@private.me/xbind 3.0.2 → 3.0.4

package/dist-standalone/runtime/react-native.js

@@ -1,383 +1 @@
-/**
- * React Native Runtime Support for xBind
- *
- * Provides compatibility layer for React Native environments:
- * - Polyfills for missing Node.js APIs
- * - AsyncStorage adapter for persistence
- * - Native crypto module integration
- * - Cross-platform crypto primitives
- *
- * @module runtime/react-native
- */
-import { ok, err } from"../_deps/shared/index.js";
-/* ── Storage Adapter ── */
-/**
- * AsyncStorage adapter for xBind persistence
- *
- * Provides cross-platform storage for:
- * - Agent identities (Ed25519/X25519 keys)
- * - Nonce store (replay protection)
- * - Trust registry cache
- * - Connection metadata
- */
-export class AsyncStorageAdapter {
-    storage;
-    prefix;
-    debug;
-    constructor(config) {
-        this.storage = config.storage;
-        this.prefix = config.storagePrefix || '@xbind:';
-        this.debug = config.debug || false;
-    }
-    /**
-     * Get value by key
-     */
-    async get(key) {
-        try {
-            const prefixedKey = this.prefix + key;
-            const value = await this.storage.getItem(prefixedKey);
-            if (this.debug) {
-                console.log(`[AsyncStorage] GET ${prefixedKey}:`, value ? 'found' : 'not found');
-            }
-            return ok(value);
-        }
-        catch (error) {
-            return err(new Error(`AsyncStorage get failed: ${error}`));
-        }
-    }
-    /**
-     * Set key-value pair
-     */
-    async set(key, value) {
-        try {
-            const prefixedKey = this.prefix + key;
-            await this.storage.setItem(prefixedKey, value);
-            if (this.debug) {
-                console.log(`[AsyncStorage] SET ${prefixedKey}:`, value.length, 'bytes');
-            }
-            return ok(undefined);
-        }
-        catch (error) {
-            return err(new Error(`AsyncStorage set failed: ${error}`));
-        }
-    }
-    /**
-     * Remove key
-     */
-    async remove(key) {
-        try {
-            const prefixedKey = this.prefix + key;
-            await this.storage.removeItem(prefixedKey);
-            if (this.debug) {
-                console.log(`[AsyncStorage] REMOVE ${prefixedKey}`);
-            }
-            return ok(undefined);
-        }
-        catch (error) {
-            return err(new Error(`AsyncStorage remove failed: ${error}`));
-        }
-    }
-    /**
-     * Get all keys with prefix
-     */
-    async keys() {
-        try {
-            const allKeys = await this.storage.getAllKeys();
-            const filteredKeys = allKeys
-                .filter(key => key.startsWith(this.prefix))
-                .map(key => key.substring(this.prefix.length));
-            if (this.debug) {
-                console.log(`[AsyncStorage] KEYS:`, filteredKeys.length, 'items');
-            }
-            return ok(filteredKeys);
-        }
-        catch (error) {
-            return err(new Error(`AsyncStorage keys failed: ${error}`));
-        }
-    }
-    /**
-     * Get multiple keys (batch operation)
-     */
-    async multiGet(keys) {
-        try {
-            const prefixedKeys = keys.map(key => this.prefix + key);
-            const results = await this.storage.multiGet(prefixedKeys);
-            // Remove prefix from results
-            const unprefixedResults = results.map(([key, value]) => [
-                key.substring(this.prefix.length),
-                value
-            ]);
-            if (this.debug) {
-                console.log(`[AsyncStorage] MULTI_GET:`, keys.length, 'keys');
-            }
-            return ok(unprefixedResults);
-        }
-        catch (error) {
-            return err(new Error(`AsyncStorage multiGet failed: ${error}`));
-        }
-    }
-    /**
-     * Set multiple key-value pairs (batch operation)
-     */
-    async multiSet(pairs) {
-        try {
-            const prefixedPairs = pairs.map(([key, value]) => [
-                this.prefix + key,
-                value
-            ]);
-            await this.storage.multiSet(prefixedPairs);
-            if (this.debug) {
-                console.log(`[AsyncStorage] MULTI_SET:`, pairs.length, 'pairs');
-            }
-            return ok(undefined);
-        }
-        catch (error) {
-            return err(new Error(`AsyncStorage multiSet failed: ${error}`));
-        }
-    }
-    /**
-     * Clear all xBind data
-     */
-    async clear() {
-        try {
-            const keysResult = await this.keys();
-            if (!keysResult.ok) {
-                return err(keysResult.error);
-            }
-            const prefixedKeys = keysResult.value.map((key) => this.prefix + key);
-            if (prefixedKeys.length > 0) {
-                await this.storage.multiRemove(prefixedKeys);
-            }
-            if (this.debug) {
-                console.log(`[AsyncStorage] CLEAR:`, prefixedKeys.length, 'items removed');
-            }
-            return ok(undefined);
-        }
-        catch (error) {
-            return err(new Error(`AsyncStorage clear failed: ${error}`));
-        }
-    }
-}
-/* ── Crypto Polyfills ── */
-/**
- * Detect available crypto implementation
- */
-export function detectCrypto() {
-    // Check for global crypto (React Native 0.63+)
-    if (typeof global !== 'undefined' && global.crypto) {
-        return global.crypto;
-    }
-    // Check for react-native-quick-crypto
-    try {
-        // eslint-disable-next-line @typescript-eslint/no-var-requires
-        const quickCrypto = require('react-native-quick-crypto');
-        return quickCrypto;
-    }
-    catch {
-        // Not available
-    }
-    // Check for expo-crypto
-    try {
-        // eslint-disable-next-line @typescript-eslint/no-var-requires
-        const expoCrypto = require('expo-crypto');
-        return {
-            getRandomValues: (array) => {
-                const bytes = expoCrypto.getRandomBytes(array.length);
-                array.set(bytes);
-            }
-        };
-    }
-    catch {
-        // Not available
-    }
-    return null;
-}
-/**
- * Get random bytes (cross-platform)
- */
-export function getRandomBytes(length, crypto) {
-    const cryptoImpl = crypto || detectCrypto();
-    if (!cryptoImpl) {
-        throw new Error('No crypto implementation available. Install react-native-quick-crypto or expo-crypto.');
-    }
-    const array = new Uint8Array(length);
-    cryptoImpl.getRandomValues(array);
-    return array;
-}
-/**
- * SHA-256 hash (cross-platform)
- */
-export async function sha256(data, crypto) {
-    const cryptoImpl = crypto || detectCrypto();
-    if (!cryptoImpl?.subtle) {
-        throw new Error('No SubtleCrypto implementation available. Install react-native-quick-crypto.');
-    }
-    // SAFETY: Create clean ArrayBuffer for Web Crypto API compatibility
-    const cleanBuffer = new Uint8Array(data).buffer;
-    const hash = await cryptoImpl.subtle.digest('SHA-256', cleanBuffer);
-    return new Uint8Array(hash);
-}
-/* ── Buffer Polyfill ── */
-/**
- * Buffer polyfill for React Native
- *
- * Uses global Buffer if available, otherwise provides minimal implementation
- */
-export class BufferPolyfill {
-    static isBuffer(obj) {
-        return obj instanceof Uint8Array;
-    }
-    static from(data, encoding) {
-        if (typeof data === 'string') {
-            if (encoding === 'base64') {
-                return this.fromBase64(data);
-            }
-            else if (encoding === 'hex') {
-                return this.fromHex(data);
-            }
-            else {
-                // Default to UTF-8
-                const encoder = new TextEncoder();
-                return encoder.encode(data);
-            }
-        }
-        if (Array.isArray(data)) {
-            return new Uint8Array(data);
-        }
-        return new Uint8Array(data);
-    }
-    static toString(buffer, encoding) {
-        if (encoding === 'base64') {
-            return this.toBase64(buffer);
-        }
-        else if (encoding === 'hex') {
-            return this.toHex(buffer);
-        }
-        else {
-            // Default to UTF-8
-            const decoder = new TextDecoder();
-            return decoder.decode(buffer);
-        }
-    }
-    static concat(buffers) {
-        const totalLength = buffers.reduce((sum, buf) => sum + buf.length, 0);
-        const result = new Uint8Array(totalLength);
-        let offset = 0;
-        for (const buf of buffers) {
-            result.set(buf, offset);
-            offset += buf.length;
-        }
-        return result;
-    }
-    static alloc(size, fill) {
-        const buffer = new Uint8Array(size);
-        if (fill !== undefined) {
-            buffer.fill(fill);
-        }
-        return buffer;
-    }
-    static fromBase64(str) {
-        const binaryString = atob(str);
-        const bytes = new Uint8Array(binaryString.length);
-        for (let i = 0; i < binaryString.length; i++) {
-            bytes[i] = binaryString.charCodeAt(i);
-        }
-        return bytes;
-    }
-    static toBase64(buffer) {
-        let binaryString = '';
-        for (let i = 0; i < buffer.length; i++) {
-            const byte = buffer[i];
-            if (byte !== undefined) {
-                binaryString += String.fromCharCode(byte);
-            }
-        }
-        return btoa(binaryString);
-    }
-    static fromHex(str) {
-        const bytes = new Uint8Array(str.length / 2);
-        for (let i = 0; i < bytes.length; i++) {
-            bytes[i] = parseInt(str.substr(i * 2, 2), 16);
-        }
-        return bytes;
-    }
-    static toHex(buffer) {
-        return Array.from(buffer)
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('');
-    }
-}
-/* ── Platform Detection ── */
-/**
- * Detect React Native runtime
- */
-export function isReactNative() {
-    return (typeof navigator !== 'undefined' &&
-        navigator.product === 'ReactNative');
-}
-/**
- * Detect platform (iOS/Android)
- */
-export function detectPlatform() {
-    if (typeof navigator === 'undefined') {
-        return 'unknown';
-    }
-    const userAgent = navigator.userAgent || '';
-    if (/iPhone|iPad|iPod/.test(userAgent)) {
-        return 'ios';
-    }
-    if (/Android/.test(userAgent)) {
-        return 'android';
-    }
-    return 'unknown';
-}
-/* ── Module Initialization ── */
-/**
- * Initialize React Native runtime environment
- *
- * Sets up polyfills and validates required dependencies
- */
-export function initializeReactNative(config) {
-    try {
-        // Validate storage
-        if (!config.storage) {
-            return err(new Error('AsyncStorage is required for React Native runtime'));
-        }
-        // Validate crypto
-        const crypto = config.crypto || detectCrypto();
-        if (!crypto) {
-            return err(new Error('No crypto implementation found. Install react-native-quick-crypto or expo-crypto.'));
-        }
-        // Ensure global.crypto is available
-        if (!global.crypto) {
-            global.crypto = crypto;
-        }
-        // Ensure global.Buffer is available
-        if (!global.Buffer) {
-            global.Buffer = BufferPolyfill;
-        }
-        if (config.debug) {
-            console.log('[xBind] React Native runtime initialized:', {
-                platform: detectPlatform(),
-                crypto: !!crypto.subtle ? 'full' : 'basic',
-                storage: 'AsyncStorage',
-                prefix: config.storagePrefix || '@xbind:'
-            });
-        }
-        return ok(undefined);
-    }
-    catch (error) {
-        return err(new Error(`React Native initialization failed: ${error}`));
-    }
-}
-/* ── Exports ── */
-export default {
-    AsyncStorageAdapter,
-    detectCrypto,
-    getRandomBytes,
-    sha256,
-    BufferPolyfill,
-    isReactNative,
-    detectPlatform,
-    initializeReactNative
-};
+import{ok,err}from"../_deps/shared/index.js";export class AsyncStorageAdapter{storage;prefix;debug;constructor(t){this.storage=t.storage,this.prefix=t.storagePrefix||"@xbind:",this.debug=t.debug||!1}async get(t){try{const e=this.prefix+t,r=await this.storage.getItem(e);return this.debug&&console.log(`[AsyncStorage] GET ${e}:`,r?"found":"not found"),ok(r)}catch(t){return err(new Error(`AsyncStorage get failed: ${t}`))}}async set(t,e){try{const r=this.prefix+t;return await this.storage.setItem(r,e),this.debug&&console.log(`[AsyncStorage] SET ${r}:`,e.length,"bytes"),ok(void 0)}catch(t){return err(new Error(`AsyncStorage set failed: ${t}`))}}async remove(t){try{const e=this.prefix+t;return await this.storage.removeItem(e),this.debug&&console.log(`[AsyncStorage] REMOVE ${e}`),ok(void 0)}catch(t){return err(new Error(`AsyncStorage remove failed: ${t}`))}}async keys(){try{const t=(await this.storage.getAllKeys()).filter(t=>t.startsWith(this.prefix)).map(t=>t.substring(this.prefix.length));return this.debug&&console.log("[AsyncStorage] KEYS:",t.length,"items"),ok(t)}catch(t){return err(new Error(`AsyncStorage keys failed: ${t}`))}}async multiGet(t){try{const e=t.map(t=>this.prefix+t),r=(await this.storage.multiGet(e)).map(([t,e])=>[t.substring(this.prefix.length),e]);return this.debug&&console.log("[AsyncStorage] MULTI_GET:",t.length,"keys"),ok(r)}catch(t){return err(new Error(`AsyncStorage multiGet failed: ${t}`))}}async multiSet(t){try{const e=t.map(([t,e])=>[this.prefix+t,e]);return await this.storage.multiSet(e),this.debug&&console.log("[AsyncStorage] MULTI_SET:",t.length,"pairs"),ok(void 0)}catch(t){return err(new Error(`AsyncStorage multiSet failed: ${t}`))}}async clear(){try{const t=await this.keys();if(!t.ok)return err(t.error);const e=t.value.map(t=>this.prefix+t);return e.length>0&&await this.storage.multiRemove(e),this.debug&&console.log("[AsyncStorage] CLEAR:",e.length,"items removed"),ok(void 0)}catch(t){return err(new Error(`AsyncStorage clear failed: ${t}`))}}}export function detectCrypto(){if("undefined"!=typeof global&&global.crypto)return global.crypto;try{return require("react-native-quick-crypto")}catch{}try{const t=require("expo-crypto");return{getRandomValues:e=>{const r=t.getRandomBytes(e.length);e.set(r)}}}catch{}return null}export function getRandomBytes(t,e){const r=e||detectCrypto();if(!r)throw new Error("No crypto implementation available. Install react-native-quick-crypto or expo-crypto.");const o=new Uint8Array(t);return r.getRandomValues(o),o}export async function sha256(t,e){const r=e||detectCrypto();if(!r?.subtle)throw new Error("No SubtleCrypto implementation available. Install react-native-quick-crypto.");const o=new Uint8Array(t).buffer,n=await r.subtle.digest("SHA-256",o);return new Uint8Array(n)}export class BufferPolyfill{static isBuffer(t){return t instanceof Uint8Array}static from(t,e){if("string"==typeof t){if("base64"===e)return this.fromBase64(t);if("hex"===e)return this.fromHex(t);return(new TextEncoder).encode(t)}return Array.isArray(t),new Uint8Array(t)}static toString(t,e){if("base64"===e)return this.toBase64(t);if("hex"===e)return this.toHex(t);return(new TextDecoder).decode(t)}static concat(t){const e=t.reduce((t,e)=>t+e.length,0),r=new Uint8Array(e);let o=0;for(const e of t)r.set(e,o),o+=e.length;return r}static alloc(t,e){const r=new Uint8Array(t);return void 0!==e&&r.fill(e),r}static fromBase64(t){const e=atob(t),r=new Uint8Array(e.length);for(let t=0;t<e.length;t++)r[t]=e.charCodeAt(t);return r}static toBase64(t){let e="";for(let r=0;r<t.length;r++){const o=t[r];void 0!==o&&(e+=String.fromCharCode(o))}return btoa(e)}static fromHex(t){const e=new Uint8Array(t.length/2);for(let r=0;r<e.length;r++)e[r]=parseInt(t.substr(2*r,2),16);return e}static toHex(t){return Array.from(t).map(t=>t.toString(16).padStart(2,"0")).join("")}}export function isReactNative(){return"undefined"!=typeof navigator&&"ReactNative"===navigator.product}export function detectPlatform(){if("undefined"==typeof navigator)return"unknown";const t=navigator.userAgent||"";return/iPhone|iPad|iPod/.test(t)?"ios":/Android/.test(t)?"android":"unknown"}export function initializeReactNative(t){try{if(!t.storage)return err(new Error("AsyncStorage is required for React Native runtime"));const e=t.crypto||detectCrypto();return e?(global.crypto||(global.crypto=e),global.Buffer||(global.Buffer=BufferPolyfill),t.debug&&console.log("[xBind] React Native runtime initialized:",{platform:detectPlatform(),crypto:e.subtle?"full":"basic",storage:"AsyncStorage",prefix:t.storagePrefix||"@xbind:"}),ok(void 0)):err(new Error("No crypto implementation found. Install react-native-quick-crypto or expo-crypto."))}catch(t){return err(new Error(`React Native initialization failed: ${t}`))}}export default{AsyncStorageAdapter:AsyncStorageAdapter,detectCrypto:detectCrypto,getRandomBytes:getRandomBytes,sha256:sha256,BufferPolyfill:BufferPolyfill,isReactNative:isReactNative,detectPlatform:detectPlatform,initializeReactNative:initializeReactNative};

package/dist-standalone/security-policy.js

@@ -1,239 +1 @@
-/**
- * Security policy interface for automatic risk-based Xorida activation.
- *
- * Determines when to apply information-theoretic security (XorIDA split-channel)
- * vs standard encrypted transport based on action semantics and parameters.
- *
- * Design principle: Security should be invisible to users. The policy classifies
- * risk automatically so developers don't need to understand threshold cryptography.
- */
-/**
- * Default security policy for basic XBind.
- *
- * Rules:
- * - Explicit risk tags: low → 2-of-2, medium → 2-of-3, high/critical → 3-of-5
- * - Fiat transfers: USD/EUR/GBP >$100k → 2-of-3, >$1M → 3-of-5
- * - Crypto transfers: Require explicit risk tag (no numeric auto-detection)
- * - Sensitive scopes: custody/admin/settlement → 2-of-3
- * - Cross-entity communication: 2-of-3
- * - Explicit 'high' override: 2-of-3, 'critical' override: 3-of-5
- * - Everything else: Standard encrypted transport (V3 hybrid PQ)
- *
- * Enterprise and Government variants extend this with custom rules.
- */
-export class DefaultSecurityPolicy {
-    options;
-    /**
-     * Create a default security policy.
-     *
-     * @param options - Optional configuration
-     * @param options.highValueThreshold - Amount threshold for high security (default: 100000)
-     * @param options.criticalValueThreshold - Amount threshold for critical security (default: 1000000)
-     * @param options.enableXchange - Allow Xchange mode for performance (default: false)
-     */
-    constructor(options = {}) {
-        this.options = options;
-    }
-    classify(context) {
-        const { action, params, securityOverride } = context;
-        const highThreshold = this.options.highValueThreshold ?? 100_000;
-        const criticalThreshold = this.options.criticalValueThreshold ?? 1_000_000;
-        // Explicit override: critical
-        if (securityOverride === 'critical') {
-            return {
-                mode: { type: 'split', shares: 5, threshold: 3 },
-                reason: 'User requested critical security level (5 shares, 3-of-5 threshold)',
-                wasOverridden: true,
-            };
-        }
-        // Explicit override: high
-        if (securityOverride === 'high') {
-            return {
-                mode: { type: 'split', shares: 3, threshold: 2 },
-                reason: 'User requested high security level (3 shares, 2-of-3 threshold)',
-                wasOverridden: true,
-            };
-        }
-        // Explicit override: standard
-        if (securityOverride === 'standard') {
-            return {
-                mode: { type: 'standard' },
-                reason: 'User requested standard security level (encrypted transport)',
-                wasOverridden: true,
-            };
-        }
-        // Risk tag detection (preferred for crypto: BTC, ETH, etc.)
-        const riskTag = typeof params.risk === 'string' ? params.risk.toLowerCase() : undefined;
-        if (riskTag) {
-            if (riskTag === 'critical' || riskTag === 'high') {
-                return {
-                    mode: { type: 'split', shares: 5, threshold: 3 },
-                    reason: `Explicit risk tag "${riskTag}" requires 3-of-5 threshold`,
-                    wasOverridden: false,
-                };
-            }
-            else if (riskTag === 'medium') {
-                return {
-                    mode: { type: 'split', shares: 3, threshold: 2 },
-                    reason: `Explicit risk tag "medium" requires 2-of-3 threshold`,
-                    wasOverridden: false,
-                };
-            }
-            else if (riskTag === 'low') {
-                return {
-                    mode: { type: 'split', shares: 2, threshold: 2 },
-                    reason: `Explicit risk tag "low" requires 2-of-2 threshold`,
-                    wasOverridden: false,
-                };
-            }
-        }
-        // Numeric thresholds ONLY for fiat currencies (USD, EUR, GBP)
-        // Crypto (BTC, ETH) should use risk tags instead
-        if ((action === 'transfer' || action === 'execute') && typeof params.amount === 'number') {
-            const currency = typeof params.currency === 'string' ? params.currency.toUpperCase() : 'USD';
-            const isFiat = ['USD', 'EUR', 'GBP'].includes(currency);
-            if (isFiat) {
-                if (params.amount >= criticalThreshold) {
-                    return {
-                        mode: { type: 'split', shares: 5, threshold: 3 },
-                        reason: `Critical-value transfer (${currency} ${params.amount.toLocaleString()}) requires 3-of-5 threshold`,
-                        wasOverridden: false,
-                    };
-                }
-                else if (params.amount >= highThreshold) {
-                    return {
-                        mode: { type: 'split', shares: 3, threshold: 2 },
-                        reason: `High-value transfer (${currency} ${params.amount.toLocaleString()}) requires 2-of-3 threshold`,
-                        wasOverridden: false,
-                    };
-                }
-            }
-        }
-        // Auto-detection: Cross-entity communication
-        if (params.crossEntity === true) {
-            return {
-                mode: { type: 'split', shares: 3, threshold: 2 },
-                reason: 'Cross-organization communication requires multi-party approval (2 of 3)',
-                wasOverridden: false,
-            };
-        }
-        // Auto-detection: Sensitive scopes
-        if (context.scope.includes('admin') ||
-            context.scope.includes('custody') ||
-            context.scope.includes('settlement')) {
-            return {
-                mode: { type: 'split', shares: 3, threshold: 2 },
-                reason: `Sensitive scope "${context.scope}" requires multi-party approval (2 of 3)`,
-                wasOverridden: false,
-            };
-        }
-        // Xchange mode: opt-in performance mode (if enabled)
-        if (this.options.enableXchange && params.xchange === true) {
-            return {
-                mode: { type: 'xchange' },
-                reason: 'Xchange mode enabled for performance (~180x faster)',
-                wasOverridden: false,
-            };
-        }
-        // Default: Standard encrypted transport
-        return {
-            mode: { type: 'standard' },
-            reason: 'Standard encrypted transport (hybrid post-quantum)',
-            wasOverridden: false,
-        };
-    }
-}
-/**
- * Get a human-readable security mode description.
- *
- * Used for logging and user feedback.
- *
- * @param mode - Security mode
- * @returns User-friendly description
- *
- * @deprecated Use describeSecurityModeStructured() for new code. This function remains for backward compatibility.
- */
-export function describeSecurityMode(mode) {
-    switch (mode.type) {
-        case 'standard':
-            return 'Standard (encrypted)';
-        case 'split':
-            return `Multi-party approval (${mode.threshold} of ${mode.shares})`;
-        case 'xchange':
-            return 'Xchange (fast mode)';
-    }
-}
-/**
- * Get a structured security mode description with multiple formats.
- *
- * Returns an object with the security classification and formatted descriptions
- * optimized for different use cases (display, logging, APIs, docs).
- *
- * @param mode - Security mode
- * @returns Security mode description with formats
- *
- * @example
- * ```typescript
- * const mode: SecurityMode = { type: 'split', shares: 3, threshold: 2 };
- * const description = describeSecurityModeStructured(mode);
- *
- * console.log(description.formats.singleline);
- * // "high | split | 2-of-3"
- *
- * console.log(description.formats.multiline);
- * // "Security Level: High
- * //  Mode: Split-channel (XorIDA)
- * //  Shares: 3 total, 2 required"
- *
- * console.log(description.shares);
- * // { total: 3, threshold: 2 }
- * ```
- */
-export function describeSecurityModeStructured(mode) {
-    let level;
-    let multiline;
-    let singleline;
-    let markdown;
-    let shares;
-    switch (mode.type) {
-        case 'standard':
-            level = 'standard';
-            multiline = 'Security Level: Standard\nMode: Encrypted transport (hybrid post-quantum)';
-            singleline = 'standard | encrypted';
-            markdown = '**Security Level:** Standard\n\n**Mode:** Encrypted transport (hybrid post-quantum)';
-            break;
-        case 'split':
-            // Classify split mode as high or critical based on threshold
-            level = mode.shares >= 5 ? 'critical' : 'high';
-            shares = { total: mode.shares, threshold: mode.threshold };
-            multiline = `Security Level: ${level === 'critical' ? 'Critical' : 'High'}\nMode: Split-channel (XorIDA)\nShares: ${mode.shares} total, ${mode.threshold} required`;
-            singleline = `${level} | split | ${mode.threshold}-of-${mode.shares}`;
-            markdown = `**Security Level:** ${level === 'critical' ? 'Critical' : 'High'}\n\n**Mode:** Split-channel (XorIDA)\n\n**Shares:** ${mode.shares} total, ${mode.threshold} required`;
-            break;
-        case 'xchange':
-            level = 'performance';
-            multiline = 'Security Level: Performance\nMode: Xchange (single IT layer, ~180x faster)';
-            singleline = 'performance | xchange';
-            markdown = '**Security Level:** Performance\n\n**Mode:** Xchange (single IT layer, ~180x faster)';
-            break;
-    }
-    const jsonObj = {
-        type: mode.type,
-        level,
-    };
-    if (shares) {
-        jsonObj.shares = shares;
-    }
-    const json = JSON.stringify(jsonObj);
-    return {
-        type: mode.type,
-        level,
-        shares,
-        formats: {
-            multiline,
-            singleline,
-            json,
-            markdown,
-        },
-    };
-}
+export class DefaultSecurityPolicy{options;constructor(e={}){this.options=e}classify(e){const{action:r,params:t,securityOverride:s}=e,a=this.options.highValueThreshold??1e5,i=this.options.criticalValueThreshold??1e6;if("critical"===s)return{mode:{type:"split",shares:5,threshold:3},reason:"User requested critical security level (5 shares, 3-of-5 threshold)",wasOverridden:!0};if("high"===s)return{mode:{type:"split",shares:3,threshold:2},reason:"User requested high security level (3 shares, 2-of-3 threshold)",wasOverridden:!0};if("standard"===s)return{mode:{type:"standard"},reason:"User requested standard security level (encrypted transport)",wasOverridden:!0};const n="string"==typeof t.risk?t.risk.toLowerCase():void 0;if(n){if("critical"===n||"high"===n)return{mode:{type:"split",shares:5,threshold:3},reason:`Explicit risk tag "${n}" requires 3-of-5 threshold`,wasOverridden:!1};if("medium"===n)return{mode:{type:"split",shares:3,threshold:2},reason:'Explicit risk tag "medium" requires 2-of-3 threshold',wasOverridden:!1};if("low"===n)return{mode:{type:"split",shares:2,threshold:2},reason:'Explicit risk tag "low" requires 2-of-2 threshold',wasOverridden:!1}}if(("transfer"===r||"execute"===r)&&"number"==typeof t.amount){const e="string"==typeof t.currency?t.currency.toUpperCase():"USD";if(["USD","EUR","GBP"].includes(e)){if(t.amount>=i)return{mode:{type:"split",shares:5,threshold:3},reason:`Critical-value transfer (${e} ${t.amount.toLocaleString()}) requires 3-of-5 threshold`,wasOverridden:!1};if(t.amount>=a)return{mode:{type:"split",shares:3,threshold:2},reason:`High-value transfer (${e} ${t.amount.toLocaleString()}) requires 2-of-3 threshold`,wasOverridden:!1}}}if(!0===t.crossEntity)return{mode:{type:"split",shares:3,threshold:2},reason:"Cross-organization communication requires multi-party approval (2 of 3)",wasOverridden:!1};const o=e.scope??"default";return o.includes("admin")||o.includes("custody")||o.includes("settlement")?{mode:{type:"split",shares:3,threshold:2},reason:`Sensitive scope "${o}" requires multi-party approval (2 of 3)`,wasOverridden:!1}:this.options.enableXchange&&!0===t.xchange?{mode:{type:"xchange"},reason:"Xchange mode enabled for performance (~180x faster)",wasOverridden:!1}:{mode:{type:"standard"},reason:"Standard encrypted transport (hybrid post-quantum)",wasOverridden:!1}}}export function describeSecurityMode(e){switch(e.type){case"standard":return"Standard (encrypted)";case"split":return`Multi-party approval (${e.threshold} of ${e.shares})`;case"xchange":return"Xchange (fast mode)"}}export function describeSecurityModeStructured(e){let r,t,s,a,i;switch(e.type){case"standard":r="standard",t="Security Level: Standard\nMode: Encrypted transport (hybrid post-quantum)",s="standard | encrypted",a="**Security Level:** Standard\n\n**Mode:** Encrypted transport (hybrid post-quantum)";break;case"split":r=e.shares>=5?"critical":"high",i={total:e.shares,threshold:e.threshold},t=`Security Level: ${"critical"===r?"Critical":"High"}\nMode: Split-channel (XorIDA)\nShares: ${e.shares} total, ${e.threshold} required`,s=`${r} | split | ${e.threshold}-of-${e.shares}`,a=`**Security Level:** ${"critical"===r?"Critical":"High"}\n\n**Mode:** Split-channel (XorIDA)\n\n**Shares:** ${e.shares} total, ${e.threshold} required`;break;case"xchange":r="performance",t="Security Level: Performance\nMode: Xchange (single IT layer, ~180x faster)",s="performance | xchange",a="**Security Level:** Performance\n\n**Mode:** Xchange (single IT layer, ~180x faster)"}const n={type:e.type,level:r};i&&(n.shares=i);const o=JSON.stringify(n);return{type:e.type,level:r,shares:i,formats:{multiline:t,singleline:s,json:o,markdown:a}}}