@vorionsys/platform-core 0.1.0

package/dist/security/encryption/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/security/encryption/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB;IAC9B,qEAAqE;;IAErE,wDAAwD;;IAExD,0DAA0D;;CAElD,CAAC;AAEX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AAEjG,eAAO,MAAM,yBAAyB;IAVpC,qEAAqE;;IAErE,wDAAwD;;IAExD,0DAA0D;;EAMc,CAAC;AAM3E;;;;;;;;GAQG;AACH,eAAO,MAAM,kBAAkB;IAC7B,2CAA2C;;IAE3C,0CAA0C;;IAE1C,uDAAuD;;IAEvD,uEAAuE;;CAE/D,CAAC;AAEX,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,OAAO,kBAAkB,CAAC,CAAC;AAE9F,eAAO,MAAM,wBAAwB;IAZnC,2CAA2C;;IAE3C,0CAA0C;;IAE1C,uDAAuD;;IAEvD,uEAAuE;;EAMD,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,kBAAkB,EAAE,MAAM,CAKpE,CAAC;AAMF;;;;;;GAMG;AACH,MAAM,WAAW,cAAc;IAC7B,gCAAgC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,mEAAmE;IACnE,EAAE,EAAE,MAAM,CAAC;IACX,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAC;IAChB,oCAAoC;IACpC,SAAS,EAAE,mBAAmB,CAAC;IAC/B,oEAAoE;IACpE,UAAU,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uEAAuE;IACvE,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,eAAO,MAAM,oBAAoB;;;;;QAhF/B,qEAAqE;;QAErE,wDAAwD;;QAExD,0DAA0D;;;;;;;;;;;;;;;;;;;;;;;;;EAqF1D,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,IAAI,CAAC;IAClB,SAAS,EAAE,CAAC,CAAC;IACb,KAAK,EAAE,cAAc,CAAC;CACvB;AAED,eAAO,MAAM,0BAA0B;;;;;;;;YApGrC,qEAAqE;;YAErE,wDAAwD;;YAExD,0DAA0D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoG1D,CAAC;AAEH;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,oBAAoB,CAUpF;AAMD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,SAAS,EAAE,IAAI,CAAC;IAChB,yDAAyD;IACzD,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,+EAA+E;IAC/E,YAAY,CAAC,EAAE,IAAI,CAAC;IACpB,2EAA2E;IAC3E,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,iCAAiC;IACjC,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,YAAY,GAAG,SAAS,CAAC;CACzD;AAED,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;EAO3B,CAAC;AAMH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8CAA8C;IAC9C,gBAAgB,EAAE,mBAAmB,CAAC;IACtC,iEAAiE;IACjE,OAAO,EAAE,OAAO,CAAC;IACjB,wCAAwC;IACxC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,0BAA0B;IAC1B,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IACzC,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,aAAa,EAAE,MAAM,CAAC;IACtB,2CAA2C;IAC3C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,sDAAsD;IACtD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,uCAAuC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,qDAAqD;IACrD,YAAY,EAAE,OAAO,CAAC;IACtB,4DAA4D;IAC5D,sBAAsB,EAAE,kBAAkB,CAAC;CAC5C;AAED,eAAO,MAAM,sBAAsB;;QA1LjC,qEAAqE;;QAErE,wDAAwD;;QAExD,0DAA0D;;;;;;;;;;;;;;QAsB1D,2CAA2C;;QAE3C,0CAA0C;;QAE1C,uDAAuD;;QAEvD,uEAAuE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuKvE,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,yBAAyB,EAAE,gBAavC,CAAC;AAMF;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,mEAAmE;IACnE,SAAS,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,cAAc,EAAE,kBAAkB,CAAC;IACnC,oDAAoD;IACpD,SAAS,EAAE,OAAO,CAAC;IACnB,2CAA2C;IAC3C,SAAS,CAAC,EAAE,mBAAmB,CAAC;IAChC,sEAAsE;IACtE,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,wCAAwC;IACxC,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,eAAO,MAAM,iBAAiB;;;QAvN5B,2CAA2C;;QAE3C,0CAA0C;;QAE1C,uDAAuD;;QAEvD,uEAAuE;;;;;QAhCvE,qEAAqE;;QAErE,wDAAwD;;QAExD,0DAA0D;;;;;;;;;;;;;;;;;;;EAoP1D,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,gCAAgC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,iDAAiD;IACjD,qBAAqB,CAAC,EAAE,kBAAkB,CAAC;IAC3C,yCAAyC;IACzC,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,eAAO,MAAM,2BAA2B;;;;;;YAhPtC,2CAA2C;;YAE3C,0CAA0C;;YAE1C,uDAAuD;;YAEvD,uEAAuE;;;;;YAhCvE,qEAAqE;;YAErE,wDAAwD;;YAExD,0DAA0D;;;;;;;;;;;;;;;;;;;;;QAsB1D,2CAA2C;;QAE3C,0CAA0C;;QAE1C,uDAAuD;;QAEvD,uEAAuE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgPvE,CAAC;AAMH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+DAA+D;IAC/D,cAAc,CAAC,EAAE,kBAAkB,CAAC;IACpC,2CAA2C;IAC3C,SAAS,CAAC,EAAE,mBAAmB,CAAC;IAChC,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,2DAA2D;IAC3D,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,oCAAoC;IACpC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,oBAAoB;;;QAhR/B,2CAA2C;;QAE3C,0CAA0C;;QAE1C,uDAAuD;;QAEvD,uEAAuE;;;;QAhCvE,qEAAqE;;QAErE,wDAAwD;;QAExD,0DAA0D;;;;;;;;;;;;;;;;;;;;;;;EA8S1D,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,oBAAoB;;;;;;;;;;;;EAI/B,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,sCAAsC;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,sCAAsC;IACtC,YAAY,CAAC,EAAE,mBAAmB,CAAC;IACnC,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,sBAAsB;;;QApVjC,qEAAqE;;QAErE,wDAAwD;;QAExD,0DAA0D;;;;;;;;;;;;;;;EAqV1D,CAAC;AAMH;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;CAMtB,CAAC;AAEX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AAEjG;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,4BAA4B;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,iCAAiC;IACjC,SAAS,EAAE,IAAI,CAAC;IAChB,wBAAwB;IACxB,SAAS,EAAE,mBAAmB,CAAC;IAC/B,+BAA+B;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sCAAsC;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,qBAAqB;IACrB,SAAS,EAAE,mBAAmB,CAAC;IAC/B,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6BAA6B;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;QA5YrC,qEAAqE;;QAErE,wDAAwD;;QAExD,0DAA0D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsZ1D,CAAC;AAMH;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,oBAAoB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAElF;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,CAChC,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,KACf,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAM1B;;GAEG;AACH,eAAO,MAAM,mBAAmB;IAC9B,kCAAkC;;IAElC,4BAA4B;;IAE5B,4BAA4B;;IAE5B,wBAAwB;;IAExB,wBAAwB;;IAExB,6CAA6C;;IAE7C,iCAAiC;;IAEjC,qCAAqC;;IAErC,mCAAmC;;IAEnC,2BAA2B;;IAE3B,uBAAuB;;IAEvB,0BAA0B;;CAElB,CAAC;AAEX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC"}

package/dist/security/encryption/types.js

@@ -0,0 +1,229 @@
+/**
+ * Field-Level Encryption Types
+ *
+ * Type definitions for transparent field-level encryption of sensitive data.
+ * Provides interfaces for encrypting individual fields stored in the database
+ * with support for:
+ * - Multiple encryption algorithms (AES-256-GCM, AES-256-CBC, ChaCha20-Poly1305)
+ * - Key versioning for rotation support
+ * - Data classification levels
+ * - Field-specific encryption policies
+ * - Deterministic encryption for searchable fields
+ *
+ * @packageDocumentation
+ * @module security/encryption/types
+ */
+import { z } from 'zod';
+// =============================================================================
+// Encryption Algorithm Types
+// =============================================================================
+/**
+ * Supported encryption algorithms for field-level encryption
+ *
+ * - AES_256_GCM: Authenticated encryption with associated data (AEAD), recommended default
+ * - AES_256_CBC: Block cipher mode, requires separate HMAC for authentication
+ * - CHACHA20_POLY1305: Modern stream cipher with authentication, good performance
+ */
+export const EncryptionAlgorithm = {
+    /** AES-256-GCM - Recommended default with built-in authentication */
+    AES_256_GCM: 'aes-256-gcm',
+    /** AES-256-CBC - Legacy mode, requires separate HMAC */
+    AES_256_CBC: 'aes-256-cbc',
+    /** ChaCha20-Poly1305 - Modern authenticated encryption */
+    CHACHA20_POLY1305: 'chacha20-poly1305',
+};
+export const encryptionAlgorithmSchema = z.nativeEnum(EncryptionAlgorithm);
+// =============================================================================
+// Data Classification Types
+// =============================================================================
+/**
+ * Data classification levels for determining encryption requirements
+ *
+ * Classification hierarchy (lowest to highest sensitivity):
+ * - PUBLIC: No encryption required, publicly available data
+ * - INTERNAL: Internal use only, encryption optional
+ * - CONFIDENTIAL: Business-sensitive data, encryption required
+ * - RESTRICTED: Highly sensitive data (PII, PHI, PCI), strongest encryption
+ */
+export const DataClassification = {
+    /** Public data - no encryption required */
+    PUBLIC: 'public',
+    /** Internal data - encryption optional */
+    INTERNAL: 'internal',
+    /** Confidential business data - encryption required */
+    CONFIDENTIAL: 'confidential',
+    /** Restricted/regulated data (PII, PHI, PCI) - strongest encryption */
+    RESTRICTED: 'restricted',
+};
+export const dataClassificationSchema = z.nativeEnum(DataClassification);
+/**
+ * Classification level ordering for comparison
+ */
+export const CLASSIFICATION_LEVELS = {
+    [DataClassification.PUBLIC]: 0,
+    [DataClassification.INTERNAL]: 1,
+    [DataClassification.CONFIDENTIAL]: 2,
+    [DataClassification.RESTRICTED]: 3,
+};
+export const encryptedFieldSchema = z.object({
+    ciphertext: z.string().min(1),
+    iv: z.string().min(1),
+    authTag: z.string().min(1),
+    algorithm: encryptionAlgorithmSchema,
+    keyVersion: z.number().int().positive(),
+    fieldName: z.string().optional(),
+    encryptedAt: z.string().datetime().optional(),
+    deterministic: z.boolean().optional(),
+});
+export const encryptedFieldMarkerSchema = z.object({
+    __encrypted: z.literal(true),
+    __version: z.literal(2),
+    field: encryptedFieldSchema,
+});
+/**
+ * Check if a value is an encrypted field marker
+ */
+export function isEncryptedFieldMarker(value) {
+    return (typeof value === 'object' &&
+        value !== null &&
+        '__encrypted' in value &&
+        value.__encrypted === true &&
+        '__version' in value &&
+        value.__version === 2 &&
+        'field' in value);
+}
+export const keyVersionSchema = z.object({
+    version: z.number().int().positive(),
+    createdAt: z.coerce.date(),
+    activatedAt: z.coerce.date().optional(),
+    deprecatedAt: z.coerce.date().optional(),
+    expiresAt: z.coerce.date().optional(),
+    status: z.enum(['pending', 'active', 'deprecated', 'expired']),
+});
+export const encryptionConfigSchema = z.object({
+    defaultAlgorithm: encryptionAlgorithmSchema.default(EncryptionAlgorithm.AES_256_GCM),
+    enabled: z.boolean().default(true),
+    keyDerivationInfo: z.string().default('vorion-field-encryption-v1'),
+    hkdfHash: z.enum(['sha256', 'sha384', 'sha512']).default('sha256'),
+    keyLength: z.number().int().positive().default(32),
+    ivLength: z.number().int().positive().default(16),
+    authTagLength: z.number().int().positive().default(16),
+    includeFieldNameInAAD: z.boolean().default(true),
+    includeTimestamp: z.boolean().default(true),
+    redisKeyPrefix: z.string().default('vorion:encryption:'),
+    auditLogging: z.boolean().default(true),
+    minimumEncryptionLevel: dataClassificationSchema.default(DataClassification.CONFIDENTIAL),
+});
+/**
+ * Default encryption configuration
+ */
+export const DEFAULT_ENCRYPTION_CONFIG = {
+    defaultAlgorithm: EncryptionAlgorithm.AES_256_GCM,
+    enabled: true,
+    keyDerivationInfo: 'vorion-field-encryption-v1',
+    hkdfHash: 'sha256',
+    keyLength: 32,
+    ivLength: 16,
+    authTagLength: 16,
+    includeFieldNameInAAD: true,
+    includeTimestamp: true,
+    redisKeyPrefix: 'vorion:encryption:',
+    auditLogging: true,
+    minimumEncryptionLevel: DataClassification.CONFIDENTIAL,
+};
+export const fieldPolicySchema = z.object({
+    fieldName: z.string().min(1),
+    classification: dataClassificationSchema,
+    encrypted: z.boolean(),
+    algorithm: encryptionAlgorithmSchema.optional(),
+    deterministic: z.boolean().optional(),
+    keyDerivationSuffix: z.string().optional(),
+});
+export const fieldEncryptionPolicySchema = z.object({
+    entityName: z.string().min(1),
+    description: z.string().optional(),
+    fields: z.array(fieldPolicySchema),
+    defaultClassification: dataClassificationSchema.optional(),
+    strictMode: z.boolean().optional(),
+});
+export const encryptOptionsSchema = z.object({
+    fieldName: z.string().optional(),
+    classification: dataClassificationSchema.optional(),
+    algorithm: encryptionAlgorithmSchema.optional(),
+    keyVersion: z.number().int().positive().optional(),
+    deterministic: z.boolean().optional(),
+    additionalData: z.string().optional(),
+    tenantId: z.string().optional(),
+});
+export const decryptOptionsSchema = z.object({
+    fieldName: z.string().optional(),
+    additionalData: z.string().optional(),
+    tenantId: z.string().optional(),
+});
+export const reencryptOptionsSchema = z.object({
+    newKeyVersion: z.number().int().positive(),
+    newAlgorithm: encryptionAlgorithmSchema.optional(),
+    fieldName: z.string().optional(),
+    tenantId: z.string().optional(),
+});
+// =============================================================================
+// Audit Types
+// =============================================================================
+/**
+ * Encryption operation types for audit logging
+ */
+export const EncryptionOperation = {
+    ENCRYPT: 'encrypt',
+    DECRYPT: 'decrypt',
+    REENCRYPT: 'reencrypt',
+    KEY_ROTATE: 'key_rotate',
+    KEY_DERIVE: 'key_derive',
+};
+export const encryptionAuditEntrySchema = z.object({
+    id: z.string().uuid(),
+    timestamp: z.coerce.date(),
+    operation: z.nativeEnum(EncryptionOperation),
+    fieldName: z.string().optional(),
+    entityName: z.string().optional(),
+    keyVersion: z.number().int().positive(),
+    algorithm: encryptionAlgorithmSchema,
+    success: z.boolean(),
+    error: z.string().optional(),
+    durationMs: z.number().nonnegative(),
+    userId: z.string().optional(),
+    tenantId: z.string().optional(),
+    requestId: z.string().optional(),
+});
+// =============================================================================
+// Error Types
+// =============================================================================
+/**
+ * Error codes for encryption operations
+ */
+export const EncryptionErrorCode = {
+    /** Invalid algorithm specified */
+    INVALID_ALGORITHM: 'INVALID_ALGORITHM',
+    /** Key version not found */
+    KEY_VERSION_NOT_FOUND: 'KEY_VERSION_NOT_FOUND',
+    /** Key derivation failed */
+    KEY_DERIVATION_FAILED: 'KEY_DERIVATION_FAILED',
+    /** Encryption failed */
+    ENCRYPTION_FAILED: 'ENCRYPTION_FAILED',
+    /** Decryption failed */
+    DECRYPTION_FAILED: 'DECRYPTION_FAILED',
+    /** Authentication tag verification failed */
+    AUTH_TAG_MISMATCH: 'AUTH_TAG_MISMATCH',
+    /** Field name mismatch in AAD */
+    FIELD_NAME_MISMATCH: 'FIELD_NAME_MISMATCH',
+    /** Invalid encrypted field format */
+    INVALID_FORMAT: 'INVALID_FORMAT',
+    /** Key provider not initialized */
+    KEY_PROVIDER_NOT_INITIALIZED: 'KEY_PROVIDER_NOT_INITIALIZED',
+    /** Re-encryption failed */
+    REENCRYPT_FAILED: 'REENCRYPT_FAILED',
+    /** Policy violation */
+    POLICY_VIOLATION: 'POLICY_VIOLATION',
+    /** Configuration error */
+    CONFIG_ERROR: 'CONFIG_ERROR',
+};
+//# sourceMappingURL=types.js.map

package/dist/security/encryption/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/security/encryption/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,gFAAgF;AAChF,6BAA6B;AAC7B,gFAAgF;AAEhF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,qEAAqE;IACrE,WAAW,EAAE,aAAa;IAC1B,wDAAwD;IACxD,WAAW,EAAE,aAAa;IAC1B,0DAA0D;IAC1D,iBAAiB,EAAE,mBAAmB;CAC9B,CAAC;AAIX,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;AAE3E,gFAAgF;AAChF,4BAA4B;AAC5B,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,2CAA2C;IAC3C,MAAM,EAAE,QAAQ;IAChB,0CAA0C;IAC1C,QAAQ,EAAE,UAAU;IACpB,uDAAuD;IACvD,YAAY,EAAE,cAAc;IAC5B,uEAAuE;IACvE,UAAU,EAAE,YAAY;CAChB,CAAC;AAIX,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;AAEzE;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAuC;IACvE,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;IAC9B,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;IAChC,CAAC,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;IACpC,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;CACnC,CAAC;AAgCF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,SAAS,EAAE,yBAAyB;IACpC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACvC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7C,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAWH,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IAC5B,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,oBAAoB;CAC5B,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAc;IACnD,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACd,aAAa,IAAI,KAAK;QACrB,KAA8B,CAAC,WAAW,KAAK,IAAI;QACpD,WAAW,IAAI,KAAK;QACnB,KAA8B,CAAC,SAAS,KAAK,CAAC;QAC/C,OAAO,IAAI,KAAK,CACjB,CAAC;AACJ,CAAC;AAwBD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE;IAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IACvC,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IACrC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;CAC/D,CAAC,CAAC;AAoCH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,gBAAgB,EAAE,yBAAyB,CAAC,OAAO,CAAC,mBAAmB,CAAC,WAAW,CAAC;IACpF,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,4BAA4B,CAAC;IACnE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAClE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAClD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACjD,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACtD,qBAAqB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAChD,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3C,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,oBAAoB,CAAC;IACxD,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACvC,sBAAsB,EAAE,wBAAwB,CAAC,OAAO,CAAC,kBAAkB,CAAC,YAAY,CAAC;CAC1F,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAqB;IACzD,gBAAgB,EAAE,mBAAmB,CAAC,WAAW;IACjD,OAAO,EAAE,IAAI;IACb,iBAAiB,EAAE,4BAA4B;IAC/C,QAAQ,EAAE,QAAQ;IAClB,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,EAAE;IACjB,qBAAqB,EAAE,IAAI;IAC3B,gBAAgB,EAAE,IAAI;IACtB,cAAc,EAAE,oBAAoB;IACpC,YAAY,EAAE,IAAI;IAClB,sBAAsB,EAAE,kBAAkB,CAAC,YAAY;CACxD,CAAC;AAwBF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,cAAc,EAAE,wBAAwB;IACxC,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE;IACtB,SAAS,EAAE,yBAAyB,CAAC,QAAQ,EAAE;IAC/C,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACrC,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAkBH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC;IAClC,qBAAqB,EAAE,wBAAwB,CAAC,QAAQ,EAAE;IAC1D,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AA0BH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,wBAAwB,CAAC,QAAQ,EAAE;IACnD,SAAS,EAAE,yBAAyB,CAAC,QAAQ,EAAE;IAC/C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAClD,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACrC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAcH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAgBH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC1C,YAAY,EAAE,yBAAyB,CAAC,QAAQ,EAAE;IAClD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,gFAAgF;AAChF,cAAc;AACd,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,OAAO,EAAE,SAAS;IAClB,OAAO,EAAE,SAAS;IAClB,SAAS,EAAE,WAAW;IACtB,UAAU,EAAE,YAAY;IACxB,UAAU,EAAE,YAAY;CAChB,CAAC;AAoCX,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;IACrB,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE;IAC1B,SAAS,EAAE,CAAC,CAAC,UAAU,CAAC,mBAAmB,CAAC;IAC5C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACvC,SAAS,EAAE,yBAAyB;IACpC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE;IACpB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE;IACpC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAoBH,gFAAgF;AAChF,cAAc;AACd,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,kCAAkC;IAClC,iBAAiB,EAAE,mBAAmB;IACtC,4BAA4B;IAC5B,qBAAqB,EAAE,uBAAuB;IAC9C,4BAA4B;IAC5B,qBAAqB,EAAE,uBAAuB;IAC9C,wBAAwB;IACxB,iBAAiB,EAAE,mBAAmB;IACtC,wBAAwB;IACxB,iBAAiB,EAAE,mBAAmB;IACtC,6CAA6C;IAC7C,iBAAiB,EAAE,mBAAmB;IACtC,iCAAiC;IACjC,mBAAmB,EAAE,qBAAqB;IAC1C,qCAAqC;IACrC,cAAc,EAAE,gBAAgB;IAChC,mCAAmC;IACnC,4BAA4B,EAAE,8BAA8B;IAC5D,2BAA2B;IAC3B,gBAAgB,EAAE,kBAAkB;IACpC,uBAAuB;IACvB,gBAAgB,EAAE,kBAAkB;IACpC,0BAA0B;IAC1B,YAAY,EAAE,cAAc;CACpB,CAAC"}

package/dist/security/error-sanitizer.d.ts

@@ -0,0 +1,329 @@
+/**
+ * Error Sanitization Middleware
+ *
+ * Prevents information disclosure through error messages by:
+ * - Detecting and redacting sensitive data patterns
+ * - Classifying errors (operational vs programming)
+ * - Generating user-safe error messages
+ * - Providing correlation IDs for support
+ *
+ * @packageDocumentation
+ * @module security/error-sanitizer
+ */
+import type { FastifyInstance, FastifyRequest, FastifyReply, FastifyError } from 'fastify';
+import { z } from 'zod';
+/**
+ * Sanitized error response structure
+ */
+export interface SanitizedError {
+    /** Machine-readable error code */
+    code: string;
+    /** User-safe error message */
+    message: string;
+    /** Request ID for support correlation */
+    requestId?: string;
+    /** Additional details (only in development mode) */
+    details?: unknown;
+}
+/**
+ * Error classification type
+ */
+export type ErrorClassification = 'operational' | 'programming';
+/**
+ * Configuration for error sanitizer
+ */
+export interface ErrorSanitizerConfig {
+    /** Whether running in production mode */
+    isProduction: boolean;
+    /** Whether to include stack traces in development */
+    includeStackInDev: boolean;
+    /** Whether to include error details in development */
+    includeDetailsInDev: boolean;
+    /** Custom error code mappings */
+    errorCodeMappings?: Map<string, ErrorCodeMapping>;
+    /** Additional sensitive patterns to detect */
+    additionalPatterns?: RegExp[];
+    /** Whether to log sanitized errors */
+    logSanitizedErrors: boolean;
+    /** Function to generate request IDs */
+    generateRequestId?: () => string;
+}
+/**
+ * Mapping from internal error code to user-facing response
+ */
+export interface ErrorCodeMapping {
+    /** User-friendly message */
+    message: string;
+    /** HTTP status code */
+    statusCode: number;
+}
+/**
+ * Zod schema for error sanitizer configuration
+ */
+export declare const errorSanitizerConfigSchema: z.ZodObject<{
+    isProduction: z.ZodDefault<z.ZodBoolean>;
+    includeStackInDev: z.ZodDefault<z.ZodBoolean>;
+    includeDetailsInDev: z.ZodDefault<z.ZodBoolean>;
+    additionalPatterns: z.ZodOptional<z.ZodArray<z.ZodType<RegExp, z.ZodTypeDef, RegExp>, "many">>;
+    logSanitizedErrors: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    isProduction?: boolean;
+    includeStackInDev?: boolean;
+    includeDetailsInDev?: boolean;
+    additionalPatterns?: RegExp[];
+    logSanitizedErrors?: boolean;
+}, {
+    isProduction?: boolean;
+    includeStackInDev?: boolean;
+    includeDetailsInDev?: boolean;
+    additionalPatterns?: RegExp[];
+    logSanitizedErrors?: boolean;
+}>;
+/**
+ * Patterns for detecting sensitive data that should be redacted
+ */
+export declare const SENSITIVE_PATTERNS: {
+    /** File paths - Unix and Windows */
+    readonly FILE_PATHS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+    /** IPv4 addresses */
+    readonly IPV4: readonly [RegExp];
+    /** IPv6 addresses */
+    readonly IPV6: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+    /** Database connection strings */
+    readonly DATABASE_CONNECTIONS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp];
+    /** API keys, tokens, and credentials */
+    readonly CREDENTIALS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp, RegExp];
+    /** Stack traces */
+    readonly STACK_TRACES: readonly [RegExp, RegExp, RegExp, RegExp, RegExp];
+    /** SQL queries */
+    readonly SQL_QUERIES: readonly [RegExp, RegExp, RegExp];
+    /** Internal service URLs */
+    readonly INTERNAL_URLS: readonly [RegExp, RegExp, RegExp, RegExp, RegExp];
+    /** Environment variable references */
+    readonly ENV_VARIABLES: readonly [RegExp, RegExp, RegExp, RegExp];
+    /** JWT tokens */
+    readonly JWT_TOKENS: readonly [RegExp];
+    /** UUIDs (often used as internal IDs) */
+    readonly UUIDS: readonly [RegExp];
+};
+/**
+ * Default mappings from internal error codes to user-friendly responses
+ */
+export declare const DEFAULT_ERROR_MAPPINGS: Map<string, ErrorCodeMapping>;
+/**
+ * ErrorSanitizer class for preventing information disclosure
+ *
+ * @example
+ * ```typescript
+ * const sanitizer = new ErrorSanitizer({ isProduction: true });
+ *
+ * // Sanitize an error message
+ * const safeMessage = sanitizer.sanitizeMessage(error.message);
+ *
+ * // Generate a safe error response
+ * const response = sanitizer.createSafeResponse(error, requestId);
+ * ```
+ */
+export declare class ErrorSanitizer {
+    private readonly config;
+    private readonly errorMappings;
+    private readonly allPatterns;
+    /**
+     * Creates a new ErrorSanitizer instance
+     *
+     * @param config - Configuration options
+     */
+    constructor(config?: Partial<ErrorSanitizerConfig>);
+    /**
+     * Sanitize an error message by removing sensitive data
+     *
+     * @param message - The error message to sanitize
+     * @returns Sanitized message
+     */
+    sanitizeMessage(message: string): string;
+    /**
+     * Classify an error as operational or programming
+     *
+     * Operational errors are expected errors from normal operation
+     * (e.g., validation failures, not found, rate limits).
+     *
+     * Programming errors are bugs that shouldn't happen
+     * (e.g., TypeError, ReferenceError, unexpected exceptions).
+     *
+     * @param error - The error to classify
+     * @returns Error classification
+     */
+    classifyError(error: Error): ErrorClassification;
+    /**
+     * Generate a safe error message for the user
+     *
+     * @param error - The error to generate a message for
+     * @returns User-safe error message
+     */
+    generateSafeMessage(error: Error): string;
+    /**
+     * Get the error code from an error
+     *
+     * @param error - The error
+     * @returns Error code string
+     */
+    getErrorCode(error: Error): string;
+    /**
+     * Get the HTTP status code for an error
+     *
+     * @param error - The error
+     * @returns HTTP status code
+     */
+    getStatusCode(error: Error): number;
+    /**
+     * Create a sanitized error response
+     *
+     * @param error - The error to create a response for
+     * @param requestId - Optional request ID for correlation
+     * @returns Sanitized error response
+     */
+    createSafeResponse(error: Error, requestId?: string): SanitizedError;
+    /**
+     * Sanitize an object by redacting sensitive values
+     *
+     * @param obj - Object to sanitize
+     * @param depth - Current recursion depth
+     * @returns Sanitized object
+     */
+    private sanitizeObject;
+    /**
+     * Add a custom error code mapping
+     *
+     * @param code - Error code
+     * @param mapping - Error code mapping
+     */
+    addErrorMapping(code: string, mapping: ErrorCodeMapping): void;
+    /**
+     * Check if running in production mode
+     */
+    isProductionMode(): boolean;
+}
+/**
+ * Sanitize an error message by removing sensitive data
+ *
+ * Standalone utility function for one-off sanitization.
+ *
+ * @param message - The error message to sanitize
+ * @returns Sanitized message
+ *
+ * @example
+ * ```typescript
+ * const safe = sanitizeErrorMessage('Error connecting to postgres://user:pass@host/db');
+ * // Returns: 'Error connecting to [REDACTED]'
+ * ```
+ */
+export declare function sanitizeErrorMessage(message: string): string;
+/**
+ * Classify an error as operational or programming
+ *
+ * @param error - The error to classify
+ * @returns 'operational' or 'programming'
+ *
+ * @example
+ * ```typescript
+ * const classification = classifyError(new ValidationError('Invalid input'));
+ * // Returns: 'operational'
+ *
+ * const bugClassification = classifyError(new TypeError('undefined is not a function'));
+ * // Returns: 'programming'
+ * ```
+ */
+export declare function classifyError(error: Error): ErrorClassification;
+/**
+ * Generate a safe error message for the user
+ *
+ * @param error - The error to generate a message for
+ * @returns User-safe error message
+ *
+ * @example
+ * ```typescript
+ * const safeMsg = generateSafeMessage(new Error('Connection to 192.168.1.1:5432 failed'));
+ * // Returns: 'An unexpected error occurred'
+ * ```
+ */
+export declare function generateSafeMessage(error: Error): string;
+/**
+ * Options for the Fastify error handler plugin
+ */
+export interface ErrorHandlerOptions {
+    /** Error sanitizer configuration */
+    sanitizerConfig?: Partial<ErrorSanitizerConfig>;
+    /** Custom error sanitizer instance */
+    sanitizer?: ErrorSanitizer;
+    /** Whether to log all errors */
+    logErrors?: boolean;
+    /** Paths to exclude from error handling */
+    excludePaths?: string[];
+}
+/**
+ * Create a Fastify error handler that sanitizes errors
+ *
+ * @param options - Error handler options
+ * @returns Fastify error handler function
+ *
+ * @example
+ * ```typescript
+ * fastify.setErrorHandler(createErrorHandler({
+ *   logErrors: true,
+ *   sanitizerConfig: { isProduction: true },
+ * }));
+ * ```
+ */
+export declare function createErrorHandler(options?: ErrorHandlerOptions): (error: FastifyError, request: FastifyRequest, reply: FastifyReply) => void;
+/**
+ * Fastify plugin that registers the sanitizing error handler
+ *
+ * @example
+ * ```typescript
+ * await fastify.register(errorSanitizerPlugin, {
+ *   sanitizerConfig: { isProduction: true },
+ *   logErrors: true,
+ * });
+ * ```
+ */
+export declare const errorSanitizerPlugin: (fastify: FastifyInstance, options: ErrorHandlerOptions) => Promise<void>;
+/**
+ * Get or create the singleton ErrorSanitizer instance
+ *
+ * @param config - Optional configuration (only used on first call)
+ * @returns The singleton ErrorSanitizer instance
+ *
+ * @example
+ * ```typescript
+ * // Initialize with config
+ * const sanitizer = getErrorSanitizer({ isProduction: true });
+ *
+ * // Later, get the same instance
+ * const sameSanitizer = getErrorSanitizer();
+ * ```
+ */
+export declare function getErrorSanitizer(config?: Partial<ErrorSanitizerConfig>): ErrorSanitizer;
+/**
+ * Reset the singleton instance (for testing)
+ *
+ * @internal
+ */
+export declare function resetErrorSanitizer(): void;
+/**
+ * Create a new ErrorSanitizer instance with custom configuration
+ *
+ * Use this when you need a non-singleton instance with specific configuration.
+ *
+ * @param config - Configuration options
+ * @returns New ErrorSanitizer instance
+ *
+ * @example
+ * ```typescript
+ * const customSanitizer = createErrorSanitizer({
+ *   isProduction: false,
+ *   additionalPatterns: [/my-secret-pattern/gi],
+ * });
+ * ```
+ */
+export declare function createErrorSanitizer(config?: Partial<ErrorSanitizerConfig>): ErrorSanitizer;
+//# sourceMappingURL=error-sanitizer.d.ts.map

package/dist/security/error-sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-sanitizer.d.ts","sourceRoot":"","sources":["../../src/security/error-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,eAAe,EACf,cAAc,EACd,YAAY,EACZ,YAAY,EACb,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAWxB;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,kCAAkC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,aAAa,GAAG,aAAa,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,yCAAyC;IACzC,YAAY,EAAE,OAAO,CAAC;IACtB,qDAAqD;IACrD,iBAAiB,EAAE,OAAO,CAAC;IAC3B,sDAAsD;IACtD,mBAAmB,EAAE,OAAO,CAAC;IAC7B,iCAAiC;IACjC,iBAAiB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAClD,8CAA8C;IAC9C,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,sCAAsC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,uCAAuC;IACvC,iBAAiB,CAAC,EAAE,MAAM,MAAM,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,4BAA4B;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;EAMrC,CAAC;AAMH;;GAEG;AACH,eAAO,MAAM,kBAAkB;IAC7B,oCAAoC;;IAepC,qBAAqB;;IAKrB,qBAAqB;;IAYrB,kCAAkC;;IASlC,wCAAwC;;IAgBxC,mBAAmB;;IASnB,kBAAkB;;IAOlB,4BAA4B;;IAS5B,sCAAsC;;IAQtC,iBAAiB;;IAGjB,yCAAyC;;CAEjC,CAAC;AAMX;;GAEG;AACH,eAAO,MAAM,sBAAsB,+BAgDjC,CAAC;AAiBH;;;;;;;;;;;;;GAaG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuB;IAC9C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgC;IAC9D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAW;IAEvC;;;;OAIG;gBACS,MAAM,GAAE,OAAO,CAAC,oBAAoB,CAAM;IAyBtD;;;;;OAKG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IAiCxC;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,KAAK,EAAE,KAAK,GAAG,mBAAmB;IAmEhD;;;;;OAKG;IACH,mBAAmB,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM;IA8BzC;;;;;OAKG;IACH,YAAY,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM;IA2BlC;;;;;OAKG;IACH,aAAa,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM;IAqBnC;;;;;;OAMG;IACH,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,cAAc;IAoCpE;;;;;;OAMG;IACH,OAAO,CAAC,cAAc;IAmDtB;;;;;OAKG;IACH,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB,GAAG,IAAI;IAI9D;;OAEG;IACH,gBAAgB,IAAI,OAAO;CAG5B;AAMD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,KAAK,GAAG,mBAAmB,CAE/D;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM,CAExD;AAMD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,oCAAoC;IACpC,eAAe,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAChD,sCAAsC;IACtC,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,gCAAgC;IAChC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,2CAA2C;IAC3C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,GAAE,mBAAwB,GAChC,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,YAAY,KAAK,IAAI,CAqD7E;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,oBAAoB,YACf,eAAe,WAAW,mBAAmB,kBAU9D,CAAC;AASF;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,cAAc,CAKxF;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAG1C;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,cAAc,CAE3F"}