@kya-os/consent 0.1.21 → 0.1.23

package/dist/schemas/modes.schemas.js

@@ -1,104 +0,0 @@
-/**
- * Consent Mode Schemas
- *
- * Zod validation schemas for auth mode configurations.
- *
- * @module @kya-os/consent/schemas/modes
- */
-import { z } from "zod";
-import { AUTH_MODES } from "../types/modes.types.js";
-/**
- * Auth Mode Schema
- */
-export const AuthModeSchema = z.enum([
-    AUTH_MODES.CONSENT_ONLY,
-    AUTH_MODES.CREDENTIALS,
-    AUTH_MODES.OAUTH,
-    AUTH_MODES.MAGIC_LINK,
-    AUTH_MODES.OTP,
-    AUTH_MODES.QR_CODE,
-    AUTH_MODES.PASSKEY,
-    AUTH_MODES.IDV,
-]);
-/**
- * Credentials Config Schema
- */
-export const CredentialsConfigSchema = z.object({
-    usernameLabel: z.string().max(100).optional(),
-    usernamePlaceholder: z.string().max(200).optional(),
-    passwordLabel: z.string().max(100).optional(),
-    passwordPlaceholder: z.string().max(200).optional(),
-    showRememberMe: z.boolean().optional(),
-    showForgotPassword: z.boolean().optional(),
-    forgotPasswordUrl: z.string().url().optional(),
-});
-/**
- * OAuth Config Schema
- */
-export const OAuthConfigSchema = z.object({
-    providerId: z.string().max(100).optional(),
-    providerName: z.string().max(100).optional(),
-    buttonText: z.string().max(100).optional(),
-});
-/**
- * Magic Link Config Schema
- */
-export const MagicLinkConfigSchema = z.object({
-    enabled: z.boolean().optional(),
-    emailLabel: z.string().max(100).optional(),
-    emailPlaceholder: z.string().max(200).optional(),
-    buttonText: z.string().max(100).optional(),
-    resendCooldown: z.number().int().min(30).max(600).optional(),
-});
-/**
- * OTP Config Schema
- */
-export const OTPConfigSchema = z.object({
-    enabled: z.boolean().optional(),
-    phoneLabel: z.string().max(100).optional(),
-    phonePlaceholder: z.string().max(200).optional(),
-    instructions: z.string().max(500).optional(),
-    digits: z.union([z.literal(4), z.literal(6), z.literal(8)]).optional(),
-    resendCooldown: z.number().int().min(30).max(600).optional(),
-});
-/**
- * QR Code Config Schema
- */
-export const QRCodeConfigSchema = z.object({
-    enabled: z.boolean().optional(),
-    instructions: z.string().max(500).optional(),
-    size: z.number().int().min(100).max(500).optional(),
-    showManualEntry: z.boolean().optional(),
-});
-/**
- * Passkey Config Schema
- */
-export const PasskeyConfigSchema = z.object({
-    enabled: z.boolean().optional(),
-    instructions: z.string().max(500).optional(),
-    buttonText: z.string().max(100).optional(),
-    showCompatibilityInfo: z.boolean().optional(),
-});
-/**
- * IDV Config Schema
- */
-export const IDVConfigSchema = z.object({
-    enabled: z.boolean().optional(),
-    providerName: z.string().max(100).optional(),
-    verificationType: z.enum(["document", "selfie", "both"]).optional(),
-    instructions: z.string().max(500).optional(),
-    estimatedTime: z.string().max(50).optional(),
-});
-/**
- * Mode Configs Schema
- */
-export const ModeConfigsSchema = z.object({
-    credentials: CredentialsConfigSchema.optional(),
-    oauth: OAuthConfigSchema.optional(),
-    magicLink: MagicLinkConfigSchema.optional(),
-    otp: OTPConfigSchema.optional(),
-    qrCode: QRCodeConfigSchema.optional(),
-    passkey: PasskeyConfigSchema.optional(),
-    idv: IDVConfigSchema.optional(),
-});
-//# sourceMappingURL=modes.schemas.js.map

package/dist/schemas/modes.schemas.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"modes.schemas.js","sourceRoot":"","sources":["../../src/schemas/modes.schemas.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC;IACnC,UAAU,CAAC,YAAY;IACvB,UAAU,CAAC,WAAW;IACtB,UAAU,CAAC,KAAK;IAChB,UAAU,CAAC,UAAU;IACrB,UAAU,CAAC,GAAG;IACd,UAAU,CAAC,OAAO;IAClB,UAAU,CAAC,OAAO;IAClB,UAAU,CAAC,GAAG;CACf,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC7C,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IACnD,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC7C,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IACnD,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC1C,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAC/C,CAAC,CAAC;AAMH;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC1C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC5C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC1C,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAChD,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC1C,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;CAC7D,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC1C,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAChD,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC5C,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACtE,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;CAC7D,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC5C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IACnD,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC5C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC1C,qBAAqB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC5C,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC5C,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,uBAAuB,CAAC,QAAQ,EAAE;IAC/C,KAAK,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACnC,SAAS,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IAC3C,GAAG,EAAE,eAAe,CAAC,QAAQ,EAAE;IAC/B,MAAM,EAAE,kBAAkB,CAAC,QAAQ,EAAE;IACrC,OAAO,EAAE,mBAAmB,CAAC,QAAQ,EAAE;IACvC,GAAG,EAAE,eAAe,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC"}

package/dist/security/escape.d.ts

@@ -1,114 +0,0 @@
-/**
- * HTML/JS Escape Utilities
- *
- * XSS prevention utilities for rendering user content safely.
- *
- * @module @kya-os/consent/security/escape
- */
-/**
- * Escape HTML special characters to prevent XSS
- *
- * Converts characters that have special meaning in HTML to their
- * entity equivalents, making them safe to insert into HTML content.
- *
- * @param text - The text to escape
- * @returns HTML-safe string
- *
- * @example
- * ```typescript
- * escapeHtml('<script>alert("xss")</script>')
- * // Returns: '&lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;'
- * ```
- */
-export declare function escapeHtml(text: string): string;
-/**
- * Escape text for use in HTML attributes
- *
- * More comprehensive escaping than escapeHtml, including backticks
- * and equals signs which can be dangerous in attribute contexts.
- *
- * @param value - The value to escape
- * @returns Attribute-safe string
- *
- * @example
- * ```typescript
- * escapeAttr('value" onclick="alert(1)')
- * // Returns: 'value&quot; onclick&#x3D;&quot;alert(1)'
- * ```
- */
-export declare function escapeAttr(value: string): string;
-/**
- * Escape text for use in JavaScript strings
- *
- * Uses JSON.stringify to properly escape all special characters
- * that could break out of a JavaScript string context.
- *
- * @param text - The text to escape
- * @returns JS-safe string (without surrounding quotes)
- *
- * @example
- * ```typescript
- * escapeJs('hello\nworld')
- * // Returns: '"hello\\nworld"' (with quotes from JSON.stringify)
- * ```
- */
-export declare function escapeJs(text: string): string;
-/**
- * Escape text for use in JavaScript, returning value without quotes
- *
- * @param text - The text to escape
- * @returns JS-safe string content (without surrounding quotes)
- *
- * @example
- * ```typescript
- * escapeJsValue('hello\nworld')
- * // Returns: 'hello\\nworld'
- * ```
- */
-export declare function escapeJsValue(text: string): string;
-/**
- * Escape URL for use in href or src attributes
- *
- * Only allows http, https, and mailto protocols. Returns empty
- * string for dangerous protocols like javascript:.
- *
- * @param url - The URL to escape
- * @returns Safe URL or empty string
- *
- * @example
- * ```typescript
- * escapeUrl('javascript:alert(1)')
- * // Returns: ''
- *
- * escapeUrl('https://example.com/?q=test')
- * // Returns: 'https://example.com/?q=test'
- * ```
- */
-export declare function escapeUrl(url: string | undefined): string;
-/**
- * Create a safe HTML string from template literals
- *
- * Automatically escapes interpolated values while preserving
- * the template structure.
- *
- * @param strings - Template literal strings
- * @param values - Interpolated values to escape
- * @returns Safe HTML string
- *
- * @example
- * ```typescript
- * const userInput = '<script>alert("xss")</script>';
- * const html = safeHtml`<div>${userInput}</div>`;
- * // Returns: '<div>&lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;</div>'
- * ```
- */
-export declare function safeHtml(strings: TemplateStringsArray, ...values: unknown[]): string;
-/**
- * Create a safe attribute value from template literals
- *
- * @param strings - Template literal strings
- * @param values - Interpolated values to escape
- * @returns Safe attribute string
- */
-export declare function safeAttr(strings: TemplateStringsArray, ...values: unknown[]): string;
-//# sourceMappingURL=escape.d.ts.map

package/dist/security/escape.js

@@ -1,197 +0,0 @@
-/**
- * HTML/JS Escape Utilities
- *
- * XSS prevention utilities for rendering user content safely.
- *
- * @module @kya-os/consent/security/escape
- */
-/**
- * HTML entities to escape
- */
-const HTML_ESCAPE_MAP = {
-    "&": "&",
-    "<": "&lt;",
-    ">": "&gt;",
-    '"': "&quot;",
-    "'": "&#x27;",
-};
-/**
- * Additional characters to escape in attributes
- */
-const ATTR_ESCAPE_MAP = {
-    ...HTML_ESCAPE_MAP,
-    "`": "&#x60;",
-    "=": "&#x3D;",
-};
-/**
- * Escape HTML special characters to prevent XSS
- *
- * Converts characters that have special meaning in HTML to their
- * entity equivalents, making them safe to insert into HTML content.
- *
- * @param text - The text to escape
- * @returns HTML-safe string
- *
- * @example
- * ```typescript
- * escapeHtml('<script>alert("xss")</script>')
- * // Returns: '&lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;'
- * ```
- */
-export function escapeHtml(text) {
-    if (!text)
-        return "";
-    return text.replace(/[&<>"']/g, (char) => HTML_ESCAPE_MAP[char] ?? char);
-}
-/**
- * Escape text for use in HTML attributes
- *
- * More comprehensive escaping than escapeHtml, including backticks
- * and equals signs which can be dangerous in attribute contexts.
- *
- * @param value - The value to escape
- * @returns Attribute-safe string
- *
- * @example
- * ```typescript
- * escapeAttr('value" onclick="alert(1)')
- * // Returns: 'value&quot; onclick&#x3D;&quot;alert(1)'
- * ```
- */
-export function escapeAttr(value) {
-    if (!value)
-        return "";
-    return value.replace(/[&<>"'`=]/g, (char) => ATTR_ESCAPE_MAP[char] ?? char);
-}
-/**
- * Escape text for use in JavaScript strings
- *
- * Uses JSON.stringify to properly escape all special characters
- * that could break out of a JavaScript string context.
- *
- * @param text - The text to escape
- * @returns JS-safe string (without surrounding quotes)
- *
- * @example
- * ```typescript
- * escapeJs('hello\nworld')
- * // Returns: '"hello\\nworld"' (with quotes from JSON.stringify)
- * ```
- */
-export function escapeJs(text) {
-    if (!text)
-        return '""';
-    return JSON.stringify(text);
-}
-/**
- * Escape text for use in JavaScript, returning value without quotes
- *
- * @param text - The text to escape
- * @returns JS-safe string content (without surrounding quotes)
- *
- * @example
- * ```typescript
- * escapeJsValue('hello\nworld')
- * // Returns: 'hello\\nworld'
- * ```
- */
-export function escapeJsValue(text) {
-    if (!text)
-        return "";
-    // JSON.stringify adds quotes, remove them
-    const escaped = JSON.stringify(text);
-    return escaped.slice(1, -1);
-}
-/**
- * Escape URL for use in href or src attributes
- *
- * Only allows http, https, and mailto protocols. Returns empty
- * string for dangerous protocols like javascript:.
- *
- * @param url - The URL to escape
- * @returns Safe URL or empty string
- *
- * @example
- * ```typescript
- * escapeUrl('javascript:alert(1)')
- * // Returns: ''
- *
- * escapeUrl('https://example.com/?q=test')
- * // Returns: 'https://example.com/?q=test'
- * ```
- */
-export function escapeUrl(url) {
-    if (!url)
-        return "";
-    // Check for dangerous protocols
-    const lowerUrl = url.toLowerCase().trim();
-    if (lowerUrl.startsWith("javascript:") ||
-        lowerUrl.startsWith("data:") ||
-        lowerUrl.startsWith("vbscript:") ||
-        lowerUrl.startsWith("file:")) {
-        return "";
-    }
-    // Try to parse as URL to validate
-    try {
-        const parsed = new URL(url);
-        if (!["http:", "https:", "mailto:"].includes(parsed.protocol)) {
-            return "";
-        }
-    }
-    catch {
-        // Block protocol-relative URLs (//evil.com) which bypass protocol checks
-        if (url.startsWith("//")) {
-            return "";
-        }
-        // If it's a relative URL (single slash, hash, or query), that's okay
-        if (!url.startsWith("/") && !url.startsWith("#") && !url.startsWith("?")) {
-            // Absolute URL that failed to parse - unsafe
-            return "";
-        }
-    }
-    // Escape any HTML characters in the URL (but not = or ` which are safe in URLs)
-    return escapeHtml(url);
-}
-/**
- * Create a safe HTML string from template literals
- *
- * Automatically escapes interpolated values while preserving
- * the template structure.
- *
- * @param strings - Template literal strings
- * @param values - Interpolated values to escape
- * @returns Safe HTML string
- *
- * @example
- * ```typescript
- * const userInput = '<script>alert("xss")</script>';
- * const html = safeHtml`<div>${userInput}</div>`;
- * // Returns: '<div>&lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;</div>'
- * ```
- */
-export function safeHtml(strings, ...values) {
-    let result = strings[0] ?? "";
-    for (let i = 0; i < values.length; i++) {
-        const value = values[i];
-        const escaped = value === null || value === undefined ? "" : escapeHtml(String(value));
-        result += escaped + (strings[i + 1] ?? "");
-    }
-    return result;
-}
-/**
- * Create a safe attribute value from template literals
- *
- * @param strings - Template literal strings
- * @param values - Interpolated values to escape
- * @returns Safe attribute string
- */
-export function safeAttr(strings, ...values) {
-    let result = strings[0] ?? "";
-    for (let i = 0; i < values.length; i++) {
-        const value = values[i];
-        const escaped = value === null || value === undefined ? "" : escapeAttr(String(value));
-        result += escaped + (strings[i + 1] ?? "");
-    }
-    return result;
-}
-//# sourceMappingURL=escape.js.map

package/dist/security/escape.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"escape.js","sourceRoot":"","sources":["../../src/security/escape.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,MAAM,eAAe,GAA2B;IAC9C,GAAG,EAAE,OAAO;IACZ,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,QAAQ;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe,GAA2B;IAC9C,GAAG,eAAe;IAClB,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,QAAQ;CACd,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,UAAU,CAAC,IAAY;IACrC,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;AAC3E,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,OAAO,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;AAC9E,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY;IACnC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,0CAA0C;IAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,SAAS,CAAC,GAAuB;IAC/C,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IAEpB,gCAAgC;IAChC,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAC1C,IACE,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC;QAClC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;QAC5B,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;QAChC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAC5B,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9D,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,yEAAyE;QACzE,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,qEAAqE;QACrE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACzE,6CAA6C;YAC7C,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,QAAQ,CACtB,OAA6B,EAC7B,GAAG,MAAiB;IAEpB,IAAI,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,OAAO,GACX,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACzE,MAAM,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,QAAQ,CACtB,OAA6B,EAC7B,GAAG,MAAiB;IAEpB,IAAI,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,OAAO,GACX,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACzE,MAAM,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/security/index.d.ts

@@ -1,10 +0,0 @@
-/**
- * Consent Security Utilities
- *
- * XSS prevention and input validation utilities.
- *
- * @module @kya-os/consent/security
- */
-export * from "./escape.js";
-export * from "./validators.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/security/index.js

@@ -1,10 +0,0 @@
-/**
- * Consent Security Utilities
- *
- * XSS prevention and input validation utilities.
- *
- * @module @kya-os/consent/security
- */
-export * from "./escape.js";
-export * from "./validators.js";
-//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}

package/dist/security/validators.d.ts

@@ -1,98 +0,0 @@
-/**
- * Security Validators
- *
- * Input validation utilities for secure rendering.
- *
- * @module @kya-os/consent/security/validators
- */
-/**
- * Validate that a string is a valid hex color
- *
- * Only accepts 6-digit hex colors with # prefix.
- *
- * @param color - Color string to validate
- * @returns The color if valid, undefined otherwise
- *
- * @example
- * ```typescript
- * validateColor('#2563EB') // Returns '#2563EB'
- * validateColor('2563EB')  // Returns undefined
- * validateColor('#fff')    // Returns undefined (3-digit not allowed)
- * ```
- */
-export declare function validateColor(color: string | undefined): string | undefined;
-/**
- * Validate that a string is a valid URL
- *
- * Only accepts http and https protocols.
- *
- * @param url - URL string to validate
- * @returns The URL if valid, undefined otherwise
- *
- * @example
- * ```typescript
- * validateUrl('https://example.com')    // Returns 'https://example.com'
- * validateUrl('javascript:alert(1)')    // Returns undefined
- * validateUrl('ftp://files.example.com') // Returns undefined
- * ```
- */
-export declare function validateUrl(url: string | undefined): string | undefined;
-/**
- * Validate that a string is a valid email address
- *
- * Uses a simple but effective email pattern.
- *
- * @param email - Email string to validate
- * @returns The email if valid, undefined otherwise
- */
-export declare function validateEmail(email: string | undefined): string | undefined;
-/**
- * Validate that a string is a valid DID
- *
- * @param did - DID string to validate
- * @returns The DID if valid, undefined otherwise
- */
-export declare function validateDid(did: string | undefined): string | undefined;
-/**
- * Validate that a string contains no control characters
- *
- * @param text - Text to validate
- * @returns The text if valid, undefined otherwise
- */
-export declare function validateNoControlChars(text: string | undefined): string | undefined;
-/**
- * Validate and sanitize a string for display
- *
- * Removes control characters and trims whitespace.
- *
- * @param text - Text to sanitize
- * @param maxLength - Maximum allowed length
- * @returns Sanitized text or undefined if invalid
- */
-export declare function sanitizeDisplayText(text: string | undefined, maxLength?: number): string | undefined;
-/**
- * Validate that a string is alphanumeric with underscores only
- *
- * Useful for field names and identifiers.
- *
- * @param text - Text to validate
- * @returns The text if valid, undefined otherwise
- */
-export declare function validateIdentifier(text: string | undefined): string | undefined;
-/**
- * Check if a value is a safe integer within range
- *
- * @param value - Value to check
- * @param min - Minimum value (inclusive)
- * @param max - Maximum value (inclusive)
- * @returns True if valid
- */
-export declare function isValidInteger(value: unknown, min?: number, max?: number): value is number;
-/**
- * Validate a CSRF token format
- *
- * @param token - Token to validate
- * @returns The token if valid, undefined otherwise
- */
-export declare function validateCSRFToken(token: string | undefined): string | undefined;
-//# sourceMappingURL=validators.d.ts.map