@scallywag/validation 1.0.0 → 1.0.1

package/dist/env.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Environment Variable Validation & Security
+ *
+ * Comprehensive environment validation with security scanning
+ *
+ * ESLint override is applied to this file because:
+ * 1. This IS the security layer for environment variable validation
+ * 2. Dynamic environment access is required to scan for security issues
+ * 3. This module centralizes and secures environment validation for the entire application
+ * 4. Alternative approaches would eliminate the security scanning benefits
+ */
+/**
+ * Scan environment variables for security issues
+ */
+export declare function scanEnvironmentSecurity(): {
+    warnings: string[];
+    errors: string[];
+    recommendations: string[];
+};
+/**
+ * Process validation results with security scan
+ * Extracted for better testability
+ */
+export declare function processValidationResult(validatedEnv: unknown, securityScan: ReturnType<typeof scanEnvironmentSecurity>): {
+    success: boolean;
+    data?: unknown;
+    errors?: string[];
+    securityScan: ReturnType<typeof scanEnvironmentSecurity>;
+};
+/**
+ * Process validation error and return formatted result
+ * Extracted for better testability
+ */
+export declare function processValidationError(error: unknown, securityScan: ReturnType<typeof scanEnvironmentSecurity>): {
+    success: boolean;
+    errors: string[];
+    securityScan: ReturnType<typeof scanEnvironmentSecurity>;
+};
+/**
+ * Validate environment variables based on current NODE_ENV
+ */
+export declare function validateEnvironment(): {
+    success: boolean;
+    data?: unknown;
+    errors?: string[];
+    securityScan: ReturnType<typeof scanEnvironmentSecurity>;
+};
+/**
+ * Log environment validation results
+ */
+export declare function logEnvironmentValidation(result: ReturnType<typeof validateEnvironment>): void;
+/**
+ * Initialize and validate environment on startup
+ */
+export declare function initializeEnvironment(): boolean;
+//# sourceMappingURL=env.d.ts.map

package/dist/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../env.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAoKH;;GAEG;AACH,wBAAgB,uBAAuB,IAAI;IACzC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B,CAkCA;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,YAAY,EAAE,OAAO,EACrB,YAAY,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,GACvD;IACD,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,YAAY,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,CAAC;CAC1D,CAeA;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,OAAO,EACd,YAAY,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,GACvD;IACD,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,CAAC;CAC1D,CAQA;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,YAAY,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,CAAC;CAC1D,CA2BA;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,UAAU,CAAC,OAAO,mBAAmB,CAAC,GAC7C,IAAI,CAsBN;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,OAAO,CAa/C"}

package/dist/env.js

@@ -0,0 +1,262 @@
+/**
+ * Environment Variable Validation & Security
+ *
+ * Comprehensive environment validation with security scanning
+ *
+ * ESLint override is applied to this file because:
+ * 1. This IS the security layer for environment variable validation
+ * 2. Dynamic environment access is required to scan for security issues
+ * 3. This module centralizes and secures environment validation for the entire application
+ * 4. Alternative approaches would eliminate the security scanning benefits
+ */
+/* eslint-disable security/detect-object-injection */
+import { z } from 'zod';
+import { logger } from '../security/logger';
+import { validateEnv } from './validators';
+// Security-focused environment schema
+const baseEnvSchema = z.object({
+    NODE_ENV: z
+        .enum(['development', 'test', 'production'])
+        .default('development'),
+    // Next.js specific
+    NEXT_PUBLIC_APP_VERSION: z.string().default('0.1.0'),
+    NEXT_PUBLIC_NODE_ENV: z.string().optional(),
+    // Database (production required)
+    DATABASE_URL: z.string().url().optional(),
+    // Security keys (production required)
+    JWT_SECRET: z.string().min(32).optional(),
+    ENCRYPTION_KEY: z.string().min(32).optional(),
+    // External services
+    REDIS_URL: z.string().url().optional(),
+    API_KEY: z.string().optional(),
+    // Development only
+    DEBUG: z.boolean().optional().default(false),
+    // CI/CD
+    CI: z.boolean().optional().default(false),
+    GITHUB_ACTIONS: z.boolean().optional().default(false),
+});
+// Production-specific stricter schema
+const productionEnvSchema = baseEnvSchema.extend({
+    DATABASE_URL: z.string().url('Database URL is required in production'),
+    JWT_SECRET: z
+        .string()
+        .min(32, 'JWT secret must be at least 32 characters in production'),
+    DEBUG: z.literal(false).default(false),
+});
+// Development-specific schema
+const developmentEnvSchema = baseEnvSchema.extend({
+    DEBUG: z.boolean().optional().default(true),
+});
+/**
+ * Pre-compiled security patterns for performance and security
+ */
+const COMPILED_SECURITY_PATTERNS = {
+    potentialSecrets: [
+        /secret/i,
+        /password/i,
+        /pass/i,
+        /pwd/i,
+        /key/i,
+        /token/i,
+        /auth/i,
+        /api/i,
+        /private/i,
+        /credential/i,
+    ],
+    suspiciousValues: [
+        /test/i,
+        /dev/i,
+        /development/i,
+        /default/i,
+        /example/i,
+        /sample/i,
+        /demo/i,
+        /temp/i,
+        /placeholder/i,
+    ],
+    urlWithSecrets: [
+        /\/\/[^@]*:[^@]*@/,
+        /[?&]password=/i,
+        /[?&]secret=/i,
+        /[?&]token=/i,
+        /[?&]key=/i,
+    ],
+};
+/**
+ * Safe environment variable access
+ */
+function getEnvVariable(key) {
+    // Use Object.prototype.hasOwnProperty for safer property access
+    if (!Object.prototype.hasOwnProperty.call(process.env, key)) {
+        return undefined;
+    }
+    return process.env[key];
+}
+/**
+ * Check if variable name matches security patterns
+ */
+function isSecuritySensitiveVariable(key) {
+    return COMPILED_SECURITY_PATTERNS.potentialSecrets.some((pattern) => pattern.test(key));
+}
+/**
+ * Validate weak secret values
+ */
+function validateSecretStrength(key, value, warnings) {
+    if (typeof value !== 'string')
+        return;
+    const normalizedValue = value.toLowerCase();
+    const weakSecrets = [
+        'secret',
+        'password',
+        'dev',
+        'development',
+        'test',
+        'default',
+        '123456',
+        'admin',
+        'root',
+    ];
+    if (weakSecrets.some((weak) => normalizedValue.includes(weak))) {
+        warnings.push(`Potentially weak secret detected in ${key}: appears to be a default/weak value`);
+    }
+    if (value.length < 16) {
+        warnings.push(`Short secret detected in ${key}: ${value.length} characters (recommend 32+)`);
+    }
+}
+/**
+ * Check production environment requirements
+ */
+function validateProductionRequirements(isProduction, _warnings, errors) {
+    if (!isProduction)
+        return;
+    const requiredProdVars = ['DATABASE_URL', 'JWT_SECRET'];
+    for (const varName of requiredProdVars) {
+        const value = getEnvVariable(varName);
+        if (!value) {
+            errors.push(`Missing required production environment variable: ${varName}`);
+        }
+    }
+}
+/**
+ * Scan environment variables for security issues
+ */
+export function scanEnvironmentSecurity() {
+    const warnings = [];
+    const errors = [];
+    const recommendations = [];
+    const env = process.env;
+    const isProduction = env['NODE_ENV'] === 'production';
+    // Check production requirements
+    validateProductionRequirements(isProduction, warnings, errors);
+    // Check for potential secrets with weak values
+    for (const [key, value] of Object.entries(env)) {
+        if (!value)
+            continue;
+        if (isSecuritySensitiveVariable(key)) {
+            validateSecretStrength(key, value, warnings);
+        }
+    }
+    // Add general recommendations
+    if (!isProduction) {
+        recommendations.push('Consider using .env.local for development secrets to avoid committing them');
+    }
+    recommendations.push('Regularly rotate secrets and API keys', 'Use strong, unique values for all secret environment variables', 'Consider using a dedicated secret management service for production');
+    return { warnings, errors, recommendations };
+}
+/**
+ * Process validation results with security scan
+ * Extracted for better testability
+ */
+export function processValidationResult(validatedEnv, securityScan) {
+    // Fail if there are security errors
+    if (securityScan.errors.length > 0) {
+        return {
+            success: false,
+            errors: securityScan.errors,
+            securityScan,
+        };
+    }
+    return {
+        success: true,
+        data: validatedEnv,
+        securityScan,
+    };
+}
+/**
+ * Process validation error and return formatted result
+ * Extracted for better testability
+ */
+export function processValidationError(error, securityScan) {
+    return {
+        success: false,
+        errors: [
+            error instanceof Error ? error.message : 'Environment validation failed',
+        ],
+        securityScan,
+    };
+}
+/**
+ * Validate environment variables based on current NODE_ENV
+ */
+export function validateEnvironment() {
+    const nodeEnv = process.env['NODE_ENV'] || 'development';
+    const securityScan = scanEnvironmentSecurity();
+    let schema;
+    switch (nodeEnv) {
+        case 'production':
+            schema = productionEnvSchema;
+            break;
+        case 'development':
+            schema = developmentEnvSchema;
+            break;
+        case 'test':
+            schema = baseEnvSchema;
+            break;
+        default:
+            schema = baseEnvSchema;
+    }
+    try {
+        const validatedEnv = validateEnv(schema);
+        return processValidationResult(validatedEnv, securityScan);
+    }
+    catch (error) {
+        return processValidationError(error, securityScan);
+    }
+}
+/**
+ * Log environment validation results
+ */
+export function logEnvironmentValidation(result) {
+    const { success, errors, securityScan } = result;
+    const { warnings, errors: secErrors, recommendations } = securityScan;
+    if (success) {
+        logger.info('Environment validation passed');
+    }
+    else {
+        logger.error('Environment validation failed', { errors });
+    }
+    // Log security scan results
+    if (secErrors.length > 0) {
+        logger.error('Security Errors found', { errors: secErrors });
+    }
+    if (warnings.length > 0) {
+        logger.warn('Security Warnings found', { warnings });
+    }
+    if (recommendations.length > 0) {
+        logger.info('Security Recommendations', { recommendations });
+    }
+}
+/**
+ * Initialize and validate environment on startup
+ */
+export function initializeEnvironment() {
+    const result = validateEnvironment();
+    logEnvironmentValidation(result);
+    // Exit process if validation fails
+    if (!result.success) {
+        logger.error('Application startup failed due to environment validation errors');
+        process.exit(1);
+    }
+    return true;
+}
+//# sourceMappingURL=env.js.map

package/dist/env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../env.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,qDAAqD;AAErD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,sCAAsC;AACtC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,aAAa,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;SAC3C,OAAO,CAAC,aAAa,CAAC;IAEzB,mBAAmB;IACnB,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IACpD,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE3C,iCAAiC;IACjC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEzC,sCAAsC;IACtC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IACzC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAE7C,oBAAoB;IACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACtC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE9B,mBAAmB;IACnB,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE5C,QAAQ;IACR,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACzC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACtD,CAAC,CAAC;AAEH,sCAAsC;AACtC,MAAM,mBAAmB,GAAG,aAAa,CAAC,MAAM,CAAC;IAC/C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,wCAAwC,CAAC;IACtE,UAAU,EAAE,CAAC;SACV,MAAM,EAAE;SACR,GAAG,CAAC,EAAE,EAAE,yDAAyD,CAAC;IACrE,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;CACvC,CAAC,CAAC;AAEH,8BAA8B;AAC9B,MAAM,oBAAoB,GAAG,aAAa,CAAC,MAAM,CAAC;IAChD,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;CAC5C,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,0BAA0B,GAAG;IACjC,gBAAgB,EAAE;QAChB,SAAS;QACT,WAAW;QACX,OAAO;QACP,MAAM;QACN,MAAM;QACN,QAAQ;QACR,OAAO;QACP,MAAM;QACN,UAAU;QACV,aAAa;KACd;IACD,gBAAgB,EAAE;QAChB,OAAO;QACP,MAAM;QACN,cAAc;QACd,UAAU;QACV,UAAU;QACV,SAAS;QACT,OAAO;QACP,OAAO;QACP,cAAc;KACf;IACD,cAAc,EAAE;QACd,kBAAkB;QAClB,gBAAgB;QAChB,cAAc;QACd,aAAa;QACb,WAAW;KACZ;CACO,CAAC;AAEX;;GAEG;AACH,SAAS,cAAc,CAAC,GAAW;IACjC,gEAAgE;IAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;QAC5D,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,GAAW;IAC9C,OAAO,0BAA0B,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAClE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAClB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,GAAW,EACX,KAAa,EACb,QAAkB;IAElB,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO;IAEtC,MAAM,eAAe,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG;QAClB,QAAQ;QACR,UAAU;QACV,KAAK;QACL,aAAa;QACb,MAAM;QACN,SAAS;QACT,QAAQ;QACR,OAAO;QACP,MAAM;KACP,CAAC;IAEF,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC/D,QAAQ,CAAC,IAAI,CACX,uCAAuC,GAAG,sCAAsC,CACjF,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CACX,4BAA4B,GAAG,KAAK,KAAK,CAAC,MAAM,6BAA6B,CAC9E,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,8BAA8B,CACrC,YAAqB,EACrB,SAAmB,EACnB,MAAgB;IAEhB,IAAI,CAAC,YAAY;QAAE,OAAO;IAE1B,MAAM,gBAAgB,GAAG,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;IACxD,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CACT,qDAAqD,OAAO,EAAE,CAC/D,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB;IAKrC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IACxB,MAAM,YAAY,GAAG,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,CAAC;IAEtD,gCAAgC;IAChC,8BAA8B,CAAC,YAAY,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE/D,+CAA+C;IAC/C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,IAAI,2BAA2B,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,sBAAsB,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,eAAe,CAAC,IAAI,CAClB,4EAA4E,CAC7E,CAAC;IACJ,CAAC;IAED,eAAe,CAAC,IAAI,CAClB,uCAAuC,EACvC,gEAAgE,EAChE,qEAAqE,CACtE,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CACrC,YAAqB,EACrB,YAAwD;IAOxD,oCAAoC;IACpC,IAAI,YAAY,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,YAAY;SACb,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,YAAY;QAClB,YAAY;KACb,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAc,EACd,YAAwD;IAMxD,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE;YACN,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,+BAA+B;SACzE;QACD,YAAY;KACb,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB;IAMjC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,aAAa,CAAC;IACzD,MAAM,YAAY,GAAG,uBAAuB,EAAE,CAAC;IAE/C,IAAI,MAAmB,CAAC;IAExB,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,YAAY;YACf,MAAM,GAAG,mBAAmB,CAAC;YAC7B,MAAM;QACR,KAAK,aAAa;YAChB,MAAM,GAAG,oBAAoB,CAAC;YAC9B,MAAM;QACR,KAAK,MAAM;YACT,MAAM,GAAG,aAAa,CAAC;YACvB,MAAM;QACR;YACE,MAAM,GAAG,aAAa,CAAC;IAC3B,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAEzC,OAAO,uBAAuB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC7D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,sBAAsB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CACtC,MAA8C;IAE9C,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IACjD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,YAAY,CAAC;IAEtE,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,4BAA4B;IAC5B,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,eAAe,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;IACrC,wBAAwB,CAAC,MAAM,CAAC,CAAC;IAEjC,mCAAmC;IACnC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CACV,iEAAiE,CAClE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Validation Framework - Core Exports
+ *
+ * This module provides a comprehensive validation framework using Zod
+ * for the Fractal Gateway Architecture
+ */
+export * from './middleware';
+export * from './schemas';
+export * from './types';
+export * from './validators';
+export * from './wrappers';
+export * from './zod-schema-converter';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,wBAAwB,CAAC"}

package/dist/index.js

@@ -0,0 +1,13 @@
+/**
+ * Validation Framework - Core Exports
+ *
+ * This module provides a comprehensive validation framework using Zod
+ * for the Fractal Gateway Architecture
+ */
+export * from './middleware';
+export * from './schemas';
+export * from './types';
+export * from './validators';
+export * from './wrappers';
+export * from './zod-schema-converter';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,wBAAwB,CAAC"}

package/dist/middleware.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Validation Middleware
+ *
+ * Next.js API route validation middleware using Zod
+ */
+import { NextRequest, NextResponse } from 'next/server';
+import { EndpointValidation, FractalValidationContext, SecurityLevel } from './types';
+/**
+ * Helper function to safely extract validated data from result
+ * Extracted for better testability
+ */
+export declare function safeExtractValidatedData(result: unknown): Record<string, unknown>;
+/**
+ * Create validation middleware for API routes
+ *
+ * Supports two validation modes:
+ * 1. Unified input validation (config.input): Merges body, query, and params
+ *    into a single validated object. Preferred for new endpoints.
+ * 2. Legacy validation (config.body/query/headers): Validates each part
+ *    separately. Maintained for backwards compatibility.
+ */
+export declare function createValidationMiddleware(config: EndpointValidation): (request: NextRequest, _context?: FractalValidationContext, params?: Record<string, string>) => Promise<NextResponse<{
+    success: boolean;
+    error: string;
+    details: Record<string, string[]>;
+    timestamp: string;
+}> | NextResponse<{
+    success: boolean;
+    error: string;
+    details: {
+        server: string[];
+    };
+    timestamp: string;
+}> | {
+    validatedData: Record<string, unknown>;
+}>;
+/**
+ * Validation decorator for API route handlers
+ *
+ * Supports unified input validation when config.input is provided.
+ * Extracts route params from the context argument automatically.
+ */
+export declare function validateRoute(config: EndpointValidation): (_target: unknown, _propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
+/**
+ * Higher-order function to wrap API route with validation
+ *
+ * Supports unified input validation when config.input is provided.
+ * Extracts route params from Next.js context automatically.
+ */
+export declare function withValidation(config: EndpointValidation, handler: (request: NextRequest, validatedData: Record<string, unknown>, context?: unknown) => Promise<NextResponse>): (request: NextRequest, context?: unknown) => Promise<NextResponse<unknown>>;
+/**
+ * Security-focused validation middleware
+ */
+export declare function createSecurityMiddleware(securityLevel?: SecurityLevel): (request: NextRequest) => NextResponse<{
+    success: boolean;
+    error: string;
+    timestamp: string;
+}> | null;
+/**
+ * Rate limiting middleware
+ *
+ * Uses standardized gateway MemoryRateLimitStore for consistent rate limiting across the application.
+ * This maintains backward compatibility with the existing Next.js API route middleware pattern
+ * while using the standardized gateway rate limiting infrastructure.
+ */
+export declare function createRateLimitMiddleware(requests?: number, windowMs?: number): (request: NextRequest) => NextResponse | null;
+/**
+ * Combine multiple middleware functions
+ */
+export declare function combineMiddleware(...middlewares: Array<(request: NextRequest) => NextResponse | null>): (request: NextRequest) => NextResponse<unknown> | null;
+/**
+ * Create comprehensive API middleware
+ *
+ * Supports unified input validation when options.validation.input is provided.
+ * Accepts optional context for extracting route params.
+ */
+export declare function createApiMiddleware(options: {
+    validation?: EndpointValidation;
+    security?: SecurityLevel;
+    rateLimit?: {
+        requests: number;
+        windowMs: number;
+    };
+}): (request: NextRequest, handler: (request: NextRequest, validatedData?: Record<string, unknown>) => Promise<NextResponse>, context?: unknown) => Promise<NextResponse<unknown>>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../middleware.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,aAAa,EAEd,MAAM,SAAS,CAAC;AAYjB;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,OAAO,GACd,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASzB;AA0HD;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,kBAAkB,IAEjE,SAAS,WAAW,EACpB,WAAW,wBAAwB,EACnC,SAAS,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;;;;;;;;;;;;;;GAsElC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,kBAAkB,IAEpD,SAAS,OAAO,EAChB,cAAc,MAAM,EACpB,YAAY,kBAAkB,wBA2BjC;AAsCD;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,kBAAkB,EAC1B,OAAO,EAAE,CACP,OAAO,EAAE,WAAW,EACpB,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACtC,OAAO,CAAC,EAAE,OAAO,KACd,OAAO,CAAC,YAAY,CAAC,IAEH,SAAS,WAAW,EAAE,UAAU,OAAO,oCAc/D;AAkDD;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,aAAa,GAAE,aAAoC,IAElC,SAAS,WAAW;;;;UAyBtC;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,GAAE,MAAY,EACtB,QAAQ,GAAE,MAAc,IAgBP,SAAS,WAAW,KAAG,YAAY,GAAG,IAAI,CAoC5D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,GAAG,WAAW,EAAE,KAAK,CAAC,CAAC,OAAO,EAAE,WAAW,KAAK,YAAY,GAAG,IAAI,CAAC,IAEnD,SAAS,WAAW,kCAStC;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE;IAC3C,UAAU,CAAC,EAAE,kBAAkB,CAAC;IAChC,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,SAAS,CAAC,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;CACpD,IAqBG,SAAS,WAAW,EACpB,SAAS,CACP,OAAO,EAAE,WAAW,EACpB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KACpC,OAAO,CAAC,YAAY,CAAC,EAC1B,UAAU,OAAO,oCA8BpB"}