@mappoh/nova 0.1.16

package/dist/security/secure-store.js

@@ -0,0 +1,164 @@
+/**
+ * Nova Engine — Secure Storage
+ *
+ * Encrypted localStorage/sessionStorage wrapper using AES-GCM.
+ * All values are encrypted at rest with a derived key from a
+ * user-provided passphrase or auto-generated key.
+ */
+function toBase64(buffer) {
+    return btoa(String.fromCharCode(...new Uint8Array(buffer)));
+}
+function fromBase64(base64) {
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++)
+        bytes[i] = binary.charCodeAt(i);
+    return bytes;
+}
+/** Create an encrypted storage instance. */
+export function createSecureStore(options = {}) {
+    const { passphrase, prefix = 'nova_secure', sessionOnly = false, iterations = 100_000, keyLength = 256, defaultTTL = 0, } = options;
+    const storage = sessionOnly ? sessionStorage : localStorage;
+    const saltKey = `${prefix}__salt`;
+    const keyStoreKey = `${prefix}__key`;
+    let cryptoKey = null;
+    let initialized = false;
+    function fullKey(key) {
+        return `${prefix}:${key}`;
+    }
+    function isOurKey(storageKey) {
+        return storageKey.startsWith(`${prefix}:`);
+    }
+    async function deriveKeyFromPassphrase(pass, salt) {
+        const baseKey = await crypto.subtle.importKey('raw', new TextEncoder().encode(pass), 'PBKDF2', false, ['deriveKey']);
+        return crypto.subtle.deriveKey({ name: 'PBKDF2', salt: salt, iterations, hash: 'SHA-256' }, baseKey, { name: 'AES-GCM', length: keyLength }, false, ['encrypt', 'decrypt']);
+    }
+    async function generateRandomKey() {
+        return crypto.subtle.generateKey({ name: 'AES-GCM', length: keyLength }, true, ['encrypt', 'decrypt']);
+    }
+    async function encryptValue(data) {
+        const iv = crypto.getRandomValues(new Uint8Array(12));
+        const encoded = new TextEncoder().encode(data);
+        const ciphertext = await crypto.subtle.encrypt({ name: 'AES-GCM', iv: iv }, cryptoKey, encoded);
+        return {
+            ciphertext: toBase64(ciphertext),
+            iv: toBase64(iv.buffer),
+        };
+    }
+    async function decryptValue(ciphertext, iv) {
+        const plaintext = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: fromBase64(iv) }, cryptoKey, fromBase64(ciphertext));
+        return new TextDecoder().decode(plaintext);
+    }
+    const instance = {
+        async init() {
+            if (initialized)
+                return;
+            if (passphrase) {
+                // Derive key from passphrase
+                let saltB64 = storage.getItem(saltKey);
+                let salt;
+                if (saltB64) {
+                    salt = fromBase64(saltB64);
+                }
+                else {
+                    salt = crypto.getRandomValues(new Uint8Array(16));
+                    storage.setItem(saltKey, toBase64(salt.buffer));
+                }
+                cryptoKey = await deriveKeyFromPassphrase(passphrase, salt);
+            }
+            else {
+                // Use random key (stored in storage — less secure but automatic)
+                const storedKey = storage.getItem(keyStoreKey);
+                if (storedKey) {
+                    const jwk = JSON.parse(storedKey);
+                    cryptoKey = await crypto.subtle.importKey('jwk', jwk, { name: 'AES-GCM' }, true, ['encrypt', 'decrypt']);
+                }
+                else {
+                    cryptoKey = await generateRandomKey();
+                    const exported = await crypto.subtle.exportKey('jwk', cryptoKey);
+                    storage.setItem(keyStoreKey, JSON.stringify(exported));
+                }
+            }
+            initialized = true;
+        },
+        async set(key, value, ttl) {
+            if (!initialized)
+                throw new Error('SecureStore not initialized. Call init() first.');
+            const serialized = JSON.stringify(value);
+            const { ciphertext, iv } = await encryptValue(serialized);
+            const expiry = (ttl ?? defaultTTL) > 0 ? Date.now() + (ttl ?? defaultTTL) : 0;
+            const entry = { c: ciphertext, v: iv, e: expiry };
+            storage.setItem(fullKey(key), JSON.stringify(entry));
+        },
+        async get(key) {
+            if (!initialized)
+                throw new Error('SecureStore not initialized. Call init() first.');
+            const raw = storage.getItem(fullKey(key));
+            if (!raw)
+                return null;
+            try {
+                const entry = JSON.parse(raw);
+                // Check expiry
+                if (entry.e > 0 && Date.now() >= entry.e) {
+                    storage.removeItem(fullKey(key));
+                    return null;
+                }
+                const decrypted = await decryptValue(entry.c, entry.v);
+                return JSON.parse(decrypted);
+            }
+            catch {
+                // Corrupted or tampered data
+                storage.removeItem(fullKey(key));
+                return null;
+            }
+        },
+        has(key) {
+            const raw = storage.getItem(fullKey(key));
+            if (!raw)
+                return false;
+            try {
+                const entry = JSON.parse(raw);
+                if (entry.e > 0 && Date.now() >= entry.e) {
+                    storage.removeItem(fullKey(key));
+                    return false;
+                }
+                return true;
+            }
+            catch {
+                return false;
+            }
+        },
+        remove(key) {
+            storage.removeItem(fullKey(key));
+        },
+        clear() {
+            const toRemove = [];
+            for (let i = 0; i < storage.length; i++) {
+                const k = storage.key(i);
+                if (k && isOurKey(k))
+                    toRemove.push(k);
+            }
+            for (const k of toRemove)
+                storage.removeItem(k);
+        },
+        keys() {
+            const result = [];
+            const prefixLen = `${prefix}:`.length;
+            for (let i = 0; i < storage.length; i++) {
+                const k = storage.key(i);
+                if (k && isOurKey(k))
+                    result.push(k.slice(prefixLen));
+            }
+            return result;
+        },
+        size() {
+            return instance.keys().length;
+        },
+        destroy() {
+            cryptoKey = null;
+            initialized = false;
+        },
+    };
+    return instance;
+}
+//# sourceMappingURL=secure-store.js.map

package/dist/security/secure-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-store.js","sourceRoot":"","sources":["../../src/security/secure-store.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+CH,SAAS,QAAQ,CAAC,MAAmB;IACnC,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,KAAK,CAAC;AACf,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,iBAAiB,CAAC,UAA8B,EAAE;IAChE,MAAM,EACJ,UAAU,EACV,MAAM,GAAG,aAAa,EACtB,WAAW,GAAG,KAAK,EACnB,UAAU,GAAG,OAAO,EACpB,SAAS,GAAG,GAAG,EACf,UAAU,GAAG,CAAC,GACf,GAAG,OAAO,CAAC;IAEZ,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC;IAC5D,MAAM,OAAO,GAAG,GAAG,MAAM,QAAQ,CAAC;IAClC,MAAM,WAAW,GAAG,GAAG,MAAM,OAAO,CAAC;IACrC,IAAI,SAAS,GAAqB,IAAI,CAAC;IACvC,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,SAAS,OAAO,CAAC,GAAW;QAC1B,OAAO,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,QAAQ,CAAC,UAAkB;QAClC,OAAO,UAAU,CAAC,UAAU,CAAC,GAAG,MAAM,GAAG,CAAC,CAAE;IAC9C,CAAC;IAED,KAAK,UAAU,uBAAuB,CAAC,IAAY,EAAE,IAAgB;QACnE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAiB,EAC9C,QAAQ,EACR,KAAK,EACL,CAAC,WAAW,CAAC,CACd,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAoB,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,EAC3E,OAAO,EACP,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EACtC,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,iBAAiB;QAC9B,OAAO,MAAM,CAAC,MAAM,CAAC,WAAW,CAC9B,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EACtC,IAAI,EACJ,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,YAAY,CAAC,IAAY;QACtC,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC5C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAkB,EAAE,EAC3C,SAAU,EACV,OAAuB,CACxB,CAAC;QACF,OAAO;YACL,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC;YAChC,EAAE,EAAE,QAAQ,CAAC,EAAE,CAAC,MAAqB,CAAC;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,YAAY,CAAC,UAAkB,EAAE,EAAU;QACxD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,CAAC,EAAE,CAAiB,EAAE,EACvD,SAAU,EACV,UAAU,CAAC,UAAU,CAAiB,CACvC,CAAC;QACF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,QAAQ,GAAwB;QACpC,KAAK,CAAC,IAAI;YACR,IAAI,WAAW;gBAAE,OAAO;YAExB,IAAI,UAAU,EAAE,CAAC;gBACf,6BAA6B;gBAC7B,IAAI,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBACvC,IAAI,IAAgB,CAAC;gBACrB,IAAI,OAAO,EAAE,CAAC;oBACZ,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;gBAC7B,CAAC;qBAAM,CAAC;oBACN,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;oBAClD,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAqB,CAAC,CAAC,CAAC;gBACjE,CAAC;gBACD,SAAS,GAAG,MAAM,uBAAuB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YAC9D,CAAC;iBAAM,CAAC;gBACN,iEAAiE;gBACjE,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;gBAC/C,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAe,CAAC;oBAChD,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,GAAG,EACH,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,IAAI,EACJ,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,SAAS,GAAG,MAAM,iBAAiB,EAAE,CAAC;oBACtC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;oBACjE,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAED,WAAW,GAAG,IAAI,CAAC;QACrB,CAAC;QAED,KAAK,CAAC,GAAG,CAAI,GAAW,EAAE,KAAQ,EAAE,GAAY;YAC9C,IAAI,CAAC,WAAW;gBAAE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrF,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YACzC,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;YAC1D,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9E,MAAM,KAAK,GAAgB,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC;YAC/D,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACvD,CAAC;QAED,KAAK,CAAC,GAAG,CAAI,GAAW;YACtB,IAAI,CAAC,WAAW;gBAAE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrF,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAC;YAEtB,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;gBAE7C,eAAe;gBACf,IAAI,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC;oBACzC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;oBACjC,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvD,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAM,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,6BAA6B;gBAC7B,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;gBACjC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,GAAG,CAAC,GAAW;YACb,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,GAAG;gBAAE,OAAO,KAAK,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;gBAC7C,IAAI,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC;oBACzC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;oBACjC,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,MAAM,CAAC,GAAW;YAChB,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,KAAK;YACH,MAAM,QAAQ,GAAa,EAAE,CAAC;YAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACzB,IAAI,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC;oBAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACzC,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,QAAQ;gBAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,IAAI;YACF,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC;YACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACxC,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACzB,IAAI,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC;oBAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;YACxD,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI;YACF,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;QAChC,CAAC;QAED,OAAO;YACL,SAAS,GAAG,IAAI,CAAC;YACjB,WAAW,GAAG,KAAK,CAAC;QACtB,CAAC;KACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/security/session.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Nova Engine — Session Management
+ *
+ * Token lifecycle management with automatic rotation,
+ * expiry tracking, idle timeout, multi-tab synchronization,
+ * and activity monitoring.
+ */
+export interface SessionOptions {
+    /** Session duration in milliseconds. Default: 30 minutes */
+    maxAge?: number;
+    /** Idle timeout in milliseconds. Default: 15 minutes */
+    idleTimeout?: number;
+    /** Auto-rotate token at interval (ms). Default: 0 (disabled) */
+    rotateInterval?: number;
+    /** Storage key prefix. Default: 'nova_session' */
+    storageKey?: string;
+    /** Use sessionStorage (true) or localStorage (false). Default: true */
+    useSessionStorage?: boolean;
+    /** Sync across tabs via storage events. Default: true */
+    syncTabs?: boolean;
+    /** Called when session expires */
+    onExpire?: () => void;
+    /** Called when user goes idle */
+    onIdle?: () => void;
+    /** Called when user returns from idle */
+    onResume?: () => void;
+    /** Called when token is rotated */
+    onRotate?: (newToken: string) => void;
+    /** Custom token generator. Default: crypto.randomUUID */
+    generateToken?: () => string;
+    /** Events that count as user activity. Default: common interaction events */
+    activityEvents?: string[];
+}
+export interface SessionData {
+    /** Session token */
+    token: string;
+    /** Creation timestamp */
+    createdAt: number;
+    /** Last activity timestamp */
+    lastActivity: number;
+    /** Expiry timestamp */
+    expiresAt: number;
+    /** Custom metadata */
+    meta: Record<string, unknown>;
+}
+export interface SessionInstance {
+    /** Start a new session */
+    start(meta?: Record<string, unknown>): SessionData;
+    /** End the current session */
+    end(): void;
+    /** Get current session data (null if expired/nonexistent) */
+    get(): SessionData | null;
+    /** Check if session is active and valid */
+    isActive(): boolean;
+    /** Check if user is currently idle */
+    isIdle(): boolean;
+    /** Manually rotate the token */
+    rotate(): string;
+    /** Touch — update last activity time */
+    touch(): void;
+    /** Get remaining time before expiry (ms) */
+    remainingTime(): number;
+    /** Get remaining idle time (ms) */
+    remainingIdleTime(): number;
+    /** Set metadata on the session */
+    setMeta(key: string, value: unknown): void;
+    /** Get metadata value */
+    getMeta<T = unknown>(key: string): T | undefined;
+    /** Subscribe to session events */
+    on(event: 'expire' | 'idle' | 'resume' | 'rotate' | 'start' | 'end', handler: (data?: unknown) => void): () => void;
+    /** Destroy — cleanup all listeners and timers */
+    destroy(): void;
+}
+/** Create a session management instance. */
+export declare function createSession(options?: SessionOptions): SessionInstance;
+//# sourceMappingURL=session.d.ts.map

package/dist/security/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/security/session.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,cAAc;IAC7B,4DAA4D;IAC5D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gEAAgE;IAChE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,yDAAyD;IACzD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAC;IACtB,iCAAiC;IACjC,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAC;IACtB,mCAAmC;IACnC,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACtC,yDAAyD;IACzD,aAAa,CAAC,EAAE,MAAM,MAAM,CAAC;IAC7B,6EAA6E;IAC7E,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,WAAW;IAC1B,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,8BAA8B;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,uBAAuB;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B,0BAA0B;IAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,WAAW,CAAC;IACnD,8BAA8B;IAC9B,GAAG,IAAI,IAAI,CAAC;IACZ,6DAA6D;IAC7D,GAAG,IAAI,WAAW,GAAG,IAAI,CAAC;IAC1B,2CAA2C;IAC3C,QAAQ,IAAI,OAAO,CAAC;IACpB,sCAAsC;IACtC,MAAM,IAAI,OAAO,CAAC;IAClB,gCAAgC;IAChC,MAAM,IAAI,MAAM,CAAC;IACjB,wCAAwC;IACxC,KAAK,IAAI,IAAI,CAAC;IACd,4CAA4C;IAC5C,aAAa,IAAI,MAAM,CAAC;IACxB,mCAAmC;IACnC,iBAAiB,IAAI,MAAM,CAAC;IAC5B,kCAAkC;IAClC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IAC3C,yBAAyB;IACzB,OAAO,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,GAAG,SAAS,CAAC;IACjD,kCAAkC;IAClC,EAAE,CAAC,KAAK,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,GAAG,KAAK,EAAE,OAAO,EAAE,CAAC,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,MAAM,IAAI,CAAC;IACpH,iDAAiD;IACjD,OAAO,IAAI,IAAI,CAAC;CACjB;AAED,4CAA4C;AAC5C,wBAAgB,aAAa,CAAC,OAAO,GAAE,cAAmB,GAAG,eAAe,CA0Q3E"}

package/dist/security/session.js

@@ -0,0 +1,251 @@
+/**
+ * Nova Engine — Session Management
+ *
+ * Token lifecycle management with automatic rotation,
+ * expiry tracking, idle timeout, multi-tab synchronization,
+ * and activity monitoring.
+ */
+/** Create a session management instance. */
+export function createSession(options = {}) {
+    const { maxAge = 30 * 60 * 1000, idleTimeout = 15 * 60 * 1000, rotateInterval = 0, storageKey = 'nova_session', useSessionStorage = true, syncTabs = true, onExpire, onIdle, onResume, onRotate, generateToken = () => crypto.randomUUID(), activityEvents = ['mousedown', 'keydown', 'touchstart', 'scroll', 'mousemove'], } = options;
+    const storage = useSessionStorage ? sessionStorage : localStorage;
+    const listeners = new Map();
+    let expiryTimer = null;
+    let idleTimer = null;
+    let rotateTimer = null;
+    let idle = false;
+    let destroyed = false;
+    function emit(event, data) {
+        const handlers = listeners.get(event);
+        if (handlers) {
+            for (const h of handlers)
+                h(data);
+        }
+    }
+    function save(data) {
+        try {
+            storage.setItem(storageKey, JSON.stringify(data));
+        }
+        catch { /* quota exceeded — fail silently */ }
+    }
+    function load() {
+        try {
+            const raw = storage.getItem(storageKey);
+            if (!raw)
+                return null;
+            return JSON.parse(raw);
+        }
+        catch {
+            return null;
+        }
+    }
+    function clear() {
+        storage.removeItem(storageKey);
+    }
+    function clearTimers() {
+        if (expiryTimer) {
+            clearTimeout(expiryTimer);
+            expiryTimer = null;
+        }
+        if (idleTimer) {
+            clearTimeout(idleTimer);
+            idleTimer = null;
+        }
+        if (rotateTimer) {
+            clearInterval(rotateTimer);
+            rotateTimer = null;
+        }
+    }
+    function startExpiryTimer(data) {
+        if (expiryTimer)
+            clearTimeout(expiryTimer);
+        const remaining = data.expiresAt - Date.now();
+        if (remaining <= 0) {
+            handleExpiry();
+            return;
+        }
+        expiryTimer = setTimeout(handleExpiry, remaining);
+    }
+    function startIdleTimer() {
+        if (idleTimer)
+            clearTimeout(idleTimer);
+        idleTimer = setTimeout(handleIdle, idleTimeout);
+    }
+    function handleExpiry() {
+        clear();
+        clearTimers();
+        removeActivityListeners();
+        emit('expire');
+        onExpire?.();
+    }
+    function handleIdle() {
+        idle = true;
+        emit('idle');
+        onIdle?.();
+    }
+    function onActivity() {
+        if (destroyed)
+            return;
+        const data = load();
+        if (!data)
+            return;
+        // Check if session has expired
+        if (Date.now() >= data.expiresAt) {
+            handleExpiry();
+            return;
+        }
+        // Update last activity
+        data.lastActivity = Date.now();
+        save(data);
+        // Resume from idle
+        if (idle) {
+            idle = false;
+            emit('resume');
+            onResume?.();
+        }
+        // Reset idle timer
+        startIdleTimer();
+    }
+    function addActivityListeners() {
+        for (const event of activityEvents) {
+            document.addEventListener(event, onActivity, { passive: true });
+        }
+    }
+    function removeActivityListeners() {
+        for (const event of activityEvents) {
+            document.removeEventListener(event, onActivity);
+        }
+    }
+    // Cross-tab sync
+    function onStorageChange(e) {
+        if (e.key !== storageKey)
+            return;
+        if (e.newValue === null) {
+            // Session ended in another tab
+            clearTimers();
+            removeActivityListeners();
+            emit('end');
+        }
+        else {
+            // Session updated in another tab
+            const data = load();
+            if (data) {
+                startExpiryTimer(data);
+            }
+        }
+    }
+    if (syncTabs && !useSessionStorage) {
+        window.addEventListener('storage', onStorageChange);
+    }
+    const instance = {
+        start(meta) {
+            const now = Date.now();
+            const token = generateToken();
+            const data = {
+                token,
+                createdAt: now,
+                lastActivity: now,
+                expiresAt: now + maxAge,
+                meta: meta ?? {},
+            };
+            save(data);
+            idle = false;
+            startExpiryTimer(data);
+            startIdleTimer();
+            addActivityListeners();
+            if (rotateInterval > 0) {
+                rotateTimer = setInterval(() => instance.rotate(), rotateInterval);
+            }
+            emit('start', data);
+            return data;
+        },
+        end() {
+            clear();
+            clearTimers();
+            removeActivityListeners();
+            idle = false;
+            emit('end');
+        },
+        get() {
+            const data = load();
+            if (!data)
+                return null;
+            if (Date.now() >= data.expiresAt) {
+                handleExpiry();
+                return null;
+            }
+            return data;
+        },
+        isActive() {
+            return instance.get() !== null;
+        },
+        isIdle() {
+            return idle;
+        },
+        rotate() {
+            const data = load();
+            if (!data)
+                return '';
+            const newToken = generateToken();
+            data.token = newToken;
+            save(data);
+            emit('rotate', newToken);
+            onRotate?.(newToken);
+            return newToken;
+        },
+        touch() {
+            onActivity();
+        },
+        remainingTime() {
+            const data = load();
+            if (!data)
+                return 0;
+            return Math.max(0, data.expiresAt - Date.now());
+        },
+        remainingIdleTime() {
+            const data = load();
+            if (!data)
+                return 0;
+            const elapsed = Date.now() - data.lastActivity;
+            return Math.max(0, idleTimeout - elapsed);
+        },
+        setMeta(key, value) {
+            const data = load();
+            if (!data)
+                return;
+            data.meta[key] = value;
+            save(data);
+        },
+        getMeta(key) {
+            const data = load();
+            return data?.meta[key];
+        },
+        on(event, handler) {
+            if (!listeners.has(event))
+                listeners.set(event, new Set());
+            listeners.get(event).add(handler);
+            return () => listeners.get(event)?.delete(handler);
+        },
+        destroy() {
+            destroyed = true;
+            clearTimers();
+            removeActivityListeners();
+            listeners.clear();
+            if (syncTabs && !useSessionStorage) {
+                window.removeEventListener('storage', onStorageChange);
+            }
+        },
+    };
+    // If there's an existing session, resume it
+    const existing = load();
+    if (existing && Date.now() < existing.expiresAt) {
+        startExpiryTimer(existing);
+        startIdleTimer();
+        addActivityListeners();
+        if (rotateInterval > 0) {
+            rotateTimer = setInterval(() => instance.rotate(), rotateInterval);
+        }
+    }
+    return instance;
+}
+//# sourceMappingURL=session.js.map

package/dist/security/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/security/session.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAuEH,4CAA4C;AAC5C,MAAM,UAAU,aAAa,CAAC,UAA0B,EAAE;IACxD,MAAM,EACJ,MAAM,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EACvB,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAC5B,cAAc,GAAG,CAAC,EAClB,UAAU,GAAG,cAAc,EAC3B,iBAAiB,GAAG,IAAI,EACxB,QAAQ,GAAG,IAAI,EACf,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,aAAa,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,EACzC,cAAc,GAAG,CAAC,WAAW,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,CAAC,GAC/E,GAAG,OAAO,CAAC;IAEZ,MAAM,OAAO,GAAG,iBAAiB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC;IAClE,MAAM,SAAS,GAAG,IAAI,GAAG,EAAyC,CAAC;IACnE,IAAI,WAAW,GAAyC,IAAI,CAAC;IAC7D,IAAI,SAAS,GAAyC,IAAI,CAAC;IAC3D,IAAI,WAAW,GAA0C,IAAI,CAAC;IAC9D,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,SAAS,IAAI,CAAC,KAAa,EAAE,IAAc;QACzC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,MAAM,CAAC,IAAI,QAAQ;gBAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,SAAS,IAAI,CAAC,IAAiB;QAC7B,IAAI,CAAC;YACH,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC,CAAC,oCAAoC,CAAC,CAAC;IAClD,CAAC;IAED,SAAS,IAAI;QACX,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACxC,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAC;YACtB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,SAAS,KAAK;QACZ,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IACjC,CAAC;IAED,SAAS,WAAW;QAClB,IAAI,WAAW,EAAE,CAAC;YAAC,YAAY,CAAC,WAAW,CAAC,CAAC;YAAC,WAAW,GAAG,IAAI,CAAC;QAAC,CAAC;QACnE,IAAI,SAAS,EAAE,CAAC;YAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAAC,SAAS,GAAG,IAAI,CAAC;QAAC,CAAC;QAC7D,IAAI,WAAW,EAAE,CAAC;YAAC,aAAa,CAAC,WAAW,CAAC,CAAC;YAAC,WAAW,GAAG,IAAI,CAAC;QAAC,CAAC;IACtE,CAAC;IAED,SAAS,gBAAgB,CAAC,IAAiB;QACzC,IAAI,WAAW;YAAE,YAAY,CAAC,WAAW,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC9C,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;YACnB,YAAY,EAAE,CAAC;YACf,OAAO;QACT,CAAC;QACD,WAAW,GAAG,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;IAED,SAAS,cAAc;QACrB,IAAI,SAAS;YAAE,YAAY,CAAC,SAAS,CAAC,CAAC;QACvC,SAAS,GAAG,UAAU,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAClD,CAAC;IAED,SAAS,YAAY;QACnB,KAAK,EAAE,CAAC;QACR,WAAW,EAAE,CAAC;QACd,uBAAuB,EAAE,CAAC;QAC1B,IAAI,CAAC,QAAQ,CAAC,CAAC;QACf,QAAQ,EAAE,EAAE,CAAC;IACf,CAAC;IAED,SAAS,UAAU;QACjB,IAAI,GAAG,IAAI,CAAC;QACZ,IAAI,CAAC,MAAM,CAAC,CAAC;QACb,MAAM,EAAE,EAAE,CAAC;IACb,CAAC;IAED,SAAS,UAAU;QACjB,IAAI,SAAS;YAAE,OAAO;QACtB,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI;YAAE,OAAO;QAElB,+BAA+B;QAC/B,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,YAAY,EAAE,CAAC;YACf,OAAO;QACT,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,CAAC;QAEX,mBAAmB;QACnB,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,GAAG,KAAK,CAAC;YACb,IAAI,CAAC,QAAQ,CAAC,CAAC;YACf,QAAQ,EAAE,EAAE,CAAC;QACf,CAAC;QAED,mBAAmB;QACnB,cAAc,EAAE,CAAC;IACnB,CAAC;IAED,SAAS,oBAAoB;QAC3B,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,QAAQ,CAAC,gBAAgB,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,SAAS,uBAAuB;QAC9B,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,QAAQ,CAAC,mBAAmB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,SAAS,eAAe,CAAC,CAAe;QACtC,IAAI,CAAC,CAAC,GAAG,KAAK,UAAU;YAAE,OAAO;QACjC,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;YACxB,+BAA+B;YAC/B,WAAW,EAAE,CAAC;YACd,uBAAuB,EAAE,CAAC;YAC1B,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC;aAAM,CAAC;YACN,iCAAiC;YACjC,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;YACpB,IAAI,IAAI,EAAE,CAAC;gBACT,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACnC,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,QAAQ,GAAoB;QAChC,KAAK,CAAC,IAA8B;YAClC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAgB;gBACxB,KAAK;gBACL,SAAS,EAAE,GAAG;gBACd,YAAY,EAAE,GAAG;gBACjB,SAAS,EAAE,GAAG,GAAG,MAAM;gBACvB,IAAI,EAAE,IAAI,IAAI,EAAE;aACjB,CAAC;YAEF,IAAI,CAAC,IAAI,CAAC,CAAC;YACX,IAAI,GAAG,KAAK,CAAC;YACb,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACvB,cAAc,EAAE,CAAC;YACjB,oBAAoB,EAAE,CAAC;YAEvB,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;gBACvB,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC;YACrE,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,GAAG;YACD,KAAK,EAAE,CAAC;YACR,WAAW,EAAE,CAAC;YACd,uBAAuB,EAAE,CAAC;YAC1B,IAAI,GAAG,KAAK,CAAC;YACb,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC;QAED,GAAG;YACD,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAI,CAAC;YACvB,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,YAAY,EAAE,CAAC;gBACf,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,QAAQ;YACN,OAAO,QAAQ,CAAC,GAAG,EAAE,KAAK,IAAI,CAAC;QACjC,CAAC;QAED,MAAM;YACJ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM;YACJ,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI;gBAAE,OAAO,EAAE,CAAC;YACrB,MAAM,QAAQ,GAAG,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC;YACtB,IAAI,CAAC,IAAI,CAAC,CAAC;YACX,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACzB,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;YACrB,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,KAAK;YACH,UAAU,EAAE,CAAC;QACf,CAAC;QAED,aAAa;YACX,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI;gBAAE,OAAO,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAClD,CAAC;QAED,iBAAiB;YACf,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI;gBAAE,OAAO,CAAC,CAAC;YACpB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC;YAC/C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,CAAC;QAC5C,CAAC;QAED,OAAO,CAAC,GAAW,EAAE,KAAc;YACjC,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,CAAC;QAED,OAAO,CAAc,GAAW;YAC9B,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;YACpB,OAAO,IAAI,EAAE,IAAI,CAAC,GAAG,CAAkB,CAAC;QAC1C,CAAC;QAED,EAAE,CAAC,KAAa,EAAE,OAAiC;YACjD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;YAC3D,SAAS,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnC,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;QAED,OAAO;YACL,SAAS,GAAG,IAAI,CAAC;YACjB,WAAW,EAAE,CAAC;YACd,uBAAuB,EAAE,CAAC;YAC1B,SAAS,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,QAAQ,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACnC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;KACF,CAAC;IAEF,4CAA4C;IAC5C,MAAM,QAAQ,GAAG,IAAI,EAAE,CAAC;IACxB,IAAI,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,CAAC;QAChD,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC3B,cAAc,EAAE,CAAC;QACjB,oBAAoB,EAAE,CAAC;QACvB,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;YACvB,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/security/sri.d.ts

@@ -0,0 +1,66 @@
+/**
+ * Nova Engine — Subresource Integrity (SRI)
+ *
+ * Generate SRI hashes for scripts and stylesheets, inject integrity
+ * attributes, and verify resource integrity at runtime.
+ */
+export type SRIAlgorithm = 'sha256' | 'sha384' | 'sha512';
+export interface SRIOptions {
+    /** Hash algorithm(s). Default: ['sha384'] */
+    algorithms?: SRIAlgorithm[];
+    /** Also set crossorigin attribute. Default: 'anonymous' */
+    crossorigin?: string | false;
+}
+export interface SRIHash {
+    /** The integrity attribute value (e.g. 'sha384-abc123...') */
+    integrity: string;
+    /** Individual algorithm-hash pairs */
+    hashes: Array<{
+        algorithm: SRIAlgorithm;
+        hash: string;
+    }>;
+}
+/** Generate SRI hash(es) for a string of content. */
+export declare function generateSRI(content: string, options?: SRIOptions): Promise<SRIHash>;
+/** Generate SRI hash(es) for an ArrayBuffer. */
+export declare function generateSRIFromBuffer(buffer: ArrayBuffer, options?: SRIOptions): Promise<SRIHash>;
+/** Fetch a resource and generate its SRI hash. */
+export declare function generateSRIFromURL(url: string, options?: SRIOptions): Promise<SRIHash>;
+/**
+ * Create a <script> element with SRI integrity attribute.
+ * Optionally appends to a target element.
+ */
+export declare function createSecureScript(src: string, options?: SRIOptions & {
+    /** Append to this element. Default: null (don't append) */
+    appendTo?: Element;
+    /** Additional script attributes */
+    async?: boolean;
+    defer?: boolean;
+    type?: string;
+}): Promise<HTMLScriptElement>;
+/**
+ * Create a <link rel="stylesheet"> element with SRI integrity attribute.
+ * Optionally appends to a target element.
+ */
+export declare function createSecureStylesheet(href: string, options?: SRIOptions & {
+    /** Append to this element. Default: null (don't append) */
+    appendTo?: Element;
+    /** Media query */
+    media?: string;
+}): Promise<HTMLLinkElement>;
+/**
+ * Verify that a resource's content matches an expected SRI hash.
+ * Useful for runtime integrity checks of dynamically loaded content.
+ */
+export declare function verifySRI(content: string | ArrayBuffer, expectedIntegrity: string): Promise<boolean>;
+/**
+ * Scan existing <script> and <link> elements and add SRI
+ * integrity attributes where missing.
+ */
+export declare function enforceAllSRI(options?: SRIOptions & {
+    /** Only process elements matching this selector. Default: all scripts and stylesheets */
+    selector?: string;
+    /** Skip local (same-origin) resources. Default: false */
+    skipLocal?: boolean;
+}): Promise<number>;
+//# sourceMappingURL=sri.d.ts.map

package/dist/security/sri.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sri.d.ts","sourceRoot":"","sources":["../../src/security/sri.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE1D,MAAM,WAAW,UAAU;IACzB,6CAA6C;IAC7C,UAAU,CAAC,EAAE,YAAY,EAAE,CAAC;IAC5B,2DAA2D;IAC3D,WAAW,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;CAC9B;AAED,MAAM,WAAW,OAAO;IACtB,8DAA8D;IAC9D,SAAS,EAAE,MAAM,CAAC;IAClB,sCAAsC;IACtC,MAAM,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,YAAY,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC1D;AAYD,qDAAqD;AACrD,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,UAAU,GACnB,OAAO,CAAC,OAAO,CAAC,CAelB;AAED,gDAAgD;AAChD,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,WAAW,EACnB,OAAO,CAAC,EAAE,UAAU,GACnB,OAAO,CAAC,OAAO,CAAC,CAclB;AAED,kDAAkD;AAClD,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,UAAU,GACnB,OAAO,CAAC,OAAO,CAAC,CAIlB;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,UAAU,GAAG;IACrB,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,mCAAmC;IACnC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,GACA,OAAO,CAAC,iBAAiB,CAAC,CAoB5B;AAED;;;GAGG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,UAAU,GAAG;IACrB,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,kBAAkB;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GACA,OAAO,CAAC,eAAe,CAAC,CAmB1B;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAC7B,OAAO,EAAE,MAAM,GAAG,WAAW,EAC7B,iBAAiB,EAAE,MAAM,GACxB,OAAO,CAAC,OAAO,CAAC,CAsBlB;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,OAAO,CAAC,EAAE,UAAU,GAAG;IACrB,yFAAyF;IACzF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB,GACA,OAAO,CAAC,MAAM,CAAC,CAqCjB"}