npm - @objectstack/spec - Versions diffs - 0.3.0 → 0.3.1 - Mend

@objectstack/spec 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (386) hide show

package/dist/system/audit.zod.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit.zod.d.ts","sourceRoot":"","sources":["../../src/system/audit.zod.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;;GAYG;AAEH;;;GAGG;AACH,eAAO,MAAM,cAAc,s8BAoDzB,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,kBAAkB,8FAS7B,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE;;;GAGG;AACH,eAAO,MAAM,qBAAqB;IAChC;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE;;;GAGG;AACH,eAAO,MAAM,sBAAsB;IACjC;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;;GAGG;AACH,eAAO,MAAM,sBAAsB;IACjC;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;;GAGG;AACH,eAAO,MAAM,gBAAgB;IAC3B;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;QA/GH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;IAuFH;;OAEG;;QA9EH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAgEH;;OAEG;;IAGH;;OAEG;;QA5DH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;IAmDH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMH,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D;;;GAGG;AACH,eAAO,MAAM,0BAA0B;IACrC;;;OAGG;;IAGH;;;OAGG;;IAGH;;OAEG;;;;;;;;;;;;;;;;;;;;IASH;;;OAGG;;IAGH;;;OAGG;;;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE9E;;;GAGG;AACH,eAAO,MAAM,4BAA4B;IACvC;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;IAUH;;OAEG;;IAGH;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGL,CAAC;AAEH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAElF;;;GAGG;AACH,eAAO,MAAM,wBAAwB;IACnC;;OAEG;;IAYH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E;;;GAGG;AACH,eAAO,MAAM,sBAAsB;IACjC;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;IAMH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;;GAGG;AACH,eAAO,MAAM,iBAAiB;IAC5B;;;;OAIG;;IAMH;;OAEG;;IAGH;;OAEG;;IAGH;;;OAGG;;IAGH;;OAEG;;IAGH;;;OAGG;;IAGH;;OAEG;;QA9IH;;WAEG;;QAYH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;IAwGH;;OAEG;;QA7RH;;;WAGG;;QAGH;;;WAGG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;QASH;;;WAGG;;QAGH;;;WAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;IAgQH;;OAEG;;QAvPH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;YAED;;eAEG;;YAGH;;eAEG;;YAGH;;eAEG;;YAGH;;eAEG;;;;;;;;;;;;;QAIL;;WAEG;;QAUH;;WAEG;;QAGH;;WAEG;;YAED;;eAEG;;YAGH;;eAEG;;YAGH;;eAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAuKL;;;OAGG;;IAGH;;OAEG;;IAWH;;;OAGG;;IAGH;;;OAGG;;IAGH;;OAEG;;IAGH;;;OAGG;;;;;;;;;;;IAMH;;OAEG;;QAED;;WAEG;;QAUH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGL,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,iCAAiC,EAAE,sBAAsB,EAwDrE,CAAC"}

package/dist/system/audit.zod.js ADDED Viewed

@@ -0,0 +1,596 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_SUSPICIOUS_ACTIVITY_RULES = exports.AuditConfigSchema = exports.AuditEventFilterSchema = exports.AuditStorageConfigSchema = exports.SuspiciousActivityRuleSchema = exports.AuditRetentionPolicySchema = exports.AuditEventSchema = exports.AuditEventChangeSchema = exports.AuditEventTargetSchema = exports.AuditEventActorSchema = exports.AuditEventSeverity = exports.AuditEventType = void 0;
+const zod_1 = require("zod");
+/**
+ * Audit Log Architecture
+ *
+ * Comprehensive audit logging system for compliance and security.
+ * Supports SOX, HIPAA, GDPR, and other regulatory requirements.
+ *
+ * Features:
+ * - Records all CRUD operations on data
+ * - Tracks authentication events (login, logout, password reset)
+ * - Monitors authorization changes (permissions, roles)
+ * - Configurable retention policies (180-day GDPR requirement)
+ * - Suspicious activity detection and alerting
+ */
+/**
+ * Audit Event Type Enum
+ * Categorizes different types of auditable events in the system
+ */
+exports.AuditEventType = zod_1.z.enum([
+    // Data Operations (CRUD)
+    'data.create', // Record creation
+    'data.read', // Record retrieval/viewing
+    'data.update', // Record modification
+    'data.delete', // Record deletion
+    'data.export', // Data export operations
+    'data.import', // Data import operations
+    'data.bulk_update', // Bulk update operations
+    'data.bulk_delete', // Bulk delete operations
+    // Authentication Events
+    'auth.login', // Successful login
+    'auth.login_failed', // Failed login attempt
+    'auth.logout', // User logout
+    'auth.session_created', // New session created
+    'auth.session_expired', // Session expiration
+    'auth.password_reset', // Password reset initiated
+    'auth.password_changed', // Password successfully changed
+    'auth.email_verified', // Email verification completed
+    'auth.mfa_enabled', // Multi-factor auth enabled
+    'auth.mfa_disabled', // Multi-factor auth disabled
+    'auth.account_locked', // Account locked (too many failures)
+    'auth.account_unlocked', // Account unlocked
+    // Authorization Events
+    'authz.permission_granted', // Permission granted to user
+    'authz.permission_revoked', // Permission revoked from user
+    'authz.role_assigned', // Role assigned to user
+    'authz.role_removed', // Role removed from user
+    'authz.role_created', // New role created
+    'authz.role_updated', // Role permissions modified
+    'authz.role_deleted', // Role deleted
+    'authz.policy_created', // Security policy created
+    'authz.policy_updated', // Security policy updated
+    'authz.policy_deleted', // Security policy deleted
+    // System Events
+    'system.config_changed', // System configuration modified
+    'system.plugin_installed', // Plugin installed
+    'system.plugin_uninstalled', // Plugin uninstalled
+    'system.backup_created', // Backup created
+    'system.backup_restored', // Backup restored
+    'system.integration_added', // External integration added
+    'system.integration_removed', // External integration removed
+    // Security Events
+    'security.access_denied', // Access denied (authorization failure)
+    'security.suspicious_activity', // Suspicious activity detected
+    'security.data_breach', // Potential data breach detected
+    'security.api_key_created', // API key created
+    'security.api_key_revoked', // API key revoked
+]);
+/**
+ * Audit Event Severity Level
+ * Indicates the importance/criticality of an audit event
+ */
+exports.AuditEventSeverity = zod_1.z.enum([
+    'debug', // Diagnostic information
+    'info', // Informational events (normal operations)
+    'notice', // Normal but significant events
+    'warning', // Warning conditions
+    'error', // Error conditions
+    'critical', // Critical conditions requiring immediate attention
+    'alert', // Action must be taken immediately
+    'emergency', // System is unusable
+]);
+/**
+ * Audit Event Actor Schema
+ * Identifies who/what performed the action
+ */
+exports.AuditEventActorSchema = zod_1.z.object({
+    /**
+     * Actor type (user, system, service, api_client, etc.)
+     */
+    type: zod_1.z.enum(['user', 'system', 'service', 'api_client', 'integration']).describe('Actor type'),
+    /**
+     * Unique identifier for the actor
+     */
+    id: zod_1.z.string().describe('Actor identifier'),
+    /**
+     * Display name of the actor
+     */
+    name: zod_1.z.string().optional().describe('Actor display name'),
+    /**
+     * Email address (for user actors)
+     */
+    email: zod_1.z.string().email().optional().describe('Actor email address'),
+    /**
+     * IP address of the actor
+     */
+    ipAddress: zod_1.z.string().optional().describe('Actor IP address'),
+    /**
+     * User agent string (for web/API requests)
+     */
+    userAgent: zod_1.z.string().optional().describe('User agent string'),
+});
+/**
+ * Audit Event Target Schema
+ * Identifies what was acted upon
+ */
+exports.AuditEventTargetSchema = zod_1.z.object({
+    /**
+     * Target type (e.g., 'object', 'record', 'user', 'role', 'config')
+     */
+    type: zod_1.z.string().describe('Target type'),
+    /**
+     * Unique identifier for the target
+     */
+    id: zod_1.z.string().describe('Target identifier'),
+    /**
+     * Display name of the target
+     */
+    name: zod_1.z.string().optional().describe('Target display name'),
+    /**
+     * Additional metadata about the target
+     */
+    metadata: zod_1.z.record(zod_1.z.any()).optional().describe('Target metadata'),
+});
+/**
+ * Audit Event Change Schema
+ * Describes what changed (for update operations)
+ */
+exports.AuditEventChangeSchema = zod_1.z.object({
+    /**
+     * Field/property that changed
+     */
+    field: zod_1.z.string().describe('Changed field name'),
+    /**
+     * Value before the change
+     */
+    oldValue: zod_1.z.any().optional().describe('Previous value'),
+    /**
+     * Value after the change
+     */
+    newValue: zod_1.z.any().optional().describe('New value'),
+});
+/**
+ * Audit Event Schema
+ * Complete audit event record
+ */
+exports.AuditEventSchema = zod_1.z.object({
+    /**
+     * Unique identifier for this audit event
+     */
+    id: zod_1.z.string().describe('Audit event ID'),
+    /**
+     * Type of event being audited
+     */
+    eventType: exports.AuditEventType.describe('Event type'),
+    /**
+     * Severity level of the event
+     */
+    severity: exports.AuditEventSeverity.default('info').describe('Event severity'),
+    /**
+     * Timestamp when the event occurred (ISO 8601)
+     */
+    timestamp: zod_1.z.string().datetime().describe('Event timestamp'),
+    /**
+     * Who/what performed the action
+     */
+    actor: exports.AuditEventActorSchema.describe('Event actor'),
+    /**
+     * What was acted upon
+     */
+    target: exports.AuditEventTargetSchema.optional().describe('Event target'),
+    /**
+     * Human-readable description of the action
+     */
+    description: zod_1.z.string().describe('Event description'),
+    /**
+     * Detailed changes (for update operations)
+     */
+    changes: zod_1.z.array(exports.AuditEventChangeSchema).optional().describe('List of changes'),
+    /**
+     * Result of the action (success, failure, partial)
+     */
+    result: zod_1.z.enum(['success', 'failure', 'partial']).default('success').describe('Action result'),
+    /**
+     * Error message (if result is failure)
+     */
+    errorMessage: zod_1.z.string().optional().describe('Error message'),
+    /**
+     * Tenant identifier (for multi-tenant systems)
+     */
+    tenantId: zod_1.z.string().optional().describe('Tenant identifier'),
+    /**
+     * Request/trace ID for correlation
+     */
+    requestId: zod_1.z.string().optional().describe('Request ID for tracing'),
+    /**
+     * Additional context and metadata
+     */
+    metadata: zod_1.z.record(zod_1.z.any()).optional().describe('Additional metadata'),
+    /**
+     * Geographic location (if available)
+     */
+    location: zod_1.z.object({
+        country: zod_1.z.string().optional(),
+        region: zod_1.z.string().optional(),
+        city: zod_1.z.string().optional(),
+    }).optional().describe('Geographic location'),
+});
+/**
+ * Audit Retention Policy Schema
+ * Defines how long audit logs are retained
+ */
+exports.AuditRetentionPolicySchema = zod_1.z.object({
+    /**
+     * Retention period in days
+     * Default: 180 days (GDPR 6-month requirement)
+     */
+    retentionDays: zod_1.z.number().int().min(1).default(180).describe('Retention period in days'),
+    /**
+     * Whether to archive logs after retention period
+     * If true, logs are moved to cold storage; if false, they are deleted
+     */
+    archiveAfterRetention: zod_1.z.boolean().default(true).describe('Archive logs after retention period'),
+    /**
+     * Archive storage configuration
+     */
+    archiveStorage: zod_1.z.object({
+        type: zod_1.z.enum(['s3', 'gcs', 'azure_blob', 'filesystem']).describe('Archive storage type'),
+        endpoint: zod_1.z.string().optional().describe('Storage endpoint URL'),
+        bucket: zod_1.z.string().optional().describe('Storage bucket/container name'),
+        path: zod_1.z.string().optional().describe('Storage path prefix'),
+        credentials: zod_1.z.record(zod_1.z.any()).optional().describe('Storage credentials'),
+    }).optional().describe('Archive storage configuration'),
+    /**
+     * Event types that have different retention periods
+     * Overrides the default retentionDays for specific event types
+     */
+    customRetention: zod_1.z.record(zod_1.z.number().int().positive()).optional().describe('Custom retention by event type'),
+    /**
+     * Minimum retention period for compliance
+     * Prevents accidental deletion below compliance requirements
+     */
+    minimumRetentionDays: zod_1.z.number().int().positive().optional().describe('Minimum retention for compliance'),
+});
+/**
+ * Suspicious Activity Rule Schema
+ * Defines rules for detecting suspicious activities
+ */
+exports.SuspiciousActivityRuleSchema = zod_1.z.object({
+    /**
+     * Unique identifier for the rule
+     */
+    id: zod_1.z.string().describe('Rule identifier'),
+    /**
+     * Rule name
+     */
+    name: zod_1.z.string().describe('Rule name'),
+    /**
+     * Rule description
+     */
+    description: zod_1.z.string().optional().describe('Rule description'),
+    /**
+     * Whether the rule is enabled
+     */
+    enabled: zod_1.z.boolean().default(true).describe('Rule enabled status'),
+    /**
+     * Event types to monitor
+     */
+    eventTypes: zod_1.z.array(exports.AuditEventType).describe('Event types to monitor'),
+    /**
+     * Detection condition
+     */
+    condition: zod_1.z.object({
+        /**
+         * Number of events that trigger the rule
+         */
+        threshold: zod_1.z.number().int().positive().describe('Event threshold'),
+        /**
+         * Time window in seconds
+         */
+        windowSeconds: zod_1.z.number().int().positive().describe('Time window in seconds'),
+        /**
+         * Grouping criteria (e.g., by actor.id, by ipAddress)
+         */
+        groupBy: zod_1.z.array(zod_1.z.string()).optional().describe('Grouping criteria'),
+        /**
+         * Additional filters
+         */
+        filters: zod_1.z.record(zod_1.z.any()).optional().describe('Additional filters'),
+    }).describe('Detection condition'),
+    /**
+     * Actions to take when rule is triggered
+     */
+    actions: zod_1.z.array(zod_1.z.enum([
+        'alert', // Send alert notification
+        'lock_account', // Lock the user account
+        'block_ip', // Block the IP address
+        'require_mfa', // Require multi-factor authentication
+        'log_critical', // Log as critical event
+        'webhook', // Call webhook
+    ])).describe('Actions to take'),
+    /**
+     * Severity level for triggered alerts
+     */
+    alertSeverity: exports.AuditEventSeverity.default('warning').describe('Alert severity'),
+    /**
+     * Notification configuration
+     */
+    notifications: zod_1.z.object({
+        /**
+         * Email addresses to notify
+         */
+        email: zod_1.z.array(zod_1.z.string().email()).optional().describe('Email recipients'),
+        /**
+         * Slack webhook URL
+         */
+        slack: zod_1.z.string().url().optional().describe('Slack webhook URL'),
+        /**
+         * Custom webhook URL
+         */
+        webhook: zod_1.z.string().url().optional().describe('Custom webhook URL'),
+    }).optional().describe('Notification configuration'),
+});
+/**
+ * Audit Log Storage Configuration
+ * Defines where and how audit logs are stored
+ */
+exports.AuditStorageConfigSchema = zod_1.z.object({
+    /**
+     * Storage backend type
+     */
+    type: zod_1.z.enum([
+        'database', // Store in database (PostgreSQL, MySQL, etc.)
+        'elasticsearch', // Store in Elasticsearch
+        'mongodb', // Store in MongoDB
+        'clickhouse', // Store in ClickHouse (for analytics)
+        's3', // Store in S3-compatible storage
+        'gcs', // Store in Google Cloud Storage
+        'azure_blob', // Store in Azure Blob Storage
+        'custom', // Custom storage implementation
+    ]).describe('Storage backend type'),
+    /**
+     * Connection string or configuration
+     */
+    connectionString: zod_1.z.string().optional().describe('Connection string'),
+    /**
+     * Storage configuration
+     */
+    config: zod_1.z.record(zod_1.z.any()).optional().describe('Storage-specific configuration'),
+    /**
+     * Whether to enable buffering/batching
+     */
+    bufferEnabled: zod_1.z.boolean().default(true).describe('Enable buffering'),
+    /**
+     * Buffer size (number of events before flush)
+     */
+    bufferSize: zod_1.z.number().int().positive().default(100).describe('Buffer size'),
+    /**
+     * Buffer flush interval in seconds
+     */
+    flushIntervalSeconds: zod_1.z.number().int().positive().default(5).describe('Flush interval in seconds'),
+    /**
+     * Whether to compress stored data
+     */
+    compression: zod_1.z.boolean().default(true).describe('Enable compression'),
+});
+/**
+ * Audit Event Filter Schema
+ * Defines filters for querying audit events
+ */
+exports.AuditEventFilterSchema = zod_1.z.object({
+    /**
+     * Filter by event types
+     */
+    eventTypes: zod_1.z.array(exports.AuditEventType).optional().describe('Event types to include'),
+    /**
+     * Filter by severity levels
+     */
+    severities: zod_1.z.array(exports.AuditEventSeverity).optional().describe('Severity levels to include'),
+    /**
+     * Filter by actor ID
+     */
+    actorId: zod_1.z.string().optional().describe('Actor identifier'),
+    /**
+     * Filter by tenant ID
+     */
+    tenantId: zod_1.z.string().optional().describe('Tenant identifier'),
+    /**
+     * Filter by time range
+     */
+    timeRange: zod_1.z.object({
+        from: zod_1.z.string().datetime().describe('Start time'),
+        to: zod_1.z.string().datetime().describe('End time'),
+    }).optional().describe('Time range filter'),
+    /**
+     * Filter by result status
+     */
+    result: zod_1.z.enum(['success', 'failure', 'partial']).optional().describe('Result status'),
+    /**
+     * Search query (full-text search)
+     */
+    searchQuery: zod_1.z.string().optional().describe('Search query'),
+    /**
+     * Custom filters
+     */
+    customFilters: zod_1.z.record(zod_1.z.any()).optional().describe('Custom filters'),
+});
+/**
+ * Complete Audit Configuration Schema
+ * Main configuration for the audit system
+ */
+exports.AuditConfigSchema = zod_1.z.object({
+    /**
+     * Unique identifier for this audit configuration
+     * Must be in snake_case following ObjectStack conventions
+     * Maximum length: 64 characters
+     */
+    name: zod_1.z.string()
+        .regex(/^[a-z_][a-z0-9_]*$/)
+        .max(64)
+        .describe('Configuration name (snake_case, max 64 chars)'),
+    /**
+     * Human-readable label
+     */
+    label: zod_1.z.string().describe('Display label'),
+    /**
+     * Whether audit logging is enabled
+     */
+    enabled: zod_1.z.boolean().default(true).describe('Enable audit logging'),
+    /**
+     * Event types to audit
+     * If not specified, all event types are audited
+     */
+    eventTypes: zod_1.z.array(exports.AuditEventType).optional().describe('Event types to audit'),
+    /**
+     * Event types to exclude from auditing
+     */
+    excludeEventTypes: zod_1.z.array(exports.AuditEventType).optional().describe('Event types to exclude'),
+    /**
+     * Minimum severity level to log
+     * Events below this level are not logged
+     */
+    minimumSeverity: exports.AuditEventSeverity.default('info').describe('Minimum severity level'),
+    /**
+     * Storage configuration
+     */
+    storage: exports.AuditStorageConfigSchema.describe('Storage configuration'),
+    /**
+     * Retention policy
+     */
+    retentionPolicy: exports.AuditRetentionPolicySchema.default({}).describe('Retention policy'),
+    /**
+     * Suspicious activity detection rules
+     */
+    suspiciousActivityRules: zod_1.z.array(exports.SuspiciousActivityRuleSchema).default([]).describe('Suspicious activity rules'),
+    /**
+     * Whether to include sensitive data in audit logs
+     * If false, sensitive fields are redacted/masked
+     */
+    includeSensitiveData: zod_1.z.boolean().default(false).describe('Include sensitive data'),
+    /**
+     * Fields to redact from audit logs
+     */
+    redactFields: zod_1.z.array(zod_1.z.string()).default([
+        'password',
+        'passwordHash',
+        'token',
+        'apiKey',
+        'secret',
+        'creditCard',
+        'ssn',
+    ]).describe('Fields to redact'),
+    /**
+     * Whether to log successful read operations
+     * Can be disabled to reduce log volume
+     */
+    logReads: zod_1.z.boolean().default(false).describe('Log read operations'),
+    /**
+     * Sampling rate for read operations (0.0 to 1.0)
+     * Only applies if logReads is true
+     */
+    readSamplingRate: zod_1.z.number().min(0).max(1).default(0.1).describe('Read sampling rate'),
+    /**
+     * Whether to log system/internal operations
+     */
+    logSystemEvents: zod_1.z.boolean().default(true).describe('Log system events'),
+    /**
+     * Custom audit event handlers
+     * Note: Function handlers are for runtime configuration only and will not be serialized to JSON Schema
+     */
+    customHandlers: zod_1.z.array(zod_1.z.object({
+        eventType: exports.AuditEventType.describe('Event type to handle'),
+        handlerId: zod_1.z.string().describe('Unique identifier for the handler'),
+    })).optional().describe('Custom event handler references'),
+    /**
+     * Compliance mode configuration
+     */
+    compliance: zod_1.z.object({
+        /**
+         * Compliance standards to enforce
+         */
+        standards: zod_1.z.array(zod_1.z.enum([
+            'sox', // Sarbanes-Oxley Act
+            'hipaa', // Health Insurance Portability and Accountability Act
+            'gdpr', // General Data Protection Regulation
+            'pci_dss', // Payment Card Industry Data Security Standard
+            'iso_27001', // ISO/IEC 27001
+            'fedramp', // Federal Risk and Authorization Management Program
+        ])).optional().describe('Compliance standards'),
+        /**
+         * Whether to enforce immutable audit logs
+         */
+        immutableLogs: zod_1.z.boolean().default(true).describe('Enforce immutable logs'),
+        /**
+         * Whether to require cryptographic signing
+         */
+        requireSigning: zod_1.z.boolean().default(false).describe('Require log signing'),
+        /**
+         * Signing key configuration
+         */
+        signingKey: zod_1.z.string().optional().describe('Signing key'),
+    }).optional().describe('Compliance configuration'),
+});
+/**
+ * Default suspicious activity rules
+ * Common security patterns to detect
+ */
+exports.DEFAULT_SUSPICIOUS_ACTIVITY_RULES = [
+    {
+        id: 'multiple_failed_logins',
+        name: 'Multiple Failed Login Attempts',
+        description: 'Detects multiple failed login attempts from the same user or IP',
+        enabled: true,
+        eventTypes: ['auth.login_failed'],
+        condition: {
+            threshold: 5,
+            windowSeconds: 600, // 10 minutes
+            groupBy: ['actor.id', 'actor.ipAddress'],
+        },
+        actions: ['alert', 'lock_account'],
+        alertSeverity: 'warning',
+    },
+    {
+        id: 'bulk_data_export',
+        name: 'Bulk Data Export',
+        description: 'Detects large data export operations',
+        enabled: true,
+        eventTypes: ['data.export'],
+        condition: {
+            threshold: 3,
+            windowSeconds: 3600, // 1 hour
+            groupBy: ['actor.id'],
+        },
+        actions: ['alert', 'log_critical'],
+        alertSeverity: 'warning',
+    },
+    {
+        id: 'suspicious_permission_changes',
+        name: 'Rapid Permission Changes',
+        description: 'Detects rapid permission or role changes',
+        enabled: true,
+        eventTypes: ['authz.permission_granted', 'authz.role_assigned'],
+        condition: {
+            threshold: 10,
+            windowSeconds: 300, // 5 minutes
+            groupBy: ['actor.id'],
+        },
+        actions: ['alert', 'log_critical'],
+        alertSeverity: 'critical',
+    },
+    {
+        id: 'after_hours_access',
+        name: 'After Hours Access',
+        description: 'Detects access during non-business hours',
+        enabled: false, // Disabled by default, requires time zone configuration
+        eventTypes: ['auth.login'],
+        condition: {
+            threshold: 1,
+            windowSeconds: 86400, // 24 hours
+        },
+        actions: ['alert'],
+        alertSeverity: 'notice',
+    },
+];

package/dist/system/auth.zod.d.ts CHANGED Viewed

@@ -28,8 +28,8 @@ export declare const OAuthProviderSchema: z.ZodObject<{
     displayName: z.ZodOptional<z.ZodString>;
     icon: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
-    enabled: boolean;
     provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
+    enabled: boolean;
     clientId: string;
     clientSecret: string;
     icon?: string | undefined;
@@ -823,8 +823,8 @@ export declare const AuthConfigSchema: z.ZodObject<{
             displayName: z.ZodOptional<z.ZodString>;
             icon: z.ZodOptional<z.ZodString>;
         }, "strip", z.ZodTypeAny, {
-            enabled: boolean;
             provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
+            enabled: boolean;
             clientId: string;
             clientSecret: string;
             icon?: string | undefined;
@@ -843,8 +843,8 @@ export declare const AuthConfigSchema: z.ZodObject<{
         }>, "many">;
     }, "strip", z.ZodTypeAny, {
         providers: {
-            enabled: boolean;
             provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
+            enabled: boolean;
             clientId: string;
             clientSecret: string;
             icon?: string | undefined;
@@ -1487,8 +1487,8 @@ export declare const AuthConfigSchema: z.ZodObject<{
     } | undefined;
     oauth?: {
         providers: {
-            enabled: boolean;
             provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
+            enabled: boolean;
             clientId: string;
             clientSecret: string;
             icon?: string | undefined;
@@ -1946,8 +1946,8 @@ export declare const StandardAuthProviderSchema: z.ZodObject<{
                 displayName: z.ZodOptional<z.ZodString>;
                 icon: z.ZodOptional<z.ZodString>;
             }, "strip", z.ZodTypeAny, {
-                enabled: boolean;
                 provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
+                enabled: boolean;
                 clientId: string;
                 clientSecret: string;
                 icon?: string | undefined;
@@ -1966,8 +1966,8 @@ export declare const StandardAuthProviderSchema: z.ZodObject<{
             }>, "many">;
         }, "strip", z.ZodTypeAny, {
             providers: {
-                enabled: boolean;
                 provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
+                enabled: boolean;
                 clientId: string;
                 clientSecret: string;
                 icon?: string | undefined;
@@ -2610,8 +2610,8 @@ export declare const StandardAuthProviderSchema: z.ZodObject<{
         } | undefined;
         oauth?: {
             providers: {
-                enabled: boolean;
                 provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
+                enabled: boolean;
                 clientId: string;
                 clientSecret: string;
                 icon?: string | undefined;
@@ -2991,8 +2991,8 @@ export declare const StandardAuthProviderSchema: z.ZodObject<{
         } | undefined;
         oauth?: {
             providers: {
-                enabled: boolean;
                 provider: "custom" | "google" | "github" | "facebook" | "twitter" | "linkedin" | "microsoft" | "apple" | "discord" | "gitlab";
+                enabled: boolean;
                 clientId: string;
                 clientSecret: string;
                 icon?: string | undefined;