@nxuss/lemma 0.1.0

package/dist/security/MessageSanitizer.js

@@ -0,0 +1,166 @@
+"use strict";
+/**
+ * Message Sanitizer
+ * Validates and sanitizes incoming messages to prevent injection attacks
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MessageSanitizer = void 0;
+class MessageSanitizer {
+    constructor(options) {
+        this.maxStringLength = options?.maxStringLength || 10000;
+        this.maxArrayLength = options?.maxArrayLength || 1000;
+        this.maxObjectDepth = options?.maxObjectDepth || 10;
+    }
+    /**
+     * Sanitize a message
+     */
+    sanitize(message) {
+        const errors = [];
+        try {
+            const sanitized = this.sanitizeValue(message, 0, errors);
+            if (errors.length > 0) {
+                return { valid: false, errors };
+            }
+            return { valid: true, sanitized };
+        }
+        catch (error) {
+            return {
+                valid: false,
+                errors: [`Sanitization error: ${error.message}`],
+            };
+        }
+    }
+    /**
+     * Sanitize a value recursively
+     */
+    sanitizeValue(value, depth, errors) {
+        // Check depth
+        if (depth > this.maxObjectDepth) {
+            errors.push(`Maximum object depth (${this.maxObjectDepth}) exceeded`);
+            return null;
+        }
+        // Handle null/undefined
+        if (value === null || value === undefined) {
+            return value;
+        }
+        // Handle strings
+        if (typeof value === 'string') {
+            return this.sanitizeString(value, errors);
+        }
+        // Handle numbers
+        if (typeof value === 'number') {
+            if (!Number.isFinite(value)) {
+                errors.push('Invalid number (NaN or Infinity)');
+                return 0;
+            }
+            return value;
+        }
+        // Handle booleans
+        if (typeof value === 'boolean') {
+            return value;
+        }
+        // Handle arrays
+        if (Array.isArray(value)) {
+            return this.sanitizeArray(value, depth, errors);
+        }
+        // Handle objects
+        if (typeof value === 'object') {
+            return this.sanitizeObject(value, depth, errors);
+        }
+        // Reject functions, symbols, etc.
+        errors.push(`Invalid type: ${typeof value}`);
+        return null;
+    }
+    /**
+     * Sanitize a string
+     */
+    sanitizeString(str, errors) {
+        // Check length
+        if (str.length > this.maxStringLength) {
+            errors.push(`String too long (${str.length} > ${this.maxStringLength})`);
+            return str.substring(0, this.maxStringLength);
+        }
+        // Remove null bytes
+        str = str.replace(/\0/g, '');
+        // Remove control characters (except newline, tab, carriage return)
+        str = str.replace(/[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]/g, '');
+        return str;
+    }
+    /**
+     * Sanitize an array
+     */
+    sanitizeArray(arr, depth, errors) {
+        // Check length
+        if (arr.length > this.maxArrayLength) {
+            errors.push(`Array too long (${arr.length} > ${this.maxArrayLength})`);
+            arr = arr.slice(0, this.maxArrayLength);
+        }
+        return arr.map((item) => this.sanitizeValue(item, depth + 1, errors));
+    }
+    /**
+     * Sanitize an object
+     */
+    sanitizeObject(obj, depth, errors) {
+        const sanitized = {};
+        for (const key in obj) {
+            if (obj.hasOwnProperty(key)) {
+                // Sanitize key
+                const sanitizedKey = this.sanitizeString(key, errors);
+                // Sanitize value
+                sanitized[sanitizedKey] = this.sanitizeValue(obj[key], depth + 1, errors);
+            }
+        }
+        return sanitized;
+    }
+    /**
+     * Validate message structure
+     */
+    validateMessageStructure(message) {
+        const errors = [];
+        // Check if message is an object
+        if (typeof message !== 'object' || message === null) {
+            errors.push('Message must be an object');
+            return { valid: false, errors };
+        }
+        // Check required fields
+        if (!message.type) {
+            errors.push('Message must have a "type" field');
+        }
+        if (!message.id) {
+            errors.push('Message must have an "id" field');
+        }
+        if (!message.timestamp) {
+            errors.push('Message must have a "timestamp" field');
+        }
+        // Validate timestamp
+        if (message.timestamp) {
+            const now = Date.now();
+            const diff = Math.abs(now - message.timestamp);
+            // Allow 5 minutes clock skew
+            if (diff > 5 * 60 * 1000) {
+                errors.push('Message timestamp too far from current time');
+            }
+        }
+        return {
+            valid: errors.length === 0,
+            errors: errors.length > 0 ? errors : undefined,
+        };
+    }
+    /**
+     * Sanitize and validate a message
+     */
+    sanitizeAndValidate(message) {
+        // First validate structure
+        const structureValidation = this.validateMessageStructure(message);
+        if (!structureValidation.valid) {
+            return {
+                valid: false,
+                errors: structureValidation.errors,
+            };
+        }
+        // Then sanitize
+        return this.sanitize(message);
+    }
+}
+exports.MessageSanitizer = MessageSanitizer;
+//# sourceMappingURL=MessageSanitizer.js.map

package/dist/security/MessageSanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MessageSanitizer.js","sourceRoot":"","sources":["../../src/security/MessageSanitizer.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAQH,MAAa,gBAAgB;IAK3B,YAAY,OAIX;QACC,IAAI,CAAC,eAAe,GAAG,OAAO,EAAE,eAAe,IAAI,KAAK,CAAC;QACzD,IAAI,CAAC,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,IAAI,CAAC;QACtD,IAAI,CAAC,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,EAAE,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAY;QACnB,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;YAEzD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;YAClC,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,CAAC,uBAAwB,KAAe,CAAC,OAAO,EAAE,CAAC;aAC5D,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAAU,EAAE,KAAa,EAAE,MAAgB;QAC/D,cAAc;QACd,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAI,CAAC,cAAc,YAAY,CAAC,CAAC;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,wBAAwB;QACxB,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,iBAAiB;QACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QAED,iBAAiB;QACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBAChD,OAAO,CAAC,CAAC;YACX,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,kBAAkB;QAClB,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,gBAAgB;QAChB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAClD,CAAC;QAED,iBAAiB;QACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,kCAAkC;QAClC,MAAM,CAAC,IAAI,CAAC,iBAAiB,OAAO,KAAK,EAAE,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAW,EAAE,MAAgB;QAClD,eAAe;QACf,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CACT,oBAAoB,GAAG,CAAC,MAAM,MAAM,IAAI,CAAC,eAAe,GAAG,CAC5D,CAAC;YACF,OAAO,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QAChD,CAAC;QAED,oBAAoB;QACpB,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAE7B,mEAAmE;QACnE,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,oCAAoC,EAAE,EAAE,CAAC,CAAC;QAE5D,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,GAAU,EAAE,KAAa,EAAE,MAAgB;QAC/D,eAAe;QACf,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,mBAAmB,GAAG,CAAC,MAAM,MAAM,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC;YACvE,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAQ,EAAE,KAAa,EAAE,MAAgB;QAC9D,MAAM,SAAS,GAAQ,EAAE,CAAC;QAE1B,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;YACtB,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5B,eAAe;gBACf,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;gBAEtD,iBAAiB;gBACjB,SAAS,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,aAAa,CAC1C,GAAG,CAAC,GAAG,CAAC,EACR,KAAK,GAAG,CAAC,EACT,MAAM,CACP,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,OAAY;QAInC,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,gCAAgC;QAChC,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YACzC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAClC,CAAC;QAED,wBAAwB;QACxB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACvD,CAAC;QAED,qBAAqB;QACrB,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YAE/C,6BAA6B;YAC7B,IAAI,IAAI,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;SAC/C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,OAAY;QAC9B,2BAA2B;QAC3B,MAAM,mBAAmB,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACnE,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC/B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,mBAAmB,CAAC,MAAM;aACnC,CAAC;QACJ,CAAC;QAED,gBAAgB;QAChB,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;CACF;AA5MD,4CA4MC"}

package/dist/security/RateLimiter.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Rate Limiter
+ * Prevents abuse by limiting requests per agent
+ */
+export interface RateLimitConfig {
+    requestsPerMinute: number;
+    requestsPerHour: number;
+    blockDuration?: number;
+}
+export declare class RateLimiter {
+    private limits;
+    private cleanupInterval;
+    constructor();
+    /**
+     * Check if request is allowed
+     */
+    checkLimit(identifier: string, config: RateLimitConfig): {
+        allowed: boolean;
+        remaining: {
+            perMinute: number;
+            perHour: number;
+        };
+        resetAt?: number;
+    };
+    /**
+     * Reset limits for an identifier
+     */
+    reset(identifier: string): void;
+    /**
+     * Get current usage for an identifier
+     */
+    getUsage(identifier: string): {
+        minuteRequests: number;
+        hourRequests: number;
+        blockedUntil?: number;
+    };
+    /**
+     * Cleanup old entries
+     */
+    private cleanup;
+    /**
+     * Destroy rate limiter
+     */
+    destroy(): void;
+}
+//# sourceMappingURL=RateLimiter.d.ts.map

package/dist/security/RateLimiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"RateLimiter.d.ts","sourceRoot":"","sources":["../../src/security/RateLimiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAQD,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAA0C;IACxD,OAAO,CAAC,eAAe,CAAiB;;IASxC;;OAEG;IACH,UAAU,CACR,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,eAAe,GACtB;QACD,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,EAAE;YACT,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB;IA6ED;;OAEG;IACH,KAAK,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAI/B;;OAEG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG;QAC5B,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB;IAuBD;;OAEG;IACH,OAAO,CAAC,OAAO;IAgBf;;OAEG;IACH,OAAO,IAAI,IAAI;CAIhB"}

package/dist/security/RateLimiter.js

@@ -0,0 +1,133 @@
+"use strict";
+/**
+ * Rate Limiter
+ * Prevents abuse by limiting requests per agent
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RateLimiter = void 0;
+class RateLimiter {
+    constructor() {
+        this.limits = new Map();
+        // Cleanup old entries every 5 minutes
+        this.cleanupInterval = setInterval(() => {
+            this.cleanup();
+        }, 5 * 60 * 1000);
+    }
+    /**
+     * Check if request is allowed
+     */
+    checkLimit(identifier, config) {
+        const now = Date.now();
+        let entry = this.limits.get(identifier);
+        if (!entry) {
+            entry = {
+                minuteRequests: [],
+                hourRequests: [],
+            };
+            this.limits.set(identifier, entry);
+        }
+        // Check if blocked
+        if (entry.blockedUntil && now < entry.blockedUntil) {
+            return {
+                allowed: false,
+                remaining: { perMinute: 0, perHour: 0 },
+                resetAt: entry.blockedUntil,
+            };
+        }
+        // Clean old requests
+        const oneMinuteAgo = now - 60 * 1000;
+        const oneHourAgo = now - 60 * 60 * 1000;
+        entry.minuteRequests = entry.minuteRequests.filter((t) => t > oneMinuteAgo);
+        entry.hourRequests = entry.hourRequests.filter((t) => t > oneHourAgo);
+        // Check limits
+        const minuteCount = entry.minuteRequests.length;
+        const hourCount = entry.hourRequests.length;
+        if (minuteCount >= config.requestsPerMinute) {
+            // Block if configured
+            if (config.blockDuration) {
+                entry.blockedUntil = now + config.blockDuration;
+            }
+            return {
+                allowed: false,
+                remaining: {
+                    perMinute: 0,
+                    perHour: Math.max(0, config.requestsPerHour - hourCount),
+                },
+                resetAt: entry.minuteRequests[0] + 60 * 1000,
+            };
+        }
+        if (hourCount >= config.requestsPerHour) {
+            // Block if configured
+            if (config.blockDuration) {
+                entry.blockedUntil = now + config.blockDuration;
+            }
+            return {
+                allowed: false,
+                remaining: {
+                    perMinute: Math.max(0, config.requestsPerMinute - minuteCount),
+                    perHour: 0,
+                },
+                resetAt: entry.hourRequests[0] + 60 * 60 * 1000,
+            };
+        }
+        // Record request
+        entry.minuteRequests.push(now);
+        entry.hourRequests.push(now);
+        return {
+            allowed: true,
+            remaining: {
+                perMinute: config.requestsPerMinute - minuteCount - 1,
+                perHour: config.requestsPerHour - hourCount - 1,
+            },
+        };
+    }
+    /**
+     * Reset limits for an identifier
+     */
+    reset(identifier) {
+        this.limits.delete(identifier);
+    }
+    /**
+     * Get current usage for an identifier
+     */
+    getUsage(identifier) {
+        const entry = this.limits.get(identifier);
+        if (!entry) {
+            return { minuteRequests: 0, hourRequests: 0 };
+        }
+        const now = Date.now();
+        const oneMinuteAgo = now - 60 * 1000;
+        const oneHourAgo = now - 60 * 60 * 1000;
+        const minuteRequests = entry.minuteRequests.filter((t) => t > oneMinuteAgo).length;
+        const hourRequests = entry.hourRequests.filter((t) => t > oneHourAgo).length;
+        return {
+            minuteRequests,
+            hourRequests,
+            blockedUntil: entry.blockedUntil,
+        };
+    }
+    /**
+     * Cleanup old entries
+     */
+    cleanup() {
+        const now = Date.now();
+        const oneHourAgo = now - 60 * 60 * 1000;
+        for (const [identifier, entry] of this.limits.entries()) {
+            // Remove if no recent requests and not blocked
+            if (entry.hourRequests.length === 0 ||
+                (entry.hourRequests[entry.hourRequests.length - 1] < oneHourAgo &&
+                    (!entry.blockedUntil || now > entry.blockedUntil))) {
+                this.limits.delete(identifier);
+            }
+        }
+    }
+    /**
+     * Destroy rate limiter
+     */
+    destroy() {
+        clearInterval(this.cleanupInterval);
+        this.limits.clear();
+    }
+}
+exports.RateLimiter = RateLimiter;
+//# sourceMappingURL=RateLimiter.js.map

package/dist/security/RateLimiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RateLimiter.js","sourceRoot":"","sources":["../../src/security/RateLimiter.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAcH,MAAa,WAAW;IAItB;QAHQ,WAAM,GAAgC,IAAI,GAAG,EAAE,CAAC;QAItD,sCAAsC;QACtC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,UAAU,CACR,UAAkB,EAClB,MAAuB;QASvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAExC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG;gBACN,cAAc,EAAE,EAAE;gBAClB,YAAY,EAAE,EAAE;aACjB,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;QAED,mBAAmB;QACnB,IAAI,KAAK,CAAC,YAAY,IAAI,GAAG,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;YACnD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE;gBACvC,OAAO,EAAE,KAAK,CAAC,YAAY;aAC5B,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,MAAM,YAAY,GAAG,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC;QACrC,MAAM,UAAU,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAExC,KAAK,CAAC,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,YAAY,CAAC,CAAC;QAC5E,KAAK,CAAC,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;QAEtE,eAAe;QACf,MAAM,WAAW,GAAG,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC;QAChD,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC;QAE5C,IAAI,WAAW,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAC5C,sBAAsB;YACtB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,KAAK,CAAC,YAAY,GAAG,GAAG,GAAG,MAAM,CAAC,aAAa,CAAC;YAClD,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE;oBACT,SAAS,EAAE,CAAC;oBACZ,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,eAAe,GAAG,SAAS,CAAC;iBACzD;gBACD,OAAO,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI;aAC7C,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACxC,sBAAsB;YACtB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,KAAK,CAAC,YAAY,GAAG,GAAG,GAAG,MAAM,CAAC,aAAa,CAAC;YAClD,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE;oBACT,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,iBAAiB,GAAG,WAAW,CAAC;oBAC9D,OAAO,EAAE,CAAC;iBACX;gBACD,OAAO,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;aAChD,CAAC;QACJ,CAAC;QAED,iBAAiB;QACjB,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/B,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE7B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE;gBACT,SAAS,EAAE,MAAM,CAAC,iBAAiB,GAAG,WAAW,GAAG,CAAC;gBACrD,OAAO,EAAE,MAAM,CAAC,eAAe,GAAG,SAAS,GAAG,CAAC;aAChD;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAkB;QACtB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,UAAkB;QAKzB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAE1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;QAChD,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,YAAY,GAAG,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC;QACrC,MAAM,UAAU,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAExC,MAAM,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC,MAAM,CAChD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,YAAY,CACxB,CAAC,MAAM,CAAC;QACT,MAAM,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,MAAM,CAAC;QAE7E,OAAO;YACL,cAAc;YACd,YAAY;YACZ,YAAY,EAAE,KAAK,CAAC,YAAY;SACjC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAExC,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YACxD,+CAA+C;YAC/C,IACE,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;gBAC/B,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,UAAU;oBAC7D,CAAC,CAAC,KAAK,CAAC,YAAY,IAAI,GAAG,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,EACpD,CAAC;gBACD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO;QACL,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;CACF;AApKD,kCAoKC"}

package/dist/security/SecurityMiddleware.d.ts

@@ -0,0 +1,88 @@
+import { ApiKey } from './AuthManager';
+/**
+ * Security Middleware
+ * Integrates all security features into a single middleware
+ */
+export interface SecurityConfig {
+    auth: {
+        enabled: boolean;
+        requireApiKey: boolean;
+        allowedOrigins?: string[];
+        defaultRateLimit?: {
+            requestsPerMinute: number;
+            requestsPerHour: number;
+        };
+    };
+    rateLimit: {
+        enabled: boolean;
+        requestsPerMinute: number;
+        requestsPerHour: number;
+        blockDuration?: number;
+    };
+    sanitization: {
+        enabled: boolean;
+        maxStringLength?: number;
+        maxArrayLength?: number;
+        maxObjectDepth?: number;
+    };
+}
+export interface SecurityCheckResult {
+    allowed: boolean;
+    reason?: string;
+    apiKey?: ApiKey;
+    rateLimit?: {
+        remaining: {
+            perMinute: number;
+            perHour: number;
+        };
+        resetAt?: number;
+    };
+    sanitizedMessage?: any;
+}
+export declare class SecurityMiddleware {
+    private authManager;
+    private rateLimiter;
+    private sanitizer;
+    private config;
+    constructor(config: SecurityConfig);
+    /**
+     * Check if a request is allowed
+     */
+    checkRequest(apiKey: string | undefined, origin: string | undefined, message: any, identifier: string): SecurityCheckResult;
+    /**
+     * Generate a new API key
+     */
+    generateApiKey(agentId: string, name: string, options?: {
+        expiresIn?: number;
+        permissions?: string[];
+        rateLimit?: {
+            requestsPerMinute: number;
+            requestsPerHour: number;
+        };
+    }): string;
+    /**
+     * Revoke an API key
+     */
+    revokeApiKey(key: string): boolean;
+    /**
+     * List API keys
+     */
+    listApiKeys(agentId?: string): ApiKey[];
+    /**
+     * Get rate limit usage
+     */
+    getRateLimitUsage(identifier: string): {
+        minuteRequests: number;
+        hourRequests: number;
+        blockedUntil?: number;
+    };
+    /**
+     * Reset rate limit for an identifier
+     */
+    resetRateLimit(identifier: string): void;
+    /**
+     * Destroy security middleware
+     */
+    destroy(): void;
+}
+//# sourceMappingURL=SecurityMiddleware.d.ts.map

package/dist/security/SecurityMiddleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecurityMiddleware.d.ts","sourceRoot":"","sources":["../../src/security/SecurityMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,MAAM,EAAE,MAAM,eAAe,CAAC;AAIpD;;;GAGG;AAEH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE;QACJ,OAAO,EAAE,OAAO,CAAC;QACjB,aAAa,EAAE,OAAO,CAAC;QACvB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,gBAAgB,CAAC,EAAE;YACjB,iBAAiB,EAAE,MAAM,CAAC;YAC1B,eAAe,EAAE,MAAM,CAAC;SACzB,CAAC;KACH,CAAC;IACF,SAAS,EAAE;QACT,OAAO,EAAE,OAAO,CAAC;QACjB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,eAAe,EAAE,MAAM,CAAC;QACxB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,YAAY,EAAE;QACZ,OAAO,EAAE,OAAO,CAAC;QACjB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE;QACV,SAAS,EAAE;YACT,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,gBAAgB,CAAC,EAAE,GAAG,CAAC;CACxB;AAED,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,SAAS,CAAmB;IACpC,OAAO,CAAC,MAAM,CAAiB;gBAEnB,MAAM,EAAE,cAAc;IAOlC;;OAEG;IACH,YAAY,CACV,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,OAAO,EAAE,GAAG,EACZ,UAAU,EAAE,MAAM,GACjB,mBAAmB;IA2GtB;;OAEG;IACH,cAAc,CACZ,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;QACvB,SAAS,CAAC,EAAE;YAAE,iBAAiB,EAAE,MAAM,CAAC;YAAC,eAAe,EAAE,MAAM,CAAA;SAAE,CAAC;KACpE,GACA,MAAM;IAIT;;OAEG;IACH,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIlC;;OAEG;IACH,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE;IAIvC;;OAEG;IACH,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG;QACrC,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB;IAID;;OAEG;IACH,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAIxC;;OAEG;IACH,OAAO,IAAI,IAAI;CAGhB"}

package/dist/security/SecurityMiddleware.js

@@ -0,0 +1,146 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityMiddleware = void 0;
+const AuthManager_1 = require("./AuthManager");
+const RateLimiter_1 = require("./RateLimiter");
+const MessageSanitizer_1 = require("./MessageSanitizer");
+class SecurityMiddleware {
+    constructor(config) {
+        this.config = config;
+        this.authManager = new AuthManager_1.AuthManager(config.auth);
+        this.rateLimiter = new RateLimiter_1.RateLimiter();
+        this.sanitizer = new MessageSanitizer_1.MessageSanitizer(config.sanitization);
+    }
+    /**
+     * Check if a request is allowed
+     */
+    checkRequest(apiKey, origin, message, identifier) {
+        // 1. Check authentication
+        if (this.config.auth.enabled) {
+            const authResult = this.authManager.validateApiKey(apiKey || '');
+            if (!authResult.valid) {
+                return {
+                    allowed: false,
+                    reason: authResult.reason || 'Authentication failed',
+                };
+            }
+            // Check origin (CORS)
+            if (origin && !this.authManager.validateOrigin(origin)) {
+                return {
+                    allowed: false,
+                    reason: 'Origin not allowed',
+                };
+            }
+            // 2. Check rate limit
+            if (this.config.rateLimit.enabled && authResult.apiKey) {
+                const rateLimit = this.authManager.getRateLimit(authResult.apiKey);
+                const rateLimitResult = this.rateLimiter.checkLimit(identifier, {
+                    ...rateLimit,
+                    blockDuration: this.config.rateLimit.blockDuration,
+                });
+                if (!rateLimitResult.allowed) {
+                    return {
+                        allowed: false,
+                        reason: 'Rate limit exceeded',
+                        rateLimit: {
+                            remaining: rateLimitResult.remaining,
+                            resetAt: rateLimitResult.resetAt,
+                        },
+                    };
+                }
+                // 3. Sanitize message
+                let sanitizedMessage = message;
+                if (this.config.sanitization.enabled) {
+                    const sanitizationResult = this.sanitizer.sanitizeAndValidate(message);
+                    if (!sanitizationResult.valid) {
+                        return {
+                            allowed: false,
+                            reason: `Message validation failed: ${sanitizationResult.errors?.join(', ')}`,
+                        };
+                    }
+                    sanitizedMessage = sanitizationResult.sanitized;
+                }
+                return {
+                    allowed: true,
+                    apiKey: authResult.apiKey,
+                    rateLimit: {
+                        remaining: rateLimitResult.remaining,
+                    },
+                    sanitizedMessage,
+                };
+            }
+        }
+        // If auth is disabled, still check rate limit and sanitization
+        if (this.config.rateLimit.enabled) {
+            const rateLimitResult = this.rateLimiter.checkLimit(identifier, {
+                requestsPerMinute: this.config.rateLimit.requestsPerMinute,
+                requestsPerHour: this.config.rateLimit.requestsPerHour,
+                blockDuration: this.config.rateLimit.blockDuration,
+            });
+            if (!rateLimitResult.allowed) {
+                return {
+                    allowed: false,
+                    reason: 'Rate limit exceeded',
+                    rateLimit: {
+                        remaining: rateLimitResult.remaining,
+                        resetAt: rateLimitResult.resetAt,
+                    },
+                };
+            }
+        }
+        // Sanitize message
+        let sanitizedMessage = message;
+        if (this.config.sanitization.enabled) {
+            const sanitizationResult = this.sanitizer.sanitizeAndValidate(message);
+            if (!sanitizationResult.valid) {
+                return {
+                    allowed: false,
+                    reason: `Message validation failed: ${sanitizationResult.errors?.join(', ')}`,
+                };
+            }
+            sanitizedMessage = sanitizationResult.sanitized;
+        }
+        return {
+            allowed: true,
+            sanitizedMessage,
+        };
+    }
+    /**
+     * Generate a new API key
+     */
+    generateApiKey(agentId, name, options) {
+        return this.authManager.generateApiKey(agentId, name, options);
+    }
+    /**
+     * Revoke an API key
+     */
+    revokeApiKey(key) {
+        return this.authManager.revokeApiKey(key);
+    }
+    /**
+     * List API keys
+     */
+    listApiKeys(agentId) {
+        return this.authManager.listApiKeys(agentId);
+    }
+    /**
+     * Get rate limit usage
+     */
+    getRateLimitUsage(identifier) {
+        return this.rateLimiter.getUsage(identifier);
+    }
+    /**
+     * Reset rate limit for an identifier
+     */
+    resetRateLimit(identifier) {
+        this.rateLimiter.reset(identifier);
+    }
+    /**
+     * Destroy security middleware
+     */
+    destroy() {
+        this.rateLimiter.destroy();
+    }
+}
+exports.SecurityMiddleware = SecurityMiddleware;
+//# sourceMappingURL=SecurityMiddleware.js.map

package/dist/security/SecurityMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecurityMiddleware.js","sourceRoot":"","sources":["../../src/security/SecurityMiddleware.ts"],"names":[],"mappings":";;;AAAA,+CAAoD;AACpD,+CAA6D;AAC7D,yDAAsD;AA6CtD,MAAa,kBAAkB;IAM7B,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,IAAI,yBAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,IAAI,yBAAW,EAAE,CAAC;QACrC,IAAI,CAAC,SAAS,GAAG,IAAI,mCAAgB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,YAAY,CACV,MAA0B,EAC1B,MAA0B,EAC1B,OAAY,EACZ,UAAkB;QAElB,0BAA0B;QAC1B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;YAEjE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,uBAAuB;iBACrD,CAAC;YACJ,CAAC;YAED,sBAAsB;YACtB,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,oBAAoB;iBAC7B,CAAC;YACJ,CAAC;YAED,sBAAsB;YACtB,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;gBACvD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;gBACnE,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,UAAU,EAAE;oBAC9D,GAAG,SAAS;oBACZ,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,aAAa;iBACnD,CAAC,CAAC;gBAEH,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;oBAC7B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,qBAAqB;wBAC7B,SAAS,EAAE;4BACT,SAAS,EAAE,eAAe,CAAC,SAAS;4BACpC,OAAO,EAAE,eAAe,CAAC,OAAO;yBACjC;qBACF,CAAC;gBACJ,CAAC;gBAED,sBAAsB;gBACtB,IAAI,gBAAgB,GAAG,OAAO,CAAC;gBAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;oBACrC,MAAM,kBAAkB,GACtB,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;oBAE9C,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;wBAC9B,OAAO;4BACL,OAAO,EAAE,KAAK;4BACd,MAAM,EAAE,8BAA8B,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;yBAC9E,CAAC;oBACJ,CAAC;oBAED,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;gBAClD,CAAC;gBAED,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,UAAU,CAAC,MAAM;oBACzB,SAAS,EAAE;wBACT,SAAS,EAAE,eAAe,CAAC,SAAS;qBACrC;oBACD,gBAAgB;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,UAAU,EAAE;gBAC9D,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,iBAAiB;gBAC1D,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,eAAe;gBACtD,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,aAAa;aACnD,CAAC,CAAC;YAEH,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBAC7B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,qBAAqB;oBAC7B,SAAS,EAAE;wBACT,SAAS,EAAE,eAAe,CAAC,SAAS;wBACpC,OAAO,EAAE,eAAe,CAAC,OAAO;qBACjC;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,IAAI,gBAAgB,GAAG,OAAO,CAAC;QAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,kBAAkB,GAAG,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAEvE,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;gBAC9B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,8BAA8B,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;iBAC9E,CAAC;YACJ,CAAC;YAED,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QAClD,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,gBAAgB;SACjB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,cAAc,CACZ,OAAe,EACf,IAAY,EACZ,OAIC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,GAAW;QACtB,OAAO,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAAgB;QAC1B,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,UAAkB;QAKlC,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,UAAkB;QAC/B,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;IAC7B,CAAC;CACF;AArLD,gDAqLC"}

package/dist/security/index.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Security Module
+ * Exports all security-related components
+ */
+export { AuthManager, ApiKey, AuthConfig } from './AuthManager';
+export { RateLimiter, RateLimitConfig } from './RateLimiter';
+export { MessageSanitizer, SanitizationResult } from './MessageSanitizer';
+export { SecurityMiddleware, SecurityConfig, SecurityCheckResult } from './SecurityMiddleware';
+/**
+ * Default security configuration
+ */
+export declare const DEFAULT_SECURITY_CONFIG: {
+    auth: {
+        enabled: boolean;
+        requireApiKey: boolean;
+        allowedOrigins: string[];
+        defaultRateLimit: {
+            requestsPerMinute: number;
+            requestsPerHour: number;
+        };
+    };
+    rateLimit: {
+        enabled: boolean;
+        requestsPerMinute: number;
+        requestsPerHour: number;
+        blockDuration: number;
+    };
+    sanitization: {
+        enabled: boolean;
+        maxStringLength: number;
+        maxArrayLength: number;
+        maxObjectDepth: number;
+    };
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAE/F;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;CAsBnC,CAAC"}