@pacamelo/core 1.0.0

package/dist/index.d.ts

@@ -0,0 +1,1669 @@
+import * as zustand from 'zustand';
+
+/**
+ * PURGE Module Types
+ * Pacamelo's Universal Redaction & Governance Engine
+ */
+type PurgeState = 'idle' | 'loaded' | 'column_select' | 'configuring' | 'scanning' | 'preview' | 'purging' | 'complete';
+type SupportedFileType = 'docx' | 'xlsx' | 'pptx' | 'pdf';
+interface QueuedFile {
+    id: string;
+    file: File;
+    name: string;
+    size: number;
+    type: SupportedFileType;
+    status: 'queued' | 'scanning' | 'detected' | 'purging' | 'complete' | 'error';
+    error?: string;
+}
+interface ProcessedFile {
+    id: string;
+    originalName: string;
+    purgedName: string;
+    originalSize: number;
+    purgedSize: number;
+    type: SupportedFileType;
+    blob: Blob;
+    detectionsRemoved: number;
+    timestamp: number;
+}
+type PIICategory = 'person_name' | 'email' | 'phone' | 'address' | 'ssn' | 'credit_card' | 'ip_address' | 'date_of_birth' | 'custom';
+interface Detection {
+    id: string;
+    fileId: string;
+    sectionId: string;
+    category: PIICategory;
+    value: string;
+    startOffset: number;
+    endOffset: number;
+    confidence: number;
+    context: string;
+    source?: 'regex' | 'ai';
+    location?: {
+        page?: number;
+        sheet?: string;
+        cell?: string;
+        slide?: number;
+        paragraph?: number;
+    };
+}
+interface DetectionResult {
+    detections: Detection[];
+    processingTimeMs: number;
+    engineVersion: string;
+}
+interface ContentSection {
+    id: string;
+    text: string;
+    type: 'paragraph' | 'cell' | 'slide' | 'heading' | 'footer' | 'header';
+    location: {
+        page?: number;
+        sheet?: string;
+        cell?: string;
+        slide?: number;
+        paragraph?: number;
+    };
+}
+interface DocumentContent {
+    fileId: string;
+    fileName: string;
+    fileType: SupportedFileType;
+    sections: ContentSection[];
+}
+interface ParsedDocument {
+    content: DocumentContent;
+    metadata: Record<string, unknown>;
+    rawData: unknown;
+}
+type RedactionStyle = 'blackout' | 'replacement' | 'pseudonym' | 'partial';
+interface CustomPattern {
+    id: string;
+    name: string;
+    regex: string;
+    category: 'custom';
+    enabled: boolean;
+}
+interface ScrubConfig {
+    categories: Record<PIICategory, boolean>;
+    redactionStyle: RedactionStyle;
+    replacementText: string;
+    customPatterns: CustomPattern[];
+    sensitivity: 'low' | 'medium' | 'high';
+}
+interface ProcessingProgress {
+    currentFileIndex: number;
+    totalFiles: number;
+    currentFileName: string;
+    phase: 'detecting' | 'redacting' | 'finalizing';
+    percent: number;
+}
+interface NetworkRequest {
+    id: string;
+    method: string;
+    url: string;
+    size: number;
+    status: number;
+    timestamp: number;
+}
+interface StorageSnapshot {
+    localStorage: number;
+    sessionStorage: number;
+    indexedDB: number;
+    cookies: number;
+    cacheAPI: number;
+    watermarkPlanted: boolean;
+    watermarkVerified: boolean;
+}
+interface MemoryStats {
+    allocated: number;
+    wiped: number;
+    buffersCleared: number;
+    totalBuffers: number;
+}
+interface DetectionCapabilities {
+    supportedCategories: PIICategory[];
+    supportsCustomPatterns: boolean;
+    supportsContextualDetection: boolean;
+    maxFileSizeMB: number;
+}
+interface DetectionEngine {
+    detect(content: DocumentContent, config: ScrubConfig): Promise<DetectionResult>;
+    isAvailable(): Promise<boolean>;
+    getCapabilities(): DetectionCapabilities;
+}
+interface Redaction {
+    detectionId: string;
+    sectionId: string;
+    startOffset: number;
+    endOffset: number;
+    replacement: string;
+}
+interface DocumentProcessor {
+    canProcess(file: File): boolean;
+    parse(file: File): Promise<ParsedDocument>;
+    applyRedactions(document: ParsedDocument, redactions: Redaction[]): Promise<Blob>;
+    getSupportedMimeTypes(): string[];
+}
+/**
+ * A single block of file data with its entropy measurement.
+ * Used for heat map visualization.
+ */
+interface EntropyBlock {
+    /** Block index in the file */
+    index: number;
+    /** Shannon entropy value (0-8 bits) */
+    entropy: number;
+    /** Normalized entropy for color mapping (0-1) */
+    normalizedEntropy: number;
+    /** Byte offset in the original file */
+    offset: number;
+    /** Size of this block in bytes */
+    size: number;
+    /** Whether this block overlaps with a PII detection */
+    containsPII: boolean;
+}
+/**
+ * Complete entropy analysis of a file.
+ */
+interface EntropyData {
+    /** Array of entropy blocks */
+    blocks: EntropyBlock[];
+    /** Overall file entropy */
+    globalEntropy: number;
+    /** Highest block entropy */
+    maxEntropy: number;
+    /** Lowest block entropy */
+    minEntropy: number;
+    /** Total bytes analyzed */
+    totalBytes: number;
+    /** Block size used for analysis */
+    blockSize: number;
+}
+/**
+ * Comparison data for before/after visualization.
+ */
+interface EntropyComparison {
+    /** Entropy data before redaction */
+    before: EntropyData | null;
+    /** Entropy data after redaction */
+    after: EntropyData | null;
+    /** Regions where entropy changed significantly */
+    changedRegions: Array<{
+        startBlock: number;
+        endBlock: number;
+        entropyDrop: number;
+    }>;
+}
+/**
+ * Configuration for which columns to process in XLSX files.
+ * Enables "column isolation" where non-selected columns are never read.
+ */
+interface ColumnSelectionConfig {
+    /** Processing mode: 'all' scans everything, 'selected' only scans specified columns */
+    mode: 'all' | 'selected';
+    /** Set of column letters to process (e.g., 'A', 'B', 'C') */
+    selectedColumns: Set<string>;
+    /** Set of sheet names to process */
+    selectedSheets: Set<string>;
+}
+/**
+ * Cryptographic attestation proving a column was never accessed.
+ * The hash is computed from column metadata WITHOUT reading cell values.
+ */
+interface ColumnAttestation {
+    /** Column letter (A, B, C, etc.) */
+    column: string;
+    /** Sheet name */
+    sheet: string;
+    /** Number of cells in the column */
+    cellCount: number;
+    /** SHA-256 hash of column metadata (proves we didn't modify it) */
+    rawBytesHash: string;
+    /** Always false - indicates this column was skipped */
+    wasAccessed: false;
+}
+/**
+ * Metadata about a single sheet in the spreadsheet.
+ * Extracted without reading sensitive cell values.
+ */
+interface SheetMetadata {
+    /** Sheet name */
+    name: string;
+    /** Array of column letters present (e.g., ['A', 'B', 'C']) */
+    columns: string[];
+    /** Total row count */
+    rowCount: number;
+    /** Total column count */
+    columnCount: number;
+    /** Optional first-row values as column headers (can be disabled for privacy) */
+    sampleHeaders?: string[];
+}
+/**
+ * Complete spreadsheet structure metadata.
+ * Allows column selection UI without exposing sensitive data.
+ */
+interface SpreadsheetMetadata {
+    /** Array of sheet metadata */
+    sheets: SheetMetadata[];
+    /** Total cell count across all sheets */
+    totalCells: number;
+    /** Column range (first and last column letters) */
+    columnRange: {
+        min: string;
+        max: string;
+    };
+}
+/**
+ * Record of which columns were skipped during processing.
+ * Displayed in TrustPanel for user visibility.
+ * Note: This is a self-reported indicator, not a cryptographic proof.
+ */
+interface ColumnAccessProof {
+    /** Attestations for each skipped column */
+    attestations: ColumnAttestation[];
+    /** When the record was generated */
+    timestamp: string;
+    /** Hash of all attestations combined */
+    verificationHash: string;
+    /** Whether post-processing verification passed */
+    verified: boolean;
+}
+/**
+ * Attributes leaked through context that could identify a person.
+ * Each attribute narrows the potential population of matches.
+ */
+interface LeakedAttribute {
+    /** Type of attribute detected */
+    type: 'profession' | 'affiliation' | 'temporal_marker' | 'geographic_signal' | 'relational_context' | 'unique_event' | 'demographic' | 'achievement' | 'public_role';
+    /** The phrase or context that reveals this attribute */
+    phrase: string;
+    /** Estimated population narrowing factor (smaller = more identifying) */
+    narrowingFactor: number;
+    /** Human-readable explanation */
+    explanation: string;
+    /** Suggested generalization to reduce risk */
+    suggestion?: string;
+    /** Location in the redacted text */
+    location: {
+        sectionId: string;
+        startOffset: number;
+        endOffset: number;
+    };
+}
+/**
+ * A phrase that could be searched to find the person.
+ */
+interface SearchableFragment {
+    /** The searchable text */
+    fragment: string;
+    /** How easy it would be to find the person via search */
+    searchability: 'trivial' | 'moderate' | 'difficult';
+    /** Why this is searchable */
+    reason: string;
+    /** What search would likely return */
+    predictedResults: string;
+}
+/**
+ * Semantic fingerprint - how uniquely identifying is the redacted text?
+ */
+interface SemanticFingerprint {
+    /** Estimated population size that matches this description */
+    estimatedPopulationSize: number;
+    /** Human-readable population description */
+    populationDescription: string;
+    /** Primary factors driving uniqueness */
+    uniquenessDrivers: Array<{
+        phrase: string;
+        impact: 'critical' | 'high' | 'medium' | 'low';
+        narrowingFactor: number;
+        suggestion: string;
+    }>;
+    /** Combined re-identification risk score (0-100) */
+    riskScore: number;
+    /** Risk level classification */
+    riskLevel: 'critical' | 'high' | 'medium' | 'low' | 'minimal';
+}
+/**
+ * Cross-reference vulnerability assessment.
+ */
+interface CrossReferenceRisk {
+    /** Fragments that could be used to search/identify */
+    searchableFragments: SearchableFragment[];
+    /** Databases/sources that could be cross-referenced */
+    vulnerableSources: Array<{
+        source: string;
+        matchLikelihood: 'certain' | 'likely' | 'possible' | 'unlikely';
+        dataPoints: string[];
+    }>;
+    /** Overall cross-reference risk score (0-100) */
+    riskScore: number;
+}
+/**
+ * Result of an adversarial analysis pass.
+ */
+interface AdversarialAnalysis {
+    /** Unique ID for this analysis */
+    id: string;
+    /** When the analysis was performed */
+    timestamp: number;
+    /** Overall re-identification confidence (0-100) */
+    reidentificationConfidence: number;
+    /** Risk classification */
+    riskLevel: 'critical' | 'high' | 'medium' | 'low' | 'minimal';
+    /** Leaked attributes found in the text */
+    leakedAttributes: LeakedAttribute[];
+    /** Semantic fingerprint analysis */
+    semanticFingerprint: SemanticFingerprint;
+    /** Cross-reference vulnerability */
+    crossReferenceRisk: CrossReferenceRisk;
+    /** Sections analyzed */
+    sectionsAnalyzed: string[];
+    /** Processing time in ms */
+    processingTimeMs: number;
+}
+/**
+ * Suggested action to reduce re-identification risk.
+ */
+interface AdversarialSuggestion {
+    /** Unique ID */
+    id: string;
+    /** Type of suggestion */
+    type: 'redact' | 'generalize' | 'rephrase' | 'remove';
+    /** Priority (1 = highest) */
+    priority: number;
+    /** The problematic phrase */
+    originalPhrase: string;
+    /** Suggested replacement */
+    suggestedReplacement: string;
+    /** Expected risk reduction (percentage points) */
+    expectedRiskReduction: number;
+    /** Location in document */
+    location: {
+        sectionId: string;
+        startOffset: number;
+        endOffset: number;
+    };
+    /** Why this change helps */
+    rationale: string;
+    /** Whether user has accepted this suggestion */
+    accepted: boolean;
+}
+/**
+ * Complete adversarial verification result.
+ */
+interface AdversarialVerificationResult {
+    /** The analysis performed */
+    analysis: AdversarialAnalysis;
+    /** Suggested actions to reduce risk */
+    suggestions: AdversarialSuggestion[];
+    /** Whether the document passes the risk threshold */
+    passesThreshold: boolean;
+    /** Configured risk threshold */
+    riskThreshold: number;
+    /** Iteration number (for adversarial loop) */
+    iteration: number;
+    /** Previous iteration's confidence (to show improvement) */
+    previousConfidence?: number;
+}
+/**
+ * Configuration for adversarial verification.
+ */
+interface AdversarialConfig {
+    /** Enable adversarial verification */
+    enabled: boolean;
+    /** Risk threshold (0-100) - fail if reidentification confidence exceeds this */
+    riskThreshold: number;
+    /** Maximum iterations of the adversarial loop */
+    maxIterations: number;
+    /** Whether to auto-apply low-risk suggestions */
+    autoApplyLowRisk: boolean;
+    /** Analysis depth */
+    analysisDepth: 'quick' | 'standard' | 'thorough';
+    /** Categories of analysis to perform */
+    enabledAnalyses: {
+        attributeLeakage: boolean;
+        semanticFingerprinting: boolean;
+        crossReferenceCheck: boolean;
+    };
+}
+
+/**
+ * Get the confidence threshold for a given sensitivity level.
+ * Used for client-side filtering of detections.
+ */
+declare const getSensitivityThreshold: (sensitivity: ScrubConfig["sensitivity"]) => number;
+interface PurgeStore {
+    state: PurgeState;
+    queuedFiles: QueuedFile[];
+    processedFiles: ProcessedFile[];
+    detections: Detection[];
+    selectedDetections: Set<string>;
+    config: ScrubConfig;
+    progress: ProcessingProgress | null;
+    columnConfig: ColumnSelectionConfig | null;
+    spreadsheetMetadata: SpreadsheetMetadata | null;
+    columnAccessProof: ColumnAccessProof | null;
+    adversarialResult: AdversarialVerificationResult | null;
+    adversarialConfig: AdversarialConfig;
+    isAnalyzingAdversarial: boolean;
+    paranoidMode: boolean;
+    setState: (state: PurgeState) => void;
+    feedDocuments: (files: QueuedFile[]) => void;
+    removeDocument: (id: string) => void;
+    updateFileStatus: (id: string, status: QueuedFile['status'], error?: string) => void;
+    addProcessedFile: (file: ProcessedFile) => void;
+    clearProcessedFiles: () => void;
+    setDetections: (detections: Detection[]) => void;
+    toggleDetection: (id: string) => void;
+    /**
+     * Select all detections. If visibleIds is provided, only select those
+     * (used for sensitivity-filtered selection).
+     */
+    selectAllDetections: (visibleIds?: string[]) => void;
+    deselectAllDetections: () => void;
+    selectDetectionsByCategory: (category: PIICategory, selected: boolean) => void;
+    /**
+     * Clear PII values from detection objects after purging completes.
+     * This is a privacy-focused cleanup - the detection metadata (id, category,
+     * position) is preserved for UI display, but actual PII values are scrubbed.
+     */
+    clearDetectionValues: () => void;
+    /**
+     * M-6 SECURITY FIX: Aggressively clear all sensitive data from store.
+     * Use this instead of clearDetectionValues when you want complete cleanup.
+     * Clears detections entirely rather than just replacing values.
+     */
+    secureClear: () => void;
+    updateConfig: (config: Partial<ScrubConfig>) => void;
+    toggleCategory: (category: PIICategory) => void;
+    setRedactionStyle: (style: ScrubConfig['redactionStyle']) => void;
+    setProgress: (progress: ProcessingProgress | null) => void;
+    setColumnConfig: (config: ColumnSelectionConfig | null) => void;
+    setSpreadsheetMetadata: (metadata: SpreadsheetMetadata | null) => void;
+    setColumnAccessProof: (proof: ColumnAccessProof | null) => void;
+    setAdversarialResult: (result: AdversarialVerificationResult | null) => void;
+    setAdversarialConfig: (config: Partial<AdversarialConfig>) => void;
+    setIsAnalyzingAdversarial: (isAnalyzing: boolean) => void;
+    applySuggestion: (suggestion: AdversarialSuggestion) => void;
+    clearAdversarialState: () => void;
+    setParanoidMode: (enabled: boolean) => void;
+    reset: () => void;
+    /**
+     * Soft reset for multi-run support.
+     * Clears files/detections but preserves config settings.
+     * Returns to idle state ready for new files.
+     */
+    softReset: () => void;
+}
+declare const usePurgeStore: zustand.UseBoundStore<zustand.StoreApi<PurgeStore>>;
+
+/**
+ * Regex Detection Engine
+ * Client-side PII detection using regex patterns
+ *
+ * SECURITY NOTE: Uses Web Workers for regex execution to enable true timeout
+ * termination. When a regex takes too long, the worker is terminated, killing
+ * the regex execution immediately. This prevents ReDoS attacks from freezing
+ * the browser tab.
+ */
+
+/**
+ * Regex-based detection engine
+ * Provides client-side PII detection without network requests
+ */
+declare class RegexDetectionEngine implements DetectionEngine {
+    private version;
+    detect(content: DocumentContent, config: ScrubConfig): Promise<DetectionResult>;
+    isAvailable(): Promise<boolean>;
+    getCapabilities(): DetectionCapabilities;
+    /**
+     * Calculate confidence score based on pattern and context
+     */
+    private calculateConfidence;
+    /**
+     * Get minimum confidence threshold for sensitivity level
+     */
+    private getSensitivityThreshold;
+    /**
+     * Remove duplicate detections at the same position
+     */
+    private deduplicateDetections;
+}
+declare const regexDetectionEngine: RegexDetectionEngine;
+
+/**
+ * PII Detection Patterns
+ * Regex patterns for detecting personally identifiable information
+ */
+
+interface PatternDefinition {
+    category: PIICategory;
+    pattern: RegExp;
+    priority: number;
+    validator?: (match: string) => boolean;
+}
+/**
+ * Get patterns for specific categories (cached)
+ * Uses a cache to avoid repeated filtering for the same category combinations.
+ */
+declare function getPatternsForCategories(enabledCategories: PIICategory[]): PatternDefinition[];
+
+/**
+ * BaseProcessor
+ * Abstract base class for document processors
+ */
+
+/**
+ * Generate unique section ID using cryptographically secure random
+ */
+declare function generateSectionId(): string;
+/**
+ * Abstract base class for document processors
+ */
+declare abstract class BaseProcessor implements DocumentProcessor {
+    abstract readonly fileType: SupportedFileType;
+    abstract readonly mimeTypes: string[];
+    abstract readonly extensions: string[];
+    /**
+     * Check if this processor can handle the file
+     */
+    canProcess(file: File): boolean;
+    /**
+     * Parse the document and extract text content
+     */
+    abstract parse(file: File): Promise<ParsedDocument>;
+    /**
+     * Apply redactions and generate output
+     */
+    abstract applyRedactions(document: ParsedDocument, redactions: Redaction[]): Promise<Blob>;
+    /**
+     * Get supported MIME types
+     */
+    getSupportedMimeTypes(): string[];
+    /**
+     * Helper to create a content section
+     */
+    protected createSection(text: string, type: ContentSection['type'], location: ContentSection['location']): ContentSection;
+    /**
+     * Apply text replacements to a string
+     */
+    protected applyTextRedactions(text: string, redactions: Redaction[], sectionId: string): string;
+}
+
+/**
+ * XlsxProcessor
+ * Excel document processor using xlsx library
+ *
+ * SECURITY: This processor rebuilds the output file from scratch rather than
+ * modifying the original. This approach strips:
+ * - Document properties (author, company, etc.)
+ * - Hidden sheets
+ * - Comments and notes
+ * - Formulas (converted to values only)
+ * - Custom XML parts
+ * - External links
+ *
+ * M-8 WARNING: Formula cells are converted to their calculated values.
+ * If a formula references hidden cells containing PII (e.g., =A1 where A1
+ * contains "John Doe's SSN: 123-45-6789"), the PII will appear in the
+ * formula cell's value. Users should review formula cells carefully and
+ * ensure hidden columns/sheets don't contain sensitive data that formulas
+ * reference.
+ */
+
+/**
+ * Options for parsing XLSX files
+ */
+interface XlsxParseOptions {
+    /** Column selection configuration for selective parsing */
+    columnSelection?: ColumnSelectionConfig;
+    /** Whether to generate attestations for skipped columns */
+    generateAttestation?: boolean;
+}
+declare class XlsxProcessor extends BaseProcessor {
+    readonly fileType: "xlsx";
+    readonly mimeTypes: string[];
+    readonly extensions: string[];
+    /**
+     * Parse Excel file and extract text from cells.
+     * Supports selective column parsing with attestation generation.
+     *
+     * @param file - The Excel file to parse
+     * @param options - Optional parsing options for column selection
+     */
+    parse(file: File, options?: XlsxParseOptions): Promise<ParsedDocument>;
+    /**
+     * Generate metadata record for a skipped column.
+     *
+     * NOTE: This does NOT cryptographically prove anything meaningful.
+     * It just records column metadata (position, cell count). The hash
+     * is of this metadata string, not the actual cell values. This is
+     * for internal tracking only - we removed the misleading
+     * "cryptographic attestation" claim from the UI.
+     */
+    private generateColumnAttestation;
+    /**
+     * Apply redactions and generate new Excel file
+     *
+     * SECURITY: This method rebuilds the workbook from scratch to strip metadata.
+     * Only cell values are copied - no formulas, comments, properties, or hidden sheets.
+     */
+    applyRedactions(document: ParsedDocument, redactions: Redaction[]): Promise<Blob>;
+}
+declare const xlsxProcessor: XlsxProcessor;
+
+/**
+ * Document Processors
+ * Export all available processors
+ */
+
+/**
+ * Get processor for a file type
+ */
+declare function getProcessor(fileType: SupportedFileType): DocumentProcessor | null;
+/**
+ * Get processor for a file
+ */
+declare function getProcessorForFile(file: File): DocumentProcessor | null;
+
+/**
+ * Adversarial Verification Engine
+ *
+ * This service thinks like an attacker - given redacted text, how confident
+ * would an adversary be in re-identifying the subject?
+ *
+ * The engine analyzes:
+ * 1. Leaked attributes (profession, affiliation, temporal markers, etc.)
+ * 2. Semantic fingerprinting (how unique is this description?)
+ * 3. Cross-reference vulnerability (could this be Googled?)
+ */
+
+declare class AdversarialVerifier {
+    private config;
+    constructor(config?: Partial<AdversarialConfig>);
+    /**
+     * Main entry point: analyze redacted content for re-identification risk
+     */
+    analyze(sections: ContentSection[], appliedRedactions: Detection[]): Promise<AdversarialVerificationResult>;
+    /**
+     * Simulate what the document looks like after redaction
+     */
+    private simulateRedactedOutput;
+    /**
+     * Extract attributes that leak identity from redacted text
+     */
+    private extractLeakedAttributes;
+    /**
+     * Check if a position is inside a [REDACTED] marker
+     */
+    private isInsideRedaction;
+    /**
+     * Calculate semantic fingerprint - how unique is this description?
+     */
+    private calculateSemanticFingerprint;
+    /**
+     * Categorize the impact of a narrowing factor
+     */
+    private categorizeImpact;
+    /**
+     * Create human-readable population description
+     */
+    private describePopulation;
+    /**
+     * Assess cross-reference vulnerability
+     */
+    private assessCrossReferenceRisk;
+    /**
+     * Predict what a search might return
+     */
+    private predictSearchResults;
+    /**
+     * Assess likelihood of database match
+     */
+    private assessMatchLikelihood;
+    /**
+     * Calculate overall re-identification confidence
+     */
+    private calculateOverallConfidence;
+    /**
+     * Classify risk level based on confidence score
+     */
+    private classifyRiskLevel;
+    /**
+     * Generate suggestions for reducing risk
+     */
+    private generateSuggestions;
+    /**
+     * Estimate risk reduction from applying a suggestion
+     */
+    private estimateRiskReduction;
+    /**
+     * Empty semantic fingerprint for when analysis is disabled
+     */
+    private emptySemanticFingerprint;
+    /**
+     * Empty cross-reference risk for when analysis is disabled
+     */
+    private emptyCrossReferenceRisk;
+    /**
+     * Update configuration
+     */
+    setConfig(config: Partial<AdversarialConfig>): void;
+    /**
+     * Get current configuration
+     */
+    getConfig(): AdversarialConfig;
+}
+declare const adversarialVerifier: AdversarialVerifier;
+
+/**
+ * useDocumentProcessor Hook
+ * Main processing hook for document scrubbing workflow
+ *
+ * NOTE: The wipeMemory function zeros out tracked buffers as a visualization
+ * of cleanup, but JavaScript does not provide true secure memory wiping.
+ * The original file data may persist in browser memory until garbage collected.
+ */
+
+/**
+ * Result object returned by the useDocumentProcessor hook
+ */
+interface UseDocumentProcessorResult {
+    /** Whether document processing is currently in progress */
+    isProcessing: boolean;
+    /** Current processing progress (null when not processing) */
+    progress: ProcessingProgress | null;
+    /** Array of PII detections found in scanned documents */
+    detections: Detection[];
+    /** Memory allocation and cleanup statistics */
+    memoryStats: MemoryStats;
+    /** Before/after entropy comparison for visualization */
+    entropyComparison: EntropyComparison;
+    /** Whether entropy calculation is in progress */
+    isCalculatingEntropy: boolean;
+    /** Content sections from parsed documents (for adversarial analysis) */
+    contentSections: ContentSection[];
+    /**
+     * Scan files for PII detections
+     * @param files - Array of queued files to scan
+     * @param config - Configuration specifying which categories to detect
+     * @param bypassQuota - If true, skip offline quota checks (for online_acknowledged mode)
+     * @returns Promise resolving to array of detections found
+     */
+    scanFiles: (files: QueuedFile[], config: ScrubConfig, bypassQuota?: boolean) => Promise<Detection[]>;
+    /**
+     * Process files and apply redactions to selected detections
+     * @param files - Array of queued files to process
+     * @param selectedDetections - Set of detection IDs to redact
+     * @param config - Configuration specifying redaction style
+     * @returns Promise resolving to array of processed files
+     */
+    processFiles: (files: QueuedFile[], selectedDetections: Set<string>, config: ScrubConfig) => Promise<ProcessedFile[]>;
+    /**
+     * Wipe tracked memory buffers (visualization only - not cryptographically secure)
+     */
+    wipeMemory: () => Promise<void>;
+}
+declare function useDocumentProcessor(): UseDocumentProcessorResult;
+
+/**
+ * useOfflineEnforcement Hook
+ *
+ * Encourages offline mode for maximum privacy assurance during processing.
+ * While offline mode provides strong indication of no network activity,
+ * it cannot guarantee complete protection (extensions, etc. may still access data).
+ *
+ * States:
+ * - online_blocked: Recommends user go offline for better assurance
+ * - online_acknowledged: User explicitly accepted online risk (bypass with warning)
+ * - offline_ready: Offline detected, ready to accept files
+ * - processing: Currently processing files
+ * - reconnected_abort: Connection detected mid-process, processing stopped
+ * - complete: Done processing, prompts to download before reconnecting
+ * - reconnected_warning: Reconnected before download, shows reminder
+ */
+type OfflineEnforcementStatus = 'online_blocked' | 'online_acknowledged' | 'offline_ready' | 'sw_blocked' | 'quota_exhausted' | 'processing' | 'awaiting_download' | 'reconnected_abort' | 'complete' | 'reconnected_warning';
+/**
+ * State object representing the current offline enforcement status
+ */
+interface OfflineEnforcementState {
+    /** Current state machine status */
+    status: OfflineEnforcementStatus;
+    /** Whether the browser is currently online */
+    isOnline: boolean;
+    /** Whether processing can proceed (offline and ready) */
+    canProcess: boolean;
+    /** Countdown seconds remaining (null when not counting) */
+    countdownSeconds: number | null;
+    /** Whether the user has downloaded processed files */
+    hasDownloaded: boolean;
+    /** Number of countdown extensions used */
+    extensionsUsed: number;
+    /** Maximum allowed countdown extensions */
+    maxExtensions: number;
+    /** Whether processing started in online (acknowledged) mode - affects close behavior */
+    startedOnline: boolean;
+    /** Remaining offline quota tokens */
+    quotaRemaining: number;
+    /** Whether offline quota is exhausted */
+    quotaExhausted: boolean;
+}
+/**
+ * Actions available for controlling offline enforcement behavior
+ */
+interface OfflineEnforcementActions {
+    /** Transition to processing state when files are dropped. Async because it checks for service workers in offline mode. */
+    startProcessing: () => Promise<void>;
+    /** Mark processing as complete and start countdown timer */
+    completeProcessing: () => void;
+    /** Mark that the user has downloaded their processed files */
+    markDownloaded: () => void;
+    /** Extend countdown by 30 seconds (max 2 times). Returns false if extensions exhausted. */
+    extendCountdown: () => boolean;
+    /** Force close the tab immediately by navigating to about:blank */
+    forceClose: () => void;
+    /** Reset state machine to initial state based on current online status */
+    reset: () => void;
+    /** User explicitly acknowledges online risk and wants to proceed anyway */
+    acknowledgeOnlineRisk: () => void;
+}
+/**
+ * Result object returned by the useOfflineEnforcement hook
+ */
+interface UseOfflineEnforcementResult {
+    /** Current enforcement state */
+    state: OfflineEnforcementState;
+    /** Actions to control enforcement behavior */
+    actions: OfflineEnforcementActions;
+}
+declare function useOfflineEnforcement(): UseOfflineEnforcementResult;
+
+/**
+ * QuotaRefreshAPI
+ *
+ * Stubbed API client for quota refresh.
+ * Currently returns offline/unavailable status.
+ *
+ * Future implementation will:
+ * 1. POST to /api/quota/refresh with auth token
+ * 2. Server validates user tier and usage
+ * 3. Returns new token count or denial
+ */
+type RefreshResult = {
+    success: true;
+    tokens: number;
+} | {
+    success: false;
+    reason: 'offline' | 'api_error' | 'not_authenticated' | 'rate_limited';
+};
+/**
+ * Requests a quota refresh from the server.
+ *
+ * STUB IMPLEMENTATION:
+ * - Returns { success: false, reason: 'offline' } when offline
+ * - Returns { success: false, reason: 'not_authenticated' } when online
+ *   (since auth isn't implemented yet)
+ *
+ * FUTURE IMPLEMENTATION:
+ * - POST to /api/quota/refresh with JWT auth
+ * - Server validates user, tier, and usage limits
+ * - Returns new token allocation
+ */
+declare function requestQuotaRefresh(): Promise<RefreshResult>;
+
+/**
+ * OfflineQuotaStore
+ *
+ * Tamper-resistant storage for offline usage quota.
+ * Uses HMAC signatures and IndexedDB backup for integrity.
+ *
+ * Security measures:
+ * 1. HMAC-SHA256 signature on all stored data
+ * 2. IndexedDB backup for cross-validation
+ * 3. Device fingerprint binding
+ * 4. Tampering detection with quota reset
+ */
+interface QuotaState {
+    /** Remaining processing tokens (0-50) */
+    tokensRemaining: number;
+    /** ISO timestamp of last refresh */
+    lastRefresh: string;
+    /** Device fingerprint this quota is bound to */
+    deviceFingerprint: string;
+    /** Schema version for migrations */
+    version: number;
+}
+declare class OfflineQuotaStore {
+    private cachedState;
+    private fingerprint;
+    /**
+     * Initializes the store, loading existing state or creating new
+     */
+    initialize(): Promise<QuotaState>;
+    /**
+     * Gets current tokens remaining (cached for performance)
+     */
+    getTokens(): number;
+    /**
+     * Checks if processing is allowed
+     */
+    canProcess(): boolean;
+    /**
+     * Decrements quota by 1 token. Returns new remaining count.
+     * Throws if quota is exhausted.
+     */
+    decrement(): Promise<number>;
+    /**
+     * Resets quota to specified token count (used by refresh API)
+     */
+    reset(tokens: number): Promise<void>;
+    /**
+     * Loads and validates quota state from storage
+     */
+    private load;
+    /**
+     * Saves quota state to both storage locations
+     */
+    private save;
+    /**
+     * Creates initial state for new users
+     */
+    private createInitialState;
+    /**
+     * Validates a signed state
+     */
+    private validateState;
+    /**
+     * Handles detected tampering by resetting quota to 0
+     */
+    private handleTampering;
+    /**
+     * LocalStorage helpers
+     */
+    private loadFromLocalStorage;
+    private saveToLocalStorage;
+    /**
+     * Clears all quota data (for testing/debugging)
+     */
+    clear(): Promise<void>;
+}
+declare class QuotaExhaustedError extends Error {
+    constructor(message: string);
+}
+declare const offlineQuotaStore: OfflineQuotaStore;
+
+/**
+ * useOfflineQuota Hook
+ *
+ * React hook for offline quota enforcement.
+ * Provides quota state and actions for the document processor.
+ */
+
+interface UseOfflineQuotaReturn {
+    /** Number of tokens remaining */
+    tokensRemaining: number;
+    /** Whether quota is exhausted (0 tokens) */
+    isExhausted: boolean;
+    /** Whether quota store is ready */
+    isInitialized: boolean;
+    /** Check if a file can be processed */
+    canProcessFile: () => boolean;
+    /** Consume one token (call after successful processing) */
+    consumeToken: () => Promise<void>;
+    /** Request quota refresh from server (stubbed) */
+    requestRefresh: () => Promise<RefreshResult>;
+    /** Error message if any */
+    quotaError: string | null;
+    /** Last refresh timestamp */
+    lastRefresh: string | null;
+}
+declare function useOfflineQuota(): UseOfflineQuotaReturn;
+
+/**
+ * useFileEntropy Hook
+ *
+ * Calculates Shannon entropy for file data to visualize data randomness.
+ * High entropy (near 8 bits) indicates random/encrypted/compressed data.
+ * Low entropy (near 0 bits) indicates repetitive/uniform data.
+ *
+ * PII like names, SSNs, emails typically has moderate-high entropy.
+ * Redacted text like "[REDACTED]" has low entropy due to repetition.
+ *
+ * References:
+ * - Shannon entropy: https://en.wikipedia.org/wiki/Entropy_(information_theory)
+ * - binvis.io: https://binvis.io/
+ */
+
+interface UseFileEntropyOptions {
+    /** Size of each block in bytes (default: 256) */
+    blockSize?: number;
+}
+interface UseFileEntropyResult {
+    /** Calculate entropy for raw bytes */
+    calculateEntropy: (bytes: Uint8Array, detections?: Detection[]) => EntropyData;
+    /** Calculate entropy for a File object */
+    calculateFileEntropy: (file: File, detections?: Detection[]) => Promise<EntropyData>;
+    /** Calculate entropy for text content */
+    calculateTextEntropy: (text: string, detections?: Detection[]) => EntropyData;
+    /** Compare before and after entropy */
+    compareEntropy: (before: EntropyData | null, after: EntropyData | null) => EntropyComparison;
+    /** Loading state for async operations */
+    isCalculating: boolean;
+    /** Any error during calculation */
+    error: Error | null;
+}
+/**
+ * Hook for calculating file entropy.
+ */
+declare function useFileEntropy(options?: UseFileEntropyOptions): UseFileEntropyResult;
+
+/**
+ * useFileHash Hook
+ *
+ * Calculates SHA-256 hash of files using Web Crypto API.
+ *
+ * IMPORTANT: This proves FILE INTEGRITY (wasn't modified during processing).
+ * This does NOT prove the file wasn't copied/uploaded.
+ * The UI should be honest about this distinction.
+ */
+interface FileHashState {
+    /** SHA-256 hash of original file */
+    originalHash: string | null;
+    /** SHA-256 hash of processed file */
+    processedHash: string | null;
+    /** Timestamp when hashes were calculated */
+    timestamp: string | null;
+    /** Whether hashing is in progress */
+    isHashing: boolean;
+    /** Error message if hashing failed */
+    error: string | null;
+}
+interface UseFileHashResult {
+    state: FileHashState;
+    /** Calculate hash of original file */
+    hashOriginalFile: (file: File) => Promise<string>;
+    /** Calculate hash of processed blob */
+    hashProcessedBlob: (blob: Blob) => Promise<string>;
+    /** Reset state */
+    reset: () => void;
+    /** Get hash comparison result */
+    getComparisonResult: () => HashComparisonResult;
+}
+interface HashComparisonResult {
+    /** Whether both hashes exist */
+    hasBothHashes: boolean;
+    /** Whether hashes match (file unchanged) */
+    hashesMatch: boolean;
+    /** Human-readable message */
+    message: string;
+}
+/**
+ * Truncate hash for display (first 8 + last 8 chars)
+ */
+declare function truncateHash(hash: string): string;
+declare function useFileHash(): UseFileHashResult;
+
+/**
+ * useAdversarialAnalysis Hook
+ *
+ * Orchestrates adversarial verification analysis on redacted content.
+ * Connects the AdversarialVerifier service with the Purge store and UI.
+ */
+
+interface UseAdversarialAnalysisOptions {
+    /** Automatically run analysis when detections change */
+    autoAnalyze?: boolean;
+    /** Debounce delay in ms for auto-analysis */
+    debounceMs?: number;
+}
+interface UseAdversarialAnalysisReturn {
+    /** Current analysis result */
+    result: AdversarialVerificationResult | null;
+    /** Whether analysis is in progress */
+    isAnalyzing: boolean;
+    /** Current configuration */
+    config: AdversarialConfig;
+    /** Run analysis manually */
+    analyze: (sections: ContentSection[], selectedDetections: Detection[]) => Promise<void>;
+    /** Apply a single suggestion */
+    applySuggestion: (suggestion: AdversarialSuggestion) => void;
+    /** Apply all suggestions */
+    applyAllSuggestions: () => void;
+    /** Update configuration */
+    updateConfig: (config: Partial<AdversarialConfig>) => void;
+    /** Clear analysis state */
+    clear: () => void;
+    /** Dismiss the analysis panel */
+    dismiss: () => void;
+}
+declare function useAdversarialAnalysis(options?: UseAdversarialAnalysisOptions): UseAdversarialAnalysisReturn;
+
+/**
+ * useSpreadsheetMetadata Hook
+ * Extracts spreadsheet structure WITHOUT reading sensitive cell values.
+ * This allows column selection UI while maintaining privacy.
+ */
+
+interface UseSpreadsheetMetadataResult {
+    /**
+     * Extract metadata from an XLSX file
+     * @param file - The File object to analyze
+     * @param includeHeaders - Whether to include first row values as sample headers
+     * @returns Promise resolving to spreadsheet metadata
+     */
+    extractMetadata: (file: File, includeHeaders?: boolean) => Promise<SpreadsheetMetadata>;
+}
+/**
+ * Hook for extracting spreadsheet structure metadata.
+ * Used to show column selection UI before scanning.
+ */
+declare function useSpreadsheetMetadata(): UseSpreadsheetMetadataResult;
+
+/**
+ * useNetworkProof Hook
+ * Monitors network requests to provide visibility into network activity.
+ *
+ * SECURITY NOTE: This hook monitors common network APIs (fetch, XHR, sendBeacon,
+ * WebSocket, Worker, RTCPeerConnection) but cannot guarantee complete coverage.
+ * Browser extensions, service workers, and other mechanisms may bypass monitoring.
+ * This is a best-effort indicator, not a security guarantee.
+ */
+
+/**
+ * Result object returned by the useNetworkProof hook
+ */
+interface UseNetworkProofResult {
+    /** Array of captured network requests */
+    requests: NetworkRequest[];
+    /** Whether the hook is currently recording requests */
+    isRecording: boolean;
+    /** Start monitoring network activity (patches global APIs) */
+    startRecording: () => void;
+    /** Stop monitoring and restore original APIs */
+    stopRecording: () => void;
+    /** Clear the recorded requests array */
+    clearRequests: () => void;
+    /** Total bytes transferred across all requests */
+    totalBytes: number;
+    /** Total number of captured requests */
+    requestCount: number;
+}
+/**
+ * Hook to monitor and display network activity.
+ *
+ * Uses monkey-patching of global APIs (fetch, XHR, WebSocket, Worker, RTCPeerConnection)
+ * and PerformanceObserver to intercept network requests. This provides visibility into
+ * network activity during document processing.
+ *
+ * @returns Object containing request data, recording state, and control functions
+ *
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const { requests, isRecording, startRecording, stopRecording } = useNetworkProof();
+ *
+ *   useEffect(() => {
+ *     startRecording();
+ *     return () => stopRecording();
+ *   }, []);
+ *
+ *   return <div>Requests: {requests.length}</div>;
+ * }
+ * ```
+ */
+declare function useNetworkProof(): UseNetworkProofResult;
+
+/**
+ * useEnhancedNetworkProof Hook
+ *
+ * Enhanced network monitoring that covers channels the basic hook misses:
+ * - WebSocket connections
+ * - WebRTC data channels (RTCPeerConnection)
+ * - Service Worker registrations and background sync
+ * - Beacon API
+ * - sendBeacon
+ *
+ * SECURITY NOTE: This is monitoring for visibility, not security.
+ * Extensions, service workers, and other mechanisms may bypass detection.
+ */
+interface EnhancedNetworkState {
+    /** WebSocket connections detected */
+    webSocketConnections: WebSocketConnection[];
+    /** WebRTC peer connections detected */
+    webRTCConnections: WebRTCConnection[];
+    /** Service workers registered */
+    serviceWorkers: ServiceWorkerInfo[];
+    /** Beacon requests detected */
+    beaconRequests: BeaconRequest[];
+    /** Any concerning activity detected */
+    hasConcerningActivity: boolean;
+    /** Summary of all activity */
+    summary: string;
+}
+interface WebSocketConnection {
+    id: string;
+    url: string;
+    timestamp: number;
+    state: 'connecting' | 'open' | 'closing' | 'closed';
+}
+interface WebRTCConnection {
+    id: string;
+    timestamp: number;
+    type: 'offer' | 'answer' | 'datachannel';
+}
+interface ServiceWorkerInfo {
+    scriptURL: string;
+    state: ServiceWorkerState;
+    timestamp: number;
+}
+interface BeaconRequest {
+    id: string;
+    url: string;
+    timestamp: number;
+}
+interface UseEnhancedNetworkProofResult {
+    state: EnhancedNetworkState;
+    startMonitoring: () => void;
+    stopMonitoring: () => void;
+    checkServiceWorkers: () => Promise<void>;
+    reset: () => void;
+    isMonitoring: boolean;
+}
+declare function useEnhancedNetworkProof(): UseEnhancedNetworkProofResult;
+
+/**
+ * useStorageProof Hook
+ * Monitors browser storage to show visibility into storage changes.
+ *
+ * SECURITY NOTE: This provides a snapshot comparison of storage counts.
+ * It cannot detect all forms of data persistence (e.g., Service Worker
+ * cache, browser history, etc.). This is a best-effort indicator.
+ */
+
+interface UseStorageProofResult {
+    beforeSnapshot: StorageSnapshot | null;
+    afterSnapshot: StorageSnapshot | null;
+    isDifferent: boolean;
+    watermarkStatus: 'not_planted' | 'planted' | 'verified' | 'failed';
+    takeBeforeSnapshot: () => void;
+    takeAfterSnapshot: () => void;
+    plantWatermark: () => void;
+    verifyWatermark: () => boolean;
+}
+/**
+ * Hook to monitor browser storage and prove no data is saved
+ */
+declare function useStorageProof(): UseStorageProofResult;
+
+/**
+ * useAirplaneMode Hook
+ * Detects offline status for strong privacy indication
+ *
+ * When navigator.onLine is false, network uploads are highly unlikely.
+ * This provides strong assurance, though not absolute proof due to potential
+ * browser extensions, queued requests, or service workers.
+ */
+interface AirplaneModeState {
+    /** Current connection status */
+    isOnline: boolean;
+    /** Was offline when processing started */
+    processingStartedOffline: boolean;
+    /** Connection was maintained offline throughout processing */
+    stayedOfflineDuringProcessing: boolean;
+    /** User accepted the airplane mode challenge */
+    challengeAccepted: boolean;
+    /** Processing is currently active */
+    isProcessing: boolean;
+    /** Timestamped log of connection events */
+    connectionLog: ConnectionEvent[];
+    /** Connection went online during processing (invalidates proof) */
+    proofInvalidated: boolean;
+}
+interface ConnectionEvent {
+    timestamp: number;
+    status: 'online' | 'offline';
+    event: 'initial' | 'change' | 'processing_start' | 'processing_end';
+}
+interface UseAirplaneModeResult {
+    state: AirplaneModeState;
+    /** Accept the airplane mode challenge */
+    acceptChallenge: () => void;
+    /** Mark processing as started (records current state) */
+    startProcessing: () => void;
+    /** Mark processing as complete */
+    endProcessing: () => void;
+    /** Reset state for new session */
+    reset: () => void;
+    /** Get human-readable status */
+    getStatusMessage: () => string;
+    /** Get platform-specific instructions to go offline */
+    getOfflineInstructions: () => string;
+}
+declare function useAirplaneMode(): UseAirplaneModeResult;
+
+/**
+ * useFirstTimeUser Hook
+ *
+ * Detects if this is a first-time user and manages onboarding state.
+ * Uses localStorage to persist the "has seen onboarding" flag.
+ */
+declare function useFirstTimeUser(): {
+    isFirstTime: boolean;
+    isLoading: boolean;
+    markOnboardingComplete: () => void;
+    resetOnboarding: () => void;
+};
+
+/**
+ * Secure Random Utilities
+ *
+ * Uses crypto.getRandomValues() for cryptographically secure random values.
+ * This replaces Math.random() which is predictable and not suitable for
+ * security-sensitive ID generation.
+ */
+/**
+ * Generate a cryptographically secure random ID
+ * Returns a 24-character hex string (96 bits of entropy)
+ */
+declare function generateSecureId(): string;
+/**
+ * Generate a secure random ID with a prefix
+ * @param prefix - String prefix for the ID (e.g., 'det', 'req', 'file')
+ */
+declare function generatePrefixedId(prefix: string): string;
+
+/**
+ * Partial Mask Utilities
+ * Category-specific masking that preserves format while hiding sensitive data
+ *
+ * Each PII category gets a sensible default partial mask:
+ * - SSN: show last 4 digits
+ * - Credit Card: show last 4, preserve format
+ * - Email: show first char + full domain
+ * - Phone: show last 4, preserve format
+ * - Address: hide house number only
+ * - Person Name: first char of each name part
+ * - IP Address: show last octet
+ * - Date of Birth: show year only
+ */
+
+/**
+ * Main dispatch function for partial masking
+ * Returns a format-preserving masked version of the PII value
+ */
+declare function getPartialMask(category: PIICategory, value: string): string;
+
+/**
+ * maskPII - Utility for masking PII values for safe display
+ *
+ * Provides category-aware masking that preserves format recognition
+ * while hiding sensitive data. Used in the Detection Feed.
+ */
+
+/**
+ * Mask a PII value for display based on its category
+ * Shows enough to confirm detection accuracy without exposing full value
+ *
+ * @param category - The detection category (email, ssn, etc.)
+ * @param value - The raw PII value
+ * @returns Masked string safe for display
+ */
+declare function maskPII(category: Detection['category'], value: string): string;
+/**
+ * Get a display-friendly category label
+ */
+declare function getCategoryLabel(category: Detection['category']): string;
+/**
+ * Get category icon (monospace-friendly)
+ */
+declare function getCategoryIcon$1(category: Detection['category']): string;
+
+/**
+ * Validate and compile a regex pattern
+ * Returns the compiled RegExp if valid, null otherwise
+ *
+ * @param pattern - The regex pattern string
+ * @param flags - Optional regex flags (default: 'g')
+ * @returns Compiled RegExp or null with error
+ */
+declare function safeCompileRegex(pattern: string, flags?: string): {
+    regex: RegExp | null;
+    error?: string;
+};
+
+/**
+ * File Magic Byte Validation
+ *
+ * Validates file types by checking magic bytes (file signatures) in addition
+ * to file extensions. This prevents attackers from bypassing file type checks
+ * by simply renaming files.
+ *
+ * SECURITY: Extension-only validation is insufficient. A file named "malware.xlsx"
+ * could actually be an executable. Magic bytes provide defense-in-depth.
+ */
+
+/**
+ * Result of file type validation
+ */
+interface FileTypeValidation {
+    /** Whether the file passed all validation checks */
+    valid: boolean;
+    /** The detected file type (if valid) */
+    fileType: SupportedFileType | null;
+    /** Error message if validation failed */
+    error?: string;
+    /** Warnings that don't prevent processing but should be noted */
+    warnings: string[];
+}
+/**
+ * Validate file type using extension, MIME type, and magic bytes
+ *
+ * @param file - The file to validate
+ * @returns Validation result with file type and any errors/warnings
+ */
+declare function validateFileType(file: File): Promise<FileTypeValidation>;
+/**
+ * Quick check if a file is likely valid based on extension only
+ * Use validateFileType for full validation with magic bytes
+ */
+declare function hasValidExtension(filename: string): boolean;
+/**
+ * Get file type from extension (quick check, no magic byte validation)
+ */
+declare function getFileTypeFromExtension(filename: string): SupportedFileType | null;
+
+/**
+ * Download Utilities
+ *
+ * Provides file download functionality including ZIP bundling
+ * for multiple processed files.
+ */
+
+/**
+ * Download a single file by creating a temporary link
+ * @param file - The processed file to download
+ */
+declare function downloadFile(file: ProcessedFile): void;
+/**
+ * Download multiple files bundled as a ZIP archive
+ * Uses the fflate library for fast, pure-JS compression
+ *
+ * @param files - Array of processed files to bundle
+ * @param zipName - Name of the output ZIP file (default: 'purged_files.zip')
+ */
+declare function downloadFilesAsZip(files: ProcessedFile[], zipName?: string): Promise<void>;
+
+/**
+ * Secure Logging Utilities
+ *
+ * Provides logging functions that sanitize error messages to prevent
+ * accidental PII leakage through console output.
+ *
+ * SECURITY: Error objects may contain file content, user data, or PII.
+ * These utilities strip sensitive details before logging.
+ */
+/**
+ * Log a warning without exposing potentially sensitive error details
+ * @param context - Description of what was happening (e.g., "Failed to hash file")
+ * @param error - The error object (will be sanitized)
+ */
+declare function secureWarn(context: string, error?: unknown): void;
+/**
+ * Log an error without exposing potentially sensitive error details
+ * @param context - Description of what was happening
+ * @param error - The error object (will be sanitized)
+ */
+declare function secureError(context: string, error?: unknown): void;
+/**
+ * Log debug info - safe to use as it doesn't include error objects
+ * @param message - Debug message (should not contain PII)
+ */
+declare function secureLog(message: string): void;
+/**
+ * Safely get filename for logging (strips path, limits length)
+ */
+declare function safeFilename(filename: string): string;
+
+/**
+ * Hilbert Curve Utility
+ *
+ * Space-filling curve for converting 1D data into 2D visualization.
+ * Preserves locality - nearby elements in 1D stay nearby in 2D.
+ *
+ * Used for entropy heat map visualization where we want to display
+ * sequential file bytes in a 2D grid that maintains spatial relationships.
+ *
+ * References:
+ * - https://en.wikipedia.org/wiki/Hilbert_curve
+ * - https://corte.si/posts/visualisation/entropy/
+ */
+/**
+ * Convert a 1D index (d) to 2D coordinates (x, y) on a Hilbert curve.
+ *
+ * @param n - Grid size (must be power of 2, e.g., 16, 32, 64)
+ * @param d - 1D index (0 to n*n-1)
+ * @returns 2D coordinates {x, y} where 0 <= x,y < n
+ */
+declare function hilbertD2XY(n: number, d: number): {
+    x: number;
+    y: number;
+};
+/**
+ * Convert 2D coordinates (x, y) to a 1D index (d) on a Hilbert curve.
+ *
+ * @param n - Grid size (must be power of 2, e.g., 16, 32, 64)
+ * @param x - X coordinate (0 to n-1)
+ * @param y - Y coordinate (0 to n-1)
+ * @returns 1D index d where 0 <= d < n*n
+ */
+declare function hilbertXY2D(n: number, x: number, y: number): number;
+/**
+ * Calculate the optimal grid size for a given number of blocks.
+ * Returns the smallest power of 2 that can fit all blocks.
+ *
+ * @param blockCount - Number of blocks to fit
+ * @returns Power of 2 grid size (e.g., 16, 32, 64)
+ */
+declare function getOptimalGridSize(blockCount: number): number;
+
+/**
+ * PII Category Definitions
+ * Categories of personally identifiable information that PURGE can detect
+ */
+
+interface CategoryDefinition {
+    id: PIICategory;
+    name: string;
+    description: string;
+    icon: string;
+    examples: string[];
+    defaultEnabled: boolean;
+}
+declare const categories: CategoryDefinition[];
+declare const categoryMap: Map<PIICategory, CategoryDefinition>;
+declare function getCategoryName(id: PIICategory): string;
+declare function getCategoryIcon(id: PIICategory): string;
+
+/**
+ * Platform detection and offline instructions
+ * Shared between OfflineBlockedState and NetworkModeToggle components
+ */
+type Platform = 'mac' | 'windows' | 'ios' | 'android' | 'unknown';
+/**
+ * Detect user's platform for tailored instructions
+ */
+declare function detectPlatform(): Platform;
+/**
+ * Platform-specific offline instructions
+ */
+declare const PLATFORM_INSTRUCTIONS: Record<Platform, {
+    icon: string;
+    steps: string[];
+}>;
+
+/**
+ * DeviceFingerprint
+ *
+ * Generates a lightweight browser fingerprint for quota binding.
+ * This prevents copying quota state to a different device/browser.
+ *
+ * Note: This is not meant to be a tracking fingerprint - it's used
+ * solely to bind quota state to a specific browser instance.
+ */
+/**
+ * Generates a stable device fingerprint by hashing browser properties.
+ * Returns a 16-character hex string.
+ */
+declare function generateDeviceFingerprint(): Promise<string>;
+/**
+ * Verifies if a fingerprint matches the current device.
+ * Allows for minor variations (returns similarity score).
+ */
+declare function verifyDeviceFingerprint(storedFingerprint: string): Promise<{
+    matches: boolean;
+    similarity: number;
+}>;
+
+/**
+ * Session Summary PDF Generator
+ *
+ * IMPORTANT: This is a SESSION SUMMARY, NOT a proof certificate.
+ * The PDF must include disclaimers that this is self-reported data.
+ * For genuine proof, users should use Airplane Mode or DevTools.
+ */
+interface SessionSummaryData {
+    sessionId: string;
+    timestamp: string;
+    files: Array<{
+        name: string;
+        originalHash: string;
+        processedHash: string;
+        originalSize: number;
+        processedSize: number;
+        detectionsRemoved: number;
+    }>;
+    selfReportedMetrics: {
+        networkRequestsDetected: number;
+        storageChangesDetected: boolean;
+        memoryWipeCompleted: boolean;
+        wasOfflineDuringProcessing: boolean;
+    };
+    environment: {
+        browser: string;
+        platform: string;
+        userAgent: string;
+    };
+}
+/**
+ * Generate session ID using cryptographically secure random
+ */
+declare function generateSessionId(): string;
+/**
+ * Generate PDF session summary
+ */
+declare function generateSessionSummaryPDF(data: SessionSummaryData): Blob;
+/**
+ * Download the session summary PDF
+ */
+declare function downloadSessionSummary(data: SessionSummaryData): void;
+
+export { type AdversarialConfig, type AdversarialSuggestion, type AdversarialVerificationResult, type AirplaneModeState, BaseProcessor, type CategoryDefinition, type ColumnAccessProof, type ColumnAttestation, type ColumnSelectionConfig, type ContentSection, type Detection, type DetectionCapabilities, type DetectionEngine, type DetectionResult, type DocumentContent, type EntropyBlock, type EntropyComparison, type EntropyData, type FileTypeValidation, type LeakedAttribute, type MemoryStats, type NetworkRequest, type OfflineEnforcementActions, type OfflineEnforcementState, OfflineQuotaStore, type PIICategory, PLATFORM_INSTRUCTIONS, type ParsedDocument, type Platform, type ProcessedFile, type ProcessingProgress, type PurgeState, type QueuedFile, QuotaExhaustedError, QuotaExhaustedError as QuotaExhaustedErrorClass, type QuotaState, type Redaction, type RedactionStyle, type RefreshResult, RegexDetectionEngine, type ScrubConfig, type SessionSummaryData, type SheetMetadata, type SpreadsheetMetadata, type StorageSnapshot, type SupportedFileType, XlsxProcessor, adversarialVerifier, categories, categoryMap, detectPlatform, downloadFile, downloadFilesAsZip, downloadSessionSummary, generateDeviceFingerprint, generatePrefixedId, generateSectionId, generateSecureId, generateSessionId, generateSessionSummaryPDF, getCategoryIcon$1 as getCategoryIcon, getCategoryIcon as getCategoryIconFromCategories, getCategoryLabel, getCategoryName, getFileTypeFromExtension, getOptimalGridSize, getPartialMask, getPatternsForCategories, getProcessor, getProcessorForFile, getSensitivityThreshold, hasValidExtension, hilbertD2XY, hilbertXY2D, maskPII, offlineQuotaStore, regexDetectionEngine, requestQuotaRefresh, safeCompileRegex, safeFilename, secureError, secureLog, secureWarn, truncateHash, useAdversarialAnalysis, useAirplaneMode, useDocumentProcessor, useEnhancedNetworkProof, useFileEntropy, useFileHash, useFirstTimeUser, useNetworkProof, useOfflineEnforcement, useOfflineQuota, usePurgeStore, useSpreadsheetMetadata, useStorageProof, validateFileType, verifyDeviceFingerprint, xlsxProcessor };