@skillsmith/core 0.1.2 → 0.4.0

package/dist/src/security/rate-limiter/token-bucket.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-bucket.js","sourceRoot":"","sources":["../../../../src/security/rate-limiter/token-bucket.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAeH;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAyB,EACzB,MAAyB,EACzB,GAAW,EACX,IAAY;IAEZ,MAAM,UAAU,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,GAAG,EAAE,CAAA;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAEtB,IAAI,CAAC;QACH,IAAI,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAE1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG;gBACP,MAAM,EAAE,MAAM,CAAC,SAAS;gBACxB,UAAU,EAAE,GAAG;gBACf,YAAY,EAAE,GAAG;aAClB,CAAA;QACH,CAAC;QAED,sCAAsC;QACtC,MAAM,SAAS,GAAG,GAAG,GAAG,MAAM,CAAC,UAAU,CAAA;QACzC,MAAM,cAAc,GAAG,SAAS,GAAG,IAAI,CAAA;QACvC,MAAM,WAAW,GAAG,cAAc,GAAG,MAAM,CAAC,UAAU,CAAA;QAEtD,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,CAAA;YACvE,MAAM,CAAC,UAAU,GAAG,GAAG,CAAA;QACzB,CAAC;QAED,iCAAiC;QACjC,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,IAAI,IAAI,CAAA;QAErC,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,MAAM,IAAI,IAAI,CAAA;YACrB,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;YAEtD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;gBACpC,KAAK,EAAE,MAAM,CAAC,SAAS;aACxB,CAAA;QACH,CAAC;aAAM,CAAC;YACN,MAAM,YAAY,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,CAAA;YACzC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAA;YACzE,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,GAAG,GAAG,YAAY,CAAC,CAAC,WAAW,EAAE,CAAA;YAE1D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;gBACpC,KAAK,EAAE,MAAM,CAAC,SAAS;gBACvB,YAAY;gBACZ,OAAO;aACR,CAAA;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sCAAsC;QACtC,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,CAAC;gBACZ,KAAK,EAAE,MAAM,CAAC,SAAS;gBACvB,YAAY,EAAE,MAAM,CAAC,QAAQ;aAC9B,CAAA;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,KAAK,EAAE,MAAM,CAAC,SAAS;SACxB,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAyB,EACzB,SAAiB,EACjB,GAAW;IAEX,MAAM,UAAU,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,CAAA;IACxC,OAAO,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;AACtC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAyB,EACzB,SAAiB,EACjB,GAAW;IAEX,MAAM,UAAU,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,CAAA;IACxC,MAAM,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;AAClC,CAAC"}

package/dist/src/security/rate-limiter/types.d.ts

@@ -0,0 +1,104 @@
+/**
+ * Rate Limiter Types - SMI-730, SMI-1013, SMI-1189
+ *
+ * Type definitions for rate limiting functionality.
+ */
+/**
+ * Rate limit metrics for monitoring and alerting
+ */
+export interface RateLimitMetrics {
+    /** Number of allowed requests */
+    allowed: number;
+    /** Number of blocked requests */
+    blocked: number;
+    /** Number of errors (storage failures, etc.) */
+    errors: number;
+    /** Last time metrics were reset */
+    lastReset: Date;
+    /** Last time metrics were updated */
+    lastUpdated: Date;
+}
+/**
+ * Rate limit configuration
+ */
+export interface RateLimitConfig {
+    /** Maximum tokens in bucket (burst capacity) */
+    maxTokens: number;
+    /** Tokens refilled per second */
+    refillRate: number;
+    /** Window duration in milliseconds (for cleanup) */
+    windowMs: number;
+    /** Key prefix for storage */
+    keyPrefix?: string;
+    /** Enable debug logging */
+    debug?: boolean;
+    /** Callback when rate limit is exceeded */
+    onLimitExceeded?: (key: string, metrics: RateLimitMetrics) => void;
+    /** Fail mode on storage errors: 'open' allows requests, 'closed' denies them (default: 'open') */
+    failMode?: 'open' | 'closed';
+    /** Enable request queuing when rate limited (SMI-1013, default: false) */
+    enableQueue?: boolean;
+    /** Maximum time to wait in queue in milliseconds (SMI-1013, default: 30000) */
+    queueTimeoutMs?: number;
+    /** Maximum number of requests that can wait in queue (SMI-1013, default: 100) */
+    maxQueueSize?: number;
+}
+/**
+ * Token bucket state
+ */
+export interface TokenBucket {
+    /** Current number of tokens */
+    tokens: number;
+    /** Last refill timestamp */
+    lastRefill: number;
+    /** First request timestamp (for window tracking) */
+    firstRequest: number;
+}
+/**
+ * Rate limit result
+ */
+export interface RateLimitResult {
+    /** Whether the request is allowed */
+    allowed: boolean;
+    /** Remaining tokens */
+    remaining: number;
+    /** Total tokens in bucket */
+    limit: number;
+    /** Milliseconds until bucket refills */
+    retryAfterMs?: number;
+    /** When the limit resets (ISO timestamp) */
+    resetAt?: string;
+    /** Current metrics for this key (optional) */
+    metrics?: RateLimitMetrics;
+    /** Whether the request waited in queue (SMI-1013) */
+    queued?: boolean;
+    /** Time spent waiting in queue in milliseconds (SMI-1013) */
+    queueWaitMs?: number;
+}
+/**
+ * Queued request waiting for a token (SMI-1013)
+ */
+export interface QueuedRequest {
+    /** Unique identifier for this request */
+    id: string;
+    /** Resolve function to signal the request can proceed */
+    resolve: (result: RateLimitResult) => void;
+    /** Reject function for timeout */
+    reject: (error: Error) => void;
+    /** Token cost for this request */
+    cost: number;
+    /** Timestamp when request was queued */
+    queuedAt: number;
+    /** Timeout handle */
+    timeoutHandle: NodeJS.Timeout;
+}
+/**
+ * Storage interface for rate limit data
+ */
+export interface RateLimitStorage {
+    get(key: string): Promise<TokenBucket | null>;
+    set(key: string, value: TokenBucket, ttlMs: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    clear?(): Promise<void>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/security/rate-limiter/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/security/rate-limiter/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAA;IACf,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAA;IACf,gDAAgD;IAChD,MAAM,EAAE,MAAM,CAAA;IACd,mCAAmC;IACnC,SAAS,EAAE,IAAI,CAAA;IACf,qCAAqC;IACrC,WAAW,EAAE,IAAI,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAA;IACjB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,oDAAoD;IACpD,QAAQ,EAAE,MAAM,CAAA;IAChB,6BAA6B;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,2CAA2C;IAC3C,eAAe,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB,KAAK,IAAI,CAAA;IAClE,kGAAkG;IAClG,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAA;IAC5B,0EAA0E;IAC1E,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iFAAiF;IACjF,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAA;IACd,4BAA4B;IAC5B,UAAU,EAAE,MAAM,CAAA;IAClB,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAA;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,qCAAqC;IACrC,OAAO,EAAE,OAAO,CAAA;IAChB,uBAAuB;IACvB,SAAS,EAAE,MAAM,CAAA;IACjB,6BAA6B;IAC7B,KAAK,EAAE,MAAM,CAAA;IACb,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,gBAAgB,CAAA;IAC1B,qDAAqD;IACrD,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,6DAA6D;IAC7D,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yCAAyC;IACzC,EAAE,EAAE,MAAM,CAAA;IACV,yDAAyD;IACzD,OAAO,EAAE,CAAC,MAAM,EAAE,eAAe,KAAK,IAAI,CAAA;IAC1C,kCAAkC;IAClC,MAAM,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAA;IAC9B,kCAAkC;IAClC,IAAI,EAAE,MAAM,CAAA;IACZ,wCAAwC;IACxC,QAAQ,EAAE,MAAM,CAAA;IAChB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC,OAAO,CAAA;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAA;IAC7C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAClE,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAClC,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACxB"}

package/dist/src/security/rate-limiter/types.js

@@ -0,0 +1,7 @@
+/**
+ * Rate Limiter Types - SMI-730, SMI-1013, SMI-1189
+ *
+ * Type definitions for rate limiting functionality.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/security/rate-limiter/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/security/rate-limiter/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/src/security/sanitization.d.ts

@@ -120,4 +120,89 @@ export declare function sanitizeUrl(url: string, maxLength?: number): string;
  * ```
  */
 export declare function sanitizeText(input: string, maxLength?: number): string;
+/**
+ * Stripe ID prefixes for validation
+ */
+declare const STRIPE_ID_PREFIXES: {
+    readonly customer: "cus_";
+    readonly subscription: "sub_";
+    readonly price: "price_";
+    readonly invoice: "in_";
+    readonly paymentIntent: "pi_";
+    readonly paymentMethod: "pm_";
+    readonly product: "prod_";
+    readonly checkout: "cs_";
+    readonly event: "evt_";
+};
+type StripeIdType = keyof typeof STRIPE_ID_PREFIXES;
+/**
+ * Validate a Stripe ID format
+ *
+ * Stripe IDs follow the pattern: prefix_alphanumeric
+ * - Prefix identifies the object type (cus_, sub_, price_, etc.)
+ * - Suffix is alphanumeric, typically 14-24 characters
+ *
+ * @param id - The Stripe ID to validate
+ * @param type - The expected ID type (customer, subscription, price, etc.)
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns true if valid, false otherwise
+ *
+ * @example
+ * ```typescript
+ * isValidStripeId('cus_OtLqEJvHu1Mvxm', 'customer')  // true
+ * isValidStripeId('sub_1234567890abcd', 'subscription')  // true
+ * isValidStripeId('invalid_id', 'customer')  // false
+ * ```
+ */
+export declare function isValidStripeId(id: string, type: StripeIdType, maxLength?: number): boolean;
+/**
+ * Sanitize a Stripe customer ID
+ *
+ * @param customerId - Raw customer ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized customer ID or empty string if invalid
+ *
+ * @example
+ * ```typescript
+ * sanitizeStripeCustomerId('cus_OtLqEJvHu1Mvxm')
+ * // Returns: 'cus_OtLqEJvHu1Mvxm'
+ *
+ * sanitizeStripeCustomerId('cus_<script>')
+ * // Returns: ''
+ * ```
+ */
+export declare function sanitizeStripeCustomerId(customerId: string, maxLength?: number): string;
+/**
+ * Sanitize a Stripe subscription ID
+ *
+ * @param subscriptionId - Raw subscription ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized subscription ID or empty string if invalid
+ */
+export declare function sanitizeStripeSubscriptionId(subscriptionId: string, maxLength?: number): string;
+/**
+ * Sanitize a Stripe price ID
+ *
+ * @param priceId - Raw price ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized price ID or empty string if invalid
+ */
+export declare function sanitizeStripePriceId(priceId: string, maxLength?: number): string;
+/**
+ * Sanitize a Stripe invoice ID
+ *
+ * @param invoiceId - Raw invoice ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized invoice ID or empty string if invalid
+ */
+export declare function sanitizeStripeInvoiceId(invoiceId: string, maxLength?: number): string;
+/**
+ * Sanitize a Stripe event ID (for webhooks)
+ *
+ * @param eventId - Raw event ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized event ID or empty string if invalid
+ */
+export declare function sanitizeStripeEventId(eventId: string, maxLength?: number): string;
+export {};
 //# sourceMappingURL=sanitization.d.ts.map

package/dist/src/security/sanitization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sanitization.d.ts","sourceRoot":"","sources":["../../../src/security/sanitization.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,+EAA+E;AAC/E,eAAO,MAAM,kBAAkB,SAAS,CAAA;AAExC;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAqB,GAAG,MAAM,CAgDlF;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,SAAqB,GAAG,MAAM,CAmFrF;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,YAAY,CAC1B,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,MAAM,EAChB,SAAS,SAAqB,GAC7B,MAAM,CAkGR;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,SAAqB,GAAG,MAAM,CAiD/E;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAqB,GAAG,MAAM,CA8BlF"}
+{"version":3,"file":"sanitization.d.ts","sourceRoot":"","sources":["../../../src/security/sanitization.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,+EAA+E;AAC/E,eAAO,MAAM,kBAAkB,SAAS,CAAA;AAExC;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAqB,GAAG,MAAM,CAgDlF;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,SAAqB,GAAG,MAAM,CAmFrF;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,YAAY,CAC1B,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,MAAM,EAChB,SAAS,SAAqB,GAC7B,MAAM,CAkGR;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,SAAqB,GAAG,MAAM,CAiD/E;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAqB,GAAG,MAAM,CA8BlF;AAMD;;GAEG;AACH,QAAA,MAAM,kBAAkB;;;;;;;;;;CAUd,CAAA;AAEV,KAAK,YAAY,GAAG,MAAM,OAAO,kBAAkB,CAAA;AAEnD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,eAAe,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,SAAM,GAAG,OAAO,CAqBxF;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,MAAM,CAMpF;AAED;;;;;;GAMG;AACH,wBAAgB,4BAA4B,CAAC,cAAc,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,MAAM,CAM5F;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,MAAM,CAM9E;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,MAAM,CAMlF;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,MAAM,CAM9E"}

package/dist/src/security/sanitization.js

@@ -375,4 +375,137 @@ export function sanitizeText(input, maxLength = DEFAULT_MAX_LENGTH) {
     sanitized = sanitized.trim();
     return sanitized;
 }
+// ============================================================================
+// Stripe ID Validators (SMI-1062)
+// ============================================================================
+/**
+ * Stripe ID prefixes for validation
+ */
+const STRIPE_ID_PREFIXES = {
+    customer: 'cus_',
+    subscription: 'sub_',
+    price: 'price_',
+    invoice: 'in_',
+    paymentIntent: 'pi_',
+    paymentMethod: 'pm_',
+    product: 'prod_',
+    checkout: 'cs_',
+    event: 'evt_',
+};
+/**
+ * Validate a Stripe ID format
+ *
+ * Stripe IDs follow the pattern: prefix_alphanumeric
+ * - Prefix identifies the object type (cus_, sub_, price_, etc.)
+ * - Suffix is alphanumeric, typically 14-24 characters
+ *
+ * @param id - The Stripe ID to validate
+ * @param type - The expected ID type (customer, subscription, price, etc.)
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns true if valid, false otherwise
+ *
+ * @example
+ * ```typescript
+ * isValidStripeId('cus_OtLqEJvHu1Mvxm', 'customer')  // true
+ * isValidStripeId('sub_1234567890abcd', 'subscription')  // true
+ * isValidStripeId('invalid_id', 'customer')  // false
+ * ```
+ */
+export function isValidStripeId(id, type, maxLength = 100) {
+    if (!id || typeof id !== 'string') {
+        return false;
+    }
+    if (id.length > maxLength || id.length < 5) {
+        return false;
+    }
+    const prefix = STRIPE_ID_PREFIXES[type];
+    if (!id.startsWith(prefix)) {
+        return false;
+    }
+    // Validate suffix is alphanumeric only
+    const suffix = id.slice(prefix.length);
+    if (!/^[a-zA-Z0-9]+$/.test(suffix)) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Sanitize a Stripe customer ID
+ *
+ * @param customerId - Raw customer ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized customer ID or empty string if invalid
+ *
+ * @example
+ * ```typescript
+ * sanitizeStripeCustomerId('cus_OtLqEJvHu1Mvxm')
+ * // Returns: 'cus_OtLqEJvHu1Mvxm'
+ *
+ * sanitizeStripeCustomerId('cus_<script>')
+ * // Returns: ''
+ * ```
+ */
+export function sanitizeStripeCustomerId(customerId, maxLength = 100) {
+    if (!isValidStripeId(customerId, 'customer', maxLength)) {
+        logger.warn('Invalid Stripe customer ID', { customerId: customerId?.slice(0, 20) });
+        return '';
+    }
+    return customerId;
+}
+/**
+ * Sanitize a Stripe subscription ID
+ *
+ * @param subscriptionId - Raw subscription ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized subscription ID or empty string if invalid
+ */
+export function sanitizeStripeSubscriptionId(subscriptionId, maxLength = 100) {
+    if (!isValidStripeId(subscriptionId, 'subscription', maxLength)) {
+        logger.warn('Invalid Stripe subscription ID', { subscriptionId: subscriptionId?.slice(0, 20) });
+        return '';
+    }
+    return subscriptionId;
+}
+/**
+ * Sanitize a Stripe price ID
+ *
+ * @param priceId - Raw price ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized price ID or empty string if invalid
+ */
+export function sanitizeStripePriceId(priceId, maxLength = 100) {
+    if (!isValidStripeId(priceId, 'price', maxLength)) {
+        logger.warn('Invalid Stripe price ID', { priceId: priceId?.slice(0, 20) });
+        return '';
+    }
+    return priceId;
+}
+/**
+ * Sanitize a Stripe invoice ID
+ *
+ * @param invoiceId - Raw invoice ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized invoice ID or empty string if invalid
+ */
+export function sanitizeStripeInvoiceId(invoiceId, maxLength = 100) {
+    if (!isValidStripeId(invoiceId, 'invoice', maxLength)) {
+        logger.warn('Invalid Stripe invoice ID', { invoiceId: invoiceId?.slice(0, 20) });
+        return '';
+    }
+    return invoiceId;
+}
+/**
+ * Sanitize a Stripe event ID (for webhooks)
+ *
+ * @param eventId - Raw event ID
+ * @param maxLength - Maximum allowed input length (default: 100)
+ * @returns Sanitized event ID or empty string if invalid
+ */
+export function sanitizeStripeEventId(eventId, maxLength = 100) {
+    if (!isValidStripeId(eventId, 'event', maxLength)) {
+        logger.warn('Invalid Stripe event ID', { eventId: eventId?.slice(0, 20) });
+        return '';
+    }
+    return eventId;
+}
 //# sourceMappingURL=sanitization.js.map

package/dist/src/security/sanitization.js.map

@@ -1 +1 @@
-{"version":3,"file":"sanitization.js","sourceRoot":"","sources":["../../../src/security/sanitization.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAEjD,MAAM,MAAM,GAAG,YAAY,CAAC,cAAc,CAAC,CAAA;AAE3C,+EAA+E;AAC/E,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAA;AAExC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,SAAS,GAAG,kBAAkB;IACxE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,SAAS;YACT,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,uCAAuC;IACvC,IAAI,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,qDAAqD,EAAE,EAAE,CAAC,CAAA;IAExF,iDAAiD;IACjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAA;IACnE,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAA;IAE5D,8BAA8B;IAC9B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAA;IAElD,8CAA8C;IAC9C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAA;IAEtD,4BAA4B;IAC5B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAA;IAEhD,+BAA+B;IAC/B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,+CAA+C,EAAE,EAAE,CAAC,CAAA;IAElF,6CAA6C;IAC7C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,kDAAkD,EAAE,EAAE,CAAC,CAAA;IAErF,+CAA+C;IAC/C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,2CAA2C,EAAE,EAAE,CAAC,CAAA;IAE9E,2CAA2C;IAC3C,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE;YAC7B,cAAc,EAAE,KAAK,CAAC,MAAM;YAC5B,eAAe,EAAE,SAAS,CAAC,MAAM;SAClC,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,SAAS,GAAG,kBAAkB;IAC3E,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;YACT,QAAQ,EAAE,kBAAkB;SAC7B,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,SAAS,GAAG,IAAI,CAAA;IAEpB,yBAAyB;IACzB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;IAE3C,qCAAqC;IACrC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;IAEzC,8CAA8C;IAC9C,0EAA0E;IAC1E,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAA;IAErD,2DAA2D;IAC3D,qDAAqD;IACrD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAA;IAExD,6EAA6E;IAC7E,sDAAsD;IACtD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;IAE7C,qCAAqC;IACrC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;IAE7C,kBAAkB;IAClB,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAA;IAE5B,yCAAyC;IACzC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,SAAS,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;QACvE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,iCAAiC;IACjC,MAAM,aAAa,GAAG;QACpB,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;KACP,CAAA;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;IACtD,IAAI,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;QAC/D,OAAO,GAAG,SAAS,OAAO,CAAA;IAC5B,CAAC;IAED,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,YAAY,CAC1B,IAAY,EACZ,OAAgB,EAChB,SAAS,GAAG,kBAAkB;IAE9B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;YACT,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,SAAS,GAAG,IAAI,CAAA;IAEpB,+CAA+C;IAC/C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAEzC,oDAAoD;IACpD,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IAC5C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;IAEzC,8EAA8E;IAC9E,kEAAkE;IAClE,IAAI,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;QACxD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,uCAAuC;IACvC,4DAA4D;IAC5D,2EAA2E;IAC3E,gEAAgE;IAChE,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACxC,MAAM,QAAQ,GAAa,EAAE,CAAA;IAC7B,IAAI,KAAK,GAAG,CAAC,CAAA;IACb,IAAI,cAAc,GAAG,CAAC,CAAA;IAEtB,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;QAClC,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,GAAG;YAAE,SAAQ;QAEzC,qCAAqC;QACrC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,cAAc,EAAE,CAAA;YAChB,IAAI,cAAc,GAAG,KAAK,EAAE,CAAC;gBAC3B,yDAAyD;gBACzD,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;gBACjE,MAAK;YACP,CAAC;YACD,uEAAuE;YACvE,SAAQ;QACV,CAAC;QAED,yCAAyC;QACzC,0EAA0E;QAC1E,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;YACpE,SAAQ;QACV,CAAC;QAED,2BAA2B;QAC3B,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAA;QAClD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;YAC/B,KAAK,EAAE,CAAA;QACT,CAAC;IACH,CAAC;IAED,eAAe;IACf,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAE9B,iDAAiD;IACjD,IAAI,UAAU,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,SAAS,GAAG,GAAG,GAAG,SAAS,CAAA;IAC7B,CAAC;IAED,wDAAwD;IACxD,IAAI,OAAO,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;QACtE,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,cAAc,IAAI,SAAS,EAAE,CAAA;QAE1E,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,cAAc,GAAG,GAAG,CAAC,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;YAC9E,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACzC,IAAI;gBACJ,OAAO;gBACP,QAAQ;aACT,CAAC,CAAA;YACF,OAAO,EAAE,CAAA;QACX,CAAC;IACH,CAAC;IAED,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,SAAS,GAAG,kBAAkB;IACrE,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,SAAS;YACT,QAAQ,EAAE,aAAa;SACxB,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,yCAAyC;IACzC,0EAA0E;IAC1E,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAA;IAE1D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAA;QAE/B,sCAAsC;QACtC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAA;YAChF,OAAO,EAAE,CAAA;QACX,CAAC;QAED,uCAAuC;QACvC,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAA;YAClE,OAAO,EAAE,CAAA;QACX,CAAC;QAED,oDAAoD;QACpD,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAA;QAEnC,IAAI,SAAS,KAAK,GAAG,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,CAAA;QAC7D,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAA;QAC1D,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,SAAS,GAAG,kBAAkB;IACxE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,SAAS;YACT,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,SAAS,GAAG,KAAK,CAAA;IAErB,mDAAmD;IACnD,0EAA0E;IAC1E,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,oCAAoC,EAAE,EAAE,CAAC,CAAA;IAEvE,+BAA+B;IAC/B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,wBAAwB,EAAE,EAAE,CAAC,CAAA;IAE3D,oBAAoB;IACpB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IAEtC,OAAO;IACP,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAA;IAE5B,OAAO,SAAS,CAAA;AAClB,CAAC"}
+{"version":3,"file":"sanitization.js","sourceRoot":"","sources":["../../../src/security/sanitization.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAEjD,MAAM,MAAM,GAAG,YAAY,CAAC,cAAc,CAAC,CAAA;AAE3C,+EAA+E;AAC/E,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAA;AAExC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,SAAS,GAAG,kBAAkB;IACxE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,SAAS;YACT,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,uCAAuC;IACvC,IAAI,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,qDAAqD,EAAE,EAAE,CAAC,CAAA;IAExF,iDAAiD;IACjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAA;IACnE,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAA;IAE5D,8BAA8B;IAC9B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAA;IAElD,8CAA8C;IAC9C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAA;IAEtD,4BAA4B;IAC5B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAA;IAEhD,+BAA+B;IAC/B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,+CAA+C,EAAE,EAAE,CAAC,CAAA;IAElF,6CAA6C;IAC7C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,kDAAkD,EAAE,EAAE,CAAC,CAAA;IAErF,+CAA+C;IAC/C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,2CAA2C,EAAE,EAAE,CAAC,CAAA;IAE9E,2CAA2C;IAC3C,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE;YAC7B,cAAc,EAAE,KAAK,CAAC,MAAM;YAC5B,eAAe,EAAE,SAAS,CAAC,MAAM;SAClC,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,SAAS,GAAG,kBAAkB;IAC3E,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;YACT,QAAQ,EAAE,kBAAkB;SAC7B,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,SAAS,GAAG,IAAI,CAAA;IAEpB,yBAAyB;IACzB,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;IAE3C,qCAAqC;IACrC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;IAEzC,8CAA8C;IAC9C,0EAA0E;IAC1E,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAA;IAErD,2DAA2D;IAC3D,qDAAqD;IACrD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAA;IAExD,6EAA6E;IAC7E,sDAAsD;IACtD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;IAE7C,qCAAqC;IACrC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;IAE7C,kBAAkB;IAClB,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAA;IAE5B,yCAAyC;IACzC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,SAAS,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;QACvE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,iCAAiC;IACjC,MAAM,aAAa,GAAG;QACpB,KAAK;QACL,KAAK;QACL,KAAK;QACL,KAAK;QACL,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;QACN,MAAM;KACP,CAAA;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;IACtD,IAAI,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;QAC/D,OAAO,GAAG,SAAS,OAAO,CAAA;IAC5B,CAAC;IAED,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,YAAY,CAC1B,IAAY,EACZ,OAAgB,EAChB,SAAS,GAAG,kBAAkB;IAE9B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;YACT,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,SAAS,GAAG,IAAI,CAAA;IAEpB,+CAA+C;IAC/C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAEzC,oDAAoD;IACpD,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IAC5C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;IAEzC,8EAA8E;IAC9E,kEAAkE;IAClE,IAAI,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;QACxD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,uCAAuC;IACvC,4DAA4D;IAC5D,2EAA2E;IAC3E,gEAAgE;IAChE,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACxC,MAAM,QAAQ,GAAa,EAAE,CAAA;IAC7B,IAAI,KAAK,GAAG,CAAC,CAAA;IACb,IAAI,cAAc,GAAG,CAAC,CAAA;IAEtB,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;QAClC,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,GAAG;YAAE,SAAQ;QAEzC,qCAAqC;QACrC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,cAAc,EAAE,CAAA;YAChB,IAAI,cAAc,GAAG,KAAK,EAAE,CAAC;gBAC3B,yDAAyD;gBACzD,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;gBACjE,MAAK;YACP,CAAC;YACD,uEAAuE;YACvE,SAAQ;QACV,CAAC;QAED,yCAAyC;QACzC,0EAA0E;QAC1E,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;YACpE,SAAQ;QACV,CAAC;QAED,2BAA2B;QAC3B,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAA;QAClD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;YAC/B,KAAK,EAAE,CAAA;QACT,CAAC;IACH,CAAC;IAED,eAAe;IACf,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAE9B,iDAAiD;IACjD,IAAI,UAAU,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,SAAS,GAAG,GAAG,GAAG,SAAS,CAAA;IAC7B,CAAC;IAED,wDAAwD;IACxD,IAAI,OAAO,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;QACtE,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,cAAc,IAAI,SAAS,EAAE,CAAA;QAE1E,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,cAAc,GAAG,GAAG,CAAC,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;YAC9E,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;gBACzC,IAAI;gBACJ,OAAO;gBACP,QAAQ;aACT,CAAC,CAAA;YACF,OAAO,EAAE,CAAA;QACX,CAAC;IACH,CAAC;IAED,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;IAC/D,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,SAAS,GAAG,kBAAkB;IACrE,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,SAAS;YACT,QAAQ,EAAE,aAAa;SACxB,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,yCAAyC;IACzC,0EAA0E;IAC1E,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAA;IAE1D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAA;QAE/B,sCAAsC;QACtC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAA;YAChF,OAAO,EAAE,CAAA;QACX,CAAC;QAED,uCAAuC;QACvC,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAA;YAClE,OAAO,EAAE,CAAA;QACX,CAAC;QAED,oDAAoD;QACpD,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAA;QAEnC,IAAI,SAAS,KAAK,GAAG,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,CAAA;QAC7D,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAA;QAC1D,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,SAAS,GAAG,kBAAkB;IACxE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,SAAS;YACT,QAAQ,EAAE,cAAc;SACzB,CAAC,CAAA;QACF,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,SAAS,GAAG,KAAK,CAAA;IAErB,mDAAmD;IACnD,0EAA0E;IAC1E,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,oCAAoC,EAAE,EAAE,CAAC,CAAA;IAEvE,+BAA+B;IAC/B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,wBAAwB,EAAE,EAAE,CAAC,CAAA;IAE3D,oBAAoB;IACpB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IAEtC,OAAO;IACP,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAA;IAE5B,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,+EAA+E;AAC/E,kCAAkC;AAClC,+EAA+E;AAE/E;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,QAAQ,EAAE,MAAM;IAChB,YAAY,EAAE,MAAM;IACpB,KAAK,EAAE,QAAQ;IACf,OAAO,EAAE,KAAK;IACd,aAAa,EAAE,KAAK;IACpB,aAAa,EAAE,KAAK;IACpB,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,KAAK;IACf,KAAK,EAAE,MAAM;CACL,CAAA;AAIV;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,eAAe,CAAC,EAAU,EAAE,IAAkB,EAAE,SAAS,GAAG,GAAG;IAC7E,IAAI,CAAC,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,EAAE,CAAC,MAAM,GAAG,SAAS,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAA;IACd,CAAC;IAED,uCAAuC;IACvC,MAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACtC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,wBAAwB,CAAC,UAAkB,EAAE,SAAS,GAAG,GAAG;IAC1E,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;QACnF,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,4BAA4B,CAAC,cAAsB,EAAE,SAAS,GAAG,GAAG;IAClF,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,cAAc,EAAE,SAAS,CAAC,EAAE,CAAC;QAChE,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;QAC/F,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,cAAc,CAAA;AACvB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe,EAAE,SAAS,GAAG,GAAG;IACpE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;QAC1E,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAAiB,EAAE,SAAS,GAAG,GAAG;IACxE,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;QAChF,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe,EAAE,SAAS,GAAG,GAAG;IACpE,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;QAC1E,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC"}

package/dist/src/security/{scanner.d.ts → scanner/SecurityScanner.d.ts}

@@ -1,66 +1,9 @@
 /**
- * SMI-587: Security Scanner
- * SMI-685: Enhanced security scanning with severity scoring
- * SMI-882: ReDoS protection with input length limits and safe regex matching
- * Security scanning for skill content with advanced pattern detection
+ * Security Scanner - SMI-587, SMI-685, SMI-882, SMI-1189
+ *
+ * Security scanning for skill content with advanced pattern detection.
  */
-/**
- * Types of security findings that can be detected
- */
-export type SecurityFindingType = 'url' | 'sensitive_path' | 'jailbreak' | 'suspicious_pattern' | 'social_engineering' | 'prompt_leaking' | 'data_exfiltration' | 'privilege_escalation';
-/**
- * Severity levels for security findings
- */
-export type SecuritySeverity = 'low' | 'medium' | 'high' | 'critical';
-/**
- * Individual security finding from a scan
- */
-export interface SecurityFinding {
-    type: SecurityFindingType;
-    severity: SecuritySeverity;
-    message: string;
-    location?: string;
-    lineNumber?: number;
-    /** Category for grouping related findings */
-    category?: string;
-}
-/**
- * Risk score breakdown by category
- */
-export interface RiskScoreBreakdown {
-    jailbreak: number;
-    socialEngineering: number;
-    promptLeaking: number;
-    dataExfiltration: number;
-    privilegeEscalation: number;
-    suspiciousCode: number;
-    sensitivePaths: number;
-    externalUrls: number;
-}
-/**
- * Comprehensive scan report with risk scoring
- */
-export interface ScanReport {
-    skillId: string;
-    passed: boolean;
-    findings: SecurityFinding[];
-    scannedAt: Date;
-    scanDurationMs: number;
-    /** Overall risk score from 0-100 (0 = safe, 100 = extremely dangerous) */
-    riskScore: number;
-    /** Breakdown of risk score by category */
-    riskBreakdown: RiskScoreBreakdown;
-}
-/**
- * Configuration options for the security scanner
- */
-export interface ScannerOptions {
-    allowedDomains?: string[];
-    blockedPatterns?: RegExp[];
-    maxContentLength?: number;
-    /** Risk score threshold for failing a scan (default: 40) */
-    riskThreshold?: number;
-}
+import type { SecurityFinding, ScanReport, ScannerOptions, RiskScoreBreakdown } from './types.js';
 export declare class SecurityScanner {
     private allowedDomains;
     private blockedPatterns;
@@ -82,11 +25,13 @@ export declare class SecurityScanner {
     /**
      * Scan for sensitive file path references
      * SMI-882: Uses safeRegexCheck to prevent ReDoS
+     * SMI-1513: Mark findings in documentation context with lower confidence
      */
     private scanSensitivePaths;
     /**
      * Scan for jailbreak attempts
      * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * SMI-1513: Mark findings in documentation context with lower confidence
      */
     private scanJailbreakPatterns;
     /**
@@ -97,29 +42,49 @@ export declare class SecurityScanner {
     /**
      * SMI-685: Scan for social engineering attempts
      * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * SMI-1513: Mark findings in documentation context with lower confidence
      * Detects patterns like "pretend to be", "roleplay as", "you are now"
      */
     private scanSocialEngineering;
     /**
      * SMI-685: Scan for prompt leaking attempts
      * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * SMI-1513: Mark findings in documentation context with lower confidence
      * Detects patterns like "show me your instructions", "what are your rules"
      */
     private scanPromptLeaking;
     /**
      * SMI-685: Scan for data exfiltration patterns
      * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * SMI-1513: Mark findings in documentation context with lower confidence
      * Detects encoding to external URLs, file upload patterns
      */
     private scanDataExfiltration;
     /**
      * SMI-685: Scan for privilege escalation patterns
      * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * SMI-1513: Mark findings in documentation context with lower confidence
      * Detects sudo with passwords, chmod patterns, root access attempts
      */
     private scanPrivilegeEscalation;
+    /**
+     * SMI-1532: Scan for AI injection vulnerabilities (CVE-hardened)
+     * Optimized for sub-10ms scan time with compiled regex
+     * SMI-1513: Mark findings in documentation context with lower confidence
+     *
+     * Detects:
+     * - Role injection (system:/assistant:/user:)
+     * - Hidden instruction brackets [[...]]
+     * - HTML comment injection
+     * - Unicode homograph attacks
+     * - Prompt structure manipulation
+     * - Base64 encoded instructions
+     * - And more...
+     */
+    private scanAIDefenceVulnerabilities;
     /**
      * SMI-685: Calculate risk score from findings
+     * SMI-1513: Accounts for confidence levels (low confidence = reduced weight)
      * Aggregates multiple findings into a risk score from 0-100
      * @param findings - Array of security findings
      * @returns Risk score breakdown and total
@@ -131,6 +96,7 @@ export declare class SecurityScanner {
     /**
      * Perform full security scan
      * SMI-685: Enhanced with new pattern detection and risk scoring
+     * SMI-1513: Added markdown context awareness to reduce false positives
      */
     scan(skillId: string, content: string): ScanReport;
     /**
@@ -148,4 +114,4 @@ export declare class SecurityScanner {
     addBlockedPattern(pattern: RegExp): void;
 }
 export default SecurityScanner;
-//# sourceMappingURL=scanner.d.ts.map
+//# sourceMappingURL=SecurityScanner.d.ts.map

package/dist/src/security/scanner/SecurityScanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecurityScanner.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,eAAe,EACf,UAAU,EACV,cAAc,EACd,kBAAkB,EAEnB,MAAM,YAAY,CAAA;AAwFnB,qBAAa,eAAe;IAC1B,OAAO,CAAC,cAAc,CAAa;IACnC,OAAO,CAAC,eAAe,CAAU;IACjC,OAAO,CAAC,gBAAgB,CAAQ;IAChC,OAAO,CAAC,aAAa,CAAQ;gBAEjB,OAAO,GAAE,cAAmB;IAOxC;;OAEG;IACH,OAAO,CAAC,WAAW;IAenB;;OAEG;IACH,OAAO,CAAC,eAAe;IAcvB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAmBhB;;;;OAIG;IACH,OAAO,CAAC,kBAAkB;IAiC1B;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;IAkC7B;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAwC9B;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAkC7B;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAkCzB;;;;;OAKG;IACH,OAAO,CAAC,oBAAoB;IAkC5B;;;;;OAKG;IACH,OAAO,CAAC,uBAAuB;IAsC/B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,4BAA4B;IAoFpC;;;;;;OAMG;IACH,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG;QAC/C,KAAK,EAAE,MAAM,CAAA;QACb,SAAS,EAAE,kBAAkB,CAAA;KAC9B;IAyFD;;;;OAIG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,UAAU;IAoDlD;;;OAGG;IACH,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IASpC;;OAEG;IACH,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAItC;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;CAGzC;AAED,eAAe,eAAe,CAAA"}