@vorionsys/platform-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1847) hide show
  1. package/LICENSE +190 -0
  2. package/README.md +88 -0
  3. package/dist/a2a/attestation.d.ts +145 -0
  4. package/dist/a2a/attestation.d.ts.map +1 -0
  5. package/dist/a2a/attestation.js +353 -0
  6. package/dist/a2a/attestation.js.map +1 -0
  7. package/dist/a2a/chain-of-trust.d.ts +143 -0
  8. package/dist/a2a/chain-of-trust.d.ts.map +1 -0
  9. package/dist/a2a/chain-of-trust.js +422 -0
  10. package/dist/a2a/chain-of-trust.js.map +1 -0
  11. package/dist/a2a/index.d.ts +15 -0
  12. package/dist/a2a/index.d.ts.map +1 -0
  13. package/dist/a2a/index.js +23 -0
  14. package/dist/a2a/index.js.map +1 -0
  15. package/dist/a2a/openapi.d.ts +22 -0
  16. package/dist/a2a/openapi.d.ts.map +1 -0
  17. package/dist/a2a/openapi.js +1133 -0
  18. package/dist/a2a/openapi.js.map +1 -0
  19. package/dist/a2a/router.d.ts +167 -0
  20. package/dist/a2a/router.d.ts.map +1 -0
  21. package/dist/a2a/router.js +454 -0
  22. package/dist/a2a/router.js.map +1 -0
  23. package/dist/a2a/routes.d.ts +11 -0
  24. package/dist/a2a/routes.d.ts.map +1 -0
  25. package/dist/a2a/routes.js +442 -0
  26. package/dist/a2a/routes.js.map +1 -0
  27. package/dist/a2a/trust-negotiation.d.ts +119 -0
  28. package/dist/a2a/trust-negotiation.d.ts.map +1 -0
  29. package/dist/a2a/trust-negotiation.js +425 -0
  30. package/dist/a2a/trust-negotiation.js.map +1 -0
  31. package/dist/a2a/types.d.ts +413 -0
  32. package/dist/a2a/types.d.ts.map +1 -0
  33. package/dist/a2a/types.js +38 -0
  34. package/dist/a2a/types.js.map +1 -0
  35. package/dist/agent-registry/a3i-cache.d.ts +113 -0
  36. package/dist/agent-registry/a3i-cache.d.ts.map +1 -0
  37. package/dist/agent-registry/a3i-cache.js +305 -0
  38. package/dist/agent-registry/a3i-cache.js.map +1 -0
  39. package/dist/agent-registry/index.d.ts +14 -0
  40. package/dist/agent-registry/index.d.ts.map +1 -0
  41. package/dist/agent-registry/index.js +17 -0
  42. package/dist/agent-registry/index.js.map +1 -0
  43. package/dist/agent-registry/openapi.d.ts +23 -0
  44. package/dist/agent-registry/openapi.d.ts.map +1 -0
  45. package/dist/agent-registry/openapi.js +1377 -0
  46. package/dist/agent-registry/openapi.js.map +1 -0
  47. package/dist/agent-registry/routes.d.ts +10 -0
  48. package/dist/agent-registry/routes.d.ts.map +1 -0
  49. package/dist/agent-registry/routes.js +485 -0
  50. package/dist/agent-registry/routes.js.map +1 -0
  51. package/dist/agent-registry/service.d.ts +159 -0
  52. package/dist/agent-registry/service.d.ts.map +1 -0
  53. package/dist/agent-registry/service.js +652 -0
  54. package/dist/agent-registry/service.js.map +1 -0
  55. package/dist/agent-registry/tenant-service.d.ts +104 -0
  56. package/dist/agent-registry/tenant-service.d.ts.map +1 -0
  57. package/dist/agent-registry/tenant-service.js +313 -0
  58. package/dist/agent-registry/tenant-service.js.map +1 -0
  59. package/dist/api/auth.d.ts +55 -0
  60. package/dist/api/auth.d.ts.map +1 -0
  61. package/dist/api/auth.js +322 -0
  62. package/dist/api/auth.js.map +1 -0
  63. package/dist/api/errors.d.ts +146 -0
  64. package/dist/api/errors.d.ts.map +1 -0
  65. package/dist/api/errors.js +464 -0
  66. package/dist/api/errors.js.map +1 -0
  67. package/dist/api/index.d.ts +15 -0
  68. package/dist/api/index.d.ts.map +1 -0
  69. package/dist/api/index.js +19 -0
  70. package/dist/api/index.js.map +1 -0
  71. package/dist/api/middleware/api-key-enforcement.d.ts +131 -0
  72. package/dist/api/middleware/api-key-enforcement.d.ts.map +1 -0
  73. package/dist/api/middleware/api-key-enforcement.js +674 -0
  74. package/dist/api/middleware/api-key-enforcement.js.map +1 -0
  75. package/dist/api/middleware/audit.d.ts +151 -0
  76. package/dist/api/middleware/audit.d.ts.map +1 -0
  77. package/dist/api/middleware/audit.js +384 -0
  78. package/dist/api/middleware/audit.js.map +1 -0
  79. package/dist/api/middleware/dpop-enforcement.d.ts +176 -0
  80. package/dist/api/middleware/dpop-enforcement.d.ts.map +1 -0
  81. package/dist/api/middleware/dpop-enforcement.js +596 -0
  82. package/dist/api/middleware/dpop-enforcement.js.map +1 -0
  83. package/dist/api/middleware/index.d.ts +24 -0
  84. package/dist/api/middleware/index.d.ts.map +1 -0
  85. package/dist/api/middleware/index.js +43 -0
  86. package/dist/api/middleware/index.js.map +1 -0
  87. package/dist/api/middleware/metrics.d.ts +41 -0
  88. package/dist/api/middleware/metrics.d.ts.map +1 -0
  89. package/dist/api/middleware/metrics.js +150 -0
  90. package/dist/api/middleware/metrics.js.map +1 -0
  91. package/dist/api/middleware/rate-limits.d.ts +224 -0
  92. package/dist/api/middleware/rate-limits.d.ts.map +1 -0
  93. package/dist/api/middleware/rate-limits.js +686 -0
  94. package/dist/api/middleware/rate-limits.js.map +1 -0
  95. package/dist/api/middleware/rateLimit.d.ts +165 -0
  96. package/dist/api/middleware/rateLimit.d.ts.map +1 -0
  97. package/dist/api/middleware/rateLimit.js +477 -0
  98. package/dist/api/middleware/rateLimit.js.map +1 -0
  99. package/dist/api/middleware/redis-rate-limiter.d.ts +279 -0
  100. package/dist/api/middleware/redis-rate-limiter.d.ts.map +1 -0
  101. package/dist/api/middleware/redis-rate-limiter.js +1074 -0
  102. package/dist/api/middleware/redis-rate-limiter.js.map +1 -0
  103. package/dist/api/middleware/security-headers.d.ts +248 -0
  104. package/dist/api/middleware/security-headers.d.ts.map +1 -0
  105. package/dist/api/middleware/security-headers.js +410 -0
  106. package/dist/api/middleware/security-headers.js.map +1 -0
  107. package/dist/api/middleware/security.d.ts +156 -0
  108. package/dist/api/middleware/security.d.ts.map +1 -0
  109. package/dist/api/middleware/security.js +412 -0
  110. package/dist/api/middleware/security.js.map +1 -0
  111. package/dist/api/middleware/validation.d.ts +132 -0
  112. package/dist/api/middleware/validation.d.ts.map +1 -0
  113. package/dist/api/middleware/validation.js +363 -0
  114. package/dist/api/middleware/validation.js.map +1 -0
  115. package/dist/api/middleware/webhook-verify.d.ts +130 -0
  116. package/dist/api/middleware/webhook-verify.d.ts.map +1 -0
  117. package/dist/api/middleware/webhook-verify.js +366 -0
  118. package/dist/api/middleware/webhook-verify.js.map +1 -0
  119. package/dist/api/rate-limit.d.ts +115 -0
  120. package/dist/api/rate-limit.d.ts.map +1 -0
  121. package/dist/api/rate-limit.js +335 -0
  122. package/dist/api/rate-limit.js.map +1 -0
  123. package/dist/api/server.d.ts +37 -0
  124. package/dist/api/server.d.ts.map +1 -0
  125. package/dist/api/server.js +2086 -0
  126. package/dist/api/server.js.map +1 -0
  127. package/dist/api/validation.d.ts +243 -0
  128. package/dist/api/validation.d.ts.map +1 -0
  129. package/dist/api/validation.js +247 -0
  130. package/dist/api/validation.js.map +1 -0
  131. package/dist/audit/compliance-reporter.d.ts +271 -0
  132. package/dist/audit/compliance-reporter.d.ts.map +1 -0
  133. package/dist/audit/compliance-reporter.js +587 -0
  134. package/dist/audit/compliance-reporter.js.map +1 -0
  135. package/dist/audit/db-store.d.ts +689 -0
  136. package/dist/audit/db-store.d.ts.map +1 -0
  137. package/dist/audit/db-store.js +589 -0
  138. package/dist/audit/db-store.js.map +1 -0
  139. package/dist/audit/event-schema.d.ts +605 -0
  140. package/dist/audit/event-schema.d.ts.map +1 -0
  141. package/dist/audit/event-schema.js +566 -0
  142. package/dist/audit/event-schema.js.map +1 -0
  143. package/dist/audit/index.d.ts +16 -0
  144. package/dist/audit/index.d.ts.map +1 -0
  145. package/dist/audit/index.js +44 -0
  146. package/dist/audit/index.js.map +1 -0
  147. package/dist/audit/security-events.d.ts +1624 -0
  148. package/dist/audit/security-events.d.ts.map +1 -0
  149. package/dist/audit/security-events.js +775 -0
  150. package/dist/audit/security-events.js.map +1 -0
  151. package/dist/audit/security-logger.d.ts +288 -0
  152. package/dist/audit/security-logger.d.ts.map +1 -0
  153. package/dist/audit/security-logger.js +820 -0
  154. package/dist/audit/security-logger.js.map +1 -0
  155. package/dist/audit/service.d.ts +206 -0
  156. package/dist/audit/service.d.ts.map +1 -0
  157. package/dist/audit/service.js +756 -0
  158. package/dist/audit/service.js.map +1 -0
  159. package/dist/audit/siem/elastic.d.ts +94 -0
  160. package/dist/audit/siem/elastic.d.ts.map +1 -0
  161. package/dist/audit/siem/elastic.js +412 -0
  162. package/dist/audit/siem/elastic.js.map +1 -0
  163. package/dist/audit/siem/index.d.ts +179 -0
  164. package/dist/audit/siem/index.d.ts.map +1 -0
  165. package/dist/audit/siem/index.js +368 -0
  166. package/dist/audit/siem/index.js.map +1 -0
  167. package/dist/audit/siem/loki.d.ts +100 -0
  168. package/dist/audit/siem/loki.d.ts.map +1 -0
  169. package/dist/audit/siem/loki.js +406 -0
  170. package/dist/audit/siem/loki.js.map +1 -0
  171. package/dist/audit/siem/splunk.d.ts +91 -0
  172. package/dist/audit/siem/splunk.d.ts.map +1 -0
  173. package/dist/audit/siem/splunk.js +375 -0
  174. package/dist/audit/siem/splunk.js.map +1 -0
  175. package/dist/audit/siem/types.d.ts +547 -0
  176. package/dist/audit/siem/types.d.ts.map +1 -0
  177. package/dist/audit/siem/types.js +270 -0
  178. package/dist/audit/siem/types.js.map +1 -0
  179. package/dist/audit/types.d.ts +410 -0
  180. package/dist/audit/types.d.ts.map +1 -0
  181. package/dist/audit/types.js +130 -0
  182. package/dist/audit/types.js.map +1 -0
  183. package/dist/auth/index.d.ts +10 -0
  184. package/dist/auth/index.d.ts.map +1 -0
  185. package/dist/auth/index.js +10 -0
  186. package/dist/auth/index.js.map +1 -0
  187. package/dist/auth/mfa/index.d.ts +9 -0
  188. package/dist/auth/mfa/index.d.ts.map +1 -0
  189. package/dist/auth/mfa/index.js +9 -0
  190. package/dist/auth/mfa/index.js.map +1 -0
  191. package/dist/auth/mfa/totp.d.ts +222 -0
  192. package/dist/auth/mfa/totp.d.ts.map +1 -0
  193. package/dist/auth/mfa/totp.js +329 -0
  194. package/dist/auth/mfa/totp.js.map +1 -0
  195. package/dist/auth/piv-cac/card-removal-handler.d.ts +197 -0
  196. package/dist/auth/piv-cac/card-removal-handler.d.ts.map +1 -0
  197. package/dist/auth/piv-cac/card-removal-handler.js +560 -0
  198. package/dist/auth/piv-cac/card-removal-handler.js.map +1 -0
  199. package/dist/auth/piv-cac/certificate-auth.d.ts +117 -0
  200. package/dist/auth/piv-cac/certificate-auth.d.ts.map +1 -0
  201. package/dist/auth/piv-cac/certificate-auth.js +727 -0
  202. package/dist/auth/piv-cac/certificate-auth.js.map +1 -0
  203. package/dist/auth/piv-cac/certificate-mapper.d.ts +141 -0
  204. package/dist/auth/piv-cac/certificate-mapper.d.ts.map +1 -0
  205. package/dist/auth/piv-cac/certificate-mapper.js +569 -0
  206. package/dist/auth/piv-cac/certificate-mapper.js.map +1 -0
  207. package/dist/auth/piv-cac/crl-validator.d.ts +195 -0
  208. package/dist/auth/piv-cac/crl-validator.d.ts.map +1 -0
  209. package/dist/auth/piv-cac/crl-validator.js +824 -0
  210. package/dist/auth/piv-cac/crl-validator.js.map +1 -0
  211. package/dist/auth/piv-cac/index.d.ts +72 -0
  212. package/dist/auth/piv-cac/index.d.ts.map +1 -0
  213. package/dist/auth/piv-cac/index.js +172 -0
  214. package/dist/auth/piv-cac/index.js.map +1 -0
  215. package/dist/auth/piv-cac/ocsp-validator.d.ts +183 -0
  216. package/dist/auth/piv-cac/ocsp-validator.d.ts.map +1 -0
  217. package/dist/auth/piv-cac/ocsp-validator.js +657 -0
  218. package/dist/auth/piv-cac/ocsp-validator.js.map +1 -0
  219. package/dist/auth/piv-cac/piv-middleware.d.ts +95 -0
  220. package/dist/auth/piv-cac/piv-middleware.d.ts.map +1 -0
  221. package/dist/auth/piv-cac/piv-middleware.js +524 -0
  222. package/dist/auth/piv-cac/piv-middleware.js.map +1 -0
  223. package/dist/auth/piv-cac/piv-routes.d.ts +29 -0
  224. package/dist/auth/piv-cac/piv-routes.d.ts.map +1 -0
  225. package/dist/auth/piv-cac/piv-routes.js +534 -0
  226. package/dist/auth/piv-cac/piv-routes.js.map +1 -0
  227. package/dist/auth/piv-cac/pkcs11-provider.d.ts +280 -0
  228. package/dist/auth/piv-cac/pkcs11-provider.d.ts.map +1 -0
  229. package/dist/auth/piv-cac/pkcs11-provider.js +535 -0
  230. package/dist/auth/piv-cac/pkcs11-provider.js.map +1 -0
  231. package/dist/auth/piv-cac/types.d.ts +4098 -0
  232. package/dist/auth/piv-cac/types.d.ts.map +1 -0
  233. package/dist/auth/piv-cac/types.js +495 -0
  234. package/dist/auth/piv-cac/types.js.map +1 -0
  235. package/dist/basis/evaluator.d.ts +72 -0
  236. package/dist/basis/evaluator.d.ts.map +1 -0
  237. package/dist/basis/evaluator.js +275 -0
  238. package/dist/basis/evaluator.js.map +1 -0
  239. package/dist/basis/expression-evaluator.d.ts +77 -0
  240. package/dist/basis/expression-evaluator.d.ts.map +1 -0
  241. package/dist/basis/expression-evaluator.js +826 -0
  242. package/dist/basis/expression-evaluator.js.map +1 -0
  243. package/dist/basis/index.d.ts +13 -0
  244. package/dist/basis/index.d.ts.map +1 -0
  245. package/dist/basis/index.js +13 -0
  246. package/dist/basis/index.js.map +1 -0
  247. package/dist/basis/parser.d.ts +376 -0
  248. package/dist/basis/parser.d.ts.map +1 -0
  249. package/dist/basis/parser.js +178 -0
  250. package/dist/basis/parser.js.map +1 -0
  251. package/dist/basis/types.d.ts +115 -0
  252. package/dist/basis/types.d.ts.map +1 -0
  253. package/dist/basis/types.js +5 -0
  254. package/dist/basis/types.js.map +1 -0
  255. package/dist/car-extensions/aci-string-extensions.d.ts +10 -0
  256. package/dist/car-extensions/aci-string-extensions.d.ts.map +1 -0
  257. package/dist/car-extensions/aci-string-extensions.js +24 -0
  258. package/dist/car-extensions/aci-string-extensions.js.map +1 -0
  259. package/dist/car-extensions/builtin-extensions/audit.d.ts +88 -0
  260. package/dist/car-extensions/builtin-extensions/audit.d.ts.map +1 -0
  261. package/dist/car-extensions/builtin-extensions/audit.js +445 -0
  262. package/dist/car-extensions/builtin-extensions/audit.js.map +1 -0
  263. package/dist/car-extensions/builtin-extensions/governance.d.ts +32 -0
  264. package/dist/car-extensions/builtin-extensions/governance.d.ts.map +1 -0
  265. package/dist/car-extensions/builtin-extensions/governance.js +534 -0
  266. package/dist/car-extensions/builtin-extensions/governance.js.map +1 -0
  267. package/dist/car-extensions/builtin-extensions/monitoring.d.ts +43 -0
  268. package/dist/car-extensions/builtin-extensions/monitoring.d.ts.map +1 -0
  269. package/dist/car-extensions/builtin-extensions/monitoring.js +416 -0
  270. package/dist/car-extensions/builtin-extensions/monitoring.js.map +1 -0
  271. package/dist/car-extensions/car-string-extensions.d.ts +355 -0
  272. package/dist/car-extensions/car-string-extensions.d.ts.map +1 -0
  273. package/dist/car-extensions/car-string-extensions.js +473 -0
  274. package/dist/car-extensions/car-string-extensions.js.map +1 -0
  275. package/dist/car-extensions/executor.d.ts +208 -0
  276. package/dist/car-extensions/executor.d.ts.map +1 -0
  277. package/dist/car-extensions/executor.js +789 -0
  278. package/dist/car-extensions/executor.js.map +1 -0
  279. package/dist/car-extensions/index.d.ts +94 -0
  280. package/dist/car-extensions/index.d.ts.map +1 -0
  281. package/dist/car-extensions/index.js +159 -0
  282. package/dist/car-extensions/index.js.map +1 -0
  283. package/dist/car-extensions/registry.d.ts +217 -0
  284. package/dist/car-extensions/registry.d.ts.map +1 -0
  285. package/dist/car-extensions/registry.js +450 -0
  286. package/dist/car-extensions/registry.js.map +1 -0
  287. package/dist/car-extensions/service.d.ts +220 -0
  288. package/dist/car-extensions/service.d.ts.map +1 -0
  289. package/dist/car-extensions/service.js +486 -0
  290. package/dist/car-extensions/service.js.map +1 -0
  291. package/dist/car-extensions/types.d.ts +2269 -0
  292. package/dist/car-extensions/types.d.ts.map +1 -0
  293. package/dist/car-extensions/types.js +389 -0
  294. package/dist/car-extensions/types.js.map +1 -0
  295. package/dist/cognigate/index.d.ts +192 -0
  296. package/dist/cognigate/index.d.ts.map +1 -0
  297. package/dist/cognigate/index.js +435 -0
  298. package/dist/cognigate/index.js.map +1 -0
  299. package/dist/cognigate/sandbox/capability-broker.d.ts +166 -0
  300. package/dist/cognigate/sandbox/capability-broker.d.ts.map +1 -0
  301. package/dist/cognigate/sandbox/capability-broker.js +461 -0
  302. package/dist/cognigate/sandbox/capability-broker.js.map +1 -0
  303. package/dist/cognigate/sandbox/filesystem-policy.d.ts +139 -0
  304. package/dist/cognigate/sandbox/filesystem-policy.d.ts.map +1 -0
  305. package/dist/cognigate/sandbox/filesystem-policy.js +426 -0
  306. package/dist/cognigate/sandbox/filesystem-policy.js.map +1 -0
  307. package/dist/cognigate/sandbox/index.d.ts +17 -0
  308. package/dist/cognigate/sandbox/index.d.ts.map +1 -0
  309. package/dist/cognigate/sandbox/index.js +24 -0
  310. package/dist/cognigate/sandbox/index.js.map +1 -0
  311. package/dist/cognigate/sandbox/network-policy.d.ts +126 -0
  312. package/dist/cognigate/sandbox/network-policy.d.ts.map +1 -0
  313. package/dist/cognigate/sandbox/network-policy.js +382 -0
  314. package/dist/cognigate/sandbox/network-policy.js.map +1 -0
  315. package/dist/cognigate/sandbox/sandbox-service.d.ts +70 -0
  316. package/dist/cognigate/sandbox/sandbox-service.d.ts.map +1 -0
  317. package/dist/cognigate/sandbox/sandbox-service.js +472 -0
  318. package/dist/cognigate/sandbox/sandbox-service.js.map +1 -0
  319. package/dist/cognigate/sandbox/types.d.ts +376 -0
  320. package/dist/cognigate/sandbox/types.d.ts.map +1 -0
  321. package/dist/cognigate/sandbox/types.js +179 -0
  322. package/dist/cognigate/sandbox/types.js.map +1 -0
  323. package/dist/common/adapters/index.d.ts +34 -0
  324. package/dist/common/adapters/index.d.ts.map +1 -0
  325. package/dist/common/adapters/index.js +46 -0
  326. package/dist/common/adapters/index.js.map +1 -0
  327. package/dist/common/adapters/memory-cache.d.ts +91 -0
  328. package/dist/common/adapters/memory-cache.d.ts.map +1 -0
  329. package/dist/common/adapters/memory-cache.js +201 -0
  330. package/dist/common/adapters/memory-cache.js.map +1 -0
  331. package/dist/common/adapters/memory-lock.d.ts +75 -0
  332. package/dist/common/adapters/memory-lock.d.ts.map +1 -0
  333. package/dist/common/adapters/memory-lock.js +219 -0
  334. package/dist/common/adapters/memory-lock.js.map +1 -0
  335. package/dist/common/adapters/memory-queue.d.ts +64 -0
  336. package/dist/common/adapters/memory-queue.d.ts.map +1 -0
  337. package/dist/common/adapters/memory-queue.js +233 -0
  338. package/dist/common/adapters/memory-queue.js.map +1 -0
  339. package/dist/common/adapters/memory-ratelimit.d.ts +78 -0
  340. package/dist/common/adapters/memory-ratelimit.d.ts.map +1 -0
  341. package/dist/common/adapters/memory-ratelimit.js +196 -0
  342. package/dist/common/adapters/memory-ratelimit.js.map +1 -0
  343. package/dist/common/adapters/memory-session.d.ts +105 -0
  344. package/dist/common/adapters/memory-session.d.ts.map +1 -0
  345. package/dist/common/adapters/memory-session.js +302 -0
  346. package/dist/common/adapters/memory-session.js.map +1 -0
  347. package/dist/common/adapters/provider.d.ts +47 -0
  348. package/dist/common/adapters/provider.d.ts.map +1 -0
  349. package/dist/common/adapters/provider.js +347 -0
  350. package/dist/common/adapters/provider.js.map +1 -0
  351. package/dist/common/adapters/types.d.ts +247 -0
  352. package/dist/common/adapters/types.d.ts.map +1 -0
  353. package/dist/common/adapters/types.js +11 -0
  354. package/dist/common/adapters/types.js.map +1 -0
  355. package/dist/common/alerts.d.ts +57 -0
  356. package/dist/common/alerts.d.ts.map +1 -0
  357. package/dist/common/alerts.js +216 -0
  358. package/dist/common/alerts.js.map +1 -0
  359. package/dist/common/authorization.d.ts +137 -0
  360. package/dist/common/authorization.d.ts.map +1 -0
  361. package/dist/common/authorization.js +270 -0
  362. package/dist/common/authorization.js.map +1 -0
  363. package/dist/common/canonical-bridge.d.ts +153 -0
  364. package/dist/common/canonical-bridge.d.ts.map +1 -0
  365. package/dist/common/canonical-bridge.js +236 -0
  366. package/dist/common/canonical-bridge.js.map +1 -0
  367. package/dist/common/canonical-json.d.ts +64 -0
  368. package/dist/common/canonical-json.d.ts.map +1 -0
  369. package/dist/common/canonical-json.js +95 -0
  370. package/dist/common/canonical-json.js.map +1 -0
  371. package/dist/common/circuit-breaker.d.ts +320 -0
  372. package/dist/common/circuit-breaker.d.ts.map +1 -0
  373. package/dist/common/circuit-breaker.js +887 -0
  374. package/dist/common/circuit-breaker.js.map +1 -0
  375. package/dist/common/config.d.ts +2053 -0
  376. package/dist/common/config.d.ts.map +1 -0
  377. package/dist/common/config.js +1314 -0
  378. package/dist/common/config.js.map +1 -0
  379. package/dist/common/contracts/index.d.ts +2 -0
  380. package/dist/common/contracts/index.d.ts.map +1 -0
  381. package/dist/common/contracts/index.js +2 -0
  382. package/dist/common/contracts/index.js.map +1 -0
  383. package/dist/common/contracts/output.d.ts +81 -0
  384. package/dist/common/contracts/output.d.ts.map +1 -0
  385. package/dist/common/contracts/output.js +38 -0
  386. package/dist/common/contracts/output.js.map +1 -0
  387. package/dist/common/crypto-utils.d.ts +103 -0
  388. package/dist/common/crypto-utils.d.ts.map +1 -0
  389. package/dist/common/crypto-utils.js +275 -0
  390. package/dist/common/crypto-utils.js.map +1 -0
  391. package/dist/common/crypto.d.ts +70 -0
  392. package/dist/common/crypto.d.ts.map +1 -0
  393. package/dist/common/crypto.js +201 -0
  394. package/dist/common/crypto.js.map +1 -0
  395. package/dist/common/database-resilience.d.ts +156 -0
  396. package/dist/common/database-resilience.d.ts.map +1 -0
  397. package/dist/common/database-resilience.js +269 -0
  398. package/dist/common/database-resilience.js.map +1 -0
  399. package/dist/common/db-metrics.d.ts +90 -0
  400. package/dist/common/db-metrics.d.ts.map +1 -0
  401. package/dist/common/db-metrics.js +219 -0
  402. package/dist/common/db-metrics.js.map +1 -0
  403. package/dist/common/db-pool.d.ts +307 -0
  404. package/dist/common/db-pool.d.ts.map +1 -0
  405. package/dist/common/db-pool.js +879 -0
  406. package/dist/common/db-pool.js.map +1 -0
  407. package/dist/common/db.d.ts +105 -0
  408. package/dist/common/db.d.ts.map +1 -0
  409. package/dist/common/db.js +216 -0
  410. package/dist/common/db.js.map +1 -0
  411. package/dist/common/debug-auth-middleware.d.ts +111 -0
  412. package/dist/common/debug-auth-middleware.d.ts.map +1 -0
  413. package/dist/common/debug-auth-middleware.js +285 -0
  414. package/dist/common/debug-auth-middleware.js.map +1 -0
  415. package/dist/common/di.d.ts +202 -0
  416. package/dist/common/di.d.ts.map +1 -0
  417. package/dist/common/di.js +219 -0
  418. package/dist/common/di.js.map +1 -0
  419. package/dist/common/encryption.d.ts +233 -0
  420. package/dist/common/encryption.d.ts.map +1 -0
  421. package/dist/common/encryption.js +527 -0
  422. package/dist/common/encryption.js.map +1 -0
  423. package/dist/common/error-sanitizer.d.ts +67 -0
  424. package/dist/common/error-sanitizer.d.ts.map +1 -0
  425. package/dist/common/error-sanitizer.js +298 -0
  426. package/dist/common/error-sanitizer.js.map +1 -0
  427. package/dist/common/errors.d.ts +229 -0
  428. package/dist/common/errors.d.ts.map +1 -0
  429. package/dist/common/errors.js +349 -0
  430. package/dist/common/errors.js.map +1 -0
  431. package/dist/common/expression/evaluator.d.ts +58 -0
  432. package/dist/common/expression/evaluator.d.ts.map +1 -0
  433. package/dist/common/expression/evaluator.js +326 -0
  434. package/dist/common/expression/evaluator.js.map +1 -0
  435. package/dist/common/expression/index.d.ts +180 -0
  436. package/dist/common/expression/index.d.ts.map +1 -0
  437. package/dist/common/expression/index.js +198 -0
  438. package/dist/common/expression/index.js.map +1 -0
  439. package/dist/common/expression/lexer.d.ts +69 -0
  440. package/dist/common/expression/lexer.d.ts.map +1 -0
  441. package/dist/common/expression/lexer.js +255 -0
  442. package/dist/common/expression/lexer.js.map +1 -0
  443. package/dist/common/expression/parser.d.ts +133 -0
  444. package/dist/common/expression/parser.d.ts.map +1 -0
  445. package/dist/common/expression/parser.js +293 -0
  446. package/dist/common/expression/parser.js.map +1 -0
  447. package/dist/common/group-membership.d.ts +119 -0
  448. package/dist/common/group-membership.d.ts.map +1 -0
  449. package/dist/common/group-membership.js +250 -0
  450. package/dist/common/group-membership.js.map +1 -0
  451. package/dist/common/index.d.ts +14 -0
  452. package/dist/common/index.d.ts.map +1 -0
  453. package/dist/common/index.js +15 -0
  454. package/dist/common/index.js.map +1 -0
  455. package/dist/common/leader-election.d.ts +40 -0
  456. package/dist/common/leader-election.d.ts.map +1 -0
  457. package/dist/common/leader-election.js +232 -0
  458. package/dist/common/leader-election.js.map +1 -0
  459. package/dist/common/lock.d.ts +77 -0
  460. package/dist/common/lock.d.ts.map +1 -0
  461. package/dist/common/lock.js +167 -0
  462. package/dist/common/lock.js.map +1 -0
  463. package/dist/common/logger.d.ts +19 -0
  464. package/dist/common/logger.d.ts.map +1 -0
  465. package/dist/common/logger.js +80 -0
  466. package/dist/common/logger.js.map +1 -0
  467. package/dist/common/metrics-registry.d.ts +48 -0
  468. package/dist/common/metrics-registry.d.ts.map +1 -0
  469. package/dist/common/metrics-registry.js +77 -0
  470. package/dist/common/metrics-registry.js.map +1 -0
  471. package/dist/common/metrics.d.ts +204 -0
  472. package/dist/common/metrics.d.ts.map +1 -0
  473. package/dist/common/metrics.js +497 -0
  474. package/dist/common/metrics.js.map +1 -0
  475. package/dist/common/operation-tracker.d.ts +137 -0
  476. package/dist/common/operation-tracker.d.ts.map +1 -0
  477. package/dist/common/operation-tracker.js +366 -0
  478. package/dist/common/operation-tracker.js.map +1 -0
  479. package/dist/common/provenance/chain.d.ts +54 -0
  480. package/dist/common/provenance/chain.d.ts.map +1 -0
  481. package/dist/common/provenance/chain.js +252 -0
  482. package/dist/common/provenance/chain.js.map +1 -0
  483. package/dist/common/provenance/index.d.ts +14 -0
  484. package/dist/common/provenance/index.d.ts.map +1 -0
  485. package/dist/common/provenance/index.js +19 -0
  486. package/dist/common/provenance/index.js.map +1 -0
  487. package/dist/common/provenance/query.d.ts +111 -0
  488. package/dist/common/provenance/query.d.ts.map +1 -0
  489. package/dist/common/provenance/query.js +310 -0
  490. package/dist/common/provenance/query.js.map +1 -0
  491. package/dist/common/provenance/storage.d.ts +297 -0
  492. package/dist/common/provenance/storage.d.ts.map +1 -0
  493. package/dist/common/provenance/storage.js +436 -0
  494. package/dist/common/provenance/storage.js.map +1 -0
  495. package/dist/common/provenance/tracker.d.ts +57 -0
  496. package/dist/common/provenance/tracker.d.ts.map +1 -0
  497. package/dist/common/provenance/tracker.js +209 -0
  498. package/dist/common/provenance/tracker.js.map +1 -0
  499. package/dist/common/provenance/types.d.ts +146 -0
  500. package/dist/common/provenance/types.d.ts.map +1 -0
  501. package/dist/common/provenance/types.js +10 -0
  502. package/dist/common/provenance/types.js.map +1 -0
  503. package/dist/common/random.d.ts +84 -0
  504. package/dist/common/random.d.ts.map +1 -0
  505. package/dist/common/random.js +130 -0
  506. package/dist/common/random.js.map +1 -0
  507. package/dist/common/redaction.d.ts +49 -0
  508. package/dist/common/redaction.d.ts.map +1 -0
  509. package/dist/common/redaction.js +217 -0
  510. package/dist/common/redaction.js.map +1 -0
  511. package/dist/common/redis-cluster.d.ts +538 -0
  512. package/dist/common/redis-cluster.d.ts.map +1 -0
  513. package/dist/common/redis-cluster.js +1539 -0
  514. package/dist/common/redis-cluster.js.map +1 -0
  515. package/dist/common/redis-resilience.d.ts +270 -0
  516. package/dist/common/redis-resilience.d.ts.map +1 -0
  517. package/dist/common/redis-resilience.js +586 -0
  518. package/dist/common/redis-resilience.js.map +1 -0
  519. package/dist/common/redis.d.ts +19 -0
  520. package/dist/common/redis.d.ts.map +1 -0
  521. package/dist/common/redis.js +73 -0
  522. package/dist/common/redis.js.map +1 -0
  523. package/dist/common/safe-json.d.ts +246 -0
  524. package/dist/common/safe-json.d.ts.map +1 -0
  525. package/dist/common/safe-json.js +442 -0
  526. package/dist/common/safe-json.js.map +1 -0
  527. package/dist/common/secret-generator.d.ts +142 -0
  528. package/dist/common/secret-generator.d.ts.map +1 -0
  529. package/dist/common/secret-generator.js +286 -0
  530. package/dist/common/secret-generator.js.map +1 -0
  531. package/dist/common/secure-fetch.d.ts +182 -0
  532. package/dist/common/secure-fetch.d.ts.map +1 -0
  533. package/dist/common/secure-fetch.js +657 -0
  534. package/dist/common/secure-fetch.js.map +1 -0
  535. package/dist/common/security-mode.d.ts +151 -0
  536. package/dist/common/security-mode.d.ts.map +1 -0
  537. package/dist/common/security-mode.js +482 -0
  538. package/dist/common/security-mode.js.map +1 -0
  539. package/dist/common/telemetry/index.d.ts +82 -0
  540. package/dist/common/telemetry/index.d.ts.map +1 -0
  541. package/dist/common/telemetry/index.js +198 -0
  542. package/dist/common/telemetry/index.js.map +1 -0
  543. package/dist/common/telemetry/instrumentation.d.ts +167 -0
  544. package/dist/common/telemetry/instrumentation.d.ts.map +1 -0
  545. package/dist/common/telemetry/instrumentation.js +492 -0
  546. package/dist/common/telemetry/instrumentation.js.map +1 -0
  547. package/dist/common/telemetry/metrics-bridge.d.ts +227 -0
  548. package/dist/common/telemetry/metrics-bridge.d.ts.map +1 -0
  549. package/dist/common/telemetry/metrics-bridge.js +437 -0
  550. package/dist/common/telemetry/metrics-bridge.js.map +1 -0
  551. package/dist/common/telemetry/middleware.d.ts +114 -0
  552. package/dist/common/telemetry/middleware.d.ts.map +1 -0
  553. package/dist/common/telemetry/middleware.js +353 -0
  554. package/dist/common/telemetry/middleware.js.map +1 -0
  555. package/dist/common/telemetry/propagation.d.ts +221 -0
  556. package/dist/common/telemetry/propagation.d.ts.map +1 -0
  557. package/dist/common/telemetry/propagation.js +409 -0
  558. package/dist/common/telemetry/propagation.js.map +1 -0
  559. package/dist/common/telemetry/spans.d.ts +295 -0
  560. package/dist/common/telemetry/spans.d.ts.map +1 -0
  561. package/dist/common/telemetry/spans.js +439 -0
  562. package/dist/common/telemetry/spans.js.map +1 -0
  563. package/dist/common/telemetry/tracer.d.ts +155 -0
  564. package/dist/common/telemetry/tracer.d.ts.map +1 -0
  565. package/dist/common/telemetry/tracer.js +343 -0
  566. package/dist/common/telemetry/tracer.js.map +1 -0
  567. package/dist/common/telemetry.d.ts +15 -0
  568. package/dist/common/telemetry.d.ts.map +1 -0
  569. package/dist/common/telemetry.js +61 -0
  570. package/dist/common/telemetry.js.map +1 -0
  571. package/dist/common/tenant-context.d.ts +253 -0
  572. package/dist/common/tenant-context.d.ts.map +1 -0
  573. package/dist/common/tenant-context.js +259 -0
  574. package/dist/common/tenant-context.js.map +1 -0
  575. package/dist/common/tenant-verification.d.ts +86 -0
  576. package/dist/common/tenant-verification.d.ts.map +1 -0
  577. package/dist/common/tenant-verification.js +184 -0
  578. package/dist/common/tenant-verification.js.map +1 -0
  579. package/dist/common/timeout.d.ts +40 -0
  580. package/dist/common/timeout.d.ts.map +1 -0
  581. package/dist/common/timeout.js +82 -0
  582. package/dist/common/timeout.js.map +1 -0
  583. package/dist/common/token-revocation.d.ts +44 -0
  584. package/dist/common/token-revocation.d.ts.map +1 -0
  585. package/dist/common/token-revocation.js +169 -0
  586. package/dist/common/token-revocation.js.map +1 -0
  587. package/dist/common/trace.d.ts +149 -0
  588. package/dist/common/trace.d.ts.map +1 -0
  589. package/dist/common/trace.js +328 -0
  590. package/dist/common/trace.js.map +1 -0
  591. package/dist/common/trust-cache.d.ts +263 -0
  592. package/dist/common/trust-cache.d.ts.map +1 -0
  593. package/dist/common/trust-cache.js +670 -0
  594. package/dist/common/trust-cache.js.map +1 -0
  595. package/dist/common/types.d.ts +351 -0
  596. package/dist/common/types.d.ts.map +1 -0
  597. package/dist/common/types.js +55 -0
  598. package/dist/common/types.js.map +1 -0
  599. package/dist/common/validation.d.ts +113 -0
  600. package/dist/common/validation.d.ts.map +1 -0
  601. package/dist/common/validation.js +221 -0
  602. package/dist/common/validation.js.map +1 -0
  603. package/dist/db/client.d.ts +72 -0
  604. package/dist/db/client.d.ts.map +1 -0
  605. package/dist/db/client.js +110 -0
  606. package/dist/db/client.js.map +1 -0
  607. package/dist/db/index.d.ts +9 -0
  608. package/dist/db/index.d.ts.map +1 -0
  609. package/dist/db/index.js +9 -0
  610. package/dist/db/index.js.map +1 -0
  611. package/dist/db/schema/merkle.d.ts +475 -0
  612. package/dist/db/schema/merkle.d.ts.map +1 -0
  613. package/dist/db/schema/merkle.js +100 -0
  614. package/dist/db/schema/merkle.js.map +1 -0
  615. package/dist/db/schema/proofs.d.ts +412 -0
  616. package/dist/db/schema/proofs.d.ts.map +1 -0
  617. package/dist/db/schema/proofs.js +63 -0
  618. package/dist/db/schema/proofs.js.map +1 -0
  619. package/dist/enforce/adapters.d.ts +73 -0
  620. package/dist/enforce/adapters.d.ts.map +1 -0
  621. package/dist/enforce/adapters.js +293 -0
  622. package/dist/enforce/adapters.js.map +1 -0
  623. package/dist/enforce/index.d.ts +213 -0
  624. package/dist/enforce/index.d.ts.map +1 -0
  625. package/dist/enforce/index.js +630 -0
  626. package/dist/enforce/index.js.map +1 -0
  627. package/dist/enforce/repository.d.ts +203 -0
  628. package/dist/enforce/repository.d.ts.map +1 -0
  629. package/dist/enforce/repository.js +359 -0
  630. package/dist/enforce/repository.js.map +1 -0
  631. package/dist/enforce/schema.d.ts +1198 -0
  632. package/dist/enforce/schema.d.ts.map +1 -0
  633. package/dist/enforce/schema.js +257 -0
  634. package/dist/enforce/schema.js.map +1 -0
  635. package/dist/friction/index.d.ts +235 -0
  636. package/dist/friction/index.d.ts.map +1 -0
  637. package/dist/friction/index.js +636 -0
  638. package/dist/friction/index.js.map +1 -0
  639. package/dist/friction/openapi.d.ts +23 -0
  640. package/dist/friction/openapi.d.ts.map +1 -0
  641. package/dist/friction/openapi.js +883 -0
  642. package/dist/friction/openapi.js.map +1 -0
  643. package/dist/friction/routes.d.ts +14 -0
  644. package/dist/friction/routes.d.ts.map +1 -0
  645. package/dist/friction/routes.js +206 -0
  646. package/dist/friction/routes.js.map +1 -0
  647. package/dist/governance/engine.d.ts +158 -0
  648. package/dist/governance/engine.d.ts.map +1 -0
  649. package/dist/governance/engine.js +248 -0
  650. package/dist/governance/engine.js.map +1 -0
  651. package/dist/governance/evaluator.d.ts +106 -0
  652. package/dist/governance/evaluator.d.ts.map +1 -0
  653. package/dist/governance/evaluator.js +277 -0
  654. package/dist/governance/evaluator.js.map +1 -0
  655. package/dist/governance/index.d.ts +11 -0
  656. package/dist/governance/index.d.ts.map +1 -0
  657. package/dist/governance/index.js +14 -0
  658. package/dist/governance/index.js.map +1 -0
  659. package/dist/governance/policy.d.ts +152 -0
  660. package/dist/governance/policy.d.ts.map +1 -0
  661. package/dist/governance/policy.js +152 -0
  662. package/dist/governance/policy.js.map +1 -0
  663. package/dist/index.d.ts +50 -0
  664. package/dist/index.d.ts.map +1 -0
  665. package/dist/index.js +61 -0
  666. package/dist/index.js.map +1 -0
  667. package/dist/intent/adapters.d.ts +101 -0
  668. package/dist/intent/adapters.d.ts.map +1 -0
  669. package/dist/intent/adapters.js +250 -0
  670. package/dist/intent/adapters.js.map +1 -0
  671. package/dist/intent/audit.d.ts +119 -0
  672. package/dist/intent/audit.d.ts.map +1 -0
  673. package/dist/intent/audit.js +463 -0
  674. package/dist/intent/audit.js.map +1 -0
  675. package/dist/intent/classifier/index.d.ts +121 -0
  676. package/dist/intent/classifier/index.d.ts.map +1 -0
  677. package/dist/intent/classifier/index.js +232 -0
  678. package/dist/intent/classifier/index.js.map +1 -0
  679. package/dist/intent/classifier/patterns.d.ts +129 -0
  680. package/dist/intent/classifier/patterns.d.ts.map +1 -0
  681. package/dist/intent/classifier/patterns.js +471 -0
  682. package/dist/intent/classifier/patterns.js.map +1 -0
  683. package/dist/intent/classifier/risk.d.ts +177 -0
  684. package/dist/intent/classifier/risk.d.ts.map +1 -0
  685. package/dist/intent/classifier/risk.js +335 -0
  686. package/dist/intent/classifier/risk.js.map +1 -0
  687. package/dist/intent/cleanup.d.ts +24 -0
  688. package/dist/intent/cleanup.d.ts.map +1 -0
  689. package/dist/intent/cleanup.js +104 -0
  690. package/dist/intent/cleanup.js.map +1 -0
  691. package/dist/intent/consent.d.ts +238 -0
  692. package/dist/intent/consent.d.ts.map +1 -0
  693. package/dist/intent/consent.js +427 -0
  694. package/dist/intent/consent.js.map +1 -0
  695. package/dist/intent/escalation.d.ts +284 -0
  696. package/dist/intent/escalation.d.ts.map +1 -0
  697. package/dist/intent/escalation.js +618 -0
  698. package/dist/intent/escalation.js.map +1 -0
  699. package/dist/intent/gdpr-rate-limiter.d.ts +170 -0
  700. package/dist/intent/gdpr-rate-limiter.d.ts.map +1 -0
  701. package/dist/intent/gdpr-rate-limiter.js +385 -0
  702. package/dist/intent/gdpr-rate-limiter.js.map +1 -0
  703. package/dist/intent/gdpr.d.ts +323 -0
  704. package/dist/intent/gdpr.d.ts.map +1 -0
  705. package/dist/intent/gdpr.js +1013 -0
  706. package/dist/intent/gdpr.js.map +1 -0
  707. package/dist/intent/health.d.ts +214 -0
  708. package/dist/intent/health.d.ts.map +1 -0
  709. package/dist/intent/health.js +526 -0
  710. package/dist/intent/health.js.map +1 -0
  711. package/dist/intent/index.d.ts +565 -0
  712. package/dist/intent/index.d.ts.map +1 -0
  713. package/dist/intent/index.js +756 -0
  714. package/dist/intent/index.js.map +1 -0
  715. package/dist/intent/metrics.d.ts +399 -0
  716. package/dist/intent/metrics.d.ts.map +1 -0
  717. package/dist/intent/metrics.js +886 -0
  718. package/dist/intent/metrics.js.map +1 -0
  719. package/dist/intent/openapi.d.ts +22 -0
  720. package/dist/intent/openapi.d.ts.map +1 -0
  721. package/dist/intent/openapi.js +1674 -0
  722. package/dist/intent/openapi.js.map +1 -0
  723. package/dist/intent/planner/dependency.d.ts +78 -0
  724. package/dist/intent/planner/dependency.d.ts.map +1 -0
  725. package/dist/intent/planner/dependency.js +334 -0
  726. package/dist/intent/planner/dependency.js.map +1 -0
  727. package/dist/intent/planner/index.d.ts +130 -0
  728. package/dist/intent/planner/index.d.ts.map +1 -0
  729. package/dist/intent/planner/index.js +372 -0
  730. package/dist/intent/planner/index.js.map +1 -0
  731. package/dist/intent/planner/rollback.d.ts +92 -0
  732. package/dist/intent/planner/rollback.d.ts.map +1 -0
  733. package/dist/intent/planner/rollback.js +326 -0
  734. package/dist/intent/planner/rollback.js.map +1 -0
  735. package/dist/intent/planner/templates.d.ts +81 -0
  736. package/dist/intent/planner/templates.d.ts.map +1 -0
  737. package/dist/intent/planner/templates.js +560 -0
  738. package/dist/intent/planner/templates.js.map +1 -0
  739. package/dist/intent/planner/types.d.ts +38 -0
  740. package/dist/intent/planner/types.d.ts.map +1 -0
  741. package/dist/intent/planner/types.js +10 -0
  742. package/dist/intent/planner/types.js.map +1 -0
  743. package/dist/intent/queue.d.ts +150 -0
  744. package/dist/intent/queue.d.ts.map +1 -0
  745. package/dist/intent/queue.js +339 -0
  746. package/dist/intent/queue.js.map +1 -0
  747. package/dist/intent/queues.d.ts +176 -0
  748. package/dist/intent/queues.d.ts.map +1 -0
  749. package/dist/intent/queues.js +1393 -0
  750. package/dist/intent/queues.js.map +1 -0
  751. package/dist/intent/ratelimit.d.ts +147 -0
  752. package/dist/intent/ratelimit.d.ts.map +1 -0
  753. package/dist/intent/ratelimit.js +301 -0
  754. package/dist/intent/ratelimit.js.map +1 -0
  755. package/dist/intent/replay/comparator.d.ts +73 -0
  756. package/dist/intent/replay/comparator.d.ts.map +1 -0
  757. package/dist/intent/replay/comparator.js +320 -0
  758. package/dist/intent/replay/comparator.js.map +1 -0
  759. package/dist/intent/replay/index.d.ts +104 -0
  760. package/dist/intent/replay/index.d.ts.map +1 -0
  761. package/dist/intent/replay/index.js +487 -0
  762. package/dist/intent/replay/index.js.map +1 -0
  763. package/dist/intent/replay/simulator.d.ts +184 -0
  764. package/dist/intent/replay/simulator.d.ts.map +1 -0
  765. package/dist/intent/replay/simulator.js +512 -0
  766. package/dist/intent/replay/simulator.js.map +1 -0
  767. package/dist/intent/replay/snapshot.d.ts +149 -0
  768. package/dist/intent/replay/snapshot.d.ts.map +1 -0
  769. package/dist/intent/replay/snapshot.js +245 -0
  770. package/dist/intent/replay/snapshot.js.map +1 -0
  771. package/dist/intent/replay/types.d.ts +143 -0
  772. package/dist/intent/replay/types.d.ts.map +1 -0
  773. package/dist/intent/replay/types.js +10 -0
  774. package/dist/intent/replay/types.js.map +1 -0
  775. package/dist/intent/repository.d.ts +198 -0
  776. package/dist/intent/repository.d.ts.map +1 -0
  777. package/dist/intent/repository.js +538 -0
  778. package/dist/intent/repository.js.map +1 -0
  779. package/dist/intent/response-middleware.d.ts +156 -0
  780. package/dist/intent/response-middleware.d.ts.map +1 -0
  781. package/dist/intent/response-middleware.js +346 -0
  782. package/dist/intent/response-middleware.js.map +1 -0
  783. package/dist/intent/response.d.ts +267 -0
  784. package/dist/intent/response.d.ts.map +1 -0
  785. package/dist/intent/response.js +402 -0
  786. package/dist/intent/response.js.map +1 -0
  787. package/dist/intent/routes.d.ts +35 -0
  788. package/dist/intent/routes.d.ts.map +1 -0
  789. package/dist/intent/routes.js +1023 -0
  790. package/dist/intent/routes.js.map +1 -0
  791. package/dist/intent/scheduler.d.ts +45 -0
  792. package/dist/intent/scheduler.d.ts.map +1 -0
  793. package/dist/intent/scheduler.js +221 -0
  794. package/dist/intent/scheduler.js.map +1 -0
  795. package/dist/intent/schema.d.ts +3817 -0
  796. package/dist/intent/schema.d.ts.map +1 -0
  797. package/dist/intent/schema.js +631 -0
  798. package/dist/intent/schema.js.map +1 -0
  799. package/dist/intent/shutdown.d.ts +145 -0
  800. package/dist/intent/shutdown.d.ts.map +1 -0
  801. package/dist/intent/shutdown.js +468 -0
  802. package/dist/intent/shutdown.js.map +1 -0
  803. package/dist/intent/state-machine.d.ts +111 -0
  804. package/dist/intent/state-machine.d.ts.map +1 -0
  805. package/dist/intent/state-machine.js +242 -0
  806. package/dist/intent/state-machine.js.map +1 -0
  807. package/dist/intent/tracing.d.ts +152 -0
  808. package/dist/intent/tracing.d.ts.map +1 -0
  809. package/dist/intent/tracing.js +658 -0
  810. package/dist/intent/tracing.js.map +1 -0
  811. package/dist/intent/types.d.ts +188 -0
  812. package/dist/intent/types.d.ts.map +1 -0
  813. package/dist/intent/types.js +25 -0
  814. package/dist/intent/types.js.map +1 -0
  815. package/dist/intent/webhooks/delivery-repository.d.ts +80 -0
  816. package/dist/intent/webhooks/delivery-repository.d.ts.map +1 -0
  817. package/dist/intent/webhooks/delivery-repository.js +251 -0
  818. package/dist/intent/webhooks/delivery-repository.js.map +1 -0
  819. package/dist/intent/webhooks/dns-pinning.d.ts +30 -0
  820. package/dist/intent/webhooks/dns-pinning.d.ts.map +1 -0
  821. package/dist/intent/webhooks/dns-pinning.js +69 -0
  822. package/dist/intent/webhooks/dns-pinning.js.map +1 -0
  823. package/dist/intent/webhooks/index.d.ts +14 -0
  824. package/dist/intent/webhooks/index.d.ts.map +1 -0
  825. package/dist/intent/webhooks/index.js +17 -0
  826. package/dist/intent/webhooks/index.js.map +1 -0
  827. package/dist/intent/webhooks/signature.d.ts +47 -0
  828. package/dist/intent/webhooks/signature.d.ts.map +1 -0
  829. package/dist/intent/webhooks/signature.js +80 -0
  830. package/dist/intent/webhooks/signature.js.map +1 -0
  831. package/dist/intent/webhooks/ssrf-protection.d.ts +29 -0
  832. package/dist/intent/webhooks/ssrf-protection.d.ts.map +1 -0
  833. package/dist/intent/webhooks/ssrf-protection.js +161 -0
  834. package/dist/intent/webhooks/ssrf-protection.js.map +1 -0
  835. package/dist/intent/webhooks/types.d.ts +132 -0
  836. package/dist/intent/webhooks/types.d.ts.map +1 -0
  837. package/dist/intent/webhooks/types.js +14 -0
  838. package/dist/intent/webhooks/types.js.map +1 -0
  839. package/dist/intent/webhooks.d.ts +618 -0
  840. package/dist/intent/webhooks.d.ts.map +1 -0
  841. package/dist/intent/webhooks.js +1836 -0
  842. package/dist/intent/webhooks.js.map +1 -0
  843. package/dist/intent-gateway/ai-act-classifier.d.ts +18 -0
  844. package/dist/intent-gateway/ai-act-classifier.d.ts.map +1 -0
  845. package/dist/intent-gateway/ai-act-classifier.js +296 -0
  846. package/dist/intent-gateway/ai-act-classifier.js.map +1 -0
  847. package/dist/intent-gateway/index.d.ts +43 -0
  848. package/dist/intent-gateway/index.d.ts.map +1 -0
  849. package/dist/intent-gateway/index.js +236 -0
  850. package/dist/intent-gateway/index.js.map +1 -0
  851. package/dist/intent-gateway/jurisdiction-resolver.d.ts +19 -0
  852. package/dist/intent-gateway/jurisdiction-resolver.d.ts.map +1 -0
  853. package/dist/intent-gateway/jurisdiction-resolver.js +236 -0
  854. package/dist/intent-gateway/jurisdiction-resolver.js.map +1 -0
  855. package/dist/intent-gateway/policy-composer.d.ts +27 -0
  856. package/dist/intent-gateway/policy-composer.d.ts.map +1 -0
  857. package/dist/intent-gateway/policy-composer.js +418 -0
  858. package/dist/intent-gateway/policy-composer.js.map +1 -0
  859. package/dist/intent-gateway/regime-selector.d.ts +26 -0
  860. package/dist/intent-gateway/regime-selector.d.ts.map +1 -0
  861. package/dist/intent-gateway/regime-selector.js +185 -0
  862. package/dist/intent-gateway/regime-selector.js.map +1 -0
  863. package/dist/intent-gateway/types.d.ts +103 -0
  864. package/dist/intent-gateway/types.d.ts.map +1 -0
  865. package/dist/intent-gateway/types.js +85 -0
  866. package/dist/intent-gateway/types.js.map +1 -0
  867. package/dist/observability/alerts.d.ts +136 -0
  868. package/dist/observability/alerts.d.ts.map +1 -0
  869. package/dist/observability/alerts.js +485 -0
  870. package/dist/observability/alerts.js.map +1 -0
  871. package/dist/observability/health.d.ts +102 -0
  872. package/dist/observability/health.d.ts.map +1 -0
  873. package/dist/observability/health.js +415 -0
  874. package/dist/observability/health.js.map +1 -0
  875. package/dist/observability/index.d.ts +29 -0
  876. package/dist/observability/index.d.ts.map +1 -0
  877. package/dist/observability/index.js +72 -0
  878. package/dist/observability/index.js.map +1 -0
  879. package/dist/observability/logging.d.ts +90 -0
  880. package/dist/observability/logging.d.ts.map +1 -0
  881. package/dist/observability/logging.js +260 -0
  882. package/dist/observability/logging.js.map +1 -0
  883. package/dist/observability/metrics.d.ts +226 -0
  884. package/dist/observability/metrics.d.ts.map +1 -0
  885. package/dist/observability/metrics.js +527 -0
  886. package/dist/observability/metrics.js.map +1 -0
  887. package/dist/observability/tracing.d.ts +120 -0
  888. package/dist/observability/tracing.d.ts.map +1 -0
  889. package/dist/observability/tracing.js +285 -0
  890. package/dist/observability/tracing.js.map +1 -0
  891. package/dist/persistence/audit.d.ts +169 -0
  892. package/dist/persistence/audit.d.ts.map +1 -0
  893. package/dist/persistence/audit.js +342 -0
  894. package/dist/persistence/audit.js.map +1 -0
  895. package/dist/persistence/index.d.ts +13 -0
  896. package/dist/persistence/index.d.ts.map +1 -0
  897. package/dist/persistence/index.js +15 -0
  898. package/dist/persistence/index.js.map +1 -0
  899. package/dist/persistence/repository.d.ts +192 -0
  900. package/dist/persistence/repository.d.ts.map +1 -0
  901. package/dist/persistence/repository.js +223 -0
  902. package/dist/persistence/repository.js.map +1 -0
  903. package/dist/policy/diff.d.ts +88 -0
  904. package/dist/policy/diff.d.ts.map +1 -0
  905. package/dist/policy/diff.js +325 -0
  906. package/dist/policy/diff.js.map +1 -0
  907. package/dist/policy/distributed-cache.d.ts +205 -0
  908. package/dist/policy/distributed-cache.d.ts.map +1 -0
  909. package/dist/policy/distributed-cache.js +683 -0
  910. package/dist/policy/distributed-cache.js.map +1 -0
  911. package/dist/policy/evaluator.d.ts +102 -0
  912. package/dist/policy/evaluator.d.ts.map +1 -0
  913. package/dist/policy/evaluator.js +648 -0
  914. package/dist/policy/evaluator.js.map +1 -0
  915. package/dist/policy/index.d.ts +24 -0
  916. package/dist/policy/index.d.ts.map +1 -0
  917. package/dist/policy/index.js +27 -0
  918. package/dist/policy/index.js.map +1 -0
  919. package/dist/policy/loader.d.ts +63 -0
  920. package/dist/policy/loader.d.ts.map +1 -0
  921. package/dist/policy/loader.js +176 -0
  922. package/dist/policy/loader.js.map +1 -0
  923. package/dist/policy/service.d.ts +240 -0
  924. package/dist/policy/service.d.ts.map +1 -0
  925. package/dist/policy/service.js +1032 -0
  926. package/dist/policy/service.js.map +1 -0
  927. package/dist/policy/types.d.ts +220 -0
  928. package/dist/policy/types.d.ts.map +1 -0
  929. package/dist/policy/types.js +36 -0
  930. package/dist/policy/types.js.map +1 -0
  931. package/dist/policy/visual-builder/index.d.ts +201 -0
  932. package/dist/policy/visual-builder/index.d.ts.map +1 -0
  933. package/dist/policy/visual-builder/index.js +727 -0
  934. package/dist/policy/visual-builder/index.js.map +1 -0
  935. package/dist/policy/visual-builder/inheritance.d.ts +151 -0
  936. package/dist/policy/visual-builder/inheritance.d.ts.map +1 -0
  937. package/dist/policy/visual-builder/inheritance.js +314 -0
  938. package/dist/policy/visual-builder/inheritance.js.map +1 -0
  939. package/dist/policy/visual-builder/propagation.d.ts +146 -0
  940. package/dist/policy/visual-builder/propagation.d.ts.map +1 -0
  941. package/dist/policy/visual-builder/propagation.js +299 -0
  942. package/dist/policy/visual-builder/propagation.js.map +1 -0
  943. package/dist/policy/visual-builder/routes.d.ts +14 -0
  944. package/dist/policy/visual-builder/routes.d.ts.map +1 -0
  945. package/dist/policy/visual-builder/routes.js +528 -0
  946. package/dist/policy/visual-builder/routes.js.map +1 -0
  947. package/dist/policy/visual-builder/simulator.d.ts +161 -0
  948. package/dist/policy/visual-builder/simulator.d.ts.map +1 -0
  949. package/dist/policy/visual-builder/simulator.js +413 -0
  950. package/dist/policy/visual-builder/simulator.js.map +1 -0
  951. package/dist/policy/visual-builder/templates.d.ts +119 -0
  952. package/dist/policy/visual-builder/templates.d.ts.map +1 -0
  953. package/dist/policy/visual-builder/templates.js +627 -0
  954. package/dist/policy/visual-builder/templates.js.map +1 -0
  955. package/dist/proof/chain/index.d.ts +271 -0
  956. package/dist/proof/chain/index.d.ts.map +1 -0
  957. package/dist/proof/chain/index.js +483 -0
  958. package/dist/proof/chain/index.js.map +1 -0
  959. package/dist/proof/index.d.ts +206 -0
  960. package/dist/proof/index.d.ts.map +1 -0
  961. package/dist/proof/index.js +597 -0
  962. package/dist/proof/index.js.map +1 -0
  963. package/dist/proof/merkle-service.d.ts +194 -0
  964. package/dist/proof/merkle-service.d.ts.map +1 -0
  965. package/dist/proof/merkle-service.js +463 -0
  966. package/dist/proof/merkle-service.js.map +1 -0
  967. package/dist/proof/merkle.d.ts +118 -0
  968. package/dist/proof/merkle.d.ts.map +1 -0
  969. package/dist/proof/merkle.js +265 -0
  970. package/dist/proof/merkle.js.map +1 -0
  971. package/dist/security/ai-governance/access-policy.d.ts +197 -0
  972. package/dist/security/ai-governance/access-policy.d.ts.map +1 -0
  973. package/dist/security/ai-governance/access-policy.js +522 -0
  974. package/dist/security/ai-governance/access-policy.js.map +1 -0
  975. package/dist/security/ai-governance/audit-trail.d.ts +241 -0
  976. package/dist/security/ai-governance/audit-trail.d.ts.map +1 -0
  977. package/dist/security/ai-governance/audit-trail.js +645 -0
  978. package/dist/security/ai-governance/audit-trail.js.map +1 -0
  979. package/dist/security/ai-governance/bias-detection.d.ts +221 -0
  980. package/dist/security/ai-governance/bias-detection.d.ts.map +1 -0
  981. package/dist/security/ai-governance/bias-detection.js +615 -0
  982. package/dist/security/ai-governance/bias-detection.js.map +1 -0
  983. package/dist/security/ai-governance/index.d.ts +92 -0
  984. package/dist/security/ai-governance/index.d.ts.map +1 -0
  985. package/dist/security/ai-governance/index.js +184 -0
  986. package/dist/security/ai-governance/index.js.map +1 -0
  987. package/dist/security/ai-governance/middleware.d.ts +110 -0
  988. package/dist/security/ai-governance/middleware.d.ts.map +1 -0
  989. package/dist/security/ai-governance/middleware.js +359 -0
  990. package/dist/security/ai-governance/middleware.js.map +1 -0
  991. package/dist/security/ai-governance/model-registry.d.ts +229 -0
  992. package/dist/security/ai-governance/model-registry.d.ts.map +1 -0
  993. package/dist/security/ai-governance/model-registry.js +535 -0
  994. package/dist/security/ai-governance/model-registry.js.map +1 -0
  995. package/dist/security/ai-governance/output-filter.d.ts +150 -0
  996. package/dist/security/ai-governance/output-filter.d.ts.map +1 -0
  997. package/dist/security/ai-governance/output-filter.js +561 -0
  998. package/dist/security/ai-governance/output-filter.js.map +1 -0
  999. package/dist/security/ai-governance/prompt-injection.d.ts +153 -0
  1000. package/dist/security/ai-governance/prompt-injection.d.ts.map +1 -0
  1001. package/dist/security/ai-governance/prompt-injection.js +614 -0
  1002. package/dist/security/ai-governance/prompt-injection.js.map +1 -0
  1003. package/dist/security/ai-governance/rate-limiter.d.ts +156 -0
  1004. package/dist/security/ai-governance/rate-limiter.d.ts.map +1 -0
  1005. package/dist/security/ai-governance/rate-limiter.js +541 -0
  1006. package/dist/security/ai-governance/rate-limiter.js.map +1 -0
  1007. package/dist/security/ai-governance/types.d.ts +594 -0
  1008. package/dist/security/ai-governance/types.d.ts.map +1 -0
  1009. package/dist/security/ai-governance/types.js +6 -0
  1010. package/dist/security/ai-governance/types.js.map +1 -0
  1011. package/dist/security/alerting/channels/base.d.ts +91 -0
  1012. package/dist/security/alerting/channels/base.d.ts.map +1 -0
  1013. package/dist/security/alerting/channels/base.js +128 -0
  1014. package/dist/security/alerting/channels/base.js.map +1 -0
  1015. package/dist/security/alerting/channels/email.d.ts +92 -0
  1016. package/dist/security/alerting/channels/email.d.ts.map +1 -0
  1017. package/dist/security/alerting/channels/email.js +418 -0
  1018. package/dist/security/alerting/channels/email.js.map +1 -0
  1019. package/dist/security/alerting/channels/http-base.d.ts +86 -0
  1020. package/dist/security/alerting/channels/http-base.d.ts.map +1 -0
  1021. package/dist/security/alerting/channels/http-base.js +133 -0
  1022. package/dist/security/alerting/channels/http-base.js.map +1 -0
  1023. package/dist/security/alerting/channels/index.d.ts +30 -0
  1024. package/dist/security/alerting/channels/index.d.ts.map +1 -0
  1025. package/dist/security/alerting/channels/index.js +22 -0
  1026. package/dist/security/alerting/channels/index.js.map +1 -0
  1027. package/dist/security/alerting/channels/pagerduty.d.ts +70 -0
  1028. package/dist/security/alerting/channels/pagerduty.d.ts.map +1 -0
  1029. package/dist/security/alerting/channels/pagerduty.js +248 -0
  1030. package/dist/security/alerting/channels/pagerduty.js.map +1 -0
  1031. package/dist/security/alerting/channels/slack.d.ts +55 -0
  1032. package/dist/security/alerting/channels/slack.d.ts.map +1 -0
  1033. package/dist/security/alerting/channels/slack.js +215 -0
  1034. package/dist/security/alerting/channels/slack.js.map +1 -0
  1035. package/dist/security/alerting/channels/sns.d.ts +87 -0
  1036. package/dist/security/alerting/channels/sns.d.ts.map +1 -0
  1037. package/dist/security/alerting/channels/sns.js +251 -0
  1038. package/dist/security/alerting/channels/sns.js.map +1 -0
  1039. package/dist/security/alerting/channels/webhook.d.ts +92 -0
  1040. package/dist/security/alerting/channels/webhook.d.ts.map +1 -0
  1041. package/dist/security/alerting/channels/webhook.js +203 -0
  1042. package/dist/security/alerting/channels/webhook.js.map +1 -0
  1043. package/dist/security/alerting/detector.d.ts +217 -0
  1044. package/dist/security/alerting/detector.d.ts.map +1 -0
  1045. package/dist/security/alerting/detector.js +725 -0
  1046. package/dist/security/alerting/detector.js.map +1 -0
  1047. package/dist/security/alerting/index.d.ts +57 -0
  1048. package/dist/security/alerting/index.d.ts.map +1 -0
  1049. package/dist/security/alerting/index.js +214 -0
  1050. package/dist/security/alerting/index.js.map +1 -0
  1051. package/dist/security/alerting/service.d.ts +190 -0
  1052. package/dist/security/alerting/service.d.ts.map +1 -0
  1053. package/dist/security/alerting/service.js +815 -0
  1054. package/dist/security/alerting/service.js.map +1 -0
  1055. package/dist/security/alerting/types.d.ts +2165 -0
  1056. package/dist/security/alerting/types.d.ts.map +1 -0
  1057. package/dist/security/alerting/types.js +278 -0
  1058. package/dist/security/alerting/types.js.map +1 -0
  1059. package/dist/security/anomaly/detectors/account-compromise.d.ts +198 -0
  1060. package/dist/security/anomaly/detectors/account-compromise.d.ts.map +1 -0
  1061. package/dist/security/anomaly/detectors/account-compromise.js +815 -0
  1062. package/dist/security/anomaly/detectors/account-compromise.js.map +1 -0
  1063. package/dist/security/anomaly/detectors/data-exfiltration.d.ts +175 -0
  1064. package/dist/security/anomaly/detectors/data-exfiltration.d.ts.map +1 -0
  1065. package/dist/security/anomaly/detectors/data-exfiltration.js +733 -0
  1066. package/dist/security/anomaly/detectors/data-exfiltration.js.map +1 -0
  1067. package/dist/security/anomaly/detectors/geographic.d.ts +100 -0
  1068. package/dist/security/anomaly/detectors/geographic.d.ts.map +1 -0
  1069. package/dist/security/anomaly/detectors/geographic.js +348 -0
  1070. package/dist/security/anomaly/detectors/geographic.js.map +1 -0
  1071. package/dist/security/anomaly/detectors/index.d.ts +86 -0
  1072. package/dist/security/anomaly/detectors/index.d.ts.map +1 -0
  1073. package/dist/security/anomaly/detectors/index.js +118 -0
  1074. package/dist/security/anomaly/detectors/index.js.map +1 -0
  1075. package/dist/security/anomaly/detectors/lateral-movement.d.ts +168 -0
  1076. package/dist/security/anomaly/detectors/lateral-movement.d.ts.map +1 -0
  1077. package/dist/security/anomaly/detectors/lateral-movement.js +795 -0
  1078. package/dist/security/anomaly/detectors/lateral-movement.js.map +1 -0
  1079. package/dist/security/anomaly/detectors/privilege-escalation.d.ts +177 -0
  1080. package/dist/security/anomaly/detectors/privilege-escalation.d.ts.map +1 -0
  1081. package/dist/security/anomaly/detectors/privilege-escalation.js +741 -0
  1082. package/dist/security/anomaly/detectors/privilege-escalation.js.map +1 -0
  1083. package/dist/security/anomaly/detectors/temporal.d.ts +71 -0
  1084. package/dist/security/anomaly/detectors/temporal.d.ts.map +1 -0
  1085. package/dist/security/anomaly/detectors/temporal.js +398 -0
  1086. package/dist/security/anomaly/detectors/temporal.js.map +1 -0
  1087. package/dist/security/anomaly/detectors/volume.d.ts +97 -0
  1088. package/dist/security/anomaly/detectors/volume.d.ts.map +1 -0
  1089. package/dist/security/anomaly/detectors/volume.js +424 -0
  1090. package/dist/security/anomaly/detectors/volume.js.map +1 -0
  1091. package/dist/security/anomaly/index.d.ts +128 -0
  1092. package/dist/security/anomaly/index.d.ts.map +1 -0
  1093. package/dist/security/anomaly/index.js +378 -0
  1094. package/dist/security/anomaly/index.js.map +1 -0
  1095. package/dist/security/anomaly/types.d.ts +1209 -0
  1096. package/dist/security/anomaly/types.d.ts.map +1 -0
  1097. package/dist/security/anomaly/types.js +193 -0
  1098. package/dist/security/anomaly/types.js.map +1 -0
  1099. package/dist/security/api-keys/cache.d.ts +255 -0
  1100. package/dist/security/api-keys/cache.d.ts.map +1 -0
  1101. package/dist/security/api-keys/cache.js +595 -0
  1102. package/dist/security/api-keys/cache.js.map +1 -0
  1103. package/dist/security/api-keys/db-store.d.ts +150 -0
  1104. package/dist/security/api-keys/db-store.d.ts.map +1 -0
  1105. package/dist/security/api-keys/db-store.js +694 -0
  1106. package/dist/security/api-keys/db-store.js.map +1 -0
  1107. package/dist/security/api-keys/index.d.ts +29 -0
  1108. package/dist/security/api-keys/index.d.ts.map +1 -0
  1109. package/dist/security/api-keys/index.js +81 -0
  1110. package/dist/security/api-keys/index.js.map +1 -0
  1111. package/dist/security/api-keys/middleware.d.ts +164 -0
  1112. package/dist/security/api-keys/middleware.d.ts.map +1 -0
  1113. package/dist/security/api-keys/middleware.js +392 -0
  1114. package/dist/security/api-keys/middleware.js.map +1 -0
  1115. package/dist/security/api-keys/service.d.ts +226 -0
  1116. package/dist/security/api-keys/service.d.ts.map +1 -0
  1117. package/dist/security/api-keys/service.js +861 -0
  1118. package/dist/security/api-keys/service.js.map +1 -0
  1119. package/dist/security/api-keys/store.d.ts +241 -0
  1120. package/dist/security/api-keys/store.d.ts.map +1 -0
  1121. package/dist/security/api-keys/store.js +360 -0
  1122. package/dist/security/api-keys/store.js.map +1 -0
  1123. package/dist/security/api-keys/types.d.ts +718 -0
  1124. package/dist/security/api-keys/types.d.ts.map +1 -0
  1125. package/dist/security/api-keys/types.js +162 -0
  1126. package/dist/security/api-keys/types.js.map +1 -0
  1127. package/dist/security/brute-force.d.ts +390 -0
  1128. package/dist/security/brute-force.d.ts.map +1 -0
  1129. package/dist/security/brute-force.js +677 -0
  1130. package/dist/security/brute-force.js.map +1 -0
  1131. package/dist/security/config-validator.d.ts +152 -0
  1132. package/dist/security/config-validator.d.ts.map +1 -0
  1133. package/dist/security/config-validator.js +667 -0
  1134. package/dist/security/config-validator.js.map +1 -0
  1135. package/dist/security/crypto/fips-mode.d.ts +726 -0
  1136. package/dist/security/crypto/fips-mode.d.ts.map +1 -0
  1137. package/dist/security/crypto/fips-mode.js +1297 -0
  1138. package/dist/security/crypto/fips-mode.js.map +1 -0
  1139. package/dist/security/crypto/index.d.ts +203 -0
  1140. package/dist/security/crypto/index.d.ts.map +1 -0
  1141. package/dist/security/crypto/index.js +293 -0
  1142. package/dist/security/crypto/index.js.map +1 -0
  1143. package/dist/security/crypto/post-quantum/benchmark.d.ts +125 -0
  1144. package/dist/security/crypto/post-quantum/benchmark.d.ts.map +1 -0
  1145. package/dist/security/crypto/post-quantum/benchmark.js +530 -0
  1146. package/dist/security/crypto/post-quantum/benchmark.js.map +1 -0
  1147. package/dist/security/crypto/post-quantum/dilithium.d.ts +146 -0
  1148. package/dist/security/crypto/post-quantum/dilithium.d.ts.map +1 -0
  1149. package/dist/security/crypto/post-quantum/dilithium.js +662 -0
  1150. package/dist/security/crypto/post-quantum/dilithium.js.map +1 -0
  1151. package/dist/security/crypto/post-quantum/hybrid.d.ts +267 -0
  1152. package/dist/security/crypto/post-quantum/hybrid.d.ts.map +1 -0
  1153. package/dist/security/crypto/post-quantum/hybrid.js +457 -0
  1154. package/dist/security/crypto/post-quantum/hybrid.js.map +1 -0
  1155. package/dist/security/crypto/post-quantum/index.d.ts +166 -0
  1156. package/dist/security/crypto/post-quantum/index.d.ts.map +1 -0
  1157. package/dist/security/crypto/post-quantum/index.js +236 -0
  1158. package/dist/security/crypto/post-quantum/index.js.map +1 -0
  1159. package/dist/security/crypto/post-quantum/kyber.d.ts +131 -0
  1160. package/dist/security/crypto/post-quantum/kyber.d.ts.map +1 -0
  1161. package/dist/security/crypto/post-quantum/kyber.js +640 -0
  1162. package/dist/security/crypto/post-quantum/kyber.js.map +1 -0
  1163. package/dist/security/crypto/post-quantum/migration.d.ts +230 -0
  1164. package/dist/security/crypto/post-quantum/migration.d.ts.map +1 -0
  1165. package/dist/security/crypto/post-quantum/migration.js +563 -0
  1166. package/dist/security/crypto/post-quantum/migration.js.map +1 -0
  1167. package/dist/security/crypto/post-quantum/types.d.ts +1056 -0
  1168. package/dist/security/crypto/post-quantum/types.d.ts.map +1 -0
  1169. package/dist/security/crypto/post-quantum/types.js +350 -0
  1170. package/dist/security/crypto/post-quantum/types.js.map +1 -0
  1171. package/dist/security/crypto/shamir/comparison.d.ts +128 -0
  1172. package/dist/security/crypto/shamir/comparison.d.ts.map +1 -0
  1173. package/dist/security/crypto/shamir/comparison.js +423 -0
  1174. package/dist/security/crypto/shamir/comparison.js.map +1 -0
  1175. package/dist/security/crypto/shamir/index.d.ts +76 -0
  1176. package/dist/security/crypto/shamir/index.d.ts.map +1 -0
  1177. package/dist/security/crypto/shamir/index.js +155 -0
  1178. package/dist/security/crypto/shamir/index.js.map +1 -0
  1179. package/dist/security/crypto/shamir/proofs.d.ts +259 -0
  1180. package/dist/security/crypto/shamir/proofs.d.ts.map +1 -0
  1181. package/dist/security/crypto/shamir/proofs.js +605 -0
  1182. package/dist/security/crypto/shamir/proofs.js.map +1 -0
  1183. package/dist/security/crypto/shamir/property-tests.d.ts +104 -0
  1184. package/dist/security/crypto/shamir/property-tests.d.ts.map +1 -0
  1185. package/dist/security/crypto/shamir/property-tests.js +480 -0
  1186. package/dist/security/crypto/shamir/property-tests.js.map +1 -0
  1187. package/dist/security/crypto/shamir/security-analysis.d.ts +97 -0
  1188. package/dist/security/crypto/shamir/security-analysis.d.ts.map +1 -0
  1189. package/dist/security/crypto/shamir/security-analysis.js +503 -0
  1190. package/dist/security/crypto/shamir/security-analysis.js.map +1 -0
  1191. package/dist/security/crypto/shamir/test-vectors.d.ts +116 -0
  1192. package/dist/security/crypto/shamir/test-vectors.d.ts.map +1 -0
  1193. package/dist/security/crypto/shamir/test-vectors.js +377 -0
  1194. package/dist/security/crypto/shamir/test-vectors.js.map +1 -0
  1195. package/dist/security/crypto/shamir/types.d.ts +281 -0
  1196. package/dist/security/crypto/shamir/types.d.ts.map +1 -0
  1197. package/dist/security/crypto/shamir/types.js +82 -0
  1198. package/dist/security/crypto/shamir/types.js.map +1 -0
  1199. package/dist/security/crypto/shamir/verified-shamir.d.ts +170 -0
  1200. package/dist/security/crypto/shamir/verified-shamir.d.ts.map +1 -0
  1201. package/dist/security/crypto/shamir/verified-shamir.js +624 -0
  1202. package/dist/security/crypto/shamir/verified-shamir.js.map +1 -0
  1203. package/dist/security/csrf.d.ts +215 -0
  1204. package/dist/security/csrf.d.ts.map +1 -0
  1205. package/dist/security/csrf.js +467 -0
  1206. package/dist/security/csrf.js.map +1 -0
  1207. package/dist/security/distributed-state.d.ts +331 -0
  1208. package/dist/security/distributed-state.d.ts.map +1 -0
  1209. package/dist/security/distributed-state.js +768 -0
  1210. package/dist/security/distributed-state.js.map +1 -0
  1211. package/dist/security/dlp/index.d.ts +27 -0
  1212. package/dist/security/dlp/index.d.ts.map +1 -0
  1213. package/dist/security/dlp/index.js +54 -0
  1214. package/dist/security/dlp/index.js.map +1 -0
  1215. package/dist/security/dlp/scanner.d.ts +451 -0
  1216. package/dist/security/dlp/scanner.d.ts.map +1 -0
  1217. package/dist/security/dlp/scanner.js +1241 -0
  1218. package/dist/security/dlp/scanner.js.map +1 -0
  1219. package/dist/security/dpop.d.ts +260 -0
  1220. package/dist/security/dpop.d.ts.map +1 -0
  1221. package/dist/security/dpop.js +1058 -0
  1222. package/dist/security/dpop.js.map +1 -0
  1223. package/dist/security/encryption/decorators.d.ts +263 -0
  1224. package/dist/security/encryption/decorators.d.ts.map +1 -0
  1225. package/dist/security/encryption/decorators.js +359 -0
  1226. package/dist/security/encryption/decorators.js.map +1 -0
  1227. package/dist/security/encryption/index.d.ts +83 -0
  1228. package/dist/security/encryption/index.d.ts.map +1 -0
  1229. package/dist/security/encryption/index.js +140 -0
  1230. package/dist/security/encryption/index.js.map +1 -0
  1231. package/dist/security/encryption/key-provider.d.ts +335 -0
  1232. package/dist/security/encryption/key-provider.d.ts.map +1 -0
  1233. package/dist/security/encryption/key-provider.js +853 -0
  1234. package/dist/security/encryption/key-provider.js.map +1 -0
  1235. package/dist/security/encryption/middleware.d.ts +279 -0
  1236. package/dist/security/encryption/middleware.d.ts.map +1 -0
  1237. package/dist/security/encryption/middleware.js +493 -0
  1238. package/dist/security/encryption/middleware.js.map +1 -0
  1239. package/dist/security/encryption/service.d.ts +164 -0
  1240. package/dist/security/encryption/service.d.ts.map +1 -0
  1241. package/dist/security/encryption/service.js +623 -0
  1242. package/dist/security/encryption/service.js.map +1 -0
  1243. package/dist/security/encryption/types.d.ts +745 -0
  1244. package/dist/security/encryption/types.d.ts.map +1 -0
  1245. package/dist/security/encryption/types.js +229 -0
  1246. package/dist/security/encryption/types.js.map +1 -0
  1247. package/dist/security/error-sanitizer.d.ts +329 -0
  1248. package/dist/security/error-sanitizer.d.ts.map +1 -0
  1249. package/dist/security/error-sanitizer.js +700 -0
  1250. package/dist/security/error-sanitizer.js.map +1 -0
  1251. package/dist/security/fingerprint-service.d.ts +139 -0
  1252. package/dist/security/fingerprint-service.d.ts.map +1 -0
  1253. package/dist/security/fingerprint-service.js +240 -0
  1254. package/dist/security/fingerprint-service.js.map +1 -0
  1255. package/dist/security/headers/csp.d.ts +270 -0
  1256. package/dist/security/headers/csp.d.ts.map +1 -0
  1257. package/dist/security/headers/csp.js +655 -0
  1258. package/dist/security/headers/csp.js.map +1 -0
  1259. package/dist/security/headers/hsts.d.ts +161 -0
  1260. package/dist/security/headers/hsts.d.ts.map +1 -0
  1261. package/dist/security/headers/hsts.js +346 -0
  1262. package/dist/security/headers/hsts.js.map +1 -0
  1263. package/dist/security/headers/index.d.ts +47 -0
  1264. package/dist/security/headers/index.d.ts.map +1 -0
  1265. package/dist/security/headers/index.js +110 -0
  1266. package/dist/security/headers/index.js.map +1 -0
  1267. package/dist/security/headers/middleware.d.ts +70 -0
  1268. package/dist/security/headers/middleware.d.ts.map +1 -0
  1269. package/dist/security/headers/middleware.js +549 -0
  1270. package/dist/security/headers/middleware.js.map +1 -0
  1271. package/dist/security/headers/permissions-policy.d.ts +189 -0
  1272. package/dist/security/headers/permissions-policy.d.ts.map +1 -0
  1273. package/dist/security/headers/permissions-policy.js +508 -0
  1274. package/dist/security/headers/permissions-policy.js.map +1 -0
  1275. package/dist/security/headers/types.d.ts +1570 -0
  1276. package/dist/security/headers/types.d.ts.map +1 -0
  1277. package/dist/security/headers/types.js +281 -0
  1278. package/dist/security/headers/types.js.map +1 -0
  1279. package/dist/security/headers/validator.d.ts +36 -0
  1280. package/dist/security/headers/validator.d.ts.map +1 -0
  1281. package/dist/security/headers/validator.js +616 -0
  1282. package/dist/security/headers/validator.js.map +1 -0
  1283. package/dist/security/hsm/aws-cloudhsm.d.ts +157 -0
  1284. package/dist/security/hsm/aws-cloudhsm.d.ts.map +1 -0
  1285. package/dist/security/hsm/aws-cloudhsm.js +712 -0
  1286. package/dist/security/hsm/aws-cloudhsm.js.map +1 -0
  1287. package/dist/security/hsm/azure-hsm.d.ts +174 -0
  1288. package/dist/security/hsm/azure-hsm.d.ts.map +1 -0
  1289. package/dist/security/hsm/azure-hsm.js +792 -0
  1290. package/dist/security/hsm/azure-hsm.js.map +1 -0
  1291. package/dist/security/hsm/gcp-hsm.d.ts +184 -0
  1292. package/dist/security/hsm/gcp-hsm.d.ts.map +1 -0
  1293. package/dist/security/hsm/gcp-hsm.js +817 -0
  1294. package/dist/security/hsm/gcp-hsm.js.map +1 -0
  1295. package/dist/security/hsm/hsm-service.d.ts +264 -0
  1296. package/dist/security/hsm/hsm-service.d.ts.map +1 -0
  1297. package/dist/security/hsm/hsm-service.js +772 -0
  1298. package/dist/security/hsm/hsm-service.js.map +1 -0
  1299. package/dist/security/hsm/index.d.ts +248 -0
  1300. package/dist/security/hsm/index.d.ts.map +1 -0
  1301. package/dist/security/hsm/index.js +329 -0
  1302. package/dist/security/hsm/index.js.map +1 -0
  1303. package/dist/security/hsm/key-ceremony.d.ts +214 -0
  1304. package/dist/security/hsm/key-ceremony.d.ts.map +1 -0
  1305. package/dist/security/hsm/key-ceremony.js +636 -0
  1306. package/dist/security/hsm/key-ceremony.js.map +1 -0
  1307. package/dist/security/hsm/key-operations.d.ts +218 -0
  1308. package/dist/security/hsm/key-operations.d.ts.map +1 -0
  1309. package/dist/security/hsm/key-operations.js +625 -0
  1310. package/dist/security/hsm/key-operations.js.map +1 -0
  1311. package/dist/security/hsm/local-softHSM.d.ts +122 -0
  1312. package/dist/security/hsm/local-softHSM.d.ts.map +1 -0
  1313. package/dist/security/hsm/local-softHSM.js +786 -0
  1314. package/dist/security/hsm/local-softHSM.js.map +1 -0
  1315. package/dist/security/hsm/pkcs11-wrapper.d.ts +386 -0
  1316. package/dist/security/hsm/pkcs11-wrapper.d.ts.map +1 -0
  1317. package/dist/security/hsm/pkcs11-wrapper.js +1149 -0
  1318. package/dist/security/hsm/pkcs11-wrapper.js.map +1 -0
  1319. package/dist/security/hsm/provider.d.ts +333 -0
  1320. package/dist/security/hsm/provider.d.ts.map +1 -0
  1321. package/dist/security/hsm/provider.js +264 -0
  1322. package/dist/security/hsm/provider.js.map +1 -0
  1323. package/dist/security/hsm/thales-luna.d.ts +209 -0
  1324. package/dist/security/hsm/thales-luna.d.ts.map +1 -0
  1325. package/dist/security/hsm/thales-luna.js +820 -0
  1326. package/dist/security/hsm/thales-luna.js.map +1 -0
  1327. package/dist/security/incident/actions/block-ip.d.ts +82 -0
  1328. package/dist/security/incident/actions/block-ip.d.ts.map +1 -0
  1329. package/dist/security/incident/actions/block-ip.js +454 -0
  1330. package/dist/security/incident/actions/block-ip.js.map +1 -0
  1331. package/dist/security/incident/actions/collect-evidence.d.ts +93 -0
  1332. package/dist/security/incident/actions/collect-evidence.d.ts.map +1 -0
  1333. package/dist/security/incident/actions/collect-evidence.js +449 -0
  1334. package/dist/security/incident/actions/collect-evidence.js.map +1 -0
  1335. package/dist/security/incident/actions/index.d.ts +39 -0
  1336. package/dist/security/incident/actions/index.d.ts.map +1 -0
  1337. package/dist/security/incident/actions/index.js +52 -0
  1338. package/dist/security/incident/actions/index.js.map +1 -0
  1339. package/dist/security/incident/actions/isolate-system.d.ts +61 -0
  1340. package/dist/security/incident/actions/isolate-system.d.ts.map +1 -0
  1341. package/dist/security/incident/actions/isolate-system.js +369 -0
  1342. package/dist/security/incident/actions/isolate-system.js.map +1 -0
  1343. package/dist/security/incident/actions/notify-stakeholders.d.ts +70 -0
  1344. package/dist/security/incident/actions/notify-stakeholders.d.ts.map +1 -0
  1345. package/dist/security/incident/actions/notify-stakeholders.js +377 -0
  1346. package/dist/security/incident/actions/notify-stakeholders.js.map +1 -0
  1347. package/dist/security/incident/actions/revoke-credentials.d.ts +75 -0
  1348. package/dist/security/incident/actions/revoke-credentials.d.ts.map +1 -0
  1349. package/dist/security/incident/actions/revoke-credentials.js +320 -0
  1350. package/dist/security/incident/actions/revoke-credentials.js.map +1 -0
  1351. package/dist/security/incident/actions/scale-monitoring.d.ts +88 -0
  1352. package/dist/security/incident/actions/scale-monitoring.d.ts.map +1 -0
  1353. package/dist/security/incident/actions/scale-monitoring.js +473 -0
  1354. package/dist/security/incident/actions/scale-monitoring.js.map +1 -0
  1355. package/dist/security/incident/executor.d.ts +128 -0
  1356. package/dist/security/incident/executor.d.ts.map +1 -0
  1357. package/dist/security/incident/executor.js +695 -0
  1358. package/dist/security/incident/executor.js.map +1 -0
  1359. package/dist/security/incident/index.d.ts +220 -0
  1360. package/dist/security/incident/index.d.ts.map +1 -0
  1361. package/dist/security/incident/index.js +1284 -0
  1362. package/dist/security/incident/index.js.map +1 -0
  1363. package/dist/security/incident/notification.d.ts +68 -0
  1364. package/dist/security/incident/notification.d.ts.map +1 -0
  1365. package/dist/security/incident/notification.js +512 -0
  1366. package/dist/security/incident/notification.js.map +1 -0
  1367. package/dist/security/incident/playbooks/account-compromise.d.ts +13 -0
  1368. package/dist/security/incident/playbooks/account-compromise.d.ts.map +1 -0
  1369. package/dist/security/incident/playbooks/account-compromise.js +379 -0
  1370. package/dist/security/incident/playbooks/account-compromise.js.map +1 -0
  1371. package/dist/security/incident/playbooks/configuration-error.d.ts +17 -0
  1372. package/dist/security/incident/playbooks/configuration-error.d.ts.map +1 -0
  1373. package/dist/security/incident/playbooks/configuration-error.js +340 -0
  1374. package/dist/security/incident/playbooks/configuration-error.js.map +1 -0
  1375. package/dist/security/incident/playbooks/data-breach.d.ts +13 -0
  1376. package/dist/security/incident/playbooks/data-breach.d.ts.map +1 -0
  1377. package/dist/security/incident/playbooks/data-breach.js +394 -0
  1378. package/dist/security/incident/playbooks/data-breach.js.map +1 -0
  1379. package/dist/security/incident/playbooks/denial-of-service.d.ts +13 -0
  1380. package/dist/security/incident/playbooks/denial-of-service.d.ts.map +1 -0
  1381. package/dist/security/incident/playbooks/denial-of-service.js +540 -0
  1382. package/dist/security/incident/playbooks/denial-of-service.js.map +1 -0
  1383. package/dist/security/incident/playbooks/index.d.ts +36 -0
  1384. package/dist/security/incident/playbooks/index.d.ts.map +1 -0
  1385. package/dist/security/incident/playbooks/index.js +56 -0
  1386. package/dist/security/incident/playbooks/index.js.map +1 -0
  1387. package/dist/security/incident/playbooks/insider-threat.d.ts +18 -0
  1388. package/dist/security/incident/playbooks/insider-threat.d.ts.map +1 -0
  1389. package/dist/security/incident/playbooks/insider-threat.js +600 -0
  1390. package/dist/security/incident/playbooks/insider-threat.js.map +1 -0
  1391. package/dist/security/incident/playbooks/malware.d.ts +13 -0
  1392. package/dist/security/incident/playbooks/malware.d.ts.map +1 -0
  1393. package/dist/security/incident/playbooks/malware.js +515 -0
  1394. package/dist/security/incident/playbooks/malware.js.map +1 -0
  1395. package/dist/security/incident/playbooks/ransomware.d.ts +14 -0
  1396. package/dist/security/incident/playbooks/ransomware.d.ts.map +1 -0
  1397. package/dist/security/incident/playbooks/ransomware.js +693 -0
  1398. package/dist/security/incident/playbooks/ransomware.js.map +1 -0
  1399. package/dist/security/incident/playbooks/unauthorized-access.d.ts +13 -0
  1400. package/dist/security/incident/playbooks/unauthorized-access.d.ts.map +1 -0
  1401. package/dist/security/incident/playbooks/unauthorized-access.js +412 -0
  1402. package/dist/security/incident/playbooks/unauthorized-access.js.map +1 -0
  1403. package/dist/security/incident/triggers.d.ts +120 -0
  1404. package/dist/security/incident/triggers.d.ts.map +1 -0
  1405. package/dist/security/incident/triggers.js +708 -0
  1406. package/dist/security/incident/triggers.js.map +1 -0
  1407. package/dist/security/incident/types.d.ts +1517 -0
  1408. package/dist/security/incident/types.d.ts.map +1 -0
  1409. package/dist/security/incident/types.js +222 -0
  1410. package/dist/security/incident/types.js.map +1 -0
  1411. package/dist/security/index.d.ts +59 -0
  1412. package/dist/security/index.d.ts.map +1 -0
  1413. package/dist/security/index.js +295 -0
  1414. package/dist/security/index.js.map +1 -0
  1415. package/dist/security/injection-detector.d.ts +510 -0
  1416. package/dist/security/injection-detector.d.ts.map +1 -0
  1417. package/dist/security/injection-detector.js +1325 -0
  1418. package/dist/security/injection-detector.js.map +1 -0
  1419. package/dist/security/introspection.d.ts +137 -0
  1420. package/dist/security/introspection.d.ts.map +1 -0
  1421. package/dist/security/introspection.js +451 -0
  1422. package/dist/security/introspection.js.map +1 -0
  1423. package/dist/security/key-rotation.d.ts +213 -0
  1424. package/dist/security/key-rotation.d.ts.map +1 -0
  1425. package/dist/security/key-rotation.js +530 -0
  1426. package/dist/security/key-rotation.js.map +1 -0
  1427. package/dist/security/kms/aws-kms.d.ts +152 -0
  1428. package/dist/security/kms/aws-kms.d.ts.map +1 -0
  1429. package/dist/security/kms/aws-kms.js +808 -0
  1430. package/dist/security/kms/aws-kms.js.map +1 -0
  1431. package/dist/security/kms/index.d.ts +165 -0
  1432. package/dist/security/kms/index.d.ts.map +1 -0
  1433. package/dist/security/kms/index.js +351 -0
  1434. package/dist/security/kms/index.js.map +1 -0
  1435. package/dist/security/kms/local.d.ts +127 -0
  1436. package/dist/security/kms/local.d.ts.map +1 -0
  1437. package/dist/security/kms/local.js +682 -0
  1438. package/dist/security/kms/local.js.map +1 -0
  1439. package/dist/security/kms/types.d.ts +1000 -0
  1440. package/dist/security/kms/types.d.ts.map +1 -0
  1441. package/dist/security/kms/types.js +167 -0
  1442. package/dist/security/kms/types.js.map +1 -0
  1443. package/dist/security/kms/vault.d.ts +165 -0
  1444. package/dist/security/kms/vault.d.ts.map +1 -0
  1445. package/dist/security/kms/vault.js +820 -0
  1446. package/dist/security/kms/vault.js.map +1 -0
  1447. package/dist/security/mfa/index.d.ts +17 -0
  1448. package/dist/security/mfa/index.d.ts.map +1 -0
  1449. package/dist/security/mfa/index.js +37 -0
  1450. package/dist/security/mfa/index.js.map +1 -0
  1451. package/dist/security/mfa/mfa-middleware.d.ts +74 -0
  1452. package/dist/security/mfa/mfa-middleware.d.ts.map +1 -0
  1453. package/dist/security/mfa/mfa-middleware.js +244 -0
  1454. package/dist/security/mfa/mfa-middleware.js.map +1 -0
  1455. package/dist/security/mfa/mfa-service.d.ts +115 -0
  1456. package/dist/security/mfa/mfa-service.d.ts.map +1 -0
  1457. package/dist/security/mfa/mfa-service.js +509 -0
  1458. package/dist/security/mfa/mfa-service.js.map +1 -0
  1459. package/dist/security/mfa/mfa-store.d.ts +615 -0
  1460. package/dist/security/mfa/mfa-store.d.ts.map +1 -0
  1461. package/dist/security/mfa/mfa-store.js +431 -0
  1462. package/dist/security/mfa/mfa-store.js.map +1 -0
  1463. package/dist/security/mfa/types.d.ts +417 -0
  1464. package/dist/security/mfa/types.d.ts.map +1 -0
  1465. package/dist/security/mfa/types.js +123 -0
  1466. package/dist/security/mfa/types.js.map +1 -0
  1467. package/dist/security/middleware.d.ts +179 -0
  1468. package/dist/security/middleware.d.ts.map +1 -0
  1469. package/dist/security/middleware.js +534 -0
  1470. package/dist/security/middleware.js.map +1 -0
  1471. package/dist/security/pairwise-did.d.ts +157 -0
  1472. package/dist/security/pairwise-did.d.ts.map +1 -0
  1473. package/dist/security/pairwise-did.js +450 -0
  1474. package/dist/security/pairwise-did.js.map +1 -0
  1475. package/dist/security/pam/break-glass.d.ts +776 -0
  1476. package/dist/security/pam/break-glass.d.ts.map +1 -0
  1477. package/dist/security/pam/break-glass.js +1137 -0
  1478. package/dist/security/pam/break-glass.js.map +1 -0
  1479. package/dist/security/pam/index.d.ts +120 -0
  1480. package/dist/security/pam/index.d.ts.map +1 -0
  1481. package/dist/security/pam/index.js +179 -0
  1482. package/dist/security/pam/index.js.map +1 -0
  1483. package/dist/security/pam/jit-access.d.ts +482 -0
  1484. package/dist/security/pam/jit-access.d.ts.map +1 -0
  1485. package/dist/security/pam/jit-access.js +1030 -0
  1486. package/dist/security/pam/jit-access.js.map +1 -0
  1487. package/dist/security/pam/session-recording.d.ts +1007 -0
  1488. package/dist/security/pam/session-recording.d.ts.map +1 -0
  1489. package/dist/security/pam/session-recording.js +1047 -0
  1490. package/dist/security/pam/session-recording.js.map +1 -0
  1491. package/dist/security/password-hashing.d.ts +199 -0
  1492. package/dist/security/password-hashing.d.ts.map +1 -0
  1493. package/dist/security/password-hashing.js +366 -0
  1494. package/dist/security/password-hashing.js.map +1 -0
  1495. package/dist/security/password-policy.d.ts +304 -0
  1496. package/dist/security/password-policy.d.ts.map +1 -0
  1497. package/dist/security/password-policy.js +730 -0
  1498. package/dist/security/password-policy.js.map +1 -0
  1499. package/dist/security/pkce.d.ts +269 -0
  1500. package/dist/security/pkce.d.ts.map +1 -0
  1501. package/dist/security/pkce.js +408 -0
  1502. package/dist/security/pkce.js.map +1 -0
  1503. package/dist/security/policy-engine/built-in-policies.d.ts +90 -0
  1504. package/dist/security/policy-engine/built-in-policies.d.ts.map +1 -0
  1505. package/dist/security/policy-engine/built-in-policies.js +627 -0
  1506. package/dist/security/policy-engine/built-in-policies.js.map +1 -0
  1507. package/dist/security/policy-engine/condition-evaluator.d.ts +129 -0
  1508. package/dist/security/policy-engine/condition-evaluator.d.ts.map +1 -0
  1509. package/dist/security/policy-engine/condition-evaluator.js +647 -0
  1510. package/dist/security/policy-engine/condition-evaluator.js.map +1 -0
  1511. package/dist/security/policy-engine/engine.d.ts +200 -0
  1512. package/dist/security/policy-engine/engine.d.ts.map +1 -0
  1513. package/dist/security/policy-engine/engine.js +752 -0
  1514. package/dist/security/policy-engine/engine.js.map +1 -0
  1515. package/dist/security/policy-engine/index.d.ts +58 -0
  1516. package/dist/security/policy-engine/index.d.ts.map +1 -0
  1517. package/dist/security/policy-engine/index.js +80 -0
  1518. package/dist/security/policy-engine/index.js.map +1 -0
  1519. package/dist/security/policy-engine/middleware.d.ts +77 -0
  1520. package/dist/security/policy-engine/middleware.d.ts.map +1 -0
  1521. package/dist/security/policy-engine/middleware.js +375 -0
  1522. package/dist/security/policy-engine/middleware.js.map +1 -0
  1523. package/dist/security/policy-engine/rule-evaluator.d.ts +140 -0
  1524. package/dist/security/policy-engine/rule-evaluator.d.ts.map +1 -0
  1525. package/dist/security/policy-engine/rule-evaluator.js +593 -0
  1526. package/dist/security/policy-engine/rule-evaluator.js.map +1 -0
  1527. package/dist/security/policy-engine/types.d.ts +2855 -0
  1528. package/dist/security/policy-engine/types.d.ts.map +1 -0
  1529. package/dist/security/policy-engine/types.js +443 -0
  1530. package/dist/security/policy-engine/types.js.map +1 -0
  1531. package/dist/security/rbac/index.d.ts +317 -0
  1532. package/dist/security/rbac/index.d.ts.map +1 -0
  1533. package/dist/security/rbac/index.js +618 -0
  1534. package/dist/security/rbac/index.js.map +1 -0
  1535. package/dist/security/rbac/permissions.d.ts +305 -0
  1536. package/dist/security/rbac/permissions.d.ts.map +1 -0
  1537. package/dist/security/rbac/permissions.js +947 -0
  1538. package/dist/security/rbac/permissions.js.map +1 -0
  1539. package/dist/security/rbac/policy-engine.d.ts +542 -0
  1540. package/dist/security/rbac/policy-engine.d.ts.map +1 -0
  1541. package/dist/security/rbac/policy-engine.js +1244 -0
  1542. package/dist/security/rbac/policy-engine.js.map +1 -0
  1543. package/dist/security/rbac/roles.d.ts +478 -0
  1544. package/dist/security/rbac/roles.d.ts.map +1 -0
  1545. package/dist/security/rbac/roles.js +363 -0
  1546. package/dist/security/rbac/roles.js.map +1 -0
  1547. package/dist/security/refresh-token.d.ts +305 -0
  1548. package/dist/security/refresh-token.d.ts.map +1 -0
  1549. package/dist/security/refresh-token.js +674 -0
  1550. package/dist/security/refresh-token.js.map +1 -0
  1551. package/dist/security/request-integrity.d.ts +289 -0
  1552. package/dist/security/request-integrity.d.ts.map +1 -0
  1553. package/dist/security/request-integrity.js +663 -0
  1554. package/dist/security/request-integrity.js.map +1 -0
  1555. package/dist/security/revocation-check.d.ts +188 -0
  1556. package/dist/security/revocation-check.d.ts.map +1 -0
  1557. package/dist/security/revocation-check.js +606 -0
  1558. package/dist/security/revocation-check.js.map +1 -0
  1559. package/dist/security/revocation.d.ts +191 -0
  1560. package/dist/security/revocation.d.ts.map +1 -0
  1561. package/dist/security/revocation.js +522 -0
  1562. package/dist/security/revocation.js.map +1 -0
  1563. package/dist/security/secrets-rotation.d.ts +501 -0
  1564. package/dist/security/secrets-rotation.d.ts.map +1 -0
  1565. package/dist/security/secrets-rotation.js +934 -0
  1566. package/dist/security/secrets-rotation.js.map +1 -0
  1567. package/dist/security/secure-memory.d.ts +325 -0
  1568. package/dist/security/secure-memory.d.ts.map +1 -0
  1569. package/dist/security/secure-memory.js +595 -0
  1570. package/dist/security/secure-memory.js.map +1 -0
  1571. package/dist/security/security-service.d.ts +186 -0
  1572. package/dist/security/security-service.d.ts.map +1 -0
  1573. package/dist/security/security-service.js +531 -0
  1574. package/dist/security/security-service.js.map +1 -0
  1575. package/dist/security/service-auth/index.d.ts +20 -0
  1576. package/dist/security/service-auth/index.d.ts.map +1 -0
  1577. package/dist/security/service-auth/index.js +61 -0
  1578. package/dist/security/service-auth/index.js.map +1 -0
  1579. package/dist/security/service-auth/service-account.d.ts +357 -0
  1580. package/dist/security/service-auth/service-account.d.ts.map +1 -0
  1581. package/dist/security/service-auth/service-account.js +475 -0
  1582. package/dist/security/service-auth/service-account.js.map +1 -0
  1583. package/dist/security/service-auth/service-auth-middleware.d.ts +174 -0
  1584. package/dist/security/service-auth/service-auth-middleware.d.ts.map +1 -0
  1585. package/dist/security/service-auth/service-auth-middleware.js +461 -0
  1586. package/dist/security/service-auth/service-auth-middleware.js.map +1 -0
  1587. package/dist/security/service-auth/service-token.d.ts +391 -0
  1588. package/dist/security/service-auth/service-token.d.ts.map +1 -0
  1589. package/dist/security/service-auth/service-token.js +472 -0
  1590. package/dist/security/service-auth/service-token.js.map +1 -0
  1591. package/dist/security/session-manager.d.ts +177 -0
  1592. package/dist/security/session-manager.d.ts.map +1 -0
  1593. package/dist/security/session-manager.js +353 -0
  1594. package/dist/security/session-manager.js.map +1 -0
  1595. package/dist/security/session-store.d.ts +205 -0
  1596. package/dist/security/session-store.d.ts.map +1 -0
  1597. package/dist/security/session-store.js +581 -0
  1598. package/dist/security/session-store.js.map +1 -0
  1599. package/dist/security/siem/connector.d.ts +147 -0
  1600. package/dist/security/siem/connector.d.ts.map +1 -0
  1601. package/dist/security/siem/connector.js +254 -0
  1602. package/dist/security/siem/connector.js.map +1 -0
  1603. package/dist/security/siem/datadog.d.ts +81 -0
  1604. package/dist/security/siem/datadog.d.ts.map +1 -0
  1605. package/dist/security/siem/datadog.js +362 -0
  1606. package/dist/security/siem/datadog.js.map +1 -0
  1607. package/dist/security/siem/elastic.d.ts +83 -0
  1608. package/dist/security/siem/elastic.d.ts.map +1 -0
  1609. package/dist/security/siem/elastic.js +514 -0
  1610. package/dist/security/siem/elastic.js.map +1 -0
  1611. package/dist/security/siem/enrichment.d.ts +133 -0
  1612. package/dist/security/siem/enrichment.d.ts.map +1 -0
  1613. package/dist/security/siem/enrichment.js +434 -0
  1614. package/dist/security/siem/enrichment.js.map +1 -0
  1615. package/dist/security/siem/formatter.d.ts +118 -0
  1616. package/dist/security/siem/formatter.d.ts.map +1 -0
  1617. package/dist/security/siem/formatter.js +381 -0
  1618. package/dist/security/siem/formatter.js.map +1 -0
  1619. package/dist/security/siem/hooks.d.ts +107 -0
  1620. package/dist/security/siem/hooks.d.ts.map +1 -0
  1621. package/dist/security/siem/hooks.js +459 -0
  1622. package/dist/security/siem/hooks.js.map +1 -0
  1623. package/dist/security/siem/index.d.ts +83 -0
  1624. package/dist/security/siem/index.d.ts.map +1 -0
  1625. package/dist/security/siem/index.js +95 -0
  1626. package/dist/security/siem/index.js.map +1 -0
  1627. package/dist/security/siem/service.d.ts +153 -0
  1628. package/dist/security/siem/service.d.ts.map +1 -0
  1629. package/dist/security/siem/service.js +615 -0
  1630. package/dist/security/siem/service.js.map +1 -0
  1631. package/dist/security/siem/splunk.d.ts +76 -0
  1632. package/dist/security/siem/splunk.d.ts.map +1 -0
  1633. package/dist/security/siem/splunk.js +283 -0
  1634. package/dist/security/siem/splunk.js.map +1 -0
  1635. package/dist/security/siem/types.d.ts +1980 -0
  1636. package/dist/security/siem/types.d.ts.map +1 -0
  1637. package/dist/security/siem/types.js +268 -0
  1638. package/dist/security/siem/types.js.map +1 -0
  1639. package/dist/security/tee-production.d.ts +157 -0
  1640. package/dist/security/tee-production.d.ts.map +1 -0
  1641. package/dist/security/tee-production.js +792 -0
  1642. package/dist/security/tee-production.js.map +1 -0
  1643. package/dist/security/tee.d.ts +182 -0
  1644. package/dist/security/tee.d.ts.map +1 -0
  1645. package/dist/security/tee.js +1031 -0
  1646. package/dist/security/tee.js.map +1 -0
  1647. package/dist/security/threat-intel/bot-detection.d.ts +275 -0
  1648. package/dist/security/threat-intel/bot-detection.d.ts.map +1 -0
  1649. package/dist/security/threat-intel/bot-detection.js +890 -0
  1650. package/dist/security/threat-intel/bot-detection.js.map +1 -0
  1651. package/dist/security/threat-intel/credential-stuffing.d.ts +368 -0
  1652. package/dist/security/threat-intel/credential-stuffing.d.ts.map +1 -0
  1653. package/dist/security/threat-intel/credential-stuffing.js +957 -0
  1654. package/dist/security/threat-intel/credential-stuffing.js.map +1 -0
  1655. package/dist/security/threat-intel/index.d.ts +10 -0
  1656. package/dist/security/threat-intel/index.d.ts.map +1 -0
  1657. package/dist/security/threat-intel/index.js +18 -0
  1658. package/dist/security/threat-intel/index.js.map +1 -0
  1659. package/dist/security/threat-intel/ip-reputation.d.ts +323 -0
  1660. package/dist/security/threat-intel/ip-reputation.d.ts.map +1 -0
  1661. package/dist/security/threat-intel/ip-reputation.js +923 -0
  1662. package/dist/security/threat-intel/ip-reputation.js.map +1 -0
  1663. package/dist/security/token-lifecycle.d.ts +272 -0
  1664. package/dist/security/token-lifecycle.d.ts.map +1 -0
  1665. package/dist/security/token-lifecycle.js +732 -0
  1666. package/dist/security/token-lifecycle.js.map +1 -0
  1667. package/dist/security/token-lifetime.d.ts +206 -0
  1668. package/dist/security/token-lifetime.d.ts.map +1 -0
  1669. package/dist/security/token-lifetime.js +388 -0
  1670. package/dist/security/token-lifetime.js.map +1 -0
  1671. package/dist/security/trust-oracle/alerts.d.ts +202 -0
  1672. package/dist/security/trust-oracle/alerts.d.ts.map +1 -0
  1673. package/dist/security/trust-oracle/alerts.js +763 -0
  1674. package/dist/security/trust-oracle/alerts.js.map +1 -0
  1675. package/dist/security/trust-oracle/api.d.ts +116 -0
  1676. package/dist/security/trust-oracle/api.d.ts.map +1 -0
  1677. package/dist/security/trust-oracle/api.js +721 -0
  1678. package/dist/security/trust-oracle/api.js.map +1 -0
  1679. package/dist/security/trust-oracle/continuous-monitoring.d.ts +105 -0
  1680. package/dist/security/trust-oracle/continuous-monitoring.d.ts.map +1 -0
  1681. package/dist/security/trust-oracle/continuous-monitoring.js +696 -0
  1682. package/dist/security/trust-oracle/continuous-monitoring.js.map +1 -0
  1683. package/dist/security/trust-oracle/data-sources.d.ts +126 -0
  1684. package/dist/security/trust-oracle/data-sources.d.ts.map +1 -0
  1685. package/dist/security/trust-oracle/data-sources.js +867 -0
  1686. package/dist/security/trust-oracle/data-sources.js.map +1 -0
  1687. package/dist/security/trust-oracle/index.d.ts +79 -0
  1688. package/dist/security/trust-oracle/index.d.ts.map +1 -0
  1689. package/dist/security/trust-oracle/index.js +206 -0
  1690. package/dist/security/trust-oracle/index.js.map +1 -0
  1691. package/dist/security/trust-oracle/oracle.d.ts +125 -0
  1692. package/dist/security/trust-oracle/oracle.d.ts.map +1 -0
  1693. package/dist/security/trust-oracle/oracle.js +489 -0
  1694. package/dist/security/trust-oracle/oracle.js.map +1 -0
  1695. package/dist/security/trust-oracle/reporting.d.ts +145 -0
  1696. package/dist/security/trust-oracle/reporting.d.ts.map +1 -0
  1697. package/dist/security/trust-oracle/reporting.js +1098 -0
  1698. package/dist/security/trust-oracle/reporting.js.map +1 -0
  1699. package/dist/security/trust-oracle/risk-scorer.d.ts +207 -0
  1700. package/dist/security/trust-oracle/risk-scorer.d.ts.map +1 -0
  1701. package/dist/security/trust-oracle/risk-scorer.js +1033 -0
  1702. package/dist/security/trust-oracle/risk-scorer.js.map +1 -0
  1703. package/dist/security/trust-oracle/types.d.ts +444 -0
  1704. package/dist/security/trust-oracle/types.d.ts.map +1 -0
  1705. package/dist/security/trust-oracle/types.js +6 -0
  1706. package/dist/security/trust-oracle/types.js.map +1 -0
  1707. package/dist/security/trust-oracle/vendor-registry.d.ts +228 -0
  1708. package/dist/security/trust-oracle/vendor-registry.d.ts.map +1 -0
  1709. package/dist/security/trust-oracle/vendor-registry.js +727 -0
  1710. package/dist/security/trust-oracle/vendor-registry.js.map +1 -0
  1711. package/dist/security/types.d.ts +1777 -0
  1712. package/dist/security/types.d.ts.map +1 -0
  1713. package/dist/security/types.js +388 -0
  1714. package/dist/security/types.js.map +1 -0
  1715. package/dist/security/webauthn/index.d.ts +47 -0
  1716. package/dist/security/webauthn/index.d.ts.map +1 -0
  1717. package/dist/security/webauthn/index.js +48 -0
  1718. package/dist/security/webauthn/index.js.map +1 -0
  1719. package/dist/security/webauthn/middleware.d.ts +109 -0
  1720. package/dist/security/webauthn/middleware.d.ts.map +1 -0
  1721. package/dist/security/webauthn/middleware.js +629 -0
  1722. package/dist/security/webauthn/middleware.js.map +1 -0
  1723. package/dist/security/webauthn/service.d.ts +179 -0
  1724. package/dist/security/webauthn/service.d.ts.map +1 -0
  1725. package/dist/security/webauthn/service.js +758 -0
  1726. package/dist/security/webauthn/service.js.map +1 -0
  1727. package/dist/security/webauthn/store.d.ts +240 -0
  1728. package/dist/security/webauthn/store.d.ts.map +1 -0
  1729. package/dist/security/webauthn/store.js +505 -0
  1730. package/dist/security/webauthn/store.js.map +1 -0
  1731. package/dist/security/webauthn/types.d.ts +678 -0
  1732. package/dist/security/webauthn/types.d.ts.map +1 -0
  1733. package/dist/security/webauthn/types.js +176 -0
  1734. package/dist/security/webauthn/types.js.map +1 -0
  1735. package/dist/security/zkp/circuits.d.ts +296 -0
  1736. package/dist/security/zkp/circuits.d.ts.map +1 -0
  1737. package/dist/security/zkp/circuits.js +771 -0
  1738. package/dist/security/zkp/circuits.js.map +1 -0
  1739. package/dist/security/zkp/commitment.d.ts +319 -0
  1740. package/dist/security/zkp/commitment.d.ts.map +1 -0
  1741. package/dist/security/zkp/commitment.js +591 -0
  1742. package/dist/security/zkp/commitment.js.map +1 -0
  1743. package/dist/security/zkp/compliance.d.ts +251 -0
  1744. package/dist/security/zkp/compliance.d.ts.map +1 -0
  1745. package/dist/security/zkp/compliance.js +734 -0
  1746. package/dist/security/zkp/compliance.js.map +1 -0
  1747. package/dist/security/zkp/index.d.ts +184 -0
  1748. package/dist/security/zkp/index.d.ts.map +1 -0
  1749. package/dist/security/zkp/index.js +285 -0
  1750. package/dist/security/zkp/index.js.map +1 -0
  1751. package/dist/security/zkp/integration.d.ts +289 -0
  1752. package/dist/security/zkp/integration.d.ts.map +1 -0
  1753. package/dist/security/zkp/integration.js +571 -0
  1754. package/dist/security/zkp/integration.js.map +1 -0
  1755. package/dist/security/zkp/prover.d.ts +158 -0
  1756. package/dist/security/zkp/prover.d.ts.map +1 -0
  1757. package/dist/security/zkp/prover.js +465 -0
  1758. package/dist/security/zkp/prover.js.map +1 -0
  1759. package/dist/security/zkp/snark-utils.d.ts +321 -0
  1760. package/dist/security/zkp/snark-utils.d.ts.map +1 -0
  1761. package/dist/security/zkp/snark-utils.js +640 -0
  1762. package/dist/security/zkp/snark-utils.js.map +1 -0
  1763. package/dist/security/zkp/types.d.ts +1192 -0
  1764. package/dist/security/zkp/types.d.ts.map +1 -0
  1765. package/dist/security/zkp/types.js +264 -0
  1766. package/dist/security/zkp/types.js.map +1 -0
  1767. package/dist/security/zkp/verifier.d.ts +111 -0
  1768. package/dist/security/zkp/verifier.d.ts.map +1 -0
  1769. package/dist/security/zkp/verifier.js +554 -0
  1770. package/dist/security/zkp/verifier.js.map +1 -0
  1771. package/dist/semantic-governance/context-validator.d.ts +158 -0
  1772. package/dist/semantic-governance/context-validator.d.ts.map +1 -0
  1773. package/dist/semantic-governance/context-validator.js +598 -0
  1774. package/dist/semantic-governance/context-validator.js.map +1 -0
  1775. package/dist/semantic-governance/credential-manager.d.ts +156 -0
  1776. package/dist/semantic-governance/credential-manager.d.ts.map +1 -0
  1777. package/dist/semantic-governance/credential-manager.js +438 -0
  1778. package/dist/semantic-governance/credential-manager.js.map +1 -0
  1779. package/dist/semantic-governance/dual-channel.d.ts +138 -0
  1780. package/dist/semantic-governance/dual-channel.d.ts.map +1 -0
  1781. package/dist/semantic-governance/dual-channel.js +333 -0
  1782. package/dist/semantic-governance/dual-channel.js.map +1 -0
  1783. package/dist/semantic-governance/index.d.ts +107 -0
  1784. package/dist/semantic-governance/index.d.ts.map +1 -0
  1785. package/dist/semantic-governance/index.js +141 -0
  1786. package/dist/semantic-governance/index.js.map +1 -0
  1787. package/dist/semantic-governance/inference-validator.d.ts +114 -0
  1788. package/dist/semantic-governance/inference-validator.d.ts.map +1 -0
  1789. package/dist/semantic-governance/inference-validator.js +390 -0
  1790. package/dist/semantic-governance/inference-validator.js.map +1 -0
  1791. package/dist/semantic-governance/instruction-validator.d.ts +146 -0
  1792. package/dist/semantic-governance/instruction-validator.d.ts.map +1 -0
  1793. package/dist/semantic-governance/instruction-validator.js +363 -0
  1794. package/dist/semantic-governance/instruction-validator.js.map +1 -0
  1795. package/dist/semantic-governance/integration.d.ts +253 -0
  1796. package/dist/semantic-governance/integration.d.ts.map +1 -0
  1797. package/dist/semantic-governance/integration.js +658 -0
  1798. package/dist/semantic-governance/integration.js.map +1 -0
  1799. package/dist/semantic-governance/output-validator.d.ts +135 -0
  1800. package/dist/semantic-governance/output-validator.d.ts.map +1 -0
  1801. package/dist/semantic-governance/output-validator.js +448 -0
  1802. package/dist/semantic-governance/output-validator.js.map +1 -0
  1803. package/dist/semantic-governance/service.d.ts +120 -0
  1804. package/dist/semantic-governance/service.d.ts.map +1 -0
  1805. package/dist/semantic-governance/service.js +527 -0
  1806. package/dist/semantic-governance/service.js.map +1 -0
  1807. package/dist/semantic-governance/types.d.ts +3925 -0
  1808. package/dist/semantic-governance/types.d.ts.map +1 -0
  1809. package/dist/semantic-governance/types.js +471 -0
  1810. package/dist/semantic-governance/types.js.map +1 -0
  1811. package/dist/trust-engine/car-integration.d.ts +263 -0
  1812. package/dist/trust-engine/car-integration.d.ts.map +1 -0
  1813. package/dist/trust-engine/car-integration.js +320 -0
  1814. package/dist/trust-engine/car-integration.js.map +1 -0
  1815. package/dist/trust-engine/context.d.ts +198 -0
  1816. package/dist/trust-engine/context.d.ts.map +1 -0
  1817. package/dist/trust-engine/context.js +308 -0
  1818. package/dist/trust-engine/context.js.map +1 -0
  1819. package/dist/trust-engine/diminishing-returns.d.ts +123 -0
  1820. package/dist/trust-engine/diminishing-returns.d.ts.map +1 -0
  1821. package/dist/trust-engine/diminishing-returns.js +197 -0
  1822. package/dist/trust-engine/diminishing-returns.js.map +1 -0
  1823. package/dist/trust-engine/index.d.ts +433 -0
  1824. package/dist/trust-engine/index.d.ts.map +1 -0
  1825. package/dist/trust-engine/index.js +1241 -0
  1826. package/dist/trust-engine/index.js.map +1 -0
  1827. package/dist/trust-engine/observability.d.ts +175 -0
  1828. package/dist/trust-engine/observability.d.ts.map +1 -0
  1829. package/dist/trust-engine/observability.js +246 -0
  1830. package/dist/trust-engine/observability.js.map +1 -0
  1831. package/dist/trust-engine/signal-diversity.d.ts +130 -0
  1832. package/dist/trust-engine/signal-diversity.d.ts.map +1 -0
  1833. package/dist/trust-engine/signal-diversity.js +238 -0
  1834. package/dist/trust-engine/signal-diversity.js.map +1 -0
  1835. package/dist/versioning/deprecation.d.ts +65 -0
  1836. package/dist/versioning/deprecation.d.ts.map +1 -0
  1837. package/dist/versioning/deprecation.js +199 -0
  1838. package/dist/versioning/deprecation.js.map +1 -0
  1839. package/dist/versioning/index.d.ts +46 -0
  1840. package/dist/versioning/index.d.ts.map +1 -0
  1841. package/dist/versioning/index.js +76 -0
  1842. package/dist/versioning/index.js.map +1 -0
  1843. package/dist/versioning/semver.d.ts +116 -0
  1844. package/dist/versioning/semver.d.ts.map +1 -0
  1845. package/dist/versioning/semver.js +321 -0
  1846. package/dist/versioning/semver.js.map +1 -0
  1847. package/package.json +161 -0
package/dist/api/server.js ADDED
@@ -0,0 +1,2086 @@
1
+ /* eslint-disable @typescript-eslint/ban-ts-comment */
2
+ /**
3
+ * API Server
4
+ *
5
+ * Fastify server providing REST API for Vorion platform.
6
+ *
7
+ * @packageDocumentation
8
+ */
9
+ import Fastify from 'fastify';
10
+ import fastifyStatic from '@fastify/static';
11
+ import cors from '@fastify/cors';
12
+ import helmet from '@fastify/helmet';
13
+ import rateLimit from '@fastify/rate-limit';
14
+ import fastifyJwt from '@fastify/jwt';
15
+ import { join } from 'node:path';
16
+ import { createLogger, logger } from '../common/logger.js';
17
+ import { getConfig } from '../common/config.js';
18
+ import { extractTraceFromHeaders, createTraceContext, } from '../common/trace.js';
19
+ // Note: Database and Redis health checks are now handled by globalHealthCheck/globalReadinessCheck
20
+ // in src/intent/health.ts which provides unified health monitoring
21
+ import { z } from 'zod';
22
+ import { createIntentService, intentSubmissionSchema, bulkIntentSubmissionSchema, PAYLOAD_LIMITS, } from '../intent/index.js';
23
+ import { createAuditService } from '../audit/service.js';
24
+ import { createPolicyService, getPolicyLoader, POLICY_STATUSES, } from '../policy/index.js';
25
+ import { PolicyValidationException } from '../policy/service.js';
26
+ import { registerIntentWorkers, retryDeadLetterJob, enqueueIntentSubmission, } from '../intent/queues.js';
27
+ import { isServerShuttingDown, shutdownRequestHook, shutdownResponseHook, registerShutdownHandlers, getActiveRequestCount, } from '../intent/shutdown.js';
28
+ import { createEscalationService } from '../intent/escalation.js';
29
+ import { createWebhookService } from '../intent/webhooks.js';
30
+ import { getMetrics, getMetricsContentType, tokenRevocationChecks } from '../intent/metrics.js';
31
+ import { startScheduler, getSchedulerStatus, runCleanupNow } from '../intent/scheduler.js';
32
+ import { livenessCheck as intentLivenessCheck, intentReadinessCheck as intentModuleReadinessCheck, validateStartupDependencies, globalHealthCheck, globalReadinessCheck, } from '../intent/health.js';
33
+ import { createGdprService, enqueueGdprExport, registerGdprWorker, } from '../intent/gdpr.js';
34
+ import { INTENT_STATUSES } from '../common/types.js';
35
+ import { createTokenRevocationService, validateJti, recordTokenRevocationAudit, } from '../common/token-revocation.js';
36
+ import { POLICY_ROLES, checkAuthorization, } from '../common/authorization.js';
37
+ import { ForbiddenError, } from '../common/errors.js';
38
+ import { createProofService } from '../proof/index.js';
39
+ import { createTrustEngine, TRUST_LEVEL_NAMES } from '../trust-engine/index.js';
40
+ import { validateRule } from '../basis/parser.js';
41
+ import { requireTenantMembership } from '../common/tenant-verification.js';
42
+ import { verifyGroupMembership, isAssignedApprover, assignApprover, removeApprover, listApprovers, } from '../common/group-membership.js';
43
+ import { CSRFProtection, } from '../security/index.js';
44
+ import { createStandardErrorHandler, sendSuccess, sendError, sendNotFound, sendCursorPaginated, } from '../intent/response-middleware.js';
45
+ import { HttpStatus } from '../intent/response.js';
46
+ import { createTenantContext, extractTenantId, } from '../common/tenant-context.js';
47
+ // TODO: These modules are planned but not yet implemented
48
+ // import { registerExtensionRoutes } from './routes/extensions.js';
49
+ // import { versioningPlugin, CURRENT_VERSION, getVersionedPrefix } from './versioning/index.js';
50
+ // import { v1RoutesPlugin } from './v1/index.js';
51
+ // import { backwardCompatPlugin } from './versioning/backward-compat.js';
52
+ import { apiKeyEnforcementPlugin } from './middleware/api-key-enforcement.js';
53
+ import { metricsMiddleware } from './middleware/metrics.js';
54
+ import { startMemoryMetricsCollection, } from '../common/metrics.js';
55
+ // TODO: Migration checker not yet implemented
56
+ // import {
57
+ // checkAndRunMigrations,
58
+ // PendingMigrationsError,
59
+ // CriticalSchemaDriftError,
60
+ // } from '../db/migration-checker.js';
61
+ // New modules - A2A, Agent Registry, Observability, Friction Feedback, Visual Policy Builder
62
+ import { registerA2ARoutes } from '../a2a/routes.js';
63
+ import { registerAgentRegistryRoutes } from '../agent-registry/routes.js';
64
+ import { registerHealthRoutes as registerObservabilityHealthRoutes } from '../observability/health.js';
65
+ import { registerFrictionRoutes } from '../friction/routes.js';
66
+ import { registerVisualPolicyBuilderRoutes } from '../policy/visual-builder/routes.js';
67
+ const apiLogger = createLogger({ component: 'api' });
68
+ const intentService = createIntentService();
69
+ const escalationService = createEscalationService();
70
+ const auditService = createAuditService();
71
+ const policyService = createPolicyService();
72
+ const policyLoader = getPolicyLoader();
73
+ const webhookService = createWebhookService();
74
+ const tokenRevocationService = createTokenRevocationService();
75
+ const gdprService = createGdprService();
76
+ const proofService = createProofService();
77
+ const trustEngine = createTrustEngine();
78
+ const intentIdParamsSchema = z.object({
79
+ id: z.string().uuid(),
80
+ });
81
+ const intentListQuerySchema = z.object({
82
+ entityId: z.string().uuid().optional(),
83
+ status: z
84
+ .string()
85
+ .refine((value) => INTENT_STATUSES.includes(value), {
86
+ message: 'Invalid status',
87
+ })
88
+ .optional(),
89
+ limit: z.coerce.number().int().min(1).max(100).optional(),
90
+ cursor: z.string().uuid().optional(),
91
+ });
92
+ const intentCancelBodySchema = z.object({
93
+ reason: z.string().min(1).max(500),
94
+ });
95
+ const escalationIdParamsSchema = z.object({
96
+ id: z.string().uuid(),
97
+ });
98
+ const proofIdParamsSchema = z.object({
99
+ id: z.string().uuid(),
100
+ });
101
+ const trustEntityIdParamsSchema = z.object({
102
+ entityId: z.string().uuid(),
103
+ });
104
+ const constraintValidationBodySchema = z.object({
105
+ rule: z.object({
106
+ id: z.string(),
107
+ name: z.string(),
108
+ description: z.string().optional(),
109
+ priority: z.number().optional(),
110
+ enabled: z.boolean().optional(),
111
+ when: z.object({
112
+ intentType: z.union([z.string(), z.array(z.string())]).optional(),
113
+ entityType: z.union([z.string(), z.array(z.string())]).optional(),
114
+ conditions: z.array(z.object({
115
+ field: z.string(),
116
+ operator: z.enum([
117
+ 'equals', 'not_equals', 'greater_than', 'less_than',
118
+ 'greater_than_or_equal', 'less_than_or_equal',
119
+ 'in', 'not_in', 'contains', 'not_contains',
120
+ 'matches', 'exists', 'not_exists',
121
+ ]),
122
+ value: z.unknown(),
123
+ })).optional(),
124
+ }),
125
+ evaluate: z.array(z.object({
126
+ condition: z.string(),
127
+ result: z.enum(['allow', 'deny', 'escalate', 'limit', 'monitor', 'terminate']),
128
+ reason: z.string().optional(),
129
+ escalation: z.object({
130
+ to: z.string(),
131
+ timeout: z.string(),
132
+ requireJustification: z.boolean().optional(),
133
+ autoDenyOnTimeout: z.boolean().optional(),
134
+ }).optional(),
135
+ })),
136
+ metadata: z.record(z.unknown()).optional(),
137
+ }),
138
+ });
139
+ const escalationResolveBodySchema = z.object({
140
+ notes: z.string().max(1000).optional(),
141
+ });
142
+ /**
143
+ * SECURE Authorization helper: Check if user can resolve an escalation
144
+ *
145
+ * SECURITY FIX: This function now verifies group membership against the database,
146
+ * NOT trusting JWT claims which can be manipulated by attackers.
147
+ *
148
+ * Authorization is granted if ANY of the following are true:
149
+ * 1. User has admin role (verified from token, but roles are signed by auth server)
150
+ * 2. User is directly assigned as an approver for this escalation (database check)
151
+ * 3. User is the direct target of the escalation (escalatedTo === userId)
152
+ * 4. User has verified group membership matching escalatedTo (database check)
153
+ *
154
+ * All authorization decisions are logged for audit purposes.
155
+ */
156
+ async function canResolveEscalation(user, escalation, userTenantId) {
157
+ const userId = user.sub;
158
+ const escalationId = escalation.id;
159
+ // Tenant isolation: user must belong to same tenant
160
+ if (userTenantId !== escalation.tenantId) {
161
+ apiLogger.warn({ userId, escalationId, userTenantId, escalationTenantId: escalation.tenantId }, 'Authorization denied: tenant mismatch');
162
+ return { allowed: false, reason: 'Escalation belongs to different tenant' };
163
+ }
164
+ // Admin override - roles in JWT are signed by auth server, so we trust them
165
+ // Note: For highest security, admin roles could also be verified against database
166
+ const roles = user.roles ?? [];
167
+ if (roles.includes('admin') || roles.includes('tenant:admin') || roles.includes('escalation:admin')) {
168
+ apiLogger.info({ userId, escalationId, authMethod: 'admin_role' }, 'Authorization granted: admin role');
169
+ return { allowed: true, authMethod: 'admin_role' };
170
+ }
171
+ // escalatedTo can be a user ID, role, or group name
172
+ const escalatedTo = escalation.escalatedTo;
173
+ // Direct user match - if escalation was assigned directly to this user
174
+ if (userId && escalatedTo === userId) {
175
+ apiLogger.info({ userId, escalationId, authMethod: 'direct_assignment' }, 'Authorization granted: direct user assignment');
176
+ return { allowed: true, authMethod: 'direct_assignment' };
177
+ }
178
+ // Check if user is explicitly assigned as an approver for this escalation
179
+ // This is a database check, not trusting JWT claims
180
+ if (userId) {
181
+ try {
182
+ const approverResult = await isAssignedApprover(escalationId, userId, userTenantId);
183
+ if (approverResult.isApprover) {
184
+ apiLogger.info({ userId, escalationId, authMethod: 'explicit_approver', assignedAt: approverResult.assignedAt }, 'Authorization granted: explicitly assigned approver');
185
+ return { allowed: true, authMethod: 'explicit_approver' };
186
+ }
187
+ }
188
+ catch (error) {
189
+ apiLogger.error({ error, userId, escalationId }, 'Error checking explicit approver assignment');
190
+ // Continue to other checks - don't fail open, but don't fail closed on DB errors
191
+ }
192
+ }
193
+ // SECURITY FIX: Verify group membership against database, NOT JWT claims
194
+ // The old code trusted user.groups from JWT which attackers could manipulate
195
+ if (userId) {
196
+ try {
197
+ const groupResult = await verifyGroupMembership(userId, escalatedTo, userTenantId);
198
+ if (groupResult.isMember) {
199
+ apiLogger.info({ userId, escalationId, groupName: escalatedTo, authMethod: 'verified_group_membership', source: groupResult.source }, 'Authorization granted: verified group membership');
200
+ return { allowed: true, authMethod: 'verified_group_membership' };
201
+ }
202
+ }
203
+ catch (error) {
204
+ apiLogger.error({ error, userId, escalationId, groupName: escalatedTo }, 'Error verifying group membership');
205
+ // Continue to denial - fail closed on DB errors for security
206
+ }
207
+ }
208
+ // Note: We no longer trust JWT group claims (user.groups) for authorization
209
+ // The following code has been removed as it was the source of the vulnerability:
210
+ // if (groups.includes(escalatedTo)) { return { allowed: true }; }
211
+ // Note: Generic approver roles are also no longer trusted from JWT
212
+ // If approver roles are needed, they should be verified against the database
213
+ // The following code has been removed:
214
+ // if (roles.includes('approver') || roles.includes('tenant:approver')) { return { allowed: true }; }
215
+ apiLogger.warn({ userId, escalationId, escalatedTo }, 'Authorization denied: no valid authorization method found');
216
+ return {
217
+ allowed: false,
218
+ reason: `User not authorized to resolve escalation (escalatedTo: ${escalatedTo}). Authorization requires: admin role, explicit approver assignment, or verified group membership.`,
219
+ };
220
+ }
221
+ const dlqRetryParamsSchema = z.object({
222
+ jobId: z.string(),
223
+ });
224
+ // ========== Audit Schemas ==========
225
+ const auditIdParamsSchema = z.object({
226
+ id: z.string().uuid(),
227
+ });
228
+ const auditQuerySchema = z.object({
229
+ eventType: z.string().optional(),
230
+ eventCategory: z.enum(['intent', 'policy', 'escalation', 'authentication', 'authorization', 'data', 'system', 'admin']).optional(),
231
+ severity: z.enum(['info', 'warning', 'error', 'critical']).optional(),
232
+ actorId: z.string().uuid().optional(),
233
+ targetId: z.string().uuid().optional(),
234
+ targetType: z.enum(['intent', 'policy', 'escalation', 'entity', 'tenant', 'user', 'system']).optional(),
235
+ startTime: z.string().datetime().optional(),
236
+ endTime: z.string().datetime().optional(),
237
+ limit: z.coerce.number().int().min(1).max(1000).optional(),
238
+ offset: z.coerce.number().int().min(0).optional(),
239
+ });
240
+ const auditTargetParamsSchema = z.object({
241
+ targetType: z.enum(['intent', 'policy', 'escalation', 'entity', 'tenant', 'user', 'system']),
242
+ targetId: z.string().uuid(),
243
+ });
244
+ const auditTargetQuerySchema = z.object({
245
+ limit: z.coerce.number().int().min(1).max(1000).optional(),
246
+ offset: z.coerce.number().int().min(0).optional(),
247
+ });
248
+ const auditTraceParamsSchema = z.object({
249
+ traceId: z.string(),
250
+ });
251
+ const auditStatsQuerySchema = z.object({
252
+ startTime: z.string().datetime().optional(),
253
+ endTime: z.string().datetime().optional(),
254
+ });
255
+ const auditVerifyBodySchema = z.object({
256
+ startSequence: z.number().int().min(0).optional(),
257
+ limit: z.number().int().min(1).max(100000).optional(),
258
+ });
259
+ // ========== Policy Schemas ==========
260
+ const policyIdParamsSchema = z.object({
261
+ id: z.string().uuid(),
262
+ });
263
+ const policyListQuerySchema = z.object({
264
+ namespace: z.string().optional(),
265
+ status: z
266
+ .string()
267
+ .refine((value) => POLICY_STATUSES.includes(value), {
268
+ message: 'Invalid policy status',
269
+ })
270
+ .optional(),
271
+ limit: z.coerce.number().int().min(1).max(100).optional(),
272
+ offset: z.coerce.number().int().min(0).optional(),
273
+ });
274
+ const policyCreateBodySchema = z.object({
275
+ name: z.string().min(1).max(255),
276
+ description: z.string().max(1000).optional(),
277
+ namespace: z.string().min(1).max(100).optional(),
278
+ definition: z.object({
279
+ version: z.literal('1.0'),
280
+ target: z.object({
281
+ intentTypes: z.array(z.string()).optional(),
282
+ entityTypes: z.array(z.string()).optional(),
283
+ trustLevels: z.array(z.number().int().min(0).max(4)).optional(),
284
+ namespaces: z.array(z.string()).optional(),
285
+ }).optional(),
286
+ rules: z.array(z.object({
287
+ id: z.string(),
288
+ name: z.string(),
289
+ description: z.string().optional(),
290
+ priority: z.number().int(),
291
+ enabled: z.boolean(),
292
+ when: z.unknown(), // Complex nested condition validation handled by PolicyService
293
+ then: z.object({
294
+ action: z.enum(['allow', 'deny', 'escalate', 'limit', 'monitor', 'terminate']),
295
+ reason: z.string().optional(),
296
+ escalation: z.object({
297
+ to: z.string(),
298
+ timeout: z.string(),
299
+ requireJustification: z.boolean().optional(),
300
+ autoDenyOnTimeout: z.boolean().optional(),
301
+ }).optional(),
302
+ constraints: z.record(z.unknown()).optional(),
303
+ }),
304
+ })),
305
+ defaultAction: z.enum(['allow', 'deny', 'escalate', 'limit', 'monitor', 'terminate']),
306
+ defaultReason: z.string().optional(),
307
+ metadata: z.record(z.unknown()).optional(),
308
+ }),
309
+ metadata: z.record(z.unknown()).optional(),
310
+ });
311
+ const policyUpdateBodySchema = z.object({
312
+ description: z.string().max(1000).optional(),
313
+ definition: policyCreateBodySchema.shape.definition.optional(),
314
+ changeSummary: z.string().max(500).optional(),
315
+ });
316
+ // ========== Webhook Schemas ==========
317
+ const WEBHOOK_EVENT_TYPES = [
318
+ 'escalation.created',
319
+ 'escalation.approved',
320
+ 'escalation.rejected',
321
+ 'escalation.timeout',
322
+ 'intent.approved',
323
+ 'intent.denied',
324
+ 'intent.completed',
325
+ ];
326
+ const webhookCreateBodySchema = z.object({
327
+ url: z.string().url(),
328
+ secret: z.string().min(16).max(256).optional(),
329
+ events: z.array(z.string().refine((value) => WEBHOOK_EVENT_TYPES.includes(value), {
330
+ message: 'Invalid webhook event type',
331
+ })).min(1),
332
+ enabled: z.boolean().optional().default(true),
333
+ });
334
+ const webhookIdParamsSchema = z.object({
335
+ id: z.string().uuid(),
336
+ });
337
+ const webhookDeliveriesQuerySchema = z.object({
338
+ limit: z.coerce.number().int().min(1).max(100).optional(),
339
+ });
340
+ // ========== Token Revocation Schemas ==========
341
+ const userIdParamsSchema = z.object({
342
+ userId: z.string().uuid(),
343
+ });
344
+ /**
345
+ * Extract and verify tenant ID from JWT token.
346
+ *
347
+ * SECURITY: This function verifies that the user (sub claim) is actually a member
348
+ * of the tenant specified in the tenantId claim. This prevents cross-tenant data
349
+ * exposure attacks where an attacker modifies JWT claims to access other tenants' data.
350
+ *
351
+ * @param request - The Fastify request object
352
+ * @returns The verified tenant ID
353
+ * @throws ForbiddenError if tenant context is missing or user is not a member
354
+ */
355
+ async function getTenantId(request) {
356
+ const payload = await request.jwtVerify();
357
+ if (!payload.tenantId) {
358
+ throw new ForbiddenError('Tenant context missing from token');
359
+ }
360
+ if (!payload.sub) {
361
+ throw new ForbiddenError('User identifier missing from token');
362
+ }
363
+ // CRITICAL SECURITY CHECK: Verify user is actually a member of the claimed tenant
364
+ // This prevents attackers from modifying JWT tenantId claims to access other tenants' data
365
+ await requireTenantMembership(payload.sub, payload.tenantId);
366
+ return payload.tenantId;
367
+ }
368
+ /**
369
+ * Get secure TenantContext from request JWT.
370
+ *
371
+ * SECURITY: This creates a validated TenantContext from JWT claims.
372
+ * The tenant ID can ONLY come from the verified JWT, never from request body.
373
+ *
374
+ * @param request - The Fastify request object
375
+ * @returns Validated TenantContext
376
+ * @throws Error if authentication is required but missing
377
+ */
378
+ async function getSecureTenantContext(request) {
379
+ const payload = await request.jwtVerify();
380
+ // Support both 'tenantId' and 'tid' claims for flexibility
381
+ const tenantId = payload.tenantId ?? payload.tid;
382
+ if (!payload.sub || !tenantId) {
383
+ throw new ForbiddenError('Tenant context missing from token');
384
+ }
385
+ // Verify user is a member of the claimed tenant
386
+ await requireTenantMembership(payload.sub, tenantId);
387
+ // Create TenantContext from validated JWT
388
+ return createTenantContext({
389
+ sub: payload.sub,
390
+ tid: tenantId,
391
+ roles: payload.roles ?? [],
392
+ permissions: payload.permissions ?? [],
393
+ iat: payload.iat ?? Math.floor(Date.now() / 1000),
394
+ exp: payload.exp ?? Math.floor(Date.now() / 1000) + 3600,
395
+ }, { traceId: request.id });
396
+ }
397
+ /**
398
+ * Create and configure the API server
399
+ */
400
+ export async function createServer() {
401
+ const config = getConfig();
402
+ const server = Fastify({
403
+ loggerInstance: logger,
404
+ requestIdHeader: 'x-request-id',
405
+ requestIdLogLabel: 'requestId',
406
+ // Enforce body size limit at HTTP layer (matches schema validation limit)
407
+ bodyLimit: PAYLOAD_LIMITS.MAX_PAYLOAD_SIZE_BYTES,
408
+ });
409
+ await server.register(fastifyJwt, {
410
+ secret: config.jwt.secret,
411
+ });
412
+ // Register plugins
413
+ await server.register(cors, {
414
+ origin: config.env === 'production' ? false : config.cors.allowedOrigins,
415
+ credentials: true,
416
+ });
417
+ await server.register(helmet, {
418
+ contentSecurityPolicy: config.env === 'production',
419
+ });
420
+ // Static file serving for Swagger UI assets
421
+ // Serves files from public/ directory (e.g., /swagger/swagger-ui.css)
422
+ // Use process.cwd() since public is always at the project root
423
+ const publicRoot = join(process.cwd(), 'public');
424
+ await server.register(fastifyStatic, {
425
+ root: publicRoot,
426
+ prefix: '/',
427
+ decorateReply: false, // Don't add sendFile to reply (avoid conflicts)
428
+ // Apply security headers to static files
429
+ setHeaders: (res) => {
430
+ res.setHeader('X-Content-Type-Options', 'nosniff');
431
+ res.setHeader('X-Frame-Options', 'DENY');
432
+ res.setHeader('X-XSS-Protection', '1; mode=block');
433
+ res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
434
+ // Cache static assets for 1 day, with revalidation
435
+ res.setHeader('Cache-Control', 'public, max-age=86400, must-revalidate');
436
+ },
437
+ });
438
+ await server.register(rateLimit, {
439
+ max: config.api.rateLimit,
440
+ timeWindow: '1 minute',
441
+ });
442
+ // API metrics middleware - collects request duration, size, and error metrics
443
+ await server.register(metricsMiddleware, {
444
+ excludeRoutes: ['/health', '/ready', '/live', '/metrics', '/scheduler'],
445
+ collectRequestSize: true,
446
+ collectResponseSize: true,
447
+ });
448
+ apiLogger.info('API metrics middleware enabled');
449
+ // Start memory metrics collection
450
+ startMemoryMetricsCollection(10000); // Collect every 10 seconds
451
+ // CSRF Protection middleware
452
+ // Only enabled if csrf.enabled is true and a secret is configured
453
+ if (config.csrf.enabled) {
454
+ try {
455
+ // Generate or use configured secret
456
+ const csrfSecret = config.csrf.secret ?? process.env['VORION_CSRF_SECRET'];
457
+ if (csrfSecret && csrfSecret.length >= 32) {
458
+ const csrfProtection = new CSRFProtection({
459
+ secret: csrfSecret,
460
+ cookieName: config.csrf.cookieName,
461
+ headerName: config.csrf.headerName,
462
+ tokenTTL: config.csrf.tokenTTL,
463
+ excludePaths: config.csrf.excludePaths,
464
+ excludeMethods: config.csrf.excludeMethods,
465
+ cookieOptions: {
466
+ secure: config.env === 'production',
467
+ httpOnly: true,
468
+ sameSite: 'strict',
469
+ path: '/',
470
+ maxAge: Math.floor(config.csrf.tokenTTL / 1000), // Convert ms to seconds
471
+ },
472
+ });
473
+ server.addHook('preHandler', csrfProtection.createMiddleware());
474
+ apiLogger.info({
475
+ cookieName: config.csrf.cookieName,
476
+ headerName: config.csrf.headerName,
477
+ excludePaths: config.csrf.excludePaths,
478
+ excludeMethods: config.csrf.excludeMethods,
479
+ }, 'CSRF protection enabled');
480
+ }
481
+ else {
482
+ apiLogger.warn('CSRF protection enabled but no valid secret configured - CSRF middleware not registered');
483
+ }
484
+ }
485
+ catch (error) {
486
+ apiLogger.error({ error: error instanceof Error ? error.message : 'Unknown error' }, 'Failed to initialize CSRF protection');
487
+ }
488
+ }
489
+ else {
490
+ apiLogger.info('CSRF protection disabled by configuration');
491
+ }
492
+ // Trace context hook - extract or create trace context for each request
493
+ // Store trace context on request for later use
494
+ server.decorateRequest('traceContext', null);
495
+ server.addHook('onRequest', async (request, reply) => {
496
+ // Extract trace context from incoming headers or create new one
497
+ const headers = request.headers;
498
+ const extractedContext = extractTraceFromHeaders(headers);
499
+ const traceContext = extractedContext ?? createTraceContext();
500
+ // Store on request for later use
501
+ request.traceContext = traceContext;
502
+ // Add trace ID to reply headers for correlation
503
+ reply.header('x-trace-id', traceContext.traceId);
504
+ reply.header('traceparent', traceContext.traceparent);
505
+ });
506
+ // Content-Type validation for POST/PUT/PATCH requests
507
+ server.addHook('preHandler', async (request, reply) => {
508
+ const method = request.method.toUpperCase();
509
+ if (['POST', 'PUT', 'PATCH'].includes(method)) {
510
+ const contentType = request.headers['content-type'];
511
+ const hasBody = request.body !== undefined && request.body !== null;
512
+ if (hasBody && (!contentType || !contentType.includes('application/json'))) {
513
+ return reply.status(415).send({
514
+ error: {
515
+ code: 'UNSUPPORTED_MEDIA_TYPE',
516
+ message: 'Content-Type must be application/json',
517
+ },
518
+ });
519
+ }
520
+ }
521
+ });
522
+ // X-API-Version header on all responses
523
+ server.addHook('onSend', async (_request, reply) => {
524
+ reply.header('X-API-Version', 'v1');
525
+ });
526
+ // Graceful shutdown hooks - track active requests and reject new ones during shutdown
527
+ // This must run after trace context hook but before route handlers
528
+ server.addHook('onRequest', shutdownRequestHook);
529
+ server.addHook('onResponse', shutdownResponseHook);
530
+ // Standardized error handler - maps VorionError, ZodError, and Fastify errors
531
+ // to proper HTTP status codes and structured error responses
532
+ server.setErrorHandler(createStandardErrorHandler(config.env));
533
+ // ==========================================================================
534
+ // Global Health Endpoints
535
+ // ==========================================================================
536
+ /**
537
+ * Global liveness check endpoint - Kubernetes livenessProbe
538
+ *
539
+ * Returns detailed component status including:
540
+ * - Memory usage and uptime
541
+ * - INTENT module health
542
+ * - Process information
543
+ *
544
+ * Returns 503 during shutdown or if critical components unhealthy
545
+ */
546
+ server.get('/health', async (_request, reply) => {
547
+ const shuttingDown = isServerShuttingDown();
548
+ const activeRequests = getActiveRequestCount();
549
+ try {
550
+ const healthStatus = await globalHealthCheck(activeRequests, shuttingDown);
551
+ // Return 503 for shutdown or unhealthy status
552
+ const statusCode = healthStatus.status === 'shutting_down' || healthStatus.status === 'unhealthy'
553
+ ? 503
554
+ : 200;
555
+ // Add Retry-After header during shutdown
556
+ if (healthStatus.status === 'shutting_down') {
557
+ reply.header('Retry-After', '5');
558
+ }
559
+ return reply.status(statusCode).send(healthStatus);
560
+ }
561
+ catch (error) {
562
+ apiLogger.warn({ error: error instanceof Error ? error.message : 'Unknown error' }, 'Global health check failed');
563
+ return reply.status(503).send({
564
+ status: 'unhealthy',
565
+ version: process.env['npm_package_version'] || '0.0.0',
566
+ environment: config.env,
567
+ error: error instanceof Error ? error.message : 'Unknown error',
568
+ timestamp: new Date().toISOString(),
569
+ });
570
+ }
571
+ });
572
+ /**
573
+ * Global readiness check endpoint - Kubernetes readinessProbe
574
+ *
575
+ * Checks all dependencies with timeouts:
576
+ * - Database connectivity and latency
577
+ * - Redis connectivity and latency
578
+ * - Queue health and job counts
579
+ * - INTENT module readiness (policies, queues)
580
+ *
581
+ * Returns structured response with component-level status
582
+ * Returns 503 if any critical component is unhealthy
583
+ */
584
+ server.get('/ready', async (_request, reply) => {
585
+ try {
586
+ const readinessStatus = await globalReadinessCheck();
587
+ // Return 503 for non-ready status
588
+ const statusCode = readinessStatus.status === 'ready' ? 200 : 503;
589
+ return reply.status(statusCode).send(readinessStatus);
590
+ }
591
+ catch (error) {
592
+ const errorMessage = error instanceof Error ? error.message : 'Unknown error';
593
+ apiLogger.warn({ error: errorMessage }, 'Global readiness check failed');
594
+ return reply.status(503).send({
595
+ status: 'unhealthy',
596
+ checks: {
597
+ database: { status: 'error', error: errorMessage },
598
+ redis: { status: 'error', error: errorMessage },
599
+ queues: { status: 'error', error: errorMessage },
600
+ intent: { status: 'error', error: errorMessage },
601
+ },
602
+ error: errorMessage,
603
+ timestamp: new Date().toISOString(),
604
+ });
605
+ }
606
+ });
607
+ // Metrics endpoint (Prometheus format)
608
+ server.get('/metrics', async (_request, reply) => {
609
+ const metrics = await getMetrics();
610
+ return reply
611
+ .header('Content-Type', getMetricsContentType())
612
+ .send(metrics);
613
+ });
614
+ // Scheduler status (no auth required for health monitoring)
615
+ server.get('/scheduler', async () => {
616
+ const schedulerStatus = getSchedulerStatus();
617
+ return {
618
+ status: schedulerStatus.isLeader ? 'leader' : 'standby',
619
+ isLeader: schedulerStatus.isLeader,
620
+ instanceId: schedulerStatus.instanceId,
621
+ tasks: schedulerStatus.tasks,
622
+ timestamp: new Date().toISOString(),
623
+ };
624
+ });
625
+ // ==========================================================================
626
+ // INTENT Module Health Endpoints (auto-registered at startup)
627
+ // ==========================================================================
628
+ /**
629
+ * INTENT module liveness check - Kubernetes livenessProbe for INTENT service
630
+ *
631
+ * Minimal self-check that returns quickly. Only fails if process is deadlocked.
632
+ * No external dependencies are checked.
633
+ */
634
+ server.get(`${config.api.basePath}/intent/health`, async (_request, reply) => {
635
+ const result = await intentLivenessCheck();
636
+ const statusCode = result.alive ? 200 : 503;
637
+ return reply.status(statusCode).send({
638
+ status: result.alive ? 'healthy' : 'unhealthy',
639
+ module: 'intent',
640
+ alive: result.alive,
641
+ timestamp: new Date().toISOString(),
642
+ });
643
+ });
644
+ /**
645
+ * INTENT module readiness check - Kubernetes readinessProbe for INTENT service
646
+ *
647
+ * Checks INTENT-specific dependencies:
648
+ * - Queue connectivity and health
649
+ * - Policy loader availability
650
+ *
651
+ * Returns 503 if INTENT module cannot handle requests
652
+ */
653
+ server.get(`${config.api.basePath}/intent/ready`, async (_request, reply) => {
654
+ const healthStatus = await intentModuleReadinessCheck();
655
+ const statusCode = healthStatus.status === 'healthy' ? 200 : 503;
656
+ return reply.status(statusCode).send({
657
+ ...healthStatus,
658
+ module: 'intent',
659
+ });
660
+ });
661
+ apiLogger.info({ healthEndpoint: '/health', readyEndpoint: '/ready', intentHealth: `${config.api.basePath}/intent/health`, intentReady: `${config.api.basePath}/intent/ready` }, 'Health check endpoints auto-registered');
662
+ // ==========================================================================
663
+ // API Versioning
664
+ // ==========================================================================
665
+ // TODO: Versioning plugin planned but not yet implemented
666
+ // await server.register(versioningPlugin, {
667
+ // defaultVersion: CURRENT_VERSION,
668
+ // includeDeprecationHeaders: true,
669
+ // basePath: '/api',
670
+ // });
671
+ const CURRENT_VERSION = 'v1';
672
+ const getVersionedPrefix = (v) => `/api/${v}`;
673
+ apiLogger.info({ currentVersion: CURRENT_VERSION, versionedPrefix: getVersionedPrefix(CURRENT_VERSION) }, 'API versioning enabled');
674
+ // ==========================================================================
675
+ // API Key Enforcement
676
+ // ==========================================================================
677
+ // Register API key enforcement plugin to enable API key authentication
678
+ // alongside JWT-based auth. This enforces rate limits from API keys and
679
+ // validates scopes based on route configuration.
680
+ await server.register(apiKeyEnforcementPlugin, {
681
+ defaultAuth: 'jwt_or_api_key',
682
+ enforceRateLimit: true,
683
+ logAuthDecisions: config.env !== 'production',
684
+ skipPaths: ['/health', '/ready', '/metrics', '/scheduler'],
685
+ });
686
+ apiLogger.info('API key enforcement enabled');
687
+ // ==========================================================================
688
+ // Versioned API Routes (v1)
689
+ // ==========================================================================
690
+ // Register v1 routes under /api/v1 prefix
691
+ server.register(async (v1Api) => {
692
+ // Token revocation check hook for v1 routes
693
+ // This hook only applies to JWT-authenticated requests.
694
+ // API key authenticated requests are handled by the API key enforcement plugin.
695
+ v1Api.addHook('preHandler', async (request, reply) => {
696
+ // Skip token revocation for logout endpoint
697
+ if (request.url.endsWith('/auth/logout')) {
698
+ return;
699
+ }
700
+ // Skip token revocation check for API key authenticated requests
701
+ // API keys have their own revocation mechanism handled by the API key service
702
+ if (request.authMethod === 'api_key') {
703
+ tokenRevocationChecks.inc({ result: 'api_key_auth' });
704
+ return;
705
+ }
706
+ // Skip for unauthenticated routes (handled by API key enforcement plugin)
707
+ if (request.authMethod === 'none') {
708
+ return;
709
+ }
710
+ try {
711
+ const payload = await request.jwtVerify();
712
+ const jtiValidation = validateJti(payload, config);
713
+ if (!jtiValidation.valid) {
714
+ tokenRevocationChecks.inc({ result: 'missing_jti' });
715
+ return reply.status(401).send({
716
+ error: { code: 'TOKEN_INVALID', message: jtiValidation.error },
717
+ });
718
+ }
719
+ if (!jtiValidation.jti) {
720
+ tokenRevocationChecks.inc({ result: 'missing_jti' });
721
+ return;
722
+ }
723
+ const isTokenRevoked = await tokenRevocationService.isRevoked(jtiValidation.jti);
724
+ if (isTokenRevoked) {
725
+ tokenRevocationChecks.inc({ result: 'revoked' });
726
+ apiLogger.info({ jti: jtiValidation.jti }, 'Revoked token used');
727
+ return reply.status(401).send({
728
+ error: { code: 'TOKEN_REVOKED', message: 'Token has been revoked' },
729
+ });
730
+ }
731
+ if (payload.sub && payload.iat) {
732
+ const issuedAt = new Date(payload.iat * 1000);
733
+ const isUserRevoked = await tokenRevocationService.isUserTokenRevoked(payload.sub, issuedAt);
734
+ if (isUserRevoked) {
735
+ tokenRevocationChecks.inc({ result: 'revoked' });
736
+ apiLogger.info({ userId: payload.sub, issuedAt: issuedAt.toISOString() }, 'User token revoked (all tokens for user)');
737
+ return reply.status(401).send({
738
+ error: { code: 'TOKEN_REVOKED', message: 'Token has been revoked' },
739
+ });
740
+ }
741
+ }
742
+ tokenRevocationChecks.inc({ result: 'valid' });
743
+ }
744
+ catch (error) {
745
+ // If JWT verification fails but request is already authenticated via API key,
746
+ // this is expected - don't throw
747
+ // Note: TypeScript flow analysis may not recognize this check is valid
748
+ const authMethod = request.authMethod;
749
+ if (authMethod === 'api_key') {
750
+ return;
751
+ }
752
+ throw error;
753
+ }
754
+ });
755
+ // TODO: v1 routes plugin planned but not yet implemented
756
+ // await v1Api.register(v1RoutesPlugin);
757
+ }, { prefix: getVersionedPrefix(CURRENT_VERSION) });
758
+ apiLogger.info('API v1 routes registered');
759
+ // ==========================================================================
760
+ // Backward Compatibility (Legacy Unversioned Routes)
761
+ // ==========================================================================
762
+ // TODO: Backward compatibility plugin planned but not yet implemented
763
+ // await server.register(backwardCompatPlugin, {
764
+ // enableRedirects: true,
765
+ // logLegacyUsage: true,
766
+ // redirectStatusCode: 307,
767
+ // legacyBasePath: '/api',
768
+ // });
769
+ apiLogger.info('API routes registered (backward compat pending)');
770
+ // ==========================================================================
771
+ // Legacy API Routes (kept for reference, will be removed in future versions)
772
+ // ==========================================================================
773
+ // API routes (legacy - these are now also available under /api/v1)
774
+ server.register(async (api) => {
775
+ // Token revocation check hook - runs after JWT verification
776
+ // This hook only applies to JWT-authenticated requests.
777
+ // API key authenticated requests are handled by the API key enforcement plugin.
778
+ api.addHook('preHandler', async (request, reply) => {
779
+ // Skip revocation check for logout endpoint (allow logout with revoked token)
780
+ if (request.url.endsWith('/auth/logout')) {
781
+ return;
782
+ }
783
+ // Skip token revocation check for API key authenticated requests
784
+ // API keys have their own revocation mechanism handled by the API key service
785
+ if (request.authMethod === 'api_key') {
786
+ tokenRevocationChecks.inc({ result: 'api_key_auth' });
787
+ return;
788
+ }
789
+ // Skip for unauthenticated routes (handled by API key enforcement plugin)
790
+ if (request.authMethod === 'none') {
791
+ return;
792
+ }
793
+ try {
794
+ // First verify JWT to get payload
795
+ const payload = await request.jwtVerify();
796
+ // Validate jti claim
797
+ const jtiValidation = validateJti(payload, config);
798
+ if (!jtiValidation.valid) {
799
+ tokenRevocationChecks.inc({ result: 'missing_jti' });
800
+ return reply.status(401).send({
801
+ error: { code: 'TOKEN_INVALID', message: jtiValidation.error },
802
+ });
803
+ }
804
+ // If no jti, skip revocation check (handled by validateJti based on config)
805
+ if (!jtiValidation.jti) {
806
+ tokenRevocationChecks.inc({ result: 'missing_jti' });
807
+ return;
808
+ }
809
+ // Check if the specific token is revoked
810
+ const isTokenRevoked = await tokenRevocationService.isRevoked(jtiValidation.jti);
811
+ if (isTokenRevoked) {
812
+ tokenRevocationChecks.inc({ result: 'revoked' });
813
+ apiLogger.info({ jti: jtiValidation.jti }, 'Revoked token used');
814
+ return reply.status(401).send({
815
+ error: { code: 'TOKEN_REVOKED', message: 'Token has been revoked' },
816
+ });
817
+ }
818
+ // Check if all user tokens issued before a certain time are revoked
819
+ if (payload.sub && payload.iat) {
820
+ const issuedAt = new Date(payload.iat * 1000);
821
+ const isUserRevoked = await tokenRevocationService.isUserTokenRevoked(payload.sub, issuedAt);
822
+ if (isUserRevoked) {
823
+ tokenRevocationChecks.inc({ result: 'revoked' });
824
+ apiLogger.info({ userId: payload.sub, issuedAt: issuedAt.toISOString() }, 'User token revoked (all tokens for user)');
825
+ return reply.status(401).send({
826
+ error: { code: 'TOKEN_REVOKED', message: 'Token has been revoked' },
827
+ });
828
+ }
829
+ }
830
+ tokenRevocationChecks.inc({ result: 'valid' });
831
+ }
832
+ catch (error) {
833
+ // If JWT verification fails but request is already authenticated via API key,
834
+ // this is expected - don't throw
835
+ // Note: TypeScript flow analysis may not recognize this check is valid
836
+ const authMethod = request.authMethod;
837
+ if (authMethod === 'api_key') {
838
+ return;
839
+ }
840
+ // JWT verification failed - let Fastify handle JWT errors
841
+ throw error;
842
+ }
843
+ });
844
+ // ========== Auth Routes ==========
845
+ // Logout - revoke current token
846
+ api.post('/auth/logout', async (request, reply) => {
847
+ try {
848
+ const payload = await request.jwtVerify();
849
+ if (!payload.jti) {
850
+ apiLogger.warn('Logout attempted with token missing jti claim');
851
+ // Still return success - logout is idempotent
852
+ return reply.send({ message: 'Logged out successfully' });
853
+ }
854
+ if (!payload.exp) {
855
+ apiLogger.warn({ jti: payload.jti }, 'Logout attempted with token missing exp claim');
856
+ // Use default TTL of 1 hour if exp missing
857
+ const expiresAt = new Date(Date.now() + 60 * 60 * 1000);
858
+ await tokenRevocationService.revokeToken(payload.jti, expiresAt);
859
+ }
860
+ else {
861
+ const expiresAt = new Date(payload.exp * 1000);
862
+ await tokenRevocationService.revokeToken(payload.jti, expiresAt);
863
+ }
864
+ // Record audit event
865
+ if (payload.tenantId && payload.sub) {
866
+ await recordTokenRevocationAudit(payload.tenantId, payload.sub, 'token.revoked', {
867
+ type: 'user',
868
+ id: payload.sub,
869
+ ip: request.ip,
870
+ }, { jti: payload.jti, reason: 'logout' });
871
+ }
872
+ apiLogger.info({ jti: payload.jti, userId: payload.sub }, 'User logged out');
873
+ return reply.send({ message: 'Logged out successfully' });
874
+ }
875
+ catch (error) {
876
+ // If JWT verification fails, user is effectively "logged out"
877
+ apiLogger.warn({ error }, 'Logout with invalid token');
878
+ return reply.send({ message: 'Logged out successfully' });
879
+ }
880
+ });
881
+ // Intent routes - using standardized API response envelope
882
+ api.post('/intents', async (request, reply) => {
883
+ const ctx = await getSecureTenantContext(request);
884
+ const body = intentSubmissionSchema.parse(request.body ?? {});
885
+ const intent = await intentService.submit(body, { ctx });
886
+ // Use sendSuccess with ACCEPTED status for async processing
887
+ return sendSuccess(reply, intent, HttpStatus.ACCEPTED, request);
888
+ });
889
+ /**
890
+ * Bulk create intents for batch processing efficiency.
891
+ *
892
+ * This endpoint allows submitting multiple intents in a single request.
893
+ * Each intent in the batch is processed individually, and the response
894
+ * includes details about successful and failed items.
895
+ *
896
+ * Rate limiting:
897
+ * - Separate rate limit for bulk operations (10 requests per minute by default)
898
+ * - This is lower than single intent submissions to prevent abuse
899
+ * - Each bulk request counts as 1 request regardless of item count
900
+ *
901
+ * Response status codes:
902
+ * - 202 Accepted: All items processed successfully
903
+ * - 207 Multi-Status: Some items succeeded, some failed
904
+ * - 400 Bad Request: All items failed
905
+ *
906
+ * @param intents - Array of 1-100 intent submissions
907
+ * @param options - Optional processing options (stopOnError, returnPartial)
908
+ */
909
+ api.post('/intents/bulk', {
910
+ config: {
911
+ rateLimit: {
912
+ max: config.api.bulkRateLimit ?? 10, // Default: 10 bulk requests per minute
913
+ timeWindow: '1 minute',
914
+ },
915
+ },
916
+ }, async (request, reply) => {
917
+ const ctx = await getSecureTenantContext(request);
918
+ const body = bulkIntentSubmissionSchema.parse(request.body ?? {});
919
+ const result = await intentService.submitBulk(body.intents, {
920
+ ctx,
921
+ stopOnError: body.options?.stopOnError ?? false,
922
+ });
923
+ // Determine appropriate HTTP status code:
924
+ // - 202 Accepted: All items processed successfully
925
+ // - 207 Multi-Status: Partial success (some succeeded, some failed)
926
+ // - 400 Bad Request: All items failed
927
+ let status;
928
+ if (result.stats.failed === 0) {
929
+ status = HttpStatus.ACCEPTED;
930
+ }
931
+ else if (result.stats.succeeded > 0) {
932
+ status = 207; // Multi-Status
933
+ }
934
+ else {
935
+ status = HttpStatus.BAD_REQUEST;
936
+ }
937
+ return reply.status(status).send({
938
+ data: result,
939
+ meta: {
940
+ requestId: request.id,
941
+ timestamp: new Date().toISOString(),
942
+ },
943
+ });
944
+ });
945
+ api.get('/intents/:id', async (request, reply) => {
946
+ const ctx = await getSecureTenantContext(request);
947
+ const params = intentIdParamsSchema.parse(request.params ?? {});
948
+ const result = await intentService.getWithEvents(ctx, params.id);
949
+ if (!result) {
950
+ // Use standardized not found response
951
+ return sendNotFound(reply, 'Intent', request);
952
+ }
953
+ // Use standardized success response
954
+ return sendSuccess(reply, {
955
+ ...result.intent,
956
+ events: result.events,
957
+ evaluations: result.evaluations ?? [],
958
+ }, HttpStatus.OK, request);
959
+ });
960
+ api.get('/intents', async (request, reply) => {
961
+ const ctx = await getSecureTenantContext(request);
962
+ const query = intentListQuerySchema.parse(request.query ?? {});
963
+ const listOptions = { ctx };
964
+ if (query.entityId)
965
+ listOptions.entityId = query.entityId;
966
+ if (query.status)
967
+ listOptions.status = query.status;
968
+ if (query.limit)
969
+ listOptions.limit = query.limit;
970
+ if (query.cursor)
971
+ listOptions.cursor = query.cursor;
972
+ const result = await intentService.list(listOptions);
973
+ // Use standardized cursor pagination response with PaginatedResult
974
+ return sendCursorPaginated(reply, result.items, {
975
+ nextCursor: result.nextCursor,
976
+ hasMore: result.hasMore,
977
+ }, request);
978
+ });
979
+ // Cancel an intent - using standardized API response envelope
980
+ api.post('/intents/:id/cancel', async (request, reply) => {
981
+ const ctx = await getSecureTenantContext(request);
982
+ const params = intentIdParamsSchema.parse(request.params ?? {});
983
+ const body = intentCancelBodySchema.parse(request.body ?? {});
984
+ const cancelledBy = request.user?.sub;
985
+ const intent = await intentService.cancel(params.id, {
986
+ ctx,
987
+ reason: body.reason,
988
+ cancelledBy,
989
+ });
990
+ if (!intent) {
991
+ // Use standardized error response
992
+ return sendError(reply, 'INTENT_NOT_FOUND_OR_NOT_CANCELLABLE', 'Intent not found or cannot be cancelled in current state', HttpStatus.NOT_FOUND, undefined, request);
993
+ }
994
+ return sendSuccess(reply, intent, HttpStatus.OK, request);
995
+ });
996
+ // Soft delete an intent (GDPR)
997
+ api.delete('/intents/:id', async (request, reply) => {
998
+ const ctx = await getSecureTenantContext(request);
999
+ const params = intentIdParamsSchema.parse(request.params ?? {});
1000
+ const intent = await intentService.delete(ctx, params.id);
1001
+ if (!intent) {
1002
+ return reply.status(404).send({
1003
+ error: { code: 'INTENT_NOT_FOUND', message: 'Intent not found' },
1004
+ });
1005
+ }
1006
+ return reply.status(204).send();
1007
+ });
1008
+ // Verify event chain integrity
1009
+ api.get('/intents/:id/verify', async (request, reply) => {
1010
+ const ctx = await getSecureTenantContext(request);
1011
+ const params = intentIdParamsSchema.parse(request.params ?? {});
1012
+ // First check intent exists
1013
+ const intent = await intentService.get(ctx, params.id);
1014
+ if (!intent) {
1015
+ return reply.status(404).send({
1016
+ error: { code: 'INTENT_NOT_FOUND', message: 'Intent not found' },
1017
+ });
1018
+ }
1019
+ const verification = await intentService.verifyEventChain(params.id);
1020
+ return reply.send(verification);
1021
+ });
1022
+ // Proof routes
1023
+ api.get('/proofs/:id', async (request, reply) => {
1024
+ const params = proofIdParamsSchema.parse(request.params ?? {});
1025
+ const proof = await proofService.get(params.id);
1026
+ if (!proof) {
1027
+ return reply.status(404).send({
1028
+ success: false,
1029
+ error: { code: 'PROOF_NOT_FOUND', message: 'Proof not found' },
1030
+ meta: { requestId: request.id, timestamp: new Date().toISOString() },
1031
+ });
1032
+ }
1033
+ return reply.send({
1034
+ success: true,
1035
+ data: {
1036
+ id: proof.id,
1037
+ intentId: proof.intentId,
1038
+ entityId: proof.entityId,
1039
+ chainPosition: proof.chainPosition,
1040
+ decision: proof.decision,
1041
+ inputs: proof.inputs,
1042
+ outputs: proof.outputs,
1043
+ hash: proof.hash,
1044
+ previousHash: proof.previousHash,
1045
+ signature: proof.signature,
1046
+ signatureData: proof.signatureData,
1047
+ createdAt: proof.createdAt,
1048
+ },
1049
+ meta: { requestId: request.id, timestamp: new Date().toISOString() },
1050
+ });
1051
+ });
1052
+ api.post('/proofs/:id/verify', async (request, reply) => {
1053
+ const params = proofIdParamsSchema.parse(request.params ?? {});
1054
+ const verificationResult = await proofService.verify(params.id);
1055
+ return reply.send({
1056
+ success: true,
1057
+ data: {
1058
+ valid: verificationResult.valid,
1059
+ proofId: verificationResult.proofId,
1060
+ chainPosition: verificationResult.chainPosition,
1061
+ issues: verificationResult.issues,
1062
+ verifiedAt: verificationResult.verifiedAt,
1063
+ },
1064
+ meta: { requestId: request.id, timestamp: new Date().toISOString() },
1065
+ });
1066
+ });
1067
+ // Trust routes
1068
+ api.get('/trust/:entityId', async (request, reply) => {
1069
+ const ctx = await getSecureTenantContext(request);
1070
+ const params = trustEntityIdParamsSchema.parse(request.params ?? {});
1071
+ const trustRecord = await trustEngine.getScore(params.entityId, ctx);
1072
+ if (!trustRecord) {
1073
+ return reply.status(404).send({
1074
+ success: false,
1075
+ error: { code: 'ENTITY_NOT_FOUND', message: 'Entity trust record not found' },
1076
+ meta: { requestId: request.id, timestamp: new Date().toISOString() },
1077
+ });
1078
+ }
1079
+ return reply.send({
1080
+ success: true,
1081
+ data: {
1082
+ entityId: trustRecord.entityId,
1083
+ score: trustRecord.score,
1084
+ level: trustRecord.level,
1085
+ tierName: TRUST_LEVEL_NAMES[trustRecord.level],
1086
+ components: trustRecord.components,
1087
+ decay: {
1088
+ applied: trustRecord.decayApplied,
1089
+ multiplier: trustRecord.decayMultiplier,
1090
+ baseScore: trustRecord.baseScore,
1091
+ nextMilestone: trustRecord.nextMilestone,
1092
+ },
1093
+ lastActivityAt: trustRecord.lastActivityAt,
1094
+ lastCalculatedAt: trustRecord.lastCalculatedAt,
1095
+ },
1096
+ meta: { requestId: request.id, timestamp: new Date().toISOString() },
1097
+ });
1098
+ });
1099
+ // Constraint routes
1100
+ api.post('/constraints/validate', async (request, reply) => {
1101
+ const body = constraintValidationBodySchema.parse(request.body ?? {});
1102
+ const validationResult = validateRule(body.rule);
1103
+ return reply.send({
1104
+ success: true,
1105
+ data: {
1106
+ valid: validationResult.valid,
1107
+ errors: validationResult.errors,
1108
+ rule: validationResult.valid ? {
1109
+ id: body.rule.id,
1110
+ name: body.rule.name,
1111
+ description: body.rule.description,
1112
+ priority: body.rule.priority ?? 100,
1113
+ enabled: body.rule.enabled ?? true,
1114
+ } : undefined,
1115
+ },
1116
+ meta: { requestId: request.id, timestamp: new Date().toISOString() },
1117
+ });
1118
+ });
1119
+ // ========== Escalation Routes ==========
1120
+ // List pending escalations for tenant
1121
+ api.get('/escalations', async (request, reply) => {
1122
+ const ctx = await getSecureTenantContext(request);
1123
+ const escalationsList = await escalationService.listPending(ctx);
1124
+ return reply.send({ data: escalationsList });
1125
+ });
1126
+ // Get escalation by ID
1127
+ api.get('/escalations/:id', async (request, reply) => {
1128
+ const ctx = await getSecureTenantContext(request);
1129
+ const params = escalationIdParamsSchema.parse(request.params ?? {});
1130
+ // Pass ctx for built-in tenant isolation
1131
+ const escalation = await escalationService.get(params.id, ctx);
1132
+ if (!escalation) {
1133
+ return reply.status(404).send({
1134
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'Escalation not found' },
1135
+ });
1136
+ }
1137
+ return reply.send(escalation);
1138
+ });
1139
+ // Get escalation for an intent
1140
+ api.get('/intents/:id/escalation', async (request, reply) => {
1141
+ const ctx = await getSecureTenantContext(request);
1142
+ const params = intentIdParamsSchema.parse(request.params ?? {});
1143
+ const intent = await intentService.get(ctx, params.id);
1144
+ if (!intent) {
1145
+ return reply.status(404).send({
1146
+ error: { code: 'INTENT_NOT_FOUND', message: 'Intent not found' },
1147
+ });
1148
+ }
1149
+ const escalation = await escalationService.getByIntentId(params.id, ctx);
1150
+ if (!escalation) {
1151
+ return reply.status(404).send({
1152
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'No escalation for this intent' },
1153
+ });
1154
+ }
1155
+ return reply.send(escalation);
1156
+ });
1157
+ // Acknowledge an escalation (SLA tracking)
1158
+ api.post('/escalations/:id/acknowledge', async (request, reply) => {
1159
+ const ctx = await getSecureTenantContext(request);
1160
+ const params = escalationIdParamsSchema.parse(request.params ?? {});
1161
+ const escalation = await escalationService.acknowledge(params.id, ctx);
1162
+ if (!escalation) {
1163
+ return reply.status(404).send({
1164
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'Escalation not found' },
1165
+ });
1166
+ }
1167
+ return reply.send(escalation);
1168
+ });
1169
+ // Approve an escalation
1170
+ api.post('/escalations/:id/approve', async (request, reply) => {
1171
+ const ctx = await getSecureTenantContext(request);
1172
+ const tenantIdStr = extractTenantId(ctx);
1173
+ const params = escalationIdParamsSchema.parse(request.params ?? {});
1174
+ const body = escalationResolveBodySchema.parse(request.body ?? {});
1175
+ const user = request.user;
1176
+ // First get the escalation to check authorization
1177
+ const escalationToCheck = await escalationService.get(params.id, ctx);
1178
+ if (!escalationToCheck) {
1179
+ return reply.status(404).send({
1180
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'Escalation not found' },
1181
+ });
1182
+ }
1183
+ // Authorization check - now async with database verification
1184
+ const authResult = await canResolveEscalation(user, escalationToCheck, tenantIdStr);
1185
+ if (!authResult.allowed) {
1186
+ apiLogger.warn({ escalationId: params.id, userId: user.sub, reason: authResult.reason }, 'Unauthorized escalation approval attempt');
1187
+ return reply.status(403).send({
1188
+ error: {
1189
+ code: 'FORBIDDEN',
1190
+ message: authResult.reason ?? 'Not authorized to approve this escalation',
1191
+ },
1192
+ });
1193
+ }
1194
+ const resolveOptions = body.notes
1195
+ ? { notes: body.notes }
1196
+ : undefined;
1197
+ const escalation = await escalationService.approve(params.id, ctx, resolveOptions);
1198
+ if (!escalation) {
1199
+ return reply.status(404).send({
1200
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'Escalation not found' },
1201
+ });
1202
+ }
1203
+ // Update intent status to approved if escalation approved
1204
+ if (escalation.status === 'approved') {
1205
+ await intentService.updateStatus(ctx, escalation.intentId, 'approved', 'escalated');
1206
+ }
1207
+ return reply.send(escalation);
1208
+ });
1209
+ // Reject an escalation
1210
+ api.post('/escalations/:id/reject', async (request, reply) => {
1211
+ const ctx = await getSecureTenantContext(request);
1212
+ const tenantIdStr = extractTenantId(ctx);
1213
+ const params = escalationIdParamsSchema.parse(request.params ?? {});
1214
+ const body = escalationResolveBodySchema.parse(request.body ?? {});
1215
+ const user = request.user;
1216
+ // First get the escalation to check authorization
1217
+ const escalationToCheck = await escalationService.get(params.id, ctx);
1218
+ if (!escalationToCheck) {
1219
+ return reply.status(404).send({
1220
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'Escalation not found' },
1221
+ });
1222
+ }
1223
+ // Authorization check - now async with database verification
1224
+ const authResult = await canResolveEscalation(user, escalationToCheck, tenantIdStr);
1225
+ if (!authResult.allowed) {
1226
+ apiLogger.warn({ escalationId: params.id, userId: user.sub, reason: authResult.reason }, 'Unauthorized escalation rejection attempt');
1227
+ return reply.status(403).send({
1228
+ error: {
1229
+ code: 'FORBIDDEN',
1230
+ message: authResult.reason ?? 'Not authorized to reject this escalation',
1231
+ },
1232
+ });
1233
+ }
1234
+ const rejectOptions = body.notes
1235
+ ? { notes: body.notes }
1236
+ : undefined;
1237
+ const escalation = await escalationService.reject(params.id, ctx, rejectOptions);
1238
+ if (!escalation) {
1239
+ return reply.status(404).send({
1240
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'Escalation not found' },
1241
+ });
1242
+ }
1243
+ // Update intent status to denied if escalation rejected
1244
+ if (escalation.status === 'rejected') {
1245
+ await intentService.updateStatus(ctx, escalation.intentId, 'denied', 'escalated');
1246
+ }
1247
+ return reply.send(escalation);
1248
+ });
1249
+ // ========== Escalation Approver Management ==========
1250
+ // Schema for assigning approvers
1251
+ const assignApproverBodySchema = z.object({
1252
+ userId: z.string().min(1).max(255),
1253
+ });
1254
+ // Assign an approver to an escalation
1255
+ api.post('/escalations/:id/assign', async (request, reply) => {
1256
+ const ctx = await getSecureTenantContext(request);
1257
+ const tenantIdStr = extractTenantId(ctx);
1258
+ const params = escalationIdParamsSchema.parse(request.params ?? {});
1259
+ const body = assignApproverBodySchema.parse(request.body ?? {});
1260
+ const user = request.user;
1261
+ // Only admins or the escalation creator can assign approvers
1262
+ const roles = user.roles ?? [];
1263
+ const isAdmin = roles.includes('admin') || roles.includes('tenant:admin') || roles.includes('escalation:admin');
1264
+ if (!isAdmin) {
1265
+ return reply.status(403).send({
1266
+ error: {
1267
+ code: 'FORBIDDEN',
1268
+ message: 'Only administrators can assign approvers to escalations',
1269
+ },
1270
+ });
1271
+ }
1272
+ // Verify escalation exists and belongs to tenant
1273
+ const escalation = await escalationService.get(params.id, ctx);
1274
+ if (!escalation) {
1275
+ return reply.status(404).send({
1276
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'Escalation not found' },
1277
+ });
1278
+ }
1279
+ // Escalation must be pending or acknowledged to assign approvers
1280
+ if (!['pending', 'acknowledged'].includes(escalation.status)) {
1281
+ return reply.status(400).send({
1282
+ error: {
1283
+ code: 'INVALID_STATE',
1284
+ message: `Cannot assign approvers to escalation in ${escalation.status} status`,
1285
+ },
1286
+ });
1287
+ }
1288
+ try {
1289
+ const assignment = await assignApprover({
1290
+ escalationId: params.id,
1291
+ userId: body.userId,
1292
+ tenantId: tenantIdStr,
1293
+ assignedBy: user.sub ?? 'unknown',
1294
+ });
1295
+ apiLogger.info({ escalationId: params.id, assignedUserId: body.userId, assignedBy: user.sub }, 'Approver assigned to escalation');
1296
+ return reply.status(201).send({
1297
+ id: assignment.id,
1298
+ escalationId: params.id,
1299
+ userId: body.userId,
1300
+ assignedAt: assignment.assignedAt,
1301
+ assignedBy: user.sub,
1302
+ });
1303
+ }
1304
+ catch (error) {
1305
+ apiLogger.error({ error, escalationId: params.id, userId: body.userId }, 'Failed to assign approver');
1306
+ throw error;
1307
+ }
1308
+ });
1309
+ // Remove an approver from an escalation
1310
+ api.delete('/escalations/:id/assign/:userId', async (request, reply) => {
1311
+ const ctx = await getSecureTenantContext(request);
1312
+ const tenantIdStr = extractTenantId(ctx);
1313
+ const params = z.object({
1314
+ id: z.string().uuid(),
1315
+ userId: z.string().min(1),
1316
+ }).parse(request.params ?? {});
1317
+ const user = request.user;
1318
+ // Only admins can remove approvers
1319
+ const roles = user.roles ?? [];
1320
+ const isAdmin = roles.includes('admin') || roles.includes('tenant:admin') || roles.includes('escalation:admin');
1321
+ if (!isAdmin) {
1322
+ return reply.status(403).send({
1323
+ error: {
1324
+ code: 'FORBIDDEN',
1325
+ message: 'Only administrators can remove approvers from escalations',
1326
+ },
1327
+ });
1328
+ }
1329
+ // Verify escalation exists and belongs to tenant
1330
+ const escalation = await escalationService.get(params.id, ctx);
1331
+ if (!escalation) {
1332
+ return reply.status(404).send({
1333
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'Escalation not found' },
1334
+ });
1335
+ }
1336
+ const removed = await removeApprover(params.id, params.userId, tenantIdStr);
1337
+ if (!removed) {
1338
+ return reply.status(404).send({
1339
+ error: { code: 'APPROVER_NOT_FOUND', message: 'Approver assignment not found' },
1340
+ });
1341
+ }
1342
+ apiLogger.info({ escalationId: params.id, removedUserId: params.userId, removedBy: user.sub }, 'Approver removed from escalation');
1343
+ return reply.status(204).send();
1344
+ });
1345
+ // List approvers for an escalation
1346
+ api.get('/escalations/:id/approvers', async (request, reply) => {
1347
+ const ctx = await getSecureTenantContext(request);
1348
+ const tenantIdStr = extractTenantId(ctx);
1349
+ const params = escalationIdParamsSchema.parse(request.params ?? {});
1350
+ // Verify escalation exists and belongs to tenant
1351
+ const escalation = await escalationService.get(params.id, ctx);
1352
+ if (!escalation) {
1353
+ return reply.status(404).send({
1354
+ error: { code: 'ESCALATION_NOT_FOUND', message: 'Escalation not found' },
1355
+ });
1356
+ }
1357
+ const approvers = await listApprovers(params.id, tenantIdStr);
1358
+ return reply.send({
1359
+ data: approvers,
1360
+ escalationId: params.id,
1361
+ });
1362
+ });
1363
+ // ========== Intent Replay ==========
1364
+ // Replay an intent (re-enqueue for processing)
1365
+ api.post('/intents/:id/replay', async (request, reply) => {
1366
+ const ctx = await getSecureTenantContext(request);
1367
+ const params = intentIdParamsSchema.parse(request.params ?? {});
1368
+ const intent = await intentService.get(ctx, params.id);
1369
+ if (!intent) {
1370
+ return reply.status(404).send({
1371
+ error: { code: 'INTENT_NOT_FOUND', message: 'Intent not found' },
1372
+ });
1373
+ }
1374
+ // Only replay failed or denied intents
1375
+ if (!['failed', 'denied'].includes(intent.status)) {
1376
+ return reply.status(400).send({
1377
+ error: {
1378
+ code: 'INVALID_STATE',
1379
+ message: `Cannot replay intent in ${intent.status} status`,
1380
+ },
1381
+ });
1382
+ }
1383
+ // Reset status and re-enqueue
1384
+ await intentService.updateStatus(ctx, params.id, 'pending', intent.status);
1385
+ const enqueueOptions = intent.intentType
1386
+ ? { namespace: intent.intentType }
1387
+ : {};
1388
+ await enqueueIntentSubmission(intent, enqueueOptions);
1389
+ return reply.send({
1390
+ message: 'Intent queued for replay',
1391
+ intentId: params.id,
1392
+ });
1393
+ });
1394
+ // ========== Admin Operations ==========
1395
+ // Trigger cleanup job manually
1396
+ api.post('/admin/cleanup', async (request, reply) => {
1397
+ const user = request.user;
1398
+ const roles = user.roles ?? [];
1399
+ // Require admin role
1400
+ if (!roles.includes('admin') && !roles.includes('tenant:admin') && !roles.includes('system:admin')) {
1401
+ apiLogger.warn({ userId: user.sub }, 'Unauthorized cleanup attempt');
1402
+ return reply.status(403).send({
1403
+ error: { code: 'FORBIDDEN', message: 'Admin role required' },
1404
+ });
1405
+ }
1406
+ apiLogger.info({ userId: user.sub }, 'Manual cleanup triggered');
1407
+ const result = await runCleanupNow();
1408
+ return reply.send(result);
1409
+ });
1410
+ // Retry a job from DLQ (moved to admin section)
1411
+ api.post('/admin/dlq/:jobId/retry', async (request, reply) => {
1412
+ const user = request.user;
1413
+ const roles = user.roles ?? [];
1414
+ // Require admin role
1415
+ if (!roles.includes('admin') && !roles.includes('tenant:admin') && !roles.includes('system:admin')) {
1416
+ apiLogger.warn({ userId: user.sub }, 'Unauthorized DLQ retry attempt');
1417
+ return reply.status(403).send({
1418
+ error: { code: 'FORBIDDEN', message: 'Admin role required' },
1419
+ });
1420
+ }
1421
+ const params = dlqRetryParamsSchema.parse(request.params ?? {});
1422
+ apiLogger.info({ userId: user.sub, jobId: params.jobId }, 'DLQ retry triggered');
1423
+ const success = await retryDeadLetterJob(params.jobId);
1424
+ if (!success) {
1425
+ return reply.status(404).send({
1426
+ error: { code: 'JOB_NOT_FOUND', message: 'Dead letter job not found' },
1427
+ });
1428
+ }
1429
+ return reply.send({ message: 'Job retried successfully', jobId: params.jobId });
1430
+ });
1431
+ // Revoke all tokens for a user (security incident response)
1432
+ api.post('/admin/users/:userId/revoke-tokens', async (request, reply) => {
1433
+ const ctx = await getSecureTenantContext(request);
1434
+ const tenantIdStr = extractTenantId(ctx);
1435
+ const user = request.user;
1436
+ const roles = user.roles ?? [];
1437
+ // Require admin role
1438
+ if (!roles.includes('admin') && !roles.includes('tenant:admin') && !roles.includes('system:admin') && !roles.includes('security:admin')) {
1439
+ apiLogger.warn({ userId: user.sub }, 'Unauthorized token revocation attempt');
1440
+ return reply.status(403).send({
1441
+ error: { code: 'FORBIDDEN', message: 'Admin role required' },
1442
+ });
1443
+ }
1444
+ const params = userIdParamsSchema.parse(request.params ?? {});
1445
+ const revokeTime = new Date();
1446
+ await tokenRevocationService.revokeAllForUser(params.userId, revokeTime);
1447
+ // Record audit event
1448
+ await recordTokenRevocationAudit(tenantIdStr, params.userId, 'token.user_all_revoked', {
1449
+ type: 'user',
1450
+ id: user.sub ?? 'unknown',
1451
+ ip: request.ip,
1452
+ }, {
1453
+ targetUserId: params.userId,
1454
+ revokedBefore: revokeTime.toISOString(),
1455
+ reason: 'admin_revoke_all',
1456
+ });
1457
+ apiLogger.info({ targetUserId: params.userId, adminUserId: user.sub, revokeTime: revokeTime.toISOString() }, 'All tokens revoked for user');
1458
+ return reply.send({
1459
+ message: 'All tokens revoked for user',
1460
+ userId: params.userId,
1461
+ revokedBefore: revokeTime.toISOString(),
1462
+ });
1463
+ });
1464
+ // ========== Audit Routes ==========
1465
+ // Query audit records
1466
+ api.get('/audit', async (request, reply) => {
1467
+ const ctx = await getSecureTenantContext(request);
1468
+ const tenantIdStr = extractTenantId(ctx);
1469
+ const query = auditQuerySchema.parse(request.query ?? {});
1470
+ const result = await auditService.query({
1471
+ tenantId: tenantIdStr,
1472
+ eventType: query.eventType,
1473
+ eventCategory: query.eventCategory,
1474
+ severity: query.severity,
1475
+ actorId: query.actorId,
1476
+ targetId: query.targetId,
1477
+ targetType: query.targetType,
1478
+ startTime: query.startTime,
1479
+ endTime: query.endTime,
1480
+ limit: query.limit,
1481
+ offset: query.offset,
1482
+ });
1483
+ return reply.send({
1484
+ data: result.records,
1485
+ pagination: {
1486
+ total: result.total,
1487
+ hasMore: result.hasMore,
1488
+ },
1489
+ });
1490
+ });
1491
+ // Get audit record by ID
1492
+ api.get('/audit/:id', async (request, reply) => {
1493
+ const ctx = await getSecureTenantContext(request);
1494
+ const tenantIdStr = extractTenantId(ctx);
1495
+ const params = auditIdParamsSchema.parse(request.params ?? {});
1496
+ const record = await auditService.findById(params.id, tenantIdStr);
1497
+ if (!record) {
1498
+ return reply.status(404).send({
1499
+ error: { code: 'AUDIT_RECORD_NOT_FOUND', message: 'Audit record not found' },
1500
+ });
1501
+ }
1502
+ return reply.send(record);
1503
+ });
1504
+ // Get audit trail for a target
1505
+ api.get('/audit/target/:targetType/:targetId', async (request, reply) => {
1506
+ const ctx = await getSecureTenantContext(request);
1507
+ const tenantIdStr = extractTenantId(ctx);
1508
+ const params = auditTargetParamsSchema.parse(request.params ?? {});
1509
+ const query = auditTargetQuerySchema.parse(request.query ?? {});
1510
+ const records = await auditService.getForTarget(tenantIdStr, params.targetType, params.targetId, { limit: query.limit, offset: query.offset });
1511
+ return reply.send({ data: records });
1512
+ });
1513
+ // Get all audit records for a trace
1514
+ api.get('/audit/trace/:traceId', async (request, reply) => {
1515
+ const ctx = await getSecureTenantContext(request);
1516
+ const tenantIdStr = extractTenantId(ctx);
1517
+ const params = auditTraceParamsSchema.parse(request.params ?? {});
1518
+ const records = await auditService.getByTrace(tenantIdStr, params.traceId);
1519
+ return reply.send({ data: records });
1520
+ });
1521
+ // Get audit statistics
1522
+ api.get('/audit/stats', async (request, reply) => {
1523
+ const ctx = await getSecureTenantContext(request);
1524
+ const tenantIdStr = extractTenantId(ctx);
1525
+ const query = auditStatsQuerySchema.parse(request.query ?? {});
1526
+ const stats = await auditService.getStats(tenantIdStr, {
1527
+ startTime: query.startTime,
1528
+ endTime: query.endTime,
1529
+ });
1530
+ return reply.send(stats);
1531
+ });
1532
+ // Verify audit chain integrity (admin-only)
1533
+ api.post('/audit/verify', async (request, reply) => {
1534
+ const ctx = await getSecureTenantContext(request);
1535
+ const tenantIdStr = extractTenantId(ctx);
1536
+ const user = request.user;
1537
+ const roles = user.roles ?? [];
1538
+ // Require admin role
1539
+ if (!roles.includes('admin') && !roles.includes('tenant:admin') && !roles.includes('system:admin') && !roles.includes('audit:admin')) {
1540
+ apiLogger.warn({ userId: user.sub }, 'Unauthorized audit verify attempt');
1541
+ return reply.status(403).send({
1542
+ error: { code: 'FORBIDDEN', message: 'Admin role required' },
1543
+ });
1544
+ }
1545
+ const body = auditVerifyBodySchema.parse(request.body ?? {});
1546
+ const result = await auditService.verifyChainIntegrity(tenantIdStr, {
1547
+ startSequence: body.startSequence,
1548
+ limit: body.limit,
1549
+ });
1550
+ return reply.send(result);
1551
+ });
1552
+ // ========== Policy Routes ==========
1553
+ // Create a new policy
1554
+ api.post('/policies', async (request, reply) => {
1555
+ // Authorization: admin and policy_writer roles
1556
+ if (!await checkAuthorization(request, reply, POLICY_ROLES.WRITE)) {
1557
+ return;
1558
+ }
1559
+ const ctx = await getSecureTenantContext(request);
1560
+ const tenantIdStr = extractTenantId(ctx);
1561
+ const user = request.user;
1562
+ const body = policyCreateBodySchema.parse(request.body ?? {});
1563
+ try {
1564
+ const createInput = {
1565
+ name: body.name,
1566
+ definition: body.definition,
1567
+ };
1568
+ if (body.description !== undefined)
1569
+ createInput.description = body.description;
1570
+ if (body.namespace !== undefined)
1571
+ createInput.namespace = body.namespace;
1572
+ if (user.sub !== undefined)
1573
+ createInput.createdBy = user.sub;
1574
+ const policy = await policyService.create(ctx, createInput);
1575
+ apiLogger.info({ policyId: policy.id, name: policy.name, tenantId: tenantIdStr }, 'Policy created');
1576
+ return reply.code(201).send(policy);
1577
+ }
1578
+ catch (error) {
1579
+ if (error instanceof PolicyValidationException) {
1580
+ return reply.status(400).send({
1581
+ error: {
1582
+ code: 'POLICY_VALIDATION_ERROR',
1583
+ message: error.message,
1584
+ details: error.errors,
1585
+ },
1586
+ });
1587
+ }
1588
+ throw error;
1589
+ }
1590
+ });
1591
+ // List policies for tenant
1592
+ api.get('/policies', async (request, reply) => {
1593
+ // Authorization: admin and policy_reader roles
1594
+ if (!await checkAuthorization(request, reply, POLICY_ROLES.READ)) {
1595
+ return;
1596
+ }
1597
+ const ctx = await getSecureTenantContext(request);
1598
+ const tenantIdStr = extractTenantId(ctx);
1599
+ const query = policyListQuerySchema.parse(request.query ?? {});
1600
+ const limit = query.limit ?? 50;
1601
+ const offset = query.offset ?? 0;
1602
+ const listFilters = {
1603
+ limit: limit + 1, // Fetch one extra to determine hasMore
1604
+ offset,
1605
+ };
1606
+ if (query.namespace)
1607
+ listFilters.namespace = query.namespace;
1608
+ if (query.status)
1609
+ listFilters.status = query.status;
1610
+ const policies = await policyService.list(ctx, listFilters);
1611
+ const hasMore = policies.length > limit;
1612
+ const data = hasMore ? policies.slice(0, limit) : policies;
1613
+ return reply.send({
1614
+ data,
1615
+ pagination: {
1616
+ total: data.length + offset,
1617
+ hasMore,
1618
+ },
1619
+ });
1620
+ });
1621
+ // Get policy by ID
1622
+ api.get('/policies/:id', async (request, reply) => {
1623
+ // Authorization: admin and policy_reader roles
1624
+ if (!await checkAuthorization(request, reply, POLICY_ROLES.READ)) {
1625
+ return;
1626
+ }
1627
+ const ctx = await getSecureTenantContext(request);
1628
+ const tenantIdStr = extractTenantId(ctx);
1629
+ const params = policyIdParamsSchema.parse(request.params ?? {});
1630
+ const policy = await policyService.findById(params.id, ctx);
1631
+ if (!policy) {
1632
+ return reply.status(404).send({
1633
+ error: { code: 'POLICY_NOT_FOUND', message: 'Policy not found' },
1634
+ });
1635
+ }
1636
+ return reply.send(policy);
1637
+ });
1638
+ // Update policy definition
1639
+ api.put('/policies/:id', async (request, reply) => {
1640
+ // Authorization: admin and policy_writer roles
1641
+ if (!await checkAuthorization(request, reply, POLICY_ROLES.WRITE)) {
1642
+ return;
1643
+ }
1644
+ const ctx = await getSecureTenantContext(request);
1645
+ const tenantIdStr = extractTenantId(ctx);
1646
+ const user = request.user;
1647
+ const params = policyIdParamsSchema.parse(request.params ?? {});
1648
+ const body = policyUpdateBodySchema.parse(request.body ?? {});
1649
+ try {
1650
+ const updateInput = {};
1651
+ if (body.description !== undefined)
1652
+ updateInput.description = body.description;
1653
+ if (body.definition !== undefined)
1654
+ updateInput.definition = body.definition;
1655
+ if (body.changeSummary !== undefined)
1656
+ updateInput.changeSummary = body.changeSummary;
1657
+ if (user.sub !== undefined)
1658
+ updateInput.updatedBy = user.sub;
1659
+ const policy = await policyService.update(params.id, ctx, updateInput);
1660
+ if (!policy) {
1661
+ return reply.status(404).send({
1662
+ error: { code: 'POLICY_NOT_FOUND', message: 'Policy not found' },
1663
+ });
1664
+ }
1665
+ // Invalidate cache after policy update
1666
+ await policyLoader.invalidateCache(tenantIdStr, policy.namespace);
1667
+ apiLogger.info({ policyId: policy.id, version: policy.version, tenantId: tenantIdStr }, 'Policy updated');
1668
+ return reply.send(policy);
1669
+ }
1670
+ catch (error) {
1671
+ if (error instanceof PolicyValidationException) {
1672
+ return reply.status(400).send({
1673
+ error: {
1674
+ code: 'POLICY_VALIDATION_ERROR',
1675
+ message: error.message,
1676
+ details: error.errors,
1677
+ },
1678
+ });
1679
+ }
1680
+ throw error;
1681
+ }
1682
+ });
1683
+ // Publish a draft policy
1684
+ api.post('/policies/:id/publish', async (request, reply) => {
1685
+ // Authorization: admin and policy_writer roles
1686
+ if (!await checkAuthorization(request, reply, POLICY_ROLES.WRITE)) {
1687
+ return;
1688
+ }
1689
+ const ctx = await getSecureTenantContext(request);
1690
+ const tenantIdStr = extractTenantId(ctx);
1691
+ const params = policyIdParamsSchema.parse(request.params ?? {});
1692
+ const policy = await policyService.publish(params.id, ctx);
1693
+ if (!policy) {
1694
+ return reply.status(404).send({
1695
+ error: { code: 'POLICY_NOT_FOUND', message: 'Policy not found' },
1696
+ });
1697
+ }
1698
+ // Invalidate cache after policy is published
1699
+ await policyLoader.invalidateCache(tenantIdStr, policy.namespace);
1700
+ apiLogger.info({ policyId: policy.id, name: policy.name, tenantId: tenantIdStr }, 'Policy published');
1701
+ return reply.send(policy);
1702
+ });
1703
+ // Deprecate a policy
1704
+ api.post('/policies/:id/deprecate', async (request, reply) => {
1705
+ // Authorization: admin and policy_writer roles
1706
+ if (!await checkAuthorization(request, reply, POLICY_ROLES.WRITE)) {
1707
+ return;
1708
+ }
1709
+ const ctx = await getSecureTenantContext(request);
1710
+ const tenantIdStr = extractTenantId(ctx);
1711
+ const params = policyIdParamsSchema.parse(request.params ?? {});
1712
+ const policy = await policyService.deprecate(params.id, ctx);
1713
+ if (!policy) {
1714
+ return reply.status(404).send({
1715
+ error: { code: 'POLICY_NOT_FOUND', message: 'Policy not found' },
1716
+ });
1717
+ }
1718
+ // Invalidate cache after policy is deprecated
1719
+ await policyLoader.invalidateCache(tenantIdStr, policy.namespace);
1720
+ apiLogger.info({ policyId: policy.id, name: policy.name, tenantId: tenantIdStr }, 'Policy deprecated');
1721
+ return reply.send(policy);
1722
+ });
1723
+ // Archive a policy
1724
+ api.post('/policies/:id/archive', async (request, reply) => {
1725
+ // Authorization: admin and policy_writer roles
1726
+ if (!await checkAuthorization(request, reply, POLICY_ROLES.WRITE)) {
1727
+ return;
1728
+ }
1729
+ const ctx = await getSecureTenantContext(request);
1730
+ const tenantIdStr = extractTenantId(ctx);
1731
+ const params = policyIdParamsSchema.parse(request.params ?? {});
1732
+ const policy = await policyService.archive(params.id, ctx);
1733
+ if (!policy) {
1734
+ return reply.status(404).send({
1735
+ error: { code: 'POLICY_NOT_FOUND', message: 'Policy not found' },
1736
+ });
1737
+ }
1738
+ // Invalidate cache after policy is archived
1739
+ await policyLoader.invalidateCache(tenantIdStr, policy.namespace);
1740
+ apiLogger.info({ policyId: policy.id, name: policy.name, tenantId: tenantIdStr }, 'Policy archived');
1741
+ return reply.send(policy);
1742
+ });
1743
+ // Delete a policy (only if draft)
1744
+ api.delete('/policies/:id', async (request, reply) => {
1745
+ // Authorization: admin only
1746
+ if (!await checkAuthorization(request, reply, POLICY_ROLES.DELETE)) {
1747
+ return;
1748
+ }
1749
+ const ctx = await getSecureTenantContext(request);
1750
+ const tenantIdStr = extractTenantId(ctx);
1751
+ const params = policyIdParamsSchema.parse(request.params ?? {});
1752
+ // First check if the policy exists and is a draft
1753
+ const policy = await policyService.findById(params.id, ctx);
1754
+ if (!policy) {
1755
+ return reply.status(404).send({
1756
+ error: { code: 'POLICY_NOT_FOUND', message: 'Policy not found' },
1757
+ });
1758
+ }
1759
+ if (policy.status !== 'draft') {
1760
+ return reply.status(400).send({
1761
+ error: {
1762
+ code: 'POLICY_NOT_DRAFT',
1763
+ message: 'Only draft policies can be deleted. Use archive for published policies.',
1764
+ },
1765
+ });
1766
+ }
1767
+ const deleted = await policyService.delete(params.id, ctx);
1768
+ if (!deleted) {
1769
+ return reply.status(404).send({
1770
+ error: { code: 'POLICY_NOT_FOUND', message: 'Policy not found' },
1771
+ });
1772
+ }
1773
+ // Invalidate cache after policy deletion
1774
+ await policyLoader.invalidateCache(tenantIdStr, policy.namespace);
1775
+ apiLogger.info({ policyId: params.id, tenantId: tenantIdStr }, 'Policy deleted');
1776
+ return reply.status(204).send();
1777
+ });
1778
+ // ========== Webhook Routes ==========
1779
+ // Register a webhook
1780
+ api.post('/webhooks', async (request, reply) => {
1781
+ const ctx = await getSecureTenantContext(request);
1782
+ const tenantIdStr = extractTenantId(ctx);
1783
+ const body = webhookCreateBodySchema.parse(request.body ?? {});
1784
+ try {
1785
+ const webhookId = await webhookService.registerWebhook(tenantIdStr, {
1786
+ url: body.url,
1787
+ secret: body.secret,
1788
+ events: body.events,
1789
+ enabled: body.enabled ?? true,
1790
+ });
1791
+ const webhooks = await webhookService.getWebhooks(tenantIdStr);
1792
+ const webhook = webhooks.find((w) => w.id === webhookId);
1793
+ apiLogger.info({ webhookId, tenantId: tenantIdStr, url: body.url }, 'Webhook registered');
1794
+ return reply.code(201).send({
1795
+ id: webhookId,
1796
+ config: webhook?.config,
1797
+ });
1798
+ }
1799
+ catch (error) {
1800
+ if (error instanceof Error && error.message.startsWith('Invalid webhook URL')) {
1801
+ return reply.status(400).send({
1802
+ error: {
1803
+ code: 'INVALID_WEBHOOK_URL',
1804
+ message: error.message,
1805
+ },
1806
+ });
1807
+ }
1808
+ throw error;
1809
+ }
1810
+ });
1811
+ // List webhooks for tenant
1812
+ api.get('/webhooks', async (request, reply) => {
1813
+ const ctx = await getSecureTenantContext(request);
1814
+ const tenantIdStr = extractTenantId(ctx);
1815
+ const webhooks = await webhookService.getWebhooks(tenantIdStr);
1816
+ return reply.send({
1817
+ data: webhooks.map((w) => ({
1818
+ id: w.id,
1819
+ config: w.config,
1820
+ })),
1821
+ });
1822
+ });
1823
+ // Unregister a webhook
1824
+ api.delete('/webhooks/:id', async (request, reply) => {
1825
+ const ctx = await getSecureTenantContext(request);
1826
+ const tenantIdStr = extractTenantId(ctx);
1827
+ const params = webhookIdParamsSchema.parse(request.params ?? {});
1828
+ const deleted = await webhookService.unregisterWebhook(tenantIdStr, params.id);
1829
+ if (!deleted) {
1830
+ return reply.status(404).send({
1831
+ error: { code: 'WEBHOOK_NOT_FOUND', message: 'Webhook not found' },
1832
+ });
1833
+ }
1834
+ apiLogger.info({ webhookId: params.id, tenantId: tenantIdStr }, 'Webhook unregistered');
1835
+ return reply.status(204).send();
1836
+ });
1837
+ // Get recent deliveries for a webhook
1838
+ api.get('/webhooks/:id/deliveries', async (request, reply) => {
1839
+ const ctx = await getSecureTenantContext(request);
1840
+ const tenantIdStr = extractTenantId(ctx);
1841
+ const params = webhookIdParamsSchema.parse(request.params ?? {});
1842
+ const query = webhookDeliveriesQuerySchema.parse(request.query ?? {});
1843
+ // First check if the webhook exists
1844
+ const webhooks = await webhookService.getWebhooks(tenantIdStr);
1845
+ const webhook = webhooks.find((w) => w.id === params.id);
1846
+ if (!webhook) {
1847
+ return reply.status(404).send({
1848
+ error: { code: 'WEBHOOK_NOT_FOUND', message: 'Webhook not found' },
1849
+ });
1850
+ }
1851
+ const deliveries = await webhookService.getDeliveries(tenantIdStr, params.id, query.limit ?? 100);
1852
+ return reply.send({
1853
+ data: deliveries.map((d) => ({
1854
+ id: d.id,
1855
+ result: d.result,
1856
+ })),
1857
+ });
1858
+ });
1859
+ // ========== GDPR Routes ==========
1860
+ // Schema for GDPR export request
1861
+ const gdprExportBodySchema = z.object({
1862
+ userId: z.string().uuid(),
1863
+ });
1864
+ const gdprRequestIdParamsSchema = z.object({
1865
+ requestId: z.string().uuid(),
1866
+ });
1867
+ // Initiate GDPR data export (async job)
1868
+ api.post('/intent/gdpr/export', async (request, reply) => {
1869
+ const ctx = await getSecureTenantContext(request);
1870
+ const tenantIdStr = extractTenantId(ctx);
1871
+ const user = request.user;
1872
+ const body = gdprExportBodySchema.parse(request.body ?? {});
1873
+ // Create GDPR authorization context
1874
+ const gdprAuthContext = {
1875
+ requestingUserId: user.sub ?? 'unknown',
1876
+ requestingUserTenantId: tenantIdStr,
1877
+ roles: (user.roles ?? []),
1878
+ ipAddress: request.ip,
1879
+ requestId: request.id,
1880
+ };
1881
+ // Create export request
1882
+ const exportRequest = await gdprService.createExportRequest(gdprAuthContext, body.userId, tenantIdStr);
1883
+ // Queue the export job
1884
+ await enqueueGdprExport(exportRequest.id, body.userId, tenantIdStr, gdprAuthContext);
1885
+ apiLogger.info({ requestId: exportRequest.id, userId: body.userId, tenantId: tenantIdStr }, 'GDPR export initiated');
1886
+ return reply.code(202).send({
1887
+ requestId: exportRequest.id,
1888
+ status: exportRequest.status,
1889
+ message: 'Export request queued. Use the requestId to check status.',
1890
+ expiresAt: exportRequest.expiresAt,
1891
+ });
1892
+ });
1893
+ // Get GDPR export status
1894
+ api.get('/intent/gdpr/export/:requestId', async (request, reply) => {
1895
+ const ctx = await getSecureTenantContext(request);
1896
+ const tenantIdStr = extractTenantId(ctx);
1897
+ const user = request.user;
1898
+ const params = gdprRequestIdParamsSchema.parse(request.params ?? {});
1899
+ // Create GDPR authorization context
1900
+ const gdprAuthContext = {
1901
+ requestingUserId: user.sub ?? 'unknown',
1902
+ requestingUserTenantId: tenantIdStr,
1903
+ roles: (user.roles ?? []),
1904
+ ipAddress: request.ip,
1905
+ requestId: request.id,
1906
+ };
1907
+ const exportRequest = await gdprService.getExportRequest(gdprAuthContext, params.requestId, tenantIdStr);
1908
+ if (!exportRequest) {
1909
+ return reply.status(404).send({
1910
+ error: {
1911
+ code: 'EXPORT_REQUEST_NOT_FOUND',
1912
+ message: 'Export request not found or expired',
1913
+ },
1914
+ });
1915
+ }
1916
+ return reply.send({
1917
+ requestId: exportRequest.id,
1918
+ userId: exportRequest.userId,
1919
+ status: exportRequest.status,
1920
+ requestedAt: exportRequest.requestedAt,
1921
+ completedAt: exportRequest.completedAt,
1922
+ expiresAt: exportRequest.expiresAt,
1923
+ downloadUrl: exportRequest.downloadUrl,
1924
+ error: exportRequest.error,
1925
+ });
1926
+ });
1927
+ // Download GDPR export data
1928
+ api.get('/intent/gdpr/export/:requestId/download', async (request, reply) => {
1929
+ const ctx = await getSecureTenantContext(request);
1930
+ const tenantIdStr = extractTenantId(ctx);
1931
+ const user = request.user;
1932
+ const params = gdprRequestIdParamsSchema.parse(request.params ?? {});
1933
+ // Create GDPR authorization context
1934
+ const gdprAuthContext = {
1935
+ requestingUserId: user.sub ?? 'unknown',
1936
+ requestingUserTenantId: tenantIdStr,
1937
+ roles: (user.roles ?? []),
1938
+ ipAddress: request.ip,
1939
+ requestId: request.id,
1940
+ };
1941
+ const exportData = await gdprService.getExportData(gdprAuthContext, params.requestId, tenantIdStr);
1942
+ if (!exportData) {
1943
+ return reply.status(404).send({
1944
+ error: {
1945
+ code: 'EXPORT_DATA_NOT_FOUND',
1946
+ message: 'Export data not found, not ready, or expired',
1947
+ },
1948
+ });
1949
+ }
1950
+ // Return as JSON file download
1951
+ return reply
1952
+ .header('Content-Type', 'application/json')
1953
+ .header('Content-Disposition', `attachment; filename="gdpr-export-${exportData.userId}-${exportData.exportTimestamp.split('T')[0]}.json"`)
1954
+ .send(exportData);
1955
+ });
1956
+ // GDPR right to erasure (soft delete user data)
1957
+ api.delete('/intent/gdpr/data', async (request, reply) => {
1958
+ const ctx = await getSecureTenantContext(request);
1959
+ const tenantIdStr = extractTenantId(ctx);
1960
+ const user = request.user;
1961
+ const body = gdprExportBodySchema.parse(request.body ?? {});
1962
+ // Require admin role or self-request for erasure
1963
+ const roles = user.roles ?? [];
1964
+ const isAdmin = roles.includes('admin') || roles.includes('tenant:admin') || roles.includes('gdpr:admin');
1965
+ const isSelfRequest = user.sub === body.userId;
1966
+ if (!isAdmin && !isSelfRequest) {
1967
+ return reply.status(403).send({
1968
+ error: {
1969
+ code: 'FORBIDDEN',
1970
+ message: 'Only administrators or the data subject can request data erasure',
1971
+ },
1972
+ });
1973
+ }
1974
+ // Create GDPR authorization context
1975
+ const gdprAuthContext = {
1976
+ requestingUserId: user.sub ?? 'unknown',
1977
+ requestingUserTenantId: tenantIdStr,
1978
+ roles: roles,
1979
+ ipAddress: request.ip,
1980
+ requestId: request.id,
1981
+ };
1982
+ const result = await gdprService.eraseUserData(gdprAuthContext, body.userId, tenantIdStr);
1983
+ apiLogger.info({ userId: body.userId, tenantId: tenantIdStr, erasedBy: user.sub, counts: result.counts }, 'GDPR data erasure completed');
1984
+ return reply.send({
1985
+ message: 'User data has been erased in compliance with GDPR Article 17',
1986
+ userId: result.userId,
1987
+ erasedAt: result.erasedAt,
1988
+ counts: result.counts,
1989
+ });
1990
+ });
1991
+ // TODO: ACI Extension Routes planned but not yet implemented
1992
+ // await registerExtensionRoutes(api);
1993
+ }, { prefix: config.api.basePath });
1994
+ // ==========================================================================
1995
+ // Agent Anchor Module Routes
1996
+ // ==========================================================================
1997
+ // A2A (Agent-to-Agent) protocol routes
1998
+ // Provides invoke, discovery, and chain visualization endpoints
1999
+ await server.register(async (a2aApi) => {
2000
+ await registerA2ARoutes(a2aApi);
2001
+ }, { prefix: `${config.api.basePath}/a2a` });
2002
+ // Agent Registry routes
2003
+ // Provides agent registration, trust scoring, and attestation endpoints
2004
+ await server.register(async (registryApi) => {
2005
+ await registerAgentRegistryRoutes(registryApi);
2006
+ }, { prefix: `${config.api.basePath}/agents` });
2007
+ // Observability health routes
2008
+ // Provides detailed health checks for all Vorion subsystems
2009
+ await server.register(async (healthApi) => {
2010
+ await registerObservabilityHealthRoutes(healthApi);
2011
+ }, { prefix: `${config.api.basePath}/observability` });
2012
+ // Friction Feedback routes (Epic 3: FR119-122)
2013
+ // Provides denial explanations, next steps, and understanding signals
2014
+ await server.register(async (frictionApi) => {
2015
+ await registerFrictionRoutes(frictionApi);
2016
+ }, { prefix: config.api.basePath });
2017
+ // Visual Policy Builder routes (Epic 4: FR144-150)
2018
+ // Provides visual policy creation, simulation, templates, and propagation
2019
+ await server.register(async (policyBuilderApi) => {
2020
+ await registerVisualPolicyBuilderRoutes(policyBuilderApi);
2021
+ }, { prefix: config.api.basePath });
2022
+ return server;
2023
+ }
2024
+ /**
2025
+ * Start the API server
2026
+ */
2027
+ export async function startServer() {
2028
+ const config = getConfig();
2029
+ // Validate startup dependencies before accepting requests
2030
+ // If DB or Redis connectivity fails, exit with code 1
2031
+ try {
2032
+ await validateStartupDependencies();
2033
+ }
2034
+ catch (error) {
2035
+ apiLogger.error({ error }, 'Startup validation failed - exiting');
2036
+ process.exit(1);
2037
+ }
2038
+ // TODO: Database migration checker planned but not yet implemented
2039
+ // When implemented, will check schema drift and run pending migrations
2040
+ // controlled by VORION_AUTO_MIGRATE environment variable
2041
+ apiLogger.info('Database migration check skipped (migration-checker not yet implemented)');
2042
+ const server = await createServer();
2043
+ // Register graceful shutdown handlers using the centralized shutdown module
2044
+ // This handles SIGTERM (Kubernetes) and SIGINT (Ctrl+C) signals
2045
+ // and coordinates shutdown of HTTP server, workers, database, and Redis
2046
+ registerShutdownHandlers(server, {
2047
+ timeoutMs: config.intent.shutdownTimeoutMs ?? 30000,
2048
+ });
2049
+ try {
2050
+ await server.listen({
2051
+ port: config.api.port,
2052
+ host: config.api.host,
2053
+ });
2054
+ try {
2055
+ registerIntentWorkers(intentService);
2056
+ apiLogger.info('Intent workers started');
2057
+ }
2058
+ catch (error) {
2059
+ apiLogger.error({ error }, 'Failed to start intent workers');
2060
+ }
2061
+ try {
2062
+ await startScheduler();
2063
+ apiLogger.info('Scheduler started');
2064
+ }
2065
+ catch (error) {
2066
+ apiLogger.error({ error }, 'Failed to start scheduler');
2067
+ }
2068
+ try {
2069
+ registerGdprWorker();
2070
+ apiLogger.info('GDPR workers started');
2071
+ }
2072
+ catch (error) {
2073
+ apiLogger.error({ error }, 'Failed to start GDPR workers');
2074
+ }
2075
+ apiLogger.info({
2076
+ port: config.api.port,
2077
+ host: config.api.host,
2078
+ environment: config.env,
2079
+ }, 'Server started');
2080
+ }
2081
+ catch (error) {
2082
+ apiLogger.error({ error }, 'Failed to start server');
2083
+ process.exit(1);
2084
+ }
2085
+ }
2086
+ //# sourceMappingURL=server.js.map