@pengzi/kms 1.0.0

package/dist/types/index.d.ts

@@ -0,0 +1,86 @@
+/**
+ * 类型定义统一导出
+ */
+export * from './crypto.types';
+export * from './project.types';
+export * from './key.types';
+export * from './user.types';
+export * from './audit.types';
+/**
+ * KMS客户端配置
+ */
+export interface KMSClientOptions {
+    /** MongoDB连接字符串 */
+    connectionString: string;
+    /** 数据库名称 */
+    databaseName: string;
+    /** 连接选项 */
+    connectionOptions?: {
+        /** 连接超时（毫秒） */
+        connectTimeoutMS?: number;
+        /** Socket超时（毫秒） */
+        socketTimeoutMS?: number;
+        /** 服务器选择超时（毫秒） */
+        serverSelectionTimeoutMS?: number;
+        /** 最大连接池大小 */
+        maxPoolSize?: number;
+        /** 最小连接池大小 */
+        minPoolSize?: number;
+    };
+}
+/**
+ * 加密的 KMS 客户端配置选项
+ * 用于安全地存储数据库连接字符串
+ */
+export interface EncryptedKMSClientOptions {
+    /** 加密的连接字符串（JSON 格式） */
+    encryptedConnectionString: string;
+    /** 数据库名称 */
+    databaseName: string;
+    /** 连接选项 */
+    connectionOptions?: {
+        /** 连接超时（毫秒） */
+        connectTimeoutMS?: number;
+        /** Socket超时（毫秒） */
+        socketTimeoutMS?: number;
+        /** 服务器选择超时（毫秒） */
+        serverSelectionTimeoutMS?: number;
+        /** 最大连接池大小 */
+        maxPoolSize?: number;
+        /** 最小连接池大小 */
+        minPoolSize?: number;
+    };
+    /** 私钥（PEM 格式），默认从 KMS_PRIVATE_KEY 环境变量读取 */
+    privateKey?: string;
+    /** 私钥密码（如果私钥有密码保护），默认从 KMS_PRIVATE_KEY_PASSPHRASE 环境变量读取 */
+    privateKeyPassphrase?: string;
+}
+/**
+ * 错误类型
+ */
+export declare class KMSError extends Error {
+    code: string;
+    constructor(message: string, code: string);
+}
+export declare class ProjectNotFoundError extends KMSError {
+    constructor(projectId: string);
+}
+export declare class KeyNotFoundError extends KMSError {
+    constructor(keyId: string);
+}
+export declare class UserNotFoundError extends KMSError {
+    constructor(userId: string);
+}
+export declare class AuthenticationError extends KMSError {
+    constructor(message?: string);
+}
+export declare class ForbiddenError extends KMSError {
+    constructor(message?: string);
+}
+export declare class ValidationError extends KMSError {
+    constructor(message: string);
+}
+export declare class CryptoError extends KMSError {
+    constructor(message: string);
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,aAAa,CAAC;AAG5B,cAAc,cAAc,CAAC;AAG7B,cAAc,eAAe,CAAC;AAE9B;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mBAAmB;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW;IACX,iBAAiB,CAAC,EAAE;QAClB,eAAe;QACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,mBAAmB;QACnB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,kBAAkB;QAClB,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,cAAc;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,wBAAwB;IACxB,yBAAyB,EAAE,MAAM,CAAC;IAClC,YAAY;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW;IACX,iBAAiB,CAAC,EAAE;QAClB,eAAe;QACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,mBAAmB;QACnB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,kBAAkB;QAClB,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,cAAc;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;GAEG;AACH,qBAAa,QAAS,SAAQ,KAAK;IACG,IAAI,EAAE,MAAM;gBAApC,OAAO,EAAE,MAAM,EAAS,IAAI,EAAE,MAAM;CAIjD;AAED,qBAAa,oBAAqB,SAAQ,QAAQ;gBACpC,SAAS,EAAE,MAAM;CAI9B;AAED,qBAAa,gBAAiB,SAAQ,QAAQ;gBAChC,KAAK,EAAE,MAAM;CAI1B;AAED,qBAAa,iBAAkB,SAAQ,QAAQ;gBACjC,MAAM,EAAE,MAAM;CAI3B;AAED,qBAAa,mBAAoB,SAAQ,QAAQ;gBACnC,OAAO,GAAE,MAAgC;CAItD;AAED,qBAAa,cAAe,SAAQ,QAAQ;gBAC9B,OAAO,GAAE,MAA4B;CAIlD;AAED,qBAAa,eAAgB,SAAQ,QAAQ;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,WAAY,SAAQ,QAAQ;gBAC3B,OAAO,EAAE,MAAM;CAI5B"}

package/dist/types/index.js

@@ -0,0 +1,92 @@
+"use strict";
+/**
+ * 类型定义统一导出
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CryptoError = exports.ValidationError = exports.ForbiddenError = exports.AuthenticationError = exports.UserNotFoundError = exports.KeyNotFoundError = exports.ProjectNotFoundError = exports.KMSError = void 0;
+// 加密相关
+__exportStar(require("./crypto.types"), exports);
+// 项目相关
+__exportStar(require("./project.types"), exports);
+// 密钥相关
+__exportStar(require("./key.types"), exports);
+// 用户相关
+__exportStar(require("./user.types"), exports);
+// 审计日志相关
+__exportStar(require("./audit.types"), exports);
+/**
+ * 错误类型
+ */
+class KMSError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.code = code;
+        this.name = 'KMSError';
+    }
+}
+exports.KMSError = KMSError;
+class ProjectNotFoundError extends KMSError {
+    constructor(projectId) {
+        super(`Project not found: ${projectId}`, 'PROJECT_NOT_FOUND');
+        this.name = 'ProjectNotFoundError';
+    }
+}
+exports.ProjectNotFoundError = ProjectNotFoundError;
+class KeyNotFoundError extends KMSError {
+    constructor(keyId) {
+        super(`Key not found: ${keyId}`, 'KEY_NOT_FOUND');
+        this.name = 'KeyNotFoundError';
+    }
+}
+exports.KeyNotFoundError = KeyNotFoundError;
+class UserNotFoundError extends KMSError {
+    constructor(userId) {
+        super(`User not found: ${userId}`, 'USER_NOT_FOUND');
+        this.name = 'UserNotFoundError';
+    }
+}
+exports.UserNotFoundError = UserNotFoundError;
+class AuthenticationError extends KMSError {
+    constructor(message = 'Authentication failed') {
+        super(message, 'AUTHENTICATION_FAILED');
+        this.name = 'AuthenticationError';
+    }
+}
+exports.AuthenticationError = AuthenticationError;
+class ForbiddenError extends KMSError {
+    constructor(message = 'Permission denied') {
+        super(message, 'PERMISSION_DENIED');
+        this.name = 'ForbiddenError';
+    }
+}
+exports.ForbiddenError = ForbiddenError;
+class ValidationError extends KMSError {
+    constructor(message) {
+        super(message, 'VALIDATION_ERROR');
+        this.name = 'ValidationError';
+    }
+}
+exports.ValidationError = ValidationError;
+class CryptoError extends KMSError {
+    constructor(message) {
+        super(message, 'CRYPTO_ERROR');
+        this.name = 'CryptoError';
+    }
+}
+exports.CryptoError = CryptoError;
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;AAEH,OAAO;AACP,iDAA+B;AAE/B,OAAO;AACP,kDAAgC;AAEhC,OAAO;AACP,8CAA4B;AAE5B,OAAO;AACP,+CAA6B;AAE7B,SAAS;AACT,gDAA8B;AAqD9B;;GAEG;AACH,MAAa,QAAS,SAAQ,KAAK;IACG;IAApC,YAAY,OAAe,EAAS,IAAY;QAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QADmB,SAAI,GAAJ,IAAI,CAAQ;QAE9C,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF;AALD,4BAKC;AAED,MAAa,oBAAqB,SAAQ,QAAQ;IAChD,YAAY,SAAiB;QAC3B,KAAK,CAAC,sBAAsB,SAAS,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AALD,oDAKC;AAED,MAAa,gBAAiB,SAAQ,QAAQ;IAC5C,YAAY,KAAa;QACvB,KAAK,CAAC,kBAAkB,KAAK,EAAE,EAAE,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AALD,4CAKC;AAED,MAAa,iBAAkB,SAAQ,QAAQ;IAC7C,YAAY,MAAc;QACxB,KAAK,CAAC,mBAAmB,MAAM,EAAE,EAAE,gBAAgB,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AALD,8CAKC;AAED,MAAa,mBAAoB,SAAQ,QAAQ;IAC/C,YAAY,UAAkB,uBAAuB;QACnD,KAAK,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AALD,kDAKC;AAED,MAAa,cAAe,SAAQ,QAAQ;IAC1C,YAAY,UAAkB,mBAAmB;QAC/C,KAAK,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AALD,wCAKC;AAED,MAAa,eAAgB,SAAQ,QAAQ;IAC3C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AALD,0CAKC;AAED,MAAa,WAAY,SAAQ,QAAQ;IACvC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AALD,kCAKC"}

package/dist/types/key.types.d.ts

@@ -0,0 +1,125 @@
+/**
+ * 密钥相关类型定义
+ */
+/**
+ * 密钥类型
+ */
+export declare enum KeyType {
+    MONGODB = "mongodb",
+    MYSQL = "mysql",
+    POSTGRESQL = "postgresql",
+    REDIS = "redis",
+    CUSTOM = "custom"
+}
+/**
+ * 密钥状态
+ */
+export declare enum KeyStatus {
+    ACTIVE = "active",
+    DISABLED = "disabled",
+    EXPIRED = "expired",
+    DELETED = "deleted"
+}
+/**
+ * 密钥数据结构（不含明文值）
+ */
+export interface Key {
+    /** MongoDB ObjectId */
+    _id?: string;
+    /** 密钥唯一标识符 */
+    keyId: string;
+    /** 关联项目ID */
+    projectId: string;
+    /** 密钥名称 */
+    keyName: string;
+    /** 密钥类型 */
+    keyType: KeyType;
+    /** 加密后的密钥值 */
+    encryptedValue: string;
+    /** 初始化向量 */
+    iv: string;
+    /** 认证标签 */
+    authTag: string;
+    /** 密钥版本号 */
+    version: number;
+    /** 标签 */
+    tags: string[];
+    /** 描述 */
+    description?: string;
+    /** 创建者 */
+    createdBy: string;
+    /** 创建时间 */
+    createdAt: Date;
+    /** 更新时间 */
+    updatedAt: Date;
+    /** 最后访问时间 */
+    lastAccessedAt?: Date;
+    /** 最后轮换时间 */
+    lastRotatedAt?: Date;
+    /** 过期时间 */
+    expiresAt?: Date;
+    /** 密钥状态 */
+    status: KeyStatus;
+}
+/**
+ * 密钥值（包含解密后的明文）
+ */
+export interface KeyValue extends Omit<Key, 'encryptedValue' | 'iv' | 'authTag'> {
+    /** 解密后的明文值 */
+    value: string;
+}
+/**
+ * 创建密钥数据
+ */
+export interface CreateKeyData {
+    /** 密钥名称 */
+    keyName: string;
+    /** 密钥类型 */
+    keyType: KeyType;
+    /** 明文密钥值 */
+    value: string;
+    /** 标签 */
+    tags?: string[];
+    /** 描述 */
+    description?: string;
+    /** 过期时间 */
+    expiresAt?: Date;
+}
+/**
+ * 更新密钥数据
+ */
+export interface UpdateKeyData {
+    /** 新的密钥值 */
+    value?: string;
+    /** 标签 */
+    tags?: string[];
+    /** 描述 */
+    description?: string;
+    /** 过期时间 */
+    expiresAt?: Date;
+    /** 状态 */
+    status?: KeyStatus;
+}
+/**
+ * 密钥查询过滤器
+ */
+export interface KeyFilters {
+    /** 密钥类型 */
+    keyType?: KeyType;
+    /** 标签过滤（包含任一标签） */
+    tags?: string[];
+    /** 密钥状态 */
+    status?: KeyStatus;
+    /** 搜索密钥名称（模糊匹配） */
+    search?: string;
+}
+/**
+ * 密钥轮换结果
+ */
+export interface KeyRotationResult {
+    /** 旧版本密钥 */
+    oldKey: Key;
+    /** 新版本密钥 */
+    newKey: Key;
+}
+//# sourceMappingURL=key.types.d.ts.map

package/dist/types/key.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key.types.d.ts","sourceRoot":"","sources":["../../src/types/key.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,oBAAY,OAAO;IACjB,OAAO,YAAY;IACnB,KAAK,UAAU;IACf,UAAU,eAAe;IACzB,KAAK,UAAU;IACf,MAAM,WAAW;CAClB;AAED;;GAEG;AACH,oBAAY,SAAS;IACnB,MAAM,WAAW;IACjB,QAAQ,aAAa;IACrB,OAAO,YAAY;IACnB,OAAO,YAAY;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,GAAG;IAClB,uBAAuB;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc;IACd,KAAK,EAAE,MAAM,CAAC;IACd,aAAa;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW;IACX,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,WAAW;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS;IACT,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS;IACT,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU;IACV,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW;IACX,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW;IACX,SAAS,EAAE,IAAI,CAAC;IAChB,aAAa;IACb,cAAc,CAAC,EAAE,IAAI,CAAC;IACtB,aAAa;IACb,aAAa,CAAC,EAAE,IAAI,CAAC;IACrB,WAAW;IACX,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,WAAW;IACX,MAAM,EAAE,SAAS,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,QAAS,SAAQ,IAAI,CAAC,GAAG,EAAE,gBAAgB,GAAG,IAAI,GAAG,SAAS,CAAC;IAC9E,cAAc;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW;IACX,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,SAAS;IACT,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS;IACT,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW;IACX,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,YAAY;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS;IACT,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS;IACT,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW;IACX,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,SAAS;IACT,MAAM,CAAC,EAAE,SAAS,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,WAAW;IACX,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mBAAmB;IACnB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW;IACX,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,mBAAmB;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,YAAY;IACZ,MAAM,EAAE,GAAG,CAAC;IACZ,YAAY;IACZ,MAAM,EAAE,GAAG,CAAC;CACb"}

package/dist/types/key.types.js

@@ -0,0 +1,28 @@
+"use strict";
+/**
+ * 密钥相关类型定义
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyStatus = exports.KeyType = void 0;
+/**
+ * 密钥类型
+ */
+var KeyType;
+(function (KeyType) {
+    KeyType["MONGODB"] = "mongodb";
+    KeyType["MYSQL"] = "mysql";
+    KeyType["POSTGRESQL"] = "postgresql";
+    KeyType["REDIS"] = "redis";
+    KeyType["CUSTOM"] = "custom";
+})(KeyType || (exports.KeyType = KeyType = {}));
+/**
+ * 密钥状态
+ */
+var KeyStatus;
+(function (KeyStatus) {
+    KeyStatus["ACTIVE"] = "active";
+    KeyStatus["DISABLED"] = "disabled";
+    KeyStatus["EXPIRED"] = "expired";
+    KeyStatus["DELETED"] = "deleted";
+})(KeyStatus || (exports.KeyStatus = KeyStatus = {}));
+//# sourceMappingURL=key.types.js.map

package/dist/types/key.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key.types.js","sourceRoot":"","sources":["../../src/types/key.types.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH;;GAEG;AACH,IAAY,OAMX;AAND,WAAY,OAAO;IACjB,8BAAmB,CAAA;IACnB,0BAAe,CAAA;IACf,oCAAyB,CAAA;IACzB,0BAAe,CAAA;IACf,4BAAiB,CAAA;AACnB,CAAC,EANW,OAAO,uBAAP,OAAO,QAMlB;AAED;;GAEG;AACH,IAAY,SAKX;AALD,WAAY,SAAS;IACnB,8BAAiB,CAAA;IACjB,kCAAqB,CAAA;IACrB,gCAAmB,CAAA;IACnB,gCAAmB,CAAA;AACrB,CAAC,EALW,SAAS,yBAAT,SAAS,QAKpB"}

package/dist/types/project.types.d.ts

@@ -0,0 +1,57 @@
+/**
+ * 项目相关类型定义
+ */
+/**
+ * 项目状态
+ */
+export declare enum ProjectStatus {
+    ACTIVE = "active",
+    SUSPENDED = "suspended",
+    DELETED = "deleted"
+}
+/**
+ * 项目数据结构
+ */
+export interface Project {
+    /** MongoDB ObjectId */
+    _id?: string;
+    /** 项目唯一标识符 */
+    projectId: string;
+    /** 项目名称 */
+    projectName: string;
+    /** 主密钥哈希（用于验证） */
+    masterKeyHash: string;
+    /** 加密后的主密钥 */
+    masterKeyEncrypted: string;
+    /** 盐值 */
+    salt: string;
+    /** 创建时间 */
+    createdAt: Date;
+    /** 更新时间 */
+    updatedAt: Date;
+    /** 项目状态 */
+    status: ProjectStatus;
+    /** 元数据 */
+    metadata?: Record<string, any>;
+}
+/**
+ * 创建项目选项
+ */
+export interface CreateProjectOptions {
+    /** 项目名称 */
+    projectName: string;
+    /** 主密码（用于派生主密钥） */
+    masterPassword: string;
+    /** 元数据 */
+    metadata?: Record<string, any>;
+}
+/**
+ * 项目查询过滤器
+ */
+export interface ProjectFilter {
+    /** 项目状态 */
+    status?: ProjectStatus;
+    /** 项目名称（模糊搜索） */
+    projectName?: string;
+}
+//# sourceMappingURL=project.types.d.ts.map

package/dist/types/project.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.types.d.ts","sourceRoot":"","sources":["../../src/types/project.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,oBAAY,aAAa;IACvB,MAAM,WAAW;IACjB,SAAS,cAAc;IACvB,OAAO,YAAY;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,uBAAuB;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc;IACd,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS;IACT,IAAI,EAAE,MAAM,CAAC;IACb,WAAW;IACX,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW;IACX,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW;IACX,MAAM,EAAE,aAAa,CAAC;IACtB,UAAU;IACV,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,WAAW;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU;IACV,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW;IACX,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,iBAAiB;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}

package/dist/types/project.types.js

@@ -0,0 +1,16 @@
+"use strict";
+/**
+ * 项目相关类型定义
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProjectStatus = void 0;
+/**
+ * 项目状态
+ */
+var ProjectStatus;
+(function (ProjectStatus) {
+    ProjectStatus["ACTIVE"] = "active";
+    ProjectStatus["SUSPENDED"] = "suspended";
+    ProjectStatus["DELETED"] = "deleted";
+})(ProjectStatus || (exports.ProjectStatus = ProjectStatus = {}));
+//# sourceMappingURL=project.types.js.map

package/dist/types/project.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.types.js","sourceRoot":"","sources":["../../src/types/project.types.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH;;GAEG;AACH,IAAY,aAIX;AAJD,WAAY,aAAa;IACvB,kCAAiB,CAAA;IACjB,wCAAuB,CAAA;IACvB,oCAAmB,CAAA;AACrB,CAAC,EAJW,aAAa,6BAAb,aAAa,QAIxB"}

package/dist/types/user.types.d.ts

@@ -0,0 +1,110 @@
+/**
+ * 用户相关类型定义
+ */
+/**
+ * 用户角色
+ */
+export declare enum Role {
+    ADMIN = "admin",
+    OPERATOR = "operator",
+    DEVELOPER = "developer",
+    READONLY = "readonly",
+    AUDITOR = "auditor"
+}
+/**
+ * 用户权限
+ */
+export declare enum Permission {
+    PROJECT_CREATE = "project:create",
+    PROJECT_UPDATE = "project:update",
+    PROJECT_DELETE = "project:delete",
+    KEY_CREATE = "key:create",
+    KEY_READ = "key:read",
+    KEY_UPDATE = "key:update",
+    KEY_DELETE = "key:delete",
+    KEY_LIST = "key:list",
+    USER_CREATE = "user:create",
+    USER_UPDATE = "user:update",
+    USER_DELETE = "user:delete",
+    AUDIT_READ = "audit:read"
+}
+/**
+ * 用户状态
+ */
+export declare enum UserStatus {
+    ACTIVE = "active",
+    INACTIVE = "inactive",
+    LOCKED = "locked"
+}
+/**
+ * 用户数据结构
+ */
+export interface User {
+    /** MongoDB ObjectId */
+    _id?: string;
+    /** 用户唯一标识符 */
+    userId: string;
+    /** 关联项目ID */
+    projectId: string;
+    /** 用户名 */
+    username: string;
+    /** 密码哈希 */
+    passwordHash: string;
+    /** 角色列表 */
+    roles: Role[];
+    /** 直接权限列表 */
+    permissions: Permission[];
+    /** API密钥哈希 */
+    apiKeyHash?: string;
+    /** 创建时间 */
+    createdAt: Date;
+    /** 更新时间 */
+    updatedAt: Date;
+    /** 最后登录时间 */
+    lastLoginAt?: Date;
+    /** 用户状态 */
+    status: UserStatus;
+}
+/**
+ * 创建用户数据
+ */
+export interface CreateUserData {
+    /** 用户名 */
+    username: string;
+    /** 密码 */
+    password: string;
+    /** 角色 */
+    roles?: Role[];
+    /** 直接权限 */
+    permissions?: Permission[];
+}
+/**
+ * 用户认证信息
+ */
+export interface AuthCredentials {
+    /** 用户名 */
+    username: string;
+    /** 密码 */
+    password: string;
+}
+/**
+ * 认证结果
+ */
+export interface AuthResult {
+    /** 是否成功 */
+    success: boolean;
+    /** 用户信息 */
+    user?: User;
+    /** 错误信息 */
+    error?: string;
+}
+/**
+ * API密钥信息
+ */
+export interface ApiKeyInfo {
+    /** API密钥（明文，仅创建时返回一次） */
+    apiKey: string;
+    /** API密钥哈希（存储） */
+    apiKeyHash: string;
+}
+//# sourceMappingURL=user.types.d.ts.map

package/dist/types/user.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.types.d.ts","sourceRoot":"","sources":["../../src/types/user.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,oBAAY,IAAI;IACd,KAAK,UAAU;IACf,QAAQ,aAAa;IACrB,SAAS,cAAc;IACvB,QAAQ,aAAa;IACrB,OAAO,YAAY;CACpB;AAED;;GAEG;AACH,oBAAY,UAAU;IAEpB,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IAGjC,UAAU,eAAe;IACzB,QAAQ,aAAa;IACrB,UAAU,eAAe;IACzB,UAAU,eAAe;IACzB,QAAQ,aAAa;IAGrB,WAAW,gBAAgB;IAC3B,WAAW,gBAAgB;IAC3B,WAAW,gBAAgB;IAG3B,UAAU,eAAe;CAC1B;AAED;;GAEG;AACH,oBAAY,UAAU;IACpB,MAAM,WAAW;IACjB,QAAQ,aAAa;IACrB,MAAM,WAAW;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,uBAAuB;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc;IACd,MAAM,EAAE,MAAM,CAAC;IACf,aAAa;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU;IACV,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW;IACX,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,aAAa;IACb,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,cAAc;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW;IACX,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW;IACX,SAAS,EAAE,IAAI,CAAC;IAChB,aAAa;IACb,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,WAAW;IACX,MAAM,EAAE,UAAU,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,UAAU;IACV,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS;IACT,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS;IACT,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;IACf,WAAW;IACX,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU;IACV,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS;IACT,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,WAAW;IACX,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW;IACX,IAAI,CAAC,EAAE,IAAI,CAAC;IACZ,WAAW;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yBAAyB;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB"}

package/dist/types/user.types.js

@@ -0,0 +1,49 @@
+"use strict";
+/**
+ * 用户相关类型定义
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserStatus = exports.Permission = exports.Role = void 0;
+/**
+ * 用户角色
+ */
+var Role;
+(function (Role) {
+    Role["ADMIN"] = "admin";
+    Role["OPERATOR"] = "operator";
+    Role["DEVELOPER"] = "developer";
+    Role["READONLY"] = "readonly";
+    Role["AUDITOR"] = "auditor";
+})(Role || (exports.Role = Role = {}));
+/**
+ * 用户权限
+ */
+var Permission;
+(function (Permission) {
+    // 项目管理
+    Permission["PROJECT_CREATE"] = "project:create";
+    Permission["PROJECT_UPDATE"] = "project:update";
+    Permission["PROJECT_DELETE"] = "project:delete";
+    // 密钥管理
+    Permission["KEY_CREATE"] = "key:create";
+    Permission["KEY_READ"] = "key:read";
+    Permission["KEY_UPDATE"] = "key:update";
+    Permission["KEY_DELETE"] = "key:delete";
+    Permission["KEY_LIST"] = "key:list";
+    // 用户管理
+    Permission["USER_CREATE"] = "user:create";
+    Permission["USER_UPDATE"] = "user:update";
+    Permission["USER_DELETE"] = "user:delete";
+    // 审计
+    Permission["AUDIT_READ"] = "audit:read";
+})(Permission || (exports.Permission = Permission = {}));
+/**
+ * 用户状态
+ */
+var UserStatus;
+(function (UserStatus) {
+    UserStatus["ACTIVE"] = "active";
+    UserStatus["INACTIVE"] = "inactive";
+    UserStatus["LOCKED"] = "locked";
+})(UserStatus || (exports.UserStatus = UserStatus = {}));
+//# sourceMappingURL=user.types.js.map

package/dist/types/user.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.types.js","sourceRoot":"","sources":["../../src/types/user.types.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH;;GAEG;AACH,IAAY,IAMX;AAND,WAAY,IAAI;IACd,uBAAe,CAAA;IACf,6BAAqB,CAAA;IACrB,+BAAuB,CAAA;IACvB,6BAAqB,CAAA;IACrB,2BAAmB,CAAA;AACrB,CAAC,EANW,IAAI,oBAAJ,IAAI,QAMf;AAED;;GAEG;AACH,IAAY,UAoBX;AApBD,WAAY,UAAU;IACpB,OAAO;IACP,+CAAiC,CAAA;IACjC,+CAAiC,CAAA;IACjC,+CAAiC,CAAA;IAEjC,OAAO;IACP,uCAAyB,CAAA;IACzB,mCAAqB,CAAA;IACrB,uCAAyB,CAAA;IACzB,uCAAyB,CAAA;IACzB,mCAAqB,CAAA;IAErB,OAAO;IACP,yCAA2B,CAAA;IAC3B,yCAA2B,CAAA;IAC3B,yCAA2B,CAAA;IAE3B,KAAK;IACL,uCAAyB,CAAA;AAC3B,CAAC,EApBW,UAAU,0BAAV,UAAU,QAoBrB;AAED;;GAEG;AACH,IAAY,UAIX;AAJD,WAAY,UAAU;IACpB,+BAAiB,CAAA;IACjB,mCAAqB,CAAA;IACrB,+BAAiB,CAAA;AACnB,CAAC,EAJW,UAAU,0BAAV,UAAU,QAIrB"}

package/dist/utils/config-loader.d.ts

@@ -0,0 +1,64 @@
+/**
+ * 配置加载工具
+ * 用于从加密配置文件中加载连接字符串
+ */
+/**
+ * 加密的数据库配置
+ */
+export interface EncryptedDatabaseConfig {
+    encryptedConnectionString: string;
+    algorithm?: string;
+    keyId?: string;
+    createdAt?: string;
+    databaseName?: string;
+    connectionOptions?: {
+        connectTimeoutMS?: number;
+        socketTimeoutMS?: number;
+        serverSelectionTimeoutMS?: number;
+        maxPoolSize?: number;
+        minPoolSize?: number;
+    };
+}
+/**
+ * KMS 客户端配置
+ */
+export interface KMSClientConfig {
+    connectionString: string;
+    databaseName: string;
+    connectionOptions?: {
+        connectTimeoutMS?: number;
+        socketTimeoutMS?: number;
+        serverSelectionTimeoutMS?: number;
+        maxPoolSize?: number;
+        minPoolSize?: number;
+    };
+}
+/**
+ * 从加密配置文件加载配置
+ * @param configPath 配置文件路径
+ * @param privateKeyPem 私钥（可选，默认从环境变量读取）
+ * @param passphrase 私钥密码（可选，默认从环境变量读取）
+ * @returns KMS 客户端配置
+ */
+export declare function loadEncryptedConfig(configPath: string, privateKeyPem?: string, passphrase?: string): KMSClientConfig;
+/**
+ * 从环境变量和文件加载配置
+ * 优先级：加密配置文件 > 环境变量
+ * @returns KMS 客户端配置
+ */
+export declare function loadConfigFromEnvironment(): KMSClientConfig;
+/**
+ * 创建 KMS 客户端（从加密配置）
+ * @param configPath 配置文件路径
+ * @param privateKeyPem 私钥（可选）
+ * @param passphrase 私钥密码（可选）
+ * @returns KMS 客户端选项
+ */
+export declare function createClientFromEncryptedConfig(configPath: string, privateKeyPem?: string, passphrase?: string): KMSClientConfig;
+/**
+ * 读取私钥文件
+ * @param filePath 私钥文件路径
+ * @returns 私钥内容
+ */
+export declare function readPrivateKeyFile(filePath: string): string;
+//# sourceMappingURL=config-loader.d.ts.map

package/dist/utils/config-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-loader.d.ts","sourceRoot":"","sources":["../../src/utils/config-loader.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAWH;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,yBAAyB,EAAE,MAAM,CAAC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE;QAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE;QAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,MAAM,EAClB,aAAa,CAAC,EAAE,MAAM,EACtB,UAAU,CAAC,EAAE,MAAM,GAClB,eAAe,CA2BjB;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,eAAe,CA4B3D;AAED;;;;;;GAMG;AACH,wBAAgB,+BAA+B,CAC7C,UAAU,EAAE,MAAM,EAClB,aAAa,CAAC,EAAE,MAAM,EACtB,UAAU,CAAC,EAAE,MAAM,GAClB,eAAe,CAEjB;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAM3D"}