@revealui/core 0.3.0 → 0.5.2

package/dist/security/encryption.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/security/encryption.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,SAAS,GAAG,SAAS,CAAC;IACjC,OAAO,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAQD;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,IAAI,CAAqC;gBAErC,MAAM,GAAE,OAAO,CAAC,gBAAgB,CAAM;IAIlD;;OAEG;IACG,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAsBrD;;OAEG;IACG,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAwBzE;;OAEG;IACG,SAAS,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC;IASrD;;OAEG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAyChF;;OAEG;IACG,OAAO,CAAC,aAAa,EAAE,aAAa,EAAE,OAAO,EAAE,SAAS,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgCzF;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnD,GAAG,EAAE,CAAC,EACN,OAAO,EAAE,SAAS,GAAG,MAAM,GAC1B,OAAO,CAAC,aAAa,CAAC;IAKzB;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnD,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,SAAS,GAAG,MAAM,GAC1B,OAAO,CAAC,CAAC,CAAC;IAKb;;OAEG;IACG,IAAI,CACR,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,SAAS,GAAG,SAAS,GAAG,SAAqB,GACvD,OAAO,CAAC,MAAM,CAAC;IAalB;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU;IASvC;;OAEG;IACH,YAAY,CACV,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,MAAyE,GACjF,MAAM;IAiBT;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAe3B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmB3B;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,GAAG,IAAI;IAI7C;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI5C;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI9B;;OAEG;IACH,SAAS,IAAI,IAAI;CAGlB;AAED;;GAEG;AACH,eAAO,MAAM,UAAU,kBAAyB,CAAC;AAEjD;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,GAAG,CAA0B;gBAEzB,UAAU,EAAE,gBAAgB;IAIxC;;OAEG;IACG,UAAU,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C;;OAEG;IACG,YAAY,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;IAS1D;;OAEG;IACG,YAAY,CAAC,aAAa,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAelE;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC;IAY/F;;OAEG;IACG,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC;CAchG;AAED;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,OAAO,CAAqC;IACpD,OAAO,CAAC,gBAAgB,CAAgC;gBAE5C,UAAU,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM;IAM9D;;OAEG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAahE;;OAEG;IACG,SAAS,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAgBvF;;OAEG;IACH,eAAe,IAAI,MAAM;IAIzB;;;OAGG;IACH,cAAc,CAAC,SAAS,EAAE,IAAI,GAAG,IAAI;CAStC;AAED;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,UAAU,CAAmB;IACrC,OAAO,CAAC,SAAS,CAAY;gBAEjB,UAAU,EAAE,gBAAgB,EAAE,SAAS,EAAE,SAAS;IAK9D;;OAEG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QACnC,aAAa,EAAE,aAAa,CAAC;QAC7B,YAAY,EAAE,aAAa,CAAC;KAC7B,CAAC;IAiBF;;OAEG;IACG,OAAO,CAAC,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAYzF,OAAO,CAAC,mBAAmB;IAQ3B,OAAO,CAAC,mBAAmB;CAS5B;AAED;;GAEG;AAEH;;GAEG;AACH,iBAAS,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAUxC;AAED;;GAEG;AACH,iBAAS,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAWxC;AAED;;GAEG;AACH,iBAAS,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAM5C;AAED;;GAEG;AACH,iBAAS,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAKpC;AAED;;GAEG;AACH,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,GAAE,MAAU,GAAG,MAAM,CAU9D;AAED,eAAO,MAAM,WAAW;;;;;;CAMd,CAAC;AAEX;;GAEG;AAEH;;;GAGG;AACH,iBAAS,aAAa,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAKlD;AAED;;GAEG;AACH,iBAAS,YAAY,IAAI,MAAM,CAO9B;AAED;;GAEG;AACH,iBAAS,cAAc,CAAC,MAAM,GAAE,MAAa,GAAG,MAAM,CAGrD;AAED;;GAEG;AACH,iBAAS,iBAAiB,IAAI,MAAM,CAEnC;AAED,eAAO,MAAM,cAAc;;;;;CAKjB,CAAC"}

package/dist/security/encryption.js

@@ -1,534 +0,0 @@
-/**
- * Encryption Utilities
- *
- * Data encryption for at-rest and in-transit protection
- */
-const DEFAULT_CONFIG = {
-    algorithm: 'AES-GCM',
-    keySize: 256,
-    ivSize: 12,
-};
-/**
- * Encryption system
- */
-export class EncryptionSystem {
-    config;
-    keys = new Map();
-    constructor(config = {}) {
-        this.config = { ...DEFAULT_CONFIG, ...config };
-    }
-    /**
-     * Generate encryption key
-     */
-    async generateKey(keyId) {
-        const crypto = globalThis.crypto;
-        if (!crypto) {
-            throw new Error('Crypto API not available');
-        }
-        const key = await crypto.subtle.generateKey({
-            name: this.config.algorithm,
-            length: this.config.keySize,
-        }, true, // extractable
-        ['encrypt', 'decrypt']);
-        if (keyId) {
-            this.keys.set(keyId, key);
-        }
-        return key;
-    }
-    /**
-     * Import key from raw data
-     */
-    async importKey(keyData, keyId) {
-        const crypto = globalThis.crypto;
-        if (!crypto) {
-            throw new Error('Crypto API not available');
-        }
-        const key = await crypto.subtle.importKey('raw', keyData, {
-            name: this.config.algorithm,
-            length: this.config.keySize,
-        }, true, ['encrypt', 'decrypt']);
-        if (keyId) {
-            this.keys.set(keyId, key);
-        }
-        return key;
-    }
-    /**
-     * Export key to raw data
-     */
-    async exportKey(key) {
-        const crypto = globalThis.crypto;
-        if (!crypto) {
-            throw new Error('Crypto API not available');
-        }
-        return crypto.subtle.exportKey('raw', key);
-    }
-    /**
-     * Encrypt data
-     */
-    async encrypt(data, keyOrId) {
-        const crypto = globalThis.crypto;
-        if (!crypto) {
-            throw new Error('Crypto API not available');
-        }
-        // Get key
-        const key = typeof keyOrId === 'string' ? this.keys.get(keyOrId) : keyOrId;
-        if (!key) {
-            throw new Error('Key not found');
-        }
-        // Generate IV
-        const iv = crypto.getRandomValues(new Uint8Array(this.config.ivSize || 12));
-        // Encode data
-        const encoder = new TextEncoder();
-        const encodedData = encoder.encode(data);
-        // Encrypt
-        const encrypted = await crypto.subtle.encrypt({
-            name: this.config.algorithm,
-            iv,
-        }, key, encodedData);
-        // Convert to base64
-        const encryptedArray = new Uint8Array(encrypted);
-        const ivArray = new Uint8Array(iv);
-        return {
-            data: this.arrayBufferToBase64(encryptedArray),
-            iv: this.arrayBufferToBase64(ivArray),
-            algorithm: this.config.algorithm,
-        };
-    }
-    /**
-     * Decrypt data
-     */
-    async decrypt(encryptedData, keyOrId) {
-        const crypto = globalThis.crypto;
-        if (!crypto) {
-            throw new Error('Crypto API not available');
-        }
-        // Get key
-        const key = typeof keyOrId === 'string' ? this.keys.get(keyOrId) : keyOrId;
-        if (!key) {
-            throw new Error('Key not found');
-        }
-        // Decode data
-        const data = this.base64ToArrayBuffer(encryptedData.data);
-        const iv = this.base64ToArrayBuffer(encryptedData.iv);
-        // Decrypt
-        const decrypted = await crypto.subtle.decrypt({
-            name: encryptedData.algorithm,
-            iv: iv,
-        }, key, data);
-        // Decode text
-        const decoder = new TextDecoder();
-        return decoder.decode(decrypted);
-    }
-    /**
-     * Encrypt object
-     */
-    async encryptObject(obj, keyOrId) {
-        const json = JSON.stringify(obj);
-        return this.encrypt(json, keyOrId);
-    }
-    /**
-     * Decrypt object
-     */
-    async decryptObject(encryptedData, keyOrId) {
-        const json = await this.decrypt(encryptedData, keyOrId);
-        return JSON.parse(json);
-    }
-    /**
-     * Hash data
-     */
-    async hash(data, algorithm = 'SHA-256') {
-        const crypto = globalThis.crypto;
-        if (!crypto) {
-            throw new Error('Crypto API not available');
-        }
-        const encoder = new TextEncoder();
-        const encodedData = encoder.encode(data);
-        const hashBuffer = await crypto.subtle.digest(algorithm, encodedData);
-        return this.arrayBufferToBase64(new Uint8Array(hashBuffer));
-    }
-    /**
-     * Generate random bytes
-     */
-    randomBytes(length) {
-        const crypto = globalThis.crypto;
-        if (!crypto) {
-            throw new Error('Crypto API not available');
-        }
-        return crypto.getRandomValues(new Uint8Array(length));
-    }
-    /**
-     * Generate random string
-     */
-    randomString(length, charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789') {
-        // Rejection sampling to avoid modulo bias:
-        // Only accept bytes below the largest multiple of charset.length that fits in a byte.
-        const maxValid = 256 - (256 % charset.length);
-        const result = [];
-        while (result.length < length) {
-            const bytes = this.randomBytes(length - result.length + 16);
-            for (const byte of bytes) {
-                if (byte < maxValid) {
-                    result.push(charset[byte % charset.length]);
-                    if (result.length === length)
-                        break;
-                }
-            }
-        }
-        return result.join('');
-    }
-    /**
-     * Convert ArrayBuffer to base64
-     */
-    arrayBufferToBase64(buffer) {
-        const bytes = Array.from(buffer);
-        const binary = bytes.map((byte) => String.fromCharCode(byte)).join('');
-        if (typeof btoa !== 'undefined') {
-            return btoa(binary);
-        }
-        if (typeof Buffer !== 'undefined') {
-            return Buffer.from(binary, 'binary').toString('base64');
-        }
-        throw new Error('No base64 encoding available');
-    }
-    /**
-     * Convert base64 to ArrayBuffer
-     */
-    base64ToArrayBuffer(base64) {
-        let binary;
-        if (typeof atob !== 'undefined') {
-            binary = atob(base64);
-        }
-        else if (typeof Buffer !== 'undefined') {
-            binary = Buffer.from(base64, 'base64').toString('binary');
-        }
-        else {
-            throw new Error('No base64 decoding available');
-        }
-        const bytes = new Uint8Array(binary.length);
-        for (let i = 0; i < binary.length; i++) {
-            bytes[i] = binary.charCodeAt(i);
-        }
-        return bytes;
-    }
-    /**
-     * Store key
-     */
-    storeKey(keyId, key) {
-        this.keys.set(keyId, key);
-    }
-    /**
-     * Get key
-     */
-    getKey(keyId) {
-        return this.keys.get(keyId);
-    }
-    /**
-     * Remove key
-     */
-    removeKey(keyId) {
-        this.keys.delete(keyId);
-    }
-    /**
-     * Clear all keys
-     */
-    clearKeys() {
-        this.keys.clear();
-    }
-}
-/**
- * Global encryption instance
- */
-export const encryption = new EncryptionSystem();
-/**
- * Field-level encryption
- */
-export class FieldEncryption {
-    encryption;
-    key = null;
-    constructor(encryption) {
-        this.encryption = encryption;
-    }
-    /**
-     * Initialize with key
-     */
-    async initialize(key) {
-        this.key = key;
-    }
-    /**
-     * Encrypt field
-     */
-    async encryptField(value) {
-        if (!this.key) {
-            throw new Error('Encryption not initialized');
-        }
-        const stringValue = typeof value === 'string' ? value : JSON.stringify(value);
-        return this.encryption.encrypt(stringValue, this.key);
-    }
-    /**
-     * Decrypt field
-     */
-    async decryptField(encryptedData) {
-        if (!this.key) {
-            throw new Error('Encryption not initialized');
-        }
-        const decrypted = await this.encryption.decrypt(encryptedData, this.key);
-        // Try to parse as JSON
-        try {
-            return JSON.parse(decrypted);
-        }
-        catch {
-            return decrypted;
-        }
-    }
-    /**
-     * Encrypt object fields
-     */
-    async encryptFields(obj, fields) {
-        const result = { ...obj };
-        for (const field of fields) {
-            if (field in result) {
-                result[field] = (await this.encryptField(result[field]));
-            }
-        }
-        return result;
-    }
-    /**
-     * Decrypt object fields
-     */
-    async decryptFields(obj, fields) {
-        const result = { ...obj };
-        for (const field of fields) {
-            if (field in result && typeof result[field] === 'object' && result[field] !== null) {
-                const encryptedData = result[field];
-                if ('data' in encryptedData && 'iv' in encryptedData) {
-                    result[field] = (await this.decryptField(encryptedData));
-                }
-            }
-        }
-        return result;
-    }
-}
-/**
- * Key rotation
- */
-export class KeyRotationManager {
-    encryption;
-    currentKeyId;
-    oldKeys = new Map();
-    keyCreationDates = new Map();
-    constructor(encryption, initialKeyId) {
-        this.encryption = encryption;
-        this.currentKeyId = initialKeyId;
-        this.keyCreationDates.set(initialKeyId, new Date());
-    }
-    /**
-     * Rotate to new key
-     */
-    async rotate(newKeyId, newKey) {
-        // Store old key
-        const oldKey = this.encryption.getKey(this.currentKeyId);
-        if (oldKey) {
-            this.oldKeys.set(this.currentKeyId, oldKey);
-        }
-        // Set new key
-        this.encryption.storeKey(newKeyId, newKey);
-        this.currentKeyId = newKeyId;
-        this.keyCreationDates.set(newKeyId, new Date());
-    }
-    /**
-     * Re-encrypt data with new key
-     */
-    async reencrypt(encryptedData, oldKeyId) {
-        // Get keys
-        const oldKey = this.oldKeys.get(oldKeyId) || this.encryption.getKey(oldKeyId);
-        const newKey = this.encryption.getKey(this.currentKeyId);
-        if (!(oldKey && newKey)) {
-            throw new Error('Keys not found');
-        }
-        // Decrypt with old key
-        const decrypted = await this.encryption.decrypt(encryptedData, oldKey);
-        // Encrypt with new key
-        return this.encryption.encrypt(decrypted, newKey);
-    }
-    /**
-     * Get current key ID
-     */
-    getCurrentKeyId() {
-        return this.currentKeyId;
-    }
-    /**
-     * Clean up old keys created before the specified date.
-     * Never removes the current active key.
-     */
-    cleanupOldKeys(olderThan) {
-        for (const [keyId, createdAt] of this.keyCreationDates.entries()) {
-            if (keyId !== this.currentKeyId && createdAt < olderThan) {
-                this.oldKeys.delete(keyId);
-                this.encryption.removeKey(keyId);
-                this.keyCreationDates.delete(keyId);
-            }
-        }
-    }
-}
-/**
- * Envelope encryption for large data
- */
-export class EnvelopeEncryption {
-    encryption;
-    masterKey;
-    constructor(encryption, masterKey) {
-        this.encryption = encryption;
-        this.masterKey = masterKey;
-    }
-    /**
-     * Encrypt with envelope encryption
-     */
-    async encrypt(data) {
-        // Generate data encryption key (DEK)
-        const dek = await this.encryption.generateKey();
-        // Encrypt data with DEK
-        const encryptedData = await this.encryption.encrypt(data, dek);
-        // Export DEK
-        const dekRaw = await this.encryption.exportKey(dek);
-        const dekBase64 = this.arrayBufferToBase64(new Uint8Array(dekRaw));
-        // Encrypt DEK with master key
-        const encryptedKey = await this.encryption.encrypt(dekBase64, this.masterKey);
-        return { encryptedData, encryptedKey };
-    }
-    /**
-     * Decrypt with envelope encryption
-     */
-    async decrypt(encryptedData, encryptedKey) {
-        // Decrypt DEK with master key
-        const dekBase64 = await this.encryption.decrypt(encryptedKey, this.masterKey);
-        const dekRaw = this.base64ToArrayBuffer(dekBase64);
-        // Import DEK
-        const dek = await this.encryption.importKey(dekRaw.buffer);
-        // Decrypt data with DEK
-        return this.encryption.decrypt(encryptedData, dek);
-    }
-    arrayBufferToBase64(buffer) {
-        const bytes = Array.from(buffer);
-        const binary = bytes.map((byte) => String.fromCharCode(byte)).join('');
-        return typeof btoa !== 'undefined'
-            ? btoa(binary)
-            : Buffer.from(binary, 'binary').toString('base64');
-    }
-    base64ToArrayBuffer(base64) {
-        const binary = typeof atob !== 'undefined' ? atob(base64) : Buffer.from(base64, 'base64').toString('binary');
-        const bytes = new Uint8Array(binary.length);
-        for (let i = 0; i < binary.length; i++) {
-            bytes[i] = binary.charCodeAt(i);
-        }
-        return bytes;
-    }
-}
-/**
- * Data masking utilities
- */
-/**
- * Mask email
- */
-function maskEmail(email) {
-    const [local, domain] = email.split('@');
-    if (!(local && domain))
-        return email;
-    const maskedLocal = local.length > 2
-        ? local[0] + '*'.repeat(local.length - 2) + local[local.length - 1]
-        : `${local[0]}*`;
-    return `${maskedLocal}@${domain}`;
-}
-/**
- * Mask phone number
- */
-function maskPhone(phone) {
-    const digits = phone.replace(/\D/g, '');
-    if (digits.length < 4)
-        return phone;
-    const lastFour = digits.slice(-4);
-    const masked = '*'.repeat(digits.length - 4) + lastFour;
-    return phone.replace(/\d/g, (char, index) => {
-        const digitIndex = phone.slice(0, index + 1).replace(/\D/g, '').length - 1;
-        return masked[digitIndex] || char;
-    });
-}
-/**
- * Mask credit card
- */
-function maskCreditCard(card) {
-    const digits = card.replace(/\D/g, '');
-    if (digits.length < 4)
-        return card;
-    const lastFour = digits.slice(-4);
-    return `****-****-****-${lastFour}`;
-}
-/**
- * Mask SSN
- */
-function maskSSN(ssn) {
-    const digits = ssn.replace(/\D/g, '');
-    if (digits.length !== 9)
-        return ssn;
-    return `***-**-${digits.slice(-4)}`;
-}
-/**
- * Mask string (keep first and last character)
- */
-function maskString(str, keepChars = 1) {
-    if (str.length <= keepChars * 2) {
-        return '*'.repeat(str.length);
-    }
-    const prefix = str.slice(0, keepChars);
-    const suffix = str.slice(-keepChars);
-    const masked = '*'.repeat(str.length - keepChars * 2);
-    return `${prefix}${masked}${suffix}`;
-}
-export const DataMasking = {
-    maskEmail,
-    maskPhone,
-    maskCreditCard,
-    maskSSN,
-    maskString,
-};
-/**
- * Secure random token generator
- */
-/**
- * Generate secure token. `length` is the number of random bytes;
- * the returned string is hex-encoded, so it will be `length * 2` characters.
- */
-function generateToken(length = 32) {
-    const bytes = encryption.randomBytes(length);
-    return Array.from(bytes)
-        .map((b) => b.toString(16).padStart(2, '0'))
-        .join('');
-}
-/**
- * Generate UUID v4
- */
-function generateUUID() {
-    const crypto = globalThis.crypto;
-    if (!crypto) {
-        throw new Error('Crypto API not available');
-    }
-    return crypto.randomUUID();
-}
-/**
- * Generate API key
- */
-function generateAPIKey(prefix = 'sk') {
-    const token = generateToken(32);
-    return `${prefix}_${token}`;
-}
-/**
- * Generate session ID
- */
-function generateSessionID() {
-    return generateToken(64);
-}
-export const TokenGenerator = {
-    generate: generateToken,
-    generateUUID,
-    generateAPIKey,
-    generateSessionID,
-};

package/dist/security/gdpr-storage.d.ts

@@ -1,102 +0,0 @@
-/**
- * GDPR Storage Abstraction
- *
- * Record-oriented storage interface for GDPR compliance data.
- * Provides a clean seam for replacing the default in-memory implementation
- * with a database-backed store in production.
- */
-import type { ConsentRecord, ConsentType, DataBreach, DataDeletionRequest } from './gdpr.js';
-/**
- * Storage interface for GDPR consent records and deletion requests.
- *
- * All methods are async to support database-backed implementations.
- * The default `InMemoryGDPRStorage` is suitable for testing and development
- * but must be replaced with a persistent store for production use.
- */
-export interface GDPRStorage {
-    /**
-     * Store or update a consent record, keyed by `userId:consentType`.
-     */
-    setConsent(userId: string, type: ConsentType, record: ConsentRecord): Promise<void>;
-    /**
-     * Retrieve a consent record by user and type. Returns `undefined` if not found.
-     */
-    getConsent(userId: string, type: ConsentType): Promise<ConsentRecord | undefined>;
-    /**
-     * Retrieve all consent records for a given user.
-     */
-    getConsentsByUser(userId: string): Promise<ConsentRecord[]>;
-    /**
-     * Retrieve every consent record in storage (used for aggregate statistics).
-     */
-    getAllConsents(): Promise<ConsentRecord[]>;
-    /**
-     * Store a deletion request, keyed by its `id`.
-     */
-    setDeletionRequest(request: DataDeletionRequest): Promise<void>;
-    /**
-     * Retrieve a deletion request by ID. Returns `undefined` if not found.
-     */
-    getDeletionRequest(requestId: string): Promise<DataDeletionRequest | undefined>;
-    /**
-     * Retrieve all deletion requests for a given user.
-     */
-    getDeletionRequestsByUser(userId: string): Promise<DataDeletionRequest[]>;
-}
-/**
- * Storage interface for data breach records.
- *
- * All methods are async to support database-backed implementations.
- * The default `InMemoryBreachStorage` is suitable for testing and development
- * but must be replaced with a persistent store for production GDPR compliance.
- */
-export interface BreachStorage {
-    /**
-     * Store a data breach record.
-     */
-    setBreach(breach: DataBreach): Promise<void>;
-    /**
-     * Retrieve a breach by ID. Returns `undefined` if not found.
-     */
-    getBreach(id: string): Promise<DataBreach | undefined>;
-    /**
-     * Retrieve all breach records.
-     */
-    getAllBreaches(): Promise<DataBreach[]>;
-    /**
-     * Update an existing breach record (e.g., status change, add mitigation).
-     */
-    updateBreach(id: string, updates: Partial<DataBreach>): Promise<void>;
-}
-/**
- * In-memory implementation of `BreachStorage`.
- *
- * WARNING: All data is lost on process restart or serverless cold start.
- * GDPR requires breach records be retained — use database-backed storage in production.
- */
-export declare class InMemoryBreachStorage implements BreachStorage {
-    private breaches;
-    setBreach(breach: DataBreach): Promise<void>;
-    getBreach(id: string): Promise<DataBreach | undefined>;
-    getAllBreaches(): Promise<DataBreach[]>;
-    updateBreach(id: string, updates: Partial<DataBreach>): Promise<void>;
-}
-/**
- * In-memory implementation of `GDPRStorage`.
- *
- * WARNING: All data is lost on process restart or serverless cold start.
- * Use this only for development, testing, or as a reference implementation.
- * Production deployments MUST supply a database-backed `GDPRStorage`.
- */
-export declare class InMemoryGDPRStorage implements GDPRStorage {
-    private consents;
-    private deletionRequests;
-    setConsent(userId: string, type: ConsentType, record: ConsentRecord): Promise<void>;
-    getConsent(userId: string, type: ConsentType): Promise<ConsentRecord | undefined>;
-    getConsentsByUser(userId: string): Promise<ConsentRecord[]>;
-    getAllConsents(): Promise<ConsentRecord[]>;
-    setDeletionRequest(request: DataDeletionRequest): Promise<void>;
-    getDeletionRequest(requestId: string): Promise<DataDeletionRequest | undefined>;
-    getDeletionRequestsByUser(userId: string): Promise<DataDeletionRequest[]>;
-}
-//# sourceMappingURL=gdpr-storage.d.ts.map

package/dist/security/gdpr-storage.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"gdpr-storage.d.ts","sourceRoot":"","sources":["../../src/security/gdpr-storage.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAE7F;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAG1B;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpF;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CAAC;IAElF;;OAEG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAE5D;;OAEG;IACH,cAAc,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAI3C;;OAEG;IACH,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhE;;OAEG;IACH,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC,CAAC;IAEhF;;OAEG;IACH,yBAAyB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAAC;CAC3E;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7C;;OAEG;IACH,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC,CAAC;IAEvD;;OAEG;IACH,cAAc,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAExC;;OAEG;IACH,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACvE;AAED;;;;;GAKG;AACH,qBAAa,qBAAsB,YAAW,aAAa;IACzD,OAAO,CAAC,QAAQ,CAAsC;IAEhD,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5C,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;IAItD,cAAc,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAIvC,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;CAM5E;AAED;;;;;;GAMG;AACH,qBAAa,mBAAoB,YAAW,WAAW;IACrD,OAAO,CAAC,QAAQ,CAAyC;IACzD,OAAO,CAAC,gBAAgB,CAA+C;IAIjE,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAInF,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC;IAIjF,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAI3D,cAAc,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAM1C,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/D,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC;IAI/E,yBAAyB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;CAGhF"}