npm - @revealui/core - Versions diffs - 0.2.1 → 0.3.0 - Mend

@revealui/core 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (325) hide show

package/dist/api/compression.d.ts.map +1 -1
package/dist/api/payload-optimization.d.ts.map +1 -1
package/dist/api/rate-limit.d.ts +29 -28
package/dist/api/rate-limit.d.ts.map +1 -1
package/dist/api/rate-limit.js +63 -3
package/dist/api/response-cache.d.ts.map +1 -1
package/dist/api/response-cache.js +1 -1
package/dist/api/rest.d.ts.map +1 -1
package/dist/api/rest.js +3 -2
package/dist/auth/access.d.ts.map +1 -1
package/dist/auth/index.d.ts.map +1 -1
package/dist/cache/query-cache.d.ts +12 -10
package/dist/cache/query-cache.d.ts.map +1 -1
package/dist/cache/query-cache.js +38 -42
package/dist/caching/app-cache.d.ts +5 -0
package/dist/caching/app-cache.d.ts.map +1 -1
package/dist/caching/app-cache.js +9 -1
package/dist/caching/cdn-config.d.ts.map +1 -1
package/dist/caching/cdn-config.js +4 -0
package/dist/caching/edge-cache.d.ts +1 -1
package/dist/caching/edge-cache.d.ts.map +1 -1
package/dist/caching/edge-cache.js +36 -7
package/dist/caching/index.d.ts +6 -0
package/dist/caching/index.d.ts.map +1 -0
package/dist/caching/index.js +5 -0
package/dist/caching/service-worker.d.ts +6 -3
package/dist/caching/service-worker.d.ts.map +1 -1
package/dist/caching/service-worker.js +3 -2
package/dist/client/admin/RichText.d.ts +1 -1
package/dist/client/admin/RichText.d.ts.map +1 -1
package/dist/client/admin/components/AdminDashboard.d.ts.map +1 -1
package/dist/client/admin/components/AdminDashboard.js +178 -205
package/dist/client/admin/components/CollectionList.d.ts.map +1 -1
package/dist/client/admin/components/DocumentForm.d.ts.map +1 -1
package/dist/client/admin/components/DocumentForm.js +130 -6
package/dist/client/admin/components/GlobalForm.d.ts.map +1 -1
package/dist/client/admin/context/ServerFunctionContext.d.ts +8 -0
package/dist/client/admin/context/ServerFunctionContext.d.ts.map +1 -0
package/dist/client/admin/context/ServerFunctionContext.js +15 -0
package/dist/client/admin/i18n/en.d.ts.map +1 -1
package/dist/client/admin/index.d.ts +1 -0
package/dist/client/admin/index.d.ts.map +1 -1
package/dist/client/admin/index.js +1 -0
package/dist/client/admin/layout.d.ts +1 -1
package/dist/client/admin/layout.d.ts.map +1 -1
package/dist/client/admin/layout.js +3 -2
package/dist/client/admin/page.d.ts.map +1 -1
package/dist/client/admin/utils/apiClient.d.ts.map +1 -1
package/dist/client/admin/utils/apiClient.js +0 -4
package/dist/client/admin/utils/index.d.ts +0 -1
package/dist/client/admin/utils/index.d.ts.map +1 -1
package/dist/client/admin/utils/index.js +0 -1
package/dist/client/admin/utils/serializeConfig.d.ts.map +1 -1
package/dist/client/hooks.d.ts.map +1 -1
package/dist/client/index.d.ts.map +1 -1
package/dist/client/richtext/RichTextEditor.d.ts.map +1 -1
package/dist/client/richtext/components/ImageNodeComponent.d.ts.map +1 -1
package/dist/client/richtext/components/ImageNodeComponent.js +0 -1
package/dist/client/richtext/components/ImageUploadButton.d.ts +2 -0
package/dist/client/richtext/components/ImageUploadButton.d.ts.map +1 -1
package/dist/client/richtext/components/ImageUploadButton.js +30 -15
package/dist/client/richtext/index.d.ts.map +1 -1
package/dist/client/richtext/nodes/DecoratorBlockNode.d.ts.map +1 -1
package/dist/client/richtext/nodes/ImageNode.d.ts.map +1 -1
package/dist/client/richtext/plugins/CollaborationPlugin.d.ts.map +1 -1
package/dist/client/richtext/plugins/CursorsOverlayPlugin.d.ts.map +1 -1
package/dist/client/richtext/plugins/FloatingToolbarPlugin.d.ts.map +1 -1
package/dist/client/richtext/plugins/ImagePlugin.d.ts.map +1 -1
package/dist/client/richtext/plugins/ToolbarPlugin.d.ts.map +1 -1
package/dist/client/ui/index.d.ts.map +1 -1
package/dist/client/ui/index.js +1 -1
package/dist/collections/CollectionOperations.d.ts +7 -7
package/dist/collections/CollectionOperations.d.ts.map +1 -1
package/dist/collections/CollectionOperations.js +15 -1
package/dist/collections/hooks.d.ts.map +1 -1
package/dist/collections/index.d.ts.map +1 -1
package/dist/collections/operations/create.d.ts +2 -4
package/dist/collections/operations/create.d.ts.map +1 -1
package/dist/collections/operations/create.js +7 -5
package/dist/collections/operations/createMany.d.ts +12 -0
package/dist/collections/operations/createMany.d.ts.map +1 -0
package/dist/collections/operations/createMany.js +43 -0
package/dist/collections/operations/delete.d.ts +1 -1
package/dist/collections/operations/delete.d.ts.map +1 -1
package/dist/collections/operations/delete.js +31 -2
package/dist/collections/operations/deleteMany.d.ts +11 -0
package/dist/collections/operations/deleteMany.d.ts.map +1 -0
package/dist/collections/operations/deleteMany.js +50 -0
package/dist/collections/operations/fieldHooks.d.ts +2 -2
package/dist/collections/operations/fieldHooks.d.ts.map +1 -1
package/dist/collections/operations/fieldHooks.js +4 -4
package/dist/collections/operations/find.d.ts +2 -4
package/dist/collections/operations/find.d.ts.map +1 -1
package/dist/collections/operations/find.js +115 -8
package/dist/collections/operations/findById.d.ts +3 -4
package/dist/collections/operations/findById.d.ts.map +1 -1
package/dist/collections/operations/findById.js +53 -1
package/dist/collections/operations/sqlAdapter.d.ts +23 -0
package/dist/collections/operations/sqlAdapter.d.ts.map +1 -0
package/dist/collections/operations/sqlAdapter.js +76 -0
package/dist/collections/operations/update.d.ts +3 -5
package/dist/collections/operations/update.d.ts.map +1 -1
package/dist/collections/operations/update.js +103 -11
package/dist/collections/operations/updateMany.d.ts +11 -0
package/dist/collections/operations/updateMany.d.ts.map +1 -0
package/dist/collections/operations/updateMany.js +52 -0
package/dist/collections/registry.d.ts +12 -0
package/dist/collections/registry.d.ts.map +1 -0
package/dist/collections/registry.js +38 -0
package/dist/config/index.d.ts.map +1 -1
package/dist/config/runtime.d.ts.map +1 -1
package/dist/config/utils.d.ts +0 -10
package/dist/config/utils.d.ts.map +1 -1
package/dist/config/utils.js +0 -13
package/dist/database/index.d.ts +3 -0
package/dist/database/index.d.ts.map +1 -1
package/dist/database/index.js +1 -5
package/dist/database/safe-parse.d.ts.map +1 -1
package/dist/database/ssl-config.d.ts.map +1 -1
package/dist/database/type-adapter.d.ts.map +1 -1
package/dist/database/universal-postgres.d.ts.map +1 -1
package/dist/database/universal-postgres.js +6 -1
package/dist/dataloader.d.ts.map +1 -1
package/dist/error-handling/circuit-breaker.d.ts +1 -1
package/dist/error-handling/circuit-breaker.d.ts.map +1 -1
package/dist/error-handling/circuit-breaker.js +11 -3
package/dist/error-handling/error-boundary.d.ts.map +1 -1
package/dist/error-handling/error-reporter.d.ts +1 -1
package/dist/error-handling/error-reporter.d.ts.map +1 -1
package/dist/error-handling/error-reporter.js +19 -5
package/dist/error-handling/fallback-components.d.ts.map +1 -1
package/dist/error-handling/fallback-components.js +1 -1
package/dist/error-handling/index.d.ts +2 -4
package/dist/error-handling/index.d.ts.map +1 -1
package/dist/error-handling/index.js +1 -4
package/dist/error-handling/retry.d.ts.map +1 -1
package/dist/error-handling/retry.js +13 -8
package/dist/factories/builders.d.ts.map +1 -1
package/dist/factories/index.d.ts.map +1 -1
package/dist/features.d.ts +0 -4
package/dist/features.d.ts.map +1 -1
package/dist/features.js +0 -2
package/dist/fieldTraversal.d.ts.map +1 -1
package/dist/fields/config/types.d.ts.map +1 -1
package/dist/fields/getDefaultValue.d.ts.map +1 -1
package/dist/fields/getFieldPaths.d.ts.map +1 -1
package/dist/fields/hooks/afterRead/index.d.ts.map +1 -1
package/dist/fields/hooks/afterRead/promise.d.ts.map +1 -1
package/dist/fields/hooks/afterRead/traverseFields.d.ts.map +1 -1
package/dist/generated/types/cms.d.ts.map +1 -1
package/dist/generated/types/cms.js +0 -1
package/dist/generated/types/neon.d.ts.map +1 -1
package/dist/generated/types/neon.js +4 -2
package/dist/globals/GlobalOperations.d.ts.map +1 -1
package/dist/globals/GlobalOperations.js +4 -2
package/dist/globals/index.d.ts.map +1 -1
package/dist/index.d.ts +4 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +4 -4
package/dist/instance/RevealUIInstance.d.ts.map +1 -1
package/dist/instance/RevealUIInstance.js +6 -19
package/dist/instance/index.d.ts.map +1 -1
package/dist/instance/logger.d.ts.map +1 -1
package/dist/instance/methods/create.d.ts.map +1 -1
package/dist/instance/methods/create.js +0 -3
package/dist/instance/methods/delete.d.ts.map +1 -1
package/dist/instance/methods/delete.js +1 -4
package/dist/instance/methods/find.d.ts.map +1 -1
package/dist/instance/methods/find.js +0 -3
package/dist/instance/methods/findById.d.ts.map +1 -1
package/dist/instance/methods/findById.js +0 -3
package/dist/instance/methods/hooks.d.ts.map +1 -1
package/dist/instance/methods/update.d.ts.map +1 -1
package/dist/instance/methods/update.js +0 -3
package/dist/jobs/index.d.ts +16 -0
package/dist/jobs/index.d.ts.map +1 -0
package/dist/jobs/index.js +14 -0
package/dist/jobs/queue.d.ts +57 -0
package/dist/jobs/queue.d.ts.map +1 -0
package/dist/jobs/queue.js +134 -0
package/dist/license-encryption.d.ts +21 -0
package/dist/license-encryption.d.ts.map +1 -0
package/dist/license-encryption.js +74 -0
package/dist/license.d.ts +20 -3
package/dist/license.d.ts.map +1 -1
package/dist/license.js +73 -6
package/dist/monitoring/alerts.d.ts.map +1 -1
package/dist/monitoring/cleanup-manager.d.ts.map +1 -1
package/dist/monitoring/health-monitor.d.ts.map +1 -1
package/dist/monitoring/index.d.ts.map +1 -1
package/dist/monitoring/process-registry.d.ts.map +1 -1
package/dist/monitoring/query-monitor.d.ts.map +1 -1
package/dist/monitoring/types.d.ts.map +1 -1
package/dist/monitoring/zombie-detector.d.ts.map +1 -1
package/dist/monitoring/zombie-detector.js +5 -0
package/dist/nextjs/index.d.ts.map +1 -1
package/dist/nextjs/utilities.d.ts.map +1 -1
package/dist/nextjs/withRevealUI.d.ts.map +1 -1
package/dist/observability/alerts.d.ts.map +1 -1
package/dist/observability/alerts.js +1 -2
package/dist/observability/health-check.d.ts +0 -4
package/dist/observability/health-check.d.ts.map +1 -1
package/dist/observability/health-check.js +0 -36
package/dist/observability/index.d.ts.map +1 -1
package/dist/observability/logger.d.ts.map +1 -1
package/dist/observability/logger.js +1 -1
package/dist/observability/metrics.d.ts.map +1 -1
package/dist/observability/tracing.d.ts.map +1 -1
package/dist/observability/tracing.js +0 -1
package/dist/optimization/asset-optimizer.d.ts +6 -2
package/dist/optimization/asset-optimizer.d.ts.map +1 -1
package/dist/optimization/asset-optimizer.js +31 -7
package/dist/optimization/bundle-analyzer.d.ts +1 -1
package/dist/optimization/bundle-analyzer.d.ts.map +1 -1
package/dist/optimization/bundle-analyzer.js +29 -5
package/dist/optimization/code-splitting.d.ts +0 -10
package/dist/optimization/code-splitting.d.ts.map +1 -1
package/dist/optimization/code-splitting.js +0 -16
package/dist/plugins/form-builder.d.ts.map +1 -1
package/dist/plugins/index.d.ts.map +1 -1
package/dist/plugins/nested-docs.d.ts +4 -0
package/dist/plugins/nested-docs.d.ts.map +1 -1
package/dist/plugins/nested-docs.js +50 -5
package/dist/plugins/redirects.d.ts.map +1 -1
package/dist/queries/index.d.ts.map +1 -1
package/dist/queries/queryBuilder.d.ts.map +1 -1
package/dist/queries/queryBuilder.js +9 -2
package/dist/relationships/analyzer.d.ts.map +1 -1
package/dist/relationships/analyzer.js +8 -0
package/dist/relationships/index.d.ts.map +1 -1
package/dist/relationships/populate-core.d.ts +57 -0
package/dist/relationships/populate-core.d.ts.map +1 -0
package/dist/relationships/populate-core.js +116 -0
package/dist/relationships/populate-helpers.d.ts +5 -51
package/dist/relationships/populate-helpers.d.ts.map +1 -1
package/dist/relationships/populate-helpers.js +4 -109
package/dist/relationships/population.d.ts +1 -9
package/dist/relationships/population.d.ts.map +1 -1
package/dist/relationships/population.js +8 -3
package/dist/revealui.d.ts.map +1 -1
package/dist/richtext/exports/client/rcc.d.ts.map +1 -1
package/dist/richtext/exports/client/rcc.js +1 -1
package/dist/richtext/exports/server/rsc.d.ts +17 -0
package/dist/richtext/exports/server/rsc.d.ts.map +1 -1
package/dist/richtext/exports/server/rsc.js +61 -5
package/dist/richtext/index.d.ts.map +1 -1
package/dist/richtext/lexical.d.ts.map +1 -1
package/dist/security/audit.d.ts +1 -1
package/dist/security/audit.d.ts.map +1 -1
package/dist/security/audit.js +4 -2
package/dist/security/auth.d.ts +29 -160
package/dist/security/auth.d.ts.map +1 -1
package/dist/security/auth.js +148 -367
package/dist/security/authorization.d.ts +7 -31
package/dist/security/authorization.d.ts.map +1 -1
package/dist/security/authorization.js +72 -14
package/dist/security/encryption.d.ts +56 -44
package/dist/security/encryption.d.ts.map +1 -1
package/dist/security/encryption.js +113 -96
package/dist/security/gdpr-storage.d.ts +102 -0
package/dist/security/gdpr-storage.d.ts.map +1 -0
package/dist/security/gdpr-storage.js +65 -0
package/dist/security/gdpr.d.ts +57 -37
package/dist/security/gdpr.d.ts.map +1 -1
package/dist/security/gdpr.js +155 -89
package/dist/security/headers.d.ts +4 -2
package/dist/security/headers.d.ts.map +1 -1
package/dist/security/headers.js +35 -17
package/dist/security/index.d.ts +3 -16
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +3 -16
package/dist/server/index.d.ts.map +1 -1
package/dist/server/renderPage.d.ts.map +1 -1
package/dist/storage/index.d.ts +1 -0
package/dist/storage/index.d.ts.map +1 -1
package/dist/storage/index.js +2 -4
package/dist/storage/vercel-blob.d.ts.map +1 -1
package/dist/translations/index.d.ts.map +1 -1
package/dist/types/access.d.ts.map +1 -1
package/dist/types/api.d.ts.map +1 -1
package/dist/types/cms.d.ts.map +1 -1
package/dist/types/config.d.ts.map +1 -1
package/dist/types/core.d.ts.map +1 -1
package/dist/types/extensions.d.ts.map +1 -1
package/dist/types/frontend.d.ts.map +1 -1
package/dist/types/generated.d.ts.map +1 -1
package/dist/types/hooks.d.ts.map +1 -1
package/dist/types/index.d.ts +1 -1
package/dist/types/index.d.ts.map +1 -1
package/dist/types/interfaces/app.d.ts.map +1 -1
package/dist/types/jobs.d.ts.map +1 -1
package/dist/types/legacy.d.ts.map +1 -1
package/dist/types/plugins.d.ts.map +1 -1
package/dist/types/query.d.ts.map +1 -1
package/dist/types/request.d.ts.map +1 -1
package/dist/types/richtext.d.ts.map +1 -1
package/dist/types/runtime.d.ts +59 -1
package/dist/types/runtime.d.ts.map +1 -1
package/dist/types/schema.d.ts.map +1 -1
package/dist/types/user.d.ts.map +1 -1
package/dist/utils/access-conversion.d.ts.map +1 -1
package/dist/utils/api-wrapper.d.ts.map +1 -1
package/dist/utils/api-wrapper.js +1 -1
package/dist/utils/block-conversion.d.ts.map +1 -1
package/dist/utils/cache.d.ts.map +1 -1
package/dist/utils/deep-clone.js +0 -1
package/dist/utils/error-responses.d.ts.map +1 -1
package/dist/utils/errors.d.ts +36 -0
package/dist/utils/errors.d.ts.map +1 -1
package/dist/utils/errors.js +103 -0
package/dist/utils/field-conversion.d.ts +1 -1
package/dist/utils/field-conversion.d.ts.map +1 -1
package/dist/utils/flattenResult.d.ts.map +1 -1
package/dist/utils/flattenResult.js +0 -1
package/dist/utils/getBlockSelect.d.ts.map +1 -1
package/dist/utils/getSelectMode.d.ts.map +1 -1
package/dist/utils/isValidID.d.ts.map +1 -1
package/dist/utils/json-parsing.d.ts.map +1 -1
package/dist/utils/logger-client.d.ts.map +1 -1
package/dist/utils/logger-server.d.ts.map +1 -1
package/dist/utils/logger.d.ts.map +1 -1
package/dist/utils/request-context.d.ts.map +1 -1
package/dist/utils/stripUnselectedFields.d.ts.map +1 -1
package/dist/utils/type-guards.d.ts.map +1 -1
package/package.json +39 -7

package/dist/security/authorization.js CHANGED Viewed

@@ -192,35 +192,73 @@ export class AuthorizationSystem {
  */
 export const authorization = new AuthorizationSystem();
 /**
- * Common roles
+ * Common roles — aligned with DB schema (`users.role` column)
+ * and `UserRoleSchema` in @revealui/contracts.
+ *
+ * Values: owner | admin | editor | viewer | agent | contributor
  */
 export const CommonRoles = {
+    owner: {
+        id: 'owner',
+        name: 'Owner',
+        description: 'Full control — inherits admin',
+        permissions: [{ resource: '*', action: '*' }],
+        inherits: ['admin'],
+    },
     admin: {
         id: 'admin',
         name: 'Administrator',
         description: 'Full system access',
         permissions: [{ resource: '*', action: '*' }],
     },
-    user: {
-        id: 'user',
-        name: 'User',
-        description: 'Standard user access',
+    editor: {
+        id: 'editor',
+        name: 'Editor',
+        description: 'Can read and modify content',
         permissions: [
+            { resource: 'content', action: 'read' },
+            { resource: 'content', action: 'create' },
+            { resource: 'content', action: 'update' },
             { resource: 'profile', action: 'read' },
             { resource: 'profile', action: 'update' },
-            { resource: 'posts', action: 'read' },
-            { resource: 'posts', action: 'create' },
+            { resource: 'sites', action: 'read' },
+            { resource: 'marketplace', action: 'read' },
         ],
     },
-    guest: {
-        id: 'guest',
-        name: 'Guest',
-        description: 'Public access',
+    viewer: {
+        id: 'viewer',
+        name: 'Viewer',
+        description: 'Read-only access',
         permissions: [
-            { resource: 'posts', action: 'read' },
+            { resource: 'content', action: 'read' },
+            { resource: 'profile', action: 'read' },
+            { resource: 'sites', action: 'read' },
             { resource: 'public', action: 'read' },
         ],
     },
+    agent: {
+        id: 'agent',
+        name: 'AI Agent',
+        description: 'Can execute tasks and read content',
+        permissions: [
+            { resource: 'tasks', action: 'create' },
+            { resource: 'tasks', action: 'read' },
+            { resource: 'content', action: 'read' },
+            { resource: 'rag', action: 'read' },
+            { resource: 'rag', action: 'create' },
+        ],
+    },
+    contributor: {
+        id: 'contributor',
+        name: 'Contributor',
+        description: 'Can suggest changes — create drafts but not publish or delete',
+        permissions: [
+            { resource: 'content', action: 'read' },
+            { resource: 'content', action: 'create' },
+            { resource: 'profile', action: 'read' },
+            { resource: 'profile', action: 'update' },
+        ],
+    },
 };
 /**
  * Permission builder
@@ -375,9 +413,11 @@ export function checkAttributeAccess(context, resource, action, requiredAttribut
 export class PermissionCache {
     cache = new Map();
     ttl;
-    constructor(ttl = 300000) {
-        // 5 minutes default
+    maxEntries;
+    constructor(ttl = 300000, maxEntries = 10_000) {
+        // 5 minutes default, 10k max entries
         this.ttl = ttl;
+        this.maxEntries = maxEntries;
     }
     /**
      * Get cached permission
@@ -400,6 +440,24 @@ export class PermissionCache {
      */
     set(userId, resource, action, allowed) {
         const key = this.getCacheKey(userId, resource, action);
+        // Evict expired entries when approaching max size
+        if (this.cache.size >= this.maxEntries) {
+            const now = Date.now();
+            for (const [k, v] of this.cache) {
+                if (now > v.expiresAt)
+                    this.cache.delete(k);
+            }
+            // If still over limit after purge, drop oldest entries (FIFO via Map insertion order)
+            if (this.cache.size >= this.maxEntries) {
+                const excess = this.cache.size - this.maxEntries + 1;
+                const keys = this.cache.keys();
+                for (let i = 0; i < excess; i++) {
+                    const next = keys.next();
+                    if (!next.done)
+                        this.cache.delete(next.value);
+                }
+            }
+        }
         this.cache.set(key, {
             allowed,
             expiresAt: Date.now() + this.ttl,

package/dist/security/encryption.d.ts CHANGED Viewed

@@ -4,7 +4,7 @@
  * Data encryption for at-rest and in-transit protection
  */
 export interface EncryptionConfig {
-    algorithm: 'AES-GCM' | 'AES-CBC' | 'AES-CTR';
+    algorithm: 'AES-GCM' | 'AES-CTR';
     keySize: 128 | 192 | 256;
     ivSize?: number;
 }
@@ -125,6 +125,7 @@ export declare class KeyRotationManager {
     private encryption;
     private currentKeyId;
     private oldKeys;
+    private keyCreationDates;
     constructor(encryption: EncryptionSystem, initialKeyId: string);
     /**
      * Rotate to new key
@@ -139,9 +140,10 @@ export declare class KeyRotationManager {
      */
     getCurrentKeyId(): string;
     /**
-     * Clean up old keys
+     * Clean up old keys created before the specified date.
+     * Never removes the current active key.
      */
-    cleanupOldKeys(_olderThan: Date): void;
+    cleanupOldKeys(olderThan: Date): void;
 }
 /**
  * Envelope encryption for large data
@@ -167,48 +169,58 @@ export declare class EnvelopeEncryption {
 /**
  * Data masking utilities
  */
-export declare class DataMasking {
-    /**
-     * Mask email
-     */
-    static maskEmail(email: string): string;
-    /**
-     * Mask phone number
-     */
-    static maskPhone(phone: string): string;
-    /**
-     * Mask credit card
-     */
-    static maskCreditCard(card: string): string;
-    /**
-     * Mask SSN
-     */
-    static maskSSN(ssn: string): string;
-    /**
-     * Mask string (keep first and last character)
-     */
-    static maskString(str: string, keepChars?: number): string;
-}
+/**
+ * Mask email
+ */
+declare function maskEmail(email: string): string;
+/**
+ * Mask phone number
+ */
+declare function maskPhone(phone: string): string;
+/**
+ * Mask credit card
+ */
+declare function maskCreditCard(card: string): string;
+/**
+ * Mask SSN
+ */
+declare function maskSSN(ssn: string): string;
+/**
+ * Mask string (keep first and last character)
+ */
+declare function maskString(str: string, keepChars?: number): string;
+export declare const DataMasking: {
+    readonly maskEmail: typeof maskEmail;
+    readonly maskPhone: typeof maskPhone;
+    readonly maskCreditCard: typeof maskCreditCard;
+    readonly maskSSN: typeof maskSSN;
+    readonly maskString: typeof maskString;
+};
 /**
  * Secure random token generator
  */
-export declare class TokenGenerator {
-    /**
-     * Generate secure token. `length` is the number of random bytes;
-     * the returned string is hex-encoded, so it will be `length * 2` characters.
-     */
-    static generate(length?: number): string;
-    /**
-     * Generate UUID v4
-     */
-    static generateUUID(): string;
-    /**
-     * Generate API key
-     */
-    static generateAPIKey(prefix?: string): string;
-    /**
-     * Generate session ID
-     */
-    static generateSessionID(): string;
-}
+/**
+ * Generate secure token. `length` is the number of random bytes;
+ * the returned string is hex-encoded, so it will be `length * 2` characters.
+ */
+declare function generateToken(length?: number): string;
+/**
+ * Generate UUID v4
+ */
+declare function generateUUID(): string;
+/**
+ * Generate API key
+ */
+declare function generateAPIKey(prefix?: string): string;
+/**
+ * Generate session ID
+ */
+declare function generateSessionID(): string;
+export declare const TokenGenerator: {
+    readonly generate: typeof generateToken;
+    readonly generateUUID: typeof generateUUID;
+    readonly generateAPIKey: typeof generateAPIKey;
+    readonly generateSessionID: typeof generateSessionID;
+};
+export {};
 //# sourceMappingURL=encryption.d.ts.map

package/dist/security/encryption.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/security/encryption.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,SAAS,GAAG,SAAS,~~GAAG,SAAS,CAAA~~;~~IAC5C~~,OAAO,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,~~CAAA~~;~~IACxB~~,MAAM,CAAC,EAAE,MAAM,~~CAAA~~;~~CAChB~~;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,~~CAAA~~;~~IACZ~~,EAAE,EAAE,MAAM,~~CAAA~~;~~IACV~~,GAAG,CAAC,EAAE,MAAM,~~CAAA~~;~~IACZ~~,SAAS,EAAE,MAAM,~~CAAA~~;~~CAClB~~;AAQD;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,~~CAAkB~~;~~IAChC~~,OAAO,CAAC,IAAI,~~CAAoC~~;~~gBAEpC~~,MAAM,GAAE,OAAO,CAAC,gBAAgB,CAAM;IAIlD;;OAEG;IACG,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAsBrD;;OAEG;IACG,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAwBzE;;OAEG;IACG,SAAS,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC;IASrD;;OAEG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAyChF;;OAEG;IACG,OAAO,CAAC,aAAa,EAAE,aAAa,EAAE,OAAO,EAAE,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgCzF;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnD,GAAG,EAAE,CAAC,EACN,OAAO,EAAE,SAAS,GAAG,MAAM,GAC1B,OAAO,CAAC,aAAa,CAAC;IAKzB;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnD,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,SAAS,GAAG,MAAM,GAC1B,OAAO,CAAC,CAAC,CAAC;IAKb;;OAEG;IACG,IAAI,CACR,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,SAAS,GAAG,SAAS,GAAG,SAAqB,GACvD,OAAO,CAAC,MAAM,CAAC;IAalB;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU;IASvC;;OAEG;IACH,YAAY,CACV,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,MAAyE,GACjF,MAAM;IAiBT;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAe3B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmB3B;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,GAAG,IAAI;IAI7C;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI5C;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI9B;;OAEG;IACH,SAAS,IAAI,IAAI;CAGlB;AAED;;GAEG;AACH,eAAO,MAAM,UAAU,kBAAyB,~~CAAA~~;~~AAEhD~~;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,UAAU,~~CAAkB~~;~~IACpC~~,OAAO,CAAC,GAAG,~~CAAyB~~;~~gBAExB~~,UAAU,EAAE,gBAAgB;IAIxC;;OAEG;IACG,UAAU,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C;;OAEG;IACG,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;IAS1D;;OAEG;IACG,YAAY,CAAC,aAAa,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAelE;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC;IAY/F;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC;CAchG;AAED;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,UAAU,~~CAAkB~~;~~IACpC~~,OAAO,CAAC,YAAY,~~CAAQ~~;~~IAC5B~~,OAAO,CAAC,OAAO,~~CAAoC~~;~~gBAEvC~~,UAAU,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM;~~IAK9D~~;;OAEG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;~~IAYhE~~;;OAEG;IACG,SAAS,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAgBvF;;OAEG;IACH,eAAe,IAAI,MAAM;IAIzB~~;;OAEG~~;IACH,cAAc,CAAC,~~UAAU~~,EAAE,IAAI,GAAG,IAAI;~~CAKvC~~;AAED;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,UAAU,~~CAAkB~~;~~IACpC~~,OAAO,CAAC,SAAS,~~CAAW~~;~~gBAEhB~~,UAAU,EAAE,gBAAgB,EAAE,SAAS,EAAE,SAAS;IAK9D;;OAEG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QACnC,aAAa,EAAE,aAAa,~~CAAA~~;~~QAC5B~~,YAAY,EAAE,aAAa,~~CAAA~~;~~KAC5B~~,CAAC;IAiBF;;OAEG;IACG,OAAO,CAAC,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAYzF,OAAO,CAAC,mBAAmB;IAQ3B,OAAO,CAAC,mBAAmB;CAS5B;AAED;;GAEG;~~AACH,qBAAa,WAAW;IACtB~~;;~~OAEG~~;~~IACH~~,~~MAAM~~,~~CAAC,~~SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;~~IAYvC~~;;~~OAEG~~;~~IACH~~,~~MAAM~~,~~CAAC,~~SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;~~IAavC~~;;~~OAEG~~;~~IACH~~,~~MAAM~~,~~CAAC,~~cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;~~IAQ3C~~;;~~OAEG~~;~~IACH~~,~~MAAM~~,~~CAAC,~~OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;~~IAOnC~~;;~~OAEG~~;~~IACH~~,~~MAAM~~,~~CAAC,~~UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,GAAE,MAAU,GAAG,MAAM;~~CAW9D~~;~~AAED~~;;GAEG;~~AACH,qBAAa,cAAc;IACzB~~;;;~~OAGG~~;~~IACH~~,~~MAAM~~,~~CAAC~~,~~QAAQ,~~CAAC,MAAM,GAAE,MAAW,GAAG,MAAM;~~IAO5C~~;;~~OAEG~~;~~IACH~~,~~MAAM~~,~~CAAC,~~YAAY,IAAI,MAAM;~~IAS7B~~;;~~OAEG~~;~~IACH~~,~~MAAM~~,~~CAAC,~~cAAc,CAAC,MAAM,GAAE,MAAa,GAAG,MAAM;~~IAKpD~~;;~~OAEG~~;~~IACH~~,~~MAAM~~,~~CAAC,~~iBAAiB,IAAI,MAAM;~~CAGnC~~"}
1	+ {"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/security/encryption.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,SAAS,GAAG,SAAS,CAAC;IACjC,OAAO,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAQD;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,IAAI,CAAqC;gBAErC,MAAM,GAAE,OAAO,CAAC,gBAAgB,CAAM;IAIlD;;OAEG;IACG,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAsBrD;;OAEG;IACG,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAwBzE;;OAEG;IACG,SAAS,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC;IASrD;;OAEG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAyChF;;OAEG;IACG,OAAO,CAAC,aAAa,EAAE,aAAa,EAAE,OAAO,EAAE,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgCzF;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnD,GAAG,EAAE,CAAC,EACN,OAAO,EAAE,SAAS,GAAG,MAAM,GAC1B,OAAO,CAAC,aAAa,CAAC;IAKzB;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnD,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,SAAS,GAAG,MAAM,GAC1B,OAAO,CAAC,CAAC,CAAC;IAKb;;OAEG;IACG,IAAI,CACR,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,SAAS,GAAG,SAAS,GAAG,SAAqB,GACvD,OAAO,CAAC,MAAM,CAAC;IAalB;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU;IASvC;;OAEG;IACH,YAAY,CACV,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,MAAyE,GACjF,MAAM;IAiBT;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAe3B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmB3B;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,GAAG,IAAI;IAI7C;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI5C;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI9B;;OAEG;IACH,SAAS,IAAI,IAAI;CAGlB;AAED;;GAEG;AACH,eAAO,MAAM,UAAU,kBAAyB,CAAC;AAEjD;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,GAAG,CAA0B;gBAEzB,UAAU,EAAE,gBAAgB;IAIxC;;OAEG;IACG,UAAU,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C;;OAEG;IACG,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;IAS1D;;OAEG;IACG,YAAY,CAAC,aAAa,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAelE;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC;IAY/F;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC;CAchG;AAED;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,OAAO,CAAqC;IACpD,OAAO,CAAC,gBAAgB,CAAgC;gBAE5C,UAAU,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM;IAM9D;;OAEG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAahE;;OAEG;IACG,SAAS,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAgBvF;;OAEG;IACH,eAAe,IAAI,MAAM;IAIzB;;;OAGG;IACH,cAAc,CAAC,SAAS,EAAE,IAAI,GAAG,IAAI;CAStC;AAED;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,SAAS,CAAY;gBAEjB,UAAU,EAAE,gBAAgB,EAAE,SAAS,EAAE,SAAS;IAK9D;;OAEG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QACnC,aAAa,EAAE,aAAa,CAAC;QAC7B,YAAY,EAAE,aAAa,CAAC;KAC7B,CAAC;IAiBF;;OAEG;IACG,OAAO,CAAC,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAYzF,OAAO,CAAC,mBAAmB;IAQ3B,OAAO,CAAC,mBAAmB;CAS5B;AAED;;GAEG;AAEH;;GAEG;AACH,iBAAS,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAUxC;AAED;;GAEG;AACH,iBAAS,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAWxC;AAED;;GAEG;AACH,iBAAS,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAM5C;AAED;;GAEG;AACH,iBAAS,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAKpC;AAED;;GAEG;AACH,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,GAAE,MAAU,GAAG,MAAM,CAU9D;AAED,eAAO,MAAM,WAAW;;;;;;CAMd,CAAC;AAEX;;GAEG;AAEH;;;GAGG;AACH,iBAAS,aAAa,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAKlD;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,MAAM,CAO9B;AAED;;GAEG;AACH,iBAAS,cAAc,CAAC,MAAM,GAAE,MAAa,GAAG,MAAM,CAGrD;AAED;;GAEG;AACH,iBAAS,iBAAiB,IAAI,MAAM,CAEnC;AAED,eAAO,MAAM,cAAc;;;;;CAKjB,CAAC"}

package/dist/security/encryption.js CHANGED Viewed

@@ -315,9 +315,11 @@ export class KeyRotationManager {
     encryption;
     currentKeyId;
     oldKeys = new Map();
+    keyCreationDates = new Map();
     constructor(encryption, initialKeyId) {
         this.encryption = encryption;
         this.currentKeyId = initialKeyId;
+        this.keyCreationDates.set(initialKeyId, new Date());
     }
     /**
      * Rotate to new key
@@ -331,6 +333,7 @@ export class KeyRotationManager {
         // Set new key
         this.encryption.storeKey(newKeyId, newKey);
         this.currentKeyId = newKeyId;
+        this.keyCreationDates.set(newKeyId, new Date());
     }
     /**
      * Re-encrypt data with new key
@@ -354,12 +357,17 @@ export class KeyRotationManager {
         return this.currentKeyId;
     }
     /**
-     * Clean up old keys
+     * Clean up old keys created before the specified date.
+     * Never removes the current active key.
      */
-    cleanupOldKeys(_olderThan) {
-        // In a real implementation, you'd track key creation dates
-        // and remove keys older than the specified date
-        this.oldKeys.clear();
+    cleanupOldKeys(olderThan) {
+        for (const [keyId, createdAt] of this.keyCreationDates.entries()) {
+            if (keyId !== this.currentKeyId && createdAt < olderThan) {
+                this.oldKeys.delete(keyId);
+                this.encryption.removeKey(keyId);
+                this.keyCreationDates.delete(keyId);
+            }
+        }
     }
 }
 /**
@@ -418,100 +426,109 @@ export class EnvelopeEncryption {
 /**
  * Data masking utilities
  */
-export class DataMasking {
-    /**
-     * Mask email
-     */
-    static maskEmail(email) {
-        const [local, domain] = email.split('@');
-        if (!(local && domain))
-            return email;
-        const maskedLocal = local.length > 2
-            ? local[0] + '*'.repeat(local.length - 2) + local[local.length - 1]
-            : `${local[0]}*`;
-        return `${maskedLocal}@${domain}`;
-    }
-    /**
-     * Mask phone number
-     */
-    static maskPhone(phone) {
-        const digits = phone.replace(/\D/g, '');
-        if (digits.length < 4)
-            return phone;
-        const lastFour = digits.slice(-4);
-        const masked = '*'.repeat(digits.length - 4) + lastFour;
-        return phone.replace(/\d/g, (char, index) => {
-            const digitIndex = phone.slice(0, index + 1).replace(/\D/g, '').length - 1;
-            return masked[digitIndex] || char;
-        });
-    }
-    /**
-     * Mask credit card
-     */
-    static maskCreditCard(card) {
-        const digits = card.replace(/\D/g, '');
-        if (digits.length < 4)
-            return card;
-        const lastFour = digits.slice(-4);
-        return `****-****-****-${lastFour}`;
-    }
-    /**
-     * Mask SSN
-     */
-    static maskSSN(ssn) {
-        const digits = ssn.replace(/\D/g, '');
-        if (digits.length !== 9)
-            return ssn;
-        return `***-**-${digits.slice(-4)}`;
-    }
-    /**
-     * Mask string (keep first and last character)
-     */
-    static maskString(str, keepChars = 1) {
-        if (str.length <= keepChars * 2) {
-            return '*'.repeat(str.length);
-        }
-        const prefix = str.slice(0, keepChars);
-        const suffix = str.slice(-keepChars);
-        const masked = '*'.repeat(str.length - keepChars * 2);
-        return `${prefix}${masked}${suffix}`;
-    }
+/**
+ * Mask email
+ */
+function maskEmail(email) {
+    const [local, domain] = email.split('@');
+    if (!(local && domain))
+        return email;
+    const maskedLocal = local.length > 2
+        ? local[0] + '*'.repeat(local.length - 2) + local[local.length - 1]
+        : `${local[0]}*`;
+    return `${maskedLocal}@${domain}`;
+}
+/**
+ * Mask phone number
+ */
+function maskPhone(phone) {
+    const digits = phone.replace(/\D/g, '');
+    if (digits.length < 4)
+        return phone;
+    const lastFour = digits.slice(-4);
+    const masked = '*'.repeat(digits.length - 4) + lastFour;
+    return phone.replace(/\d/g, (char, index) => {
+        const digitIndex = phone.slice(0, index + 1).replace(/\D/g, '').length - 1;
+        return masked[digitIndex] || char;
+    });
+}
+/**
+ * Mask credit card
+ */
+function maskCreditCard(card) {
+    const digits = card.replace(/\D/g, '');
+    if (digits.length < 4)
+        return card;
+    const lastFour = digits.slice(-4);
+    return `****-****-****-${lastFour}`;
+}
+/**
+ * Mask SSN
+ */
+function maskSSN(ssn) {
+    const digits = ssn.replace(/\D/g, '');
+    if (digits.length !== 9)
+        return ssn;
+    return `***-**-${digits.slice(-4)}`;
+}
+/**
+ * Mask string (keep first and last character)
+ */
+function maskString(str, keepChars = 1) {
+    if (str.length <= keepChars * 2) {
+        return '*'.repeat(str.length);
+    }
+    const prefix = str.slice(0, keepChars);
+    const suffix = str.slice(-keepChars);
+    const masked = '*'.repeat(str.length - keepChars * 2);
+    return `${prefix}${masked}${suffix}`;
 }
+export const DataMasking = {
+    maskEmail,
+    maskPhone,
+    maskCreditCard,
+    maskSSN,
+    maskString,
+};
 /**
  * Secure random token generator
  */
-export class TokenGenerator {
-    /**
-     * Generate secure token. `length` is the number of random bytes;
-     * the returned string is hex-encoded, so it will be `length * 2` characters.
-     */
-    static generate(length = 32) {
-        const bytes = encryption.randomBytes(length);
-        return Array.from(bytes)
-            .map((b) => b.toString(16).padStart(2, '0'))
-            .join('');
-    }
-    /**
-     * Generate UUID v4
-     */
-    static generateUUID() {
-        const crypto = globalThis.crypto;
-        if (!crypto) {
-            throw new Error('Crypto API not available');
-        }
-        return crypto.randomUUID();
-    }
-    /**
-     * Generate API key
-     */
-    static generateAPIKey(prefix = 'sk') {
-        const token = TokenGenerator.generate(32);
-        return `${prefix}_${token}`;
-    }
-    /**
-     * Generate session ID
-     */
-    static generateSessionID() {
-        return TokenGenerator.generate(64);
+/**
+ * Generate secure token. `length` is the number of random bytes;
+ * the returned string is hex-encoded, so it will be `length * 2` characters.
+ */
+function generateToken(length = 32) {
+    const bytes = encryption.randomBytes(length);
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * Generate UUID v4
+ */
+function generateUUID() {
+    const crypto = globalThis.crypto;
+    if (!crypto) {
+        throw new Error('Crypto API not available');
     }
+    return crypto.randomUUID();
 }
+/**
+ * Generate API key
+ */
+function generateAPIKey(prefix = 'sk') {
+    const token = generateToken(32);
+    return `${prefix}_${token}`;
+}
+/**
+ * Generate session ID
+ */
+function generateSessionID() {
+    return generateToken(64);
+}
+export const TokenGenerator = {
+    generate: generateToken,
+    generateUUID,
+    generateAPIKey,
+    generateSessionID,
+};

package/dist/security/gdpr-storage.d.ts ADDED Viewed

@@ -0,0 +1,102 @@
+/**
+ * GDPR Storage Abstraction
+ *
+ * Record-oriented storage interface for GDPR compliance data.
+ * Provides a clean seam for replacing the default in-memory implementation
+ * with a database-backed store in production.
+ */
+import type { ConsentRecord, ConsentType, DataBreach, DataDeletionRequest } from './gdpr.js';
+/**
+ * Storage interface for GDPR consent records and deletion requests.
+ *
+ * All methods are async to support database-backed implementations.
+ * The default `InMemoryGDPRStorage` is suitable for testing and development
+ * but must be replaced with a persistent store for production use.
+ */
+export interface GDPRStorage {
+    /**
+     * Store or update a consent record, keyed by `userId:consentType`.
+     */
+    setConsent(userId: string, type: ConsentType, record: ConsentRecord): Promise<void>;
+    /**
+     * Retrieve a consent record by user and type. Returns `undefined` if not found.
+     */
+    getConsent(userId: string, type: ConsentType): Promise<ConsentRecord | undefined>;
+    /**
+     * Retrieve all consent records for a given user.
+     */
+    getConsentsByUser(userId: string): Promise<ConsentRecord[]>;
+    /**
+     * Retrieve every consent record in storage (used for aggregate statistics).
+     */
+    getAllConsents(): Promise<ConsentRecord[]>;
+    /**
+     * Store a deletion request, keyed by its `id`.
+     */
+    setDeletionRequest(request: DataDeletionRequest): Promise<void>;
+    /**
+     * Retrieve a deletion request by ID. Returns `undefined` if not found.
+     */
+    getDeletionRequest(requestId: string): Promise<DataDeletionRequest | undefined>;
+    /**
+     * Retrieve all deletion requests for a given user.
+     */
+    getDeletionRequestsByUser(userId: string): Promise<DataDeletionRequest[]>;
+}
+/**
+ * Storage interface for data breach records.
+ *
+ * All methods are async to support database-backed implementations.
+ * The default `InMemoryBreachStorage` is suitable for testing and development
+ * but must be replaced with a persistent store for production GDPR compliance.
+ */
+export interface BreachStorage {
+    /**
+     * Store a data breach record.
+     */
+    setBreach(breach: DataBreach): Promise<void>;
+    /**
+     * Retrieve a breach by ID. Returns `undefined` if not found.
+     */
+    getBreach(id: string): Promise<DataBreach | undefined>;
+    /**
+     * Retrieve all breach records.
+     */
+    getAllBreaches(): Promise<DataBreach[]>;
+    /**
+     * Update an existing breach record (e.g., status change, add mitigation).
+     */
+    updateBreach(id: string, updates: Partial<DataBreach>): Promise<void>;
+}
+/**
+ * In-memory implementation of `BreachStorage`.
+ *
+ * WARNING: All data is lost on process restart or serverless cold start.
+ * GDPR requires breach records be retained — use database-backed storage in production.
+ */
+export declare class InMemoryBreachStorage implements BreachStorage {
+    private breaches;
+    setBreach(breach: DataBreach): Promise<void>;
+    getBreach(id: string): Promise<DataBreach | undefined>;
+    getAllBreaches(): Promise<DataBreach[]>;
+    updateBreach(id: string, updates: Partial<DataBreach>): Promise<void>;
+}
+/**
+ * In-memory implementation of `GDPRStorage`.
+ *
+ * WARNING: All data is lost on process restart or serverless cold start.
+ * Use this only for development, testing, or as a reference implementation.
+ * Production deployments MUST supply a database-backed `GDPRStorage`.
+ */
+export declare class InMemoryGDPRStorage implements GDPRStorage {
+    private consents;
+    private deletionRequests;
+    setConsent(userId: string, type: ConsentType, record: ConsentRecord): Promise<void>;
+    getConsent(userId: string, type: ConsentType): Promise<ConsentRecord | undefined>;
+    getConsentsByUser(userId: string): Promise<ConsentRecord[]>;
+    getAllConsents(): Promise<ConsentRecord[]>;
+    setDeletionRequest(request: DataDeletionRequest): Promise<void>;
+    getDeletionRequest(requestId: string): Promise<DataDeletionRequest | undefined>;
+    getDeletionRequestsByUser(userId: string): Promise<DataDeletionRequest[]>;
+}
+//# sourceMappingURL=gdpr-storage.d.ts.map

package/dist/security/gdpr-storage.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gdpr-storage.d.ts","sourceRoot":"","sources":["../../src/security/gdpr-storage.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAE7F;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAG1B;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpF;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CAAC;IAElF;;OAEG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAE5D;;OAEG;IACH,cAAc,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAI3C;;OAEG;IACH,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhE;;OAEG;IACH,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC,CAAC;IAEhF;;OAEG;IACH,yBAAyB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAAC;CAC3E;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7C;;OAEG;IACH,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC,CAAC;IAEvD;;OAEG;IACH,cAAc,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAExC;;OAEG;IACH,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACvE;AAED;;;;;GAKG;AACH,qBAAa,qBAAsB,YAAW,aAAa;IACzD,OAAO,CAAC,QAAQ,CAAsC;IAEhD,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5C,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;IAItD,cAAc,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAIvC,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;CAM5E;AAED;;;;;;GAMG;AACH,qBAAa,mBAAoB,YAAW,WAAW;IACrD,OAAO,CAAC,QAAQ,CAAyC;IACzD,OAAO,CAAC,gBAAgB,CAA+C;IAIjE,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAInF,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC;IAIjF,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAI3D,cAAc,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAM1C,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/D,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC;IAI/E,yBAAyB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;CAGhF"}