@elanlanguages/bridge-anonymization 0.1.2 → 0.2.0

package/dist/crypto/pii-map-crypto.d.ts

@@ -1,18 +1,25 @@
 /**
  * PII Map Encryption
  * AES-256-GCM encryption for the PII mapping
+ * Uses Web Crypto API for browser compatibility
  */
-import { EncryptedPIIMap } from '../types/index.js';
-import type { RawPIIMap } from '../pipeline/tagger.js';
+import { EncryptedPIIMap } from "../types/index.js";
+import type { RawPIIMap } from "../pipeline/tagger.js";
+/**
+ * Converts a Uint8Array to a Base64 string
+ */
+export declare function uint8ArrayToBase64(bytes: Uint8Array): string;
+/**
+ * Converts a Base64 string to a Uint8Array
+ */
+export declare function base64ToUint8Array(base64: string): Uint8Array;
 /**
  * Encryption configuration
  */
 export interface EncryptionConfig {
-    /** Algorithm (default: aes-256-gcm) */
-    algorithm: string;
     /** IV length in bytes (default: 12 for GCM) */
     ivLength: number;
-    /** Auth tag length in bytes (default: 16) */
+    /** Auth tag length in bits (default: 128) */
     authTagLength: number;
 }
 /**
@@ -28,47 +35,47 @@ export interface KeyGenOptions {
 }
 /**
  * Generates a random encryption key
- * @returns Buffer containing the key
+ * @returns Promise resolving to Uint8Array containing the key
  */
-export declare function generateKey(options?: Partial<KeyGenOptions>): Buffer;
+export declare function generateKey(options?: Partial<KeyGenOptions>): Uint8Array;
+/**
+ * Generates a random salt for key derivation
+ * @param length - Salt length in bytes (default: 16)
+ * @returns Uint8Array containing the salt
+ */
+export declare function generateSalt(length?: number): Uint8Array;
 /**
  * Derives a key from a password using PBKDF2
  * @param password - Password string
- * @param salt - Salt buffer (should be randomly generated and stored)
+ * @param salt - Salt Uint8Array (should be randomly generated and stored)
  * @param iterations - Number of iterations (default: 100000)
- * @returns Buffer containing the derived key
- */
-export declare function deriveKey(password: string, salt: Buffer, iterations?: number): Buffer;
-/**
- * Generates a random salt for key derivation
- * @param length - Salt length in bytes (default: 16)
- * @returns Buffer containing the salt
+ * @returns Promise resolving to Uint8Array containing the derived key
  */
-export declare function generateSalt(length?: number): Buffer;
+export declare function deriveKey(password: string, salt: Uint8Array, iterations?: number): Promise<Uint8Array>;
 /**
  * Encrypts a PII map using AES-256-GCM
  * @param piiMap - Raw PII map to encrypt
- * @param key - 32-byte encryption key
+ * @param key - 32-byte encryption key as Uint8Array
  * @param config - Encryption configuration
- * @returns Encrypted PII map
+ * @returns Promise resolving to encrypted PII map
  */
-export declare function encryptPIIMap(piiMap: RawPIIMap, key: Buffer, config?: Partial<EncryptionConfig>): EncryptedPIIMap;
+export declare function encryptPIIMap(piiMap: RawPIIMap, key: Uint8Array, config?: Partial<EncryptionConfig>): Promise<EncryptedPIIMap>;
 /**
  * Decrypts an encrypted PII map
  * @param encrypted - Encrypted PII map
- * @param key - 32-byte encryption key
+ * @param key - 32-byte encryption key as Uint8Array
  * @param config - Encryption configuration
- * @returns Decrypted PII map
+ * @returns Promise resolving to decrypted PII map
  */
-export declare function decryptPIIMap(encrypted: EncryptedPIIMap, key: Buffer, config?: Partial<EncryptionConfig>): RawPIIMap;
+export declare function decryptPIIMap(encrypted: EncryptedPIIMap, key: Uint8Array, config?: Partial<EncryptionConfig>): Promise<RawPIIMap>;
 /**
  * Key provider interface for external key management
  */
 export interface KeyProvider {
     /** Gets the current encryption key */
-    getKey(): Promise<Buffer>;
+    getKey(): Promise<Uint8Array>;
     /** Rotates to a new key (optional) */
-    rotateKey?(): Promise<Buffer>;
+    rotateKey?(): Promise<Uint8Array>;
 }
 /**
  * Simple in-memory key provider (for testing/development)
@@ -76,25 +83,32 @@ export interface KeyProvider {
  */
 export declare class InMemoryKeyProvider implements KeyProvider {
     private key;
-    constructor(key?: Buffer);
-    getKey(): Promise<Buffer>;
-    rotateKey(): Promise<Buffer>;
+    private initialKey?;
+    constructor(key?: Uint8Array);
+    getKey(): Promise<Uint8Array>;
+    rotateKey(): Promise<Uint8Array>;
 }
 /**
- * Environment variable key provider
- * Reads key from environment variable (base64 encoded)
+ * Configuration-based key provider
+ * Accepts the key at construction time (platform-agnostic)
+ * Consumer is responsible for reading the key from environment variables or config
  */
-export declare class EnvKeyProvider implements KeyProvider {
-    private envVarName;
-    constructor(envVarName?: string);
-    getKey(): Promise<Buffer>;
+export declare class ConfigKeyProvider implements KeyProvider {
+    private key;
+    /**
+     * Creates a new ConfigKeyProvider
+     * @param keyBase64 - Base64-encoded 32-byte encryption key
+     */
+    constructor(keyBase64: string);
+    getKey(): Promise<Uint8Array>;
 }
 /**
  * Validates that a key is suitable for AES-256
  */
-export declare function validateKey(key: Buffer): boolean;
+export declare function validateKey(key: Uint8Array): boolean;
 /**
- * Securely compares two buffers (timing-safe)
+ * Securely compares two Uint8Arrays (constant-time)
+ * Prevents timing attacks by always comparing all bytes
  */
-export declare function secureCompare(a: Buffer, b: Buffer): boolean;
+export declare function secureCompare(a: Uint8Array, b: Uint8Array): boolean;
 //# sourceMappingURL=pii-map-crypto.d.ts.map

package/dist/crypto/pii-map-crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pii-map-crypto.d.ts","sourceRoot":"","sources":["../../src/crypto/pii-map-crypto.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB,EAAE,gBAIvC,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,oDAAoD;IACpD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,GAAE,OAAO,CAAC,aAAa,CAAM,GAAG,MAAM,CAGxE;AAED;;;;;;GAMG;AACH,wBAAgB,SAAS,CACvB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,UAAU,GAAE,MAAe,GAC1B,MAAM,CAER;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAExD;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,SAAS,EACjB,GAAG,EAAE,MAAM,EACX,MAAM,GAAE,OAAO,CAAC,gBAAgB,CAAM,GACrC,eAAe,CAwCjB;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,SAAS,EAAE,eAAe,EAC1B,GAAG,EAAE,MAAM,EACX,MAAM,GAAE,OAAO,CAAC,gBAAgB,CAAM,GACrC,SAAS,CAuCX;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,sCAAsC;IACtC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1B,sCAAsC;IACtC,SAAS,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;CAC/B;AAED;;;GAGG;AACH,qBAAa,mBAAoB,YAAW,WAAW;IACrD,OAAO,CAAC,GAAG,CAAS;gBAER,GAAG,CAAC,EAAE,MAAM;IAIlB,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAIzB,SAAS,IAAI,OAAO,CAAC,MAAM,CAAC;CAInC;AAED;;;GAGG;AACH,qBAAa,cAAe,YAAW,WAAW;IAChD,OAAO,CAAC,UAAU,CAAS;gBAEf,UAAU,GAAE,MAA6B;IAI/C,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;CAahC;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAEhD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAK3D"}
+{"version":3,"file":"pii-map-crypto.d.ts","sourceRoot":"","sources":["../../src/crypto/pii-map-crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAMvD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAG5D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAG7D;AAMD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB,EAAE,gBAGvC,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,oDAAoD;IACpD,MAAM,EAAE,MAAM,CAAC;CAChB;AAMD;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,GAAE,OAAO,CAAC,aAAa,CAAM,GAAG,UAAU,CAK5E;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,MAAM,GAAE,MAAW,GAAG,UAAU,CAI5D;AAED;;;;;;GAMG;AACH,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,UAAU,EAChB,UAAU,GAAE,MAAe,GAC1B,OAAO,CAAC,UAAU,CAAC,CA0BrB;AAMD;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,SAAS,EACjB,GAAG,EAAE,UAAU,EACf,MAAM,GAAE,OAAO,CAAC,gBAAgB,CAAM,GACrC,OAAO,CAAC,eAAe,CAAC,CAwD1B;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,SAAS,EAAE,eAAe,EAC1B,GAAG,EAAE,UAAU,EACf,MAAM,GAAE,OAAO,CAAC,gBAAgB,CAAM,GACrC,OAAO,CAAC,SAAS,CAAC,CAiDpB;AAMD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,sCAAsC;IACtC,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9B,sCAAsC;IACtC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,CAAC;CACnC;AAED;;;GAGG;AACH,qBAAa,mBAAoB,YAAW,WAAW;IACrD,OAAO,CAAC,GAAG,CAA2B;IACtC,OAAO,CAAC,UAAU,CAAC,CAAa;gBAEpB,GAAG,CAAC,EAAE,UAAU;IAI5B,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC;IAO7B,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC;CAIjC;AAED;;;;GAIG;AACH,qBAAa,iBAAkB,YAAW,WAAW;IACnD,OAAO,CAAC,GAAG,CAAa;IAExB;;;OAGG;gBACS,SAAS,EAAE,MAAM;IAa7B,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC;CAG9B;AAMD;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAEpD;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CASnE"}

package/dist/crypto/pii-map-crypto.js

@@ -1,50 +1,88 @@
 /**
  * PII Map Encryption
  * AES-256-GCM encryption for the PII mapping
+ * Uses Web Crypto API for browser compatibility
  */
-import * as crypto from 'crypto';
+// ============================================================================
+// Base64 Utility Functions
+// ============================================================================
+/**
+ * Converts a Uint8Array to a Base64 string
+ */
+export function uint8ArrayToBase64(bytes) {
+    const binString = Array.from(bytes, (b) => String.fromCodePoint(b)).join("");
+    return btoa(binString);
+}
+/**
+ * Converts a Base64 string to a Uint8Array
+ */
+export function base64ToUint8Array(base64) {
+    const binString = atob(base64);
+    return Uint8Array.from(binString, (c) => c.codePointAt(0));
+}
 /**
  * Default encryption configuration
  */
 export const DEFAULT_ENCRYPTION_CONFIG = {
-    algorithm: 'aes-256-gcm',
     ivLength: 12,
-    authTagLength: 16,
+    authTagLength: 128, // Web Crypto uses bits, not bytes
 };
+// ============================================================================
+// Core Crypto Functions
+// ============================================================================
 /**
  * Generates a random encryption key
- * @returns Buffer containing the key
+ * @returns Promise resolving to Uint8Array containing the key
  */
 export function generateKey(options = {}) {
     const length = options.length ?? 32;
-    return crypto.randomBytes(length);
-}
-/**
- * Derives a key from a password using PBKDF2
- * @param password - Password string
- * @param salt - Salt buffer (should be randomly generated and stored)
- * @param iterations - Number of iterations (default: 100000)
- * @returns Buffer containing the derived key
- */
-export function deriveKey(password, salt, iterations = 100000) {
-    return crypto.pbkdf2Sync(password, salt, iterations, 32, 'sha256');
+    const key = new Uint8Array(length);
+    globalThis.crypto.getRandomValues(key);
+    return key;
 }
 /**
  * Generates a random salt for key derivation
  * @param length - Salt length in bytes (default: 16)
- * @returns Buffer containing the salt
+ * @returns Uint8Array containing the salt
  */
 export function generateSalt(length = 16) {
-    return crypto.randomBytes(length);
+    const salt = new Uint8Array(length);
+    globalThis.crypto.getRandomValues(salt);
+    return salt;
 }
+/**
+ * Derives a key from a password using PBKDF2
+ * @param password - Password string
+ * @param salt - Salt Uint8Array (should be randomly generated and stored)
+ * @param iterations - Number of iterations (default: 100000)
+ * @returns Promise resolving to Uint8Array containing the derived key
+ */
+export async function deriveKey(password, salt, iterations = 100000) {
+    const encoder = new TextEncoder();
+    const passwordBuffer = encoder.encode(password);
+    // Import password as a key
+    const baseKey = await globalThis.crypto.subtle.importKey("raw", passwordBuffer, "PBKDF2", false, ["deriveBits"]);
+    // Derive bits using PBKDF2
+    const derivedBits = await globalThis.crypto.subtle.deriveBits({
+        name: "PBKDF2",
+        salt: salt,
+        iterations: iterations,
+        hash: "SHA-256",
+    }, baseKey, 256 // 32 bytes * 8 bits
+    );
+    return new Uint8Array(derivedBits);
+}
+// ============================================================================
+// Encrypt / Decrypt Functions
+// ============================================================================
 /**
  * Encrypts a PII map using AES-256-GCM
  * @param piiMap - Raw PII map to encrypt
- * @param key - 32-byte encryption key
+ * @param key - 32-byte encryption key as Uint8Array
  * @param config - Encryption configuration
- * @returns Encrypted PII map
+ * @returns Promise resolving to encrypted PII map
  */
-export function encryptPIIMap(piiMap, key, config = {}) {
+export async function encryptPIIMap(piiMap, key, config = {}) {
     const encConfig = { ...DEFAULT_ENCRYPTION_CONFIG, ...config };
     // Validate key length
     if (key.length !== 32) {
@@ -57,50 +95,62 @@ export function encryptPIIMap(piiMap, key, config = {}) {
     }
     const plaintext = JSON.stringify(mapObject);
     // Generate random IV
-    const iv = crypto.randomBytes(encConfig.ivLength);
-    // Create cipher
-    const cipher = crypto.createCipheriv(encConfig.algorithm, key, iv, { authTagLength: encConfig.authTagLength });
-    // Encrypt
-    const encrypted = Buffer.concat([
-        cipher.update(plaintext, 'utf8'),
-        cipher.final(),
-    ]);
-    // Get auth tag
-    const authTag = cipher.getAuthTag();
+    const iv = new Uint8Array(encConfig.ivLength);
+    globalThis.crypto.getRandomValues(iv);
+    // Import key for AES-GCM
+    const cryptoKey = await globalThis.crypto.subtle.importKey("raw", key, { name: "AES-GCM" }, false, ["encrypt"]);
+    // Encrypt using AES-GCM
+    const encoder = new TextEncoder();
+    const plaintextBuffer = encoder.encode(plaintext);
+    const encryptedBuffer = await globalThis.crypto.subtle.encrypt({
+        name: "AES-GCM",
+        iv: iv,
+        tagLength: encConfig.authTagLength,
+    }, cryptoKey, plaintextBuffer);
+    // Web Crypto returns ciphertext + authTag concatenated
+    const encryptedArray = new Uint8Array(encryptedBuffer);
+    const authTagBytes = encConfig.authTagLength / 8;
+    const ciphertext = encryptedArray.slice(0, encryptedArray.length - authTagBytes);
+    const authTag = encryptedArray.slice(encryptedArray.length - authTagBytes);
     return {
-        ciphertext: encrypted.toString('base64'),
-        iv: iv.toString('base64'),
-        authTag: authTag.toString('base64'),
+        ciphertext: uint8ArrayToBase64(ciphertext),
+        iv: uint8ArrayToBase64(iv),
+        authTag: uint8ArrayToBase64(authTag),
     };
 }
 /**
  * Decrypts an encrypted PII map
  * @param encrypted - Encrypted PII map
- * @param key - 32-byte encryption key
+ * @param key - 32-byte encryption key as Uint8Array
  * @param config - Encryption configuration
- * @returns Decrypted PII map
+ * @returns Promise resolving to decrypted PII map
  */
-export function decryptPIIMap(encrypted, key, config = {}) {
+export async function decryptPIIMap(encrypted, key, config = {}) {
     const encConfig = { ...DEFAULT_ENCRYPTION_CONFIG, ...config };
     // Validate key length
     if (key.length !== 32) {
         throw new Error(`Invalid key length: expected 32 bytes, got ${key.length}`);
     }
     // Decode base64
-    const ciphertext = Buffer.from(encrypted.ciphertext, 'base64');
-    const iv = Buffer.from(encrypted.iv, 'base64');
-    const authTag = Buffer.from(encrypted.authTag, 'base64');
-    // Create decipher
-    const decipher = crypto.createDecipheriv(encConfig.algorithm, key, iv, { authTagLength: encConfig.authTagLength });
-    // Set auth tag
-    decipher.setAuthTag(authTag);
-    // Decrypt
-    const decrypted = Buffer.concat([
-        decipher.update(ciphertext),
-        decipher.final(),
-    ]);
+    const ciphertext = base64ToUint8Array(encrypted.ciphertext);
+    const iv = base64ToUint8Array(encrypted.iv);
+    const authTag = base64ToUint8Array(encrypted.authTag);
+    // Web Crypto expects ciphertext + authTag concatenated
+    const encryptedData = new Uint8Array(ciphertext.length + authTag.length);
+    encryptedData.set(ciphertext, 0);
+    encryptedData.set(authTag, ciphertext.length);
+    // Import key for AES-GCM
+    const cryptoKey = await globalThis.crypto.subtle.importKey("raw", key, { name: "AES-GCM" }, false, ["decrypt"]);
+    // Decrypt using AES-GCM
+    const decryptedBuffer = await globalThis.crypto.subtle.decrypt({
+        name: "AES-GCM",
+        iv: iv,
+        tagLength: encConfig.authTagLength,
+    }, cryptoKey, encryptedData);
     // Parse JSON back to map
-    const mapObject = JSON.parse(decrypted.toString('utf8'));
+    const decoder = new TextDecoder();
+    const decryptedText = decoder.decode(decryptedBuffer);
+    const mapObject = JSON.parse(decryptedText);
     const piiMap = new Map();
     for (const [k, v] of Object.entries(mapObject)) {
         piiMap.set(k, v);
@@ -112,39 +162,49 @@ export function decryptPIIMap(encrypted, key, config = {}) {
  * WARNING: Not secure for production use
  */
 export class InMemoryKeyProvider {
-    key;
+    key = null;
+    initialKey;
     constructor(key) {
-        this.key = key ?? generateKey();
+        this.initialKey = key;
     }
-    async getKey() {
-        return this.key;
+    getKey() {
+        if (this.key === null) {
+            this.key = this.initialKey ?? generateKey();
+        }
+        return Promise.resolve(this.key);
     }
-    async rotateKey() {
+    rotateKey() {
         this.key = generateKey();
-        return this.key;
+        return Promise.resolve(this.key);
     }
 }
 /**
- * Environment variable key provider
- * Reads key from environment variable (base64 encoded)
+ * Configuration-based key provider
+ * Accepts the key at construction time (platform-agnostic)
+ * Consumer is responsible for reading the key from environment variables or config
  */
-export class EnvKeyProvider {
-    envVarName;
-    constructor(envVarName = 'PII_ENCRYPTION_KEY') {
-        this.envVarName = envVarName;
-    }
-    async getKey() {
-        const keyBase64 = process.env[this.envVarName];
-        if (keyBase64 === undefined || keyBase64.length === 0) {
-            throw new Error(`Encryption key not found in environment variable: ${this.envVarName}`);
+export class ConfigKeyProvider {
+    key;
+    /**
+     * Creates a new ConfigKeyProvider
+     * @param keyBase64 - Base64-encoded 32-byte encryption key
+     */
+    constructor(keyBase64) {
+        if (!keyBase64 || keyBase64.length === 0) {
+            throw new Error("Encryption key must be provided");
         }
-        const key = Buffer.from(keyBase64, 'base64');
-        if (key.length !== 32) {
-            throw new Error(`Invalid key length from ${this.envVarName}: expected 32 bytes`);
+        this.key = base64ToUint8Array(keyBase64);
+        if (this.key.length !== 32) {
+            throw new Error(`Invalid key length: expected 32 bytes, got ${this.key.length}`);
         }
-        return key;
+    }
+    getKey() {
+        return Promise.resolve(this.key);
     }
 }
+// ============================================================================
+// Utility Functions
+// ============================================================================
 /**
  * Validates that a key is suitable for AES-256
  */
@@ -152,12 +212,17 @@ export function validateKey(key) {
     return key.length === 32;
 }
 /**
- * Securely compares two buffers (timing-safe)
+ * Securely compares two Uint8Arrays (constant-time)
+ * Prevents timing attacks by always comparing all bytes
  */
 export function secureCompare(a, b) {
     if (a.length !== b.length) {
         return false;
     }
-    return crypto.timingSafeEqual(a, b);
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+        result |= a[i] ^ b[i];
+    }
+    return result === 0;
 }
 //# sourceMappingURL=pii-map-crypto.js.map

package/dist/crypto/pii-map-crypto.js.map

@@ -1 +1 @@
-{"version":3,"file":"pii-map-crypto.js","sourceRoot":"","sources":["../../src/crypto/pii-map-crypto.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAgBjC;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAqB;IACzD,SAAS,EAAE,aAAa;IACxB,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,EAAE;CAClB,CAAC;AAUF;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,UAAkC,EAAE;IAC9D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;IACpC,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CACvB,QAAgB,EAChB,IAAY,EACZ,aAAqB,MAAM;IAE3B,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;AACrE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE;IAC9C,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,MAAiB,EACjB,GAAW,EACX,SAAoC,EAAE;IAEtC,MAAM,SAAS,GAAG,EAAE,GAAG,yBAAyB,EAAE,GAAG,MAAM,EAAE,CAAC;IAE9D,sBAAsB;IACtB,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,8CAA8C,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,sBAAsB;IACtB,MAAM,SAAS,GAA2B,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;QAC5B,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAE5C,qBAAqB;IACrB,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAElD,gBAAgB;IAChB,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAClC,SAAS,CAAC,SAAkC,EAC5C,GAAG,EACH,EAAE,EACF,EAAE,aAAa,EAAE,SAAS,CAAC,aAAa,EAAE,CAC3C,CAAC;IAEF,UAAU;IACV,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC;QAChC,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IAEH,eAAe;IACf,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,OAAO;QACL,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACxC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACzB,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;KACpC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,SAA0B,EAC1B,GAAW,EACX,SAAoC,EAAE;IAEtC,MAAM,SAAS,GAAG,EAAE,GAAG,yBAAyB,EAAE,GAAG,MAAM,EAAE,CAAC;IAE9D,sBAAsB;IACtB,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,8CAA8C,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,gBAAgB;IAChB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC/D,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAEzD,kBAAkB;IAClB,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CACtC,SAAS,CAAC,SAAkC,EAC5C,GAAG,EACH,EAAE,EACF,EAAE,aAAa,EAAE,SAAS,CAAC,aAAa,EAAE,CAC3C,CAAC;IAEF,eAAe;IACf,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE7B,UAAU;IACV,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC;QAC3B,QAAQ,CAAC,KAAK,EAAE;KACjB,CAAC,CAAC;IAEH,yBAAyB;IACzB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAA2B,CAAC;IACnF,MAAM,MAAM,GAAc,IAAI,GAAG,EAAE,CAAC;IAEpC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/C,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAYD;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IACtB,GAAG,CAAS;IAEpB,YAAY,GAAY;QACtB,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,SAAS;QACb,IAAI,CAAC,GAAG,GAAG,WAAW,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,cAAc;IACjB,UAAU,CAAS;IAE3B,YAAY,aAAqB,oBAAoB;QACnD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,qDAAqD,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7C,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,UAAU,qBAAqB,CAAC,CAAC;QACnF,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,OAAO,GAAG,CAAC,MAAM,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,CAAS,EAAE,CAAS;IAChD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtC,CAAC"}
+{"version":3,"file":"pii-map-crypto.js","sourceRoot":"","sources":["../../src/crypto/pii-map-crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAiB;IAClD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7E,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC/B,OAAO,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC,CAAC;AAC9D,CAAC;AAgBD;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAqB;IACzD,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,GAAG,EAAE,kCAAkC;CACvD,CAAC;AAUF,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,UAAkC,EAAE;IAC9D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACnC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE;IAC9C,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACpC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACxC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAgB,EAChB,IAAgB,EAChB,aAAqB,MAAM;IAE3B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEhD,2BAA2B;IAC3B,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CACtD,KAAK,EACL,cAAc,EACd,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAC;IAEF,2BAA2B;IAC3B,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAC3D;QACE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,IAAoB;QAC1B,UAAU,EAAE,UAAU;QACtB,IAAI,EAAE,SAAS;KAChB,EACD,OAAO,EACP,GAAG,CAAC,oBAAoB;KACzB,CAAC;IAEF,OAAO,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC;AACrC,CAAC;AAED,+EAA+E;AAC/E,8BAA8B;AAC9B,+EAA+E;AAE/E;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAiB,EACjB,GAAe,EACf,SAAoC,EAAE;IAEtC,MAAM,SAAS,GAAG,EAAE,GAAG,yBAAyB,EAAE,GAAG,MAAM,EAAE,CAAC;IAE9D,sBAAsB;IACtB,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,8CAA8C,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,sBAAsB;IACtB,MAAM,SAAS,GAA2B,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;QAC5B,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAE5C,qBAAqB;IACrB,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC9C,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IAEtC,yBAAyB;IACzB,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CACxD,KAAK,EACL,GAAmB,EACnB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;IAEF,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAElD,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAC5D;QACE,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,EAAE;QACN,SAAS,EAAE,SAAS,CAAC,aAAa;KACnC,EACD,SAAS,EACT,eAAe,CAChB,CAAC;IAEF,uDAAuD;IACvD,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,SAAS,CAAC,aAAa,GAAG,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CACrC,CAAC,EACD,cAAc,CAAC,MAAM,GAAG,YAAY,CACrC,CAAC;IACF,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,YAAY,CAAC,CAAC;IAE3E,OAAO;QACL,UAAU,EAAE,kBAAkB,CAAC,UAAU,CAAC;QAC1C,EAAE,EAAE,kBAAkB,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,kBAAkB,CAAC,OAAO,CAAC;KACrC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,SAA0B,EAC1B,GAAe,EACf,SAAoC,EAAE;IAEtC,MAAM,SAAS,GAAG,EAAE,GAAG,yBAAyB,EAAE,GAAG,MAAM,EAAE,CAAC;IAE9D,sBAAsB;IACtB,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,8CAA8C,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,gBAAgB;IAChB,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC5D,MAAM,EAAE,GAAG,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5C,MAAM,OAAO,GAAG,kBAAkB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAEtD,uDAAuD;IACvD,MAAM,aAAa,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzE,aAAa,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IACjC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IAE9C,yBAAyB;IACzB,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CACxD,KAAK,EACL,GAAmB,EACnB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;IAEF,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAC5D;QACE,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,EAAkB;QACtB,SAAS,EAAE,SAAS,CAAC,aAAa;KACnC,EACD,SAAS,EACT,aAAa,CACd,CAAC;IAEF,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAA2B,CAAC;IACtE,MAAM,MAAM,GAAc,IAAI,GAAG,EAAE,CAAC;IAEpC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/C,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAgBD;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IACtB,GAAG,GAAsB,IAAI,CAAC;IAC9B,UAAU,CAAc;IAEhC,YAAY,GAAgB;QAC1B,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC;IACxB,CAAC;IAED,MAAM;QACJ,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,IAAI,WAAW,EAAE,CAAC;QAC9C,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,SAAS;QACP,IAAI,CAAC,GAAG,GAAG,WAAW,EAAE,CAAC;QACzB,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,iBAAiB;IACpB,GAAG,CAAa;IAExB;;;OAGG;IACH,YAAY,SAAiB;QAC3B,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,CAAC,GAAG,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,8CAA8C,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAChE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM;QACJ,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;CACF;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAe;IACzC,OAAO,GAAG,CAAC,MAAM,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,CAAa,EAAE,CAAa;IACxD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,KAAK,CAAC,CAAC;AACtB,CAAC"}

package/dist/index.d.ts

@@ -2,16 +2,18 @@
  * Bridge Anonymization Module
  * Main entry point for on-device PII anonymization
  */
-export * from './types/index.js';
-export { Recognizer, RegexRecognizer, RecognizerRegistry, createDefaultRegistry, createRegistry, getGlobalRegistry, emailRecognizer, phoneRecognizer, ibanRecognizer, bicSwiftRecognizer, creditCardRecognizer, ipAddressRecognizer, urlRecognizer, createCustomIdRecognizer, createCaseIdRecognizer, createCustomerIdRecognizer, } from './recognizers/index.js';
-export { NERModel, NERModelStub, createNERModel, createNERModelStub, WordPieceTokenizer, loadVocabFromFile, parseVocab, loadRuntime, detectRuntime, getRuntimeType, type INERModel, type NERModelConfig, type NERPrediction, type NERModelMode, type DownloadProgressCallback, MODEL_REGISTRY, getModelCacheDir, isModelDownloaded, downloadModel, ensureModel, clearModelCache, listDownloadedModels, } from './ner/index.js';
-export { prenormalize, resolveEntities, tagEntities, validateOutput, generateTag, parseTag, rehydrate, } from './pipeline/index.js';
-export { encryptPIIMap, decryptPIIMap, generateKey, deriveKey, generateSalt, KeyProvider, InMemoryKeyProvider, EnvKeyProvider, } from './crypto/index.js';
-import { AnonymizationResult, AnonymizationPolicy } from './types/index.js';
-import { RecognizerRegistry } from './recognizers/index.js';
-import { type INERModel } from './ner/index.js';
-import { type NERModelMode, type DownloadProgressCallback } from './ner/model-manager.js';
-import { type KeyProvider } from './crypto/index.js';
+export * from "./types/index.js";
+export { Recognizer, RegexRecognizer, RecognizerRegistry, createDefaultRegistry, createRegistry, getGlobalRegistry, emailRecognizer, phoneRecognizer, ibanRecognizer, bicSwiftRecognizer, creditCardRecognizer, ipAddressRecognizer, urlRecognizer, createCustomIdRecognizer, createCaseIdRecognizer, createCustomerIdRecognizer, } from "./recognizers/index.js";
+export { NERModel, NERModelStub, createNERModel, createNERModelStub, WordPieceTokenizer, loadVocabFromFile, parseVocab, loadRuntime, detectRuntime, getRuntimeType, type INERModel, type NERModelConfig, type NERPrediction, type NERModelMode, type DownloadProgressCallback, MODEL_REGISTRY, getModelCacheDir, isModelDownloaded, downloadModel, ensureModel, clearModelCache, listDownloadedModels, } from "./ner/index.js";
+export { prenormalize, resolveEntities, tagEntities, validateOutput, generateTag, parseTag, rehydrate, enrichSemantics, inferGender, classifyLocation, getDatabaseStats, hasName, hasLocation, isSemanticDataAvailable, isSemanticDataDownloaded, getSemanticDataCacheDir, getDataDirectory, downloadSemanticData, ensureSemanticData, initializeSemanticData, loadSemanticData, clearSemanticData, clearSemanticDataCache, getSemanticDataInfo, SEMANTIC_DATA_FILES, extractTitle, extractTitlesFromSpans, mergeAdjacentTitleSpans, getTitlesForLanguage, getAllTitles, startsWithTitle, isOnlyTitle, type SemanticDataFileInfo, type EnricherConfig, type GenderResult, type LocationResult, type TitleExtractionResult, } from "./pipeline/index.js";
+export { encryptPIIMap, decryptPIIMap, generateKey, deriveKey, generateSalt, KeyProvider, InMemoryKeyProvider, ConfigKeyProvider, validateKey, secureCompare, uint8ArrayToBase64, base64ToUint8Array, } from "./crypto/index.js";
+export { getStorageProvider, isNode, isBrowser, resetStorageProvider, setStorageProvider, type StorageProvider, } from "./utils/storage.js";
+export { join as pathJoin, dirname as pathDirname, basename as pathBasename, normalize as pathNormalize, extname as pathExtname, isAbsolute as pathIsAbsolute, } from "./utils/path.js";
+import { AnonymizationResult, AnonymizationPolicy, SemanticConfig, PIIType } from "./types/index.js";
+import { RecognizerRegistry } from "./recognizers/index.js";
+import { type INERModel } from "./ner/index.js";
+import { type NERModelMode, type DownloadProgressCallback } from "./ner/model-manager.js";
+import { type KeyProvider } from "./crypto/index.js";
 /**
  * NER configuration options
  */
@@ -45,6 +47,12 @@ export interface NERConfig {
      * Callback for status messages
      */
     onStatus?: (status: string) => void;
+    /**
+     * Confidence thresholds per PII type (0.0 - 1.0)
+     * Overrides default thresholds for specified types
+     * @example { PERSON: 0.8, ORG: 0.7 }
+     */
+    thresholds?: Partial<Record<PIIType, number>>;
 }
 /**
  * Anonymizer configuration
@@ -58,9 +66,11 @@ export interface AnonymizerConfig {
      */
     ner?: NERConfig;
     /**
-     * @deprecated Use `ner` instead. Direct NER model injection for advanced use cases.
+     * Semantic enrichment configuration
+     * Enables MT-friendly PII tags with gender/scope attributes
+     * @default { enabled: false }
      */
-    nerModel?: INERModel;
+    semantic?: SemanticConfig;
     /** Key provider for encryption (generates random key if not provided) */
     keyProvider?: KeyProvider;
     /** Default policy (uses default if not provided) */
@@ -78,15 +88,17 @@ export declare class Anonymizer {
     private registry;
     private nerModel;
     private nerConfig;
+    private semanticConfig;
     private keyProvider;
     private defaultPolicy;
     private modelVersion;
     private policyVersion;
     private initialized;
+    private semanticDataReady;
     constructor(config?: AnonymizerConfig);
     /**
      * Initializes the anonymizer
-     * Downloads NER model if needed and loads it
+     * Downloads NER model and semantic data if needed and loads them
      */
     initialize(): Promise<void>;
     /**
@@ -138,11 +150,6 @@ export declare class Anonymizer {
  * ```
  */
 export declare function createAnonymizer(config?: AnonymizerConfig): Anonymizer;
-/**
- * Creates an anonymizer with a custom NER model
- * @deprecated Use createAnonymizer with ner: { mode: 'custom', modelPath, vocabPath } instead
- */
-export declare function createAnonymizerWithNER(modelPath: string, vocabPath: string, config?: Omit<AnonymizerConfig, 'nerModel' | 'ner'>): Promise<Anonymizer>;
 /**
  * Convenience function for one-off anonymization
  * Creates a temporary anonymizer with default settings (regex-only)
@@ -167,7 +174,7 @@ export declare function anonymizeRegexOnly(text: string, policy?: Partial<Anonym
  * );
  * ```
  */
-export declare function anonymizeWithNER(text: string, nerConfig: Omit<NERConfig, 'mode'> & {
-    mode?: 'standard' | 'quantized';
+export declare function anonymizeWithNER(text: string, nerConfig: Omit<NERConfig, "mode"> & {
+    mode?: "standard" | "quantized";
 }, policy?: Partial<AnonymizationPolicy>): Promise<AnonymizationResult>;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EACL,UAAU,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,mBAAmB,EACnB,aAAa,EACb,wBAAwB,EACxB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,aAAa,EACb,cAAc,EACd,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,wBAAwB,EAC7B,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,WAAW,EACX,eAAe,EACf,oBAAoB,GACrB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,WAAW,EACX,cAAc,EACd,WAAW,EACX,QAAQ,EACR,SAAS,GACV,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,aAAa,EACb,aAAa,EACb,WAAW,EACX,SAAS,EACT,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,cAAc,GACf,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAEL,mBAAmB,EACnB,mBAAmB,EAKpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAyB,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AACnF,OAAO,EAAE,KAAK,SAAS,EAAmD,MAAM,gBAAgB,CAAC;AACjG,OAAO,EAAE,KAAK,YAAY,EAAe,KAAK,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAMvG,OAAO,EAA8B,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAIjF;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;;;;;OAMG;IACH,IAAI,EAAE,YAAY,CAAC;IAEnB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;OAEG;IACH,kBAAkB,CAAC,EAAE,wBAAwB,CAAC;IAE9C;;OAEG;IACH,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,yDAAyD;IACzD,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAE9B;;;OAGG;IACH,GAAG,CAAC,EAAE,SAAS,CAAC;IAEhB;;OAEG;IACH,QAAQ,CAAC,EAAE,SAAS,CAAC;IAErB,yEAAyE;IACzE,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B,oDAAoD;IACpD,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC,2BAA2B;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,4BAA4B;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAqB;IACrC,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,WAAW,CAAqB;IACxC,OAAO,CAAC,aAAa,CAAsB;IAC3C,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,GAAE,gBAAqB;IAkBzC;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAuDjC;;;;;;OAMG;IACG,SAAS,CACb,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC;IAoF/B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAO9B;;OAEG;IACH,WAAW,IAAI,kBAAkB;IAIjC;;OAEG;IACH,WAAW,IAAI,SAAS,GAAG,IAAI;IAI/B;;OAEG;IACH,IAAI,aAAa,IAAI,OAAO,CAE3B;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,UAAU,CAEtE;AAED;;;GAGG;AACH,wBAAsB,uBAAuB,CAC3C,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,GAAG,KAAK,CAAC,GAClD,OAAO,CAAC,UAAU,CAAC,CAYrB;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAC7B,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC,CAS9B;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC,CAQ9B;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG;IAAE,IAAI,CAAC,EAAE,UAAU,GAAG,WAAW,CAAA;CAAE,EACxE,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC,CAe9B"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EACL,UAAU,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,mBAAmB,EACnB,aAAa,EACb,wBAAwB,EACxB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,aAAa,EACb,cAAc,EACd,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,wBAAwB,EAC7B,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,WAAW,EACX,eAAe,EACf,oBAAoB,GACrB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,WAAW,EACX,cAAc,EACd,WAAW,EACX,QAAQ,EACR,SAAS,EACT,eAAe,EACf,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,OAAO,EACP,WAAW,EAEX,uBAAuB,EACvB,wBAAwB,EACxB,uBAAuB,EACvB,gBAAgB,EAChB,oBAAoB,EACpB,kBAAkB,EAClB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,EAEnB,YAAY,EACZ,sBAAsB,EACtB,uBAAuB,EACvB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,WAAW,EACX,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,qBAAqB,GAC3B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,aAAa,EACb,aAAa,EACb,WAAW,EACX,SAAS,EACT,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,WAAW,EACX,aAAa,EACb,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,kBAAkB,EAClB,MAAM,EACN,SAAS,EACT,oBAAoB,EACpB,kBAAkB,EAClB,KAAK,eAAe,GACrB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,IAAI,IAAI,QAAQ,EAChB,OAAO,IAAI,WAAW,EACtB,QAAQ,IAAI,YAAY,EACxB,SAAS,IAAI,aAAa,EAC1B,OAAO,IAAI,WAAW,EACtB,UAAU,IAAI,cAAc,GAC7B,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EAGnB,cAAc,EAEd,OAAO,EAER,MAAM,kBAAkB,CAAC;AAmC1B,OAAO,EAEL,kBAAkB,EACnB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,KAAK,SAAS,EAIf,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,KAAK,YAAY,EAEjB,KAAK,wBAAwB,EAC9B,MAAM,wBAAwB,CAAC;AAehC,OAAO,EAGL,KAAK,WAAW,EACjB,MAAM,mBAAmB,CAAC;AAG3B;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;;;;;OAMG;IACH,IAAI,EAAE,YAAY,CAAC;IAEnB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;OAEG;IACH,kBAAkB,CAAC,EAAE,wBAAwB,CAAC;IAE9C;;OAEG;IACH,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IAEpC;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,yDAAyD;IACzD,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAE9B;;;OAGG;IACH,GAAG,CAAC,EAAE,SAAS,CAAC;IAEhB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,yEAAyE;IACzE,WAAW,CAAC,EAAE,WAAW,CAAC;IAE1B,oDAAoD;IACpD,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC,2BAA2B;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,4BAA4B;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAqB;IACrC,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,WAAW,CAAqB;IACxC,OAAO,CAAC,aAAa,CAAsB;IAC3C,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,iBAAiB,CAAS;gBAEtB,MAAM,GAAE,gBAAqB;IAsCzC;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IA6FjC;;;;;;OAMG;IACG,SAAS,CACb,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC;IAkH/B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAO9B;;OAEG;IACH,WAAW,IAAI,kBAAkB;IAIjC;;OAEG;IACH,WAAW,IAAI,SAAS,GAAG,IAAI;IAI/B;;OAEG;IACH,IAAI,aAAa,IAAI,OAAO,CAE3B;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,UAAU,CAEtE;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAC7B,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC,CAS9B;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC,CAQ9B;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,GAAG;IAAE,IAAI,CAAC,EAAE,UAAU,GAAG,WAAW,CAAA;CAAE,EACxE,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC,CAe9B"}