npm - @objectstack/spec - Versions diffs - 0.9.0 → 0.9.2 - Mend

@objectstack/spec 0.9.0 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (119) hide show

package/README.md +72 -4
package/dist/ai/cost.zod.d.ts +1 -1
package/dist/ai/devops-agent.zod.d.ts +6 -6
package/dist/ai/index.d.ts +4 -0
package/dist/ai/index.d.ts.map +1 -1
package/dist/ai/index.js +4 -0
package/dist/ai/plugin-development.zod.d.ts +415 -0
package/dist/ai/plugin-development.zod.d.ts.map +1 -0
package/dist/ai/plugin-development.zod.js +576 -0
package/dist/ai/runtime-ops.zod.d.ts +480 -0
package/dist/ai/runtime-ops.zod.d.ts.map +1 -0
package/dist/ai/runtime-ops.zod.js +578 -0
package/dist/api/discovery.zod.d.ts +1 -1
package/dist/api/endpoint.zod.d.ts +2 -2
package/dist/api/hub.zod.d.ts +74 -74
package/dist/api/realtime.zod.d.ts +2 -2
package/dist/api/websocket.zod.d.ts +6 -6
package/dist/automation/trigger-registry.zod.d.ts +6 -6
package/dist/contracts/service-registry.d.ts +1 -1
package/dist/hub/hub-federation.zod.d.ts +4 -4
package/dist/hub/index.d.ts +1 -0
package/dist/hub/index.d.ts.map +1 -1
package/dist/hub/index.js +1 -0
package/dist/hub/license.zod.d.ts +1 -1
package/dist/hub/marketplace-enhanced.zod.d.ts +1028 -0
package/dist/hub/marketplace-enhanced.zod.d.ts.map +1 -0
package/dist/hub/marketplace-enhanced.zod.js +728 -0
package/dist/hub/plugin-registry.zod.d.ts +3 -3
package/dist/hub/plugin-security.zod.d.ts +4 -4
package/dist/hub/space.zod.d.ts +2 -2
package/dist/integration/connector/database.zod.d.ts +1 -1
package/dist/integration/connector/file-storage.zod.d.ts +1 -1
package/dist/integration/connector/github.zod.d.ts +1 -1
package/dist/integration/connector/message-queue.zod.d.ts +1 -1
package/dist/integration/connector/saas.zod.d.ts +3 -3
package/dist/integration/connector/vercel.zod.d.ts +4 -4
package/dist/integration/connector.zod.d.ts +2 -2
package/dist/stack.zod.d.ts +4768 -2542
package/dist/stack.zod.d.ts.map +1 -1
package/dist/stack.zod.js +20 -2
package/dist/system/index.d.ts +3 -0
package/dist/system/index.d.ts.map +1 -1
package/dist/system/index.js +3 -0
package/dist/system/logging.zod.d.ts +5 -0
package/dist/system/logging.zod.d.ts.map +1 -1
package/dist/system/logging.zod.js +2 -1
package/dist/system/notification.zod.d.ts +1 -1
package/dist/system/plugin-lifecycle-advanced.zod.d.ts +357 -0
package/dist/system/plugin-lifecycle-advanced.zod.d.ts.map +1 -0
package/dist/system/plugin-lifecycle-advanced.zod.js +411 -0
package/dist/system/plugin-security-advanced.zod.d.ts +904 -0
package/dist/system/plugin-security-advanced.zod.d.ts.map +1 -0
package/dist/system/plugin-security-advanced.zod.js +606 -0
package/dist/system/plugin-versioning.zod.d.ts +438 -0
package/dist/system/plugin-versioning.zod.d.ts.map +1 -0
package/dist/system/plugin-versioning.zod.js +397 -0
package/json-schema/ai/AICodeReviewResult.json +7 -0
package/json-schema/ai/AIOpsAgentConfig.json +7 -0
package/json-schema/ai/AnomalyDetectionConfig.json +7 -0
package/json-schema/ai/AutoScalingPolicy.json +7 -0
package/json-schema/ai/CodeGenerationRequest.json +7 -0
package/json-schema/ai/GeneratedCode.json +7 -0
package/json-schema/ai/PerformanceOptimization.json +7 -0
package/json-schema/ai/PluginCompositionRequest.json +7 -0
package/json-schema/ai/PluginCompositionResult.json +7 -0
package/json-schema/ai/PluginRecommendation.json +7 -0
package/json-schema/ai/PluginRecommendationRequest.json +7 -0
package/json-schema/ai/PluginScaffoldingTemplate.json +7 -0
package/json-schema/ai/RootCauseAnalysisRequest.json +7 -0
package/json-schema/ai/RootCauseAnalysisResult.json +7 -0
package/json-schema/ai/SelfHealingAction.json +7 -0
package/json-schema/ai/SelfHealingConfig.json +7 -0
package/json-schema/hub/MarketplaceQualityMetrics.json +7 -0
package/json-schema/hub/PluginCategory.json +7 -0
package/json-schema/hub/PluginCertification.json +7 -0
package/json-schema/hub/PluginInstallationRequest.json +7 -0
package/json-schema/hub/PluginInstallationStatus.json +7 -0
package/json-schema/hub/PluginLicense.json +7 -0
package/json-schema/hub/PluginMarketplaceListing.json +7 -0
package/json-schema/hub/PluginRating.json +7 -0
package/json-schema/hub/PluginRevenueSharing.json +7 -0
package/json-schema/hub/PluginSearchQuery.json +7 -0
package/json-schema/hub/PluginTag.json +7 -0
package/json-schema/hub/RegistryConfig.json +7 -0
package/json-schema/hub/RegistrySyncPolicy.json +7 -0
package/json-schema/hub/RegistryUpstream.json +7 -0
package/json-schema/system/AdvancedPluginLifecycleConfig.json +7 -0
package/json-schema/system/BreakingChange.json +7 -0
package/json-schema/system/CompatibilityLevel.json +7 -0
package/json-schema/system/CompatibilityMatrixEntry.json +7 -0
package/json-schema/system/DependencyConflict.json +7 -0
package/json-schema/system/DependencyResolutionResult.json +7 -0
package/json-schema/system/DeprecationNotice.json +7 -0
package/json-schema/system/DistributedStateConfig.json +7 -0
package/json-schema/system/GracefulDegradation.json +7 -0
package/json-schema/system/HotReloadConfig.json +7 -0
package/json-schema/system/MultiVersionSupport.json +7 -0
package/json-schema/system/Permission.json +7 -0
package/json-schema/system/PermissionAction.json +7 -0
package/json-schema/system/PermissionScope.json +7 -0
package/json-schema/system/PermissionSet.json +7 -0
package/json-schema/system/PluginCompatibilityMatrix.json +7 -0
package/json-schema/system/PluginHealthCheck.json +7 -0
package/json-schema/system/PluginHealthReport.json +7 -0
package/json-schema/system/PluginHealthStatus.json +7 -0
package/json-schema/system/PluginSecurityManifest.json +7 -0
package/json-schema/system/PluginStateSnapshot.json +7 -0
package/json-schema/system/PluginTrustLevel.json +7 -0
package/json-schema/system/PluginUpdateStrategy.json +7 -0
package/json-schema/system/PluginVersionMetadata.json +7 -0
package/json-schema/system/ResourceType.json +7 -0
package/json-schema/system/RuntimeConfig.json +7 -0
package/json-schema/system/SandboxConfig.json +7 -0
package/json-schema/system/SecurityPolicy.json +7 -0
package/json-schema/system/SecurityScanResult.json +7 -0
package/json-schema/system/SecurityVulnerability.json +7 -0
package/json-schema/system/SemanticVersion.json +7 -0
package/json-schema/system/VersionConstraint.json +7 -0
package/package.json +1 -1

package/dist/system/plugin-security-advanced.zod.d.ts ADDED Viewed

@@ -0,0 +1,904 @@
+import { z } from 'zod';
+/**
+ * # Plugin Security and Sandboxing Protocol
+ *
+ * Defines comprehensive security mechanisms for plugin isolation, permission
+ * management, and threat protection in the ObjectStack ecosystem.
+ *
+ * Features:
+ * - Fine-grained permission system
+ * - Resource access control
+ * - Sandboxing and isolation
+ * - Security scanning and verification
+ * - Runtime security monitoring
+ */
+/**
+ * Permission Scope
+ * Defines the scope of a permission
+ */
+export declare const PermissionScopeSchema: z.ZodEnum<{
+    user: "user";
+    resource: "resource";
+    plugin: "plugin";
+    global: "global";
+    tenant: "tenant";
+}>;
+/**
+ * Permission Action
+ * Standard CRUD + extended actions
+ */
+export declare const PermissionActionSchema: z.ZodEnum<{
+    update: "update";
+    delete: "delete";
+    create: "create";
+    import: "import";
+    export: "export";
+    execute: "execute";
+    read: "read";
+    manage: "manage";
+    configure: "configure";
+    share: "share";
+    admin: "admin";
+}>;
+/**
+ * Resource Type
+ * Types of resources that can be accessed
+ */
+export declare const ResourceTypeSchema: z.ZodEnum<{
+    "data.object": "data.object";
+    "data.record": "data.record";
+    "data.field": "data.field";
+    "ui.view": "ui.view";
+    "ui.dashboard": "ui.dashboard";
+    "ui.report": "ui.report";
+    "system.config": "system.config";
+    "system.plugin": "system.plugin";
+    "system.api": "system.api";
+    "system.service": "system.service";
+    "storage.file": "storage.file";
+    "storage.database": "storage.database";
+    "network.http": "network.http";
+    "network.websocket": "network.websocket";
+    "process.spawn": "process.spawn";
+    "process.env": "process.env";
+}>;
+/**
+ * Permission Definition
+ * Defines a single permission requirement
+ */
+export declare const PermissionSchema: z.ZodObject<{
+    id: z.ZodString;
+    resource: z.ZodEnum<{
+        "data.object": "data.object";
+        "data.record": "data.record";
+        "data.field": "data.field";
+        "ui.view": "ui.view";
+        "ui.dashboard": "ui.dashboard";
+        "ui.report": "ui.report";
+        "system.config": "system.config";
+        "system.plugin": "system.plugin";
+        "system.api": "system.api";
+        "system.service": "system.service";
+        "storage.file": "storage.file";
+        "storage.database": "storage.database";
+        "network.http": "network.http";
+        "network.websocket": "network.websocket";
+        "process.spawn": "process.spawn";
+        "process.env": "process.env";
+    }>;
+    actions: z.ZodArray<z.ZodEnum<{
+        update: "update";
+        delete: "delete";
+        create: "create";
+        import: "import";
+        export: "export";
+        execute: "execute";
+        read: "read";
+        manage: "manage";
+        configure: "configure";
+        share: "share";
+        admin: "admin";
+    }>>;
+    scope: z.ZodDefault<z.ZodEnum<{
+        user: "user";
+        resource: "resource";
+        plugin: "plugin";
+        global: "global";
+        tenant: "tenant";
+    }>>;
+    filter: z.ZodOptional<z.ZodObject<{
+        resourceIds: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        condition: z.ZodOptional<z.ZodString>;
+        fields: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>>;
+    description: z.ZodString;
+    required: z.ZodDefault<z.ZodBoolean>;
+    justification: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * Permission Set
+ * Collection of permissions for a plugin
+ */
+export declare const PermissionSetSchema: z.ZodObject<{
+    permissions: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        resource: z.ZodEnum<{
+            "data.object": "data.object";
+            "data.record": "data.record";
+            "data.field": "data.field";
+            "ui.view": "ui.view";
+            "ui.dashboard": "ui.dashboard";
+            "ui.report": "ui.report";
+            "system.config": "system.config";
+            "system.plugin": "system.plugin";
+            "system.api": "system.api";
+            "system.service": "system.service";
+            "storage.file": "storage.file";
+            "storage.database": "storage.database";
+            "network.http": "network.http";
+            "network.websocket": "network.websocket";
+            "process.spawn": "process.spawn";
+            "process.env": "process.env";
+        }>;
+        actions: z.ZodArray<z.ZodEnum<{
+            update: "update";
+            delete: "delete";
+            create: "create";
+            import: "import";
+            export: "export";
+            execute: "execute";
+            read: "read";
+            manage: "manage";
+            configure: "configure";
+            share: "share";
+            admin: "admin";
+        }>>;
+        scope: z.ZodDefault<z.ZodEnum<{
+            user: "user";
+            resource: "resource";
+            plugin: "plugin";
+            global: "global";
+            tenant: "tenant";
+        }>>;
+        filter: z.ZodOptional<z.ZodObject<{
+            resourceIds: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            condition: z.ZodOptional<z.ZodString>;
+            fields: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$strip>>;
+        description: z.ZodString;
+        required: z.ZodDefault<z.ZodBoolean>;
+        justification: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+    groups: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        name: z.ZodString;
+        description: z.ZodString;
+        permissions: z.ZodArray<z.ZodString>;
+    }, z.core.$strip>>>;
+    defaultGrant: z.ZodDefault<z.ZodEnum<{
+        deny: "deny";
+        allow: "allow";
+        prompt: "prompt";
+        inherit: "inherit";
+    }>>;
+}, z.core.$strip>;
+/**
+ * Runtime Configuration
+ * Defines the execution environment for plugin isolation
+ */
+export declare const RuntimeConfigSchema: z.ZodObject<{
+    engine: z.ZodDefault<z.ZodEnum<{
+        process: "process";
+        "v8-isolate": "v8-isolate";
+        wasm: "wasm";
+        container: "container";
+    }>>;
+    engineConfig: z.ZodOptional<z.ZodObject<{
+        wasm: z.ZodOptional<z.ZodObject<{
+            maxMemoryPages: z.ZodOptional<z.ZodNumber>;
+            instructionLimit: z.ZodOptional<z.ZodNumber>;
+            enableSimd: z.ZodDefault<z.ZodBoolean>;
+            enableThreads: z.ZodDefault<z.ZodBoolean>;
+            enableBulkMemory: z.ZodDefault<z.ZodBoolean>;
+        }, z.core.$strip>>;
+        container: z.ZodOptional<z.ZodObject<{
+            image: z.ZodOptional<z.ZodString>;
+            runtime: z.ZodDefault<z.ZodEnum<{
+                docker: "docker";
+                podman: "podman";
+                containerd: "containerd";
+            }>>;
+            resources: z.ZodOptional<z.ZodObject<{
+                cpuLimit: z.ZodOptional<z.ZodString>;
+                memoryLimit: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>;
+            networkMode: z.ZodDefault<z.ZodEnum<{
+                none: "none";
+                host: "host";
+                bridge: "bridge";
+            }>>;
+        }, z.core.$strip>>;
+        v8Isolate: z.ZodOptional<z.ZodObject<{
+            heapSizeMb: z.ZodOptional<z.ZodNumber>;
+            enableSnapshot: z.ZodDefault<z.ZodBoolean>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>>;
+    resourceLimits: z.ZodOptional<z.ZodObject<{
+        maxMemory: z.ZodOptional<z.ZodNumber>;
+        maxCpu: z.ZodOptional<z.ZodNumber>;
+        timeout: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+/**
+ * Sandbox Configuration
+ * Defines how plugin is isolated
+ */
+export declare const SandboxConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    level: z.ZodDefault<z.ZodEnum<{
+        none: "none";
+        strict: "strict";
+        minimal: "minimal";
+        standard: "standard";
+        paranoid: "paranoid";
+    }>>;
+    runtime: z.ZodOptional<z.ZodObject<{
+        engine: z.ZodDefault<z.ZodEnum<{
+            process: "process";
+            "v8-isolate": "v8-isolate";
+            wasm: "wasm";
+            container: "container";
+        }>>;
+        engineConfig: z.ZodOptional<z.ZodObject<{
+            wasm: z.ZodOptional<z.ZodObject<{
+                maxMemoryPages: z.ZodOptional<z.ZodNumber>;
+                instructionLimit: z.ZodOptional<z.ZodNumber>;
+                enableSimd: z.ZodDefault<z.ZodBoolean>;
+                enableThreads: z.ZodDefault<z.ZodBoolean>;
+                enableBulkMemory: z.ZodDefault<z.ZodBoolean>;
+            }, z.core.$strip>>;
+            container: z.ZodOptional<z.ZodObject<{
+                image: z.ZodOptional<z.ZodString>;
+                runtime: z.ZodDefault<z.ZodEnum<{
+                    docker: "docker";
+                    podman: "podman";
+                    containerd: "containerd";
+                }>>;
+                resources: z.ZodOptional<z.ZodObject<{
+                    cpuLimit: z.ZodOptional<z.ZodString>;
+                    memoryLimit: z.ZodOptional<z.ZodString>;
+                }, z.core.$strip>>;
+                networkMode: z.ZodDefault<z.ZodEnum<{
+                    none: "none";
+                    host: "host";
+                    bridge: "bridge";
+                }>>;
+            }, z.core.$strip>>;
+            v8Isolate: z.ZodOptional<z.ZodObject<{
+                heapSizeMb: z.ZodOptional<z.ZodNumber>;
+                enableSnapshot: z.ZodDefault<z.ZodBoolean>;
+            }, z.core.$strip>>;
+        }, z.core.$strip>>;
+        resourceLimits: z.ZodOptional<z.ZodObject<{
+            maxMemory: z.ZodOptional<z.ZodNumber>;
+            maxCpu: z.ZodOptional<z.ZodNumber>;
+            timeout: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>>;
+    filesystem: z.ZodOptional<z.ZodObject<{
+        mode: z.ZodDefault<z.ZodEnum<{
+            readonly: "readonly";
+            full: "full";
+            none: "none";
+            restricted: "restricted";
+        }>>;
+        allowedPaths: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        deniedPaths: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        maxFileSize: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    network: z.ZodOptional<z.ZodObject<{
+        mode: z.ZodDefault<z.ZodEnum<{
+            full: "full";
+            local: "local";
+            none: "none";
+            restricted: "restricted";
+        }>>;
+        allowedHosts: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        deniedHosts: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        allowedPorts: z.ZodOptional<z.ZodArray<z.ZodNumber>>;
+        maxConnections: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    process: z.ZodOptional<z.ZodObject<{
+        allowSpawn: z.ZodDefault<z.ZodBoolean>;
+        allowedCommands: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        timeout: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    memory: z.ZodOptional<z.ZodObject<{
+        maxHeap: z.ZodOptional<z.ZodNumber>;
+        maxStack: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    cpu: z.ZodOptional<z.ZodObject<{
+        maxCpuPercent: z.ZodOptional<z.ZodNumber>;
+        maxThreads: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    environment: z.ZodOptional<z.ZodObject<{
+        mode: z.ZodDefault<z.ZodEnum<{
+            readonly: "readonly";
+            full: "full";
+            none: "none";
+            restricted: "restricted";
+        }>>;
+        allowedVars: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        deniedVars: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+/**
+ * Security Vulnerability
+ * Represents a known security vulnerability
+ */
+export declare const SecurityVulnerabilitySchema: z.ZodObject<{
+    cve: z.ZodOptional<z.ZodString>;
+    id: z.ZodString;
+    severity: z.ZodEnum<{
+        info: "info";
+        medium: "medium";
+        critical: "critical";
+        high: "high";
+        low: "low";
+    }>;
+    category: z.ZodOptional<z.ZodString>;
+    title: z.ZodString;
+    location: z.ZodOptional<z.ZodString>;
+    remediation: z.ZodOptional<z.ZodString>;
+    description: z.ZodString;
+    affectedVersions: z.ZodArray<z.ZodString>;
+    fixedIn: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    cvssScore: z.ZodOptional<z.ZodNumber>;
+    exploitAvailable: z.ZodDefault<z.ZodBoolean>;
+    patchAvailable: z.ZodDefault<z.ZodBoolean>;
+    workaround: z.ZodOptional<z.ZodString>;
+    references: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    discoveredDate: z.ZodOptional<z.ZodString>;
+    publishedDate: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * Security Scan Result
+ * Result of security scanning
+ */
+export declare const SecurityScanResultSchema: z.ZodObject<{
+    timestamp: z.ZodString;
+    scanner: z.ZodObject<{
+        name: z.ZodString;
+        version: z.ZodString;
+    }, z.core.$strip>;
+    status: z.ZodEnum<{
+        warning: "warning";
+        failed: "failed";
+        passed: "passed";
+    }>;
+    vulnerabilities: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        cve: z.ZodOptional<z.ZodString>;
+        id: z.ZodString;
+        severity: z.ZodEnum<{
+            info: "info";
+            medium: "medium";
+            critical: "critical";
+            high: "high";
+            low: "low";
+        }>;
+        category: z.ZodOptional<z.ZodString>;
+        title: z.ZodString;
+        location: z.ZodOptional<z.ZodString>;
+        remediation: z.ZodOptional<z.ZodString>;
+        description: z.ZodString;
+        affectedVersions: z.ZodArray<z.ZodString>;
+        fixedIn: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        cvssScore: z.ZodOptional<z.ZodNumber>;
+        exploitAvailable: z.ZodDefault<z.ZodBoolean>;
+        patchAvailable: z.ZodDefault<z.ZodBoolean>;
+        workaround: z.ZodOptional<z.ZodString>;
+        references: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        discoveredDate: z.ZodOptional<z.ZodString>;
+        publishedDate: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    codeIssues: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        severity: z.ZodEnum<{
+            error: "error";
+            warning: "warning";
+            info: "info";
+        }>;
+        type: z.ZodString;
+        file: z.ZodString;
+        line: z.ZodOptional<z.ZodNumber>;
+        message: z.ZodString;
+        suggestion: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    dependencyVulnerabilities: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        package: z.ZodString;
+        version: z.ZodString;
+        vulnerability: z.ZodObject<{
+            cve: z.ZodOptional<z.ZodString>;
+            id: z.ZodString;
+            severity: z.ZodEnum<{
+                info: "info";
+                medium: "medium";
+                critical: "critical";
+                high: "high";
+                low: "low";
+            }>;
+            category: z.ZodOptional<z.ZodString>;
+            title: z.ZodString;
+            location: z.ZodOptional<z.ZodString>;
+            remediation: z.ZodOptional<z.ZodString>;
+            description: z.ZodString;
+            affectedVersions: z.ZodArray<z.ZodString>;
+            fixedIn: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            cvssScore: z.ZodOptional<z.ZodNumber>;
+            exploitAvailable: z.ZodDefault<z.ZodBoolean>;
+            patchAvailable: z.ZodDefault<z.ZodBoolean>;
+            workaround: z.ZodOptional<z.ZodString>;
+            references: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            discoveredDate: z.ZodOptional<z.ZodString>;
+            publishedDate: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>;
+    }, z.core.$strip>>>;
+    licenseCompliance: z.ZodOptional<z.ZodObject<{
+        status: z.ZodEnum<{
+            unknown: "unknown";
+            compliant: "compliant";
+            "non-compliant": "non-compliant";
+        }>;
+        issues: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            package: z.ZodString;
+            license: z.ZodString;
+            reason: z.ZodString;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
+    summary: z.ZodObject<{
+        totalVulnerabilities: z.ZodNumber;
+        criticalCount: z.ZodNumber;
+        highCount: z.ZodNumber;
+        mediumCount: z.ZodNumber;
+        lowCount: z.ZodNumber;
+        infoCount: z.ZodNumber;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+/**
+ * Security Policy
+ * Defines security policies for plugin
+ */
+export declare const SecurityPolicySchema: z.ZodObject<{
+    csp: z.ZodOptional<z.ZodObject<{
+        directives: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>;
+        reportOnly: z.ZodDefault<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    cors: z.ZodOptional<z.ZodObject<{
+        allowedOrigins: z.ZodArray<z.ZodString>;
+        allowedMethods: z.ZodArray<z.ZodString>;
+        allowedHeaders: z.ZodArray<z.ZodString>;
+        allowCredentials: z.ZodDefault<z.ZodBoolean>;
+        maxAge: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    rateLimit: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        maxRequests: z.ZodNumber;
+        windowMs: z.ZodNumber;
+        strategy: z.ZodDefault<z.ZodEnum<{
+            fixed: "fixed";
+            sliding: "sliding";
+            "token-bucket": "token-bucket";
+        }>>;
+    }, z.core.$strip>>;
+    authentication: z.ZodOptional<z.ZodObject<{
+        required: z.ZodDefault<z.ZodBoolean>;
+        methods: z.ZodArray<z.ZodEnum<{
+            session: "session";
+            oauth2: "oauth2";
+            "api-key": "api-key";
+            jwt: "jwt";
+            certificate: "certificate";
+        }>>;
+        tokenExpiration: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    encryption: z.ZodOptional<z.ZodObject<{
+        dataAtRest: z.ZodDefault<z.ZodBoolean>;
+        dataInTransit: z.ZodDefault<z.ZodBoolean>;
+        algorithm: z.ZodOptional<z.ZodString>;
+        minKeyLength: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    auditLog: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        events: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        retention: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+/**
+ * Plugin Trust Level
+ * Indicates trust level of plugin
+ */
+export declare const PluginTrustLevelSchema: z.ZodEnum<{
+    verified: "verified";
+    trusted: "trusted";
+    community: "community";
+    untrusted: "untrusted";
+    blocked: "blocked";
+}>;
+/**
+ * Plugin Security Manifest
+ * Complete security information for plugin
+ */
+export declare const PluginSecurityManifestSchema: z.ZodObject<{
+    pluginId: z.ZodString;
+    trustLevel: z.ZodEnum<{
+        verified: "verified";
+        trusted: "trusted";
+        community: "community";
+        untrusted: "untrusted";
+        blocked: "blocked";
+    }>;
+    permissions: z.ZodObject<{
+        permissions: z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            resource: z.ZodEnum<{
+                "data.object": "data.object";
+                "data.record": "data.record";
+                "data.field": "data.field";
+                "ui.view": "ui.view";
+                "ui.dashboard": "ui.dashboard";
+                "ui.report": "ui.report";
+                "system.config": "system.config";
+                "system.plugin": "system.plugin";
+                "system.api": "system.api";
+                "system.service": "system.service";
+                "storage.file": "storage.file";
+                "storage.database": "storage.database";
+                "network.http": "network.http";
+                "network.websocket": "network.websocket";
+                "process.spawn": "process.spawn";
+                "process.env": "process.env";
+            }>;
+            actions: z.ZodArray<z.ZodEnum<{
+                update: "update";
+                delete: "delete";
+                create: "create";
+                import: "import";
+                export: "export";
+                execute: "execute";
+                read: "read";
+                manage: "manage";
+                configure: "configure";
+                share: "share";
+                admin: "admin";
+            }>>;
+            scope: z.ZodDefault<z.ZodEnum<{
+                user: "user";
+                resource: "resource";
+                plugin: "plugin";
+                global: "global";
+                tenant: "tenant";
+            }>>;
+            filter: z.ZodOptional<z.ZodObject<{
+                resourceIds: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                condition: z.ZodOptional<z.ZodString>;
+                fields: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            }, z.core.$strip>>;
+            description: z.ZodString;
+            required: z.ZodDefault<z.ZodBoolean>;
+            justification: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>;
+        groups: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            name: z.ZodString;
+            description: z.ZodString;
+            permissions: z.ZodArray<z.ZodString>;
+        }, z.core.$strip>>>;
+        defaultGrant: z.ZodDefault<z.ZodEnum<{
+            deny: "deny";
+            allow: "allow";
+            prompt: "prompt";
+            inherit: "inherit";
+        }>>;
+    }, z.core.$strip>;
+    sandbox: z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        level: z.ZodDefault<z.ZodEnum<{
+            none: "none";
+            strict: "strict";
+            minimal: "minimal";
+            standard: "standard";
+            paranoid: "paranoid";
+        }>>;
+        runtime: z.ZodOptional<z.ZodObject<{
+            engine: z.ZodDefault<z.ZodEnum<{
+                process: "process";
+                "v8-isolate": "v8-isolate";
+                wasm: "wasm";
+                container: "container";
+            }>>;
+            engineConfig: z.ZodOptional<z.ZodObject<{
+                wasm: z.ZodOptional<z.ZodObject<{
+                    maxMemoryPages: z.ZodOptional<z.ZodNumber>;
+                    instructionLimit: z.ZodOptional<z.ZodNumber>;
+                    enableSimd: z.ZodDefault<z.ZodBoolean>;
+                    enableThreads: z.ZodDefault<z.ZodBoolean>;
+                    enableBulkMemory: z.ZodDefault<z.ZodBoolean>;
+                }, z.core.$strip>>;
+                container: z.ZodOptional<z.ZodObject<{
+                    image: z.ZodOptional<z.ZodString>;
+                    runtime: z.ZodDefault<z.ZodEnum<{
+                        docker: "docker";
+                        podman: "podman";
+                        containerd: "containerd";
+                    }>>;
+                    resources: z.ZodOptional<z.ZodObject<{
+                        cpuLimit: z.ZodOptional<z.ZodString>;
+                        memoryLimit: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>>;
+                    networkMode: z.ZodDefault<z.ZodEnum<{
+                        none: "none";
+                        host: "host";
+                        bridge: "bridge";
+                    }>>;
+                }, z.core.$strip>>;
+                v8Isolate: z.ZodOptional<z.ZodObject<{
+                    heapSizeMb: z.ZodOptional<z.ZodNumber>;
+                    enableSnapshot: z.ZodDefault<z.ZodBoolean>;
+                }, z.core.$strip>>;
+            }, z.core.$strip>>;
+            resourceLimits: z.ZodOptional<z.ZodObject<{
+                maxMemory: z.ZodOptional<z.ZodNumber>;
+                maxCpu: z.ZodOptional<z.ZodNumber>;
+                timeout: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$strip>>;
+        }, z.core.$strip>>;
+        filesystem: z.ZodOptional<z.ZodObject<{
+            mode: z.ZodDefault<z.ZodEnum<{
+                readonly: "readonly";
+                full: "full";
+                none: "none";
+                restricted: "restricted";
+            }>>;
+            allowedPaths: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            deniedPaths: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            maxFileSize: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        network: z.ZodOptional<z.ZodObject<{
+            mode: z.ZodDefault<z.ZodEnum<{
+                full: "full";
+                local: "local";
+                none: "none";
+                restricted: "restricted";
+            }>>;
+            allowedHosts: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            deniedHosts: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            allowedPorts: z.ZodOptional<z.ZodArray<z.ZodNumber>>;
+            maxConnections: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        process: z.ZodOptional<z.ZodObject<{
+            allowSpawn: z.ZodDefault<z.ZodBoolean>;
+            allowedCommands: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            timeout: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        memory: z.ZodOptional<z.ZodObject<{
+            maxHeap: z.ZodOptional<z.ZodNumber>;
+            maxStack: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        cpu: z.ZodOptional<z.ZodObject<{
+            maxCpuPercent: z.ZodOptional<z.ZodNumber>;
+            maxThreads: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        environment: z.ZodOptional<z.ZodObject<{
+            mode: z.ZodDefault<z.ZodEnum<{
+                readonly: "readonly";
+                full: "full";
+                none: "none";
+                restricted: "restricted";
+            }>>;
+            allowedVars: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            deniedVars: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>;
+    policy: z.ZodOptional<z.ZodObject<{
+        csp: z.ZodOptional<z.ZodObject<{
+            directives: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>;
+            reportOnly: z.ZodDefault<z.ZodBoolean>;
+        }, z.core.$strip>>;
+        cors: z.ZodOptional<z.ZodObject<{
+            allowedOrigins: z.ZodArray<z.ZodString>;
+            allowedMethods: z.ZodArray<z.ZodString>;
+            allowedHeaders: z.ZodArray<z.ZodString>;
+            allowCredentials: z.ZodDefault<z.ZodBoolean>;
+            maxAge: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        rateLimit: z.ZodOptional<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodBoolean>;
+            maxRequests: z.ZodNumber;
+            windowMs: z.ZodNumber;
+            strategy: z.ZodDefault<z.ZodEnum<{
+                fixed: "fixed";
+                sliding: "sliding";
+                "token-bucket": "token-bucket";
+            }>>;
+        }, z.core.$strip>>;
+        authentication: z.ZodOptional<z.ZodObject<{
+            required: z.ZodDefault<z.ZodBoolean>;
+            methods: z.ZodArray<z.ZodEnum<{
+                session: "session";
+                oauth2: "oauth2";
+                "api-key": "api-key";
+                jwt: "jwt";
+                certificate: "certificate";
+            }>>;
+            tokenExpiration: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        encryption: z.ZodOptional<z.ZodObject<{
+            dataAtRest: z.ZodDefault<z.ZodBoolean>;
+            dataInTransit: z.ZodDefault<z.ZodBoolean>;
+            algorithm: z.ZodOptional<z.ZodString>;
+            minKeyLength: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        auditLog: z.ZodOptional<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodBoolean>;
+            events: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            retention: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>>;
+    scanResults: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        timestamp: z.ZodString;
+        scanner: z.ZodObject<{
+            name: z.ZodString;
+            version: z.ZodString;
+        }, z.core.$strip>;
+        status: z.ZodEnum<{
+            warning: "warning";
+            failed: "failed";
+            passed: "passed";
+        }>;
+        vulnerabilities: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            cve: z.ZodOptional<z.ZodString>;
+            id: z.ZodString;
+            severity: z.ZodEnum<{
+                info: "info";
+                medium: "medium";
+                critical: "critical";
+                high: "high";
+                low: "low";
+            }>;
+            category: z.ZodOptional<z.ZodString>;
+            title: z.ZodString;
+            location: z.ZodOptional<z.ZodString>;
+            remediation: z.ZodOptional<z.ZodString>;
+            description: z.ZodString;
+            affectedVersions: z.ZodArray<z.ZodString>;
+            fixedIn: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            cvssScore: z.ZodOptional<z.ZodNumber>;
+            exploitAvailable: z.ZodDefault<z.ZodBoolean>;
+            patchAvailable: z.ZodDefault<z.ZodBoolean>;
+            workaround: z.ZodOptional<z.ZodString>;
+            references: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            discoveredDate: z.ZodOptional<z.ZodString>;
+            publishedDate: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+        codeIssues: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            severity: z.ZodEnum<{
+                error: "error";
+                warning: "warning";
+                info: "info";
+            }>;
+            type: z.ZodString;
+            file: z.ZodString;
+            line: z.ZodOptional<z.ZodNumber>;
+            message: z.ZodString;
+            suggestion: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+        dependencyVulnerabilities: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            package: z.ZodString;
+            version: z.ZodString;
+            vulnerability: z.ZodObject<{
+                cve: z.ZodOptional<z.ZodString>;
+                id: z.ZodString;
+                severity: z.ZodEnum<{
+                    info: "info";
+                    medium: "medium";
+                    critical: "critical";
+                    high: "high";
+                    low: "low";
+                }>;
+                category: z.ZodOptional<z.ZodString>;
+                title: z.ZodString;
+                location: z.ZodOptional<z.ZodString>;
+                remediation: z.ZodOptional<z.ZodString>;
+                description: z.ZodString;
+                affectedVersions: z.ZodArray<z.ZodString>;
+                fixedIn: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                cvssScore: z.ZodOptional<z.ZodNumber>;
+                exploitAvailable: z.ZodDefault<z.ZodBoolean>;
+                patchAvailable: z.ZodDefault<z.ZodBoolean>;
+                workaround: z.ZodOptional<z.ZodString>;
+                references: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                discoveredDate: z.ZodOptional<z.ZodString>;
+                publishedDate: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>;
+        }, z.core.$strip>>>;
+        licenseCompliance: z.ZodOptional<z.ZodObject<{
+            status: z.ZodEnum<{
+                unknown: "unknown";
+                compliant: "compliant";
+                "non-compliant": "non-compliant";
+            }>;
+            issues: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                package: z.ZodString;
+                license: z.ZodString;
+                reason: z.ZodString;
+            }, z.core.$strip>>>;
+        }, z.core.$strip>>;
+        summary: z.ZodObject<{
+            totalVulnerabilities: z.ZodNumber;
+            criticalCount: z.ZodNumber;
+            highCount: z.ZodNumber;
+            mediumCount: z.ZodNumber;
+            lowCount: z.ZodNumber;
+            infoCount: z.ZodNumber;
+        }, z.core.$strip>;
+    }, z.core.$strip>>>;
+    vulnerabilities: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        cve: z.ZodOptional<z.ZodString>;
+        id: z.ZodString;
+        severity: z.ZodEnum<{
+            info: "info";
+            medium: "medium";
+            critical: "critical";
+            high: "high";
+            low: "low";
+        }>;
+        category: z.ZodOptional<z.ZodString>;
+        title: z.ZodString;
+        location: z.ZodOptional<z.ZodString>;
+        remediation: z.ZodOptional<z.ZodString>;
+        description: z.ZodString;
+        affectedVersions: z.ZodArray<z.ZodString>;
+        fixedIn: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        cvssScore: z.ZodOptional<z.ZodNumber>;
+        exploitAvailable: z.ZodDefault<z.ZodBoolean>;
+        patchAvailable: z.ZodDefault<z.ZodBoolean>;
+        workaround: z.ZodOptional<z.ZodString>;
+        references: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        discoveredDate: z.ZodOptional<z.ZodString>;
+        publishedDate: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    codeSigning: z.ZodOptional<z.ZodObject<{
+        signed: z.ZodBoolean;
+        signature: z.ZodOptional<z.ZodString>;
+        certificate: z.ZodOptional<z.ZodString>;
+        algorithm: z.ZodOptional<z.ZodString>;
+        timestamp: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+    certifications: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        name: z.ZodString;
+        issuer: z.ZodString;
+        issuedDate: z.ZodString;
+        expiryDate: z.ZodOptional<z.ZodString>;
+        certificateUrl: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    securityContact: z.ZodOptional<z.ZodObject<{
+        email: z.ZodOptional<z.ZodString>;
+        url: z.ZodOptional<z.ZodString>;
+        pgpKey: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+    vulnerabilityDisclosure: z.ZodOptional<z.ZodObject<{
+        policyUrl: z.ZodOptional<z.ZodString>;
+        responseTime: z.ZodOptional<z.ZodNumber>;
+        bugBounty: z.ZodDefault<z.ZodBoolean>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+export type PermissionScope = z.infer<typeof PermissionScopeSchema>;
+export type PermissionAction = z.infer<typeof PermissionActionSchema>;
+export type ResourceType = z.infer<typeof ResourceTypeSchema>;
+export type Permission = z.infer<typeof PermissionSchema>;
+export type PermissionSet = z.infer<typeof PermissionSetSchema>;
+export type RuntimeConfig = z.infer<typeof RuntimeConfigSchema>;
+export type SandboxConfig = z.infer<typeof SandboxConfigSchema>;
+export type SecurityVulnerability = z.infer<typeof SecurityVulnerabilitySchema>;
+export type SecurityScanResult = z.infer<typeof SecurityScanResultSchema>;
+export type SecurityPolicy = z.infer<typeof SecurityPolicySchema>;
+export type PluginTrustLevel = z.infer<typeof PluginTrustLevelSchema>;
+export type PluginSecurityManifest = z.infer<typeof PluginSecurityManifestSchema>;
+//# sourceMappingURL=plugin-security-advanced.zod.d.ts.map