@shadow-corp/nearconnect 1.0.0

package/build/security/csp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csp.js","sourceRoot":"","sources":["../../src/security/csp.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAkFH,kCAIC;AAKD,8CAEC;AAKD,4BAYC;AAKD,0CAgBC;AAiBD,oDAoJC;AAKD,gDA+CC;AAkBD,kDAuBC;AAnXD;;GAEG;AACU,QAAA,sBAAsB,GAAkB;IACnD,mBAAmB;IACnB,aAAa,EAAE,CAAC,QAAQ,CAAC;IAEzB,4CAA4C;IAC5C,YAAY,EAAE,CAAC,QAAQ,CAAC;IAExB,sEAAsE;IACtE,WAAW,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IAE1C,uDAAuD;IACvD,aAAa,EAAE;QACb,QAAQ;QACR,8BAA8B;QAC9B,8BAA8B;QAC9B,uCAAuC;QACvC,uCAAuC;QACvC,+BAA+B;QAC/B,kCAAkC;QAClC,uCAAuC;QACvC,uCAAuC;KACxC;IAED,0BAA0B;IAC1B,WAAW,EAAE;QACX,QAAQ;QACR,kCAAkC;QAClC,sBAAsB;QACtB,8BAA8B;QAC9B,iCAAiC;QACjC,2BAA2B;QAC3B,oBAAoB;QACpB,4BAA4B;QAC5B,6BAA6B;KAC9B;IAED,SAAS;IACT,SAAS,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC;IAExC,QAAQ;IACR,UAAU,EAAE,CAAC,QAAQ,CAAC;IAEtB,gCAAgC;IAChC,YAAY,EAAE,CAAC,QAAQ,CAAC;IAExB,uBAAuB;IACvB,UAAU,EAAE,CAAC,QAAQ,CAAC;IAEtB,mBAAmB;IACnB,aAAa,EAAE,CAAC,QAAQ,CAAC;IAEzB,uBAAuB;IACvB,iBAAiB,EAAE,CAAC,QAAQ,CAAC;IAE7B,cAAc;IACd,YAAY,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;CAClC,CAAC;AAEF;;GAEG;AACH,SAAgB,WAAW,CAAC,aAA4B,8BAAsB;IAC5E,OAAO,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;SAC9B,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;SACpD,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB;IAC/B,OAAO,WAAW,CAAC,8BAAsB,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAgB,QAAQ,CAAC,MAA8B;IACrD,MAAM,MAAM,GAAkB,EAAE,GAAG,8BAAsB,EAAE,CAAC;IAE5D,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,GAA0B,CAAC;QAC7C,MAAM,CAAC,SAAS,CAAC,GAAG;YAClB,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC5B,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,UAA0B;IACxD,IAAI,OAAO,QAAQ,KAAK,WAAW;QAAE,OAAO;IAE5C,MAAM,GAAG,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;IAEpC,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,CAAC,4CAA4C,CAAC,CAAC;IACtF,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,MAAM,EAAE,CAAC;IACpB,CAAC;IAED,uBAAuB;IACvB,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,CAAC,SAAS,GAAG,yBAAyB,CAAC;IAC3C,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC;IACnB,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;AAClC,CAAC;AAcD;;GAEG;AACH,SAAgB,oBAAoB;IAClC,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,4BAA4B;IAC5B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,CAAC;gBACN,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,oCAAoC;aAC9C,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,MAAM,CAAC,eAAe;QAC9B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,MAAM,CAAC,eAAe;YAC7B,CAAC,CAAC,mCAAmC;YACrC,CAAC,CAAC,+BAA+B;QACnC,cAAc,EAAE,MAAM,CAAC,eAAe;YACpC,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,kDAAkD;KACvD,CAAC,CAAC;IAEH,qCAAqC;IACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,GAAG,CAAC;IAC5C,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,kBAAkB;QACxB,MAAM,EAAE,CAAC,QAAQ;QACjB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,QAAQ;YACf,CAAC,CAAC,6DAA6D;YAC/D,CAAC,CAAC,gCAAgC;QACpC,cAAc,EAAE,QAAQ;YACtB,CAAC,CAAC,yEAAyE;YAC3E,CAAC,CAAC,SAAS;KACd,CAAC,CAAC;IAEH,oBAAoB;IACpB,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,SAAS;YAChB,CAAC,CAAC,gDAAgD;YAClD,CAAC,CAAC,8BAA8B;QAClC,cAAc,EAAE,SAAS;YACvB,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,yDAAyD;KAC9D,CAAC,CAAC;IAEH,0BAA0B;IAC1B,MAAM,UAAU,GAAG,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,cAAc,CAAC;IACtD,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,UAAU;QAClB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,UAAU;YACjB,CAAC,CAAC,qCAAqC;YACvC,CAAC,CAAC,4BAA4B;QAChC,cAAc,EAAE,UAAU;YACxB,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,4DAA4D;KACjE,CAAC,CAAC;IAEH,iCAAiC;IACjC,MAAM,SAAS,GAAG,KAAK,IAAI,SAAS,CAAC;IACrC,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,SAAS;YAChB,CAAC,CAAC,4CAA4C;YAC9C,CAAC,CAAC,uCAAuC;QAC3C,cAAc,EAAE,SAAS;YACvB,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,sDAAsD;KAC3D,CAAC,CAAC;IAEH,4BAA4B;IAC5B,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,wBAAwB;QAC9B,MAAM,EAAE,mBAAmB;QAC3B,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,mBAAmB;YAC1B,CAAC,CAAC,6CAA6C;YAC/C,CAAC,CAAC,2BAA2B;QAC/B,cAAc,EAAE,mBAAmB;YACjC,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,yDAAyD;KAC9D,CAAC,CAAC;IAEH,sCAAsC;IACtC,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;IACpC,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,CAAC,OAAO;QAChB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,OAAO;YACd,CAAC,CAAC,qDAAqD;YACvD,CAAC,CAAC,+BAA+B;QACnC,cAAc,EAAE,OAAO;YACrB,CAAC,CAAC,wCAAwC;YAC1C,CAAC,CAAC,SAAS;KACd,CAAC,CAAC;IAEH,0BAA0B;IAC1B,MAAM,KAAK,GAAG,eAAe,IAAI,SAAS,CAAC;IAC3C,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,IAAI;QACZ,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,KAAK;YACZ,CAAC,CAAC,8BAA8B;YAChC,CAAC,CAAC,8BAA8B;KACnC,CAAC,CAAC;IAEH,qBAAqB;IACrB,MAAM,cAAc,GAAG,aAAa,IAAI,SAAS,CAAC;IAClD,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,cAAc;QACtB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,cAAc;YACrB,CAAC,CAAC,iDAAiD;YACnD,CAAC,CAAC,+BAA+B;KACpC,CAAC,CAAC;IAEH,sBAAsB;IACtB,MAAM,YAAY,GAAG,QAAQ,CAAC,aAAa,CAAC,uBAAuB,CAAC,CAAC;IACrE,MAAM,iBAAiB,GAAG,YAAY,EAAE,YAAY,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAC1D,YAAY,EAAE,YAAY,CAAC,SAAS,CAAC,KAAK,aAAa,CAAC;IACjF,MAAM,CAAC,IAAI,CAAC;QACV,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,iBAAiB;QACzB,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,iBAAiB;YACxB,CAAC,CAAC,mCAAmC;YACrC,CAAC,CAAC,wCAAwC;QAC5C,cAAc,EAAE,iBAAiB;YAC/B,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,sEAAsE;KAC3E,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,MAAwB;IAQzD,MAAM,OAAO,GAAG,MAAM,IAAI,oBAAoB,EAAE,CAAC;IAEjD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACpF,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAE7B,2BAA2B;IAC3B,MAAM,OAAO,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACxE,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACvC,QAAQ,IAAI,MAAM,CAAC;QACnB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,WAAW,IAAI,MAAM,CAAC;QACxB,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,GAAG,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAE9E,6CAA6C;IAC7C,IAAI,KAAkC,CAAC;IACvC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,KAAK,GAAG,GAAG,CAAC;IACd,CAAC;SAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QACvB,KAAK,GAAG,GAAG,CAAC;IACd,CAAC;SAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QACvB,KAAK,GAAG,GAAG,CAAC;IACd,CAAC;SAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QACvB,KAAK,GAAG,GAAG,CAAC;IACd,CAAC;SAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QACvB,KAAK,GAAG,GAAG,CAAC;IACd,CAAC;SAAM,CAAC;QACN,KAAK,GAAG,GAAG,CAAC;IACd,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,IAAI,CAAC;QACH,mCAAmC;QACnC,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB;IACjC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACtC,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC3B,MAAM;KACP,CAAC;AACJ,CAAC"}

package/build/security/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Security Module
+ * Comprehensive security layers for wallet operations
+ */
+export { TransactionGuard, createDefaultTransactionGuard, type Transaction as SecurityTransaction, type TransactionLimits, type TransactionRisk, } from './transaction-guard';
+export { OriginGuard, createSecureMessageHandler, type TrustedOrigins, type OriginGuardConfig, } from './origin-guard';
+export { SecureStorage, createSecureStorage, type SecureStorageOptions, } from './secure-storage';
+export { RateLimiter, connectLimiter, signLimiter, rpcLimiter, rateLimit, withRateLimit, type RateLimitConfig, type RateLimitResult, } from './rate-limiter';
+export { AuditLog, createAuditLog, type AuditEvent, type AuditEventType, type AuditLogConfig, } from './audit-log';
+export { generateCSP, getRecommendedCSP, mergeCSP, applyCSPMetaTag, runSecurityChecklist, getSecuritySummary, verifySecureContext, DEFAULT_CSP_DIRECTIVES, type CSPDirectives, type SecurityCheck, } from './csp';

package/build/security/index.js

@@ -0,0 +1,42 @@
+"use strict";
+/**
+ * Security Module
+ * Comprehensive security layers for wallet operations
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_CSP_DIRECTIVES = exports.verifySecureContext = exports.getSecuritySummary = exports.runSecurityChecklist = exports.applyCSPMetaTag = exports.mergeCSP = exports.getRecommendedCSP = exports.generateCSP = exports.createAuditLog = exports.AuditLog = exports.withRateLimit = exports.rateLimit = exports.rpcLimiter = exports.signLimiter = exports.connectLimiter = exports.RateLimiter = exports.createSecureStorage = exports.SecureStorage = exports.createSecureMessageHandler = exports.OriginGuard = exports.createDefaultTransactionGuard = exports.TransactionGuard = void 0;
+// Transaction verification
+var transaction_guard_1 = require("./transaction-guard");
+Object.defineProperty(exports, "TransactionGuard", { enumerable: true, get: function () { return transaction_guard_1.TransactionGuard; } });
+Object.defineProperty(exports, "createDefaultTransactionGuard", { enumerable: true, get: function () { return transaction_guard_1.createDefaultTransactionGuard; } });
+// Origin verification
+var origin_guard_1 = require("./origin-guard");
+Object.defineProperty(exports, "OriginGuard", { enumerable: true, get: function () { return origin_guard_1.OriginGuard; } });
+Object.defineProperty(exports, "createSecureMessageHandler", { enumerable: true, get: function () { return origin_guard_1.createSecureMessageHandler; } });
+// Secure storage
+var secure_storage_1 = require("./secure-storage");
+Object.defineProperty(exports, "SecureStorage", { enumerable: true, get: function () { return secure_storage_1.SecureStorage; } });
+Object.defineProperty(exports, "createSecureStorage", { enumerable: true, get: function () { return secure_storage_1.createSecureStorage; } });
+// Rate limiting
+var rate_limiter_1 = require("./rate-limiter");
+Object.defineProperty(exports, "RateLimiter", { enumerable: true, get: function () { return rate_limiter_1.RateLimiter; } });
+Object.defineProperty(exports, "connectLimiter", { enumerable: true, get: function () { return rate_limiter_1.connectLimiter; } });
+Object.defineProperty(exports, "signLimiter", { enumerable: true, get: function () { return rate_limiter_1.signLimiter; } });
+Object.defineProperty(exports, "rpcLimiter", { enumerable: true, get: function () { return rate_limiter_1.rpcLimiter; } });
+Object.defineProperty(exports, "rateLimit", { enumerable: true, get: function () { return rate_limiter_1.rateLimit; } });
+Object.defineProperty(exports, "withRateLimit", { enumerable: true, get: function () { return rate_limiter_1.withRateLimit; } });
+// Audit logging
+var audit_log_1 = require("./audit-log");
+Object.defineProperty(exports, "AuditLog", { enumerable: true, get: function () { return audit_log_1.AuditLog; } });
+Object.defineProperty(exports, "createAuditLog", { enumerable: true, get: function () { return audit_log_1.createAuditLog; } });
+// CSP and security checklist
+var csp_1 = require("./csp");
+Object.defineProperty(exports, "generateCSP", { enumerable: true, get: function () { return csp_1.generateCSP; } });
+Object.defineProperty(exports, "getRecommendedCSP", { enumerable: true, get: function () { return csp_1.getRecommendedCSP; } });
+Object.defineProperty(exports, "mergeCSP", { enumerable: true, get: function () { return csp_1.mergeCSP; } });
+Object.defineProperty(exports, "applyCSPMetaTag", { enumerable: true, get: function () { return csp_1.applyCSPMetaTag; } });
+Object.defineProperty(exports, "runSecurityChecklist", { enumerable: true, get: function () { return csp_1.runSecurityChecklist; } });
+Object.defineProperty(exports, "getSecuritySummary", { enumerable: true, get: function () { return csp_1.getSecuritySummary; } });
+Object.defineProperty(exports, "verifySecureContext", { enumerable: true, get: function () { return csp_1.verifySecureContext; } });
+Object.defineProperty(exports, "DEFAULT_CSP_DIRECTIVES", { enumerable: true, get: function () { return csp_1.DEFAULT_CSP_DIRECTIVES; } });
+//# sourceMappingURL=index.js.map

package/build/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,2BAA2B;AAC3B,yDAM6B;AAL3B,qHAAA,gBAAgB,OAAA;AAChB,kIAAA,6BAA6B,OAAA;AAM/B,sBAAsB;AACtB,+CAKwB;AAJtB,2GAAA,WAAW,OAAA;AACX,0HAAA,0BAA0B,OAAA;AAK5B,iBAAiB;AACjB,mDAI0B;AAHxB,+GAAA,aAAa,OAAA;AACb,qHAAA,mBAAmB,OAAA;AAIrB,gBAAgB;AAChB,+CASwB;AARtB,2GAAA,WAAW,OAAA;AACX,8GAAA,cAAc,OAAA;AACd,2GAAA,WAAW,OAAA;AACX,0GAAA,UAAU,OAAA;AACV,yGAAA,SAAS,OAAA;AACT,6GAAA,aAAa,OAAA;AAKf,gBAAgB;AAChB,yCAMqB;AALnB,qGAAA,QAAQ,OAAA;AACR,2GAAA,cAAc,OAAA;AAMhB,6BAA6B;AAC7B,6BAWe;AAVb,kGAAA,WAAW,OAAA;AACX,wGAAA,iBAAiB,OAAA;AACjB,+FAAA,QAAQ,OAAA;AACR,sGAAA,eAAe,OAAA;AACf,2GAAA,oBAAoB,OAAA;AACpB,yGAAA,kBAAkB,OAAA;AAClB,0GAAA,mBAAmB,OAAA;AACnB,6GAAA,sBAAsB,OAAA"}

package/build/security/origin-guard.d.ts

@@ -0,0 +1,90 @@
+/**
+ * Origin & Message Verification Layer
+ * Protects against MITM attacks and phishing callbacks
+ */
+export interface TrustedOrigins {
+    /** Mapping of walletId to allowed origins */
+    walletOrigins: Map<string, string[]>;
+    /** Your app's allowed origins */
+    appOrigins: string[];
+}
+export interface OriginGuardConfig {
+    /** Additional app origins to trust */
+    appOrigins?: string[];
+    /** Additional wallet origins */
+    walletOrigins?: Record<string, string[]>;
+    /** Allow HTTP in development */
+    allowInsecureInDev?: boolean;
+}
+export declare class OriginGuard {
+    private trusted;
+    private allowInsecureInDev;
+    private sessionSecret;
+    constructor(config?: OriginGuardConfig);
+    /**
+     * Add a trusted wallet origin
+     */
+    addWalletOrigin(walletId: string, origin: string): void;
+    /**
+     * Add a trusted app origin
+     */
+    addAppOrigin(origin: string): void;
+    /**
+     * Verify postMessage origin is from expected wallet
+     */
+    verifyMessageOrigin(event: MessageEvent, expectedWalletId?: string): boolean;
+    /**
+     * Verify deep link callback URL is safe
+     */
+    verifyCallbackUrl(url: string): {
+        valid: boolean;
+        reason?: string;
+    };
+    /**
+     * Generate secure callback URL with CSRF state token
+     */
+    generateSecureCallback(baseUrl: string, requestId: string): Promise<string>;
+    /**
+     * Verify callback state token matches expected
+     */
+    verifyState(state: string, requestId: string): Promise<boolean>;
+    /**
+     * Generate HMAC-based state token
+     */
+    private generateState;
+    /**
+     * Get or create session-specific secret
+     */
+    private getSessionSecret;
+    /**
+     * Compute HMAC-SHA256
+     */
+    private hmacSha256;
+    /**
+     * Timing-safe string comparison to prevent timing attacks
+     */
+    private timingSafeEqual;
+    /**
+     * Check if running in development environment
+     */
+    private isDevelopment;
+    /**
+     * Validate that current context is secure
+     */
+    verifySecureContext(): {
+        secure: boolean;
+        warnings: string[];
+    };
+    /**
+     * Get list of trusted origins for a wallet
+     */
+    getTrustedOrigins(walletId: string): string[];
+    /**
+     * Check if an origin is trusted for any wallet
+     */
+    isOriginTrusted(origin: string): boolean;
+}
+/**
+ * Create a message handler that validates origins
+ */
+export declare function createSecureMessageHandler<T>(guard: OriginGuard, expectedWalletId: string | undefined, handler: (data: T) => void): (event: MessageEvent) => void;

package/build/security/origin-guard.js

@@ -0,0 +1,244 @@
+"use strict";
+/**
+ * Origin & Message Verification Layer
+ * Protects against MITM attacks and phishing callbacks
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OriginGuard = void 0;
+exports.createSecureMessageHandler = createSecureMessageHandler;
+/** Known wallet origins */
+const DEFAULT_WALLET_ORIGINS = {
+    'hot-wallet': ['https://wallet.nicklatkovich.dev', 'https://hot-labs.org'],
+    'mynearwallet': ['https://app.mynearwallet.com'],
+    'meteor': ['https://wallet.meteorwallet.app'],
+    'here-wallet': ['https://my.herewallet.app'],
+    'sender': ['https://sender.org'],
+    'nightly': ['https://wallet.nightly.app'],
+    'mintbase': ['https://wallet.mintbase.xyz'],
+};
+class OriginGuard {
+    trusted;
+    allowInsecureInDev;
+    sessionSecret = null;
+    constructor(config = {}) {
+        // Initialize wallet origins from defaults + custom
+        const walletOrigins = new Map();
+        // Add default wallet origins
+        for (const [walletId, origins] of Object.entries(DEFAULT_WALLET_ORIGINS)) {
+            walletOrigins.set(walletId, origins);
+        }
+        // Add custom wallet origins
+        if (config.walletOrigins) {
+            for (const [walletId, origins] of Object.entries(config.walletOrigins)) {
+                const existing = walletOrigins.get(walletId) || [];
+                walletOrigins.set(walletId, [...existing, ...origins]);
+            }
+        }
+        // Determine app origins
+        const appOrigins = config.appOrigins || [];
+        if (typeof window !== 'undefined') {
+            appOrigins.push(window.location.origin);
+        }
+        this.trusted = { walletOrigins, appOrigins };
+        this.allowInsecureInDev = config.allowInsecureInDev ?? true;
+    }
+    /**
+     * Add a trusted wallet origin
+     */
+    addWalletOrigin(walletId, origin) {
+        const existing = this.trusted.walletOrigins.get(walletId) || [];
+        if (!existing.includes(origin)) {
+            this.trusted.walletOrigins.set(walletId, [...existing, origin]);
+        }
+    }
+    /**
+     * Add a trusted app origin
+     */
+    addAppOrigin(origin) {
+        if (!this.trusted.appOrigins.includes(origin)) {
+            this.trusted.appOrigins.push(origin);
+        }
+    }
+    /**
+     * Verify postMessage origin is from expected wallet
+     */
+    verifyMessageOrigin(event, expectedWalletId) {
+        const origin = event.origin;
+        // Check if from known wallet
+        if (expectedWalletId) {
+            const allowed = this.trusted.walletOrigins.get(expectedWalletId);
+            if (allowed && allowed.includes(origin)) {
+                return true;
+            }
+        }
+        // Check all wallet origins if no specific wallet expected
+        if (!expectedWalletId) {
+            for (const origins of this.trusted.walletOrigins.values()) {
+                if (origins.includes(origin)) {
+                    return true;
+                }
+            }
+        }
+        // Check if from trusted app origin
+        if (this.trusted.appOrigins.includes(origin)) {
+            return true;
+        }
+        console.warn(`[Security] Rejected message from untrusted origin: ${origin}`);
+        return false;
+    }
+    /**
+     * Verify deep link callback URL is safe
+     */
+    verifyCallbackUrl(url) {
+        try {
+            const parsed = new URL(url);
+            // Must be HTTPS in production
+            if (parsed.protocol !== 'https:') {
+                if (this.isDevelopment() && this.allowInsecureInDev) {
+                    // Allow HTTP in development
+                }
+                else {
+                    return { valid: false, reason: 'Callback URL must use HTTPS' };
+                }
+            }
+            // Must match app origin
+            if (!this.trusted.appOrigins.includes(parsed.origin)) {
+                return { valid: false, reason: `Callback origin ${parsed.origin} is not trusted` };
+            }
+            return { valid: true };
+        }
+        catch {
+            return { valid: false, reason: 'Invalid callback URL' };
+        }
+    }
+    /**
+     * Generate secure callback URL with CSRF state token
+     */
+    async generateSecureCallback(baseUrl, requestId) {
+        const url = new URL(baseUrl);
+        const state = await this.generateState(requestId);
+        url.searchParams.set('state', state);
+        url.searchParams.set('requestId', requestId);
+        return url.toString();
+    }
+    /**
+     * Verify callback state token matches expected
+     */
+    async verifyState(state, requestId) {
+        const expected = await this.generateState(requestId);
+        return this.timingSafeEqual(state, expected);
+    }
+    /**
+     * Generate HMAC-based state token
+     */
+    async generateState(requestId) {
+        const secret = this.getSessionSecret();
+        return this.hmacSha256(requestId, secret);
+    }
+    /**
+     * Get or create session-specific secret
+     */
+    getSessionSecret() {
+        if (this.sessionSecret) {
+            return this.sessionSecret;
+        }
+        if (typeof sessionStorage !== 'undefined') {
+            let secret = sessionStorage.getItem('near-connect:origin-secret');
+            if (!secret) {
+                secret = crypto.randomUUID();
+                sessionStorage.setItem('near-connect:origin-secret', secret);
+            }
+            this.sessionSecret = secret;
+            return secret;
+        }
+        // Fallback for non-browser environments
+        this.sessionSecret = crypto.randomUUID();
+        return this.sessionSecret;
+    }
+    /**
+     * Compute HMAC-SHA256
+     */
+    async hmacSha256(message, secret) {
+        const encoder = new TextEncoder();
+        const key = await crypto.subtle.importKey('raw', encoder.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
+        const signature = await crypto.subtle.sign('HMAC', key, encoder.encode(message));
+        return btoa(String.fromCharCode(...new Uint8Array(signature)));
+    }
+    /**
+     * Timing-safe string comparison to prevent timing attacks
+     */
+    timingSafeEqual(a, b) {
+        if (a.length !== b.length)
+            return false;
+        let result = 0;
+        for (let i = 0; i < a.length; i++) {
+            result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+        }
+        return result === 0;
+    }
+    /**
+     * Check if running in development environment
+     */
+    isDevelopment() {
+        if (typeof window === 'undefined')
+            return false;
+        return (window.location.hostname === 'localhost' ||
+            window.location.hostname === '127.0.0.1' ||
+            window.location.hostname.endsWith('.local'));
+    }
+    /**
+     * Validate that current context is secure
+     */
+    verifySecureContext() {
+        const warnings = [];
+        if (typeof window === 'undefined') {
+            return { secure: true, warnings: [] };
+        }
+        // Check secure context
+        if (!window.isSecureContext) {
+            warnings.push('Page is not in a secure context (HTTPS required for production)');
+        }
+        // Check if embedded in iframe (potential clickjacking)
+        if (window.self !== window.top) {
+            warnings.push('Page is embedded in an iframe - potential clickjacking risk');
+        }
+        // Check for cross-origin isolation
+        if (!crossOriginIsolated) {
+            // This is informational, not critical
+        }
+        return {
+            secure: warnings.length === 0,
+            warnings,
+        };
+    }
+    /**
+     * Get list of trusted origins for a wallet
+     */
+    getTrustedOrigins(walletId) {
+        return this.trusted.walletOrigins.get(walletId) || [];
+    }
+    /**
+     * Check if an origin is trusted for any wallet
+     */
+    isOriginTrusted(origin) {
+        for (const origins of this.trusted.walletOrigins.values()) {
+            if (origins.includes(origin))
+                return true;
+        }
+        return this.trusted.appOrigins.includes(origin);
+    }
+}
+exports.OriginGuard = OriginGuard;
+/**
+ * Create a message handler that validates origins
+ */
+function createSecureMessageHandler(guard, expectedWalletId, handler) {
+    return (event) => {
+        if (!guard.verifyMessageOrigin(event, expectedWalletId)) {
+            console.warn('[Security] Ignoring message from untrusted origin');
+            return;
+        }
+        handler(event.data);
+    };
+}
+//# sourceMappingURL=origin-guard.js.map

package/build/security/origin-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"origin-guard.js","sourceRoot":"","sources":["../../src/security/origin-guard.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAyRH,gEAYC;AAnRD,2BAA2B;AAC3B,MAAM,sBAAsB,GAA6B;IACvD,YAAY,EAAE,CAAC,kCAAkC,EAAE,sBAAsB,CAAC;IAC1E,cAAc,EAAE,CAAC,8BAA8B,CAAC;IAChD,QAAQ,EAAE,CAAC,iCAAiC,CAAC;IAC7C,aAAa,EAAE,CAAC,2BAA2B,CAAC;IAC5C,QAAQ,EAAE,CAAC,oBAAoB,CAAC;IAChC,SAAS,EAAE,CAAC,4BAA4B,CAAC;IACzC,UAAU,EAAE,CAAC,6BAA6B,CAAC;CAC5C,CAAC;AAEF,MAAa,WAAW;IACd,OAAO,CAAiB;IACxB,kBAAkB,CAAU;IAC5B,aAAa,GAAkB,IAAI,CAAC;IAE5C,YAAY,SAA4B,EAAE;QACxC,mDAAmD;QACnD,MAAM,aAAa,GAAG,IAAI,GAAG,EAAoB,CAAC;QAElD,6BAA6B;QAC7B,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzE,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;QAED,4BAA4B;QAC5B,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;gBACvE,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnD,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAG,QAAQ,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;QAC3C,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC;QAC7C,IAAI,CAAC,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,QAAgB,EAAE,MAAc;QAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAChE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAG,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,MAAc;QACzB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,KAAmB,EAAE,gBAAyB;QAChE,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QAE5B,6BAA6B;QAC7B,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YACjE,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,0DAA0D;QAC1D,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1D,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC7B,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,sDAAsD,MAAM,EAAE,CAAC,CAAC;QAC7E,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,GAAW;QAC3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAE5B,8BAA8B;YAC9B,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACjC,IAAI,IAAI,CAAC,aAAa,EAAE,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBACpD,4BAA4B;gBAC9B,CAAC;qBAAM,CAAC;oBACN,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;gBACjE,CAAC;YACH,CAAC;YAED,wBAAwB;YACxB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;gBACrD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,MAAM,CAAC,MAAM,iBAAiB,EAAE,CAAC;YACrF,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;QAC1D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,OAAe,EAAE,SAAiB;QAC7D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAC7C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,SAAiB;QAChD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,SAAiB;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,gBAAgB;QACtB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC;QAED,IAAI,OAAO,cAAc,KAAK,WAAW,EAAE,CAAC;YAC1C,IAAI,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC7B,cAAc,CAAC,OAAO,CAAC,4BAA4B,EAAE,MAAM,CAAC,CAAC;YAC/D,CAAC;YACD,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;YAC5B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,wCAAwC;QACxC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,OAAe,EAAE,MAAc;QACtD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QACjF,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,CAAS,EAAE,CAAS;QAC1C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACxC,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,MAAM,KAAK,CAAC,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,aAAa;QACnB,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAO,KAAK,CAAC;QAChD,OAAO,CACL,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,WAAW;YACxC,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,WAAW;YACxC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAC5C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACxC,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;QACnF,CAAC;QAED,uDAAuD;QACvD,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;QAC/E,CAAC;QAED,mCAAmC;QACnC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,sCAAsC;QACxC,CAAC;QAED,OAAO;YACL,MAAM,EAAE,QAAQ,CAAC,MAAM,KAAK,CAAC;YAC7B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,QAAgB;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,MAAc;QAC5B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1D,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;CACF;AAvPD,kCAuPC;AAED;;GAEG;AACH,SAAgB,0BAA0B,CACxC,KAAkB,EAClB,gBAAoC,EACpC,OAA0B;IAE1B,OAAO,CAAC,KAAmB,EAAE,EAAE;QAC7B,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC;YACxD,OAAO,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,IAAS,CAAC,CAAC;IAC3B,CAAC,CAAC;AACJ,CAAC"}

package/build/security/rate-limiter.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Rate Limiting & Anti-Abuse Layer
+ * Prevents brute force attacks and rapid-fire abuse
+ */
+export interface RateLimitConfig {
+    /** Maximum requests allowed in the time window */
+    maxRequests: number;
+    /** Time window in milliseconds */
+    windowMs: number;
+    /** Duration to block after limit exceeded (optional) */
+    blockDurationMs?: number;
+    /** Whether to use sliding window (vs fixed window) */
+    slidingWindow?: boolean;
+}
+export interface RateLimitResult {
+    /** Whether the request is allowed */
+    allowed: boolean;
+    /** Seconds until retry is allowed (if blocked) */
+    retryAfter?: number;
+    /** Number of remaining requests in current window */
+    remaining: number;
+    /** Time until window resets (ms) */
+    resetIn: number;
+}
+export declare class RateLimiter {
+    private entries;
+    private config;
+    constructor(config?: Partial<RateLimitConfig>);
+    /**
+     * Check if an action is allowed and record the request
+     */
+    check(action: string): RateLimitResult;
+    /**
+     * Check without recording (peek)
+     */
+    peek(action: string): RateLimitResult;
+    /**
+     * Reset limits for an action
+     */
+    reset(action: string): void;
+    /**
+     * Reset all limits
+     */
+    resetAll(): void;
+    /**
+     * Manually block an action
+     */
+    block(action: string, durationMs?: number): void;
+    /**
+     * Unblock an action
+     */
+    unblock(action: string): void;
+    /**
+     * Get current status for all tracked actions
+     */
+    getStatus(): Map<string, RateLimitResult>;
+    /**
+     * Cleanup expired entries
+     */
+    cleanup(): void;
+}
+/**
+ * Pre-configured rate limiter for wallet connections
+ * Allows 5 connection attempts per minute, blocks for 2 minutes after
+ */
+export declare const connectLimiter: RateLimiter;
+/**
+ * Pre-configured rate limiter for transaction signing
+ * Allows 20 signs per minute, blocks for 1 minute after
+ */
+export declare const signLimiter: RateLimiter;
+/**
+ * Pre-configured rate limiter for RPC calls
+ * Allows 100 calls per minute
+ */
+export declare const rpcLimiter: RateLimiter;
+/**
+ * Decorator to rate limit a function
+ */
+export declare function rateLimit(limiter: RateLimiter, action: string): <T extends (...args: unknown[]) => Promise<unknown>>(_target: unknown, _propertyKey: string, descriptor: TypedPropertyDescriptor<T>) => TypedPropertyDescriptor<T>;
+/**
+ * Higher-order function to wrap an async function with rate limiting
+ */
+export declare function withRateLimit<T extends (...args: unknown[]) => Promise<unknown>>(fn: T, limiter: RateLimiter, action: string): T;