npm - @vorionsys/platform-core - Versions diffs - 0.1.0 - Mend

@vorionsys/platform-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1847) hide show

package/LICENSE +190 -0
package/README.md +88 -0
package/dist/a2a/attestation.d.ts +145 -0
package/dist/a2a/attestation.d.ts.map +1 -0
package/dist/a2a/attestation.js +353 -0
package/dist/a2a/attestation.js.map +1 -0
package/dist/a2a/chain-of-trust.d.ts +143 -0
package/dist/a2a/chain-of-trust.d.ts.map +1 -0
package/dist/a2a/chain-of-trust.js +422 -0
package/dist/a2a/chain-of-trust.js.map +1 -0
package/dist/a2a/index.d.ts +15 -0
package/dist/a2a/index.d.ts.map +1 -0
package/dist/a2a/index.js +23 -0
package/dist/a2a/index.js.map +1 -0
package/dist/a2a/openapi.d.ts +22 -0
package/dist/a2a/openapi.d.ts.map +1 -0
package/dist/a2a/openapi.js +1133 -0
package/dist/a2a/openapi.js.map +1 -0
package/dist/a2a/router.d.ts +167 -0
package/dist/a2a/router.d.ts.map +1 -0
package/dist/a2a/router.js +454 -0
package/dist/a2a/router.js.map +1 -0
package/dist/a2a/routes.d.ts +11 -0
package/dist/a2a/routes.d.ts.map +1 -0
package/dist/a2a/routes.js +442 -0
package/dist/a2a/routes.js.map +1 -0
package/dist/a2a/trust-negotiation.d.ts +119 -0
package/dist/a2a/trust-negotiation.d.ts.map +1 -0
package/dist/a2a/trust-negotiation.js +425 -0
package/dist/a2a/trust-negotiation.js.map +1 -0
package/dist/a2a/types.d.ts +413 -0
package/dist/a2a/types.d.ts.map +1 -0
package/dist/a2a/types.js +38 -0
package/dist/a2a/types.js.map +1 -0
package/dist/agent-registry/a3i-cache.d.ts +113 -0
package/dist/agent-registry/a3i-cache.d.ts.map +1 -0
package/dist/agent-registry/a3i-cache.js +305 -0
package/dist/agent-registry/a3i-cache.js.map +1 -0
package/dist/agent-registry/index.d.ts +14 -0
package/dist/agent-registry/index.d.ts.map +1 -0
package/dist/agent-registry/index.js +17 -0
package/dist/agent-registry/index.js.map +1 -0
package/dist/agent-registry/openapi.d.ts +23 -0
package/dist/agent-registry/openapi.d.ts.map +1 -0
package/dist/agent-registry/openapi.js +1377 -0
package/dist/agent-registry/openapi.js.map +1 -0
package/dist/agent-registry/routes.d.ts +10 -0
package/dist/agent-registry/routes.d.ts.map +1 -0
package/dist/agent-registry/routes.js +485 -0
package/dist/agent-registry/routes.js.map +1 -0
package/dist/agent-registry/service.d.ts +159 -0
package/dist/agent-registry/service.d.ts.map +1 -0
package/dist/agent-registry/service.js +652 -0
package/dist/agent-registry/service.js.map +1 -0
package/dist/agent-registry/tenant-service.d.ts +104 -0
package/dist/agent-registry/tenant-service.d.ts.map +1 -0
package/dist/agent-registry/tenant-service.js +313 -0
package/dist/agent-registry/tenant-service.js.map +1 -0
package/dist/api/auth.d.ts +55 -0
package/dist/api/auth.d.ts.map +1 -0
package/dist/api/auth.js +322 -0
package/dist/api/auth.js.map +1 -0
package/dist/api/errors.d.ts +146 -0
package/dist/api/errors.d.ts.map +1 -0
package/dist/api/errors.js +464 -0
package/dist/api/errors.js.map +1 -0
package/dist/api/index.d.ts +15 -0
package/dist/api/index.d.ts.map +1 -0
package/dist/api/index.js +19 -0
package/dist/api/index.js.map +1 -0
package/dist/api/middleware/api-key-enforcement.d.ts +131 -0
package/dist/api/middleware/api-key-enforcement.d.ts.map +1 -0
package/dist/api/middleware/api-key-enforcement.js +674 -0
package/dist/api/middleware/api-key-enforcement.js.map +1 -0
package/dist/api/middleware/audit.d.ts +151 -0
package/dist/api/middleware/audit.d.ts.map +1 -0
package/dist/api/middleware/audit.js +384 -0
package/dist/api/middleware/audit.js.map +1 -0
package/dist/api/middleware/dpop-enforcement.d.ts +176 -0
package/dist/api/middleware/dpop-enforcement.d.ts.map +1 -0
package/dist/api/middleware/dpop-enforcement.js +596 -0
package/dist/api/middleware/dpop-enforcement.js.map +1 -0
package/dist/api/middleware/index.d.ts +24 -0
package/dist/api/middleware/index.d.ts.map +1 -0
package/dist/api/middleware/index.js +43 -0
package/dist/api/middleware/index.js.map +1 -0
package/dist/api/middleware/metrics.d.ts +41 -0
package/dist/api/middleware/metrics.d.ts.map +1 -0
package/dist/api/middleware/metrics.js +150 -0
package/dist/api/middleware/metrics.js.map +1 -0
package/dist/api/middleware/rate-limits.d.ts +224 -0
package/dist/api/middleware/rate-limits.d.ts.map +1 -0
package/dist/api/middleware/rate-limits.js +686 -0
package/dist/api/middleware/rate-limits.js.map +1 -0
package/dist/api/middleware/rateLimit.d.ts +165 -0
package/dist/api/middleware/rateLimit.d.ts.map +1 -0
package/dist/api/middleware/rateLimit.js +477 -0
package/dist/api/middleware/rateLimit.js.map +1 -0
package/dist/api/middleware/redis-rate-limiter.d.ts +279 -0
package/dist/api/middleware/redis-rate-limiter.d.ts.map +1 -0
package/dist/api/middleware/redis-rate-limiter.js +1074 -0
package/dist/api/middleware/redis-rate-limiter.js.map +1 -0
package/dist/api/middleware/security-headers.d.ts +248 -0
package/dist/api/middleware/security-headers.d.ts.map +1 -0
package/dist/api/middleware/security-headers.js +410 -0
package/dist/api/middleware/security-headers.js.map +1 -0
package/dist/api/middleware/security.d.ts +156 -0
package/dist/api/middleware/security.d.ts.map +1 -0
package/dist/api/middleware/security.js +412 -0
package/dist/api/middleware/security.js.map +1 -0
package/dist/api/middleware/validation.d.ts +132 -0
package/dist/api/middleware/validation.d.ts.map +1 -0
package/dist/api/middleware/validation.js +363 -0
package/dist/api/middleware/validation.js.map +1 -0
package/dist/api/middleware/webhook-verify.d.ts +130 -0
package/dist/api/middleware/webhook-verify.d.ts.map +1 -0
package/dist/api/middleware/webhook-verify.js +366 -0
package/dist/api/middleware/webhook-verify.js.map +1 -0
package/dist/api/rate-limit.d.ts +115 -0
package/dist/api/rate-limit.d.ts.map +1 -0
package/dist/api/rate-limit.js +335 -0
package/dist/api/rate-limit.js.map +1 -0
package/dist/api/server.d.ts +37 -0
package/dist/api/server.d.ts.map +1 -0
package/dist/api/server.js +2086 -0
package/dist/api/server.js.map +1 -0
package/dist/api/validation.d.ts +243 -0
package/dist/api/validation.d.ts.map +1 -0
package/dist/api/validation.js +247 -0
package/dist/api/validation.js.map +1 -0
package/dist/audit/compliance-reporter.d.ts +271 -0
package/dist/audit/compliance-reporter.d.ts.map +1 -0
package/dist/audit/compliance-reporter.js +587 -0
package/dist/audit/compliance-reporter.js.map +1 -0
package/dist/audit/db-store.d.ts +689 -0
package/dist/audit/db-store.d.ts.map +1 -0
package/dist/audit/db-store.js +589 -0
package/dist/audit/db-store.js.map +1 -0
package/dist/audit/event-schema.d.ts +605 -0
package/dist/audit/event-schema.d.ts.map +1 -0
package/dist/audit/event-schema.js +566 -0
package/dist/audit/event-schema.js.map +1 -0
package/dist/audit/index.d.ts +16 -0
package/dist/audit/index.d.ts.map +1 -0
package/dist/audit/index.js +44 -0
package/dist/audit/index.js.map +1 -0
package/dist/audit/security-events.d.ts +1624 -0
package/dist/audit/security-events.d.ts.map +1 -0
package/dist/audit/security-events.js +775 -0
package/dist/audit/security-events.js.map +1 -0
package/dist/audit/security-logger.d.ts +288 -0
package/dist/audit/security-logger.d.ts.map +1 -0
package/dist/audit/security-logger.js +820 -0
package/dist/audit/security-logger.js.map +1 -0
package/dist/audit/service.d.ts +206 -0
package/dist/audit/service.d.ts.map +1 -0
package/dist/audit/service.js +756 -0
package/dist/audit/service.js.map +1 -0
package/dist/audit/siem/elastic.d.ts +94 -0
package/dist/audit/siem/elastic.d.ts.map +1 -0
package/dist/audit/siem/elastic.js +412 -0
package/dist/audit/siem/elastic.js.map +1 -0
package/dist/audit/siem/index.d.ts +179 -0
package/dist/audit/siem/index.d.ts.map +1 -0
package/dist/audit/siem/index.js +368 -0
package/dist/audit/siem/index.js.map +1 -0
package/dist/audit/siem/loki.d.ts +100 -0
package/dist/audit/siem/loki.d.ts.map +1 -0
package/dist/audit/siem/loki.js +406 -0
package/dist/audit/siem/loki.js.map +1 -0
package/dist/audit/siem/splunk.d.ts +91 -0
package/dist/audit/siem/splunk.d.ts.map +1 -0
package/dist/audit/siem/splunk.js +375 -0
package/dist/audit/siem/splunk.js.map +1 -0
package/dist/audit/siem/types.d.ts +547 -0
package/dist/audit/siem/types.d.ts.map +1 -0
package/dist/audit/siem/types.js +270 -0
package/dist/audit/siem/types.js.map +1 -0
package/dist/audit/types.d.ts +410 -0
package/dist/audit/types.d.ts.map +1 -0
package/dist/audit/types.js +130 -0
package/dist/audit/types.js.map +1 -0
package/dist/auth/index.d.ts +10 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +10 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/mfa/index.d.ts +9 -0
package/dist/auth/mfa/index.d.ts.map +1 -0
package/dist/auth/mfa/index.js +9 -0
package/dist/auth/mfa/index.js.map +1 -0
package/dist/auth/mfa/totp.d.ts +222 -0
package/dist/auth/mfa/totp.d.ts.map +1 -0
package/dist/auth/mfa/totp.js +329 -0
package/dist/auth/mfa/totp.js.map +1 -0
package/dist/auth/piv-cac/card-removal-handler.d.ts +197 -0
package/dist/auth/piv-cac/card-removal-handler.d.ts.map +1 -0
package/dist/auth/piv-cac/card-removal-handler.js +560 -0
package/dist/auth/piv-cac/card-removal-handler.js.map +1 -0
package/dist/auth/piv-cac/certificate-auth.d.ts +117 -0
package/dist/auth/piv-cac/certificate-auth.d.ts.map +1 -0
package/dist/auth/piv-cac/certificate-auth.js +727 -0
package/dist/auth/piv-cac/certificate-auth.js.map +1 -0
package/dist/auth/piv-cac/certificate-mapper.d.ts +141 -0
package/dist/auth/piv-cac/certificate-mapper.d.ts.map +1 -0
package/dist/auth/piv-cac/certificate-mapper.js +569 -0
package/dist/auth/piv-cac/certificate-mapper.js.map +1 -0
package/dist/auth/piv-cac/crl-validator.d.ts +195 -0
package/dist/auth/piv-cac/crl-validator.d.ts.map +1 -0
package/dist/auth/piv-cac/crl-validator.js +824 -0
package/dist/auth/piv-cac/crl-validator.js.map +1 -0
package/dist/auth/piv-cac/index.d.ts +72 -0
package/dist/auth/piv-cac/index.d.ts.map +1 -0
package/dist/auth/piv-cac/index.js +172 -0
package/dist/auth/piv-cac/index.js.map +1 -0
package/dist/auth/piv-cac/ocsp-validator.d.ts +183 -0
package/dist/auth/piv-cac/ocsp-validator.d.ts.map +1 -0
package/dist/auth/piv-cac/ocsp-validator.js +657 -0
package/dist/auth/piv-cac/ocsp-validator.js.map +1 -0
package/dist/auth/piv-cac/piv-middleware.d.ts +95 -0
package/dist/auth/piv-cac/piv-middleware.d.ts.map +1 -0
package/dist/auth/piv-cac/piv-middleware.js +524 -0
package/dist/auth/piv-cac/piv-middleware.js.map +1 -0
package/dist/auth/piv-cac/piv-routes.d.ts +29 -0
package/dist/auth/piv-cac/piv-routes.d.ts.map +1 -0
package/dist/auth/piv-cac/piv-routes.js +534 -0
package/dist/auth/piv-cac/piv-routes.js.map +1 -0
package/dist/auth/piv-cac/pkcs11-provider.d.ts +280 -0
package/dist/auth/piv-cac/pkcs11-provider.d.ts.map +1 -0
package/dist/auth/piv-cac/pkcs11-provider.js +535 -0
package/dist/auth/piv-cac/pkcs11-provider.js.map +1 -0
package/dist/auth/piv-cac/types.d.ts +4098 -0
package/dist/auth/piv-cac/types.d.ts.map +1 -0
package/dist/auth/piv-cac/types.js +495 -0
package/dist/auth/piv-cac/types.js.map +1 -0
package/dist/basis/evaluator.d.ts +72 -0
package/dist/basis/evaluator.d.ts.map +1 -0
package/dist/basis/evaluator.js +275 -0
package/dist/basis/evaluator.js.map +1 -0
package/dist/basis/expression-evaluator.d.ts +77 -0
package/dist/basis/expression-evaluator.d.ts.map +1 -0
package/dist/basis/expression-evaluator.js +826 -0
package/dist/basis/expression-evaluator.js.map +1 -0
package/dist/basis/index.d.ts +13 -0
package/dist/basis/index.d.ts.map +1 -0
package/dist/basis/index.js +13 -0
package/dist/basis/index.js.map +1 -0
package/dist/basis/parser.d.ts +376 -0
package/dist/basis/parser.d.ts.map +1 -0
package/dist/basis/parser.js +178 -0
package/dist/basis/parser.js.map +1 -0
package/dist/basis/types.d.ts +115 -0
package/dist/basis/types.d.ts.map +1 -0
package/dist/basis/types.js +5 -0
package/dist/basis/types.js.map +1 -0
package/dist/car-extensions/aci-string-extensions.d.ts +10 -0
package/dist/car-extensions/aci-string-extensions.d.ts.map +1 -0
package/dist/car-extensions/aci-string-extensions.js +24 -0
package/dist/car-extensions/aci-string-extensions.js.map +1 -0
package/dist/car-extensions/builtin-extensions/audit.d.ts +88 -0
package/dist/car-extensions/builtin-extensions/audit.d.ts.map +1 -0
package/dist/car-extensions/builtin-extensions/audit.js +445 -0
package/dist/car-extensions/builtin-extensions/audit.js.map +1 -0
package/dist/car-extensions/builtin-extensions/governance.d.ts +32 -0
package/dist/car-extensions/builtin-extensions/governance.d.ts.map +1 -0
package/dist/car-extensions/builtin-extensions/governance.js +534 -0
package/dist/car-extensions/builtin-extensions/governance.js.map +1 -0
package/dist/car-extensions/builtin-extensions/monitoring.d.ts +43 -0
package/dist/car-extensions/builtin-extensions/monitoring.d.ts.map +1 -0
package/dist/car-extensions/builtin-extensions/monitoring.js +416 -0
package/dist/car-extensions/builtin-extensions/monitoring.js.map +1 -0
package/dist/car-extensions/car-string-extensions.d.ts +355 -0
package/dist/car-extensions/car-string-extensions.d.ts.map +1 -0
package/dist/car-extensions/car-string-extensions.js +473 -0
package/dist/car-extensions/car-string-extensions.js.map +1 -0
package/dist/car-extensions/executor.d.ts +208 -0
package/dist/car-extensions/executor.d.ts.map +1 -0
package/dist/car-extensions/executor.js +789 -0
package/dist/car-extensions/executor.js.map +1 -0
package/dist/car-extensions/index.d.ts +94 -0
package/dist/car-extensions/index.d.ts.map +1 -0
package/dist/car-extensions/index.js +159 -0
package/dist/car-extensions/index.js.map +1 -0
package/dist/car-extensions/registry.d.ts +217 -0
package/dist/car-extensions/registry.d.ts.map +1 -0
package/dist/car-extensions/registry.js +450 -0
package/dist/car-extensions/registry.js.map +1 -0
package/dist/car-extensions/service.d.ts +220 -0
package/dist/car-extensions/service.d.ts.map +1 -0
package/dist/car-extensions/service.js +486 -0
package/dist/car-extensions/service.js.map +1 -0
package/dist/car-extensions/types.d.ts +2269 -0
package/dist/car-extensions/types.d.ts.map +1 -0
package/dist/car-extensions/types.js +389 -0
package/dist/car-extensions/types.js.map +1 -0
package/dist/cognigate/index.d.ts +192 -0
package/dist/cognigate/index.d.ts.map +1 -0
package/dist/cognigate/index.js +435 -0
package/dist/cognigate/index.js.map +1 -0
package/dist/cognigate/sandbox/capability-broker.d.ts +166 -0
package/dist/cognigate/sandbox/capability-broker.d.ts.map +1 -0
package/dist/cognigate/sandbox/capability-broker.js +461 -0
package/dist/cognigate/sandbox/capability-broker.js.map +1 -0
package/dist/cognigate/sandbox/filesystem-policy.d.ts +139 -0
package/dist/cognigate/sandbox/filesystem-policy.d.ts.map +1 -0
package/dist/cognigate/sandbox/filesystem-policy.js +426 -0
package/dist/cognigate/sandbox/filesystem-policy.js.map +1 -0
package/dist/cognigate/sandbox/index.d.ts +17 -0
package/dist/cognigate/sandbox/index.d.ts.map +1 -0
package/dist/cognigate/sandbox/index.js +24 -0
package/dist/cognigate/sandbox/index.js.map +1 -0
package/dist/cognigate/sandbox/network-policy.d.ts +126 -0
package/dist/cognigate/sandbox/network-policy.d.ts.map +1 -0
package/dist/cognigate/sandbox/network-policy.js +382 -0
package/dist/cognigate/sandbox/network-policy.js.map +1 -0
package/dist/cognigate/sandbox/sandbox-service.d.ts +70 -0
package/dist/cognigate/sandbox/sandbox-service.d.ts.map +1 -0
package/dist/cognigate/sandbox/sandbox-service.js +472 -0
package/dist/cognigate/sandbox/sandbox-service.js.map +1 -0
package/dist/cognigate/sandbox/types.d.ts +376 -0
package/dist/cognigate/sandbox/types.d.ts.map +1 -0
package/dist/cognigate/sandbox/types.js +179 -0
package/dist/cognigate/sandbox/types.js.map +1 -0
package/dist/common/adapters/index.d.ts +34 -0
package/dist/common/adapters/index.d.ts.map +1 -0
package/dist/common/adapters/index.js +46 -0
package/dist/common/adapters/index.js.map +1 -0
package/dist/common/adapters/memory-cache.d.ts +91 -0
package/dist/common/adapters/memory-cache.d.ts.map +1 -0
package/dist/common/adapters/memory-cache.js +201 -0
package/dist/common/adapters/memory-cache.js.map +1 -0
package/dist/common/adapters/memory-lock.d.ts +75 -0
package/dist/common/adapters/memory-lock.d.ts.map +1 -0
package/dist/common/adapters/memory-lock.js +219 -0
package/dist/common/adapters/memory-lock.js.map +1 -0
package/dist/common/adapters/memory-queue.d.ts +64 -0
package/dist/common/adapters/memory-queue.d.ts.map +1 -0
package/dist/common/adapters/memory-queue.js +233 -0
package/dist/common/adapters/memory-queue.js.map +1 -0
package/dist/common/adapters/memory-ratelimit.d.ts +78 -0
package/dist/common/adapters/memory-ratelimit.d.ts.map +1 -0
package/dist/common/adapters/memory-ratelimit.js +196 -0
package/dist/common/adapters/memory-ratelimit.js.map +1 -0
package/dist/common/adapters/memory-session.d.ts +105 -0
package/dist/common/adapters/memory-session.d.ts.map +1 -0
package/dist/common/adapters/memory-session.js +302 -0
package/dist/common/adapters/memory-session.js.map +1 -0
package/dist/common/adapters/provider.d.ts +47 -0
package/dist/common/adapters/provider.d.ts.map +1 -0
package/dist/common/adapters/provider.js +347 -0
package/dist/common/adapters/provider.js.map +1 -0
package/dist/common/adapters/types.d.ts +247 -0
package/dist/common/adapters/types.d.ts.map +1 -0
package/dist/common/adapters/types.js +11 -0
package/dist/common/adapters/types.js.map +1 -0
package/dist/common/alerts.d.ts +57 -0
package/dist/common/alerts.d.ts.map +1 -0
package/dist/common/alerts.js +216 -0
package/dist/common/alerts.js.map +1 -0
package/dist/common/authorization.d.ts +137 -0
package/dist/common/authorization.d.ts.map +1 -0
package/dist/common/authorization.js +270 -0
package/dist/common/authorization.js.map +1 -0
package/dist/common/canonical-bridge.d.ts +153 -0
package/dist/common/canonical-bridge.d.ts.map +1 -0
package/dist/common/canonical-bridge.js +236 -0
package/dist/common/canonical-bridge.js.map +1 -0
package/dist/common/canonical-json.d.ts +64 -0
package/dist/common/canonical-json.d.ts.map +1 -0
package/dist/common/canonical-json.js +95 -0
package/dist/common/canonical-json.js.map +1 -0
package/dist/common/circuit-breaker.d.ts +320 -0
package/dist/common/circuit-breaker.d.ts.map +1 -0
package/dist/common/circuit-breaker.js +887 -0
package/dist/common/circuit-breaker.js.map +1 -0
package/dist/common/config.d.ts +2053 -0
package/dist/common/config.d.ts.map +1 -0
package/dist/common/config.js +1314 -0
package/dist/common/config.js.map +1 -0
package/dist/common/contracts/index.d.ts +2 -0
package/dist/common/contracts/index.d.ts.map +1 -0
package/dist/common/contracts/index.js +2 -0
package/dist/common/contracts/index.js.map +1 -0
package/dist/common/contracts/output.d.ts +81 -0
package/dist/common/contracts/output.d.ts.map +1 -0
package/dist/common/contracts/output.js +38 -0
package/dist/common/contracts/output.js.map +1 -0
package/dist/common/crypto-utils.d.ts +103 -0
package/dist/common/crypto-utils.d.ts.map +1 -0
package/dist/common/crypto-utils.js +275 -0
package/dist/common/crypto-utils.js.map +1 -0
package/dist/common/crypto.d.ts +70 -0
package/dist/common/crypto.d.ts.map +1 -0
package/dist/common/crypto.js +201 -0
package/dist/common/crypto.js.map +1 -0
package/dist/common/database-resilience.d.ts +156 -0
package/dist/common/database-resilience.d.ts.map +1 -0
package/dist/common/database-resilience.js +269 -0
package/dist/common/database-resilience.js.map +1 -0
package/dist/common/db-metrics.d.ts +90 -0
package/dist/common/db-metrics.d.ts.map +1 -0
package/dist/common/db-metrics.js +219 -0
package/dist/common/db-metrics.js.map +1 -0
package/dist/common/db-pool.d.ts +307 -0
package/dist/common/db-pool.d.ts.map +1 -0
package/dist/common/db-pool.js +879 -0
package/dist/common/db-pool.js.map +1 -0
package/dist/common/db.d.ts +105 -0
package/dist/common/db.d.ts.map +1 -0
package/dist/common/db.js +216 -0
package/dist/common/db.js.map +1 -0
package/dist/common/debug-auth-middleware.d.ts +111 -0
package/dist/common/debug-auth-middleware.d.ts.map +1 -0
package/dist/common/debug-auth-middleware.js +285 -0
package/dist/common/debug-auth-middleware.js.map +1 -0
package/dist/common/di.d.ts +202 -0
package/dist/common/di.d.ts.map +1 -0
package/dist/common/di.js +219 -0
package/dist/common/di.js.map +1 -0
package/dist/common/encryption.d.ts +233 -0
package/dist/common/encryption.d.ts.map +1 -0
package/dist/common/encryption.js +527 -0
package/dist/common/encryption.js.map +1 -0
package/dist/common/error-sanitizer.d.ts +67 -0
package/dist/common/error-sanitizer.d.ts.map +1 -0
package/dist/common/error-sanitizer.js +298 -0
package/dist/common/error-sanitizer.js.map +1 -0
package/dist/common/errors.d.ts +229 -0
package/dist/common/errors.d.ts.map +1 -0
package/dist/common/errors.js +349 -0
package/dist/common/errors.js.map +1 -0
package/dist/common/expression/evaluator.d.ts +58 -0
package/dist/common/expression/evaluator.d.ts.map +1 -0
package/dist/common/expression/evaluator.js +326 -0
package/dist/common/expression/evaluator.js.map +1 -0
package/dist/common/expression/index.d.ts +180 -0
package/dist/common/expression/index.d.ts.map +1 -0
package/dist/common/expression/index.js +198 -0
package/dist/common/expression/index.js.map +1 -0
package/dist/common/expression/lexer.d.ts +69 -0
package/dist/common/expression/lexer.d.ts.map +1 -0
package/dist/common/expression/lexer.js +255 -0
package/dist/common/expression/lexer.js.map +1 -0
package/dist/common/expression/parser.d.ts +133 -0
package/dist/common/expression/parser.d.ts.map +1 -0
package/dist/common/expression/parser.js +293 -0
package/dist/common/expression/parser.js.map +1 -0
package/dist/common/group-membership.d.ts +119 -0
package/dist/common/group-membership.d.ts.map +1 -0
package/dist/common/group-membership.js +250 -0
package/dist/common/group-membership.js.map +1 -0
package/dist/common/index.d.ts +14 -0
package/dist/common/index.d.ts.map +1 -0
package/dist/common/index.js +15 -0
package/dist/common/index.js.map +1 -0
package/dist/common/leader-election.d.ts +40 -0
package/dist/common/leader-election.d.ts.map +1 -0
package/dist/common/leader-election.js +232 -0
package/dist/common/leader-election.js.map +1 -0
package/dist/common/lock.d.ts +77 -0
package/dist/common/lock.d.ts.map +1 -0
package/dist/common/lock.js +167 -0
package/dist/common/lock.js.map +1 -0
package/dist/common/logger.d.ts +19 -0
package/dist/common/logger.d.ts.map +1 -0
package/dist/common/logger.js +80 -0
package/dist/common/logger.js.map +1 -0
package/dist/common/metrics-registry.d.ts +48 -0
package/dist/common/metrics-registry.d.ts.map +1 -0
package/dist/common/metrics-registry.js +77 -0
package/dist/common/metrics-registry.js.map +1 -0
package/dist/common/metrics.d.ts +204 -0
package/dist/common/metrics.d.ts.map +1 -0
package/dist/common/metrics.js +497 -0
package/dist/common/metrics.js.map +1 -0
package/dist/common/operation-tracker.d.ts +137 -0
package/dist/common/operation-tracker.d.ts.map +1 -0
package/dist/common/operation-tracker.js +366 -0
package/dist/common/operation-tracker.js.map +1 -0
package/dist/common/provenance/chain.d.ts +54 -0
package/dist/common/provenance/chain.d.ts.map +1 -0
package/dist/common/provenance/chain.js +252 -0
package/dist/common/provenance/chain.js.map +1 -0
package/dist/common/provenance/index.d.ts +14 -0
package/dist/common/provenance/index.d.ts.map +1 -0
package/dist/common/provenance/index.js +19 -0
package/dist/common/provenance/index.js.map +1 -0
package/dist/common/provenance/query.d.ts +111 -0
package/dist/common/provenance/query.d.ts.map +1 -0
package/dist/common/provenance/query.js +310 -0
package/dist/common/provenance/query.js.map +1 -0
package/dist/common/provenance/storage.d.ts +297 -0
package/dist/common/provenance/storage.d.ts.map +1 -0
package/dist/common/provenance/storage.js +436 -0
package/dist/common/provenance/storage.js.map +1 -0
package/dist/common/provenance/tracker.d.ts +57 -0
package/dist/common/provenance/tracker.d.ts.map +1 -0
package/dist/common/provenance/tracker.js +209 -0
package/dist/common/provenance/tracker.js.map +1 -0
package/dist/common/provenance/types.d.ts +146 -0
package/dist/common/provenance/types.d.ts.map +1 -0
package/dist/common/provenance/types.js +10 -0
package/dist/common/provenance/types.js.map +1 -0
package/dist/common/random.d.ts +84 -0
package/dist/common/random.d.ts.map +1 -0
package/dist/common/random.js +130 -0
package/dist/common/random.js.map +1 -0
package/dist/common/redaction.d.ts +49 -0
package/dist/common/redaction.d.ts.map +1 -0
package/dist/common/redaction.js +217 -0
package/dist/common/redaction.js.map +1 -0
package/dist/common/redis-cluster.d.ts +538 -0
package/dist/common/redis-cluster.d.ts.map +1 -0
package/dist/common/redis-cluster.js +1539 -0
package/dist/common/redis-cluster.js.map +1 -0
package/dist/common/redis-resilience.d.ts +270 -0
package/dist/common/redis-resilience.d.ts.map +1 -0
package/dist/common/redis-resilience.js +586 -0
package/dist/common/redis-resilience.js.map +1 -0
package/dist/common/redis.d.ts +19 -0
package/dist/common/redis.d.ts.map +1 -0
package/dist/common/redis.js +73 -0
package/dist/common/redis.js.map +1 -0
package/dist/common/safe-json.d.ts +246 -0
package/dist/common/safe-json.d.ts.map +1 -0
package/dist/common/safe-json.js +442 -0
package/dist/common/safe-json.js.map +1 -0
package/dist/common/secret-generator.d.ts +142 -0
package/dist/common/secret-generator.d.ts.map +1 -0
package/dist/common/secret-generator.js +286 -0
package/dist/common/secret-generator.js.map +1 -0
package/dist/common/secure-fetch.d.ts +182 -0
package/dist/common/secure-fetch.d.ts.map +1 -0
package/dist/common/secure-fetch.js +657 -0
package/dist/common/secure-fetch.js.map +1 -0
package/dist/common/security-mode.d.ts +151 -0
package/dist/common/security-mode.d.ts.map +1 -0
package/dist/common/security-mode.js +482 -0
package/dist/common/security-mode.js.map +1 -0
package/dist/common/telemetry/index.d.ts +82 -0
package/dist/common/telemetry/index.d.ts.map +1 -0
package/dist/common/telemetry/index.js +198 -0
package/dist/common/telemetry/index.js.map +1 -0
package/dist/common/telemetry/instrumentation.d.ts +167 -0
package/dist/common/telemetry/instrumentation.d.ts.map +1 -0
package/dist/common/telemetry/instrumentation.js +492 -0
package/dist/common/telemetry/instrumentation.js.map +1 -0
package/dist/common/telemetry/metrics-bridge.d.ts +227 -0
package/dist/common/telemetry/metrics-bridge.d.ts.map +1 -0
package/dist/common/telemetry/metrics-bridge.js +437 -0
package/dist/common/telemetry/metrics-bridge.js.map +1 -0
package/dist/common/telemetry/middleware.d.ts +114 -0
package/dist/common/telemetry/middleware.d.ts.map +1 -0
package/dist/common/telemetry/middleware.js +353 -0
package/dist/common/telemetry/middleware.js.map +1 -0
package/dist/common/telemetry/propagation.d.ts +221 -0
package/dist/common/telemetry/propagation.d.ts.map +1 -0
package/dist/common/telemetry/propagation.js +409 -0
package/dist/common/telemetry/propagation.js.map +1 -0
package/dist/common/telemetry/spans.d.ts +295 -0
package/dist/common/telemetry/spans.d.ts.map +1 -0
package/dist/common/telemetry/spans.js +439 -0
package/dist/common/telemetry/spans.js.map +1 -0
package/dist/common/telemetry/tracer.d.ts +155 -0
package/dist/common/telemetry/tracer.d.ts.map +1 -0
package/dist/common/telemetry/tracer.js +343 -0
package/dist/common/telemetry/tracer.js.map +1 -0
package/dist/common/telemetry.d.ts +15 -0
package/dist/common/telemetry.d.ts.map +1 -0
package/dist/common/telemetry.js +61 -0
package/dist/common/telemetry.js.map +1 -0
package/dist/common/tenant-context.d.ts +253 -0
package/dist/common/tenant-context.d.ts.map +1 -0
package/dist/common/tenant-context.js +259 -0
package/dist/common/tenant-context.js.map +1 -0
package/dist/common/tenant-verification.d.ts +86 -0
package/dist/common/tenant-verification.d.ts.map +1 -0
package/dist/common/tenant-verification.js +184 -0
package/dist/common/tenant-verification.js.map +1 -0
package/dist/common/timeout.d.ts +40 -0
package/dist/common/timeout.d.ts.map +1 -0
package/dist/common/timeout.js +82 -0
package/dist/common/timeout.js.map +1 -0
package/dist/common/token-revocation.d.ts +44 -0
package/dist/common/token-revocation.d.ts.map +1 -0
package/dist/common/token-revocation.js +169 -0
package/dist/common/token-revocation.js.map +1 -0
package/dist/common/trace.d.ts +149 -0
package/dist/common/trace.d.ts.map +1 -0
package/dist/common/trace.js +328 -0
package/dist/common/trace.js.map +1 -0
package/dist/common/trust-cache.d.ts +263 -0
package/dist/common/trust-cache.d.ts.map +1 -0
package/dist/common/trust-cache.js +670 -0
package/dist/common/trust-cache.js.map +1 -0
package/dist/common/types.d.ts +351 -0
package/dist/common/types.d.ts.map +1 -0
package/dist/common/types.js +55 -0
package/dist/common/types.js.map +1 -0
package/dist/common/validation.d.ts +113 -0
package/dist/common/validation.d.ts.map +1 -0
package/dist/common/validation.js +221 -0
package/dist/common/validation.js.map +1 -0
package/dist/db/client.d.ts +72 -0
package/dist/db/client.d.ts.map +1 -0
package/dist/db/client.js +110 -0
package/dist/db/client.js.map +1 -0
package/dist/db/index.d.ts +9 -0
package/dist/db/index.d.ts.map +1 -0
package/dist/db/index.js +9 -0
package/dist/db/index.js.map +1 -0
package/dist/db/schema/merkle.d.ts +475 -0
package/dist/db/schema/merkle.d.ts.map +1 -0
package/dist/db/schema/merkle.js +100 -0
package/dist/db/schema/merkle.js.map +1 -0
package/dist/db/schema/proofs.d.ts +412 -0
package/dist/db/schema/proofs.d.ts.map +1 -0
package/dist/db/schema/proofs.js +63 -0
package/dist/db/schema/proofs.js.map +1 -0
package/dist/enforce/adapters.d.ts +73 -0
package/dist/enforce/adapters.d.ts.map +1 -0
package/dist/enforce/adapters.js +293 -0
package/dist/enforce/adapters.js.map +1 -0
package/dist/enforce/index.d.ts +213 -0
package/dist/enforce/index.d.ts.map +1 -0
package/dist/enforce/index.js +630 -0
package/dist/enforce/index.js.map +1 -0
package/dist/enforce/repository.d.ts +203 -0
package/dist/enforce/repository.d.ts.map +1 -0
package/dist/enforce/repository.js +359 -0
package/dist/enforce/repository.js.map +1 -0
package/dist/enforce/schema.d.ts +1198 -0
package/dist/enforce/schema.d.ts.map +1 -0
package/dist/enforce/schema.js +257 -0
package/dist/enforce/schema.js.map +1 -0
package/dist/friction/index.d.ts +235 -0
package/dist/friction/index.d.ts.map +1 -0
package/dist/friction/index.js +636 -0
package/dist/friction/index.js.map +1 -0
package/dist/friction/openapi.d.ts +23 -0
package/dist/friction/openapi.d.ts.map +1 -0
package/dist/friction/openapi.js +883 -0
package/dist/friction/openapi.js.map +1 -0
package/dist/friction/routes.d.ts +14 -0
package/dist/friction/routes.d.ts.map +1 -0
package/dist/friction/routes.js +206 -0
package/dist/friction/routes.js.map +1 -0
package/dist/governance/engine.d.ts +158 -0
package/dist/governance/engine.d.ts.map +1 -0
package/dist/governance/engine.js +248 -0
package/dist/governance/engine.js.map +1 -0
package/dist/governance/evaluator.d.ts +106 -0
package/dist/governance/evaluator.d.ts.map +1 -0
package/dist/governance/evaluator.js +277 -0
package/dist/governance/evaluator.js.map +1 -0
package/dist/governance/index.d.ts +11 -0
package/dist/governance/index.d.ts.map +1 -0
package/dist/governance/index.js +14 -0
package/dist/governance/index.js.map +1 -0
package/dist/governance/policy.d.ts +152 -0
package/dist/governance/policy.d.ts.map +1 -0
package/dist/governance/policy.js +152 -0
package/dist/governance/policy.js.map +1 -0
package/dist/index.d.ts +50 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +61 -0
package/dist/index.js.map +1 -0
package/dist/intent/adapters.d.ts +101 -0
package/dist/intent/adapters.d.ts.map +1 -0
package/dist/intent/adapters.js +250 -0
package/dist/intent/adapters.js.map +1 -0
package/dist/intent/audit.d.ts +119 -0
package/dist/intent/audit.d.ts.map +1 -0
package/dist/intent/audit.js +463 -0
package/dist/intent/audit.js.map +1 -0
package/dist/intent/classifier/index.d.ts +121 -0
package/dist/intent/classifier/index.d.ts.map +1 -0
package/dist/intent/classifier/index.js +232 -0
package/dist/intent/classifier/index.js.map +1 -0
package/dist/intent/classifier/patterns.d.ts +129 -0
package/dist/intent/classifier/patterns.d.ts.map +1 -0
package/dist/intent/classifier/patterns.js +471 -0
package/dist/intent/classifier/patterns.js.map +1 -0
package/dist/intent/classifier/risk.d.ts +177 -0
package/dist/intent/classifier/risk.d.ts.map +1 -0
package/dist/intent/classifier/risk.js +335 -0
package/dist/intent/classifier/risk.js.map +1 -0
package/dist/intent/cleanup.d.ts +24 -0
package/dist/intent/cleanup.d.ts.map +1 -0
package/dist/intent/cleanup.js +104 -0
package/dist/intent/cleanup.js.map +1 -0
package/dist/intent/consent.d.ts +238 -0
package/dist/intent/consent.d.ts.map +1 -0
package/dist/intent/consent.js +427 -0
package/dist/intent/consent.js.map +1 -0
package/dist/intent/escalation.d.ts +284 -0
package/dist/intent/escalation.d.ts.map +1 -0
package/dist/intent/escalation.js +618 -0
package/dist/intent/escalation.js.map +1 -0
package/dist/intent/gdpr-rate-limiter.d.ts +170 -0
package/dist/intent/gdpr-rate-limiter.d.ts.map +1 -0
package/dist/intent/gdpr-rate-limiter.js +385 -0
package/dist/intent/gdpr-rate-limiter.js.map +1 -0
package/dist/intent/gdpr.d.ts +323 -0
package/dist/intent/gdpr.d.ts.map +1 -0
package/dist/intent/gdpr.js +1013 -0
package/dist/intent/gdpr.js.map +1 -0
package/dist/intent/health.d.ts +214 -0
package/dist/intent/health.d.ts.map +1 -0
package/dist/intent/health.js +526 -0
package/dist/intent/health.js.map +1 -0
package/dist/intent/index.d.ts +565 -0
package/dist/intent/index.d.ts.map +1 -0
package/dist/intent/index.js +756 -0
package/dist/intent/index.js.map +1 -0
package/dist/intent/metrics.d.ts +399 -0
package/dist/intent/metrics.d.ts.map +1 -0
package/dist/intent/metrics.js +886 -0
package/dist/intent/metrics.js.map +1 -0
package/dist/intent/openapi.d.ts +22 -0
package/dist/intent/openapi.d.ts.map +1 -0
package/dist/intent/openapi.js +1674 -0
package/dist/intent/openapi.js.map +1 -0
package/dist/intent/planner/dependency.d.ts +78 -0
package/dist/intent/planner/dependency.d.ts.map +1 -0
package/dist/intent/planner/dependency.js +334 -0
package/dist/intent/planner/dependency.js.map +1 -0
package/dist/intent/planner/index.d.ts +130 -0
package/dist/intent/planner/index.d.ts.map +1 -0
package/dist/intent/planner/index.js +372 -0
package/dist/intent/planner/index.js.map +1 -0
package/dist/intent/planner/rollback.d.ts +92 -0
package/dist/intent/planner/rollback.d.ts.map +1 -0
package/dist/intent/planner/rollback.js +326 -0
package/dist/intent/planner/rollback.js.map +1 -0
package/dist/intent/planner/templates.d.ts +81 -0
package/dist/intent/planner/templates.d.ts.map +1 -0
package/dist/intent/planner/templates.js +560 -0
package/dist/intent/planner/templates.js.map +1 -0
package/dist/intent/planner/types.d.ts +38 -0
package/dist/intent/planner/types.d.ts.map +1 -0
package/dist/intent/planner/types.js +10 -0
package/dist/intent/planner/types.js.map +1 -0
package/dist/intent/queue.d.ts +150 -0
package/dist/intent/queue.d.ts.map +1 -0
package/dist/intent/queue.js +339 -0
package/dist/intent/queue.js.map +1 -0
package/dist/intent/queues.d.ts +176 -0
package/dist/intent/queues.d.ts.map +1 -0
package/dist/intent/queues.js +1393 -0
package/dist/intent/queues.js.map +1 -0
package/dist/intent/ratelimit.d.ts +147 -0
package/dist/intent/ratelimit.d.ts.map +1 -0
package/dist/intent/ratelimit.js +301 -0
package/dist/intent/ratelimit.js.map +1 -0
package/dist/intent/replay/comparator.d.ts +73 -0
package/dist/intent/replay/comparator.d.ts.map +1 -0
package/dist/intent/replay/comparator.js +320 -0
package/dist/intent/replay/comparator.js.map +1 -0
package/dist/intent/replay/index.d.ts +104 -0
package/dist/intent/replay/index.d.ts.map +1 -0
package/dist/intent/replay/index.js +487 -0
package/dist/intent/replay/index.js.map +1 -0
package/dist/intent/replay/simulator.d.ts +184 -0
package/dist/intent/replay/simulator.d.ts.map +1 -0
package/dist/intent/replay/simulator.js +512 -0
package/dist/intent/replay/simulator.js.map +1 -0
package/dist/intent/replay/snapshot.d.ts +149 -0
package/dist/intent/replay/snapshot.d.ts.map +1 -0
package/dist/intent/replay/snapshot.js +245 -0
package/dist/intent/replay/snapshot.js.map +1 -0
package/dist/intent/replay/types.d.ts +143 -0
package/dist/intent/replay/types.d.ts.map +1 -0
package/dist/intent/replay/types.js +10 -0
package/dist/intent/replay/types.js.map +1 -0
package/dist/intent/repository.d.ts +198 -0
package/dist/intent/repository.d.ts.map +1 -0
package/dist/intent/repository.js +538 -0
package/dist/intent/repository.js.map +1 -0
package/dist/intent/response-middleware.d.ts +156 -0
package/dist/intent/response-middleware.d.ts.map +1 -0
package/dist/intent/response-middleware.js +346 -0
package/dist/intent/response-middleware.js.map +1 -0
package/dist/intent/response.d.ts +267 -0
package/dist/intent/response.d.ts.map +1 -0
package/dist/intent/response.js +402 -0
package/dist/intent/response.js.map +1 -0
package/dist/intent/routes.d.ts +35 -0
package/dist/intent/routes.d.ts.map +1 -0
package/dist/intent/routes.js +1023 -0
package/dist/intent/routes.js.map +1 -0
package/dist/intent/scheduler.d.ts +45 -0
package/dist/intent/scheduler.d.ts.map +1 -0
package/dist/intent/scheduler.js +221 -0
package/dist/intent/scheduler.js.map +1 -0
package/dist/intent/schema.d.ts +3817 -0
package/dist/intent/schema.d.ts.map +1 -0
package/dist/intent/schema.js +631 -0
package/dist/intent/schema.js.map +1 -0
package/dist/intent/shutdown.d.ts +145 -0
package/dist/intent/shutdown.d.ts.map +1 -0
package/dist/intent/shutdown.js +468 -0
package/dist/intent/shutdown.js.map +1 -0
package/dist/intent/state-machine.d.ts +111 -0
package/dist/intent/state-machine.d.ts.map +1 -0
package/dist/intent/state-machine.js +242 -0
package/dist/intent/state-machine.js.map +1 -0
package/dist/intent/tracing.d.ts +152 -0
package/dist/intent/tracing.d.ts.map +1 -0
package/dist/intent/tracing.js +658 -0
package/dist/intent/tracing.js.map +1 -0
package/dist/intent/types.d.ts +188 -0
package/dist/intent/types.d.ts.map +1 -0
package/dist/intent/types.js +25 -0
package/dist/intent/types.js.map +1 -0
package/dist/intent/webhooks/delivery-repository.d.ts +80 -0
package/dist/intent/webhooks/delivery-repository.d.ts.map +1 -0
package/dist/intent/webhooks/delivery-repository.js +251 -0
package/dist/intent/webhooks/delivery-repository.js.map +1 -0
package/dist/intent/webhooks/dns-pinning.d.ts +30 -0
package/dist/intent/webhooks/dns-pinning.d.ts.map +1 -0
package/dist/intent/webhooks/dns-pinning.js +69 -0
package/dist/intent/webhooks/dns-pinning.js.map +1 -0
package/dist/intent/webhooks/index.d.ts +14 -0
package/dist/intent/webhooks/index.d.ts.map +1 -0
package/dist/intent/webhooks/index.js +17 -0
package/dist/intent/webhooks/index.js.map +1 -0
package/dist/intent/webhooks/signature.d.ts +47 -0
package/dist/intent/webhooks/signature.d.ts.map +1 -0
package/dist/intent/webhooks/signature.js +80 -0
package/dist/intent/webhooks/signature.js.map +1 -0
package/dist/intent/webhooks/ssrf-protection.d.ts +29 -0
package/dist/intent/webhooks/ssrf-protection.d.ts.map +1 -0
package/dist/intent/webhooks/ssrf-protection.js +161 -0
package/dist/intent/webhooks/ssrf-protection.js.map +1 -0
package/dist/intent/webhooks/types.d.ts +132 -0
package/dist/intent/webhooks/types.d.ts.map +1 -0
package/dist/intent/webhooks/types.js +14 -0
package/dist/intent/webhooks/types.js.map +1 -0
package/dist/intent/webhooks.d.ts +618 -0
package/dist/intent/webhooks.d.ts.map +1 -0
package/dist/intent/webhooks.js +1836 -0
package/dist/intent/webhooks.js.map +1 -0
package/dist/intent-gateway/ai-act-classifier.d.ts +18 -0
package/dist/intent-gateway/ai-act-classifier.d.ts.map +1 -0
package/dist/intent-gateway/ai-act-classifier.js +296 -0
package/dist/intent-gateway/ai-act-classifier.js.map +1 -0
package/dist/intent-gateway/index.d.ts +43 -0
package/dist/intent-gateway/index.d.ts.map +1 -0
package/dist/intent-gateway/index.js +236 -0
package/dist/intent-gateway/index.js.map +1 -0
package/dist/intent-gateway/jurisdiction-resolver.d.ts +19 -0
package/dist/intent-gateway/jurisdiction-resolver.d.ts.map +1 -0
package/dist/intent-gateway/jurisdiction-resolver.js +236 -0
package/dist/intent-gateway/jurisdiction-resolver.js.map +1 -0
package/dist/intent-gateway/policy-composer.d.ts +27 -0
package/dist/intent-gateway/policy-composer.d.ts.map +1 -0
package/dist/intent-gateway/policy-composer.js +418 -0
package/dist/intent-gateway/policy-composer.js.map +1 -0
package/dist/intent-gateway/regime-selector.d.ts +26 -0
package/dist/intent-gateway/regime-selector.d.ts.map +1 -0
package/dist/intent-gateway/regime-selector.js +185 -0
package/dist/intent-gateway/regime-selector.js.map +1 -0
package/dist/intent-gateway/types.d.ts +103 -0
package/dist/intent-gateway/types.d.ts.map +1 -0
package/dist/intent-gateway/types.js +85 -0
package/dist/intent-gateway/types.js.map +1 -0
package/dist/observability/alerts.d.ts +136 -0
package/dist/observability/alerts.d.ts.map +1 -0
package/dist/observability/alerts.js +485 -0
package/dist/observability/alerts.js.map +1 -0
package/dist/observability/health.d.ts +102 -0
package/dist/observability/health.d.ts.map +1 -0
package/dist/observability/health.js +415 -0
package/dist/observability/health.js.map +1 -0
package/dist/observability/index.d.ts +29 -0
package/dist/observability/index.d.ts.map +1 -0
package/dist/observability/index.js +72 -0
package/dist/observability/index.js.map +1 -0
package/dist/observability/logging.d.ts +90 -0
package/dist/observability/logging.d.ts.map +1 -0
package/dist/observability/logging.js +260 -0
package/dist/observability/logging.js.map +1 -0
package/dist/observability/metrics.d.ts +226 -0
package/dist/observability/metrics.d.ts.map +1 -0
package/dist/observability/metrics.js +527 -0
package/dist/observability/metrics.js.map +1 -0
package/dist/observability/tracing.d.ts +120 -0
package/dist/observability/tracing.d.ts.map +1 -0
package/dist/observability/tracing.js +285 -0
package/dist/observability/tracing.js.map +1 -0
package/dist/persistence/audit.d.ts +169 -0
package/dist/persistence/audit.d.ts.map +1 -0
package/dist/persistence/audit.js +342 -0
package/dist/persistence/audit.js.map +1 -0
package/dist/persistence/index.d.ts +13 -0
package/dist/persistence/index.d.ts.map +1 -0
package/dist/persistence/index.js +15 -0
package/dist/persistence/index.js.map +1 -0
package/dist/persistence/repository.d.ts +192 -0
package/dist/persistence/repository.d.ts.map +1 -0
package/dist/persistence/repository.js +223 -0
package/dist/persistence/repository.js.map +1 -0
package/dist/policy/diff.d.ts +88 -0
package/dist/policy/diff.d.ts.map +1 -0
package/dist/policy/diff.js +325 -0
package/dist/policy/diff.js.map +1 -0
package/dist/policy/distributed-cache.d.ts +205 -0
package/dist/policy/distributed-cache.d.ts.map +1 -0
package/dist/policy/distributed-cache.js +683 -0
package/dist/policy/distributed-cache.js.map +1 -0
package/dist/policy/evaluator.d.ts +102 -0
package/dist/policy/evaluator.d.ts.map +1 -0
package/dist/policy/evaluator.js +648 -0
package/dist/policy/evaluator.js.map +1 -0
package/dist/policy/index.d.ts +24 -0
package/dist/policy/index.d.ts.map +1 -0
package/dist/policy/index.js +27 -0
package/dist/policy/index.js.map +1 -0
package/dist/policy/loader.d.ts +63 -0
package/dist/policy/loader.d.ts.map +1 -0
package/dist/policy/loader.js +176 -0
package/dist/policy/loader.js.map +1 -0
package/dist/policy/service.d.ts +240 -0
package/dist/policy/service.d.ts.map +1 -0
package/dist/policy/service.js +1032 -0
package/dist/policy/service.js.map +1 -0
package/dist/policy/types.d.ts +220 -0
package/dist/policy/types.d.ts.map +1 -0
package/dist/policy/types.js +36 -0
package/dist/policy/types.js.map +1 -0
package/dist/policy/visual-builder/index.d.ts +201 -0
package/dist/policy/visual-builder/index.d.ts.map +1 -0
package/dist/policy/visual-builder/index.js +727 -0
package/dist/policy/visual-builder/index.js.map +1 -0
package/dist/policy/visual-builder/inheritance.d.ts +151 -0
package/dist/policy/visual-builder/inheritance.d.ts.map +1 -0
package/dist/policy/visual-builder/inheritance.js +314 -0
package/dist/policy/visual-builder/inheritance.js.map +1 -0
package/dist/policy/visual-builder/propagation.d.ts +146 -0
package/dist/policy/visual-builder/propagation.d.ts.map +1 -0
package/dist/policy/visual-builder/propagation.js +299 -0
package/dist/policy/visual-builder/propagation.js.map +1 -0
package/dist/policy/visual-builder/routes.d.ts +14 -0
package/dist/policy/visual-builder/routes.d.ts.map +1 -0
package/dist/policy/visual-builder/routes.js +528 -0
package/dist/policy/visual-builder/routes.js.map +1 -0
package/dist/policy/visual-builder/simulator.d.ts +161 -0
package/dist/policy/visual-builder/simulator.d.ts.map +1 -0
package/dist/policy/visual-builder/simulator.js +413 -0
package/dist/policy/visual-builder/simulator.js.map +1 -0
package/dist/policy/visual-builder/templates.d.ts +119 -0
package/dist/policy/visual-builder/templates.d.ts.map +1 -0
package/dist/policy/visual-builder/templates.js +627 -0
package/dist/policy/visual-builder/templates.js.map +1 -0
package/dist/proof/chain/index.d.ts +271 -0
package/dist/proof/chain/index.d.ts.map +1 -0
package/dist/proof/chain/index.js +483 -0
package/dist/proof/chain/index.js.map +1 -0
package/dist/proof/index.d.ts +206 -0
package/dist/proof/index.d.ts.map +1 -0
package/dist/proof/index.js +597 -0
package/dist/proof/index.js.map +1 -0
package/dist/proof/merkle-service.d.ts +194 -0
package/dist/proof/merkle-service.d.ts.map +1 -0
package/dist/proof/merkle-service.js +463 -0
package/dist/proof/merkle-service.js.map +1 -0
package/dist/proof/merkle.d.ts +118 -0
package/dist/proof/merkle.d.ts.map +1 -0
package/dist/proof/merkle.js +265 -0
package/dist/proof/merkle.js.map +1 -0
package/dist/security/ai-governance/access-policy.d.ts +197 -0
package/dist/security/ai-governance/access-policy.d.ts.map +1 -0
package/dist/security/ai-governance/access-policy.js +522 -0
package/dist/security/ai-governance/access-policy.js.map +1 -0
package/dist/security/ai-governance/audit-trail.d.ts +241 -0
package/dist/security/ai-governance/audit-trail.d.ts.map +1 -0
package/dist/security/ai-governance/audit-trail.js +645 -0
package/dist/security/ai-governance/audit-trail.js.map +1 -0
package/dist/security/ai-governance/bias-detection.d.ts +221 -0
package/dist/security/ai-governance/bias-detection.d.ts.map +1 -0
package/dist/security/ai-governance/bias-detection.js +615 -0
package/dist/security/ai-governance/bias-detection.js.map +1 -0
package/dist/security/ai-governance/index.d.ts +92 -0
package/dist/security/ai-governance/index.d.ts.map +1 -0
package/dist/security/ai-governance/index.js +184 -0
package/dist/security/ai-governance/index.js.map +1 -0
package/dist/security/ai-governance/middleware.d.ts +110 -0
package/dist/security/ai-governance/middleware.d.ts.map +1 -0
package/dist/security/ai-governance/middleware.js +359 -0
package/dist/security/ai-governance/middleware.js.map +1 -0
package/dist/security/ai-governance/model-registry.d.ts +229 -0
package/dist/security/ai-governance/model-registry.d.ts.map +1 -0
package/dist/security/ai-governance/model-registry.js +535 -0
package/dist/security/ai-governance/model-registry.js.map +1 -0
package/dist/security/ai-governance/output-filter.d.ts +150 -0
package/dist/security/ai-governance/output-filter.d.ts.map +1 -0
package/dist/security/ai-governance/output-filter.js +561 -0
package/dist/security/ai-governance/output-filter.js.map +1 -0
package/dist/security/ai-governance/prompt-injection.d.ts +153 -0
package/dist/security/ai-governance/prompt-injection.d.ts.map +1 -0
package/dist/security/ai-governance/prompt-injection.js +614 -0
package/dist/security/ai-governance/prompt-injection.js.map +1 -0
package/dist/security/ai-governance/rate-limiter.d.ts +156 -0
package/dist/security/ai-governance/rate-limiter.d.ts.map +1 -0
package/dist/security/ai-governance/rate-limiter.js +541 -0
package/dist/security/ai-governance/rate-limiter.js.map +1 -0
package/dist/security/ai-governance/types.d.ts +594 -0
package/dist/security/ai-governance/types.d.ts.map +1 -0
package/dist/security/ai-governance/types.js +6 -0
package/dist/security/ai-governance/types.js.map +1 -0
package/dist/security/alerting/channels/base.d.ts +91 -0
package/dist/security/alerting/channels/base.d.ts.map +1 -0
package/dist/security/alerting/channels/base.js +128 -0
package/dist/security/alerting/channels/base.js.map +1 -0
package/dist/security/alerting/channels/email.d.ts +92 -0
package/dist/security/alerting/channels/email.d.ts.map +1 -0
package/dist/security/alerting/channels/email.js +418 -0
package/dist/security/alerting/channels/email.js.map +1 -0
package/dist/security/alerting/channels/http-base.d.ts +86 -0
package/dist/security/alerting/channels/http-base.d.ts.map +1 -0
package/dist/security/alerting/channels/http-base.js +133 -0
package/dist/security/alerting/channels/http-base.js.map +1 -0
package/dist/security/alerting/channels/index.d.ts +30 -0
package/dist/security/alerting/channels/index.d.ts.map +1 -0
package/dist/security/alerting/channels/index.js +22 -0
package/dist/security/alerting/channels/index.js.map +1 -0
package/dist/security/alerting/channels/pagerduty.d.ts +70 -0
package/dist/security/alerting/channels/pagerduty.d.ts.map +1 -0
package/dist/security/alerting/channels/pagerduty.js +248 -0
package/dist/security/alerting/channels/pagerduty.js.map +1 -0
package/dist/security/alerting/channels/slack.d.ts +55 -0
package/dist/security/alerting/channels/slack.d.ts.map +1 -0
package/dist/security/alerting/channels/slack.js +215 -0
package/dist/security/alerting/channels/slack.js.map +1 -0
package/dist/security/alerting/channels/sns.d.ts +87 -0
package/dist/security/alerting/channels/sns.d.ts.map +1 -0
package/dist/security/alerting/channels/sns.js +251 -0
package/dist/security/alerting/channels/sns.js.map +1 -0
package/dist/security/alerting/channels/webhook.d.ts +92 -0
package/dist/security/alerting/channels/webhook.d.ts.map +1 -0
package/dist/security/alerting/channels/webhook.js +203 -0
package/dist/security/alerting/channels/webhook.js.map +1 -0
package/dist/security/alerting/detector.d.ts +217 -0
package/dist/security/alerting/detector.d.ts.map +1 -0
package/dist/security/alerting/detector.js +725 -0
package/dist/security/alerting/detector.js.map +1 -0
package/dist/security/alerting/index.d.ts +57 -0
package/dist/security/alerting/index.d.ts.map +1 -0
package/dist/security/alerting/index.js +214 -0
package/dist/security/alerting/index.js.map +1 -0
package/dist/security/alerting/service.d.ts +190 -0
package/dist/security/alerting/service.d.ts.map +1 -0
package/dist/security/alerting/service.js +815 -0
package/dist/security/alerting/service.js.map +1 -0
package/dist/security/alerting/types.d.ts +2165 -0
package/dist/security/alerting/types.d.ts.map +1 -0
package/dist/security/alerting/types.js +278 -0
package/dist/security/alerting/types.js.map +1 -0
package/dist/security/anomaly/detectors/account-compromise.d.ts +198 -0
package/dist/security/anomaly/detectors/account-compromise.d.ts.map +1 -0
package/dist/security/anomaly/detectors/account-compromise.js +815 -0
package/dist/security/anomaly/detectors/account-compromise.js.map +1 -0
package/dist/security/anomaly/detectors/data-exfiltration.d.ts +175 -0
package/dist/security/anomaly/detectors/data-exfiltration.d.ts.map +1 -0
package/dist/security/anomaly/detectors/data-exfiltration.js +733 -0
package/dist/security/anomaly/detectors/data-exfiltration.js.map +1 -0
package/dist/security/anomaly/detectors/geographic.d.ts +100 -0
package/dist/security/anomaly/detectors/geographic.d.ts.map +1 -0
package/dist/security/anomaly/detectors/geographic.js +348 -0
package/dist/security/anomaly/detectors/geographic.js.map +1 -0
package/dist/security/anomaly/detectors/index.d.ts +86 -0
package/dist/security/anomaly/detectors/index.d.ts.map +1 -0
package/dist/security/anomaly/detectors/index.js +118 -0
package/dist/security/anomaly/detectors/index.js.map +1 -0
package/dist/security/anomaly/detectors/lateral-movement.d.ts +168 -0
package/dist/security/anomaly/detectors/lateral-movement.d.ts.map +1 -0
package/dist/security/anomaly/detectors/lateral-movement.js +795 -0
package/dist/security/anomaly/detectors/lateral-movement.js.map +1 -0
package/dist/security/anomaly/detectors/privilege-escalation.d.ts +177 -0
package/dist/security/anomaly/detectors/privilege-escalation.d.ts.map +1 -0
package/dist/security/anomaly/detectors/privilege-escalation.js +741 -0
package/dist/security/anomaly/detectors/privilege-escalation.js.map +1 -0
package/dist/security/anomaly/detectors/temporal.d.ts +71 -0
package/dist/security/anomaly/detectors/temporal.d.ts.map +1 -0
package/dist/security/anomaly/detectors/temporal.js +398 -0
package/dist/security/anomaly/detectors/temporal.js.map +1 -0
package/dist/security/anomaly/detectors/volume.d.ts +97 -0
package/dist/security/anomaly/detectors/volume.d.ts.map +1 -0
package/dist/security/anomaly/detectors/volume.js +424 -0
package/dist/security/anomaly/detectors/volume.js.map +1 -0
package/dist/security/anomaly/index.d.ts +128 -0
package/dist/security/anomaly/index.d.ts.map +1 -0
package/dist/security/anomaly/index.js +378 -0
package/dist/security/anomaly/index.js.map +1 -0
package/dist/security/anomaly/types.d.ts +1209 -0
package/dist/security/anomaly/types.d.ts.map +1 -0
package/dist/security/anomaly/types.js +193 -0
package/dist/security/anomaly/types.js.map +1 -0
package/dist/security/api-keys/cache.d.ts +255 -0
package/dist/security/api-keys/cache.d.ts.map +1 -0
package/dist/security/api-keys/cache.js +595 -0
package/dist/security/api-keys/cache.js.map +1 -0
package/dist/security/api-keys/db-store.d.ts +150 -0
package/dist/security/api-keys/db-store.d.ts.map +1 -0
package/dist/security/api-keys/db-store.js +694 -0
package/dist/security/api-keys/db-store.js.map +1 -0
package/dist/security/api-keys/index.d.ts +29 -0
package/dist/security/api-keys/index.d.ts.map +1 -0
package/dist/security/api-keys/index.js +81 -0
package/dist/security/api-keys/index.js.map +1 -0
package/dist/security/api-keys/middleware.d.ts +164 -0
package/dist/security/api-keys/middleware.d.ts.map +1 -0
package/dist/security/api-keys/middleware.js +392 -0
package/dist/security/api-keys/middleware.js.map +1 -0
package/dist/security/api-keys/service.d.ts +226 -0
package/dist/security/api-keys/service.d.ts.map +1 -0
package/dist/security/api-keys/service.js +861 -0
package/dist/security/api-keys/service.js.map +1 -0
package/dist/security/api-keys/store.d.ts +241 -0
package/dist/security/api-keys/store.d.ts.map +1 -0
package/dist/security/api-keys/store.js +360 -0
package/dist/security/api-keys/store.js.map +1 -0
package/dist/security/api-keys/types.d.ts +718 -0
package/dist/security/api-keys/types.d.ts.map +1 -0
package/dist/security/api-keys/types.js +162 -0
package/dist/security/api-keys/types.js.map +1 -0
package/dist/security/brute-force.d.ts +390 -0
package/dist/security/brute-force.d.ts.map +1 -0
package/dist/security/brute-force.js +677 -0
package/dist/security/brute-force.js.map +1 -0
package/dist/security/config-validator.d.ts +152 -0
package/dist/security/config-validator.d.ts.map +1 -0
package/dist/security/config-validator.js +667 -0
package/dist/security/config-validator.js.map +1 -0
package/dist/security/crypto/fips-mode.d.ts +726 -0
package/dist/security/crypto/fips-mode.d.ts.map +1 -0
package/dist/security/crypto/fips-mode.js +1297 -0
package/dist/security/crypto/fips-mode.js.map +1 -0
package/dist/security/crypto/index.d.ts +203 -0
package/dist/security/crypto/index.d.ts.map +1 -0
package/dist/security/crypto/index.js +293 -0
package/dist/security/crypto/index.js.map +1 -0
package/dist/security/crypto/post-quantum/benchmark.d.ts +125 -0
package/dist/security/crypto/post-quantum/benchmark.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/benchmark.js +530 -0
package/dist/security/crypto/post-quantum/benchmark.js.map +1 -0
package/dist/security/crypto/post-quantum/dilithium.d.ts +146 -0
package/dist/security/crypto/post-quantum/dilithium.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/dilithium.js +662 -0
package/dist/security/crypto/post-quantum/dilithium.js.map +1 -0
package/dist/security/crypto/post-quantum/hybrid.d.ts +267 -0
package/dist/security/crypto/post-quantum/hybrid.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/hybrid.js +457 -0
package/dist/security/crypto/post-quantum/hybrid.js.map +1 -0
package/dist/security/crypto/post-quantum/index.d.ts +166 -0
package/dist/security/crypto/post-quantum/index.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/index.js +236 -0
package/dist/security/crypto/post-quantum/index.js.map +1 -0
package/dist/security/crypto/post-quantum/kyber.d.ts +131 -0
package/dist/security/crypto/post-quantum/kyber.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/kyber.js +640 -0
package/dist/security/crypto/post-quantum/kyber.js.map +1 -0
package/dist/security/crypto/post-quantum/migration.d.ts +230 -0
package/dist/security/crypto/post-quantum/migration.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/migration.js +563 -0
package/dist/security/crypto/post-quantum/migration.js.map +1 -0
package/dist/security/crypto/post-quantum/types.d.ts +1056 -0
package/dist/security/crypto/post-quantum/types.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/types.js +350 -0
package/dist/security/crypto/post-quantum/types.js.map +1 -0
package/dist/security/crypto/shamir/comparison.d.ts +128 -0
package/dist/security/crypto/shamir/comparison.d.ts.map +1 -0
package/dist/security/crypto/shamir/comparison.js +423 -0
package/dist/security/crypto/shamir/comparison.js.map +1 -0
package/dist/security/crypto/shamir/index.d.ts +76 -0
package/dist/security/crypto/shamir/index.d.ts.map +1 -0
package/dist/security/crypto/shamir/index.js +155 -0
package/dist/security/crypto/shamir/index.js.map +1 -0
package/dist/security/crypto/shamir/proofs.d.ts +259 -0
package/dist/security/crypto/shamir/proofs.d.ts.map +1 -0
package/dist/security/crypto/shamir/proofs.js +605 -0
package/dist/security/crypto/shamir/proofs.js.map +1 -0
package/dist/security/crypto/shamir/property-tests.d.ts +104 -0
package/dist/security/crypto/shamir/property-tests.d.ts.map +1 -0
package/dist/security/crypto/shamir/property-tests.js +480 -0
package/dist/security/crypto/shamir/property-tests.js.map +1 -0
package/dist/security/crypto/shamir/security-analysis.d.ts +97 -0
package/dist/security/crypto/shamir/security-analysis.d.ts.map +1 -0
package/dist/security/crypto/shamir/security-analysis.js +503 -0
package/dist/security/crypto/shamir/security-analysis.js.map +1 -0
package/dist/security/crypto/shamir/test-vectors.d.ts +116 -0
package/dist/security/crypto/shamir/test-vectors.d.ts.map +1 -0
package/dist/security/crypto/shamir/test-vectors.js +377 -0
package/dist/security/crypto/shamir/test-vectors.js.map +1 -0
package/dist/security/crypto/shamir/types.d.ts +281 -0
package/dist/security/crypto/shamir/types.d.ts.map +1 -0
package/dist/security/crypto/shamir/types.js +82 -0
package/dist/security/crypto/shamir/types.js.map +1 -0
package/dist/security/crypto/shamir/verified-shamir.d.ts +170 -0
package/dist/security/crypto/shamir/verified-shamir.d.ts.map +1 -0
package/dist/security/crypto/shamir/verified-shamir.js +624 -0
package/dist/security/crypto/shamir/verified-shamir.js.map +1 -0
package/dist/security/csrf.d.ts +215 -0
package/dist/security/csrf.d.ts.map +1 -0
package/dist/security/csrf.js +467 -0
package/dist/security/csrf.js.map +1 -0
package/dist/security/distributed-state.d.ts +331 -0
package/dist/security/distributed-state.d.ts.map +1 -0
package/dist/security/distributed-state.js +768 -0
package/dist/security/distributed-state.js.map +1 -0
package/dist/security/dlp/index.d.ts +27 -0
package/dist/security/dlp/index.d.ts.map +1 -0
package/dist/security/dlp/index.js +54 -0
package/dist/security/dlp/index.js.map +1 -0
package/dist/security/dlp/scanner.d.ts +451 -0
package/dist/security/dlp/scanner.d.ts.map +1 -0
package/dist/security/dlp/scanner.js +1241 -0
package/dist/security/dlp/scanner.js.map +1 -0
package/dist/security/dpop.d.ts +260 -0
package/dist/security/dpop.d.ts.map +1 -0
package/dist/security/dpop.js +1058 -0
package/dist/security/dpop.js.map +1 -0
package/dist/security/encryption/decorators.d.ts +263 -0
package/dist/security/encryption/decorators.d.ts.map +1 -0
package/dist/security/encryption/decorators.js +359 -0
package/dist/security/encryption/decorators.js.map +1 -0
package/dist/security/encryption/index.d.ts +83 -0
package/dist/security/encryption/index.d.ts.map +1 -0
package/dist/security/encryption/index.js +140 -0
package/dist/security/encryption/index.js.map +1 -0
package/dist/security/encryption/key-provider.d.ts +335 -0
package/dist/security/encryption/key-provider.d.ts.map +1 -0
package/dist/security/encryption/key-provider.js +853 -0
package/dist/security/encryption/key-provider.js.map +1 -0
package/dist/security/encryption/middleware.d.ts +279 -0
package/dist/security/encryption/middleware.d.ts.map +1 -0
package/dist/security/encryption/middleware.js +493 -0
package/dist/security/encryption/middleware.js.map +1 -0
package/dist/security/encryption/service.d.ts +164 -0
package/dist/security/encryption/service.d.ts.map +1 -0
package/dist/security/encryption/service.js +623 -0
package/dist/security/encryption/service.js.map +1 -0
package/dist/security/encryption/types.d.ts +745 -0
package/dist/security/encryption/types.d.ts.map +1 -0
package/dist/security/encryption/types.js +229 -0
package/dist/security/encryption/types.js.map +1 -0
package/dist/security/error-sanitizer.d.ts +329 -0
package/dist/security/error-sanitizer.d.ts.map +1 -0
package/dist/security/error-sanitizer.js +700 -0
package/dist/security/error-sanitizer.js.map +1 -0
package/dist/security/fingerprint-service.d.ts +139 -0
package/dist/security/fingerprint-service.d.ts.map +1 -0
package/dist/security/fingerprint-service.js +240 -0
package/dist/security/fingerprint-service.js.map +1 -0
package/dist/security/headers/csp.d.ts +270 -0
package/dist/security/headers/csp.d.ts.map +1 -0
package/dist/security/headers/csp.js +655 -0
package/dist/security/headers/csp.js.map +1 -0
package/dist/security/headers/hsts.d.ts +161 -0
package/dist/security/headers/hsts.d.ts.map +1 -0
package/dist/security/headers/hsts.js +346 -0
package/dist/security/headers/hsts.js.map +1 -0
package/dist/security/headers/index.d.ts +47 -0
package/dist/security/headers/index.d.ts.map +1 -0
package/dist/security/headers/index.js +110 -0
package/dist/security/headers/index.js.map +1 -0
package/dist/security/headers/middleware.d.ts +70 -0
package/dist/security/headers/middleware.d.ts.map +1 -0
package/dist/security/headers/middleware.js +549 -0
package/dist/security/headers/middleware.js.map +1 -0
package/dist/security/headers/permissions-policy.d.ts +189 -0
package/dist/security/headers/permissions-policy.d.ts.map +1 -0
package/dist/security/headers/permissions-policy.js +508 -0
package/dist/security/headers/permissions-policy.js.map +1 -0
package/dist/security/headers/types.d.ts +1570 -0
package/dist/security/headers/types.d.ts.map +1 -0
package/dist/security/headers/types.js +281 -0
package/dist/security/headers/types.js.map +1 -0
package/dist/security/headers/validator.d.ts +36 -0
package/dist/security/headers/validator.d.ts.map +1 -0
package/dist/security/headers/validator.js +616 -0
package/dist/security/headers/validator.js.map +1 -0
package/dist/security/hsm/aws-cloudhsm.d.ts +157 -0
package/dist/security/hsm/aws-cloudhsm.d.ts.map +1 -0
package/dist/security/hsm/aws-cloudhsm.js +712 -0
package/dist/security/hsm/aws-cloudhsm.js.map +1 -0
package/dist/security/hsm/azure-hsm.d.ts +174 -0
package/dist/security/hsm/azure-hsm.d.ts.map +1 -0
package/dist/security/hsm/azure-hsm.js +792 -0
package/dist/security/hsm/azure-hsm.js.map +1 -0
package/dist/security/hsm/gcp-hsm.d.ts +184 -0
package/dist/security/hsm/gcp-hsm.d.ts.map +1 -0
package/dist/security/hsm/gcp-hsm.js +817 -0
package/dist/security/hsm/gcp-hsm.js.map +1 -0
package/dist/security/hsm/hsm-service.d.ts +264 -0
package/dist/security/hsm/hsm-service.d.ts.map +1 -0
package/dist/security/hsm/hsm-service.js +772 -0
package/dist/security/hsm/hsm-service.js.map +1 -0
package/dist/security/hsm/index.d.ts +248 -0
package/dist/security/hsm/index.d.ts.map +1 -0
package/dist/security/hsm/index.js +329 -0
package/dist/security/hsm/index.js.map +1 -0
package/dist/security/hsm/key-ceremony.d.ts +214 -0
package/dist/security/hsm/key-ceremony.d.ts.map +1 -0
package/dist/security/hsm/key-ceremony.js +636 -0
package/dist/security/hsm/key-ceremony.js.map +1 -0
package/dist/security/hsm/key-operations.d.ts +218 -0
package/dist/security/hsm/key-operations.d.ts.map +1 -0
package/dist/security/hsm/key-operations.js +625 -0
package/dist/security/hsm/key-operations.js.map +1 -0
package/dist/security/hsm/local-softHSM.d.ts +122 -0
package/dist/security/hsm/local-softHSM.d.ts.map +1 -0
package/dist/security/hsm/local-softHSM.js +786 -0
package/dist/security/hsm/local-softHSM.js.map +1 -0
package/dist/security/hsm/pkcs11-wrapper.d.ts +386 -0
package/dist/security/hsm/pkcs11-wrapper.d.ts.map +1 -0
package/dist/security/hsm/pkcs11-wrapper.js +1149 -0
package/dist/security/hsm/pkcs11-wrapper.js.map +1 -0
package/dist/security/hsm/provider.d.ts +333 -0
package/dist/security/hsm/provider.d.ts.map +1 -0
package/dist/security/hsm/provider.js +264 -0
package/dist/security/hsm/provider.js.map +1 -0
package/dist/security/hsm/thales-luna.d.ts +209 -0
package/dist/security/hsm/thales-luna.d.ts.map +1 -0
package/dist/security/hsm/thales-luna.js +820 -0
package/dist/security/hsm/thales-luna.js.map +1 -0
package/dist/security/incident/actions/block-ip.d.ts +82 -0
package/dist/security/incident/actions/block-ip.d.ts.map +1 -0
package/dist/security/incident/actions/block-ip.js +454 -0
package/dist/security/incident/actions/block-ip.js.map +1 -0
package/dist/security/incident/actions/collect-evidence.d.ts +93 -0
package/dist/security/incident/actions/collect-evidence.d.ts.map +1 -0
package/dist/security/incident/actions/collect-evidence.js +449 -0
package/dist/security/incident/actions/collect-evidence.js.map +1 -0
package/dist/security/incident/actions/index.d.ts +39 -0
package/dist/security/incident/actions/index.d.ts.map +1 -0
package/dist/security/incident/actions/index.js +52 -0
package/dist/security/incident/actions/index.js.map +1 -0
package/dist/security/incident/actions/isolate-system.d.ts +61 -0
package/dist/security/incident/actions/isolate-system.d.ts.map +1 -0
package/dist/security/incident/actions/isolate-system.js +369 -0
package/dist/security/incident/actions/isolate-system.js.map +1 -0
package/dist/security/incident/actions/notify-stakeholders.d.ts +70 -0
package/dist/security/incident/actions/notify-stakeholders.d.ts.map +1 -0
package/dist/security/incident/actions/notify-stakeholders.js +377 -0
package/dist/security/incident/actions/notify-stakeholders.js.map +1 -0
package/dist/security/incident/actions/revoke-credentials.d.ts +75 -0
package/dist/security/incident/actions/revoke-credentials.d.ts.map +1 -0
package/dist/security/incident/actions/revoke-credentials.js +320 -0
package/dist/security/incident/actions/revoke-credentials.js.map +1 -0
package/dist/security/incident/actions/scale-monitoring.d.ts +88 -0
package/dist/security/incident/actions/scale-monitoring.d.ts.map +1 -0
package/dist/security/incident/actions/scale-monitoring.js +473 -0
package/dist/security/incident/actions/scale-monitoring.js.map +1 -0
package/dist/security/incident/executor.d.ts +128 -0
package/dist/security/incident/executor.d.ts.map +1 -0
package/dist/security/incident/executor.js +695 -0
package/dist/security/incident/executor.js.map +1 -0
package/dist/security/incident/index.d.ts +220 -0
package/dist/security/incident/index.d.ts.map +1 -0
package/dist/security/incident/index.js +1284 -0
package/dist/security/incident/index.js.map +1 -0
package/dist/security/incident/notification.d.ts +68 -0
package/dist/security/incident/notification.d.ts.map +1 -0
package/dist/security/incident/notification.js +512 -0
package/dist/security/incident/notification.js.map +1 -0
package/dist/security/incident/playbooks/account-compromise.d.ts +13 -0
package/dist/security/incident/playbooks/account-compromise.d.ts.map +1 -0
package/dist/security/incident/playbooks/account-compromise.js +379 -0
package/dist/security/incident/playbooks/account-compromise.js.map +1 -0
package/dist/security/incident/playbooks/configuration-error.d.ts +17 -0
package/dist/security/incident/playbooks/configuration-error.d.ts.map +1 -0
package/dist/security/incident/playbooks/configuration-error.js +340 -0
package/dist/security/incident/playbooks/configuration-error.js.map +1 -0
package/dist/security/incident/playbooks/data-breach.d.ts +13 -0
package/dist/security/incident/playbooks/data-breach.d.ts.map +1 -0
package/dist/security/incident/playbooks/data-breach.js +394 -0
package/dist/security/incident/playbooks/data-breach.js.map +1 -0
package/dist/security/incident/playbooks/denial-of-service.d.ts +13 -0
package/dist/security/incident/playbooks/denial-of-service.d.ts.map +1 -0
package/dist/security/incident/playbooks/denial-of-service.js +540 -0
package/dist/security/incident/playbooks/denial-of-service.js.map +1 -0
package/dist/security/incident/playbooks/index.d.ts +36 -0
package/dist/security/incident/playbooks/index.d.ts.map +1 -0
package/dist/security/incident/playbooks/index.js +56 -0
package/dist/security/incident/playbooks/index.js.map +1 -0
package/dist/security/incident/playbooks/insider-threat.d.ts +18 -0
package/dist/security/incident/playbooks/insider-threat.d.ts.map +1 -0
package/dist/security/incident/playbooks/insider-threat.js +600 -0
package/dist/security/incident/playbooks/insider-threat.js.map +1 -0
package/dist/security/incident/playbooks/malware.d.ts +13 -0
package/dist/security/incident/playbooks/malware.d.ts.map +1 -0
package/dist/security/incident/playbooks/malware.js +515 -0
package/dist/security/incident/playbooks/malware.js.map +1 -0
package/dist/security/incident/playbooks/ransomware.d.ts +14 -0
package/dist/security/incident/playbooks/ransomware.d.ts.map +1 -0
package/dist/security/incident/playbooks/ransomware.js +693 -0
package/dist/security/incident/playbooks/ransomware.js.map +1 -0
package/dist/security/incident/playbooks/unauthorized-access.d.ts +13 -0
package/dist/security/incident/playbooks/unauthorized-access.d.ts.map +1 -0
package/dist/security/incident/playbooks/unauthorized-access.js +412 -0
package/dist/security/incident/playbooks/unauthorized-access.js.map +1 -0
package/dist/security/incident/triggers.d.ts +120 -0
package/dist/security/incident/triggers.d.ts.map +1 -0
package/dist/security/incident/triggers.js +708 -0
package/dist/security/incident/triggers.js.map +1 -0
package/dist/security/incident/types.d.ts +1517 -0
package/dist/security/incident/types.d.ts.map +1 -0
package/dist/security/incident/types.js +222 -0
package/dist/security/incident/types.js.map +1 -0
package/dist/security/index.d.ts +59 -0
package/dist/security/index.d.ts.map +1 -0
package/dist/security/index.js +295 -0
package/dist/security/index.js.map +1 -0
package/dist/security/injection-detector.d.ts +510 -0
package/dist/security/injection-detector.d.ts.map +1 -0
package/dist/security/injection-detector.js +1325 -0
package/dist/security/injection-detector.js.map +1 -0
package/dist/security/introspection.d.ts +137 -0
package/dist/security/introspection.d.ts.map +1 -0
package/dist/security/introspection.js +451 -0
package/dist/security/introspection.js.map +1 -0
package/dist/security/key-rotation.d.ts +213 -0
package/dist/security/key-rotation.d.ts.map +1 -0
package/dist/security/key-rotation.js +530 -0
package/dist/security/key-rotation.js.map +1 -0
package/dist/security/kms/aws-kms.d.ts +152 -0
package/dist/security/kms/aws-kms.d.ts.map +1 -0
package/dist/security/kms/aws-kms.js +808 -0
package/dist/security/kms/aws-kms.js.map +1 -0
package/dist/security/kms/index.d.ts +165 -0
package/dist/security/kms/index.d.ts.map +1 -0
package/dist/security/kms/index.js +351 -0
package/dist/security/kms/index.js.map +1 -0
package/dist/security/kms/local.d.ts +127 -0
package/dist/security/kms/local.d.ts.map +1 -0
package/dist/security/kms/local.js +682 -0
package/dist/security/kms/local.js.map +1 -0
package/dist/security/kms/types.d.ts +1000 -0
package/dist/security/kms/types.d.ts.map +1 -0
package/dist/security/kms/types.js +167 -0
package/dist/security/kms/types.js.map +1 -0
package/dist/security/kms/vault.d.ts +165 -0
package/dist/security/kms/vault.d.ts.map +1 -0
package/dist/security/kms/vault.js +820 -0
package/dist/security/kms/vault.js.map +1 -0
package/dist/security/mfa/index.d.ts +17 -0
package/dist/security/mfa/index.d.ts.map +1 -0
package/dist/security/mfa/index.js +37 -0
package/dist/security/mfa/index.js.map +1 -0
package/dist/security/mfa/mfa-middleware.d.ts +74 -0
package/dist/security/mfa/mfa-middleware.d.ts.map +1 -0
package/dist/security/mfa/mfa-middleware.js +244 -0
package/dist/security/mfa/mfa-middleware.js.map +1 -0
package/dist/security/mfa/mfa-service.d.ts +115 -0
package/dist/security/mfa/mfa-service.d.ts.map +1 -0
package/dist/security/mfa/mfa-service.js +509 -0
package/dist/security/mfa/mfa-service.js.map +1 -0
package/dist/security/mfa/mfa-store.d.ts +615 -0
package/dist/security/mfa/mfa-store.d.ts.map +1 -0
package/dist/security/mfa/mfa-store.js +431 -0
package/dist/security/mfa/mfa-store.js.map +1 -0
package/dist/security/mfa/types.d.ts +417 -0
package/dist/security/mfa/types.d.ts.map +1 -0
package/dist/security/mfa/types.js +123 -0
package/dist/security/mfa/types.js.map +1 -0
package/dist/security/middleware.d.ts +179 -0
package/dist/security/middleware.d.ts.map +1 -0
package/dist/security/middleware.js +534 -0
package/dist/security/middleware.js.map +1 -0
package/dist/security/pairwise-did.d.ts +157 -0
package/dist/security/pairwise-did.d.ts.map +1 -0
package/dist/security/pairwise-did.js +450 -0
package/dist/security/pairwise-did.js.map +1 -0
package/dist/security/pam/break-glass.d.ts +776 -0
package/dist/security/pam/break-glass.d.ts.map +1 -0
package/dist/security/pam/break-glass.js +1137 -0
package/dist/security/pam/break-glass.js.map +1 -0
package/dist/security/pam/index.d.ts +120 -0
package/dist/security/pam/index.d.ts.map +1 -0
package/dist/security/pam/index.js +179 -0
package/dist/security/pam/index.js.map +1 -0
package/dist/security/pam/jit-access.d.ts +482 -0
package/dist/security/pam/jit-access.d.ts.map +1 -0
package/dist/security/pam/jit-access.js +1030 -0
package/dist/security/pam/jit-access.js.map +1 -0
package/dist/security/pam/session-recording.d.ts +1007 -0
package/dist/security/pam/session-recording.d.ts.map +1 -0
package/dist/security/pam/session-recording.js +1047 -0
package/dist/security/pam/session-recording.js.map +1 -0
package/dist/security/password-hashing.d.ts +199 -0
package/dist/security/password-hashing.d.ts.map +1 -0
package/dist/security/password-hashing.js +366 -0
package/dist/security/password-hashing.js.map +1 -0
package/dist/security/password-policy.d.ts +304 -0
package/dist/security/password-policy.d.ts.map +1 -0
package/dist/security/password-policy.js +730 -0
package/dist/security/password-policy.js.map +1 -0
package/dist/security/pkce.d.ts +269 -0
package/dist/security/pkce.d.ts.map +1 -0
package/dist/security/pkce.js +408 -0
package/dist/security/pkce.js.map +1 -0
package/dist/security/policy-engine/built-in-policies.d.ts +90 -0
package/dist/security/policy-engine/built-in-policies.d.ts.map +1 -0
package/dist/security/policy-engine/built-in-policies.js +627 -0
package/dist/security/policy-engine/built-in-policies.js.map +1 -0
package/dist/security/policy-engine/condition-evaluator.d.ts +129 -0
package/dist/security/policy-engine/condition-evaluator.d.ts.map +1 -0
package/dist/security/policy-engine/condition-evaluator.js +647 -0
package/dist/security/policy-engine/condition-evaluator.js.map +1 -0
package/dist/security/policy-engine/engine.d.ts +200 -0
package/dist/security/policy-engine/engine.d.ts.map +1 -0
package/dist/security/policy-engine/engine.js +752 -0
package/dist/security/policy-engine/engine.js.map +1 -0
package/dist/security/policy-engine/index.d.ts +58 -0
package/dist/security/policy-engine/index.d.ts.map +1 -0
package/dist/security/policy-engine/index.js +80 -0
package/dist/security/policy-engine/index.js.map +1 -0
package/dist/security/policy-engine/middleware.d.ts +77 -0
package/dist/security/policy-engine/middleware.d.ts.map +1 -0
package/dist/security/policy-engine/middleware.js +375 -0
package/dist/security/policy-engine/middleware.js.map +1 -0
package/dist/security/policy-engine/rule-evaluator.d.ts +140 -0
package/dist/security/policy-engine/rule-evaluator.d.ts.map +1 -0
package/dist/security/policy-engine/rule-evaluator.js +593 -0
package/dist/security/policy-engine/rule-evaluator.js.map +1 -0
package/dist/security/policy-engine/types.d.ts +2855 -0
package/dist/security/policy-engine/types.d.ts.map +1 -0
package/dist/security/policy-engine/types.js +443 -0
package/dist/security/policy-engine/types.js.map +1 -0
package/dist/security/rbac/index.d.ts +317 -0
package/dist/security/rbac/index.d.ts.map +1 -0
package/dist/security/rbac/index.js +618 -0
package/dist/security/rbac/index.js.map +1 -0
package/dist/security/rbac/permissions.d.ts +305 -0
package/dist/security/rbac/permissions.d.ts.map +1 -0
package/dist/security/rbac/permissions.js +947 -0
package/dist/security/rbac/permissions.js.map +1 -0
package/dist/security/rbac/policy-engine.d.ts +542 -0
package/dist/security/rbac/policy-engine.d.ts.map +1 -0
package/dist/security/rbac/policy-engine.js +1244 -0
package/dist/security/rbac/policy-engine.js.map +1 -0
package/dist/security/rbac/roles.d.ts +478 -0
package/dist/security/rbac/roles.d.ts.map +1 -0
package/dist/security/rbac/roles.js +363 -0
package/dist/security/rbac/roles.js.map +1 -0
package/dist/security/refresh-token.d.ts +305 -0
package/dist/security/refresh-token.d.ts.map +1 -0
package/dist/security/refresh-token.js +674 -0
package/dist/security/refresh-token.js.map +1 -0
package/dist/security/request-integrity.d.ts +289 -0
package/dist/security/request-integrity.d.ts.map +1 -0
package/dist/security/request-integrity.js +663 -0
package/dist/security/request-integrity.js.map +1 -0
package/dist/security/revocation-check.d.ts +188 -0
package/dist/security/revocation-check.d.ts.map +1 -0
package/dist/security/revocation-check.js +606 -0
package/dist/security/revocation-check.js.map +1 -0
package/dist/security/revocation.d.ts +191 -0
package/dist/security/revocation.d.ts.map +1 -0
package/dist/security/revocation.js +522 -0
package/dist/security/revocation.js.map +1 -0
package/dist/security/secrets-rotation.d.ts +501 -0
package/dist/security/secrets-rotation.d.ts.map +1 -0
package/dist/security/secrets-rotation.js +934 -0
package/dist/security/secrets-rotation.js.map +1 -0
package/dist/security/secure-memory.d.ts +325 -0
package/dist/security/secure-memory.d.ts.map +1 -0
package/dist/security/secure-memory.js +595 -0
package/dist/security/secure-memory.js.map +1 -0
package/dist/security/security-service.d.ts +186 -0
package/dist/security/security-service.d.ts.map +1 -0
package/dist/security/security-service.js +531 -0
package/dist/security/security-service.js.map +1 -0
package/dist/security/service-auth/index.d.ts +20 -0
package/dist/security/service-auth/index.d.ts.map +1 -0
package/dist/security/service-auth/index.js +61 -0
package/dist/security/service-auth/index.js.map +1 -0
package/dist/security/service-auth/service-account.d.ts +357 -0
package/dist/security/service-auth/service-account.d.ts.map +1 -0
package/dist/security/service-auth/service-account.js +475 -0
package/dist/security/service-auth/service-account.js.map +1 -0
package/dist/security/service-auth/service-auth-middleware.d.ts +174 -0
package/dist/security/service-auth/service-auth-middleware.d.ts.map +1 -0
package/dist/security/service-auth/service-auth-middleware.js +461 -0
package/dist/security/service-auth/service-auth-middleware.js.map +1 -0
package/dist/security/service-auth/service-token.d.ts +391 -0
package/dist/security/service-auth/service-token.d.ts.map +1 -0
package/dist/security/service-auth/service-token.js +472 -0
package/dist/security/service-auth/service-token.js.map +1 -0
package/dist/security/session-manager.d.ts +177 -0
package/dist/security/session-manager.d.ts.map +1 -0
package/dist/security/session-manager.js +353 -0
package/dist/security/session-manager.js.map +1 -0
package/dist/security/session-store.d.ts +205 -0
package/dist/security/session-store.d.ts.map +1 -0
package/dist/security/session-store.js +581 -0
package/dist/security/session-store.js.map +1 -0
package/dist/security/siem/connector.d.ts +147 -0
package/dist/security/siem/connector.d.ts.map +1 -0
package/dist/security/siem/connector.js +254 -0
package/dist/security/siem/connector.js.map +1 -0
package/dist/security/siem/datadog.d.ts +81 -0
package/dist/security/siem/datadog.d.ts.map +1 -0
package/dist/security/siem/datadog.js +362 -0
package/dist/security/siem/datadog.js.map +1 -0
package/dist/security/siem/elastic.d.ts +83 -0
package/dist/security/siem/elastic.d.ts.map +1 -0
package/dist/security/siem/elastic.js +514 -0
package/dist/security/siem/elastic.js.map +1 -0
package/dist/security/siem/enrichment.d.ts +133 -0
package/dist/security/siem/enrichment.d.ts.map +1 -0
package/dist/security/siem/enrichment.js +434 -0
package/dist/security/siem/enrichment.js.map +1 -0
package/dist/security/siem/formatter.d.ts +118 -0
package/dist/security/siem/formatter.d.ts.map +1 -0
package/dist/security/siem/formatter.js +381 -0
package/dist/security/siem/formatter.js.map +1 -0
package/dist/security/siem/hooks.d.ts +107 -0
package/dist/security/siem/hooks.d.ts.map +1 -0
package/dist/security/siem/hooks.js +459 -0
package/dist/security/siem/hooks.js.map +1 -0
package/dist/security/siem/index.d.ts +83 -0
package/dist/security/siem/index.d.ts.map +1 -0
package/dist/security/siem/index.js +95 -0
package/dist/security/siem/index.js.map +1 -0
package/dist/security/siem/service.d.ts +153 -0
package/dist/security/siem/service.d.ts.map +1 -0
package/dist/security/siem/service.js +615 -0
package/dist/security/siem/service.js.map +1 -0
package/dist/security/siem/splunk.d.ts +76 -0
package/dist/security/siem/splunk.d.ts.map +1 -0
package/dist/security/siem/splunk.js +283 -0
package/dist/security/siem/splunk.js.map +1 -0
package/dist/security/siem/types.d.ts +1980 -0
package/dist/security/siem/types.d.ts.map +1 -0
package/dist/security/siem/types.js +268 -0
package/dist/security/siem/types.js.map +1 -0
package/dist/security/tee-production.d.ts +157 -0
package/dist/security/tee-production.d.ts.map +1 -0
package/dist/security/tee-production.js +792 -0
package/dist/security/tee-production.js.map +1 -0
package/dist/security/tee.d.ts +182 -0
package/dist/security/tee.d.ts.map +1 -0
package/dist/security/tee.js +1031 -0
package/dist/security/tee.js.map +1 -0
package/dist/security/threat-intel/bot-detection.d.ts +275 -0
package/dist/security/threat-intel/bot-detection.d.ts.map +1 -0
package/dist/security/threat-intel/bot-detection.js +890 -0
package/dist/security/threat-intel/bot-detection.js.map +1 -0
package/dist/security/threat-intel/credential-stuffing.d.ts +368 -0
package/dist/security/threat-intel/credential-stuffing.d.ts.map +1 -0
package/dist/security/threat-intel/credential-stuffing.js +957 -0
package/dist/security/threat-intel/credential-stuffing.js.map +1 -0
package/dist/security/threat-intel/index.d.ts +10 -0
package/dist/security/threat-intel/index.d.ts.map +1 -0
package/dist/security/threat-intel/index.js +18 -0
package/dist/security/threat-intel/index.js.map +1 -0
package/dist/security/threat-intel/ip-reputation.d.ts +323 -0
package/dist/security/threat-intel/ip-reputation.d.ts.map +1 -0
package/dist/security/threat-intel/ip-reputation.js +923 -0
package/dist/security/threat-intel/ip-reputation.js.map +1 -0
package/dist/security/token-lifecycle.d.ts +272 -0
package/dist/security/token-lifecycle.d.ts.map +1 -0
package/dist/security/token-lifecycle.js +732 -0
package/dist/security/token-lifecycle.js.map +1 -0
package/dist/security/token-lifetime.d.ts +206 -0
package/dist/security/token-lifetime.d.ts.map +1 -0
package/dist/security/token-lifetime.js +388 -0
package/dist/security/token-lifetime.js.map +1 -0
package/dist/security/trust-oracle/alerts.d.ts +202 -0
package/dist/security/trust-oracle/alerts.d.ts.map +1 -0
package/dist/security/trust-oracle/alerts.js +763 -0
package/dist/security/trust-oracle/alerts.js.map +1 -0
package/dist/security/trust-oracle/api.d.ts +116 -0
package/dist/security/trust-oracle/api.d.ts.map +1 -0
package/dist/security/trust-oracle/api.js +721 -0
package/dist/security/trust-oracle/api.js.map +1 -0
package/dist/security/trust-oracle/continuous-monitoring.d.ts +105 -0
package/dist/security/trust-oracle/continuous-monitoring.d.ts.map +1 -0
package/dist/security/trust-oracle/continuous-monitoring.js +696 -0
package/dist/security/trust-oracle/continuous-monitoring.js.map +1 -0
package/dist/security/trust-oracle/data-sources.d.ts +126 -0
package/dist/security/trust-oracle/data-sources.d.ts.map +1 -0
package/dist/security/trust-oracle/data-sources.js +867 -0
package/dist/security/trust-oracle/data-sources.js.map +1 -0
package/dist/security/trust-oracle/index.d.ts +79 -0
package/dist/security/trust-oracle/index.d.ts.map +1 -0
package/dist/security/trust-oracle/index.js +206 -0
package/dist/security/trust-oracle/index.js.map +1 -0
package/dist/security/trust-oracle/oracle.d.ts +125 -0
package/dist/security/trust-oracle/oracle.d.ts.map +1 -0
package/dist/security/trust-oracle/oracle.js +489 -0
package/dist/security/trust-oracle/oracle.js.map +1 -0
package/dist/security/trust-oracle/reporting.d.ts +145 -0
package/dist/security/trust-oracle/reporting.d.ts.map +1 -0
package/dist/security/trust-oracle/reporting.js +1098 -0
package/dist/security/trust-oracle/reporting.js.map +1 -0
package/dist/security/trust-oracle/risk-scorer.d.ts +207 -0
package/dist/security/trust-oracle/risk-scorer.d.ts.map +1 -0
package/dist/security/trust-oracle/risk-scorer.js +1033 -0
package/dist/security/trust-oracle/risk-scorer.js.map +1 -0
package/dist/security/trust-oracle/types.d.ts +444 -0
package/dist/security/trust-oracle/types.d.ts.map +1 -0
package/dist/security/trust-oracle/types.js +6 -0
package/dist/security/trust-oracle/types.js.map +1 -0
package/dist/security/trust-oracle/vendor-registry.d.ts +228 -0
package/dist/security/trust-oracle/vendor-registry.d.ts.map +1 -0
package/dist/security/trust-oracle/vendor-registry.js +727 -0
package/dist/security/trust-oracle/vendor-registry.js.map +1 -0
package/dist/security/types.d.ts +1777 -0
package/dist/security/types.d.ts.map +1 -0
package/dist/security/types.js +388 -0
package/dist/security/types.js.map +1 -0
package/dist/security/webauthn/index.d.ts +47 -0
package/dist/security/webauthn/index.d.ts.map +1 -0
package/dist/security/webauthn/index.js +48 -0
package/dist/security/webauthn/index.js.map +1 -0
package/dist/security/webauthn/middleware.d.ts +109 -0
package/dist/security/webauthn/middleware.d.ts.map +1 -0
package/dist/security/webauthn/middleware.js +629 -0
package/dist/security/webauthn/middleware.js.map +1 -0
package/dist/security/webauthn/service.d.ts +179 -0
package/dist/security/webauthn/service.d.ts.map +1 -0
package/dist/security/webauthn/service.js +758 -0
package/dist/security/webauthn/service.js.map +1 -0
package/dist/security/webauthn/store.d.ts +240 -0
package/dist/security/webauthn/store.d.ts.map +1 -0
package/dist/security/webauthn/store.js +505 -0
package/dist/security/webauthn/store.js.map +1 -0
package/dist/security/webauthn/types.d.ts +678 -0
package/dist/security/webauthn/types.d.ts.map +1 -0
package/dist/security/webauthn/types.js +176 -0
package/dist/security/webauthn/types.js.map +1 -0
package/dist/security/zkp/circuits.d.ts +296 -0
package/dist/security/zkp/circuits.d.ts.map +1 -0
package/dist/security/zkp/circuits.js +771 -0
package/dist/security/zkp/circuits.js.map +1 -0
package/dist/security/zkp/commitment.d.ts +319 -0
package/dist/security/zkp/commitment.d.ts.map +1 -0
package/dist/security/zkp/commitment.js +591 -0
package/dist/security/zkp/commitment.js.map +1 -0
package/dist/security/zkp/compliance.d.ts +251 -0
package/dist/security/zkp/compliance.d.ts.map +1 -0
package/dist/security/zkp/compliance.js +734 -0
package/dist/security/zkp/compliance.js.map +1 -0
package/dist/security/zkp/index.d.ts +184 -0
package/dist/security/zkp/index.d.ts.map +1 -0
package/dist/security/zkp/index.js +285 -0
package/dist/security/zkp/index.js.map +1 -0
package/dist/security/zkp/integration.d.ts +289 -0
package/dist/security/zkp/integration.d.ts.map +1 -0
package/dist/security/zkp/integration.js +571 -0
package/dist/security/zkp/integration.js.map +1 -0
package/dist/security/zkp/prover.d.ts +158 -0
package/dist/security/zkp/prover.d.ts.map +1 -0
package/dist/security/zkp/prover.js +465 -0
package/dist/security/zkp/prover.js.map +1 -0
package/dist/security/zkp/snark-utils.d.ts +321 -0
package/dist/security/zkp/snark-utils.d.ts.map +1 -0
package/dist/security/zkp/snark-utils.js +640 -0
package/dist/security/zkp/snark-utils.js.map +1 -0
package/dist/security/zkp/types.d.ts +1192 -0
package/dist/security/zkp/types.d.ts.map +1 -0
package/dist/security/zkp/types.js +264 -0
package/dist/security/zkp/types.js.map +1 -0
package/dist/security/zkp/verifier.d.ts +111 -0
package/dist/security/zkp/verifier.d.ts.map +1 -0
package/dist/security/zkp/verifier.js +554 -0
package/dist/security/zkp/verifier.js.map +1 -0
package/dist/semantic-governance/context-validator.d.ts +158 -0
package/dist/semantic-governance/context-validator.d.ts.map +1 -0
package/dist/semantic-governance/context-validator.js +598 -0
package/dist/semantic-governance/context-validator.js.map +1 -0
package/dist/semantic-governance/credential-manager.d.ts +156 -0
package/dist/semantic-governance/credential-manager.d.ts.map +1 -0
package/dist/semantic-governance/credential-manager.js +438 -0
package/dist/semantic-governance/credential-manager.js.map +1 -0
package/dist/semantic-governance/dual-channel.d.ts +138 -0
package/dist/semantic-governance/dual-channel.d.ts.map +1 -0
package/dist/semantic-governance/dual-channel.js +333 -0
package/dist/semantic-governance/dual-channel.js.map +1 -0
package/dist/semantic-governance/index.d.ts +107 -0
package/dist/semantic-governance/index.d.ts.map +1 -0
package/dist/semantic-governance/index.js +141 -0
package/dist/semantic-governance/index.js.map +1 -0
package/dist/semantic-governance/inference-validator.d.ts +114 -0
package/dist/semantic-governance/inference-validator.d.ts.map +1 -0
package/dist/semantic-governance/inference-validator.js +390 -0
package/dist/semantic-governance/inference-validator.js.map +1 -0
package/dist/semantic-governance/instruction-validator.d.ts +146 -0
package/dist/semantic-governance/instruction-validator.d.ts.map +1 -0
package/dist/semantic-governance/instruction-validator.js +363 -0
package/dist/semantic-governance/instruction-validator.js.map +1 -0
package/dist/semantic-governance/integration.d.ts +253 -0
package/dist/semantic-governance/integration.d.ts.map +1 -0
package/dist/semantic-governance/integration.js +658 -0
package/dist/semantic-governance/integration.js.map +1 -0
package/dist/semantic-governance/output-validator.d.ts +135 -0
package/dist/semantic-governance/output-validator.d.ts.map +1 -0
package/dist/semantic-governance/output-validator.js +448 -0
package/dist/semantic-governance/output-validator.js.map +1 -0
package/dist/semantic-governance/service.d.ts +120 -0
package/dist/semantic-governance/service.d.ts.map +1 -0
package/dist/semantic-governance/service.js +527 -0
package/dist/semantic-governance/service.js.map +1 -0
package/dist/semantic-governance/types.d.ts +3925 -0
package/dist/semantic-governance/types.d.ts.map +1 -0
package/dist/semantic-governance/types.js +471 -0
package/dist/semantic-governance/types.js.map +1 -0
package/dist/trust-engine/car-integration.d.ts +263 -0
package/dist/trust-engine/car-integration.d.ts.map +1 -0
package/dist/trust-engine/car-integration.js +320 -0
package/dist/trust-engine/car-integration.js.map +1 -0
package/dist/trust-engine/context.d.ts +198 -0
package/dist/trust-engine/context.d.ts.map +1 -0
package/dist/trust-engine/context.js +308 -0
package/dist/trust-engine/context.js.map +1 -0
package/dist/trust-engine/diminishing-returns.d.ts +123 -0
package/dist/trust-engine/diminishing-returns.d.ts.map +1 -0
package/dist/trust-engine/diminishing-returns.js +197 -0
package/dist/trust-engine/diminishing-returns.js.map +1 -0
package/dist/trust-engine/index.d.ts +433 -0
package/dist/trust-engine/index.d.ts.map +1 -0
package/dist/trust-engine/index.js +1241 -0
package/dist/trust-engine/index.js.map +1 -0
package/dist/trust-engine/observability.d.ts +175 -0
package/dist/trust-engine/observability.d.ts.map +1 -0
package/dist/trust-engine/observability.js +246 -0
package/dist/trust-engine/observability.js.map +1 -0
package/dist/trust-engine/signal-diversity.d.ts +130 -0
package/dist/trust-engine/signal-diversity.d.ts.map +1 -0
package/dist/trust-engine/signal-diversity.js +238 -0
package/dist/trust-engine/signal-diversity.js.map +1 -0
package/dist/versioning/deprecation.d.ts +65 -0
package/dist/versioning/deprecation.d.ts.map +1 -0
package/dist/versioning/deprecation.js +199 -0
package/dist/versioning/deprecation.js.map +1 -0
package/dist/versioning/index.d.ts +46 -0
package/dist/versioning/index.d.ts.map +1 -0
package/dist/versioning/index.js +76 -0
package/dist/versioning/index.js.map +1 -0
package/dist/versioning/semver.d.ts +116 -0
package/dist/versioning/semver.d.ts.map +1 -0
package/dist/versioning/semver.js +321 -0
package/dist/versioning/semver.js.map +1 -0
package/package.json +161 -0

package/dist/security/rbac/policy-engine.js ADDED Viewed

@@ -0,0 +1,1244 @@
+/**
+ * RBAC Policy Evaluation Engine
+ *
+ * Evaluates access control policies based on:
+ * - Role-based permissions
+ * - Resource-based access control
+ * - Trust tier requirements
+ * - Time-based and conditional policies
+ * - Tenant context isolation
+ *
+ * Integrates with TenantContext for multi-tenant authorization and
+ * Trust-engine for trust-based access decisions.
+ *
+ * @packageDocumentation
+ */
+import { z } from 'zod';
+import { createLogger } from '../../common/logger.js';
+import { withSpan } from '../../common/trace.js';
+import { Counter, Histogram } from 'prom-client';
+import { vorionRegistry } from '../../common/metrics-registry.js';
+import { getEffectivePermissions, getBuiltinRoles, } from './roles.js';
+import { hasPermission, hasAllPermissions, getBuiltinPermissions, } from './permissions.js';
+import { getSecurityAuditLogger, } from '../../audit/security-logger.js';
+const logger = createLogger({ component: 'rbac-policy-engine' });
+// =============================================================================
+// METRICS
+// =============================================================================
+const policyEvaluations = new Counter({
+    name: 'vorion_rbac_policy_evaluations_total',
+    help: 'Total RBAC policy evaluations',
+    labelNames: ['result', 'policy_type'],
+    registers: [vorionRegistry],
+});
+const policyEvaluationDuration = new Histogram({
+    name: 'vorion_rbac_policy_evaluation_duration_seconds',
+    help: 'Duration of RBAC policy evaluation',
+    labelNames: ['policy_type'],
+    buckets: [0.001, 0.005, 0.01, 0.025, 0.05, 0.1],
+    registers: [vorionRegistry],
+});
+const permissionChecks = new Counter({
+    name: 'vorion_rbac_permission_checks_total',
+    help: 'Total RBAC permission checks',
+    labelNames: ['result', 'resource_type'],
+    registers: [vorionRegistry],
+});
+// =============================================================================
+// TYPES
+// =============================================================================
+/**
+ * Access control policy types
+ */
+export const PolicyTypes = {
+    /** Role-based permission check */
+    ROLE_BASED: 'role_based',
+    /** Resource-based permission check */
+    RESOURCE_BASED: 'resource_based',
+    /** Trust-tier requirement */
+    TRUST_BASED: 'trust_based',
+    /** Time-based restriction */
+    TIME_BASED: 'time_based',
+    /** Conditional policy */
+    CONDITIONAL: 'conditional',
+    /** Composite (multiple policies) */
+    COMPOSITE: 'composite',
+};
+/**
+ * Policy evaluation effect
+ */
+export const PolicyEffects = {
+    ALLOW: 'allow',
+    DENY: 'deny',
+    INDETERMINATE: 'indeterminate',
+    NOT_APPLICABLE: 'not_applicable',
+};
+/**
+ * Policy combining algorithm
+ */
+export const CombiningAlgorithms = {
+    /** First deny wins */
+    DENY_OVERRIDES: 'deny_overrides',
+    /** First allow wins */
+    PERMIT_OVERRIDES: 'permit_overrides',
+    /** All must allow */
+    UNANIMOUS: 'unanimous',
+    /** First applicable wins */
+    FIRST_APPLICABLE: 'first_applicable',
+    /** Priority-based (highest priority wins) */
+    PRIORITY_BASED: 'priority_based',
+};
+// =============================================================================
+// ZOD SCHEMAS
+// =============================================================================
+export const policyTargetSchema = z.object({
+    subjectIds: z.array(z.string()).optional(),
+    subjectTypes: z.array(z.enum(['user', 'agent', 'service'])).optional(),
+    roleIds: z.array(z.string()).optional(),
+    tenantIds: z.array(z.string()).optional(),
+    excludeSubjectIds: z.array(z.string()).optional(),
+});
+export const policyConditionsSchema = z.object({
+    ipAddresses: z.array(z.string()).optional(),
+    timeWindow: z.object({
+        startTime: z.string(),
+        endTime: z.string(),
+        daysOfWeek: z.array(z.number()),
+        timezone: z.string(),
+    }).optional(),
+    attributes: z.record(z.unknown()).optional(),
+    expression: z.string().optional(),
+});
+export const accessPolicySchema = z.lazy(() => z.object({
+    id: z.string(),
+    name: z.string(),
+    description: z.string().optional(),
+    type: z.nativeEnum(PolicyTypes),
+    priority: z.number().int().min(0),
+    effect: z.nativeEnum(PolicyEffects),
+    target: policyTargetSchema.optional(),
+    conditions: policyConditionsSchema.optional(),
+    requiredPermissions: z.array(z.string()).optional(),
+    requiredRoles: z.array(z.string()).optional(),
+    requiredTrustTier: z.number().int().min(0).max(7).optional(),
+    resourcePatterns: z.array(z.string()).optional(),
+    timeRestrictions: z.array(z.object({
+        startTime: z.string(),
+        endTime: z.string(),
+        daysOfWeek: z.array(z.number()),
+        timezone: z.string(),
+    })).optional(),
+    childPolicies: z.array(z.lazy(() => accessPolicySchema)).optional(),
+    combiningAlgorithm: z.nativeEnum(CombiningAlgorithms).optional(),
+    enabled: z.boolean(),
+    tenantId: z.string().optional(),
+    metadata: z.record(z.unknown()).optional(),
+    createdAt: z.string().datetime(),
+    updatedAt: z.string().datetime(),
+}));
+/**
+ * RBAC Policy Evaluation Engine
+ *
+ * Provides comprehensive policy evaluation for access control decisions.
+ * Supports multiple policy types and combining algorithms.
+ */
+export class RBACPolicyEngine {
+    policies = new Map();
+    roleRegistry = new Map();
+    permissionRegistry = new Map();
+    roleAssignments = new Map();
+    options;
+    auditLogger;
+    evaluationCache = new Map();
+    constructor(options = {}) {
+        this.options = {
+            defaultCombiningAlgorithm: options.defaultCombiningAlgorithm ?? CombiningAlgorithms.DENY_OVERRIDES,
+            defaultEffect: options.defaultEffect ?? PolicyEffects.DENY,
+            enableAuditLogging: options.enableAuditLogging ?? true,
+            enableTracing: options.enableTracing ?? true,
+            enableCaching: options.enableCaching ?? true,
+            cacheTtlMs: options.cacheTtlMs ?? 60000, // 1 minute
+        };
+        this.auditLogger = getSecurityAuditLogger();
+        // Initialize with built-in roles and permissions
+        this.initializeBuiltins();
+        logger.info({
+            defaultCombiningAlgorithm: this.options.defaultCombiningAlgorithm,
+            defaultEffect: this.options.defaultEffect,
+        }, 'RBAC policy engine initialized');
+    }
+    /**
+     * Initialize built-in roles and permissions
+     */
+    initializeBuiltins() {
+        // Register built-in roles
+        for (const role of getBuiltinRoles()) {
+            this.roleRegistry.set(role.id, role);
+        }
+        // Register built-in permissions
+        for (const permission of getBuiltinPermissions()) {
+            this.permissionRegistry.set(permission.id, permission);
+        }
+        logger.debug({
+            roles: this.roleRegistry.size,
+            permissions: this.permissionRegistry.size,
+        }, 'Built-in roles and permissions initialized');
+    }
+    // ===========================================================================
+    // POLICY EVALUATION
+    // ===========================================================================
+    /**
+     * Evaluate access request against all applicable policies
+     */
+    async evaluate(context) {
+        const startTime = performance.now();
+        // Check cache
+        if (this.options.enableCaching) {
+            const cacheKey = this.buildCacheKey(context);
+            const cached = this.evaluationCache.get(cacheKey);
+            if (cached && cached.expiresAt > Date.now()) {
+                policyEvaluations.inc({ result: cached.result.effect, policy_type: 'cached' });
+                return cached.result;
+            }
+        }
+        const evaluatedPolicies = [];
+        const effects = [];
+        // Get applicable policies sorted by priority
+        const applicablePolicies = this.getApplicablePolicies(context);
+        for (const policy of applicablePolicies) {
+            const policyStartTime = performance.now();
+            const evaluation = await this.evaluatePolicy(policy, context);
+            const policyDuration = performance.now() - policyStartTime;
+            const evaluatedPolicy = {
+                policyId: policy.id,
+                policyName: policy.name,
+                policyType: policy.type,
+                effect: evaluation.effect,
+                matched: evaluation.matched,
+                reason: evaluation.reason,
+                durationMs: policyDuration,
+            };
+            evaluatedPolicies.push(evaluatedPolicy);
+            if (evaluation.matched && evaluation.effect !== PolicyEffects.NOT_APPLICABLE) {
+                effects.push({
+                    effect: evaluation.effect,
+                    policy: evaluatedPolicy,
+                    priority: policy.priority,
+                });
+            }
+            policyEvaluationDuration.observe({ policy_type: policy.type }, policyDuration / 1000);
+        }
+        // Combine effects using the configured algorithm
+        const { effect, decidingPolicy } = this.combineEffects(effects, this.options.defaultCombiningAlgorithm);
+        const finalEffect = effects.length === 0 ? this.options.defaultEffect : effect;
+        const permitted = finalEffect === PolicyEffects.ALLOW;
+        const durationMs = performance.now() - startTime;
+        // Build missing requirements if denied
+        const missingRequirements = !permitted
+            ? this.getMissingRequirements(context, applicablePolicies)
+            : undefined;
+        const result = {
+            effect: finalEffect,
+            permitted,
+            evaluatedPolicies,
+            decidingPolicy,
+            reason: this.buildDecisionReason(finalEffect, decidingPolicy, missingRequirements),
+            missingRequirements,
+            durationMs,
+            evaluatedAt: new Date().toISOString(),
+        };
+        // Cache result
+        if (this.options.enableCaching) {
+            const cacheKey = this.buildCacheKey(context);
+            this.evaluationCache.set(cacheKey, {
+                result,
+                expiresAt: Date.now() + this.options.cacheTtlMs,
+            });
+        }
+        // Audit logging
+        if (this.options.enableAuditLogging) {
+            await this.logAccessDecision(context, result);
+        }
+        policyEvaluations.inc({ result: finalEffect, policy_type: 'evaluated' });
+        logger.debug({
+            subjectId: context.subject.id,
+            resourceType: context.resource.type,
+            action: context.resource.action,
+            effect: finalEffect,
+            permitted,
+            policiesEvaluated: evaluatedPolicies.length,
+            durationMs,
+        }, 'Policy evaluation completed');
+        return result;
+    }
+    /**
+     * Evaluate with OpenTelemetry tracing
+     */
+    async evaluateWithTracing(context) {
+        if (!this.options.enableTracing) {
+            return this.evaluate(context);
+        }
+        return withSpan('rbac.evaluatePolicy', async (span) => {
+            span.attributes['subject.id'] = context.subject.id;
+            span.attributes['subject.type'] = context.subject.type;
+            span.attributes['resource.type'] = context.resource.type;
+            span.attributes['resource.action'] = context.resource.action;
+            const result = await this.evaluate(context);
+            span.attributes['result.effect'] = result.effect;
+            span.attributes['result.permitted'] = result.permitted;
+            span.attributes['result.policiesEvaluated'] = result.evaluatedPolicies.length;
+            span.attributes['result.durationMs'] = result.durationMs;
+            return result;
+        }, { 'tenant.id': context.environment.tenantId });
+    }
+    /**
+     * Evaluate a single policy
+     */
+    async evaluatePolicy(policy, context) {
+        // Check if policy targets this subject
+        if (!this.policyTargetsSubject(policy, context)) {
+            return { effect: PolicyEffects.NOT_APPLICABLE, matched: false, reason: 'Target mismatch' };
+        }
+        // Check conditions
+        if (policy.conditions && !this.checkConditions(policy.conditions, context)) {
+            return { effect: PolicyEffects.NOT_APPLICABLE, matched: false, reason: 'Conditions not met' };
+        }
+        // Check time restrictions
+        if (policy.timeRestrictions && !this.checkTimeRestrictions(policy.timeRestrictions, context.environment.timestamp)) {
+            return { effect: PolicyEffects.NOT_APPLICABLE, matched: false, reason: 'Outside time window' };
+        }
+        // Evaluate based on policy type
+        switch (policy.type) {
+            case PolicyTypes.ROLE_BASED:
+                return this.evaluateRoleBasedPolicy(policy, context);
+            case PolicyTypes.RESOURCE_BASED:
+                return this.evaluateResourceBasedPolicy(policy, context);
+            case PolicyTypes.TRUST_BASED:
+                return this.evaluateTrustBasedPolicy(policy, context);
+            case PolicyTypes.TIME_BASED:
+                return this.evaluateTimeBasedPolicy(policy, context);
+            case PolicyTypes.CONDITIONAL:
+                return this.evaluateConditionalPolicy(policy, context);
+            case PolicyTypes.COMPOSITE:
+                return this.evaluateCompositePolicy(policy, context);
+            default:
+                return { effect: PolicyEffects.INDETERMINATE, matched: false, reason: 'Unknown policy type' };
+        }
+    }
+    /**
+     * Evaluate role-based policy
+     */
+    evaluateRoleBasedPolicy(policy, context) {
+        // Check required roles
+        if (policy.requiredRoles && policy.requiredRoles.length > 0) {
+            const hasRequiredRole = policy.requiredRoles.some(role => context.subject.roles.includes(role));
+            if (!hasRequiredRole) {
+                return {
+                    effect: PolicyEffects.DENY,
+                    matched: true,
+                    reason: `Missing required role: ${policy.requiredRoles.join(' or ')}`,
+                };
+            }
+        }
+        // Check required permissions
+        if (policy.requiredPermissions && policy.requiredPermissions.length > 0) {
+            const hasAllRequired = hasAllPermissions(context.subject.permissions, policy.requiredPermissions);
+            if (!hasAllRequired) {
+                return {
+                    effect: PolicyEffects.DENY,
+                    matched: true,
+                    reason: 'Missing required permissions',
+                };
+            }
+        }
+        return { effect: policy.effect, matched: true };
+    }
+    /**
+     * Evaluate resource-based policy
+     */
+    evaluateResourceBasedPolicy(policy, context) {
+        // Check resource patterns
+        if (policy.resourcePatterns && policy.resourcePatterns.length > 0) {
+            const resourceKey = `${context.resource.type}:${context.resource.action}`;
+            const matches = policy.resourcePatterns.some(pattern => this.matchPattern(resourceKey, pattern));
+            if (!matches) {
+                return {
+                    effect: PolicyEffects.NOT_APPLICABLE,
+                    matched: false,
+                    reason: 'Resource pattern mismatch',
+                };
+            }
+        }
+        // Check if subject has permission for this resource action
+        const requiredPermission = `${context.resource.type}:${context.resource.action}`;
+        if (!hasPermission(context.subject.permissions, requiredPermission)) {
+            return {
+                effect: PolicyEffects.DENY,
+                matched: true,
+                reason: `Missing permission: ${requiredPermission}`,
+            };
+        }
+        return { effect: policy.effect, matched: true };
+    }
+    /**
+     * Evaluate trust-based policy
+     */
+    evaluateTrustBasedPolicy(policy, context) {
+        if (policy.requiredTrustTier !== undefined) {
+            if (context.subject.trustTier < policy.requiredTrustTier) {
+                return {
+                    effect: PolicyEffects.DENY,
+                    matched: true,
+                    reason: `Insufficient trust tier: requires T${policy.requiredTrustTier}, has T${context.subject.trustTier}`,
+                };
+            }
+        }
+        return { effect: policy.effect, matched: true };
+    }
+    /**
+     * Evaluate time-based policy
+     */
+    evaluateTimeBasedPolicy(policy, context) {
+        if (policy.timeRestrictions && policy.timeRestrictions.length > 0) {
+            const withinWindow = this.checkTimeRestrictions(policy.timeRestrictions, context.environment.timestamp);
+            if (!withinWindow) {
+                return {
+                    effect: PolicyEffects.DENY,
+                    matched: true,
+                    reason: 'Access outside allowed time window',
+                };
+            }
+        }
+        return { effect: policy.effect, matched: true };
+    }
+    /**
+     * Evaluate conditional policy
+     */
+    evaluateConditionalPolicy(policy, context) {
+        if (!policy.conditions) {
+            return { effect: policy.effect, matched: true };
+        }
+        const conditionsMet = this.checkConditions(policy.conditions, context);
+        if (!conditionsMet) {
+            return {
+                effect: PolicyEffects.DENY,
+                matched: true,
+                reason: 'Policy conditions not met',
+            };
+        }
+        return { effect: policy.effect, matched: true };
+    }
+    /**
+     * Evaluate composite policy (with child policies)
+     */
+    async evaluateCompositePolicy(policy, context) {
+        if (!policy.childPolicies || policy.childPolicies.length === 0) {
+            return { effect: policy.effect, matched: true };
+        }
+        const childEffects = [];
+        for (const childPolicy of policy.childPolicies) {
+            if (!childPolicy.enabled)
+                continue;
+            const evaluation = await this.evaluatePolicy(childPolicy, context);
+            if (evaluation.matched) {
+                childEffects.push({
+                    effect: evaluation.effect,
+                    policy: childPolicy,
+                    priority: childPolicy.priority,
+                });
+            }
+        }
+        const algorithm = policy.combiningAlgorithm ?? this.options.defaultCombiningAlgorithm;
+        const { effect } = this.combineEffects(childEffects.map(e => ({
+            effect: e.effect,
+            policy: {
+                policyId: e.policy.id,
+                policyName: e.policy.name,
+                policyType: e.policy.type,
+                effect: e.effect,
+                matched: true,
+                durationMs: 0,
+            },
+            priority: e.priority,
+        })), algorithm);
+        return { effect, matched: true };
+    }
+    // ===========================================================================
+    // PERMISSION CHECKING
+    // ===========================================================================
+    /**
+     * Check if a subject has specific permissions
+     */
+    async checkPermissions(request) {
+        const startTime = performance.now();
+        const grantedPermissions = [];
+        const deniedPermissions = [];
+        // Get subject's effective permissions from roles
+        const subjectPermissions = await this.getSubjectPermissions(request.subjectId, request.tenantId);
+        for (const required of request.permissions) {
+            if (hasPermission(subjectPermissions, required)) {
+                grantedPermissions.push(required);
+            }
+            else {
+                deniedPermissions.push(required);
+            }
+        }
+        const granted = deniedPermissions.length === 0;
+        const result = {
+            granted,
+            grantedPermissions,
+            deniedPermissions,
+            reason: granted
+                ? undefined
+                : `Missing permissions: ${deniedPermissions.join(', ')}`,
+            grantSource: granted ? this.determineGrantSource(subjectPermissions, grantedPermissions) : undefined,
+            evaluatedAt: new Date().toISOString(),
+        };
+        permissionChecks.inc({
+            result: granted ? 'granted' : 'denied',
+            resource_type: request.resourceType ?? 'unknown',
+        });
+        logger.debug({
+            subjectId: request.subjectId,
+            permissions: request.permissions,
+            granted,
+            durationMs: performance.now() - startTime,
+        }, 'Permission check completed');
+        return result;
+    }
+    /**
+     * Get all effective permissions for a subject
+     */
+    async getSubjectPermissions(subjectId, tenantId) {
+        const permissions = new Set();
+        // Get role assignments for subject
+        const assignments = this.roleAssignments.get(subjectId) ?? [];
+        for (const assignment of assignments) {
+            if (!assignment.active)
+                continue;
+            if (assignment.expiresAt && new Date(assignment.expiresAt) < new Date())
+                continue;
+            if (tenantId && assignment.tenantId && assignment.tenantId !== tenantId)
+                continue;
+            const role = this.roleRegistry.get(assignment.roleId);
+            if (!role || !role.enabled)
+                continue;
+            // Get effective permissions for role (including inherited)
+            const rolePermissions = getEffectivePermissions(role, this.roleRegistry);
+            for (const perm of rolePermissions) {
+                permissions.add(perm);
+            }
+        }
+        return permissions;
+    }
+    /**
+     * Get all roles assigned to a subject
+     */
+    async getSubjectRoles(subjectId, tenantId) {
+        const roles = [];
+        const assignments = this.roleAssignments.get(subjectId) ?? [];
+        for (const assignment of assignments) {
+            if (!assignment.active)
+                continue;
+            if (assignment.expiresAt && new Date(assignment.expiresAt) < new Date())
+                continue;
+            if (tenantId && assignment.tenantId && assignment.tenantId !== tenantId)
+                continue;
+            const role = this.roleRegistry.get(assignment.roleId);
+            if (role && role.enabled) {
+                roles.push(role);
+            }
+        }
+        return roles;
+    }
+    // ===========================================================================
+    // POLICY MANAGEMENT
+    // ===========================================================================
+    /**
+     * Add an access policy
+     */
+    addPolicy(policy) {
+        accessPolicySchema.parse(policy);
+        this.policies.set(policy.id, policy);
+        this.clearCache();
+        logger.info({ policyId: policy.id, policyName: policy.name }, 'Policy added');
+    }
+    /**
+     * Update an access policy
+     */
+    updatePolicy(policyId, updates) {
+        const existing = this.policies.get(policyId);
+        if (!existing) {
+            throw new Error(`Policy not found: ${policyId}`);
+        }
+        const updated = {
+            ...existing,
+            ...updates,
+            updatedAt: new Date().toISOString(),
+        };
+        accessPolicySchema.parse(updated);
+        this.policies.set(policyId, updated);
+        this.clearCache();
+        logger.info({ policyId }, 'Policy updated');
+    }
+    /**
+     * Remove an access policy
+     */
+    removePolicy(policyId) {
+        const removed = this.policies.delete(policyId);
+        if (removed) {
+            this.clearCache();
+            logger.info({ policyId }, 'Policy removed');
+        }
+        return removed;
+    }
+    /**
+     * Get a policy by ID
+     */
+    getPolicy(policyId) {
+        return this.policies.get(policyId);
+    }
+    /**
+     * Get all policies
+     */
+    getAllPolicies() {
+        return Array.from(this.policies.values());
+    }
+    /**
+     * Get enabled policies
+     */
+    getEnabledPolicies() {
+        return Array.from(this.policies.values()).filter(p => p.enabled);
+    }
+    // ===========================================================================
+    // ROLE MANAGEMENT
+    // ===========================================================================
+    /**
+     * Add a custom role
+     */
+    addRole(role) {
+        if (role.isSystemRole) {
+            throw new Error('Cannot add system role');
+        }
+        this.roleRegistry.set(role.id, role);
+        this.clearCache();
+        logger.info({ roleId: role.id, roleName: role.name }, 'Role added');
+    }
+    /**
+     * Update a custom role
+     */
+    updateRole(roleId, updates) {
+        const existing = this.roleRegistry.get(roleId);
+        if (!existing) {
+            throw new Error(`Role not found: ${roleId}`);
+        }
+        if (existing.isSystemRole) {
+            throw new Error('Cannot modify system role');
+        }
+        const updated = {
+            ...existing,
+            ...updates,
+            updatedAt: new Date().toISOString(),
+        };
+        this.roleRegistry.set(roleId, updated);
+        this.clearCache();
+        logger.info({ roleId }, 'Role updated');
+    }
+    /**
+     * Remove a custom role
+     */
+    removeRole(roleId) {
+        const existing = this.roleRegistry.get(roleId);
+        if (existing?.isSystemRole) {
+            throw new Error('Cannot remove system role');
+        }
+        const removed = this.roleRegistry.delete(roleId);
+        if (removed) {
+            this.clearCache();
+            logger.info({ roleId }, 'Role removed');
+        }
+        return removed;
+    }
+    /**
+     * Get a role by ID
+     */
+    getRole(roleId) {
+        return this.roleRegistry.get(roleId);
+    }
+    /**
+     * Get all roles
+     */
+    getAllRoles() {
+        return Array.from(this.roleRegistry.values());
+    }
+    // ===========================================================================
+    // ROLE ASSIGNMENT
+    // ===========================================================================
+    /**
+     * Assign a role to a subject
+     */
+    assignRole(assignment) {
+        const role = this.roleRegistry.get(assignment.roleId);
+        if (!role) {
+            throw new Error(`Role not found: ${assignment.roleId}`);
+        }
+        const assignments = this.roleAssignments.get(assignment.subjectId) ?? [];
+        assignments.push(assignment);
+        this.roleAssignments.set(assignment.subjectId, assignments);
+        this.clearCache();
+        logger.info({
+            subjectId: assignment.subjectId,
+            roleId: assignment.roleId,
+        }, 'Role assigned');
+    }
+    /**
+     * Revoke a role from a subject
+     */
+    revokeRole(subjectId, roleId, tenantId) {
+        const assignments = this.roleAssignments.get(subjectId);
+        if (!assignments)
+            return false;
+        const index = assignments.findIndex(a => a.roleId === roleId &&
+            (!tenantId || a.tenantId === tenantId));
+        if (index === -1)
+            return false;
+        assignments[index].active = false;
+        this.clearCache();
+        logger.info({ subjectId, roleId }, 'Role revoked');
+        return true;
+    }
+    /**
+     * Get role assignments for a subject
+     */
+    getRoleAssignments(subjectId) {
+        return this.roleAssignments.get(subjectId) ?? [];
+    }
+    // ===========================================================================
+    // HELPER METHODS
+    // ===========================================================================
+    /**
+     * Get applicable policies for a context
+     */
+    getApplicablePolicies(context) {
+        return Array.from(this.policies.values())
+            .filter(policy => {
+            if (!policy.enabled)
+                return false;
+            // Check tenant scope
+            if (policy.tenantId && policy.tenantId !== context.environment.tenantId) {
+                return false;
+            }
+            return true;
+        })
+            .sort((a, b) => b.priority - a.priority); // Higher priority first
+    }
+    /**
+     * Check if a policy targets the subject
+     */
+    policyTargetsSubject(policy, context) {
+        if (!policy.target)
+            return true;
+        const target = policy.target;
+        // Check exclusions first
+        if (target.excludeSubjectIds?.includes(context.subject.id)) {
+            return false;
+        }
+        // Check subject ID
+        if (target.subjectIds && !target.subjectIds.includes(context.subject.id)) {
+            return false;
+        }
+        // Check subject type
+        if (target.subjectTypes && !target.subjectTypes.includes(context.subject.type)) {
+            return false;
+        }
+        // Check role
+        if (target.roleIds) {
+            const hasRole = target.roleIds.some(roleId => context.subject.roles.includes(roleId));
+            if (!hasRole)
+                return false;
+        }
+        // Check tenant
+        if (target.tenantIds && context.environment.tenantId) {
+            if (!target.tenantIds.includes(context.environment.tenantId)) {
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Check policy conditions
+     */
+    checkConditions(conditions, context) {
+        // Check IP address
+        if (conditions.ipAddresses && context.environment.ipAddress) {
+            const matchesIp = conditions.ipAddresses.some(allowed => this.matchIpAddress(context.environment.ipAddress, allowed));
+            if (!matchesIp)
+                return false;
+        }
+        // Check time window
+        if (conditions.timeWindow) {
+            const withinWindow = this.checkTimeRestriction(conditions.timeWindow, context.environment.timestamp);
+            if (!withinWindow)
+                return false;
+        }
+        // Check custom attributes
+        if (conditions.attributes) {
+            for (const [key, value] of Object.entries(conditions.attributes)) {
+                const subjectValue = context.subject.attributes?.[key];
+                if (subjectValue !== value)
+                    return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Check time restrictions
+     */
+    checkTimeRestrictions(restrictions, now) {
+        return restrictions.some(restriction => this.checkTimeRestriction(restriction, now));
+    }
+    /**
+     * Check a single time restriction
+     */
+    checkTimeRestriction(restriction, now) {
+        const hour = now.getHours();
+        const minute = now.getMinutes();
+        const currentTime = hour * 60 + minute;
+        const [startHour, startMinute] = restriction.startTime.split(':').map(Number);
+        const [endHour, endMinute] = restriction.endTime.split(':').map(Number);
+        const startTime = startHour * 60 + startMinute;
+        const endTime = endHour * 60 + endMinute;
+        // Check time range
+        let withinTime;
+        if (startTime <= endTime) {
+            withinTime = currentTime >= startTime && currentTime <= endTime;
+        }
+        else {
+            // Wrapping (e.g., 22:00 to 06:00)
+            withinTime = currentTime >= startTime || currentTime <= endTime;
+        }
+        if (!withinTime)
+            return false;
+        // Check day of week
+        if (restriction.daysOfWeek.length > 0) {
+            const day = now.getDay();
+            if (!restriction.daysOfWeek.includes(day))
+                return false;
+        }
+        return true;
+    }
+    /**
+     * Combine policy effects using the specified algorithm
+     */
+    combineEffects(effects, algorithm) {
+        if (effects.length === 0) {
+            return { effect: this.options.defaultEffect };
+        }
+        switch (algorithm) {
+            case CombiningAlgorithms.DENY_OVERRIDES: {
+                const deny = effects.find(e => e.effect === PolicyEffects.DENY);
+                if (deny)
+                    return { effect: PolicyEffects.DENY, decidingPolicy: deny.policy };
+                const allow = effects.find(e => e.effect === PolicyEffects.ALLOW);
+                if (allow)
+                    return { effect: PolicyEffects.ALLOW, decidingPolicy: allow.policy };
+                return { effect: PolicyEffects.INDETERMINATE };
+            }
+            case CombiningAlgorithms.PERMIT_OVERRIDES: {
+                const allow = effects.find(e => e.effect === PolicyEffects.ALLOW);
+                if (allow)
+                    return { effect: PolicyEffects.ALLOW, decidingPolicy: allow.policy };
+                const deny = effects.find(e => e.effect === PolicyEffects.DENY);
+                if (deny)
+                    return { effect: PolicyEffects.DENY, decidingPolicy: deny.policy };
+                return { effect: PolicyEffects.INDETERMINATE };
+            }
+            case CombiningAlgorithms.UNANIMOUS: {
+                const allAllow = effects.every(e => e.effect === PolicyEffects.ALLOW);
+                if (allAllow)
+                    return { effect: PolicyEffects.ALLOW, decidingPolicy: effects[0]?.policy };
+                const anyDeny = effects.find(e => e.effect === PolicyEffects.DENY);
+                return { effect: PolicyEffects.DENY, decidingPolicy: anyDeny?.policy };
+            }
+            case CombiningAlgorithms.FIRST_APPLICABLE: {
+                const first = effects[0];
+                if (first)
+                    return { effect: first.effect, decidingPolicy: first.policy };
+                return { effect: PolicyEffects.INDETERMINATE };
+            }
+            case CombiningAlgorithms.PRIORITY_BASED: {
+                // Sort by priority (highest first) and take first
+                const sorted = [...effects].sort((a, b) => b.priority - a.priority);
+                const highest = sorted[0];
+                if (highest)
+                    return { effect: highest.effect, decidingPolicy: highest.policy };
+                return { effect: PolicyEffects.INDETERMINATE };
+            }
+            default:
+                return { effect: this.options.defaultEffect };
+        }
+    }
+    /**
+     * Match a pattern (supports wildcards)
+     */
+    matchPattern(value, pattern) {
+        if (pattern === '*')
+            return true;
+        if (pattern.endsWith('*')) {
+            return value.startsWith(pattern.slice(0, -1));
+        }
+        if (pattern.startsWith('*')) {
+            return value.endsWith(pattern.slice(1));
+        }
+        return value === pattern;
+    }
+    /**
+     * Match IP address against a pattern.
+     *
+     * Supports:
+     * - Wildcard '*' (matches any IP)
+     * - CIDR notation for IPv4 (e.g., "192.168.1.0/24")
+     * - CIDR notation for IPv6 (e.g., "fe80::/10")
+     * - Exact string match as fallback
+     *
+     * When a CIDR pattern omits the prefix length, it defaults to
+     * /32 for IPv4 and /128 for IPv6 (exact host match).
+     */
+    matchIpAddress(ip, pattern) {
+        if (pattern === '*')
+            return true;
+        // Attempt CIDR match if the pattern looks like an IP or CIDR
+        try {
+            return RBACPolicyEngine.ipMatchesCidr(ip, pattern);
+        }
+        catch {
+            // If parsing fails, fall back to exact string comparison
+            return ip === pattern;
+        }
+    }
+    // ---------------------------------------------------------------------------
+    // Static IP / CIDR helpers (pure TypeScript, no external dependencies)
+    // ---------------------------------------------------------------------------
+    /**
+     * Determine whether `ip` falls within the network described by `cidr`.
+     * `cidr` may be a bare IP (treated as /32 or /128) or "ip/prefix".
+     */
+    static ipMatchesCidr(ip, cidr) {
+        const [networkStr, prefixStr] = cidr.split('/');
+        const isIpV6 = RBACPolicyEngine.isIPv6(ip);
+        const isPatternV6 = RBACPolicyEngine.isIPv6(networkStr);
+        // IP family mismatch → no match
+        if (isIpV6 !== isPatternV6)
+            return false;
+        if (isIpV6) {
+            const defaultPrefix = 128;
+            const prefixLen = prefixStr !== undefined ? parseInt(prefixStr, 10) : defaultPrefix;
+            if (isNaN(prefixLen) || prefixLen < 0 || prefixLen > 128)
+                return false;
+            const ipBits = RBACPolicyEngine.ipv6ToBits(ip);
+            const networkBits = RBACPolicyEngine.ipv6ToBits(networkStr);
+            return RBACPolicyEngine.bitsMatchPrefix(ipBits, networkBits, prefixLen);
+        }
+        else {
+            const defaultPrefix = 32;
+            const prefixLen = prefixStr !== undefined ? parseInt(prefixStr, 10) : defaultPrefix;
+            if (isNaN(prefixLen) || prefixLen < 0 || prefixLen > 32)
+                return false;
+            const ipNum = RBACPolicyEngine.ipv4ToNumber(ip);
+            const networkNum = RBACPolicyEngine.ipv4ToNumber(networkStr);
+            // Throw on unparseable addresses so the caller can fall back to
+            // exact string comparison for non-IP values (e.g., hostnames).
+            if (ipNum === null || networkNum === null) {
+                throw new Error(`Invalid IPv4 address: ip=${ip}, network=${networkStr}`);
+            }
+            if (prefixLen === 0)
+                return true; // /0 matches everything
+            // Build a 32-bit mask: e.g. prefix 24 → 0xFFFFFF00
+            const mask = (~0 << (32 - prefixLen)) >>> 0;
+            return ((ipNum & mask) >>> 0) === ((networkNum & mask) >>> 0);
+        }
+    }
+    /** Returns true when the address string contains a colon (→ IPv6). */
+    static isIPv6(addr) {
+        return addr.includes(':');
+    }
+    /**
+     * Parse a dotted-quad IPv4 string into a 32-bit unsigned integer.
+     * Returns null on invalid input.
+     */
+    static ipv4ToNumber(ip) {
+        const parts = ip.split('.');
+        if (parts.length !== 4)
+            return null;
+        let num = 0;
+        for (const part of parts) {
+            const octet = parseInt(part, 10);
+            if (isNaN(octet) || octet < 0 || octet > 255)
+                return null;
+            num = ((num << 8) | octet) >>> 0;
+        }
+        return num;
+    }
+    /**
+     * Expand an IPv6 address (handling :: shorthand) into a 128-element
+     * bit array (array of 0 | 1).
+     */
+    static ipv6ToBits(addr) {
+        // Handle IPv4-mapped IPv6 (e.g., ::ffff:192.168.1.1)
+        const v4Suffix = addr.match(/::ffff:(\d+\.\d+\.\d+\.\d+)$/i);
+        if (v4Suffix) {
+            const ipv4Num = RBACPolicyEngine.ipv4ToNumber(v4Suffix[1]);
+            if (ipv4Num === null)
+                throw new Error(`Invalid IPv4-mapped IPv6: ${addr}`);
+            // Construct the full 128-bit representation
+            // First 80 bits are 0, next 16 bits are 0xFFFF, last 32 bits are the IPv4
+            const bits = new Array(80).fill(0);
+            for (let i = 15; i >= 0; i--) {
+                bits.push((0xFFFF >> (15 - i)) & 1);
+            }
+            for (let i = 31; i >= 0; i--) {
+                bits.push((ipv4Num >> i) & 1);
+            }
+            return bits;
+        }
+        // Expand :: into the correct number of zero groups
+        let fullAddr = addr;
+        if (fullAddr.includes('::')) {
+            const halves = fullAddr.split('::');
+            const left = halves[0] ? halves[0].split(':') : [];
+            const right = halves[1] ? halves[1].split(':') : [];
+            const missing = 8 - left.length - right.length;
+            const middle = new Array(Math.max(missing, 0)).fill('0');
+            fullAddr = [...left, ...middle, ...right].join(':');
+        }
+        const groups = fullAddr.split(':');
+        if (groups.length !== 8)
+            throw new Error(`Invalid IPv6 address: ${addr}`);
+        const bits = [];
+        for (const group of groups) {
+            const val = parseInt(group || '0', 16);
+            if (isNaN(val) || val < 0 || val > 0xFFFF) {
+                throw new Error(`Invalid IPv6 group "${group}" in ${addr}`);
+            }
+            for (let i = 15; i >= 0; i--) {
+                bits.push((val >> i) & 1);
+            }
+        }
+        return bits;
+    }
+    /**
+     * Compare the first `prefixLen` bits of two 128-element bit arrays.
+     */
+    static bitsMatchPrefix(a, b, prefixLen) {
+        for (let i = 0; i < prefixLen; i++) {
+            if (a[i] !== b[i])
+                return false;
+        }
+        return true;
+    }
+    /**
+     * Get missing requirements for a denied request
+     */
+    getMissingRequirements(context, policies) {
+        const missingPermissions = [];
+        const missingRoles = [];
+        let requiredTrustTier;
+        for (const policy of policies) {
+            if (policy.requiredPermissions) {
+                for (const perm of policy.requiredPermissions) {
+                    if (!hasPermission(context.subject.permissions, perm)) {
+                        missingPermissions.push(perm);
+                    }
+                }
+            }
+            if (policy.requiredRoles) {
+                for (const role of policy.requiredRoles) {
+                    if (!context.subject.roles.includes(role)) {
+                        missingRoles.push(role);
+                    }
+                }
+            }
+            if (policy.requiredTrustTier !== undefined) {
+                if (context.subject.trustTier < policy.requiredTrustTier) {
+                    if (!requiredTrustTier || policy.requiredTrustTier > requiredTrustTier) {
+                        requiredTrustTier = policy.requiredTrustTier;
+                    }
+                }
+            }
+        }
+        return {
+            permissions: missingPermissions.length > 0 ? [...new Set(missingPermissions)] : undefined,
+            roles: missingRoles.length > 0 ? [...new Set(missingRoles)] : undefined,
+            trustTier: requiredTrustTier,
+        };
+    }
+    /**
+     * Build decision reason string
+     */
+    buildDecisionReason(effect, decidingPolicy, missingRequirements) {
+        if (effect === PolicyEffects.ALLOW) {
+            return decidingPolicy
+                ? `Access granted by policy: ${decidingPolicy.policyName}`
+                : 'Access granted (default)';
+        }
+        if (effect === PolicyEffects.DENY) {
+            const reasons = [];
+            if (decidingPolicy?.reason) {
+                reasons.push(decidingPolicy.reason);
+            }
+            else if (decidingPolicy) {
+                reasons.push(`Denied by policy: ${decidingPolicy.policyName}`);
+            }
+            if (missingRequirements?.permissions?.length) {
+                reasons.push(`Missing permissions: ${missingRequirements.permissions.join(', ')}`);
+            }
+            if (missingRequirements?.roles?.length) {
+                reasons.push(`Missing roles: ${missingRequirements.roles.join(', ')}`);
+            }
+            if (missingRequirements?.trustTier !== undefined) {
+                reasons.push(`Insufficient trust tier: requires T${missingRequirements.trustTier}`);
+            }
+            return reasons.length > 0 ? reasons.join('; ') : 'Access denied';
+        }
+        return 'Unable to determine access';
+    }
+    /**
+     * Determine how permission was granted
+     */
+    determineGrantSource(permissions, grantedPermissions) {
+        if (permissions.has('*')) {
+            return 'wildcard';
+        }
+        // Check if any are direct matches vs wildcards
+        for (const perm of grantedPermissions) {
+            if (permissions.has(perm)) {
+                return 'direct';
+            }
+        }
+        return 'inherited';
+    }
+    /**
+     * Build cache key for evaluation context
+     */
+    buildCacheKey(context) {
+        return [
+            context.subject.id,
+            context.subject.type,
+            context.resource.type,
+            context.resource.action,
+            context.resource.id ?? '',
+            context.environment.tenantId ?? '',
+        ].join(':');
+    }
+    /**
+     * Clear evaluation cache
+     */
+    clearCache() {
+        this.evaluationCache.clear();
+    }
+    /**
+     * Log access decision for audit
+     */
+    async logAccessDecision(context, result) {
+        const actor = {
+            type: context.subject.type === 'user' ? 'user' : 'agent',
+            id: context.subject.id,
+            tenantId: context.environment.tenantId,
+            ip: context.environment.ipAddress,
+        };
+        const resource = {
+            type: context.resource.type,
+            id: context.resource.id ?? context.resource.type,
+            path: `${context.resource.type}:${context.resource.action}`,
+        };
+        if (result.permitted) {
+            await this.auditLogger.logAccessGranted(actor, resource, {
+                effect: result.effect,
+                decidingPolicy: result.decidingPolicy?.policyId,
+                durationMs: result.durationMs,
+            });
+        }
+        else {
+            await this.auditLogger.logAccessDenied(actor, resource, result.reason, {
+                effect: result.effect,
+                decidingPolicy: result.decidingPolicy?.policyId,
+                missingRequirements: result.missingRequirements,
+                durationMs: result.durationMs,
+            });
+        }
+    }
+    /**
+     * Get engine statistics
+     */
+    getStats() {
+        const roles = Array.from(this.roleRegistry.values());
+        let totalAssignments = 0;
+        for (const assignments of this.roleAssignments.values()) {
+            totalAssignments += assignments.length;
+        }
+        return {
+            totalPolicies: this.policies.size,
+            enabledPolicies: Array.from(this.policies.values()).filter(p => p.enabled).length,
+            totalRoles: roles.length,
+            systemRoles: roles.filter(r => r.isSystemRole).length,
+            customRoles: roles.filter(r => !r.isSystemRole).length,
+            totalAssignments,
+            cacheSize: this.evaluationCache.size,
+        };
+    }
+    /**
+     * Destroy the engine and cleanup resources
+     */
+    destroy() {
+        this.clearCache();
+        logger.info('RBAC policy engine destroyed');
+    }
+}
+/**
+ * Create a new RBAC policy engine
+ */
+export function createRBACPolicyEngine(options) {
+    return new RBACPolicyEngine(options);
+}
+/**
+ * Create a policy evaluation context
+ */
+export function createPolicyEvaluationContext(params) {
+    return {
+        subject: {
+            id: params.subjectId,
+            type: params.subjectType,
+            trustTier: params.trustTier,
+            roles: params.roles,
+            permissions: new Set(params.permissions),
+            attributes: params.subjectAttributes,
+        },
+        resource: {
+            id: params.resourceId,
+            type: params.resourceType,
+            action: params.resourceAction,
+            tenantId: params.tenantId,
+            attributes: params.resourceAttributes,
+        },
+        environment: {
+            timestamp: new Date(),
+            ipAddress: params.ipAddress,
+            userAgent: params.userAgent,
+            tenantId: params.tenantId,
+            requestId: params.requestId,
+        },
+    };
+}
+/**
+ * Create an access policy
+ */
+export function createAccessPolicy(partial) {
+    const now = new Date().toISOString();
+    return {
+        ...partial,
+        enabled: partial.enabled ?? true,
+        createdAt: now,
+        updatedAt: now,
+    };
+}
+//# sourceMappingURL=policy-engine.js.map