@bywaretech/bysentinel-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/LICENSE +202 -0
  2. package/README.md +36 -0
  3. package/dist/analysis/analyzer.d.ts +27 -0
  4. package/dist/analysis/analyzer.d.ts.map +1 -0
  5. package/dist/analysis/analyzer.js +204 -0
  6. package/dist/analysis/analyzer.js.map +1 -0
  7. package/dist/analysis/prompt.d.ts +16 -0
  8. package/dist/analysis/prompt.d.ts.map +1 -0
  9. package/dist/analysis/prompt.js +74 -0
  10. package/dist/analysis/prompt.js.map +1 -0
  11. package/dist/analysis/validate.d.ts +14 -0
  12. package/dist/analysis/validate.d.ts.map +1 -0
  13. package/dist/analysis/validate.js +116 -0
  14. package/dist/analysis/validate.js.map +1 -0
  15. package/dist/fingerprint.d.ts +19 -0
  16. package/dist/fingerprint.d.ts.map +1 -0
  17. package/dist/fingerprint.js +42 -0
  18. package/dist/fingerprint.js.map +1 -0
  19. package/dist/index.d.ts +11 -0
  20. package/dist/index.d.ts.map +1 -0
  21. package/dist/index.js +17 -0
  22. package/dist/index.js.map +1 -0
  23. package/dist/providers/types.d.ts +51 -0
  24. package/dist/providers/types.d.ts.map +1 -0
  25. package/dist/providers/types.js +2 -0
  26. package/dist/providers/types.js.map +1 -0
  27. package/dist/redaction/entropy.d.ts +11 -0
  28. package/dist/redaction/entropy.d.ts.map +1 -0
  29. package/dist/redaction/entropy.js +35 -0
  30. package/dist/redaction/entropy.js.map +1 -0
  31. package/dist/redaction/index.d.ts +4 -0
  32. package/dist/redaction/index.d.ts.map +1 -0
  33. package/dist/redaction/index.js +4 -0
  34. package/dist/redaction/index.js.map +1 -0
  35. package/dist/redaction/patterns.d.ts +35 -0
  36. package/dist/redaction/patterns.d.ts.map +1 -0
  37. package/dist/redaction/patterns.js +198 -0
  38. package/dist/redaction/patterns.js.map +1 -0
  39. package/dist/redaction/redactor.d.ts +19 -0
  40. package/dist/redaction/redactor.d.ts.map +1 -0
  41. package/dist/redaction/redactor.js +120 -0
  42. package/dist/redaction/redactor.js.map +1 -0
  43. package/dist/security/signals.d.ts +12 -0
  44. package/dist/security/signals.d.ts.map +1 -0
  45. package/dist/security/signals.js +123 -0
  46. package/dist/security/signals.js.map +1 -0
  47. package/dist/timeline/timeline.d.ts +61 -0
  48. package/dist/timeline/timeline.d.ts.map +1 -0
  49. package/dist/timeline/timeline.js +90 -0
  50. package/dist/timeline/timeline.js.map +1 -0
  51. package/dist/types/analysis.d.ts +46 -0
  52. package/dist/types/analysis.d.ts.map +1 -0
  53. package/dist/types/analysis.js +3 -0
  54. package/dist/types/analysis.js.map +1 -0
  55. package/dist/types/config.d.ts +54 -0
  56. package/dist/types/config.d.ts.map +1 -0
  57. package/dist/types/config.js +18 -0
  58. package/dist/types/config.js.map +1 -0
  59. package/dist/types/event.d.ts +80 -0
  60. package/dist/types/event.d.ts.map +1 -0
  61. package/dist/types/event.js +6 -0
  62. package/dist/types/event.js.map +1 -0
  63. package/dist/types/index.d.ts +4 -0
  64. package/dist/types/index.d.ts.map +1 -0
  65. package/dist/types/index.js +4 -0
  66. package/dist/types/index.js.map +1 -0
  67. package/dist/util/id.d.ts +4 -0
  68. package/dist/util/id.d.ts.map +1 -0
  69. package/dist/util/id.js +9 -0
  70. package/dist/util/id.js.map +1 -0
  71. package/package.json +55 -0
@@ -0,0 +1,80 @@
1
+ /**
2
+ * Canonical event shape produced by the SDK and accepted by the collector.
3
+ * Kept intentionally provider-neutral so non-AWS runtimes can adopt it later.
4
+ */
5
+ import type { ExecutionTimeline } from "../timeline/timeline.js";
6
+ export type SecuritySignalType = "secret-in-log" | "sensitive-data-in-body" | "auth-error-spike" | "suspicious-user-agent" | "admin-route-access" | "excessive-failed-attempts" | "unsafe-headers" | "ssrf-like-url" | "sql-error-leakage" | "command-injection" | "path-traversal";
7
+ export type SecuritySignalSeverity = "low" | "medium" | "high" | "critical";
8
+ export interface SecuritySignal {
9
+ type: SecuritySignalType;
10
+ severity: SecuritySignalSeverity;
11
+ /** Short human description. Must never embed the raw sensitive value. */
12
+ message: string;
13
+ /** Where it was seen, e.g. "request.headers.authorization". */
14
+ location?: string;
15
+ }
16
+ export interface RuntimeInfo {
17
+ provider: "aws";
18
+ service: "lambda";
19
+ language: "nodejs";
20
+ version: string;
21
+ }
22
+ /** Deployment/source correlation. Enables release-vs-incident analysis. */
23
+ export interface GitContext {
24
+ commitSha?: string;
25
+ branch?: string;
26
+ version?: string;
27
+ release?: string;
28
+ buildTimestamp?: string;
29
+ repositoryUrl?: string;
30
+ }
31
+ export interface LambdaContext {
32
+ functionName?: string;
33
+ functionVersion?: string;
34
+ requestId?: string;
35
+ memoryLimitMb?: string;
36
+ remainingTimeMs?: number;
37
+ coldStart?: boolean;
38
+ }
39
+ export interface ErrorInfo {
40
+ type: string;
41
+ message: string;
42
+ stack?: string;
43
+ }
44
+ export interface PerformanceInfo {
45
+ durationMs?: number;
46
+ timeoutRisk?: boolean;
47
+ memoryUsedMb?: number;
48
+ }
49
+ export interface RequestInfo {
50
+ method?: string;
51
+ path?: string;
52
+ headers?: Record<string, unknown>;
53
+ query?: Record<string, unknown>;
54
+ body?: unknown;
55
+ }
56
+ export interface BySentinelEvent {
57
+ id: string;
58
+ timestamp: string;
59
+ project: string;
60
+ environment: string;
61
+ release?: string;
62
+ runtime: RuntimeInfo;
63
+ lambda: LambdaContext;
64
+ git?: GitContext;
65
+ error?: ErrorInfo;
66
+ performance?: PerformanceInfo;
67
+ request?: RequestInfo;
68
+ /** Execution timeline / bottleneck data (see `ExecutionTimeline`). */
69
+ timeline?: ExecutionTimeline;
70
+ customContext?: Record<string, unknown>;
71
+ securitySignals?: SecuritySignal[];
72
+ /** True once redaction has run. The collector rejects events with `false`. */
73
+ sanitized: boolean;
74
+ }
75
+ /** Optional manual-capture metadata merged into `customContext`. */
76
+ export interface CaptureContext {
77
+ severity?: SecuritySignalSeverity | "warning" | "info";
78
+ [key: string]: unknown;
79
+ }
80
+ //# sourceMappingURL=event.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"event.d.ts","sourceRoot":"","sources":["../../src/types/event.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAEjE,MAAM,MAAM,kBAAkB,GAC1B,eAAe,GACf,wBAAwB,GACxB,kBAAkB,GAClB,uBAAuB,GACvB,oBAAoB,GACpB,2BAA2B,GAC3B,gBAAgB,GAChB,eAAe,GACf,mBAAmB,GACnB,mBAAmB,GACnB,gBAAgB,CAAC;AAErB,MAAM,MAAM,sBAAsB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE5E,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,kBAAkB,CAAC;IACzB,QAAQ,EAAE,sBAAsB,CAAC;IACjC,yEAAyE;IACzE,OAAO,EAAE,MAAM,CAAC;IAChB,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,KAAK,CAAC;IAChB,OAAO,EAAE,QAAQ,CAAC;IAClB,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,2EAA2E;AAC3E,MAAM,WAAW,UAAU;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAElB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,OAAO,EAAE,WAAW,CAAC;IACrB,MAAM,EAAE,aAAa,CAAC;IACtB,GAAG,CAAC,EAAE,UAAU,CAAC;IAEjB,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IAEtB,sEAAsE;IACtE,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAE7B,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,eAAe,CAAC,EAAE,cAAc,EAAE,CAAC;IAEnC,8EAA8E;IAC9E,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,oEAAoE;AACpE,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,sBAAsB,GAAG,SAAS,GAAG,MAAM,CAAC;IACvD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}
@@ -0,0 +1,6 @@
1
+ /**
2
+ * Canonical event shape produced by the SDK and accepted by the collector.
3
+ * Kept intentionally provider-neutral so non-AWS runtimes can adopt it later.
4
+ */
5
+ export {};
6
+ //# sourceMappingURL=event.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"event.js","sourceRoot":"","sources":["../../src/types/event.ts"],"names":[],"mappings":"AAAA;;;GAGG"}
@@ -0,0 +1,4 @@
1
+ export * from "./event.js";
2
+ export * from "./analysis.js";
3
+ export * from "./config.js";
4
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC"}
@@ -0,0 +1,4 @@
1
+ export * from "./event.js";
2
+ export * from "./analysis.js";
3
+ export * from "./config.js";
4
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC"}
@@ -0,0 +1,4 @@
1
+ /** BySentinel event id, e.g. `bs_evt_<uuid-no-dashes>`. */
2
+ export declare function newEventId(): string;
3
+ export declare function nowIso(): string;
4
+ //# sourceMappingURL=id.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"id.d.ts","sourceRoot":"","sources":["../../src/util/id.ts"],"names":[],"mappings":"AAEA,2DAA2D;AAC3D,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED,wBAAgB,MAAM,IAAI,MAAM,CAE/B"}
@@ -0,0 +1,9 @@
1
+ import { randomUUID } from "node:crypto";
2
+ /** BySentinel event id, e.g. `bs_evt_<uuid-no-dashes>`. */
3
+ export function newEventId() {
4
+ return `bs_evt_${randomUUID().replace(/-/g, "")}`;
5
+ }
6
+ export function nowIso() {
7
+ return new Date().toISOString();
8
+ }
9
+ //# sourceMappingURL=id.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"id.js","sourceRoot":"","sources":["../../src/util/id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,2DAA2D;AAC3D,MAAM,UAAU,UAAU;IACxB,OAAO,UAAU,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,MAAM;IACpB,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;AAClC,CAAC"}
package/package.json ADDED
@@ -0,0 +1,55 @@
1
+ {
2
+ "name": "@bywaretech/bysentinel-core",
3
+ "version": "0.1.0",
4
+ "description": "Shared types, redaction/secret-detection engine and fingerprinting for BySentinel",
5
+ "license": "Apache-2.0",
6
+ "repository": {
7
+ "type": "git",
8
+ "url": "git+https://github.com/bywaretech/bysentinel.git",
9
+ "directory": "packages/core"
10
+ },
11
+ "homepage": "https://github.com/bywaretech/bysentinel/tree/main/packages/core#readme",
12
+ "bugs": {
13
+ "url": "https://github.com/bywaretech/bysentinel/issues"
14
+ },
15
+ "keywords": [
16
+ "bysentinel",
17
+ "observability",
18
+ "redaction",
19
+ "pii",
20
+ "secret-detection",
21
+ "fingerprint",
22
+ "ai-analysis"
23
+ ],
24
+ "type": "module",
25
+ "main": "./dist/index.js",
26
+ "types": "./dist/index.d.ts",
27
+ "exports": {
28
+ ".": {
29
+ "types": "./dist/index.d.ts",
30
+ "import": "./dist/index.js"
31
+ }
32
+ },
33
+ "files": [
34
+ "dist",
35
+ "README.md",
36
+ "LICENSE"
37
+ ],
38
+ "sideEffects": false,
39
+ "publishConfig": {
40
+ "access": "public"
41
+ },
42
+ "devDependencies": {
43
+ "typescript": "^5.5.0",
44
+ "vitest": "^2.0.0"
45
+ },
46
+ "scripts": {
47
+ "build": "tsc -p tsconfig.json",
48
+ "dev": "tsc -p tsconfig.json --watch",
49
+ "test": "vitest run",
50
+ "test:watch": "vitest",
51
+ "typecheck": "tsc -p tsconfig.json --noEmit",
52
+ "lint": "tsc -p tsconfig.json --noEmit",
53
+ "clean": "rm -rf dist .turbo coverage"
54
+ }
55
+ }