@vollcrypt/db-guard 0.1.0

package/dist/compliance-report.html

@@ -0,0 +1,562 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Vollcrypt Compliance Scorecard</title>
+  <meta name="description" content="Official cryptographic compliance validation report for GDPR, KVKK, and PCI-DSS.">
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&family=Outfit:wght@400;500;600;700&display=swap" rel="stylesheet">
+  <style>
+    :root {
+      --bg-primary: #0B0F19;
+      --bg-secondary: #161F30;
+      --accent: #2563EB;
+      --accent-glow: rgba(37, 99, 235, 0.15);
+      --text-main: #F3F4F6;
+      --text-muted: #9CA3AF;
+      --success: #10B981;
+      --warning: #F59E0B;
+      --failed: #EF4444;
+      --border: rgba(255, 255, 255, 0.08);
+      --glass: rgba(22, 31, 48, 0.7);
+    }
+
+    * {
+      box-sizing: border-box;
+      margin: 0;
+      padding: 0;
+    }
+
+    body {
+      background-color: var(--bg-primary);
+      color: var(--text-main);
+      font-family: 'Inter', sans-serif;
+      line-height: 1.6;
+      padding: 40px 20px;
+    }
+
+    .container {
+      max-width: 900px;
+      margin: 0 auto;
+    }
+
+    header {
+      background: linear-gradient(135deg, #1E293B, #0F172A);
+      border: 1px solid var(--border);
+      border-radius: 16px;
+      padding: 40px;
+      margin-bottom: 30px;
+      position: relative;
+      overflow: hidden;
+      box-shadow: 0 10px 30px rgba(0, 0, 0, 0.5);
+    }
+
+    header::before {
+      content: '';
+      position: absolute;
+      top: -50%;
+      right: -20%;
+      width: 300px;
+      height: 300px;
+      background: radial-gradient(circle, var(--accent-glow) 0%, transparent 70%);
+      pointer-events: none;
+    }
+
+    .header-top {
+      display: flex;
+      justify-content: space-between;
+      align-items: flex-start;
+      margin-bottom: 20px;
+    }
+
+    .logo-container h1 {
+      font-family: 'Outfit', sans-serif;
+      font-size: 2.2rem;
+      font-weight: 700;
+      background: linear-gradient(to right, #60A5FA, #2563EB);
+      -webkit-background-clip: text;
+      -webkit-text-fill-color: transparent;
+      letter-spacing: -0.02em;
+    }
+
+    .logo-container p {
+      color: var(--text-muted);
+      font-size: 0.95rem;
+      font-weight: 500;
+      margin-top: 4px;
+    }
+
+    .metadata-box {
+      text-align: right;
+      font-size: 0.85rem;
+      color: var(--text-muted);
+    }
+
+    .metadata-box strong {
+      color: var(--text-main);
+    }
+
+    .summary-section {
+      background-color: rgba(255, 255, 255, 0.03);
+      border-left: 4px solid var(--accent);
+      padding: 20px;
+      border-radius: 0 8px 8px 0;
+      margin-top: 20px;
+    }
+
+    .summary-section p {
+      font-size: 0.95rem;
+      color: #D1D5DB;
+    }
+
+    .score-grid {
+      display: grid;
+      grid-template-columns: repeat(3, 1fr);
+      gap: 20px;
+      margin-bottom: 40px;
+    }
+
+    .score-card {
+      background-color: var(--bg-secondary);
+      border: 1px solid var(--border);
+      border-radius: 16px;
+      padding: 30px 20px;
+      text-align: center;
+      transition: transform 0.2s, box-shadow 0.2s;
+    }
+
+    .score-card:hover {
+      transform: translateY(-4px);
+      box-shadow: 0 8px 24px rgba(0, 0, 0, 0.3);
+    }
+
+    .score-card h2 {
+      font-family: 'Outfit', sans-serif;
+      font-size: 1.1rem;
+      color: var(--text-muted);
+      font-weight: 600;
+      margin-bottom: 15px;
+    }
+
+    .score-ring {
+      position: relative;
+      width: 120px;
+      height: 120px;
+      margin: 0 auto 15px auto;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+
+    .score-number {
+      font-family: 'Outfit', sans-serif;
+      font-size: 2.2rem;
+      font-weight: 700;
+      color: var(--text-main);
+    }
+
+    .score-percent {
+      font-size: 1rem;
+      color: var(--text-muted);
+      font-weight: 500;
+    }
+
+    .score-ring svg {
+      position: absolute;
+      top: 0;
+      left: 0;
+      width: 100%;
+      height: 100%;
+      transform: rotate(-90deg);
+    }
+
+    .score-ring circle {
+      fill: none;
+      stroke-width: 8;
+    }
+
+    .score-ring .bg {
+      stroke: rgba(255, 255, 255, 0.05);
+    }
+
+    .score-ring .bar {
+      stroke: var(--accent);
+      stroke-linecap: round;
+      transition: stroke-dashoffset 1s ease-out;
+    }
+
+    .section-title {
+      font-family: 'Outfit', sans-serif;
+      font-size: 1.5rem;
+      font-weight: 600;
+      margin-bottom: 20px;
+      padding-bottom: 8px;
+      border-bottom: 1px solid var(--border);
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+    }
+
+    .checks-list {
+      display: flex;
+      flex-direction: column;
+      gap: 15px;
+      margin-bottom: 40px;
+    }
+
+    .check-card {
+      background-color: var(--bg-secondary);
+      border: 1px solid var(--border);
+      border-radius: 12px;
+      padding: 20px;
+      display: flex;
+      gap: 20px;
+      align-items: flex-start;
+    }
+
+    .check-card.passed {
+      border-left: 4px solid var(--success);
+    }
+
+    .check-card.failed {
+      border-left: 4px solid var(--warning);
+    }
+
+    .status-badge-container {
+      flex-shrink: 0;
+    }
+
+    .badge {
+      font-size: 0.75rem;
+      font-weight: 700;
+      padding: 4px 10px;
+      border-radius: 9999px;
+      letter-spacing: 0.05em;
+    }
+
+    .passed-badge {
+      background-color: rgba(16, 185, 129, 0.1);
+      color: var(--success);
+      border: 1px solid rgba(16, 185, 129, 0.2);
+    }
+
+    .failed-badge {
+      background-color: rgba(245, 158, 11, 0.1);
+      color: var(--warning);
+      border: 1px solid rgba(245, 158, 11, 0.2);
+    }
+
+    .check-content h3 {
+      font-family: 'Outfit', sans-serif;
+      font-size: 1.05rem;
+      font-weight: 600;
+      color: var(--text-main);
+      margin-bottom: 6px;
+    }
+
+    .check-content p {
+      font-size: 0.9rem;
+      color: var(--text-muted);
+    }
+
+    .btn-container {
+      text-align: center;
+      margin-top: 40px;
+      margin-bottom: 60px;
+    }
+
+    .print-btn {
+      background: linear-gradient(135deg, #3B82F6, #2563EB);
+      color: white;
+      border: none;
+      border-radius: 8px;
+      padding: 14px 28px;
+      font-family: 'Outfit', sans-serif;
+      font-size: 1rem;
+      font-weight: 600;
+      cursor: pointer;
+      box-shadow: 0 4px 14px rgba(37, 99, 235, 0.4);
+      transition: transform 0.2s, box-shadow 0.2s;
+    }
+
+    .print-btn:hover {
+      transform: translateY(-2px);
+      box-shadow: 0 6px 20px rgba(37, 99, 235, 0.6);
+    }
+
+    .footer-seal {
+      text-align: center;
+      border-top: 1px dashed var(--border);
+      padding-top: 30px;
+      font-size: 0.8rem;
+      color: var(--text-muted);
+    }
+
+    .footer-seal p {
+      margin-bottom: 4px;
+    }
+
+    .seal-hash {
+      font-family: monospace;
+      font-size: 0.9rem;
+      color: var(--accent);
+      letter-spacing: 0.05em;
+    }
+
+    /* Print Styles */
+    @media print {
+      body {
+        background-color: white;
+        color: black;
+        padding: 0;
+      }
+      :root {
+        --bg-primary: #ffffff;
+        --bg-secondary: #ffffff;
+        --text-main: #000000;
+        --text-muted: #4b5563;
+        --border: #d1d5db;
+        --accent: #1d4ed8;
+      }
+      header {
+        background: none;
+        border: 1px solid #9ca3af;
+        box-shadow: none;
+        color: black;
+      }
+      .logo-container h1 {
+        background: none;
+        -webkit-text-fill-color: black;
+        color: black;
+      }
+      .score-card {
+        border: 1px solid #9ca3af;
+        background-color: white;
+        box-shadow: none;
+      }
+      .score-number {
+        color: black;
+      }
+      .check-card {
+        border: 1px solid #9ca3af;
+        background-color: white;
+        page-break-inside: avoid;
+      }
+      .check-card.passed {
+        border-left: 6px solid #059669;
+      }
+      .check-card.failed {
+        border-left: 6px solid #d97706;
+      }
+      .btn-container {
+        display: none;
+      }
+      .passed-badge {
+        color: #059669;
+        border: 1px solid #059669;
+      }
+      .failed-badge {
+        color: #d97706;
+        border: 1px solid #d97706;
+      }
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <header>
+      <div class="header-top">
+        <div class="logo-container">
+          <h1>VOLLCRYPT</h1>
+          <p>Database Cryptographic Security Scorecard</p>
+        </div>
+        <div class="metadata-box">
+          <p>Scan Timestamp: <strong>2026-06-11 12:15:53 UTC</strong></p>
+          <p>Verification Standard: <strong>CMVP FIPS 140-3</strong></p>
+          <p>Product Version: <strong>0.1.0</strong></p>
+        </div>
+      </div>
+      <div class="summary-section">
+        <p>This system is configured using AES-256-GCM for field-level encryption, dynamic key routing with automatic RAM zeroization, and secure HKDF-SHA256 blind indexing. Cryptographic validation certifies compliance of the data protection boundaries with GDPR Article 32, KVKK Article 12, and PCI-DSS v4.0 Requirement 3.</p>
+      </div>
+    </header>
+
+    <main>
+      <section class="score-grid">
+        <!-- GDPR Score Card -->
+        <div class="score-card">
+          <h2>GDPR Compliance</h2>
+          <div class="score-ring">
+            <svg>
+              <circle class="bg" cx="60" cy="60" r="50"></circle>
+              <circle class="bar" cx="60" cy="60" r="50" style="stroke-dasharray: 314; stroke-dashoffset: 0; stroke: #10B981;"></circle>
+            </svg>
+            <div class="score-number">100<span class="score-percent">%</span></div>
+          </div>
+          <p style="font-size: 0.85rem; color: var(--text-muted);">Article 32 Security requirements</p>
+        </div>
+
+        <!-- KVKK Score Card -->
+        <div class="score-card">
+          <h2>KVKK Compliance</h2>
+          <div class="score-ring">
+            <svg>
+              <circle class="bg" cx="60" cy="60" r="50"></circle>
+              <circle class="bar" cx="60" cy="60" r="50" style="stroke-dasharray: 314; stroke-dashoffset: 0; stroke: #F59E0B;"></circle>
+            </svg>
+            <div class="score-number">100<span class="score-percent">%</span></div>
+          </div>
+          <p style="font-size: 0.85rem; color: var(--text-muted);">Article 12 Security requirements</p>
+        </div>
+
+        <!-- PCI-DSS Score Card -->
+        <div class="score-card">
+          <h2>PCI-DSS v4.0</h2>
+          <div class="score-ring">
+            <svg>
+              <circle class="bg" cx="60" cy="60" r="50"></circle>
+              <circle class="bar" cx="60" cy="60" r="50" style="stroke-dasharray: 314; stroke-dashoffset: 0; stroke: #3B82F6;"></circle>
+            </svg>
+            <div class="score-number">100<span class="score-percent">%</span></div>
+          </div>
+          <p style="font-size: 0.85rem; color: var(--text-muted);">Requirement 3 Card protection</p>
+        </div>
+      </section>
+
+      <section>
+        <div class="section-title">
+          <span>Cryptographic Status Checkpoints</span>
+          <span style="font-size: 0.85rem; font-weight: 500; color: var(--text-muted);">11 Passed / 0 Recommendations</span>
+        </div>
+
+        <div class="checks-list">
+          
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>KMS INTEGRATION</h3>
+          <p>Cryptographic keys are securely delegated to a Cloud KMS Provider (AWS, GCP, or HashiCorp Vault).</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>ENVELOPE ENCRYPTION</h3>
+          <p>Keys are protected using double-envelope encryption with AES-256-KW.</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>RAM ZEROIZATION</h3>
+          <p>All active keys and intermediate buffers are zeroized in RAM immediately after use (Anti-Core Dump protection).</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>BLIND INDEXING</h3>
+          <p>Database query translations target secure HKDF-SHA256 blind indexes, preventing raw column decryption leakage.</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>CRYPTO RBAC</h3>
+          <p>Application roles are cryptographically mapped to decryption permissions. Unauthorized users are blocked.</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>DYNAMIC DATA MASKING</h3>
+          <p>Masking filters (credit cards, emails, TC numbers) are applied automatically to unauthorized query results.</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>CRYPTO AUDIT LOG</h3>
+          <p>Immutable cryptographic SHA-256 hash chains log every decryption event, preventing auditing tampering.</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>FAIL CLOSED RATE LIMITER</h3>
+          <p>Rate limiter is configured to fail-closed, purging all active keys from memory upon scraping detection.</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>PAGE SIZE LIMIT</h3>
+          <p>Page size checking is active to block massive batch select queries from executing decryptions.</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>BREAK GLASS PROTOCOL</h3>
+          <p>M-of-N Ed25519 signature threshold configuration is active for KMS outage emergency recovery.</p>
+        </div>
+      </div>
+    
+      <div class="check-card passed">
+        <div class="status-badge-container">
+          <span class="badge passed-badge">PASSED</span>
+        </div>
+        <div class="check-content">
+          <h3>POST QUANTUM KEM</h3>
+          <p>NIST FIPS 203 (ML-KEM) lattice-based algorithms are registered for hybrid key exchange.</p>
+        </div>
+      </div>
+    
+          
+        </div>
+      </section>
+
+      <div class="btn-container">
+        <button class="print-btn" onclick="window.print()">Print Compliance PDF Report</button>
+      </div>
+    </main>
+
+    <footer class="footer-seal">
+      <p>This document constitutes an automated cryptographic verification seal of the database security layer configuration.</p>
+      <p>Verification Signature Hash:</p>
+      <p class="seal-hash">VOLLSEAL:EF8009C03CBA4CD205DFD4B8E2B0D706</p>
+    </footer>
+  </div>
+</body>
+</html>

package/dist/compliance.d.ts

@@ -0,0 +1,40 @@
+export interface ComplianceAuditInput {
+    key?: any;
+    kms?: {
+        provider: any;
+        wrappedKey: any;
+        wrappedKek?: any;
+        activeKeyVersion?: string;
+    };
+    models?: Record<string, string[]>;
+    blindIndexes?: {
+        rootSalt: any;
+        models: Record<string, string[]>;
+    };
+    cryptoRbac?: {
+        roles: Record<string, {
+            decrypt: string[];
+            mask?: Record<string, any>;
+        }>;
+    };
+    rateLimiter?: {
+        maxDecryptionsPerSecond?: number;
+        mode?: 'fail_closed' | 'warn' | 'disabled';
+        maxPageSize?: number;
+        onPageSizeExceeded?: 'warn' | 'error' | 'bypass';
+    };
+    auditTrailPath?: string;
+    breakGlassThreshold?: number;
+    breakGlassPublicKeys?: string[];
+    postQuantumEnabled?: boolean;
+}
+export interface ComplianceScorecard {
+    gdprScore: number;
+    kvkkScore: number;
+    pciScore: number;
+    passedChecks: string[];
+    failedChecks: string[];
+    summaryText: string;
+}
+export declare function auditConfiguration(config: ComplianceAuditInput): ComplianceScorecard;
+export declare function generateComplianceHtmlReport(config: ComplianceAuditInput): string;