@nice2dev/ui-security 1.0.10

package/dist/content-safety.d.ts

@@ -0,0 +1,212 @@
+/**
+ * Content Safety UI (SEC-001) — Safety dashboard, alert center,
+ * audit reports, rule editor, scanner config, age verification,
+ * identity verification, threat viewer, tenant safety config.
+ *
+ * PRO-5.13 — 9 items
+ *
+ * @module @nice2dev/ui-security/content-safety
+ */
+export type IncidentSeverity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+export interface SafetyIncident {
+    id: string;
+    /** Type of content flagged */
+    contentType: 'image' | 'video' | 'text' | 'audio' | 'file';
+    /** Category */
+    category: string;
+    severity: IncidentSeverity;
+    /** Status */
+    status: 'new' | 'reviewing' | 'confirmed' | 'false-positive' | 'resolved' | 'escalated';
+    /** Detected at */
+    detectedAt: string;
+    /** Source (user ID / upload ID) */
+    sourceId: string;
+    /** Confidence score (0-1) */
+    confidence: number;
+    /** Action taken */
+    actionTaken?: string;
+    /** Reviewer */
+    reviewerId?: string;
+}
+export interface SafetyDashboardStats {
+    /** Period */
+    periodFrom: string;
+    periodTo: string;
+    /** Total scanned */
+    totalScanned: number;
+    /** Total flagged */
+    totalFlagged: number;
+    /** By severity */
+    bySeverity: Record<IncidentSeverity, number>;
+    /** By category */
+    byCategory: Record<string, number>;
+    /** False positive rate (%) */
+    falsePositiveRate: number;
+    /** Average response time (ms) */
+    avgResponseTimeMs: number;
+}
+export type AlertAction = 'review' | 'block' | 'quarantine' | 'notify-admin' | 'auto-remove' | 'escalate';
+export interface SafetyAlert {
+    id: string;
+    incidentId: string;
+    severity: IncidentSeverity;
+    title: string;
+    description: string;
+    /** Suggested action */
+    suggestedAction: AlertAction;
+    /** Created at */
+    createdAt: string;
+    /** Acknowledged */
+    acknowledged: boolean;
+    acknowledgedAt?: string;
+    acknowledgedBy?: string;
+}
+export interface SafetyAuditReport {
+    id: string;
+    /** Scan type */
+    scanType: 'full' | 'incremental' | 'targeted';
+    /** Start/end */
+    startedAt: string;
+    completedAt: string;
+    /** Content scanned */
+    totalScanned: number;
+    /** Findings */
+    findings: Array<{
+        category: string;
+        severity: IncidentSeverity;
+        count: number;
+        sampleIds: string[];
+    }>;
+    /** Compliance score (%) */
+    complianceScore: number;
+    /** Recommendations */
+    recommendations: string[];
+}
+export type RuleCategory = 'csam' | 'weapons' | 'drugs' | 'trafficking' | 'hate-speech' | 'violence' | 'nudity' | 'self-harm' | 'terrorism' | 'fraud' | 'spam' | 'copyright' | 'custom';
+export interface SafetyRule {
+    id: string;
+    category: RuleCategory;
+    name: string;
+    description: string;
+    /** Enabled */
+    enabled: boolean;
+    /** Severity when triggered */
+    severity: IncidentSeverity;
+    /** Detection method */
+    method: 'ml-model' | 'regex' | 'hash-matching' | 'keyword' | 'external-api';
+    /** Threshold (0-1) */
+    threshold: number;
+    /** Auto-action */
+    autoAction: AlertAction;
+    /** Applicable content types */
+    contentTypes: Array<'image' | 'video' | 'text' | 'audio' | 'file'>;
+}
+export type ScannerProvider = 'internal-ml' | 'azure-content-safety' | 'aws-rekognition' | 'google-cloud-vision' | 'photodna' | 'custom';
+export interface ScannerConfig {
+    id: string;
+    provider: ScannerProvider;
+    /** Enabled */
+    enabled: boolean;
+    /** API endpoint */
+    endpoint?: string;
+    /** Content types handled */
+    contentTypes: Array<'image' | 'video' | 'text' | 'audio' | 'file'>;
+    /** Categories handled */
+    categories: RuleCategory[];
+    /** Sensitivity level */
+    sensitivity: 'low' | 'medium' | 'high' | 'maximum';
+    /** Rate limit (requests/min) */
+    rateLimit: number;
+    /** Timeout (ms) */
+    timeout: number;
+}
+export type AgeVerificationMethod = 'self-declaration' | 'id-scan' | 'credit-card' | 'third-party' | 'digital-id' | 'bank-verification';
+export interface AgeVerificationConfig {
+    /** Minimum age */
+    minimumAge: number;
+    /** Allowed methods */
+    methods: AgeVerificationMethod[];
+    /** Third-party provider */
+    provider?: string;
+    providerEndpoint?: string;
+    /** Remember verification (days) */
+    rememberDays: number;
+    /** Strict mode (require document) */
+    strictMode: boolean;
+}
+export type IdVerificationMethod = 'eID' | 'video-ident' | 'id-scan' | 'bank-id' | 'nfc-chip' | 'biometric' | 'manual-review';
+export interface IdVerificationConfig {
+    /** KYC level */
+    kycLevel: 'basic' | 'standard' | 'enhanced';
+    /** Allowed methods */
+    methods: IdVerificationMethod[];
+    /** Provider */
+    provider: string;
+    providerEndpoint: string;
+    /** GDPR compliant */
+    gdprCompliant: boolean;
+    /** Document retention (days) */
+    retentionDays: number;
+    /** Accepted ID types */
+    acceptedDocuments: Array<'passport' | 'id-card' | 'drivers-license' | 'residence-permit'>;
+}
+export interface IdVerificationResult {
+    id: string;
+    status: 'pending' | 'verified' | 'failed' | 'expired';
+    method: IdVerificationMethod;
+    /** Verified name */
+    verifiedName?: string;
+    /** Verified date of birth */
+    verifiedDob?: string;
+    /** Verified nationality */
+    verifiedNationality?: string;
+    /** Confidence */
+    confidence: number;
+    /** Completed at */
+    completedAt?: string;
+}
+export interface ThreatDetail {
+    incidentId: string;
+    /** Content preview (blurred URL) */
+    blurredPreviewUrl?: string;
+    /** Metadata */
+    metadata: {
+        fileHash: string;
+        fileSize: number;
+        mimeType: string;
+        uploadedAt: string;
+        uploadedBy: string;
+        ipAddress?: string;
+        userAgent?: string;
+    };
+    /** Detection details */
+    detections: Array<{
+        scanner: string;
+        category: string;
+        confidence: number;
+        details: string;
+    }>;
+    /** Available actions */
+    actions: AlertAction[];
+    /** Related incidents */
+    relatedIncidentIds: string[];
+}
+export interface TenantSafetyConfig {
+    tenantId: string;
+    /** Strictness level */
+    strictnessLevel: 'permissive' | 'moderate' | 'strict' | 'maximum';
+    /** Enabled scanners */
+    enabledScannerIds: string[];
+    /** Custom thresholds per category */
+    thresholds: Record<RuleCategory, number>;
+    /** Auto-actions per category */
+    autoActions: Record<RuleCategory, AlertAction>;
+    /** Notification emails */
+    notificationEmails: string[];
+    /** Webhook URL */
+    webhookUrl?: string;
+    /** Quarantine enabled */
+    quarantineEnabled: boolean;
+    /** Appeal process */
+    appealEnabled: boolean;
+}

package/dist/core/biometricEngine.d.ts

@@ -0,0 +1,111 @@
+import { BiometricConfig, BiometricTemplate, BiometricMethod, FingerprintFeatures, IrisFeatures, FaceFeatures, FaceLivenessChallenge } from './types';
+export declare function resolveConfig(partial?: BiometricConfig): Required<BiometricConfig>;
+/** Compute SHA-256 hash of a string (for integrity). */
+export declare function sha256(data: string): Promise<string>;
+/** Get device camera stream. */
+export declare function getCameraStream(facingMode?: 'user' | 'environment'): Promise<MediaStream>;
+/** Capture a single frame from a video element. */
+export declare function captureFrame(video: HTMLVideoElement, width?: number, height?: number): {
+    canvas: HTMLCanvasElement;
+    ctx: CanvasRenderingContext2D;
+    imageData: ImageData;
+};
+/** Convert ImageData to grayscale. */
+export declare function toGrayscale(imageData: ImageData): Uint8Array;
+/** Apply Gaussian blur (3×3 kernel). */
+export declare function gaussianBlur3x3(gray: Uint8Array, w: number, h: number): Uint8Array;
+/** Sobel edge detection. Returns magnitude array. */
+export declare function sobelEdges(gray: Uint8Array, w: number, h: number): Uint8Array;
+/** Simple Otsu threshold. Returns binary mask. */
+export declare function otsuThreshold(gray: Uint8Array): {
+    threshold: number;
+    binary: Uint8Array;
+};
+/** Extract minutiae points from a fingerprint image. */
+export declare function extractMinutiae(imageData: ImageData, minQuality?: number): FingerprintFeatures;
+/** Compare two fingerprint templates. Returns similarity 0-1. */
+export declare function matchFingerprints(a: FingerprintFeatures, b: FingerprintFeatures): number;
+/** Serialize fingerprint features to a storable template. */
+export declare function fingerprintToTemplate(features: FingerprintFeatures, label?: string): Promise<BiometricTemplate>;
+/** Deserialize a fingerprint template back to features. */
+export declare function templateToFingerprint(template: BiometricTemplate): FingerprintFeatures;
+/**
+ * Detect and segment iris from an eye image.
+ * Uses simplified Daugman's integro-differential operator approach:
+ *   1. Find pupil (dark circle)
+ *   2. Find iris boundary (outer ring)
+ *   3. Unwrap to polar (rubber-sheet normalisation)
+ *   4. Generate iris code via Gabor filter
+ */
+export declare function detectIris(imageData: ImageData, eye?: 'left' | 'right'): IrisFeatures | null;
+/**
+ * Compare two iris codes using Hamming distance.
+ * Returns similarity 0-1 (1 = identical).
+ */
+export declare function matchIris(a: IrisFeatures, b: IrisFeatures): number;
+/** Serialize iris features to template. */
+export declare function irisToTemplate(features: IrisFeatures, label?: string): Promise<BiometricTemplate>;
+export declare function templateToIris(template: BiometricTemplate): IrisFeatures;
+/**
+ * Extract face features from an image.
+ * Uses a lightweight approach: skin-color detection + geometric features.
+ * For production, integrate a real model via ONNX or TensorFlow.js.
+ */
+export declare function extractFaceFeatures(imageData: ImageData): FaceFeatures | null;
+/** Compare two face embeddings. Returns similarity 0-1. */
+export declare function matchFaces(a: FaceFeatures, b: FaceFeatures): number;
+/** Compare a camera frame to a reference photo. */
+export declare function compareFaceToPhoto(cameraFrame: ImageData, referencePhoto: ImageData): {
+    similarity: number;
+    cameraFeatures: FaceFeatures | null;
+    refFeatures: FaceFeatures | null;
+};
+export declare function faceToTemplate(features: FaceFeatures, label?: string): Promise<BiometricTemplate>;
+export declare function templateToFace(template: BiometricTemplate): FaceFeatures;
+export declare function generateLivenessChallenge(): FaceLivenessChallenge;
+/**
+ * Check liveness by comparing consecutive frames.
+ * Detects if the face is a static photo (no movement) or a live person.
+ */
+export declare function checkLiveness(frames: ImageData[], threshold?: number): {
+    isLive: boolean;
+    confidence: number;
+    motionScore: number;
+};
+export declare function collectDeviceInfo(): {
+    userAgent: string;
+    platform: string;
+    language: string;
+    screenResolution: [number, number];
+    timezone: string;
+    touchSupport: boolean;
+    hardwareConcurrency: number;
+};
+export declare function generateDeviceFingerprint(): Promise<string>;
+export declare function isWebAuthnAvailable(): boolean;
+export declare function isPasskeyAvailable(): Promise<boolean>;
+export declare function registerWebAuthn(options: {
+    rpName: string;
+    rpId: string;
+    userId: string;
+    userName: string;
+    userDisplayName: string;
+    challenge: BufferSource;
+    timeout?: number;
+}): Promise<PublicKeyCredential | null>;
+export declare function authenticateWebAuthn(options: {
+    rpId: string;
+    challenge: BufferSource;
+    allowCredentials?: PublicKeyCredentialDescriptor[];
+    timeout?: number;
+}): Promise<PublicKeyCredential | null>;
+export declare function verifyWithBackend(endpoint: string, payload: {
+    method: BiometricMethod;
+    templateData: string;
+    matchScore: number;
+    deviceFingerprint?: string;
+}, authToken?: string): Promise<{
+    verified: boolean;
+    serverScore?: number;
+    message?: string;
+}>;

package/dist/core/i18n.d.ts

@@ -0,0 +1,11 @@
+import { default as React } from 'react';
+export type NiceTranslateFn = (key: string, defaultValue: string) => string;
+export interface NiceI18nProviderProps {
+    /** Your translate function, e.g. the `t` from react-i18next. */
+    t: NiceTranslateFn;
+    children: React.ReactNode;
+}
+export declare const NiceI18nProvider: React.FC<NiceI18nProviderProps>;
+export declare function useNiceTranslation(): {
+    t: NiceTranslateFn;
+};

package/dist/core/types.d.ts

@@ -0,0 +1,244 @@
+/**
+ * @nice2dev/ui-security — Shared types
+ *
+ * Common type definitions used across all security components.
+ */
+export type SecurityVerificationStatus = 'idle' | 'scanning' | 'processing' | 'success' | 'failure' | 'error' | 'timeout';
+export type SecurityLevel = 'low' | 'medium' | 'high' | 'critical';
+export interface SecurityEvent {
+    type: string;
+    timestamp: number;
+    status: SecurityVerificationStatus;
+    details?: Record<string, unknown>;
+    deviceInfo?: DeviceInfo;
+}
+export interface DeviceInfo {
+    userAgent: string;
+    platform: string;
+    language: string;
+    screenResolution: [number, number];
+    timezone: string;
+    touchSupport: boolean;
+    webGLRenderer?: string;
+    hardwareConcurrency?: number;
+}
+export interface VerificationResult {
+    success: boolean;
+    confidence: number;
+    method: BiometricMethod;
+    timestamp: number;
+    duration: number;
+    livenessPassed?: boolean;
+    /** Raw data for optional backend verification. */
+    payload?: string;
+    /** Encrypted data for backend. */
+    encryptedPayload?: string;
+    error?: string;
+}
+export type BiometricMethod = 'fingerprint' | 'iris' | 'face' | 'voice' | 'webauthn' | 'pattern' | 'pin' | 'passphrase';
+export interface BiometricTemplate {
+    id: string;
+    method: BiometricMethod;
+    /** Base64-encoded template data. */
+    templateData: string;
+    /** When the template was enrolled. */
+    enrolled: number;
+    /** Human-readable label, e.g. "Left index finger". */
+    label?: string;
+    /** SHA-256 hash of raw template for integrity. */
+    hash?: string;
+}
+export interface BiometricConfig {
+    /** Minimum confidence threshold for a match (0-1). Default: 0.85 */
+    matchThreshold?: number;
+    /** Maximum time to wait for scan in ms. Default: 30000 */
+    timeout?: number;
+    /** Number of retry attempts. Default: 3 */
+    maxRetries?: number;
+    /** Enable liveness detection. Default: true */
+    livenessDetection?: boolean;
+    /** Optional backend URL for server-side verification. */
+    verifyEndpoint?: string;
+    /** JWT or API key for backend calls. */
+    authToken?: string;
+    /** Show visual feedback during scan. Default: true */
+    showFeedback?: boolean;
+    /** Vibrate on events (mobile). Default: true */
+    hapticFeedback?: boolean;
+    /** Language/locale override. */
+    locale?: string;
+    /** Security level. Higher = stricter thresholds. Default: 'high' */
+    securityLevel?: SecurityLevel;
+    /** Enable anti-spoofing checks. Default: true */
+    antiSpoofing?: boolean;
+}
+export type FingerPosition = 'left-thumb' | 'left-index' | 'left-middle' | 'left-ring' | 'left-little' | 'right-thumb' | 'right-index' | 'right-middle' | 'right-ring' | 'right-little';
+export interface MinutiaePoint {
+    x: number;
+    y: number;
+    angle: number;
+    type: 'ending' | 'bifurcation' | 'dot' | 'island' | 'spur';
+    quality: number;
+}
+export interface FingerprintFeatures {
+    minutiae: MinutiaePoint[];
+    corePoints: {
+        x: number;
+        y: number;
+    }[];
+    deltaPoints: {
+        x: number;
+        y: number;
+    }[];
+    ridgeCount: number;
+    patternType: 'arch' | 'loop-left' | 'loop-right' | 'whorl' | 'composite';
+    quality: number;
+}
+export type EyePosition = 'left' | 'right' | 'both';
+export interface IrisFeatures {
+    /** Normalized iris code (binary template). */
+    irisCode: string;
+    /** Pupil centre and radius. */
+    pupil: {
+        cx: number;
+        cy: number;
+        r: number;
+    };
+    /** Iris outer boundary. */
+    iris: {
+        cx: number;
+        cy: number;
+        r: number;
+    };
+    /** Hamming distance score 0-1 (lower = better match). */
+    hammingDistance?: number;
+    /** Quality score 0-1. */
+    quality: number;
+    /** Which eye. */
+    eye: EyePosition;
+}
+export interface FaceFeatures {
+    /** 128-dimensional face embedding. */
+    embedding: number[];
+    /** Bounding box of detected face. */
+    boundingBox: {
+        x: number;
+        y: number;
+        width: number;
+        height: number;
+    };
+    /** Facial landmarks (68 points). */
+    landmarks: {
+        x: number;
+        y: number;
+    }[];
+    /** Head pose angles. */
+    headPose: {
+        yaw: number;
+        pitch: number;
+        roll: number;
+    };
+    /** Quality score. */
+    quality: number;
+    /** Liveness confidence. */
+    livenessScore?: number;
+}
+export interface FaceLivenessChallenge {
+    type: 'blink' | 'smile' | 'turn-left' | 'turn-right' | 'nod' | 'raise-eyebrows';
+    instruction: string;
+    completed: boolean;
+    confidence: number;
+}
+export interface KeypadConfig {
+    /** Number of digits for PIN. Default: 4 */
+    length?: number;
+    /** Maximum length. Default: same as length */
+    maxLength?: number;
+    /** Randomise key positions. Default: false */
+    scramble?: boolean;
+    /** Show entered digits briefly. Default: false */
+    showDigits?: boolean;
+    /** Time before auto-clear in ms. Default: none */
+    autoClearTimeout?: number;
+    /** Allow biometric fallback. Default: false */
+    biometricFallback?: boolean;
+    /** Maximum attempts before lockout. Default: 5 */
+    maxAttempts?: number;
+    /** Lockout duration in ms. Default: 30000 */
+    lockoutDuration?: number;
+    /** Key size in px. */
+    keySize?: number;
+    /** Enable haptic feedback. Default: true */
+    haptic?: boolean;
+    /** Custom key labels (e.g. for phone-style letters). */
+    keyLabels?: Record<string, string>;
+}
+export interface PatternLockConfig {
+    /** Grid size (e.g. 3 = 3x3). Default: 3 */
+    gridSize?: number;
+    /** Minimum pattern length. Default: 4 */
+    minLength?: number;
+    /** Show pattern trail. Default: true */
+    showTrail?: boolean;
+    /** Show error animation. Default: true */
+    showError?: boolean;
+    /** Max attempts before lockout. Default: 5 */
+    maxAttempts?: number;
+    /** Lockout duration in ms. Default: 30000 */
+    lockoutDuration?: number;
+    /** Dot size in px. Default: 16 */
+    dotSize?: number;
+    /** Active dot size in px. Default: 24 */
+    activeDotSize?: number;
+    /** Trail color. Default: var(--security-accent) */
+    trailColor?: string;
+}
+export interface WebAuthnConfig {
+    /** Relying party name. */
+    rpName: string;
+    /** Relying party ID (domain). */
+    rpId: string;
+    /** User info for registration. */
+    user?: {
+        id: string;
+        name: string;
+        displayName: string;
+    };
+    /** Attestation preference. Default: 'none' */
+    attestation?: AttestationConveyancePreference;
+    /** Authenticator preference. Default: 'platform' */
+    authenticatorAttachment?: AuthenticatorAttachment;
+    /** Require resident key. Default: 'preferred' */
+    residentKey?: ResidentKeyRequirement;
+    /** User verification. Default: 'required' */
+    userVerification?: UserVerificationRequirement;
+    /** Timeout in ms. Default: 60000 */
+    timeout?: number;
+}
+export interface SecurityAuditEntry {
+    id: string;
+    timestamp: number;
+    action: SecurityAuditAction;
+    method?: BiometricMethod;
+    status: 'success' | 'failure' | 'error';
+    ip?: string;
+    device?: string;
+    location?: string;
+    details?: string;
+    riskScore?: number;
+}
+export type SecurityAuditAction = 'login' | 'logout' | 'enroll-biometric' | 'verify-biometric' | 'pin-entry' | 'pattern-entry' | 'passphrase-entry' | 'webauthn-register' | 'webauthn-authenticate' | 'lockout' | 'unlock' | 'password-change' | 'mfa-setup' | 'mfa-verify' | 'session-expired' | 'suspicious-activity';
+export interface DeviceTrustScore {
+    score: number;
+    factors: DeviceTrustFactor[];
+    trusted: boolean;
+    firstSeen: number;
+    lastSeen: number;
+    fingerprint: string;
+}
+export interface DeviceTrustFactor {
+    name: string;
+    score: number;
+    description: string;
+    weight: number;
+}