@private.me/xbind 1.2.15 → 1.2.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +124 -8
- package/dist-standalone/cjs/errors.js +265 -1
- package/dist-standalone/cjs/security-policy.js +55 -14
- package/dist-standalone/cli/init.js +0 -0
- package/dist-standalone/errors.d.ts +4 -0
- package/dist-standalone/errors.js +263 -0
- package/dist-standalone/security-policy.d.ts +8 -4
- package/dist-standalone/security-policy.js +55 -14
- package/package.json +14 -13
- package/share1.dat +0 -0
|
@@ -11,10 +11,12 @@
|
|
|
11
11
|
* Default security policy for basic XBind.
|
|
12
12
|
*
|
|
13
13
|
* Rules:
|
|
14
|
-
* -
|
|
15
|
-
* -
|
|
16
|
-
* -
|
|
17
|
-
* -
|
|
14
|
+
* - Explicit risk tags: low → 2-of-2, medium → 2-of-3, high/critical → 3-of-5
|
|
15
|
+
* - Fiat transfers: USD/EUR/GBP >$100k → 2-of-3, >$1M → 3-of-5
|
|
16
|
+
* - Crypto transfers: Require explicit risk tag (no numeric auto-detection)
|
|
17
|
+
* - Sensitive scopes: custody/admin/settlement → 2-of-3
|
|
18
|
+
* - Cross-entity communication: 2-of-3
|
|
19
|
+
* - Explicit 'high' override: 2-of-3, 'critical' override: 3-of-5
|
|
18
20
|
* - Everything else: Standard encrypted transport (V3 hybrid PQ)
|
|
19
21
|
*
|
|
20
22
|
* Enterprise and Government variants extend this with custom rules.
|
|
@@ -26,6 +28,7 @@ export class DefaultSecurityPolicy {
|
|
|
26
28
|
*
|
|
27
29
|
* @param options - Optional configuration
|
|
28
30
|
* @param options.highValueThreshold - Amount threshold for high security (default: 100000)
|
|
31
|
+
* @param options.criticalValueThreshold - Amount threshold for critical security (default: 1000000)
|
|
29
32
|
* @param options.enableXchange - Allow Xchange mode for performance (default: false)
|
|
30
33
|
*/
|
|
31
34
|
constructor(options = {}) {
|
|
@@ -33,7 +36,8 @@ export class DefaultSecurityPolicy {
|
|
|
33
36
|
}
|
|
34
37
|
classify(context) {
|
|
35
38
|
const { action, params, securityOverride } = context;
|
|
36
|
-
const
|
|
39
|
+
const highThreshold = this.options.highValueThreshold ?? 100_000;
|
|
40
|
+
const criticalThreshold = this.options.criticalValueThreshold ?? 1_000_000;
|
|
37
41
|
// Explicit override: critical
|
|
38
42
|
if (securityOverride === 'critical') {
|
|
39
43
|
return {
|
|
@@ -58,15 +62,52 @@ export class DefaultSecurityPolicy {
|
|
|
58
62
|
wasOverridden: true,
|
|
59
63
|
};
|
|
60
64
|
}
|
|
61
|
-
//
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
65
|
+
// Risk tag detection (preferred for crypto: BTC, ETH, etc.)
|
|
66
|
+
const riskTag = typeof params.risk === 'string' ? params.risk.toLowerCase() : undefined;
|
|
67
|
+
if (riskTag) {
|
|
68
|
+
if (riskTag === 'critical' || riskTag === 'high') {
|
|
69
|
+
return {
|
|
70
|
+
mode: { type: 'split', shares: 5, threshold: 3 },
|
|
71
|
+
reason: `Explicit risk tag "${riskTag}" requires 3-of-5 threshold`,
|
|
72
|
+
wasOverridden: false,
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
else if (riskTag === 'medium') {
|
|
76
|
+
return {
|
|
77
|
+
mode: { type: 'split', shares: 3, threshold: 2 },
|
|
78
|
+
reason: `Explicit risk tag "medium" requires 2-of-3 threshold`,
|
|
79
|
+
wasOverridden: false,
|
|
80
|
+
};
|
|
81
|
+
}
|
|
82
|
+
else if (riskTag === 'low') {
|
|
83
|
+
return {
|
|
84
|
+
mode: { type: 'split', shares: 2, threshold: 2 },
|
|
85
|
+
reason: `Explicit risk tag "low" requires 2-of-2 threshold`,
|
|
86
|
+
wasOverridden: false,
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
// Numeric thresholds ONLY for fiat currencies (USD, EUR, GBP)
|
|
91
|
+
// Crypto (BTC, ETH) should use risk tags instead
|
|
92
|
+
if ((action === 'transfer' || action === 'execute') && typeof params.amount === 'number') {
|
|
93
|
+
const currency = typeof params.currency === 'string' ? params.currency.toUpperCase() : 'USD';
|
|
94
|
+
const isFiat = ['USD', 'EUR', 'GBP'].includes(currency);
|
|
95
|
+
if (isFiat) {
|
|
96
|
+
if (params.amount >= criticalThreshold) {
|
|
97
|
+
return {
|
|
98
|
+
mode: { type: 'split', shares: 5, threshold: 3 },
|
|
99
|
+
reason: `Critical-value transfer (${currency} ${params.amount.toLocaleString()}) requires 3-of-5 threshold`,
|
|
100
|
+
wasOverridden: false,
|
|
101
|
+
};
|
|
102
|
+
}
|
|
103
|
+
else if (params.amount >= highThreshold) {
|
|
104
|
+
return {
|
|
105
|
+
mode: { type: 'split', shares: 3, threshold: 2 },
|
|
106
|
+
reason: `High-value transfer (${currency} ${params.amount.toLocaleString()}) requires 2-of-3 threshold`,
|
|
107
|
+
wasOverridden: false,
|
|
108
|
+
};
|
|
109
|
+
}
|
|
110
|
+
}
|
|
70
111
|
}
|
|
71
112
|
// Auto-detection: Cross-entity communication
|
|
72
113
|
if (params.crossEntity === true) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@private.me/xbind",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.17",
|
|
4
4
|
"description": "Identity-based M2M authentication (Contains encryption - export restrictions apply)",
|
|
5
5
|
"license": "Proprietary",
|
|
6
6
|
"author": "Private.Me Contributors",
|
|
@@ -47,6 +47,18 @@
|
|
|
47
47
|
"AGENTS.md",
|
|
48
48
|
"llms.txt"
|
|
49
49
|
],
|
|
50
|
+
"scripts": {
|
|
51
|
+
"build": "pnpm clean:xbind && node scripts/build-with-deps.mjs && node generate-shares.mjs",
|
|
52
|
+
"clean:xbind": "rm -rf dist dist-standalone .turbo",
|
|
53
|
+
"obfuscate": "echo 'Obfuscation skipped - core IP already protected in crypto package'",
|
|
54
|
+
"lint": "eslint src/",
|
|
55
|
+
"typecheck": "tsc --noEmit",
|
|
56
|
+
"test": "vitest run",
|
|
57
|
+
"test:coverage": "vitest run --coverage",
|
|
58
|
+
"clean": "rm -rf dist dist-standalone .turbo",
|
|
59
|
+
"prepublish-check": "bash scripts/prepublish-check.sh",
|
|
60
|
+
"prepublishOnly": "node -e \"const pkg=require('./package.json');if(pkg.license!=='Proprietary'){console.error('❌ package.json license must be: Proprietary');process.exit(1)}\" && bash ../../scripts/gold-automation.sh $(pwd) && bash ../../scripts/hooks/prepublish-crypto-check.sh && bash ../../scripts/hooks/prepublish-tarball-validation.sh $(pwd)"
|
|
61
|
+
},
|
|
50
62
|
"dependencies": {
|
|
51
63
|
"bonjour-service": "^1.3.0",
|
|
52
64
|
"mlkem": "^2.7.0",
|
|
@@ -63,16 +75,5 @@
|
|
|
63
75
|
"#deps/xchange": "./dist-standalone/_deps/xchange/index.js",
|
|
64
76
|
"#deps/ux-helpers": "./dist-standalone/_deps/ux-helpers/index.js",
|
|
65
77
|
"#deps/xregistry": "./dist-standalone/_deps/xregistry/index.js"
|
|
66
|
-
},
|
|
67
|
-
"scripts": {
|
|
68
|
-
"build": "pnpm clean:xbind && node scripts/build-with-deps.mjs && node generate-shares.mjs",
|
|
69
|
-
"clean:xbind": "rm -rf dist dist-standalone .turbo",
|
|
70
|
-
"obfuscate": "echo 'Obfuscation skipped - core IP already protected in crypto package'",
|
|
71
|
-
"lint": "eslint src/",
|
|
72
|
-
"typecheck": "tsc --noEmit",
|
|
73
|
-
"test": "vitest run",
|
|
74
|
-
"test:coverage": "vitest run --coverage",
|
|
75
|
-
"clean": "rm -rf dist dist-standalone .turbo",
|
|
76
|
-
"prepublish-check": "bash scripts/prepublish-check.sh"
|
|
77
78
|
}
|
|
78
|
-
}
|
|
79
|
+
}
|
package/share1.dat
CHANGED
|
Binary file
|