npm - @tracehound/core - Versions diffs - 1.2.0 - Mend

@tracehound/core 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

package/README.md +125 -0
package/dist/core/agent.d.ts +89 -0
package/dist/core/agent.d.ts.map +1 -0
package/dist/core/agent.js +141 -0
package/dist/core/agent.js.map +1 -0
package/dist/core/audit-chain.d.ts +39 -0
package/dist/core/audit-chain.d.ts.map +1 -0
package/dist/core/audit-chain.js +87 -0
package/dist/core/audit-chain.js.map +1 -0
package/dist/core/cold-storage.d.ts +87 -0
package/dist/core/cold-storage.d.ts.map +1 -0
package/dist/core/cold-storage.js +53 -0
package/dist/core/cold-storage.js.map +1 -0
package/dist/core/evidence-factory.d.ts +85 -0
package/dist/core/evidence-factory.d.ts.map +1 -0
package/dist/core/evidence-factory.js +96 -0
package/dist/core/evidence-factory.js.map +1 -0
package/dist/core/evidence.d.ts +48 -0
package/dist/core/evidence.d.ts.map +1 -0
package/dist/core/evidence.js +135 -0
package/dist/core/evidence.js.map +1 -0
package/dist/core/fail-safe.d.ts +149 -0
package/dist/core/fail-safe.d.ts.map +1 -0
package/dist/core/fail-safe.js +217 -0
package/dist/core/fail-safe.js.map +1 -0
package/dist/core/hound-ipc.d.ts +91 -0
package/dist/core/hound-ipc.d.ts.map +1 -0
package/dist/core/hound-ipc.js +196 -0
package/dist/core/hound-ipc.js.map +1 -0
package/dist/core/hound-pool.d.ts +157 -0
package/dist/core/hound-pool.d.ts.map +1 -0
package/dist/core/hound-pool.js +337 -0
package/dist/core/hound-pool.js.map +1 -0
package/dist/core/hound-process.d.ts +14 -0
package/dist/core/hound-process.d.ts.map +1 -0
package/dist/core/hound-process.js +112 -0
package/dist/core/hound-process.js.map +1 -0
package/dist/core/hound-worker.d.ts +14 -0
package/dist/core/hound-worker.d.ts.map +1 -0
package/dist/core/hound-worker.js +112 -0
package/dist/core/hound-worker.js.map +1 -0
package/dist/core/lane-queue.d.ts +121 -0
package/dist/core/lane-queue.d.ts.map +1 -0
package/dist/core/lane-queue.js +181 -0
package/dist/core/lane-queue.js.map +1 -0
package/dist/core/license-manager.d.ts +128 -0
package/dist/core/license-manager.d.ts.map +1 -0
package/dist/core/license-manager.js +219 -0
package/dist/core/license-manager.js.map +1 -0
package/dist/core/notification-emitter.d.ts +140 -0
package/dist/core/notification-emitter.d.ts.map +1 -0
package/dist/core/notification-emitter.js +197 -0
package/dist/core/notification-emitter.js.map +1 -0
package/dist/core/process-adapter.d.ts +146 -0
package/dist/core/process-adapter.d.ts.map +1 -0
package/dist/core/process-adapter.js +174 -0
package/dist/core/process-adapter.js.map +1 -0
package/dist/core/quarantine.d.ts +95 -0
package/dist/core/quarantine.d.ts.map +1 -0
package/dist/core/quarantine.js +221 -0
package/dist/core/quarantine.js.map +1 -0
package/dist/core/rate-limiter.d.ts +94 -0
package/dist/core/rate-limiter.d.ts.map +1 -0
package/dist/core/rate-limiter.js +156 -0
package/dist/core/rate-limiter.js.map +1 -0
package/dist/core/s3-cold-storage.d.ts +116 -0
package/dist/core/s3-cold-storage.d.ts.map +1 -0
package/dist/core/s3-cold-storage.js +198 -0
package/dist/core/s3-cold-storage.js.map +1 -0
package/dist/core/scheduler.d.ts +126 -0
package/dist/core/scheduler.d.ts.map +1 -0
package/dist/core/scheduler.js +138 -0
package/dist/core/scheduler.js.map +1 -0
package/dist/core/security-state.d.ts +170 -0
package/dist/core/security-state.d.ts.map +1 -0
package/dist/core/security-state.js +156 -0
package/dist/core/security-state.js.map +1 -0
package/dist/core/tier-capacity.d.ts +58 -0
package/dist/core/tier-capacity.d.ts.map +1 -0
package/dist/core/tier-capacity.js +89 -0
package/dist/core/tier-capacity.js.map +1 -0
package/dist/core/tracehound.d.ts +85 -0
package/dist/core/tracehound.d.ts.map +1 -0
package/dist/core/tracehound.js +90 -0
package/dist/core/tracehound.js.map +1 -0
package/dist/core/trust-boundary.d.ts +85 -0
package/dist/core/trust-boundary.d.ts.map +1 -0
package/dist/core/trust-boundary.js +71 -0
package/dist/core/trust-boundary.js.map +1 -0
package/dist/core/watcher.d.ts +153 -0
package/dist/core/watcher.d.ts.map +1 -0
package/dist/core/watcher.js +141 -0
package/dist/core/watcher.js.map +1 -0
package/dist/index.d.ts +53 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +112 -0
package/dist/index.js.map +1 -0
package/dist/types/audit.d.ts +45 -0
package/dist/types/audit.d.ts.map +1 -0
package/dist/types/audit.js +5 -0
package/dist/types/audit.js.map +1 -0
package/dist/types/common.d.ts +12 -0
package/dist/types/common.d.ts.map +1 -0
package/dist/types/common.js +5 -0
package/dist/types/common.js.map +1 -0
package/dist/types/config.d.ts +98 -0
package/dist/types/config.d.ts.map +1 -0
package/dist/types/config.js +58 -0
package/dist/types/config.js.map +1 -0
package/dist/types/errors.d.ts +118 -0
package/dist/types/errors.d.ts.map +1 -0
package/dist/types/errors.js +266 -0
package/dist/types/errors.js.map +1 -0
package/dist/types/evidence.d.ts +102 -0
package/dist/types/evidence.d.ts.map +1 -0
package/dist/types/evidence.js +5 -0
package/dist/types/evidence.js.map +1 -0
package/dist/types/index.d.ts +18 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +9 -0
package/dist/types/index.js.map +1 -0
package/dist/types/result.d.ts +62 -0
package/dist/types/result.d.ts.map +1 -0
package/dist/types/result.js +34 -0
package/dist/types/result.js.map +1 -0
package/dist/types/scent.d.ts +55 -0
package/dist/types/scent.d.ts.map +1 -0
package/dist/types/scent.js +5 -0
package/dist/types/scent.js.map +1 -0
package/dist/types/signature.d.ts +47 -0
package/dist/types/signature.d.ts.map +1 -0
package/dist/types/signature.js +68 -0
package/dist/types/signature.js.map +1 -0
package/dist/types/threat.d.ts +38 -0
package/dist/types/threat.d.ts.map +1 -0
package/dist/types/threat.js +18 -0
package/dist/types/threat.js.map +1 -0
package/dist/utils/binary-codec.d.ts +225 -0
package/dist/utils/binary-codec.d.ts.map +1 -0
package/dist/utils/binary-codec.js +266 -0
package/dist/utils/binary-codec.js.map +1 -0
package/dist/utils/compare.d.ts +26 -0
package/dist/utils/compare.d.ts.map +1 -0
package/dist/utils/compare.js +44 -0
package/dist/utils/compare.js.map +1 -0
package/dist/utils/encode.d.ts +39 -0
package/dist/utils/encode.d.ts.map +1 -0
package/dist/utils/encode.js +124 -0
package/dist/utils/encode.js.map +1 -0
package/dist/utils/hash.d.ts +19 -0
package/dist/utils/hash.d.ts.map +1 -0
package/dist/utils/hash.js +25 -0
package/dist/utils/hash.js.map +1 -0
package/dist/utils/id.d.ts +20 -0
package/dist/utils/id.d.ts.map +1 -0
package/dist/utils/id.js +47 -0
package/dist/utils/id.js.map +1 -0
package/dist/utils/runtime.d.ts +24 -0
package/dist/utils/runtime.d.ts.map +1 -0
package/dist/utils/runtime.js +68 -0
package/dist/utils/runtime.js.map +1 -0
package/dist/utils/serialize.d.ts +14 -0
package/dist/utils/serialize.d.ts.map +1 -0
package/dist/utils/serialize.js +27 -0
package/dist/utils/serialize.js.map +1 -0
package/package.json +54 -0

package/dist/utils/binary-codec.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"binary-codec.js","sourceRoot":"","sources":["../../src/utils/binary-codec.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AACrC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAA;AAEtC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAA;AACjC,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAA;AA4CrC;;;;;;;GAOG;AACH,MAAM,OAAO,SAAS;IACZ,YAAY,GAAG,CAAC,CAAA;IAChB,YAAY,GAAG,CAAC,CAAA;IAChB,gBAAgB,GAAG,CAAC,CAAA;IACpB,iBAAiB,GAAG,CAAC,CAAA;IAE7B;;;OAGG;IACH,MAAM,CAAC,KAAiB;QACtB,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,IAAI,CAAC,gBAAgB,IAAI,KAAK,CAAC,MAAM,CAAA;QAErC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,EAAE;YACjC,KAAK,EAAE,CAAC,EAAE,6BAA6B;SACxC,CAAC,CAAA;QAEF,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAA;QACzC,IAAI,CAAC,iBAAiB,IAAI,MAAM,CAAC,MAAM,CAAA;QAEvC,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,KAAiB;QACtB,IAAI,CAAC,YAAY,EAAE,CAAA;QAEnB,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;QACtC,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAA;IACrC,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAA;QAE5F,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,eAAe,EAAE,IAAI,CAAC,gBAAgB;YACtC,gBAAgB,EAAE,IAAI,CAAC,iBAAiB;YACxC,gBAAgB,EAAE,KAAK;SACxB,CAAC,CAAA;IACJ,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,KAAK,GAAG,IAAI,SAAS,EAAE,CAAA;IAC7B,wDAAwD;IACxD,OAAO;QACL,MAAM,EAAE,CAAC,KAAiB,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;KACnD,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,IAAI,SAAS,EAAE,CAAA;AACxB,CAAC;AAyBD;;;;;;;;;;GAUG;AACH,MAAM,OAAO,cAAc;IACjB,YAAY,GAAG,CAAC,CAAA;IAChB,YAAY,GAAG,CAAC,CAAA;IAChB,gBAAgB,GAAG,CAAC,CAAA;IACpB,iBAAiB,GAAG,CAAC,CAAA;IAE7B;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,KAAiB;QAC5B,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,IAAI,CAAC,gBAAgB,IAAI,KAAK,CAAC,MAAM,CAAA;QAErC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;QACvD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAA;QACzC,IAAI,CAAC,iBAAiB,IAAI,MAAM,CAAC,MAAM,CAAA;QAEvC,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,KAAiB;QAC5B,IAAI,CAAC,YAAY,EAAE,CAAA;QAEnB,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,CAAA;QAC7C,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAA;IACrC,CAAC;IAED;;OAEG;IACH,IAAI,KAAK;QACP,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAA;QAE5F,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,eAAe,EAAE,IAAI,CAAC,gBAAgB;YACtC,gBAAgB,EAAE,IAAI,CAAC,iBAAiB;YACxC,gBAAgB,EAAE,KAAK;SACxB,CAAC,CAAA;IACJ,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,IAAI,cAAc,EAAE,CAAA;AAC7B,CAAC;AAqBD;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,KAAK;IAGjB;IACA;IAHlB,YACE,OAAe,EACC,IAA+D,EAC/D,KAAe;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAA;QAHE,SAAI,GAAJ,IAAI,CAA2D;QAC/D,UAAK,GAAL,KAAK,CAAU;QAG/B,IAAI,CAAC,IAAI,GAAG,YAAY,CAAA;IAC1B,CAAC;CACF;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAmB;IACrD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;IAClD,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAA;IAClD,MAAM,IAAI,GAAG,UAAU,CAAC,eAAe,CAAC,CAAA;IAExC,OAAO;QACL,UAAU,EAAE,eAAe;QAC3B,IAAI;QACJ,YAAY,EAAE,OAAO,CAAC,MAAM;QAC5B,cAAc,EAAE,eAAe,CAAC,MAAM;KACvC,CAAA;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,MAAM,CAAC,OAAuB;IAC5C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IAC/C,OAAO,QAAQ,KAAK,OAAO,CAAC,IAAI,CAAA;AAClC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAuB;IACzD,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QACnD,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAA;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,oEAAoE;QACpE,8DAA8D;QAC9D,MAAM,IAAI,UAAU,CAAC,oDAAoD,EAAE,eAAe,EAAE,GAAG,CAAC,CAAA;IAClG,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,6EAA6E;AAC7E,+EAA+E;AAE/E;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,OAAmB;IAChE,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;QACzD,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAA;QAClD,MAAM,IAAI,GAAG,UAAU,CAAC,eAAe,CAAC,CAAA;QAExC,OAAO;YACL,UAAU,EAAE,eAAe;YAC3B,IAAI;YACJ,YAAY,EAAE,OAAO,CAAC,MAAM;YAC5B,cAAc,EAAE,eAAe,CAAC,MAAM;SACvC,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,UAAU,CAAC,0BAA0B,EAAE,eAAe,EAAE,GAAG,CAAC,CAAA;IACxE,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,OAAuB;IACpE,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QAC1D,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAA;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,UAAU,CAAC,0DAA0D,EAAE,eAAe,EAAE,GAAG,CAAC,CAAA;IACxG,CAAC;AACH,CAAC"}

package/dist/utils/compare.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Constant-time comparison utilities.
+ * Prevents timing attacks on cryptographic comparisons (CWE-208).
+ */
+/**
+ * Perform constant-time string comparison.
+ * Uses Node.js crypto.timingSafeEqual internally.
+ *
+ * IMPORTANT: This MUST be used for all signature/hash comparisons
+ * to prevent timing attacks where attackers can statistically
+ * analyze response times to guess valid signatures.
+ *
+ * @param a - First string
+ * @param b - Second string
+ * @returns True if strings are equal
+ */
+export declare function constantTimeEqual(a: string, b: string): boolean;
+/**
+ * Perform constant-time buffer comparison.
+ *
+ * @param a - First buffer
+ * @param b - Second buffer
+ * @returns True if buffers are equal
+ */
+export declare function constantTimeBufferEqual(a: ArrayBuffer | Uint8Array, b: ArrayBuffer | Uint8Array): boolean;
+//# sourceMappingURL=compare.d.ts.map

package/dist/utils/compare.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"compare.d.ts","sourceRoot":"","sources":["../../src/utils/compare.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH;;;;;;;;;;;GAWG;AACH,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAY/D;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,CAAC,EAAE,WAAW,GAAG,UAAU,EAC3B,CAAC,EAAE,WAAW,GAAG,UAAU,GAC1B,OAAO,CAST"}

package/dist/utils/compare.js ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * Constant-time comparison utilities.
+ * Prevents timing attacks on cryptographic comparisons (CWE-208).
+ */
+import { timingSafeEqual } from 'node:crypto';
+/**
+ * Perform constant-time string comparison.
+ * Uses Node.js crypto.timingSafeEqual internally.
+ *
+ * IMPORTANT: This MUST be used for all signature/hash comparisons
+ * to prevent timing attacks where attackers can statistically
+ * analyze response times to guess valid signatures.
+ *
+ * @param a - First string
+ * @param b - Second string
+ * @returns True if strings are equal
+ */
+export function constantTimeEqual(a, b) {
+    // Fast path: different lengths are not equal
+    // Length comparison is safe - attacker already knows lengths
+    if (a.length !== b.length) {
+        return false;
+    }
+    // Convert to buffers for timing-safe comparison
+    const aBuf = Buffer.from(a, 'utf8');
+    const bBuf = Buffer.from(b, 'utf8');
+    return timingSafeEqual(aBuf, bBuf);
+}
+/**
+ * Perform constant-time buffer comparison.
+ *
+ * @param a - First buffer
+ * @param b - Second buffer
+ * @returns True if buffers are equal
+ */
+export function constantTimeBufferEqual(a, b) {
+    const aBuf = a instanceof Uint8Array ? a : new Uint8Array(a);
+    const bBuf = b instanceof Uint8Array ? b : new Uint8Array(b);
+    if (aBuf.length !== bBuf.length) {
+        return false;
+    }
+    return timingSafeEqual(aBuf, bBuf);
+}
+//# sourceMappingURL=compare.js.map

package/dist/utils/compare.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"compare.js","sourceRoot":"","sources":["../../src/utils/compare.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAE7C;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iBAAiB,CAAC,CAAS,EAAE,CAAS;IACpD,6CAA6C;IAC7C,6DAA6D;IAC7D,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAA;IACd,CAAC;IAED,gDAAgD;IAChD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;IACnC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;IAEnC,OAAO,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;AACpC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACrC,CAA2B,EAC3B,CAA2B;IAE3B,MAAM,IAAI,GAAG,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;IAC5D,MAAM,IAAI,GAAG,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;IAE5D,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;AACpC,CAAC"}

package/dist/utils/encode.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Payload encoding with size-first validation.
+ *
+ * SECURITY INVARIANT: Size check MUST happen BEFORE serialization
+ * to prevent memory exhaustion attacks via large payloads.
+ */
+import type { JsonSerializable } from '../types/common.js';
+/** Result of payload encoding */
+export interface EncodeResult {
+    /** UTF-8 encoded bytes */
+    bytes: Uint8Array;
+    /** Size in bytes */
+    size: number;
+    /** Canonical JSON string (for debugging only) */
+    canonical: string;
+}
+/**
+ * Encode payload to UTF-8 bytes with size-first validation.
+ *
+ * SECURITY: This function enforces the following invariants:
+ * 1. Payload structure is validated for edge cases
+ * 2. Size is checked AFTER encoding (actual byte size)
+ * 3. Returns bytes for direct use in signature hashing
+ *
+ * @param payload - JSON-serializable payload
+ * @param maxSize - Maximum allowed size in bytes
+ * @returns Encoded bytes and metadata
+ * @throws TracehoundError if validation fails
+ */
+export declare function encodePayload(payload: JsonSerializable, maxSize: number): EncodeResult;
+/**
+ * Quick size estimate without full encoding.
+ * Use for early rejection before detailed validation.
+ *
+ * NOTE: This is a conservative estimate. Actual UTF-8 size
+ * may be larger for non-ASCII characters.
+ */
+export declare function estimatePayloadSize(payload: JsonSerializable): number;
+//# sourceMappingURL=encode.d.ts.map

package/dist/utils/encode.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encode.d.ts","sourceRoot":"","sources":["../../src/utils/encode.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAM1D,iCAAiC;AACjC,MAAM,WAAW,YAAY;IAC3B,0BAA0B;IAC1B,KAAK,EAAE,UAAU,CAAA;IACjB,oBAAoB;IACpB,IAAI,EAAE,MAAM,CAAA;IACZ,iDAAiD;IACjD,SAAS,EAAE,MAAM,CAAA;CAClB;AAmFD;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,GAAG,YAAY,CAqBtF;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CAMrE"}

package/dist/utils/encode.js ADDED Viewed

@@ -0,0 +1,124 @@
+/**
+ * Payload encoding with size-first validation.
+ *
+ * SECURITY INVARIANT: Size check MUST happen BEFORE serialization
+ * to prevent memory exhaustion attacks via large payloads.
+ */
+import { Errors } from '../types/errors.js';
+const MAX_NESTING_DEPTH = 32;
+const MAX_OBJECT_KEYS = 1000;
+/**
+ * Validate payload structure for edge cases that could cause
+ * signature collisions or unexpected behavior.
+ *
+ * @throws TracehoundError if payload contains problematic values
+ */
+function validatePayloadStructure(value, path = 'root', depth = 0) {
+    if (depth > MAX_NESTING_DEPTH) {
+        throw Errors.serializationFailed(`max nesting depth exceeded at ${path} (${depth} > ${MAX_NESTING_DEPTH})`);
+    }
+    if (value === undefined) {
+        throw Errors.serializationFailed(`undefined value at ${path} - use null instead`);
+    }
+    if (typeof value === 'number') {
+        if (Number.isNaN(value)) {
+            throw Errors.serializationFailed(`NaN value at ${path} - not allowed`);
+        }
+        if (!Number.isFinite(value)) {
+            throw Errors.serializationFailed(`Infinity value at ${path} - not allowed`);
+        }
+    }
+    if (typeof value === 'function') {
+        throw Errors.serializationFailed(`function at ${path} - not serializable`);
+    }
+    if (typeof value === 'symbol') {
+        throw Errors.serializationFailed(`symbol at ${path} - not serializable`);
+    }
+    if (typeof value === 'bigint') {
+        throw Errors.serializationFailed(`bigint at ${path} - use string representation`);
+    }
+    if (Array.isArray(value)) {
+        for (let i = 0; i < value.length; i++) {
+            validatePayloadStructure(value[i], `${path}[${i}]`, depth + 1);
+        }
+    }
+    else if (value !== null && typeof value === 'object') {
+        // Check for circular references would require WeakSet tracking
+        // JSON.stringify will throw on circular refs anyway
+        const entries = Object.entries(value);
+        if (entries.length > MAX_OBJECT_KEYS) {
+            throw Errors.serializationFailed(`max object key count exceeded at ${path} (${entries.length} > ${MAX_OBJECT_KEYS})`);
+        }
+        for (const [key, val] of entries) {
+            if (val === undefined) {
+                throw Errors.serializationFailed(`undefined value at ${path}.${key} - use null or omit key`);
+            }
+            validatePayloadStructure(val, `${path}.${key}`, depth + 1);
+        }
+    }
+}
+/**
+ * Serialize value to canonical JSON with sorted keys.
+ * Ensures identical payloads produce identical strings.
+ */
+function canonicalize(value) {
+    return JSON.stringify(value, (_, v) => {
+        if (v !== null && typeof v === 'object' && !Array.isArray(v)) {
+            const sorted = {};
+            const obj = v;
+            Object.keys(obj)
+                .sort()
+                .forEach((key) => {
+                sorted[key] = obj[key];
+            });
+            return sorted;
+        }
+        return v;
+    });
+}
+/**
+ * Encode payload to UTF-8 bytes with size-first validation.
+ *
+ * SECURITY: This function enforces the following invariants:
+ * 1. Payload structure is validated for edge cases
+ * 2. Size is checked AFTER encoding (actual byte size)
+ * 3. Returns bytes for direct use in signature hashing
+ *
+ * @param payload - JSON-serializable payload
+ * @param maxSize - Maximum allowed size in bytes
+ * @returns Encoded bytes and metadata
+ * @throws TracehoundError if validation fails
+ */
+export function encodePayload(payload, maxSize) {
+    // Step 1: Validate structure (catches undefined, NaN, etc.)
+    validatePayloadStructure(payload);
+    // Step 2: Canonicalize to JSON string
+    const canonical = canonicalize(payload);
+    // Step 3: Encode to UTF-8 bytes
+    const encoder = new TextEncoder();
+    const bytes = encoder.encode(canonical);
+    // Step 4: Check size AFTER encoding (actual byte size, not string length)
+    if (bytes.length > maxSize) {
+        throw Errors.payloadTooLarge(bytes.length, maxSize);
+    }
+    return {
+        bytes,
+        size: bytes.length,
+        canonical,
+    };
+}
+/**
+ * Quick size estimate without full encoding.
+ * Use for early rejection before detailed validation.
+ *
+ * NOTE: This is a conservative estimate. Actual UTF-8 size
+ * may be larger for non-ASCII characters.
+ */
+export function estimatePayloadSize(payload) {
+    // Quick stringify without sorting (faster for estimation)
+    const json = JSON.stringify(payload);
+    // UTF-8: ASCII = 1 byte, others = up to 4 bytes
+    // Use 2x as conservative multiplier
+    return json.length * 2;
+}
+//# sourceMappingURL=encode.js.map

package/dist/utils/encode.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encode.js","sourceRoot":"","sources":["../../src/utils/encode.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAE3C,MAAM,iBAAiB,GAAG,EAAE,CAAA;AAC5B,MAAM,eAAe,GAAG,IAAI,CAAA;AAY5B;;;;;GAKG;AACH,SAAS,wBAAwB,CAAC,KAAc,EAAE,OAAe,MAAM,EAAE,QAAgB,CAAC;IACxF,IAAI,KAAK,GAAG,iBAAiB,EAAE,CAAC;QAC9B,MAAM,MAAM,CAAC,mBAAmB,CAC9B,iCAAiC,IAAI,KAAK,KAAK,MAAM,iBAAiB,GAAG,CAC1E,CAAA;IACH,CAAC;IAED,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,MAAM,CAAC,mBAAmB,CAAC,sBAAsB,IAAI,qBAAqB,CAAC,CAAA;IACnF,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,MAAM,CAAC,mBAAmB,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,CAAA;QACxE,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,MAAM,CAAC,mBAAmB,CAAC,qBAAqB,IAAI,gBAAgB,CAAC,CAAA;QAC7E,CAAC;IACH,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;QAChC,MAAM,MAAM,CAAC,mBAAmB,CAAC,eAAe,IAAI,qBAAqB,CAAC,CAAA;IAC5E,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,MAAM,CAAC,mBAAmB,CAAC,aAAa,IAAI,qBAAqB,CAAC,CAAA;IAC1E,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,MAAM,CAAC,mBAAmB,CAAC,aAAa,IAAI,8BAA8B,CAAC,CAAA;IACnF,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvD,+DAA+D;QAC/D,oDAAoD;QACpD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACrC,IAAI,OAAO,CAAC,MAAM,GAAG,eAAe,EAAE,CAAC;YACrC,MAAM,MAAM,CAAC,mBAAmB,CAC9B,oCAAoC,IAAI,KAAK,OAAO,CAAC,MAAM,MAAM,eAAe,GAAG,CACpF,CAAA;QACH,CAAC;QAED,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;YACjC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,MAAM,MAAM,CAAC,mBAAmB,CAAC,sBAAsB,IAAI,IAAI,GAAG,yBAAyB,CAAC,CAAA;YAC9F,CAAC;YACD,wBAAwB,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,GAAG,EAAE,EAAE,KAAK,GAAG,CAAC,CAAC,CAAA;QAC5D,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,YAAY,CAAC,KAAuB;IAC3C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAU,EAAE,EAAE;QAC7C,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7D,MAAM,MAAM,GAA4B,EAAE,CAAA;YAC1C,MAAM,GAAG,GAAG,CAA4B,CAAA;YACxC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;iBACb,IAAI,EAAE;iBACN,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBACf,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAA;YACxB,CAAC,CAAC,CAAA;YACJ,OAAO,MAAM,CAAA;QACf,CAAC;QACD,OAAO,CAAC,CAAA;IACV,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,aAAa,CAAC,OAAyB,EAAE,OAAe;IACtE,4DAA4D;IAC5D,wBAAwB,CAAC,OAAO,CAAC,CAAA;IAEjC,sCAAsC;IACtC,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAA;IAEvC,gCAAgC;IAChC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAEvC,0EAA0E;IAC1E,IAAI,KAAK,CAAC,MAAM,GAAG,OAAO,EAAE,CAAC;QAC3B,MAAM,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACrD,CAAC;IAED,OAAO;QACL,KAAK;QACL,IAAI,EAAE,KAAK,CAAC,MAAM;QAClB,SAAS;KACV,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAyB;IAC3D,0DAA0D;IAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACpC,gDAAgD;IAChD,oCAAoC;IACpC,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAA;AACxB,CAAC"}

package/dist/utils/hash.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Cryptographic hashing utilities.
+ */
+/**
+ * Compute SHA-256 hash of a string.
+ * Uses synchronous crypto for hot-path performance.
+ *
+ * @param data - String to hash
+ * @returns Lowercase hex string (64 characters)
+ */
+export declare function hash(data: string): string;
+/**
+ * Compute SHA-256 hash of a buffer.
+ *
+ * @param data - Buffer to hash
+ * @returns Lowercase hex string (64 characters)
+ */
+export declare function hashBuffer(data: ArrayBuffer | Uint8Array): string;
+//# sourceMappingURL=hash.d.ts.map

package/dist/utils/hash.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../src/utils/hash.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;;;;;GAMG;AACH,wBAAgB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEzC;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,WAAW,GAAG,UAAU,GAAG,MAAM,CAGjE"}

package/dist/utils/hash.js ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Cryptographic hashing utilities.
+ */
+import { createHash } from 'node:crypto';
+/**
+ * Compute SHA-256 hash of a string.
+ * Uses synchronous crypto for hot-path performance.
+ *
+ * @param data - String to hash
+ * @returns Lowercase hex string (64 characters)
+ */
+export function hash(data) {
+    return createHash('sha256').update(data).digest('hex');
+}
+/**
+ * Compute SHA-256 hash of a buffer.
+ *
+ * @param data - Buffer to hash
+ * @returns Lowercase hex string (64 characters)
+ */
+export function hashBuffer(data) {
+    const uint8 = data instanceof Uint8Array ? data : new Uint8Array(data);
+    return createHash('sha256').update(uint8).digest('hex');
+}
+//# sourceMappingURL=hash.js.map

package/dist/utils/hash.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/utils/hash.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAExC;;;;;;GAMG;AACH,MAAM,UAAU,IAAI,CAAC,IAAY;IAC/B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AACxD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,IAA8B;IACvD,MAAM,KAAK,GAAG,IAAI,YAAY,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAA;IACtE,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AACzD,CAAC"}

package/dist/utils/id.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Secure ID generation.
+ */
+/**
+ * Generate a secure, time-ordered unique ID.
+ * Combines UUIDv7 (time-ordered) with random suffix for unpredictability.
+ *
+ * Format: {uuidv7}-{random8chars}
+ *
+ * @returns Unique ID string
+ */
+export declare function generateSecureId(): string;
+/**
+ * Validate a secure ID format.
+ *
+ * @param id - ID to validate
+ * @returns True if valid format
+ */
+export declare function isValidSecureId(id: string): boolean;
+//# sourceMappingURL=id.d.ts.map

package/dist/utils/id.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"id.d.ts","sourceRoot":"","sources":["../../src/utils/id.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAIzC;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAwBnD"}

package/dist/utils/id.js ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Secure ID generation.
+ */
+import { randomBytes } from 'node:crypto';
+import { v7 as uuidv7 } from 'uuid';
+/**
+ * Generate a secure, time-ordered unique ID.
+ * Combines UUIDv7 (time-ordered) with random suffix for unpredictability.
+ *
+ * Format: {uuidv7}-{random8chars}
+ *
+ * @returns Unique ID string
+ */
+export function generateSecureId() {
+    const timeOrdered = uuidv7();
+    const randomSuffix = randomBytes(4).toString('hex');
+    return `${timeOrdered}-${randomSuffix}`;
+}
+/**
+ * Validate a secure ID format.
+ *
+ * @param id - ID to validate
+ * @returns True if valid format
+ */
+export function isValidSecureId(id) {
+    // UUIDv7 (36 chars) + hyphen + 8 hex chars = 45 chars
+    if (id.length !== 45)
+        return false;
+    const [uuid, suffix] = id.split('-').reduce((acc, part, i) => {
+        if (i < 5) {
+            acc[0] = acc[0] ? `${acc[0]}-${part}` : part;
+        }
+        else {
+            acc[1] = part;
+        }
+        return acc;
+    }, ['', '']);
+    // Validate UUID format (basic check)
+    const uuidPattern = /^[0-9a-f]{8}-[0-9a-f]{4}-7[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+    if (!uuidPattern.test(uuid))
+        return false;
+    // Validate suffix (8 hex chars)
+    if (suffix === undefined || !/^[0-9a-f]{8}$/i.test(suffix))
+        return false;
+    return true;
+}
+//# sourceMappingURL=id.js.map

package/dist/utils/id.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"id.js","sourceRoot":"","sources":["../../src/utils/id.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAA;AAEnC;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,WAAW,GAAG,MAAM,EAAE,CAAA;IAC5B,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IACnD,OAAO,GAAG,WAAW,IAAI,YAAY,EAAE,CAAA;AACzC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,EAAU;IACxC,sDAAsD;IACtD,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,KAAK,CAAA;IAElC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CACzC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE;QACf,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACV,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;QAC9C,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAA;QACf,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC,EACD,CAAC,EAAE,EAAE,EAAE,CAAqB,CAC7B,CAAA;IAED,qCAAqC;IACrC,MAAM,WAAW,GAAG,wEAAwE,CAAA;IAC5F,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAA;IAEzC,gCAAgC;IAChC,IAAI,MAAM,KAAK,SAAS,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAA;IAExE,OAAO,IAAI,CAAA;AACb,CAAC"}

package/dist/utils/runtime.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Runtime environment verification.
+ */
+/**
+ * Verify runtime environment meets security requirements.
+ *
+ * Checks:
+ * - --disable-proto=throw: Prevents prototype pollution via __proto__
+ * - --frozen-intrinsics: Freezes built-in prototypes
+ *
+ * @param strict - If true, throw on missing flags. If false, warn only.
+ * @throws {TracehoundError} if strict mode and flags missing
+ */
+export declare function verifyRuntime(strict: boolean): void;
+/**
+ * Get runtime environment info.
+ */
+export declare function getRuntimeInfo(): {
+    nodeVersion: string;
+    protoDisabled: boolean;
+    intrinsicsFrozen: boolean;
+    platform: string;
+};
+//# sourceMappingURL=runtime.d.ts.map

package/dist/utils/runtime.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../src/utils/runtime.ts"],"names":[],"mappings":"AAAA;;GAEG;AA6BH;;;;;;;;;GASG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CAoBnD;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI;IAChC,WAAW,EAAE,MAAM,CAAA;IACnB,aAAa,EAAE,OAAO,CAAA;IACtB,gBAAgB,EAAE,OAAO,CAAA;IACzB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAOA"}

package/dist/utils/runtime.js ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * Runtime environment verification.
+ */
+import { Errors } from '../types/errors.js';
+/**
+ * Check if prototype access is disabled.
+ * Returns true if --disable-proto=throw is set.
+ */
+function isProtoDisabled() {
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const obj = {};
+        // If __proto__ throws, flag is set correctly
+        void obj.__proto__;
+        return false;
+    }
+    catch {
+        return true;
+    }
+}
+/**
+ * Check if intrinsics are frozen.
+ * Returns true if --frozen-intrinsics is set.
+ */
+function areIntrinsicsFrozen() {
+    // If Object.prototype is frozen, flag is likely set
+    return Object.isFrozen(Object.prototype);
+}
+/**
+ * Verify runtime environment meets security requirements.
+ *
+ * Checks:
+ * - --disable-proto=throw: Prevents prototype pollution via __proto__
+ * - --frozen-intrinsics: Freezes built-in prototypes
+ *
+ * @param strict - If true, throw on missing flags. If false, warn only.
+ * @throws {TracehoundError} if strict mode and flags missing
+ */
+export function verifyRuntime(strict) {
+    const issues = [];
+    if (!isProtoDisabled()) {
+        issues.push('--disable-proto=throw not set. Prototype pollution via __proto__ possible.');
+    }
+    if (!areIntrinsicsFrozen()) {
+        issues.push('--frozen-intrinsics not set. Built-in prototypes can be modified.');
+    }
+    if (issues.length > 0) {
+        const message = `[tracehound] Runtime security issues:\n  - ${issues.join('\n  - ')}`;
+        if (strict) {
+            throw Errors.runtimeFlagMissing(issues.join(', '));
+        }
+        else {
+            console.warn(message);
+        }
+    }
+}
+/**
+ * Get runtime environment info.
+ */
+export function getRuntimeInfo() {
+    return {
+        nodeVersion: process.version,
+        protoDisabled: isProtoDisabled(),
+        intrinsicsFrozen: areIntrinsicsFrozen(),
+        platform: process.platform,
+    };
+}
+//# sourceMappingURL=runtime.js.map

package/dist/utils/runtime.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/utils/runtime.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAE3C;;;GAGG;AACH,SAAS,eAAe;IACtB,IAAI,CAAC;QACH,8DAA8D;QAC9D,MAAM,GAAG,GAAG,EAAS,CAAA;QACrB,6CAA6C;QAC7C,KAAK,GAAG,CAAC,SAAS,CAAA;QAClB,OAAO,KAAK,CAAA;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB;IAC1B,oDAAoD;IACpD,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;AAC1C,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,aAAa,CAAC,MAAe;IAC3C,MAAM,MAAM,GAAa,EAAE,CAAA;IAE3B,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,4EAA4E,CAAC,CAAA;IAC3F,CAAC;IAED,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAA;IAClF,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,8CAA8C,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAA;QAErF,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;QACpD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACvB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAM5B,OAAO;QACL,WAAW,EAAE,OAAO,CAAC,OAAO;QAC5B,aAAa,EAAE,eAAe,EAAE;QAChC,gBAAgB,EAAE,mBAAmB,EAAE;QACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAA;AACH,CAAC"}

package/dist/utils/serialize.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Deterministic JSON serialization with sorted keys.
+ */
+import type { JsonSerializable } from '../types/common.js';
+/**
+ * Serialize a value to a deterministic JSON string.
+ * Object keys are sorted to ensure identical payloads produce identical strings
+ * regardless of key insertion order.
+ *
+ * @param value - JSON-serializable value
+ * @returns Deterministic JSON string
+ */
+export declare function serialize(value: JsonSerializable): string;
+//# sourceMappingURL=serialize.d.ts.map

package/dist/utils/serialize.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"serialize.d.ts","sourceRoot":"","sources":["../../src/utils/serialize.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAE1D;;;;;;;GAOG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,gBAAgB,GAAG,MAAM,CAczD"}

package/dist/utils/serialize.js ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Deterministic JSON serialization with sorted keys.
+ */
+/**
+ * Serialize a value to a deterministic JSON string.
+ * Object keys are sorted to ensure identical payloads produce identical strings
+ * regardless of key insertion order.
+ *
+ * @param value - JSON-serializable value
+ * @returns Deterministic JSON string
+ */
+export function serialize(value) {
+    return JSON.stringify(value, (_, v) => {
+        if (v !== null && typeof v === 'object' && !Array.isArray(v)) {
+            const sorted = {};
+            const obj = v;
+            Object.keys(obj)
+                .sort()
+                .forEach((key) => {
+                sorted[key] = obj[key];
+            });
+            return sorted;
+        }
+        return v;
+    });
+}
+//# sourceMappingURL=serialize.js.map

package/dist/utils/serialize.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"serialize.js","sourceRoot":"","sources":["../../src/utils/serialize.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;;;;;;GAOG;AACH,MAAM,UAAU,SAAS,CAAC,KAAuB;IAC/C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAU,EAAE,EAAE;QAC7C,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7D,MAAM,MAAM,GAA4B,EAAE,CAAA;YAC1C,MAAM,GAAG,GAAG,CAA4B,CAAA;YACxC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;iBACb,IAAI,EAAE;iBACN,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBACf,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAA;YACxB,CAAC,CAAC,CAAA;YACJ,OAAO,MAAM,CAAA;QACf,CAAC;QACD,OAAO,CAAC,CAAA;IACV,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,54 @@
+{
+  "name": "@tracehound/core",
+  "version": "1.2.0",
+  "description": "Deterministic runtime security buffer for high-velocity APIs",
+  "license": "Apache-2.0",
+  "author": "Erdem Arslan <me@erdem.work>",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/tracehound/tracehound.git",
+    "directory": "packages/core"
+  },
+  "homepage": "https://github.com/tracehound/tracehound#readme",
+  "bugs": {
+    "url": "https://github.com/tracehound/tracehound/issues"
+  },
+  "keywords": [
+    "security",
+    "runtime",
+    "quarantine",
+    "evidence",
+    "forensics",
+    "waf",
+    "audit",
+    "deterministic"
+  ],
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "uuid": "^10.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "@types/uuid": "^10.0.0",
+    "vitest": "^2.0.0"
+  },
+  "peerDependencies": {
+    "typescript": "^5.3.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  }
+}