → 0.15.0

package/src/lib/services/brightpass/breachDetector.d.ts

@@ -0,0 +1,68 @@
+/**
+ * BreachDetector - Check passwords against Have I Been Pwned database
+ *
+ * Uses k-anonymity model: only sends first 5 chars of SHA-1 hash to API.
+ * This ensures the full password hash is never transmitted, protecting user privacy.
+ *
+ * Works in both browser and Node.js environments using:
+ * - Platform-agnostic SHA-1 hashing via @noble/hashes
+ * - Native fetch API (available in modern browsers and Node.js 18+)
+ *
+ * @module breachDetector
+ * @see Requirements 3.1, 3.2, 3.3, 3.4, 3.5
+ */
+/**
+ * Result of a breach check operation.
+ *
+ * @see Requirement 3.4
+ */
+export interface BreachCheckResult {
+    /** Whether the password was found in breach databases */
+    breached: boolean;
+    /** Number of times the password appeared in breaches (0 if not breached) */
+    count: number;
+    /** Whether the HIBP API was reachable */
+    serviceAvailable: boolean;
+}
+/**
+ * BreachDetector - Check passwords against Have I Been Pwned database
+ *
+ * Uses k-anonymity model: only sends first 5 chars of SHA-1 hash to API.
+ * This ensures the full password hash is never transmitted, protecting user privacy.
+ *
+ * @see Requirements 3.1, 3.2, 3.3, 3.4, 3.5
+ *
+ * @example
+ * ```typescript
+ * const result = await BreachDetector.check('password123');
+ * if (result.breached) {
+ *   console.log(`Password found in ${result.count} breaches!`);
+ * } else if (!result.serviceAvailable) {
+ *   console.log('Could not check - HIBP service unavailable');
+ * } else {
+ *   console.log('Password not found in known breaches');
+ * }
+ * ```
+ */
+export declare class BreachDetector {
+    private static readonly HIBP_API_URL;
+    /**
+     * Check if a password has been exposed in known data breaches.
+     *
+     * Uses the Have I Been Pwned Passwords API with k-anonymity:
+     * - Computes SHA-1 hash of the password
+     * - Sends only the first 5 characters of the hash to the API
+     * - Compares the remaining hash suffix locally against returned results
+     *
+     * @param password - The password to check
+     * @returns Promise resolving to breach check result
+     *
+     * @see Requirement 3.1 - k-anonymity (only first 5 chars of SHA-1 sent)
+     * @see Requirement 3.2 - Uses Fetch API in browser
+     * @see Requirement 3.3 - Uses native fetch in Node.js 18+
+     * @see Requirement 3.4 - Returns breach status, count, and service availability
+     * @see Requirement 3.5 - Returns serviceAvailable: false on API errors
+     */
+    static check(password: string): Promise<BreachCheckResult>;
+}
+//# sourceMappingURL=breachDetector.d.ts.map

package/src/lib/services/brightpass/breachDetector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"breachDetector.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/services/brightpass/breachDetector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,yDAAyD;IACzD,QAAQ,EAAE,OAAO,CAAC;IAClB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CACM;IAE1C;;;;;;;;;;;;;;;;OAgBG;WACiB,KAAK,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;CAgDxE"}

package/src/lib/services/brightpass/breachDetector.js

@@ -0,0 +1,102 @@
+"use strict";
+/**
+ * BreachDetector - Check passwords against Have I Been Pwned database
+ *
+ * Uses k-anonymity model: only sends first 5 chars of SHA-1 hash to API.
+ * This ensures the full password hash is never transmitted, protecting user privacy.
+ *
+ * Works in both browser and Node.js environments using:
+ * - Platform-agnostic SHA-1 hashing via @noble/hashes
+ * - Native fetch API (available in modern browsers and Node.js 18+)
+ *
+ * @module breachDetector
+ * @see Requirements 3.1, 3.2, 3.3, 3.4, 3.5
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BreachDetector = void 0;
+const platformCrypto_1 = require("../../crypto/platformCrypto");
+/**
+ * BreachDetector - Check passwords against Have I Been Pwned database
+ *
+ * Uses k-anonymity model: only sends first 5 chars of SHA-1 hash to API.
+ * This ensures the full password hash is never transmitted, protecting user privacy.
+ *
+ * @see Requirements 3.1, 3.2, 3.3, 3.4, 3.5
+ *
+ * @example
+ * ```typescript
+ * const result = await BreachDetector.check('password123');
+ * if (result.breached) {
+ *   console.log(`Password found in ${result.count} breaches!`);
+ * } else if (!result.serviceAvailable) {
+ *   console.log('Could not check - HIBP service unavailable');
+ * } else {
+ *   console.log('Password not found in known breaches');
+ * }
+ * ```
+ */
+class BreachDetector {
+    /**
+     * Check if a password has been exposed in known data breaches.
+     *
+     * Uses the Have I Been Pwned Passwords API with k-anonymity:
+     * - Computes SHA-1 hash of the password
+     * - Sends only the first 5 characters of the hash to the API
+     * - Compares the remaining hash suffix locally against returned results
+     *
+     * @param password - The password to check
+     * @returns Promise resolving to breach check result
+     *
+     * @see Requirement 3.1 - k-anonymity (only first 5 chars of SHA-1 sent)
+     * @see Requirement 3.2 - Uses Fetch API in browser
+     * @see Requirement 3.3 - Uses native fetch in Node.js 18+
+     * @see Requirement 3.4 - Returns breach status, count, and service availability
+     * @see Requirement 3.5 - Returns serviceAvailable: false on API errors
+     */
+    static async check(password) {
+        // Hash password with SHA-1 using platform-agnostic implementation
+        // sha1Hash returns uppercase hex string
+        const hash = (0, platformCrypto_1.sha1Hash)(password);
+        // Split into prefix (5 chars) and suffix for k-anonymity
+        // Only the prefix is sent to the API
+        const prefix = hash.substring(0, 5);
+        const suffix = hash.substring(5);
+        try {
+            // Query HIBP API with only the prefix (k-anonymity)
+            // Uses native fetch which works in both browser and Node.js 18+
+            const response = await fetch(`${this.HIBP_API_URL}${prefix}`, {
+                headers: {
+                    'User-Agent': 'BrightChain-PasswordManager',
+                },
+            });
+            if (!response.ok) {
+                // API returned an error status
+                return { breached: false, count: 0, serviceAvailable: false };
+            }
+            const text = await response.text();
+            // Parse response: each line is "SUFFIX:COUNT"
+            // The API returns all hash suffixes that match the prefix
+            const lines = text.split('\n');
+            for (const line of lines) {
+                const [hashSuffix, countStr] = line.split(':');
+                if (hashSuffix === suffix) {
+                    return {
+                        breached: true,
+                        count: parseInt(countStr, 10),
+                        serviceAvailable: true,
+                    };
+                }
+            }
+            // Password hash suffix not found in breach database
+            return { breached: false, count: 0, serviceAvailable: true };
+        }
+        catch {
+            // API unreachable - network error, timeout, etc.
+            // Return gracefully without throwing
+            return { breached: false, count: 0, serviceAvailable: false };
+        }
+    }
+}
+exports.BreachDetector = BreachDetector;
+BreachDetector.HIBP_API_URL = 'https://api.pwnedpasswords.com/range/';
+//# sourceMappingURL=breachDetector.js.map

package/src/lib/services/brightpass/breachDetector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"breachDetector.js","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/services/brightpass/breachDetector.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,gEAAuD;AAgBvD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAa,cAAc;IAIzB;;;;;;;;;;;;;;;;OAgBG;IACI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAgB;QACxC,kEAAkE;QAClE,wCAAwC;QACxC,MAAM,IAAI,GAAG,IAAA,yBAAQ,EAAC,QAAQ,CAAC,CAAC;QAEhC,yDAAyD;QACzD,qCAAqC;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,CAAC;YACH,oDAAoD;YACpD,gEAAgE;YAChE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,YAAY,GAAG,MAAM,EAAE,EAAE;gBAC5D,OAAO,EAAE;oBACP,YAAY,EAAE,6BAA6B;iBAC5C;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,+BAA+B;gBAC/B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;YAChE,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,8CAA8C;YAC9C,0DAA0D;YAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC/C,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC1B,OAAO;wBACL,QAAQ,EAAE,IAAI;wBACd,KAAK,EAAE,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC;wBAC7B,gBAAgB,EAAE,IAAI;qBACvB,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,oDAAoD;YACpD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,iDAAiD;YACjD,qCAAqC;YACrC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;QAChE,CAAC;IACH,CAAC;;AApEH,wCAqEC;AApEyB,2BAAY,GAClC,uCAAuC,CAAC"}

package/src/lib/services/brightpass/importParser.d.ts

@@ -0,0 +1,105 @@
+/**
+ * ImportParser — parses password manager export files into VaultEntry arrays.
+ *
+ * Supports CSV, JSON, XML, and 1PUX formats from major password managers.
+ * Maps source fields to VaultEntry types with fallback to secure_note.
+ *
+ * Browser-compatible: uses ArrayBuffer | string input and TextDecoder.
+ *
+ * Requirements: 4.1, 4.2, 4.3, 4.4, 4.5, 4.6
+ */
+import { ImportFormat, VaultEntry } from '../../interfaces/brightpass';
+/** Raw parsed record before type mapping */
+interface RawRecord {
+    name?: string;
+    title?: string;
+    url?: string;
+    username?: string;
+    password?: string;
+    notes?: string;
+    type?: string;
+    cardholderName?: string;
+    cardNumber?: string;
+    expirationDate?: string;
+    cvv?: string;
+    firstName?: string;
+    lastName?: string;
+    email?: string;
+    phone?: string;
+    address?: string;
+    totp?: string;
+    favorite?: string | boolean;
+    folder?: string;
+    tags?: string;
+    [key: string]: string | boolean | undefined;
+}
+export declare class ImportParser {
+    /**
+     * Convert ArrayBuffer or string content to text string.
+     * Uses TextDecoder for browser compatibility.
+     */
+    private static contentToText;
+    /**
+     * Parse a file content into VaultEntry array based on format.
+     * Accepts ArrayBuffer (from FileReader) or string for browser compatibility.
+     */
+    static parse(format: ImportFormat, content: ArrayBuffer | string): {
+        entries: VaultEntry[];
+        errors: Array<{
+            recordIndex: number;
+            error: string;
+        }>;
+    };
+    /**
+     * Parse CSV text into rows. Handles quoted fields with commas (Req 4.6).
+     * Quoted fields preserve their exact content including whitespace.
+     * Unquoted fields are trimmed.
+     */
+    private static parseCsvRows;
+    /**
+     * Convert CSV rows to RawRecord array using header row.
+     */
+    private static csvToRecords;
+    /**
+     * Parse Chrome/Firefox CSV exports (Req 4.2).
+     */
+    private static parseBrowserCsv;
+    /**
+     * Parse LastPass CSV exports (Req 4.2).
+     */
+    private static parseLastPassCsv;
+    /**
+     * Parse generic CSV format (1Password CSV, Bitwarden CSV).
+     */
+    private static parseGenericCsv;
+    /**
+     * Parse Bitwarden JSON exports (Req 4.1, 4.2).
+     */
+    private static parseBitwardenJson;
+    /**
+     * Parse Dashlane JSON exports (Req 4.2).
+     */
+    private static parseDashlaneJson;
+    /**
+     * Parse 1Password 1PUX exports (Req 4.1, 4.2).
+     */
+    private static parse1Pux;
+    /**
+     * Parse KeePass XML exports (Req 4.1, 4.2).
+     */
+    private static parseKeePassXml;
+    /**
+     * Map raw records to typed VaultEntry objects.
+     * Determines type based on available fields, falls back to secure_note (Req 4.3, 4.4).
+     * Returns both entries and errors for failed records (Req 4.5).
+     */
+    static mapToEntries(rawRecords: RawRecord[]): {
+        entries: VaultEntry[];
+        errors: Array<{
+            recordIndex: number;
+            error: string;
+        }>;
+    };
+}
+export {};
+//# sourceMappingURL=importParser.d.ts.map

package/src/lib/services/brightpass/importParser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"importParser.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-lib/src/lib/services/brightpass/importParser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAGL,YAAY,EAGZ,UAAU,EACX,MAAM,6BAA6B,CAAC;AAErC,4CAA4C;AAC5C,UAAU,SAAS;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CAC7C;AAED,qBAAa,YAAY;IACvB;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,aAAa;IAQ5B;;;OAGG;IACH,MAAM,CAAC,KAAK,CACV,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE,WAAW,GAAG,MAAM,GAC5B;QACD,OAAO,EAAE,UAAU,EAAE,CAAC;QACtB,MAAM,EAAE,KAAK,CAAC;YAAE,WAAW,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACvD;IAmCD;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,YAAY;IAwC3B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,YAAY;IAqB3B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,eAAe;IAc9B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAc/B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,eAAe;IAI9B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAkCjC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAoBhC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;IAkCxB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,eAAe;IAyC9B;;;;OAIG;IACH,MAAM,CAAC,YAAY,CAAC,UAAU,EAAE,SAAS,EAAE,GAAG;QAC5C,OAAO,EAAE,UAAU,EAAE,CAAC;QACtB,MAAM,EAAE,KAAK,CAAC;YAAE,WAAW,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACvD;CAyFF"}

package/src/lib/services/brightpass/importParser.js

@@ -0,0 +1,380 @@
+"use strict";
+/**
+ * ImportParser — parses password manager export files into VaultEntry arrays.
+ *
+ * Supports CSV, JSON, XML, and 1PUX formats from major password managers.
+ * Maps source fields to VaultEntry types with fallback to secure_note.
+ *
+ * Browser-compatible: uses ArrayBuffer | string input and TextDecoder.
+ *
+ * Requirements: 4.1, 4.2, 4.3, 4.4, 4.5, 4.6
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ImportParser = void 0;
+const uuid_1 = require("uuid");
+class ImportParser {
+    /**
+     * Convert ArrayBuffer or string content to text string.
+     * Uses TextDecoder for browser compatibility.
+     */
+    static contentToText(content) {
+        if (typeof content === 'string') {
+            return content;
+        }
+        const decoder = new TextDecoder('utf-8');
+        return decoder.decode(content);
+    }
+    /**
+     * Parse a file content into VaultEntry array based on format.
+     * Accepts ArrayBuffer (from FileReader) or string for browser compatibility.
+     */
+    static parse(format, content) {
+        const text = this.contentToText(content);
+        let rawRecords;
+        switch (format) {
+            case 'chrome_csv':
+            case 'firefox_csv':
+                rawRecords = this.parseBrowserCsv(text, format);
+                break;
+            case 'lastpass_csv':
+                rawRecords = this.parseLastPassCsv(text);
+                break;
+            case '1password_csv':
+            case 'bitwarden_csv':
+                rawRecords = this.parseGenericCsv(text);
+                break;
+            case 'bitwarden_json':
+                rawRecords = this.parseBitwardenJson(text);
+                break;
+            case 'dashlane_json':
+                rawRecords = this.parseDashlaneJson(text);
+                break;
+            case '1password_1pux':
+                rawRecords = this.parse1Pux(text);
+                break;
+            case 'keepass_xml':
+                rawRecords = this.parseKeePassXml(text);
+                break;
+            default:
+                rawRecords = this.parseGenericCsv(text);
+        }
+        return this.mapToEntries(rawRecords);
+    }
+    /**
+     * Parse CSV text into rows. Handles quoted fields with commas (Req 4.6).
+     * Quoted fields preserve their exact content including whitespace.
+     * Unquoted fields are trimmed.
+     */
+    static parseCsvRows(text) {
+        const lines = text.trim().split('\n');
+        const rows = [];
+        for (const line of lines) {
+            const row = [];
+            let current = '';
+            let inQuotes = false;
+            let wasQuoted = false;
+            for (let i = 0; i < line.length; i++) {
+                const ch = line[i];
+                if (ch === '"') {
+                    if (inQuotes && i + 1 < line.length && line[i + 1] === '"') {
+                        // Escaped quote inside quoted field
+                        current += '"';
+                        i++;
+                    }
+                    else {
+                        inQuotes = !inQuotes;
+                        if (inQuotes) {
+                            wasQuoted = true;
+                        }
+                    }
+                }
+                else if (ch === ',' && !inQuotes) {
+                    // Only trim unquoted fields; preserve quoted field content exactly
+                    row.push(wasQuoted ? current : current.trim());
+                    current = '';
+                    wasQuoted = false;
+                }
+                else {
+                    current += ch;
+                }
+            }
+            // Push the last field
+            row.push(wasQuoted ? current : current.trim());
+            rows.push(row);
+        }
+        return rows;
+    }
+    /**
+     * Convert CSV rows to RawRecord array using header row.
+     */
+    static csvToRecords(text) {
+        const rows = this.parseCsvRows(text);
+        if (rows.length < 2)
+            return [];
+        const headers = rows[0].map((h) => h.toLowerCase().replace(/\s+/g, '_'));
+        const records = [];
+        for (let i = 1; i < rows.length; i++) {
+            const row = rows[i];
+            if (row.length === 0 || (row.length === 1 && row[0] === ''))
+                continue;
+            const record = {};
+            for (let j = 0; j < headers.length && j < row.length; j++) {
+                record[headers[j]] = row[j];
+            }
+            records.push(record);
+        }
+        return records;
+    }
+    /**
+     * Parse Chrome/Firefox CSV exports (Req 4.2).
+     */
+    static parseBrowserCsv(text, _format) {
+        const records = this.csvToRecords(text);
+        return records.map((r) => ({
+            title: r['name'] || r['title'] || '',
+            url: r['url'] || r['origin_url'] || '',
+            username: r['username'] || '',
+            password: r['password'] || '',
+            notes: r['note'] || r['notes'] || '',
+        }));
+    }
+    /**
+     * Parse LastPass CSV exports (Req 4.2).
+     */
+    static parseLastPassCsv(text) {
+        const records = this.csvToRecords(text);
+        return records.map((r) => ({
+            title: r['name'] || '',
+            url: r['url'] || '',
+            username: r['username'] || '',
+            password: r['password'] || '',
+            notes: r['extra'] || r['notes'] || '',
+            folder: r['grouping'] || r['folder'] || '',
+            favorite: r['fav'] || '0',
+            totp: r['totp'] || '',
+        }));
+    }
+    /**
+     * Parse generic CSV format (1Password CSV, Bitwarden CSV).
+     */
+    static parseGenericCsv(text) {
+        return this.csvToRecords(text);
+    }
+    /**
+     * Parse Bitwarden JSON exports (Req 4.1, 4.2).
+     */
+    static parseBitwardenJson(text) {
+        const data = JSON.parse(text);
+        const items = data['items'] || data['encrypted'] || [];
+        return items.map((item) => {
+            const login = (item['login'] || {});
+            const card = (item['card'] || {});
+            const identity = (item['identity'] || {});
+            const uris = login['uris'];
+            return {
+                title: item['name'] || '',
+                type: String(item['type'] ?? ''),
+                url: uris?.[0]?.['uri'] || '',
+                username: login['username'] || '',
+                password: login['password'] || '',
+                notes: item['notes'] || '',
+                totp: login['totp'] || '',
+                favorite: item['favorite'] || false,
+                folder: item['folderId'] || '',
+                cardholderName: card['cardholderName'] || '',
+                cardNumber: card['number'] || '',
+                expirationDate: card['expMonth'] && card['expYear']
+                    ? `${String(card['expMonth']).padStart(2, '0')}/${String(card['expYear']).slice(-2)}`
+                    : '',
+                cvv: card['code'] || '',
+                firstName: identity['firstName'] || '',
+                lastName: identity['lastName'] || '',
+                email: identity['email'] || '',
+                phone: identity['phone'] || '',
+                address: identity['address1'] || '',
+            };
+        });
+    }
+    /**
+     * Parse Dashlane JSON exports (Req 4.2).
+     */
+    static parseDashlaneJson(text) {
+        const data = JSON.parse(text);
+        const items = data['AUTHENTIFIANT'] || data['credentials'] || data['items'] || [];
+        return items.map((item) => ({
+            title: item['title'] || item['domain'] || '',
+            url: item['domain'] || item['url'] || '',
+            username: item['login'] ||
+                item['username'] ||
+                item['email'] ||
+                '',
+            password: item['password'] ||
+                item['secondaryLogin'] ||
+                '',
+            notes: item['note'] || item['notes'] || '',
+        }));
+    }
+    /**
+     * Parse 1Password 1PUX exports (Req 4.1, 4.2).
+     */
+    static parse1Pux(text) {
+        const data = JSON.parse(text);
+        const records = [];
+        const accounts = data['accounts'] || [data];
+        for (const account of accounts) {
+            const vaults = account['vaults'] || [account];
+            for (const vault of vaults) {
+                const items = vault['items'] || [];
+                for (const item of items) {
+                    const overview = item['overview'] || {};
+                    const details = item['details'] || {};
+                    const fields = details['loginFields'] || details['fields'] || [];
+                    const usernameField = fields.find((f) => f['designation'] === 'username' || f['name'] === 'username');
+                    const passwordField = fields.find((f) => f['designation'] === 'password' || f['name'] === 'password');
+                    records.push({
+                        title: overview['title'] || '',
+                        url: overview['url'] || '',
+                        username: usernameField?.['value'] || '',
+                        password: passwordField?.['value'] || '',
+                        notes: details['notesPlain'] || '',
+                        tags: overview['tags']?.join(',') || '',
+                    });
+                }
+            }
+        }
+        return records;
+    }
+    /**
+     * Parse KeePass XML exports (Req 4.1, 4.2).
+     */
+    static parseKeePassXml(text) {
+        const records = [];
+        const entryRegex = /<Entry>([\s\S]*?)<\/Entry>/g;
+        const stringRegex = /<String>\s*<Key>(.*?)<\/Key>\s*<Value[^>]*>(.*?)<\/Value>\s*<\/String>/g;
+        let entryMatch;
+        while ((entryMatch = entryRegex.exec(text)) !== null) {
+            const entryXml = entryMatch[1];
+            const record = {};
+            let stringMatch;
+            const localRegex = new RegExp(stringRegex.source, 'g');
+            while ((stringMatch = localRegex.exec(entryXml)) !== null) {
+                const key = stringMatch[1].toLowerCase();
+                const value = stringMatch[2];
+                switch (key) {
+                    case 'title':
+                        record.title = value;
+                        break;
+                    case 'url':
+                        record.url = value;
+                        break;
+                    case 'username':
+                        record.username = value;
+                        break;
+                    case 'password':
+                        record.password = value;
+                        break;
+                    case 'notes':
+                        record.notes = value;
+                        break;
+                }
+            }
+            if (record.title || record.username || record.password) {
+                records.push(record);
+            }
+        }
+        return records;
+    }
+    /**
+     * Map raw records to typed VaultEntry objects.
+     * Determines type based on available fields, falls back to secure_note (Req 4.3, 4.4).
+     * Returns both entries and errors for failed records (Req 4.5).
+     */
+    static mapToEntries(rawRecords) {
+        const entries = [];
+        const errors = [];
+        const now = new Date();
+        for (let i = 0; i < rawRecords.length; i++) {
+            try {
+                const raw = rawRecords[i];
+                const title = raw.title || raw.name || `Imported Entry ${i + 1}`;
+                const isFavorite = raw.favorite === true ||
+                    raw.favorite === '1' ||
+                    raw.favorite === 'true';
+                const tags = raw.folder ? [raw.folder] : undefined;
+                const base = {
+                    id: (0, uuid_1.v4)(),
+                    title,
+                    notes: raw.notes || undefined,
+                    tags,
+                    createdAt: now,
+                    updatedAt: now,
+                    favorite: isFavorite,
+                };
+                // Determine entry type based on available fields (Req 4.3)
+                if (raw.cardNumber && raw.cardNumber.length >= 13) {
+                    // Credit card
+                    const entry = {
+                        ...base,
+                        type: 'credit_card',
+                        cardholderName: raw.cardholderName || '',
+                        cardNumber: raw.cardNumber,
+                        expirationDate: raw.expirationDate || '',
+                        cvv: raw.cvv || '',
+                    };
+                    entries.push(entry);
+                }
+                else if (raw.firstName && raw.lastName && !raw.password && !raw.url) {
+                    // Identity
+                    const entry = {
+                        ...base,
+                        type: 'identity',
+                        firstName: raw.firstName,
+                        lastName: raw.lastName,
+                        email: raw.email || undefined,
+                        phone: raw.phone || undefined,
+                        address: raw.address || undefined,
+                    };
+                    entries.push(entry);
+                }
+                else if (raw.url || raw.username || raw.password) {
+                    // Login
+                    const entry = {
+                        ...base,
+                        type: 'login',
+                        siteUrl: raw.url || '',
+                        username: raw.username || '',
+                        password: raw.password || '',
+                        totpSecret: raw.totp || undefined,
+                    };
+                    entries.push(entry);
+                }
+                else {
+                    // Fallback to secure note (Req 4.4)
+                    const content = [
+                        raw.notes,
+                        raw.username ? `Username: ${raw.username}` : '',
+                        raw.password ? `Password: ${raw.password}` : '',
+                    ]
+                        .filter(Boolean)
+                        .join('\n') || 'Imported entry';
+                    const entry = {
+                        ...base,
+                        type: 'secure_note',
+                        content,
+                    };
+                    entries.push(entry);
+                }
+            }
+            catch (err) {
+                // Capture errors for failed records (Req 4.5)
+                errors.push({
+                    recordIndex: i,
+                    error: err instanceof Error ? err.message : String(err),
+                });
+            }
+        }
+        return { entries, errors };
+    }
+}
+exports.ImportParser = ImportParser;
+//# sourceMappingURL=importParser.js.map