@private.me/xbind 1.2.2 → 1.2.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +92 -2
  2. package/dist-standalone/cjs/errors.js +265 -1
  3. package/dist-standalone/cjs/security-policy.js +55 -14
  4. package/dist-standalone/errors.d.ts +4 -0
  5. package/dist-standalone/errors.js +263 -0
  6. package/dist-standalone/security-policy.d.ts +8 -4
  7. package/dist-standalone/security-policy.js +55 -14
  8. package/package.json +1 -1
  9. package/share1.dat +0 -0
package/dist-standalone/security-policy.js CHANGED
@@ -11,10 +11,12 @@
11
11
  * Default security policy for basic XBind.
12
12
  *
13
13
  * Rules:
14
- * - Transfers over $100,000: High security (3 shares, 2-of-3 threshold)
15
- * - Cross-entity communication: High security (3 shares, 2-of-3 threshold)
16
- * - Explicit 'high' override: High security (3 shares, 2-of-3 threshold)
17
- * - Explicit 'critical' override: Critical security (5 shares, 3-of-5 threshold)
14
+ * - Explicit risk tags: low 2-of-2, medium → 2-of-3, high/critical → 3-of-5
15
+ * - Fiat transfers: USD/EUR/GBP >$100k 2-of-3, >$1M → 3-of-5
16
+ * - Crypto transfers: Require explicit risk tag (no numeric auto-detection)
17
+ * - Sensitive scopes: custody/admin/settlement 2-of-3
18
+ * - Cross-entity communication: 2-of-3
19
+ * - Explicit 'high' override: 2-of-3, 'critical' override: 3-of-5
18
20
  * - Everything else: Standard encrypted transport (V3 hybrid PQ)
19
21
  *
20
22
  * Enterprise and Government variants extend this with custom rules.
@@ -26,6 +28,7 @@ export class DefaultSecurityPolicy {
26
28
  *
27
29
  * @param options - Optional configuration
28
30
  * @param options.highValueThreshold - Amount threshold for high security (default: 100000)
31
+ * @param options.criticalValueThreshold - Amount threshold for critical security (default: 1000000)
29
32
  * @param options.enableXchange - Allow Xchange mode for performance (default: false)
30
33
  */
31
34
  constructor(options = {}) {
@@ -33,7 +36,8 @@ export class DefaultSecurityPolicy {
33
36
  }
34
37
  classify(context) {
35
38
  const { action, params, securityOverride } = context;
36
- const threshold = this.options.highValueThreshold ?? 100_000;
39
+ const highThreshold = this.options.highValueThreshold ?? 100_000;
40
+ const criticalThreshold = this.options.criticalValueThreshold ?? 1_000_000;
37
41
  // Explicit override: critical
38
42
  if (securityOverride === 'critical') {
39
43
  return {
@@ -58,15 +62,52 @@ export class DefaultSecurityPolicy {
58
62
  wasOverridden: true,
59
63
  };
60
64
  }
61
- // Auto-detection: High-value transfer
62
- if ((action === 'transfer' || action === 'execute') &&
63
- typeof params.amount === 'number' &&
64
- params.amount > threshold) {
65
- return {
66
- mode: { type: 'split', shares: 3, threshold: 2 },
67
- reason: `High-value transfer ($${params.amount.toLocaleString()}) requires multi-party approval (2 of 3)`,
68
- wasOverridden: false,
69
- };
65
+ // Risk tag detection (preferred for crypto: BTC, ETH, etc.)
66
+ const riskTag = typeof params.risk === 'string' ? params.risk.toLowerCase() : undefined;
67
+ if (riskTag) {
68
+ if (riskTag === 'critical' || riskTag === 'high') {
69
+ return {
70
+ mode: { type: 'split', shares: 5, threshold: 3 },
71
+ reason: `Explicit risk tag "${riskTag}" requires 3-of-5 threshold`,
72
+ wasOverridden: false,
73
+ };
74
+ }
75
+ else if (riskTag === 'medium') {
76
+ return {
77
+ mode: { type: 'split', shares: 3, threshold: 2 },
78
+ reason: `Explicit risk tag "medium" requires 2-of-3 threshold`,
79
+ wasOverridden: false,
80
+ };
81
+ }
82
+ else if (riskTag === 'low') {
83
+ return {
84
+ mode: { type: 'split', shares: 2, threshold: 2 },
85
+ reason: `Explicit risk tag "low" requires 2-of-2 threshold`,
86
+ wasOverridden: false,
87
+ };
88
+ }
89
+ }
90
+ // Numeric thresholds ONLY for fiat currencies (USD, EUR, GBP)
91
+ // Crypto (BTC, ETH) should use risk tags instead
92
+ if ((action === 'transfer' || action === 'execute') && typeof params.amount === 'number') {
93
+ const currency = typeof params.currency === 'string' ? params.currency.toUpperCase() : 'USD';
94
+ const isFiat = ['USD', 'EUR', 'GBP'].includes(currency);
95
+ if (isFiat) {
96
+ if (params.amount >= criticalThreshold) {
97
+ return {
98
+ mode: { type: 'split', shares: 5, threshold: 3 },
99
+ reason: `Critical-value transfer (${currency} ${params.amount.toLocaleString()}) requires 3-of-5 threshold`,
100
+ wasOverridden: false,
101
+ };
102
+ }
103
+ else if (params.amount >= highThreshold) {
104
+ return {
105
+ mode: { type: 'split', shares: 3, threshold: 2 },
106
+ reason: `High-value transfer (${currency} ${params.amount.toLocaleString()}) requires 2-of-3 threshold`,
107
+ wasOverridden: false,
108
+ };
109
+ }
110
+ }
70
111
  }
71
112
  // Auto-detection: Cross-entity communication
72
113
  if (params.crossEntity === true) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@private.me/xbind",
3
- "version": "1.2.2",
3
+ "version": "1.2.16",
4
4
  "description": "Identity-based M2M authentication (Contains encryption - export restrictions apply)",
5
5
  "license": "Proprietary",
6
6
  "author": "Private.Me Contributors",
package/share1.dat CHANGED
Binary file