@de-otio/trellis 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/lib/crypto/voting/hash-utils.d.ts +3 -49
  2. package/dist/lib/crypto/voting/hash-utils.d.ts.map +1 -1
  3. package/dist/lib/crypto/voting/hash-utils.js +12 -54
  4. package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
  5. package/dist/lib/email-privacy.d.ts +6 -44
  6. package/dist/lib/email-privacy.d.ts.map +1 -1
  7. package/dist/lib/email-privacy.js +10 -50
  8. package/dist/lib/email-privacy.js.map +1 -1
  9. package/package.json +1 -1
  10. package/prisma/migrations/20260412075058_init_redesign_schema/migration.sql +1547 -0
  11. package/prisma/migrations/20260412080000_seed_role_metadata/migration.sql +15 -0
  12. package/prisma/migrations/migration_lock.toml +3 -0
  13. package/prisma/schema.prisma +1408 -0
  14. package/dist/lib/crypto/encryption-service.d.ts +0 -100
  15. package/dist/lib/crypto/encryption-service.d.ts.map +0 -1
  16. package/dist/lib/crypto/encryption-service.js +0 -293
  17. package/dist/lib/crypto/encryption-service.js.map +0 -1
  18. package/dist/lib/crypto/index.d.ts +0 -22
  19. package/dist/lib/crypto/index.d.ts.map +0 -1
  20. package/dist/lib/crypto/index.js +0 -28
  21. package/dist/lib/crypto/index.js.map +0 -1
  22. package/dist/lib/crypto/types.d.ts +0 -71
  23. package/dist/lib/crypto/types.d.ts.map +0 -1
  24. package/dist/lib/crypto/types.js +0 -3
  25. package/dist/lib/crypto/types.js.map +0 -1
  26. package/dist/lib/crypto/versioning.d.ts +0 -112
  27. package/dist/lib/crypto/versioning.d.ts.map +0 -1
  28. package/dist/lib/crypto/versioning.js +0 -148
  29. package/dist/lib/crypto/versioning.js.map +0 -1
  30. package/dist/lib/encryption-key-service.d.ts +0 -115
  31. package/dist/lib/encryption-key-service.d.ts.map +0 -1
  32. package/dist/lib/encryption-key-service.js +0 -272
  33. package/dist/lib/encryption-key-service.js.map +0 -1
  34. package/dist/lib/followers-handler.d.ts +0 -21
  35. package/dist/lib/followers-handler.d.ts.map +0 -1
  36. package/dist/lib/followers-handler.js +0 -35
  37. package/dist/lib/followers-handler.js.map +0 -1
  38. package/dist/lib/routes/followers.d.ts +0 -6
  39. package/dist/lib/routes/followers.d.ts.map +0 -1
  40. package/dist/lib/routes/followers.js +0 -405
  41. package/dist/lib/routes/followers.js.map +0 -1
@@ -1,100 +0,0 @@
1
- /**
2
- * EncryptionService
3
- *
4
- * Provides shared cryptographic operations for Trellis:
5
- * - AES-256-GCM encryption/decryption with AAD support
6
- * - Key derivation (PBKDF2, with Argon2id support when available)
7
- * - Hash functions (SHA-256)
8
- * - Email hashing with pepper (HMAC-SHA-256)
9
- *
10
- * This service is used by:
11
- * - Border Safety Mode
12
- * - Encrypted DM
13
- * - Secure Voting (hash functions only)
14
- */
15
- import type { AAD, KDFParams } from "./types.js";
16
- /**
17
- * EncryptionService class for cryptographic operations
18
- */
19
- export declare class EncryptionService {
20
- /**
21
- * Encrypt data using AES-256-GCM
22
- *
23
- * @param data - Data to encrypt (will be JSON stringified if not a string)
24
- * @param key - CryptoKey for AES-256-GCM (256-bit)
25
- * @param aad - Optional Additional Authenticated Data to bind to encryption
26
- * @returns Base64-encoded encrypted data with IV and tag
27
- * @throws Error if encryption fails
28
- */
29
- static encrypt(data: string | object, key: CryptoKey, aad?: AAD): Promise<string>;
30
- /**
31
- * Decrypt data using AES-256-GCM
32
- *
33
- * @param encryptedData - Base64-encoded encrypted data with IV and tag
34
- * @param key - CryptoKey for AES-256-GCM (256-bit)
35
- * @param aad - Optional Additional Authenticated Data (must match encryption)
36
- * @returns Decrypted data as string
37
- * @throws Error if decryption fails (invalid key, tampered data, etc.)
38
- */
39
- static decrypt(encryptedData: string, key: CryptoKey, aad?: AAD): Promise<string>;
40
- /**
41
- * Derive encryption key from password using PBKDF2 or Argon2id
42
- *
43
- * Note: Argon2id requires a library (not available in WebCrypto API).
44
- * This implementation supports PBKDF2. For Argon2id, use a library like
45
- * 'argon2-browser' or 'argon2-wasm' and call this method with algorithm='pbkdf2'
46
- * as fallback, or implement Argon2id separately.
47
- *
48
- * @param password - Password to derive key from
49
- * @param salt - Salt (base64-encoded, minimum 128 bits / 16 bytes)
50
- * @param kdfParams - Key derivation parameters
51
- * @returns CryptoKey for AES-256-GCM
52
- * @throws Error if key derivation fails or parameters are invalid
53
- */
54
- static deriveKey(password: string, salt: string, kdfParams: KDFParams): Promise<CryptoKey>;
55
- /**
56
- * Hash data using SHA-256
57
- *
58
- * @param data - Data to hash (string or object)
59
- * @returns SHA-256 hash as hex string
60
- */
61
- static hash(data: string | object): Promise<string>;
62
- /**
63
- * Hash email address using HMAC-SHA-256 with pepper
64
- *
65
- * This provides privacy-preserving email hashing for zero-knowledge lookups.
66
- * The email is normalized (lowercased and trimmed) before hashing.
67
- *
68
- * @param email - Email address to hash
69
- * @param pepper - Secret pepper value (should be stored server-side, not in code)
70
- * @returns HMAC-SHA-256 hash as hex string
71
- * @throws Error if email is empty or invalid after normalization
72
- */
73
- static hashEmail(email: string, pepper: string): Promise<string>;
74
- /**
75
- * Generate a random salt (128 bits / 16 bytes)
76
- *
77
- * @returns Base64-encoded salt
78
- */
79
- static generateSalt(): string;
80
- /**
81
- * Extract IV from encrypted data for reuse detection
82
- *
83
- * This is a utility function for server-side IV reuse detection.
84
- * The server should track IVs per key to prevent reuse.
85
- *
86
- * @param encryptedData - Base64-encoded encrypted data
87
- * @returns IV as base64 string
88
- * @throws Error if encrypted data format is invalid
89
- */
90
- static extractIV(encryptedData: string): string;
91
- /**
92
- * Convert ArrayBuffer to base64 string
93
- */
94
- private static arrayBufferToBase64;
95
- /**
96
- * Convert base64 string to ArrayBuffer
97
- */
98
- private static base64ToArrayBuffer;
99
- }
100
- //# sourceMappingURL=encryption-service.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"encryption-service.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/encryption-service.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAiB,SAAS,EAAE,MAAM,YAAY,CAAC;AAGhE;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;OAQG;WACU,OAAO,CAClB,IAAI,EAAE,MAAM,GAAG,MAAM,EACrB,GAAG,EAAE,SAAS,EACd,GAAG,CAAC,EAAE,GAAG,GACR,OAAO,CAAC,MAAM,CAAC;IAiDlB;;;;;;;;OAQG;WACU,OAAO,CAClB,aAAa,EAAE,MAAM,EACrB,GAAG,EAAE,SAAS,EACd,GAAG,CAAC,EAAE,GAAG,GACR,OAAO,CAAC,MAAM,CAAC;IAwElB;;;;;;;;;;;;;OAaG;WACU,SAAS,CACpB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,SAAS,CAAC;IA0ErB;;;;;OAKG;WACU,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUzD;;;;;;;;;;OAUG;WACU,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkCtE;;;;OAIG;IACH,MAAM,CAAC,YAAY,IAAI,MAAM;IAK7B;;;;;;;;;OASG;IACH,MAAM,CAAC,SAAS,CAAC,aAAa,EAAE,MAAM,GAAG,MAAM;IAY/C;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAOlC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,mBAAmB;CAQnC"}
@@ -1,293 +0,0 @@
1
- "use strict";
2
- /**
3
- * EncryptionService
4
- *
5
- * Provides shared cryptographic operations for Trellis:
6
- * - AES-256-GCM encryption/decryption with AAD support
7
- * - Key derivation (PBKDF2, with Argon2id support when available)
8
- * - Hash functions (SHA-256)
9
- * - Email hashing with pepper (HMAC-SHA-256)
10
- *
11
- * This service is used by:
12
- * - Border Safety Mode
13
- * - Encrypted DM
14
- * - Secure Voting (hash functions only)
15
- */
16
- Object.defineProperty(exports, "__esModule", { value: true });
17
- exports.EncryptionService = void 0;
18
- const versioning_js_1 = require("./versioning.js");
19
- /**
20
- * EncryptionService class for cryptographic operations
21
- */
22
- class EncryptionService {
23
- /**
24
- * Encrypt data using AES-256-GCM
25
- *
26
- * @param data - Data to encrypt (will be JSON stringified if not a string)
27
- * @param key - CryptoKey for AES-256-GCM (256-bit)
28
- * @param aad - Optional Additional Authenticated Data to bind to encryption
29
- * @returns Base64-encoded encrypted data with IV and tag
30
- * @throws Error if encryption fails
31
- */
32
- static async encrypt(data, key, aad) {
33
- // Validate key
34
- if (key.algorithm.name !== "AES-GCM" || key.extractable) {
35
- throw new Error("Invalid key: must be AES-GCM key and non-extractable");
36
- }
37
- // Convert data to string if needed
38
- const dataString = typeof data === "string" ? data : JSON.stringify(data);
39
- const dataBytes = new TextEncoder().encode(dataString);
40
- // Generate random IV (12 bytes for GCM)
41
- const iv = crypto.getRandomValues(new Uint8Array(12));
42
- // Prepare AAD if provided
43
- let aadBytes;
44
- if (aad) {
45
- const aadString = JSON.stringify(aad);
46
- aadBytes = new TextEncoder().encode(aadString).buffer;
47
- }
48
- // Encrypt with AAD
49
- const encrypted = await crypto.subtle.encrypt({
50
- name: "AES-GCM",
51
- iv: iv,
52
- additionalData: aadBytes,
53
- tagLength: 128, // 128-bit authentication tag
54
- }, key, dataBytes);
55
- // Extract tag (last 16 bytes) and encrypted data
56
- const encryptedArray = new Uint8Array(encrypted);
57
- const tag = encryptedArray.slice(-16); // Last 16 bytes are the tag
58
- const ciphertext = encryptedArray.slice(0, -16); // Rest is ciphertext
59
- // Create result object with version
60
- const result = {
61
- iv: this.arrayBufferToBase64(iv),
62
- data: this.arrayBufferToBase64(ciphertext),
63
- tag: this.arrayBufferToBase64(tag),
64
- version: versioning_js_1.ParameterVersionManager.getCurrentVersion(),
65
- };
66
- // Return base64-encoded JSON
67
- return btoa(JSON.stringify(result));
68
- }
69
- /**
70
- * Decrypt data using AES-256-GCM
71
- *
72
- * @param encryptedData - Base64-encoded encrypted data with IV and tag
73
- * @param key - CryptoKey for AES-256-GCM (256-bit)
74
- * @param aad - Optional Additional Authenticated Data (must match encryption)
75
- * @returns Decrypted data as string
76
- * @throws Error if decryption fails (invalid key, tampered data, etc.)
77
- */
78
- static async decrypt(encryptedData, key, aad) {
79
- // Validate key
80
- if (key.algorithm.name !== "AES-GCM" || key.extractable) {
81
- throw new Error("Invalid key: must be AES-GCM key and non-extractable");
82
- }
83
- // Parse encrypted data
84
- let parsed;
85
- try {
86
- parsed = JSON.parse(atob(encryptedData));
87
- }
88
- catch (error) {
89
- throw new Error("Invalid encrypted data format");
90
- }
91
- // Validate structure (data can be empty string, but fields must exist)
92
- if (parsed.iv === undefined ||
93
- parsed.data === undefined ||
94
- parsed.tag === undefined) {
95
- throw new Error("Invalid encrypted data: missing IV, data, or tag");
96
- }
97
- // Validate version if present
98
- if (parsed.version) {
99
- try {
100
- versioning_js_1.ParameterVersionManager.validateAndNormalize(parsed.version);
101
- }
102
- catch (error) {
103
- throw new Error(`Invalid or unsupported encryption version: ${parsed.version}. ${error instanceof Error ? error.message : String(error)}`);
104
- }
105
- }
106
- // Decode IV, ciphertext, and tag
107
- const iv = this.base64ToArrayBuffer(parsed.iv);
108
- const ciphertext = this.base64ToArrayBuffer(parsed.data);
109
- const tag = this.base64ToArrayBuffer(parsed.tag);
110
- // Combine ciphertext and tag (GCM expects them together)
111
- const encrypted = new Uint8Array(ciphertext.byteLength + tag.byteLength);
112
- encrypted.set(new Uint8Array(ciphertext), 0);
113
- encrypted.set(new Uint8Array(tag), ciphertext.byteLength);
114
- // Prepare AAD if provided
115
- let aadBytes;
116
- if (aad) {
117
- const aadString = JSON.stringify(aad);
118
- aadBytes = new TextEncoder().encode(aadString).buffer;
119
- }
120
- // Decrypt with AAD verification
121
- try {
122
- const decrypted = await crypto.subtle.decrypt({
123
- name: "AES-GCM",
124
- iv: iv,
125
- additionalData: aadBytes,
126
- tagLength: 128,
127
- }, key, encrypted.buffer);
128
- return new TextDecoder().decode(decrypted);
129
- }
130
- catch (error) {
131
- throw new Error("Decryption failed: invalid key, tampered data, or AAD mismatch");
132
- }
133
- }
134
- /**
135
- * Derive encryption key from password using PBKDF2 or Argon2id
136
- *
137
- * Note: Argon2id requires a library (not available in WebCrypto API).
138
- * This implementation supports PBKDF2. For Argon2id, use a library like
139
- * 'argon2-browser' or 'argon2-wasm' and call this method with algorithm='pbkdf2'
140
- * as fallback, or implement Argon2id separately.
141
- *
142
- * @param password - Password to derive key from
143
- * @param salt - Salt (base64-encoded, minimum 128 bits / 16 bytes)
144
- * @param kdfParams - Key derivation parameters
145
- * @returns CryptoKey for AES-256-GCM
146
- * @throws Error if key derivation fails or parameters are invalid
147
- */
148
- static async deriveKey(password, salt, kdfParams) {
149
- // Validate inputs
150
- if (!password || typeof password !== "string") {
151
- throw new Error("Password must be a non-empty string");
152
- }
153
- if (!salt || typeof salt !== "string") {
154
- throw new Error("Salt must be a non-empty string");
155
- }
156
- // Decode salt
157
- let saltBuffer;
158
- try {
159
- saltBuffer = this.base64ToArrayBuffer(salt);
160
- }
161
- catch (error) {
162
- throw new Error("Invalid salt format: must be base64-encoded");
163
- }
164
- const saltBytes = new Uint8Array(saltBuffer);
165
- // Validate salt size (minimum 128 bits / 16 bytes)
166
- if (saltBytes.length < 16) {
167
- throw new Error("Salt must be at least 128 bits (16 bytes)");
168
- }
169
- // Handle Argon2id (not supported by WebCrypto API)
170
- if (kdfParams.algorithm === "argon2id") {
171
- throw new Error("Argon2id not supported in WebCrypto API. Use a library like argon2-browser or fallback to PBKDF2.");
172
- }
173
- // PBKDF2 implementation
174
- if (kdfParams.algorithm !== "pbkdf2") {
175
- throw new Error(`Unsupported KDF algorithm: ${kdfParams.algorithm}`);
176
- }
177
- // Validate and normalize version
178
- const version = versioning_js_1.ParameterVersionManager.validateAndNormalize(kdfParams.version);
179
- // Validate PBKDF2 parameters
180
- const iterations = kdfParams.iterations ?? 600000;
181
- if (iterations < 600000) {
182
- throw new Error("PBKDF2 iterations must be at least 600,000 for security");
183
- }
184
- // Import password as key material
185
- const keyMaterial = await crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits", "deriveKey"]);
186
- // Derive 256-bit key for AES-256
187
- return crypto.subtle.deriveKey({
188
- name: "PBKDF2",
189
- salt: saltBuffer,
190
- iterations: iterations,
191
- hash: "SHA-256",
192
- }, keyMaterial, { name: "AES-GCM", length: 256 }, false, // Not extractable
193
- ["encrypt", "decrypt"]);
194
- }
195
- /**
196
- * Hash data using SHA-256
197
- *
198
- * @param data - Data to hash (string or object)
199
- * @returns SHA-256 hash as hex string
200
- */
201
- static async hash(data) {
202
- const dataString = typeof data === "string" ? data : JSON.stringify(data);
203
- const dataBytes = new TextEncoder().encode(dataString);
204
- const hashBuffer = await crypto.subtle.digest("SHA-256", dataBytes);
205
- // Convert to hex string
206
- const hashArray = Array.from(new Uint8Array(hashBuffer));
207
- return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
208
- }
209
- /**
210
- * Hash email address using HMAC-SHA-256 with pepper
211
- *
212
- * This provides privacy-preserving email hashing for zero-knowledge lookups.
213
- * The email is normalized (lowercased and trimmed) before hashing.
214
- *
215
- * @param email - Email address to hash
216
- * @param pepper - Secret pepper value (should be stored server-side, not in code)
217
- * @returns HMAC-SHA-256 hash as hex string
218
- * @throws Error if email is empty or invalid after normalization
219
- */
220
- static async hashEmail(email, pepper) {
221
- if (!email || typeof email !== "string") {
222
- throw new Error("Email must be a non-empty string");
223
- }
224
- if (!pepper || typeof pepper !== "string") {
225
- throw new Error("Pepper must be a non-empty string");
226
- }
227
- // Normalize email: lowercase and trim
228
- const normalizedEmail = email.toLowerCase().trim();
229
- if (normalizedEmail.length === 0) {
230
- throw new Error("Email cannot be empty after normalization");
231
- }
232
- // Import pepper as HMAC key
233
- const pepperKey = await crypto.subtle.importKey("raw", new TextEncoder().encode(pepper), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
234
- // Compute HMAC
235
- const emailBytes = new TextEncoder().encode(normalizedEmail);
236
- const signature = await crypto.subtle.sign("HMAC", pepperKey, emailBytes);
237
- // Convert to hex string
238
- const hashArray = Array.from(new Uint8Array(signature));
239
- return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
240
- }
241
- /**
242
- * Generate a random salt (128 bits / 16 bytes)
243
- *
244
- * @returns Base64-encoded salt
245
- */
246
- static generateSalt() {
247
- const salt = crypto.getRandomValues(new Uint8Array(16));
248
- return this.arrayBufferToBase64(salt);
249
- }
250
- /**
251
- * Extract IV from encrypted data for reuse detection
252
- *
253
- * This is a utility function for server-side IV reuse detection.
254
- * The server should track IVs per key to prevent reuse.
255
- *
256
- * @param encryptedData - Base64-encoded encrypted data
257
- * @returns IV as base64 string
258
- * @throws Error if encrypted data format is invalid
259
- */
260
- static extractIV(encryptedData) {
261
- try {
262
- const parsed = JSON.parse(atob(encryptedData));
263
- if (!parsed.iv) {
264
- throw new Error("Invalid encrypted data: missing IV");
265
- }
266
- return parsed.iv;
267
- }
268
- catch (error) {
269
- throw new Error("Invalid encrypted data format");
270
- }
271
- }
272
- /**
273
- * Convert ArrayBuffer to base64 string
274
- */
275
- static arrayBufferToBase64(buffer) {
276
- const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
277
- const binary = String.fromCharCode(...bytes);
278
- return btoa(binary);
279
- }
280
- /**
281
- * Convert base64 string to ArrayBuffer
282
- */
283
- static base64ToArrayBuffer(base64) {
284
- const binary = atob(base64);
285
- const bytes = new Uint8Array(binary.length);
286
- for (let i = 0; i < binary.length; i++) {
287
- bytes[i] = binary.charCodeAt(i);
288
- }
289
- return bytes.buffer;
290
- }
291
- }
292
- exports.EncryptionService = EncryptionService;
293
- //# sourceMappingURL=encryption-service.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"encryption-service.js","sourceRoot":"","sources":["../../../src/lib/crypto/encryption-service.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAGH,mDAA0D;AAE1D;;GAEG;AACH,MAAa,iBAAiB;IAC5B;;;;;;;;OAQG;IACH,MAAM,CAAC,KAAK,CAAC,OAAO,CAClB,IAAqB,EACrB,GAAc,EACd,GAAS;QAET,eAAe;QACf,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,KAAK,SAAS,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QAED,mCAAmC;QACnC,MAAM,UAAU,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1E,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEvD,wCAAwC;QACxC,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QAEtD,0BAA0B;QAC1B,IAAI,QAAiC,CAAC;QACtC,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACtC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;QACxD,CAAC;QAED,mBAAmB;QACnB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C;YACE,IAAI,EAAE,SAAS;YACf,EAAE,EAAE,EAAE;YACN,cAAc,EAAE,QAAQ;YACxB,SAAS,EAAE,GAAG,EAAE,6BAA6B;SAC9C,EACD,GAAG,EACH,SAAS,CACV,CAAC;QAEF,iDAAiD;QACjD,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,4BAA4B;QACnE,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,qBAAqB;QAEtE,oCAAoC;QACpC,MAAM,MAAM,GAAkB;YAC5B,EAAE,EAAE,IAAI,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAChC,IAAI,EAAE,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC;YAC1C,GAAG,EAAE,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC;YAClC,OAAO,EAAE,uCAAuB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QAEF,6BAA6B;QAC7B,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACtC,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,KAAK,CAAC,OAAO,CAClB,aAAqB,EACrB,GAAc,EACd,GAAS;QAET,eAAe;QACf,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,KAAK,SAAS,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QAED,uBAAuB;QACvB,IAAI,MAAqB,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,uEAAuE;QACvE,IACE,MAAM,CAAC,EAAE,KAAK,SAAS;YACvB,MAAM,CAAC,IAAI,KAAK,SAAS;YACzB,MAAM,CAAC,GAAG,KAAK,SAAS,EACxB,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,8BAA8B;QAC9B,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,uCAAuB,CAAC,oBAAoB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC/D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,CAAC,OAAO,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC1H,CAAC;YACJ,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,MAAM,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjD,yDAAyD;QACzD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC;QACzE,SAAS,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QAC7C,SAAS,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;QAE1D,0BAA0B;QAC1B,IAAI,QAAiC,CAAC;QACtC,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACtC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;QACxD,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C;gBACE,IAAI,EAAE,SAAS;gBACf,EAAE,EAAE,EAAE;gBACN,cAAc,EAAE,QAAQ;gBACxB,SAAS,EAAE,GAAG;aACf,EACD,GAAG,EACH,SAAS,CAAC,MAAM,CACjB,CAAC;YAEF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,MAAM,CAAC,KAAK,CAAC,SAAS,CACpB,QAAgB,EAChB,IAAY,EACZ,SAAoB;QAEpB,kBAAkB;QAClB,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,cAAc;QACd,IAAI,UAAuB,CAAC;QAC5B,IAAI,CAAC;YACH,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;QAE7C,mDAAmD;QACnD,IAAI,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,mDAAmD;QACnD,IAAI,SAAS,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,IAAI,SAAS,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,8BAA8B,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,iCAAiC;QACjC,MAAM,OAAO,GAAG,uCAAuB,CAAC,oBAAoB,CAC1D,SAAS,CAAC,OAAO,CAClB,CAAC;QAEF,6BAA6B;QAC7B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,IAAI,MAAM,CAAC;QAClD,IAAI,UAAU,GAAG,MAAM,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/C,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAClC,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,EAAE,WAAW,CAAC,CAC5B,CAAC;QAEF,iCAAiC;QACjC,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,UAAU;YAChB,UAAU,EAAE,UAAU;YACtB,IAAI,EAAE,SAAS;SAChB,EACD,WAAW,EACX,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EAAE,kBAAkB;QACzB,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAqB;QACrC,MAAM,UAAU,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1E,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACvD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEpE,wBAAwB;QACxB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACzD,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;;OAUG;IACH,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,MAAc;QAClD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QAED,sCAAsC;QACtC,MAAM,eAAe,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;QAEnD,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,4BAA4B;QAC5B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;QAEF,eAAe;QACf,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAE1E,wBAAwB;QACxB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;QACxD,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxE,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,YAAY;QACjB,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,SAAS,CAAC,aAAqB;QACpC,IAAI,CAAC;YACH,MAAM,MAAM,GAAkB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;YAC9D,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YACD,OAAO,MAAM,CAAC,EAAE,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,mBAAmB,CAAC,MAAgC;QACjE,MAAM,KAAK,GACT,MAAM,YAAY,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,mBAAmB,CAAC,MAAc;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,KAAK,CAAC,MAAM,CAAC;IACtB,CAAC;CACF;AAlWD,8CAkWC"}
@@ -1,22 +0,0 @@
1
- /**
2
- * @de-otio/trellis (inlined crypto)
3
- *
4
- * Shared cryptographic library for Trellis
5
- *
6
- * Provides:
7
- * - AES-256-GCM encryption/decryption with AAD support
8
- * - Key derivation (PBKDF2, with Argon2id support when available)
9
- * - Hash functions (SHA-256)
10
- * - Email hashing with pepper (HMAC-SHA-256)
11
- *
12
- * Used by:
13
- * - Border Safety Mode
14
- * - Encrypted DM
15
- * - Secure Voting (hash functions only)
16
- */
17
- export { EncryptionService } from "./encryption-service.js";
18
- export type { AAD, EncryptedData, KDFParams } from "./types.js";
19
- export { ParameterVersionManager } from "./versioning.js";
20
- export type { ParameterVersion } from "./versioning.js";
21
- export { CURRENT_VERSION, MINIMUM_VERSION, SUPPORTED_VERSIONS, } from "./versioning.js";
22
- //# sourceMappingURL=index.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,YAAY,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,eAAe,EACf,kBAAkB,GACnB,MAAM,iBAAiB,CAAC"}
@@ -1,28 +0,0 @@
1
- "use strict";
2
- /**
3
- * @de-otio/trellis (inlined crypto)
4
- *
5
- * Shared cryptographic library for Trellis
6
- *
7
- * Provides:
8
- * - AES-256-GCM encryption/decryption with AAD support
9
- * - Key derivation (PBKDF2, with Argon2id support when available)
10
- * - Hash functions (SHA-256)
11
- * - Email hashing with pepper (HMAC-SHA-256)
12
- *
13
- * Used by:
14
- * - Border Safety Mode
15
- * - Encrypted DM
16
- * - Secure Voting (hash functions only)
17
- */
18
- Object.defineProperty(exports, "__esModule", { value: true });
19
- exports.SUPPORTED_VERSIONS = exports.MINIMUM_VERSION = exports.CURRENT_VERSION = exports.ParameterVersionManager = exports.EncryptionService = void 0;
20
- var encryption_service_js_1 = require("./encryption-service.js");
21
- Object.defineProperty(exports, "EncryptionService", { enumerable: true, get: function () { return encryption_service_js_1.EncryptionService; } });
22
- var versioning_js_1 = require("./versioning.js");
23
- Object.defineProperty(exports, "ParameterVersionManager", { enumerable: true, get: function () { return versioning_js_1.ParameterVersionManager; } });
24
- var versioning_js_2 = require("./versioning.js");
25
- Object.defineProperty(exports, "CURRENT_VERSION", { enumerable: true, get: function () { return versioning_js_2.CURRENT_VERSION; } });
26
- Object.defineProperty(exports, "MINIMUM_VERSION", { enumerable: true, get: function () { return versioning_js_2.MINIMUM_VERSION; } });
27
- Object.defineProperty(exports, "SUPPORTED_VERSIONS", { enumerable: true, get: function () { return versioning_js_2.SUPPORTED_VERSIONS; } });
28
- //# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/lib/crypto/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAEH,iEAA4D;AAAnD,0HAAA,iBAAiB,OAAA;AAE1B,iDAA0D;AAAjD,wHAAA,uBAAuB,OAAA;AAEhC,iDAIyB;AAHvB,gHAAA,eAAe,OAAA;AACf,gHAAA,eAAe,OAAA;AACf,mHAAA,kBAAkB,OAAA"}
@@ -1,71 +0,0 @@
1
- /**
2
- * Key Derivation Function Parameters
3
- */
4
- export interface KDFParams {
5
- /**
6
- * Algorithm to use: 'argon2id' (preferred) or 'pbkdf2' (fallback)
7
- */
8
- algorithm: "argon2id" | "pbkdf2";
9
- /**
10
- * Salt (128-bit minimum, 16 bytes)
11
- * Stored as base64 string
12
- */
13
- salt: string;
14
- /**
15
- * For PBKDF2: number of iterations (≥600,000 recommended)
16
- * For Argon2id: time cost parameter (≥3 recommended)
17
- */
18
- iterations?: number;
19
- time?: number;
20
- /**
21
- * For Argon2id: memory cost in MB (≥64-128 MB recommended)
22
- */
23
- memory?: number;
24
- /**
25
- * For Argon2id: parallelism parameter
26
- */
27
- parallelism?: number;
28
- /**
29
- * Parameter version for future compatibility
30
- */
31
- version?: string;
32
- }
33
- /**
34
- * Encryption result containing IV, encrypted data, and authentication tag
35
- */
36
- export interface EncryptedData {
37
- /**
38
- * Initialization Vector (12 bytes, 96 bits)
39
- * Base64 encoded
40
- */
41
- iv: string;
42
- /**
43
- * Encrypted data
44
- * Base64 encoded
45
- */
46
- data: string;
47
- /**
48
- * Authentication tag (16 bytes, 128 bits)
49
- * Base64 encoded
50
- */
51
- tag: string;
52
- /**
53
- * Parameter version (semantic versioning: MAJOR.MINOR.PATCH)
54
- * Used for backward compatibility and parameter upgrades
55
- * Example: "1.0.0"
56
- */
57
- version?: string;
58
- }
59
- /**
60
- * Additional Authenticated Data (AAD) schema
61
- * Used to bind metadata to encryption
62
- */
63
- export interface AAD {
64
- userId?: string;
65
- contextId?: string;
66
- dataType?: string;
67
- timestamp?: number;
68
- sequence?: number;
69
- [key: string]: string | number | undefined;
70
- }
71
- //# sourceMappingURL=types.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,SAAS,EAAE,UAAU,GAAG,QAAQ,CAAC;IAEjC;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;OAGG;IACH,EAAE,EAAE,MAAM,CAAC;IAEX;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,GAAG;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CAC5C"}
@@ -1,3 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- //# sourceMappingURL=types.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/lib/crypto/types.ts"],"names":[],"mappings":""}
@@ -1,112 +0,0 @@
1
- /**
2
- * Parameter Versioning
3
- *
4
- * Manages versioning of cryptographic parameters to enable safe upgrades
5
- * and maintain backward compatibility.
6
- *
7
- * Version Format: Semantic versioning (MAJOR.MINOR.PATCH)
8
- * - Major: Breaking changes (algorithm change)
9
- * - Minor: Parameter changes (iteration count increase)
10
- * - Patch: Bug fixes
11
- *
12
- * @see doc/02-technical/architecture/cryptography/08-implementation-recommendations.md
13
- */
14
- /**
15
- * Parameter version information
16
- */
17
- export interface ParameterVersion {
18
- /**
19
- * Version string in semantic versioning format (MAJOR.MINOR.PATCH)
20
- * Example: "1.0.0", "1.1.0", "2.0.0"
21
- */
22
- version: string;
23
- /**
24
- * Whether this version is deprecated
25
- */
26
- deprecated?: boolean;
27
- /**
28
- * Deprecation date (ISO 8601)
29
- */
30
- deprecatedAt?: string;
31
- /**
32
- * Removal date (ISO 8601) - when support will be removed
33
- */
34
- removedAt?: string;
35
- }
36
- /**
37
- * Supported parameter versions
38
- */
39
- export declare const SUPPORTED_VERSIONS: Record<string, ParameterVersion>;
40
- /**
41
- * Current default version
42
- */
43
- export declare const CURRENT_VERSION = "1.0.0";
44
- /**
45
- * Minimum supported version (for backward compatibility)
46
- */
47
- export declare const MINIMUM_VERSION = "1.0.0";
48
- /**
49
- * Parameter version manager
50
- */
51
- export declare class ParameterVersionManager {
52
- /**
53
- * Validate version format
54
- *
55
- * @param version - Version string to validate
56
- * @returns true if valid semantic version format
57
- */
58
- static isValidVersion(version: string): boolean;
59
- /**
60
- * Compare two versions
61
- *
62
- * @param version1 - First version
63
- * @param version2 - Second version
64
- * @returns -1 if version1 < version2, 0 if equal, 1 if version1 > version2
65
- */
66
- static compareVersions(version1: string, version2: string): number;
67
- /**
68
- * Check if version is supported
69
- *
70
- * @param version - Version to check
71
- * @returns true if version is supported
72
- */
73
- static isSupported(version: string): boolean;
74
- /**
75
- * Check if version is deprecated
76
- *
77
- * @param version - Version to check
78
- * @returns true if version is deprecated
79
- */
80
- static isDeprecated(version: string): boolean;
81
- /**
82
- * Get version information
83
- *
84
- * @param version - Version string
85
- * @returns Version information or null if not found
86
- */
87
- static getVersionInfo(version: string): ParameterVersion | null;
88
- /**
89
- * Get current default version
90
- *
91
- * @returns Current version string
92
- */
93
- static getCurrentVersion(): string;
94
- /**
95
- * Get minimum supported version
96
- *
97
- * @returns Minimum version string
98
- */
99
- static getMinimumVersion(): string;
100
- /**
101
- * Validate and normalize version
102
- *
103
- * If version is not provided, returns current version.
104
- * If version is invalid, throws error.
105
- *
106
- * @param version - Optional version string
107
- * @returns Validated version string
108
- * @throws Error if version is invalid
109
- */
110
- static validateAndNormalize(version?: string): string;
111
- }
112
- //# sourceMappingURL=versioning.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"versioning.d.ts","sourceRoot":"","sources":["../../../src/lib/crypto/versioning.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAK/D,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,eAAe,UAAU,CAAC;AAEvC;;GAEG;AACH,eAAO,MAAM,eAAe,UAAU,CAAC;AAEvC;;GAEG;AACH,qBAAa,uBAAuB;IAClC;;;;;OAKG;IACH,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAM/C;;;;;;OAMG;IACH,MAAM,CAAC,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM;IAgBlE;;;;;OAKG;IACH,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAiB5C;;;;;OAKG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAK7C;;;;;OAKG;IACH,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,GAAG,IAAI;IAI/D;;;;OAIG;IACH,MAAM,CAAC,iBAAiB,IAAI,MAAM;IAIlC;;;;OAIG;IACH,MAAM,CAAC,iBAAiB,IAAI,MAAM;IAIlC;;;;;;;;;OASG;IACH,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM;CAmBtD"}