@vorionsys/platform-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1847) hide show
  1. package/LICENSE +190 -0
  2. package/README.md +88 -0
  3. package/dist/a2a/attestation.d.ts +145 -0
  4. package/dist/a2a/attestation.d.ts.map +1 -0
  5. package/dist/a2a/attestation.js +353 -0
  6. package/dist/a2a/attestation.js.map +1 -0
  7. package/dist/a2a/chain-of-trust.d.ts +143 -0
  8. package/dist/a2a/chain-of-trust.d.ts.map +1 -0
  9. package/dist/a2a/chain-of-trust.js +422 -0
  10. package/dist/a2a/chain-of-trust.js.map +1 -0
  11. package/dist/a2a/index.d.ts +15 -0
  12. package/dist/a2a/index.d.ts.map +1 -0
  13. package/dist/a2a/index.js +23 -0
  14. package/dist/a2a/index.js.map +1 -0
  15. package/dist/a2a/openapi.d.ts +22 -0
  16. package/dist/a2a/openapi.d.ts.map +1 -0
  17. package/dist/a2a/openapi.js +1133 -0
  18. package/dist/a2a/openapi.js.map +1 -0
  19. package/dist/a2a/router.d.ts +167 -0
  20. package/dist/a2a/router.d.ts.map +1 -0
  21. package/dist/a2a/router.js +454 -0
  22. package/dist/a2a/router.js.map +1 -0
  23. package/dist/a2a/routes.d.ts +11 -0
  24. package/dist/a2a/routes.d.ts.map +1 -0
  25. package/dist/a2a/routes.js +442 -0
  26. package/dist/a2a/routes.js.map +1 -0
  27. package/dist/a2a/trust-negotiation.d.ts +119 -0
  28. package/dist/a2a/trust-negotiation.d.ts.map +1 -0
  29. package/dist/a2a/trust-negotiation.js +425 -0
  30. package/dist/a2a/trust-negotiation.js.map +1 -0
  31. package/dist/a2a/types.d.ts +413 -0
  32. package/dist/a2a/types.d.ts.map +1 -0
  33. package/dist/a2a/types.js +38 -0
  34. package/dist/a2a/types.js.map +1 -0
  35. package/dist/agent-registry/a3i-cache.d.ts +113 -0
  36. package/dist/agent-registry/a3i-cache.d.ts.map +1 -0
  37. package/dist/agent-registry/a3i-cache.js +305 -0
  38. package/dist/agent-registry/a3i-cache.js.map +1 -0
  39. package/dist/agent-registry/index.d.ts +14 -0
  40. package/dist/agent-registry/index.d.ts.map +1 -0
  41. package/dist/agent-registry/index.js +17 -0
  42. package/dist/agent-registry/index.js.map +1 -0
  43. package/dist/agent-registry/openapi.d.ts +23 -0
  44. package/dist/agent-registry/openapi.d.ts.map +1 -0
  45. package/dist/agent-registry/openapi.js +1377 -0
  46. package/dist/agent-registry/openapi.js.map +1 -0
  47. package/dist/agent-registry/routes.d.ts +10 -0
  48. package/dist/agent-registry/routes.d.ts.map +1 -0
  49. package/dist/agent-registry/routes.js +485 -0
  50. package/dist/agent-registry/routes.js.map +1 -0
  51. package/dist/agent-registry/service.d.ts +159 -0
  52. package/dist/agent-registry/service.d.ts.map +1 -0
  53. package/dist/agent-registry/service.js +652 -0
  54. package/dist/agent-registry/service.js.map +1 -0
  55. package/dist/agent-registry/tenant-service.d.ts +104 -0
  56. package/dist/agent-registry/tenant-service.d.ts.map +1 -0
  57. package/dist/agent-registry/tenant-service.js +313 -0
  58. package/dist/agent-registry/tenant-service.js.map +1 -0
  59. package/dist/api/auth.d.ts +55 -0
  60. package/dist/api/auth.d.ts.map +1 -0
  61. package/dist/api/auth.js +322 -0
  62. package/dist/api/auth.js.map +1 -0
  63. package/dist/api/errors.d.ts +146 -0
  64. package/dist/api/errors.d.ts.map +1 -0
  65. package/dist/api/errors.js +464 -0
  66. package/dist/api/errors.js.map +1 -0
  67. package/dist/api/index.d.ts +15 -0
  68. package/dist/api/index.d.ts.map +1 -0
  69. package/dist/api/index.js +19 -0
  70. package/dist/api/index.js.map +1 -0
  71. package/dist/api/middleware/api-key-enforcement.d.ts +131 -0
  72. package/dist/api/middleware/api-key-enforcement.d.ts.map +1 -0
  73. package/dist/api/middleware/api-key-enforcement.js +674 -0
  74. package/dist/api/middleware/api-key-enforcement.js.map +1 -0
  75. package/dist/api/middleware/audit.d.ts +151 -0
  76. package/dist/api/middleware/audit.d.ts.map +1 -0
  77. package/dist/api/middleware/audit.js +384 -0
  78. package/dist/api/middleware/audit.js.map +1 -0
  79. package/dist/api/middleware/dpop-enforcement.d.ts +176 -0
  80. package/dist/api/middleware/dpop-enforcement.d.ts.map +1 -0
  81. package/dist/api/middleware/dpop-enforcement.js +596 -0
  82. package/dist/api/middleware/dpop-enforcement.js.map +1 -0
  83. package/dist/api/middleware/index.d.ts +24 -0
  84. package/dist/api/middleware/index.d.ts.map +1 -0
  85. package/dist/api/middleware/index.js +43 -0
  86. package/dist/api/middleware/index.js.map +1 -0
  87. package/dist/api/middleware/metrics.d.ts +41 -0
  88. package/dist/api/middleware/metrics.d.ts.map +1 -0
  89. package/dist/api/middleware/metrics.js +150 -0
  90. package/dist/api/middleware/metrics.js.map +1 -0
  91. package/dist/api/middleware/rate-limits.d.ts +224 -0
  92. package/dist/api/middleware/rate-limits.d.ts.map +1 -0
  93. package/dist/api/middleware/rate-limits.js +686 -0
  94. package/dist/api/middleware/rate-limits.js.map +1 -0
  95. package/dist/api/middleware/rateLimit.d.ts +165 -0
  96. package/dist/api/middleware/rateLimit.d.ts.map +1 -0
  97. package/dist/api/middleware/rateLimit.js +477 -0
  98. package/dist/api/middleware/rateLimit.js.map +1 -0
  99. package/dist/api/middleware/redis-rate-limiter.d.ts +279 -0
  100. package/dist/api/middleware/redis-rate-limiter.d.ts.map +1 -0
  101. package/dist/api/middleware/redis-rate-limiter.js +1074 -0
  102. package/dist/api/middleware/redis-rate-limiter.js.map +1 -0
  103. package/dist/api/middleware/security-headers.d.ts +248 -0
  104. package/dist/api/middleware/security-headers.d.ts.map +1 -0
  105. package/dist/api/middleware/security-headers.js +410 -0
  106. package/dist/api/middleware/security-headers.js.map +1 -0
  107. package/dist/api/middleware/security.d.ts +156 -0
  108. package/dist/api/middleware/security.d.ts.map +1 -0
  109. package/dist/api/middleware/security.js +412 -0
  110. package/dist/api/middleware/security.js.map +1 -0
  111. package/dist/api/middleware/validation.d.ts +132 -0
  112. package/dist/api/middleware/validation.d.ts.map +1 -0
  113. package/dist/api/middleware/validation.js +363 -0
  114. package/dist/api/middleware/validation.js.map +1 -0
  115. package/dist/api/middleware/webhook-verify.d.ts +130 -0
  116. package/dist/api/middleware/webhook-verify.d.ts.map +1 -0
  117. package/dist/api/middleware/webhook-verify.js +366 -0
  118. package/dist/api/middleware/webhook-verify.js.map +1 -0
  119. package/dist/api/rate-limit.d.ts +115 -0
  120. package/dist/api/rate-limit.d.ts.map +1 -0
  121. package/dist/api/rate-limit.js +335 -0
  122. package/dist/api/rate-limit.js.map +1 -0
  123. package/dist/api/server.d.ts +37 -0
  124. package/dist/api/server.d.ts.map +1 -0
  125. package/dist/api/server.js +2086 -0
  126. package/dist/api/server.js.map +1 -0
  127. package/dist/api/validation.d.ts +243 -0
  128. package/dist/api/validation.d.ts.map +1 -0
  129. package/dist/api/validation.js +247 -0
  130. package/dist/api/validation.js.map +1 -0
  131. package/dist/audit/compliance-reporter.d.ts +271 -0
  132. package/dist/audit/compliance-reporter.d.ts.map +1 -0
  133. package/dist/audit/compliance-reporter.js +587 -0
  134. package/dist/audit/compliance-reporter.js.map +1 -0
  135. package/dist/audit/db-store.d.ts +689 -0
  136. package/dist/audit/db-store.d.ts.map +1 -0
  137. package/dist/audit/db-store.js +589 -0
  138. package/dist/audit/db-store.js.map +1 -0
  139. package/dist/audit/event-schema.d.ts +605 -0
  140. package/dist/audit/event-schema.d.ts.map +1 -0
  141. package/dist/audit/event-schema.js +566 -0
  142. package/dist/audit/event-schema.js.map +1 -0
  143. package/dist/audit/index.d.ts +16 -0
  144. package/dist/audit/index.d.ts.map +1 -0
  145. package/dist/audit/index.js +44 -0
  146. package/dist/audit/index.js.map +1 -0
  147. package/dist/audit/security-events.d.ts +1624 -0
  148. package/dist/audit/security-events.d.ts.map +1 -0
  149. package/dist/audit/security-events.js +775 -0
  150. package/dist/audit/security-events.js.map +1 -0
  151. package/dist/audit/security-logger.d.ts +288 -0
  152. package/dist/audit/security-logger.d.ts.map +1 -0
  153. package/dist/audit/security-logger.js +820 -0
  154. package/dist/audit/security-logger.js.map +1 -0
  155. package/dist/audit/service.d.ts +206 -0
  156. package/dist/audit/service.d.ts.map +1 -0
  157. package/dist/audit/service.js +756 -0
  158. package/dist/audit/service.js.map +1 -0
  159. package/dist/audit/siem/elastic.d.ts +94 -0
  160. package/dist/audit/siem/elastic.d.ts.map +1 -0
  161. package/dist/audit/siem/elastic.js +412 -0
  162. package/dist/audit/siem/elastic.js.map +1 -0
  163. package/dist/audit/siem/index.d.ts +179 -0
  164. package/dist/audit/siem/index.d.ts.map +1 -0
  165. package/dist/audit/siem/index.js +368 -0
  166. package/dist/audit/siem/index.js.map +1 -0
  167. package/dist/audit/siem/loki.d.ts +100 -0
  168. package/dist/audit/siem/loki.d.ts.map +1 -0
  169. package/dist/audit/siem/loki.js +406 -0
  170. package/dist/audit/siem/loki.js.map +1 -0
  171. package/dist/audit/siem/splunk.d.ts +91 -0
  172. package/dist/audit/siem/splunk.d.ts.map +1 -0
  173. package/dist/audit/siem/splunk.js +375 -0
  174. package/dist/audit/siem/splunk.js.map +1 -0
  175. package/dist/audit/siem/types.d.ts +547 -0
  176. package/dist/audit/siem/types.d.ts.map +1 -0
  177. package/dist/audit/siem/types.js +270 -0
  178. package/dist/audit/siem/types.js.map +1 -0
  179. package/dist/audit/types.d.ts +410 -0
  180. package/dist/audit/types.d.ts.map +1 -0
  181. package/dist/audit/types.js +130 -0
  182. package/dist/audit/types.js.map +1 -0
  183. package/dist/auth/index.d.ts +10 -0
  184. package/dist/auth/index.d.ts.map +1 -0
  185. package/dist/auth/index.js +10 -0
  186. package/dist/auth/index.js.map +1 -0
  187. package/dist/auth/mfa/index.d.ts +9 -0
  188. package/dist/auth/mfa/index.d.ts.map +1 -0
  189. package/dist/auth/mfa/index.js +9 -0
  190. package/dist/auth/mfa/index.js.map +1 -0
  191. package/dist/auth/mfa/totp.d.ts +222 -0
  192. package/dist/auth/mfa/totp.d.ts.map +1 -0
  193. package/dist/auth/mfa/totp.js +329 -0
  194. package/dist/auth/mfa/totp.js.map +1 -0
  195. package/dist/auth/piv-cac/card-removal-handler.d.ts +197 -0
  196. package/dist/auth/piv-cac/card-removal-handler.d.ts.map +1 -0
  197. package/dist/auth/piv-cac/card-removal-handler.js +560 -0
  198. package/dist/auth/piv-cac/card-removal-handler.js.map +1 -0
  199. package/dist/auth/piv-cac/certificate-auth.d.ts +117 -0
  200. package/dist/auth/piv-cac/certificate-auth.d.ts.map +1 -0
  201. package/dist/auth/piv-cac/certificate-auth.js +727 -0
  202. package/dist/auth/piv-cac/certificate-auth.js.map +1 -0
  203. package/dist/auth/piv-cac/certificate-mapper.d.ts +141 -0
  204. package/dist/auth/piv-cac/certificate-mapper.d.ts.map +1 -0
  205. package/dist/auth/piv-cac/certificate-mapper.js +569 -0
  206. package/dist/auth/piv-cac/certificate-mapper.js.map +1 -0
  207. package/dist/auth/piv-cac/crl-validator.d.ts +195 -0
  208. package/dist/auth/piv-cac/crl-validator.d.ts.map +1 -0
  209. package/dist/auth/piv-cac/crl-validator.js +824 -0
  210. package/dist/auth/piv-cac/crl-validator.js.map +1 -0
  211. package/dist/auth/piv-cac/index.d.ts +72 -0
  212. package/dist/auth/piv-cac/index.d.ts.map +1 -0
  213. package/dist/auth/piv-cac/index.js +172 -0
  214. package/dist/auth/piv-cac/index.js.map +1 -0
  215. package/dist/auth/piv-cac/ocsp-validator.d.ts +183 -0
  216. package/dist/auth/piv-cac/ocsp-validator.d.ts.map +1 -0
  217. package/dist/auth/piv-cac/ocsp-validator.js +657 -0
  218. package/dist/auth/piv-cac/ocsp-validator.js.map +1 -0
  219. package/dist/auth/piv-cac/piv-middleware.d.ts +95 -0
  220. package/dist/auth/piv-cac/piv-middleware.d.ts.map +1 -0
  221. package/dist/auth/piv-cac/piv-middleware.js +524 -0
  222. package/dist/auth/piv-cac/piv-middleware.js.map +1 -0
  223. package/dist/auth/piv-cac/piv-routes.d.ts +29 -0
  224. package/dist/auth/piv-cac/piv-routes.d.ts.map +1 -0
  225. package/dist/auth/piv-cac/piv-routes.js +534 -0
  226. package/dist/auth/piv-cac/piv-routes.js.map +1 -0
  227. package/dist/auth/piv-cac/pkcs11-provider.d.ts +280 -0
  228. package/dist/auth/piv-cac/pkcs11-provider.d.ts.map +1 -0
  229. package/dist/auth/piv-cac/pkcs11-provider.js +535 -0
  230. package/dist/auth/piv-cac/pkcs11-provider.js.map +1 -0
  231. package/dist/auth/piv-cac/types.d.ts +4098 -0
  232. package/dist/auth/piv-cac/types.d.ts.map +1 -0
  233. package/dist/auth/piv-cac/types.js +495 -0
  234. package/dist/auth/piv-cac/types.js.map +1 -0
  235. package/dist/basis/evaluator.d.ts +72 -0
  236. package/dist/basis/evaluator.d.ts.map +1 -0
  237. package/dist/basis/evaluator.js +275 -0
  238. package/dist/basis/evaluator.js.map +1 -0
  239. package/dist/basis/expression-evaluator.d.ts +77 -0
  240. package/dist/basis/expression-evaluator.d.ts.map +1 -0
  241. package/dist/basis/expression-evaluator.js +826 -0
  242. package/dist/basis/expression-evaluator.js.map +1 -0
  243. package/dist/basis/index.d.ts +13 -0
  244. package/dist/basis/index.d.ts.map +1 -0
  245. package/dist/basis/index.js +13 -0
  246. package/dist/basis/index.js.map +1 -0
  247. package/dist/basis/parser.d.ts +376 -0
  248. package/dist/basis/parser.d.ts.map +1 -0
  249. package/dist/basis/parser.js +178 -0
  250. package/dist/basis/parser.js.map +1 -0
  251. package/dist/basis/types.d.ts +115 -0
  252. package/dist/basis/types.d.ts.map +1 -0
  253. package/dist/basis/types.js +5 -0
  254. package/dist/basis/types.js.map +1 -0
  255. package/dist/car-extensions/aci-string-extensions.d.ts +10 -0
  256. package/dist/car-extensions/aci-string-extensions.d.ts.map +1 -0
  257. package/dist/car-extensions/aci-string-extensions.js +24 -0
  258. package/dist/car-extensions/aci-string-extensions.js.map +1 -0
  259. package/dist/car-extensions/builtin-extensions/audit.d.ts +88 -0
  260. package/dist/car-extensions/builtin-extensions/audit.d.ts.map +1 -0
  261. package/dist/car-extensions/builtin-extensions/audit.js +445 -0
  262. package/dist/car-extensions/builtin-extensions/audit.js.map +1 -0
  263. package/dist/car-extensions/builtin-extensions/governance.d.ts +32 -0
  264. package/dist/car-extensions/builtin-extensions/governance.d.ts.map +1 -0
  265. package/dist/car-extensions/builtin-extensions/governance.js +534 -0
  266. package/dist/car-extensions/builtin-extensions/governance.js.map +1 -0
  267. package/dist/car-extensions/builtin-extensions/monitoring.d.ts +43 -0
  268. package/dist/car-extensions/builtin-extensions/monitoring.d.ts.map +1 -0
  269. package/dist/car-extensions/builtin-extensions/monitoring.js +416 -0
  270. package/dist/car-extensions/builtin-extensions/monitoring.js.map +1 -0
  271. package/dist/car-extensions/car-string-extensions.d.ts +355 -0
  272. package/dist/car-extensions/car-string-extensions.d.ts.map +1 -0
  273. package/dist/car-extensions/car-string-extensions.js +473 -0
  274. package/dist/car-extensions/car-string-extensions.js.map +1 -0
  275. package/dist/car-extensions/executor.d.ts +208 -0
  276. package/dist/car-extensions/executor.d.ts.map +1 -0
  277. package/dist/car-extensions/executor.js +789 -0
  278. package/dist/car-extensions/executor.js.map +1 -0
  279. package/dist/car-extensions/index.d.ts +94 -0
  280. package/dist/car-extensions/index.d.ts.map +1 -0
  281. package/dist/car-extensions/index.js +159 -0
  282. package/dist/car-extensions/index.js.map +1 -0
  283. package/dist/car-extensions/registry.d.ts +217 -0
  284. package/dist/car-extensions/registry.d.ts.map +1 -0
  285. package/dist/car-extensions/registry.js +450 -0
  286. package/dist/car-extensions/registry.js.map +1 -0
  287. package/dist/car-extensions/service.d.ts +220 -0
  288. package/dist/car-extensions/service.d.ts.map +1 -0
  289. package/dist/car-extensions/service.js +486 -0
  290. package/dist/car-extensions/service.js.map +1 -0
  291. package/dist/car-extensions/types.d.ts +2269 -0
  292. package/dist/car-extensions/types.d.ts.map +1 -0
  293. package/dist/car-extensions/types.js +389 -0
  294. package/dist/car-extensions/types.js.map +1 -0
  295. package/dist/cognigate/index.d.ts +192 -0
  296. package/dist/cognigate/index.d.ts.map +1 -0
  297. package/dist/cognigate/index.js +435 -0
  298. package/dist/cognigate/index.js.map +1 -0
  299. package/dist/cognigate/sandbox/capability-broker.d.ts +166 -0
  300. package/dist/cognigate/sandbox/capability-broker.d.ts.map +1 -0
  301. package/dist/cognigate/sandbox/capability-broker.js +461 -0
  302. package/dist/cognigate/sandbox/capability-broker.js.map +1 -0
  303. package/dist/cognigate/sandbox/filesystem-policy.d.ts +139 -0
  304. package/dist/cognigate/sandbox/filesystem-policy.d.ts.map +1 -0
  305. package/dist/cognigate/sandbox/filesystem-policy.js +426 -0
  306. package/dist/cognigate/sandbox/filesystem-policy.js.map +1 -0
  307. package/dist/cognigate/sandbox/index.d.ts +17 -0
  308. package/dist/cognigate/sandbox/index.d.ts.map +1 -0
  309. package/dist/cognigate/sandbox/index.js +24 -0
  310. package/dist/cognigate/sandbox/index.js.map +1 -0
  311. package/dist/cognigate/sandbox/network-policy.d.ts +126 -0
  312. package/dist/cognigate/sandbox/network-policy.d.ts.map +1 -0
  313. package/dist/cognigate/sandbox/network-policy.js +382 -0
  314. package/dist/cognigate/sandbox/network-policy.js.map +1 -0
  315. package/dist/cognigate/sandbox/sandbox-service.d.ts +70 -0
  316. package/dist/cognigate/sandbox/sandbox-service.d.ts.map +1 -0
  317. package/dist/cognigate/sandbox/sandbox-service.js +472 -0
  318. package/dist/cognigate/sandbox/sandbox-service.js.map +1 -0
  319. package/dist/cognigate/sandbox/types.d.ts +376 -0
  320. package/dist/cognigate/sandbox/types.d.ts.map +1 -0
  321. package/dist/cognigate/sandbox/types.js +179 -0
  322. package/dist/cognigate/sandbox/types.js.map +1 -0
  323. package/dist/common/adapters/index.d.ts +34 -0
  324. package/dist/common/adapters/index.d.ts.map +1 -0
  325. package/dist/common/adapters/index.js +46 -0
  326. package/dist/common/adapters/index.js.map +1 -0
  327. package/dist/common/adapters/memory-cache.d.ts +91 -0
  328. package/dist/common/adapters/memory-cache.d.ts.map +1 -0
  329. package/dist/common/adapters/memory-cache.js +201 -0
  330. package/dist/common/adapters/memory-cache.js.map +1 -0
  331. package/dist/common/adapters/memory-lock.d.ts +75 -0
  332. package/dist/common/adapters/memory-lock.d.ts.map +1 -0
  333. package/dist/common/adapters/memory-lock.js +219 -0
  334. package/dist/common/adapters/memory-lock.js.map +1 -0
  335. package/dist/common/adapters/memory-queue.d.ts +64 -0
  336. package/dist/common/adapters/memory-queue.d.ts.map +1 -0
  337. package/dist/common/adapters/memory-queue.js +233 -0
  338. package/dist/common/adapters/memory-queue.js.map +1 -0
  339. package/dist/common/adapters/memory-ratelimit.d.ts +78 -0
  340. package/dist/common/adapters/memory-ratelimit.d.ts.map +1 -0
  341. package/dist/common/adapters/memory-ratelimit.js +196 -0
  342. package/dist/common/adapters/memory-ratelimit.js.map +1 -0
  343. package/dist/common/adapters/memory-session.d.ts +105 -0
  344. package/dist/common/adapters/memory-session.d.ts.map +1 -0
  345. package/dist/common/adapters/memory-session.js +302 -0
  346. package/dist/common/adapters/memory-session.js.map +1 -0
  347. package/dist/common/adapters/provider.d.ts +47 -0
  348. package/dist/common/adapters/provider.d.ts.map +1 -0
  349. package/dist/common/adapters/provider.js +347 -0
  350. package/dist/common/adapters/provider.js.map +1 -0
  351. package/dist/common/adapters/types.d.ts +247 -0
  352. package/dist/common/adapters/types.d.ts.map +1 -0
  353. package/dist/common/adapters/types.js +11 -0
  354. package/dist/common/adapters/types.js.map +1 -0
  355. package/dist/common/alerts.d.ts +57 -0
  356. package/dist/common/alerts.d.ts.map +1 -0
  357. package/dist/common/alerts.js +216 -0
  358. package/dist/common/alerts.js.map +1 -0
  359. package/dist/common/authorization.d.ts +137 -0
  360. package/dist/common/authorization.d.ts.map +1 -0
  361. package/dist/common/authorization.js +270 -0
  362. package/dist/common/authorization.js.map +1 -0
  363. package/dist/common/canonical-bridge.d.ts +153 -0
  364. package/dist/common/canonical-bridge.d.ts.map +1 -0
  365. package/dist/common/canonical-bridge.js +236 -0
  366. package/dist/common/canonical-bridge.js.map +1 -0
  367. package/dist/common/canonical-json.d.ts +64 -0
  368. package/dist/common/canonical-json.d.ts.map +1 -0
  369. package/dist/common/canonical-json.js +95 -0
  370. package/dist/common/canonical-json.js.map +1 -0
  371. package/dist/common/circuit-breaker.d.ts +320 -0
  372. package/dist/common/circuit-breaker.d.ts.map +1 -0
  373. package/dist/common/circuit-breaker.js +887 -0
  374. package/dist/common/circuit-breaker.js.map +1 -0
  375. package/dist/common/config.d.ts +2053 -0
  376. package/dist/common/config.d.ts.map +1 -0
  377. package/dist/common/config.js +1314 -0
  378. package/dist/common/config.js.map +1 -0
  379. package/dist/common/contracts/index.d.ts +2 -0
  380. package/dist/common/contracts/index.d.ts.map +1 -0
  381. package/dist/common/contracts/index.js +2 -0
  382. package/dist/common/contracts/index.js.map +1 -0
  383. package/dist/common/contracts/output.d.ts +81 -0
  384. package/dist/common/contracts/output.d.ts.map +1 -0
  385. package/dist/common/contracts/output.js +38 -0
  386. package/dist/common/contracts/output.js.map +1 -0
  387. package/dist/common/crypto-utils.d.ts +103 -0
  388. package/dist/common/crypto-utils.d.ts.map +1 -0
  389. package/dist/common/crypto-utils.js +275 -0
  390. package/dist/common/crypto-utils.js.map +1 -0
  391. package/dist/common/crypto.d.ts +70 -0
  392. package/dist/common/crypto.d.ts.map +1 -0
  393. package/dist/common/crypto.js +201 -0
  394. package/dist/common/crypto.js.map +1 -0
  395. package/dist/common/database-resilience.d.ts +156 -0
  396. package/dist/common/database-resilience.d.ts.map +1 -0
  397. package/dist/common/database-resilience.js +269 -0
  398. package/dist/common/database-resilience.js.map +1 -0
  399. package/dist/common/db-metrics.d.ts +90 -0
  400. package/dist/common/db-metrics.d.ts.map +1 -0
  401. package/dist/common/db-metrics.js +219 -0
  402. package/dist/common/db-metrics.js.map +1 -0
  403. package/dist/common/db-pool.d.ts +307 -0
  404. package/dist/common/db-pool.d.ts.map +1 -0
  405. package/dist/common/db-pool.js +879 -0
  406. package/dist/common/db-pool.js.map +1 -0
  407. package/dist/common/db.d.ts +105 -0
  408. package/dist/common/db.d.ts.map +1 -0
  409. package/dist/common/db.js +216 -0
  410. package/dist/common/db.js.map +1 -0
  411. package/dist/common/debug-auth-middleware.d.ts +111 -0
  412. package/dist/common/debug-auth-middleware.d.ts.map +1 -0
  413. package/dist/common/debug-auth-middleware.js +285 -0
  414. package/dist/common/debug-auth-middleware.js.map +1 -0
  415. package/dist/common/di.d.ts +202 -0
  416. package/dist/common/di.d.ts.map +1 -0
  417. package/dist/common/di.js +219 -0
  418. package/dist/common/di.js.map +1 -0
  419. package/dist/common/encryption.d.ts +233 -0
  420. package/dist/common/encryption.d.ts.map +1 -0
  421. package/dist/common/encryption.js +527 -0
  422. package/dist/common/encryption.js.map +1 -0
  423. package/dist/common/error-sanitizer.d.ts +67 -0
  424. package/dist/common/error-sanitizer.d.ts.map +1 -0
  425. package/dist/common/error-sanitizer.js +298 -0
  426. package/dist/common/error-sanitizer.js.map +1 -0
  427. package/dist/common/errors.d.ts +229 -0
  428. package/dist/common/errors.d.ts.map +1 -0
  429. package/dist/common/errors.js +349 -0
  430. package/dist/common/errors.js.map +1 -0
  431. package/dist/common/expression/evaluator.d.ts +58 -0
  432. package/dist/common/expression/evaluator.d.ts.map +1 -0
  433. package/dist/common/expression/evaluator.js +326 -0
  434. package/dist/common/expression/evaluator.js.map +1 -0
  435. package/dist/common/expression/index.d.ts +180 -0
  436. package/dist/common/expression/index.d.ts.map +1 -0
  437. package/dist/common/expression/index.js +198 -0
  438. package/dist/common/expression/index.js.map +1 -0
  439. package/dist/common/expression/lexer.d.ts +69 -0
  440. package/dist/common/expression/lexer.d.ts.map +1 -0
  441. package/dist/common/expression/lexer.js +255 -0
  442. package/dist/common/expression/lexer.js.map +1 -0
  443. package/dist/common/expression/parser.d.ts +133 -0
  444. package/dist/common/expression/parser.d.ts.map +1 -0
  445. package/dist/common/expression/parser.js +293 -0
  446. package/dist/common/expression/parser.js.map +1 -0
  447. package/dist/common/group-membership.d.ts +119 -0
  448. package/dist/common/group-membership.d.ts.map +1 -0
  449. package/dist/common/group-membership.js +250 -0
  450. package/dist/common/group-membership.js.map +1 -0
  451. package/dist/common/index.d.ts +14 -0
  452. package/dist/common/index.d.ts.map +1 -0
  453. package/dist/common/index.js +15 -0
  454. package/dist/common/index.js.map +1 -0
  455. package/dist/common/leader-election.d.ts +40 -0
  456. package/dist/common/leader-election.d.ts.map +1 -0
  457. package/dist/common/leader-election.js +232 -0
  458. package/dist/common/leader-election.js.map +1 -0
  459. package/dist/common/lock.d.ts +77 -0
  460. package/dist/common/lock.d.ts.map +1 -0
  461. package/dist/common/lock.js +167 -0
  462. package/dist/common/lock.js.map +1 -0
  463. package/dist/common/logger.d.ts +19 -0
  464. package/dist/common/logger.d.ts.map +1 -0
  465. package/dist/common/logger.js +80 -0
  466. package/dist/common/logger.js.map +1 -0
  467. package/dist/common/metrics-registry.d.ts +48 -0
  468. package/dist/common/metrics-registry.d.ts.map +1 -0
  469. package/dist/common/metrics-registry.js +77 -0
  470. package/dist/common/metrics-registry.js.map +1 -0
  471. package/dist/common/metrics.d.ts +204 -0
  472. package/dist/common/metrics.d.ts.map +1 -0
  473. package/dist/common/metrics.js +497 -0
  474. package/dist/common/metrics.js.map +1 -0
  475. package/dist/common/operation-tracker.d.ts +137 -0
  476. package/dist/common/operation-tracker.d.ts.map +1 -0
  477. package/dist/common/operation-tracker.js +366 -0
  478. package/dist/common/operation-tracker.js.map +1 -0
  479. package/dist/common/provenance/chain.d.ts +54 -0
  480. package/dist/common/provenance/chain.d.ts.map +1 -0
  481. package/dist/common/provenance/chain.js +252 -0
  482. package/dist/common/provenance/chain.js.map +1 -0
  483. package/dist/common/provenance/index.d.ts +14 -0
  484. package/dist/common/provenance/index.d.ts.map +1 -0
  485. package/dist/common/provenance/index.js +19 -0
  486. package/dist/common/provenance/index.js.map +1 -0
  487. package/dist/common/provenance/query.d.ts +111 -0
  488. package/dist/common/provenance/query.d.ts.map +1 -0
  489. package/dist/common/provenance/query.js +310 -0
  490. package/dist/common/provenance/query.js.map +1 -0
  491. package/dist/common/provenance/storage.d.ts +297 -0
  492. package/dist/common/provenance/storage.d.ts.map +1 -0
  493. package/dist/common/provenance/storage.js +436 -0
  494. package/dist/common/provenance/storage.js.map +1 -0
  495. package/dist/common/provenance/tracker.d.ts +57 -0
  496. package/dist/common/provenance/tracker.d.ts.map +1 -0
  497. package/dist/common/provenance/tracker.js +209 -0
  498. package/dist/common/provenance/tracker.js.map +1 -0
  499. package/dist/common/provenance/types.d.ts +146 -0
  500. package/dist/common/provenance/types.d.ts.map +1 -0
  501. package/dist/common/provenance/types.js +10 -0
  502. package/dist/common/provenance/types.js.map +1 -0
  503. package/dist/common/random.d.ts +84 -0
  504. package/dist/common/random.d.ts.map +1 -0
  505. package/dist/common/random.js +130 -0
  506. package/dist/common/random.js.map +1 -0
  507. package/dist/common/redaction.d.ts +49 -0
  508. package/dist/common/redaction.d.ts.map +1 -0
  509. package/dist/common/redaction.js +217 -0
  510. package/dist/common/redaction.js.map +1 -0
  511. package/dist/common/redis-cluster.d.ts +538 -0
  512. package/dist/common/redis-cluster.d.ts.map +1 -0
  513. package/dist/common/redis-cluster.js +1539 -0
  514. package/dist/common/redis-cluster.js.map +1 -0
  515. package/dist/common/redis-resilience.d.ts +270 -0
  516. package/dist/common/redis-resilience.d.ts.map +1 -0
  517. package/dist/common/redis-resilience.js +586 -0
  518. package/dist/common/redis-resilience.js.map +1 -0
  519. package/dist/common/redis.d.ts +19 -0
  520. package/dist/common/redis.d.ts.map +1 -0
  521. package/dist/common/redis.js +73 -0
  522. package/dist/common/redis.js.map +1 -0
  523. package/dist/common/safe-json.d.ts +246 -0
  524. package/dist/common/safe-json.d.ts.map +1 -0
  525. package/dist/common/safe-json.js +442 -0
  526. package/dist/common/safe-json.js.map +1 -0
  527. package/dist/common/secret-generator.d.ts +142 -0
  528. package/dist/common/secret-generator.d.ts.map +1 -0
  529. package/dist/common/secret-generator.js +286 -0
  530. package/dist/common/secret-generator.js.map +1 -0
  531. package/dist/common/secure-fetch.d.ts +182 -0
  532. package/dist/common/secure-fetch.d.ts.map +1 -0
  533. package/dist/common/secure-fetch.js +657 -0
  534. package/dist/common/secure-fetch.js.map +1 -0
  535. package/dist/common/security-mode.d.ts +151 -0
  536. package/dist/common/security-mode.d.ts.map +1 -0
  537. package/dist/common/security-mode.js +482 -0
  538. package/dist/common/security-mode.js.map +1 -0
  539. package/dist/common/telemetry/index.d.ts +82 -0
  540. package/dist/common/telemetry/index.d.ts.map +1 -0
  541. package/dist/common/telemetry/index.js +198 -0
  542. package/dist/common/telemetry/index.js.map +1 -0
  543. package/dist/common/telemetry/instrumentation.d.ts +167 -0
  544. package/dist/common/telemetry/instrumentation.d.ts.map +1 -0
  545. package/dist/common/telemetry/instrumentation.js +492 -0
  546. package/dist/common/telemetry/instrumentation.js.map +1 -0
  547. package/dist/common/telemetry/metrics-bridge.d.ts +227 -0
  548. package/dist/common/telemetry/metrics-bridge.d.ts.map +1 -0
  549. package/dist/common/telemetry/metrics-bridge.js +437 -0
  550. package/dist/common/telemetry/metrics-bridge.js.map +1 -0
  551. package/dist/common/telemetry/middleware.d.ts +114 -0
  552. package/dist/common/telemetry/middleware.d.ts.map +1 -0
  553. package/dist/common/telemetry/middleware.js +353 -0
  554. package/dist/common/telemetry/middleware.js.map +1 -0
  555. package/dist/common/telemetry/propagation.d.ts +221 -0
  556. package/dist/common/telemetry/propagation.d.ts.map +1 -0
  557. package/dist/common/telemetry/propagation.js +409 -0
  558. package/dist/common/telemetry/propagation.js.map +1 -0
  559. package/dist/common/telemetry/spans.d.ts +295 -0
  560. package/dist/common/telemetry/spans.d.ts.map +1 -0
  561. package/dist/common/telemetry/spans.js +439 -0
  562. package/dist/common/telemetry/spans.js.map +1 -0
  563. package/dist/common/telemetry/tracer.d.ts +155 -0
  564. package/dist/common/telemetry/tracer.d.ts.map +1 -0
  565. package/dist/common/telemetry/tracer.js +343 -0
  566. package/dist/common/telemetry/tracer.js.map +1 -0
  567. package/dist/common/telemetry.d.ts +15 -0
  568. package/dist/common/telemetry.d.ts.map +1 -0
  569. package/dist/common/telemetry.js +61 -0
  570. package/dist/common/telemetry.js.map +1 -0
  571. package/dist/common/tenant-context.d.ts +253 -0
  572. package/dist/common/tenant-context.d.ts.map +1 -0
  573. package/dist/common/tenant-context.js +259 -0
  574. package/dist/common/tenant-context.js.map +1 -0
  575. package/dist/common/tenant-verification.d.ts +86 -0
  576. package/dist/common/tenant-verification.d.ts.map +1 -0
  577. package/dist/common/tenant-verification.js +184 -0
  578. package/dist/common/tenant-verification.js.map +1 -0
  579. package/dist/common/timeout.d.ts +40 -0
  580. package/dist/common/timeout.d.ts.map +1 -0
  581. package/dist/common/timeout.js +82 -0
  582. package/dist/common/timeout.js.map +1 -0
  583. package/dist/common/token-revocation.d.ts +44 -0
  584. package/dist/common/token-revocation.d.ts.map +1 -0
  585. package/dist/common/token-revocation.js +169 -0
  586. package/dist/common/token-revocation.js.map +1 -0
  587. package/dist/common/trace.d.ts +149 -0
  588. package/dist/common/trace.d.ts.map +1 -0
  589. package/dist/common/trace.js +328 -0
  590. package/dist/common/trace.js.map +1 -0
  591. package/dist/common/trust-cache.d.ts +263 -0
  592. package/dist/common/trust-cache.d.ts.map +1 -0
  593. package/dist/common/trust-cache.js +670 -0
  594. package/dist/common/trust-cache.js.map +1 -0
  595. package/dist/common/types.d.ts +351 -0
  596. package/dist/common/types.d.ts.map +1 -0
  597. package/dist/common/types.js +55 -0
  598. package/dist/common/types.js.map +1 -0
  599. package/dist/common/validation.d.ts +113 -0
  600. package/dist/common/validation.d.ts.map +1 -0
  601. package/dist/common/validation.js +221 -0
  602. package/dist/common/validation.js.map +1 -0
  603. package/dist/db/client.d.ts +72 -0
  604. package/dist/db/client.d.ts.map +1 -0
  605. package/dist/db/client.js +110 -0
  606. package/dist/db/client.js.map +1 -0
  607. package/dist/db/index.d.ts +9 -0
  608. package/dist/db/index.d.ts.map +1 -0
  609. package/dist/db/index.js +9 -0
  610. package/dist/db/index.js.map +1 -0
  611. package/dist/db/schema/merkle.d.ts +475 -0
  612. package/dist/db/schema/merkle.d.ts.map +1 -0
  613. package/dist/db/schema/merkle.js +100 -0
  614. package/dist/db/schema/merkle.js.map +1 -0
  615. package/dist/db/schema/proofs.d.ts +412 -0
  616. package/dist/db/schema/proofs.d.ts.map +1 -0
  617. package/dist/db/schema/proofs.js +63 -0
  618. package/dist/db/schema/proofs.js.map +1 -0
  619. package/dist/enforce/adapters.d.ts +73 -0
  620. package/dist/enforce/adapters.d.ts.map +1 -0
  621. package/dist/enforce/adapters.js +293 -0
  622. package/dist/enforce/adapters.js.map +1 -0
  623. package/dist/enforce/index.d.ts +213 -0
  624. package/dist/enforce/index.d.ts.map +1 -0
  625. package/dist/enforce/index.js +630 -0
  626. package/dist/enforce/index.js.map +1 -0
  627. package/dist/enforce/repository.d.ts +203 -0
  628. package/dist/enforce/repository.d.ts.map +1 -0
  629. package/dist/enforce/repository.js +359 -0
  630. package/dist/enforce/repository.js.map +1 -0
  631. package/dist/enforce/schema.d.ts +1198 -0
  632. package/dist/enforce/schema.d.ts.map +1 -0
  633. package/dist/enforce/schema.js +257 -0
  634. package/dist/enforce/schema.js.map +1 -0
  635. package/dist/friction/index.d.ts +235 -0
  636. package/dist/friction/index.d.ts.map +1 -0
  637. package/dist/friction/index.js +636 -0
  638. package/dist/friction/index.js.map +1 -0
  639. package/dist/friction/openapi.d.ts +23 -0
  640. package/dist/friction/openapi.d.ts.map +1 -0
  641. package/dist/friction/openapi.js +883 -0
  642. package/dist/friction/openapi.js.map +1 -0
  643. package/dist/friction/routes.d.ts +14 -0
  644. package/dist/friction/routes.d.ts.map +1 -0
  645. package/dist/friction/routes.js +206 -0
  646. package/dist/friction/routes.js.map +1 -0
  647. package/dist/governance/engine.d.ts +158 -0
  648. package/dist/governance/engine.d.ts.map +1 -0
  649. package/dist/governance/engine.js +248 -0
  650. package/dist/governance/engine.js.map +1 -0
  651. package/dist/governance/evaluator.d.ts +106 -0
  652. package/dist/governance/evaluator.d.ts.map +1 -0
  653. package/dist/governance/evaluator.js +277 -0
  654. package/dist/governance/evaluator.js.map +1 -0
  655. package/dist/governance/index.d.ts +11 -0
  656. package/dist/governance/index.d.ts.map +1 -0
  657. package/dist/governance/index.js +14 -0
  658. package/dist/governance/index.js.map +1 -0
  659. package/dist/governance/policy.d.ts +152 -0
  660. package/dist/governance/policy.d.ts.map +1 -0
  661. package/dist/governance/policy.js +152 -0
  662. package/dist/governance/policy.js.map +1 -0
  663. package/dist/index.d.ts +50 -0
  664. package/dist/index.d.ts.map +1 -0
  665. package/dist/index.js +61 -0
  666. package/dist/index.js.map +1 -0
  667. package/dist/intent/adapters.d.ts +101 -0
  668. package/dist/intent/adapters.d.ts.map +1 -0
  669. package/dist/intent/adapters.js +250 -0
  670. package/dist/intent/adapters.js.map +1 -0
  671. package/dist/intent/audit.d.ts +119 -0
  672. package/dist/intent/audit.d.ts.map +1 -0
  673. package/dist/intent/audit.js +463 -0
  674. package/dist/intent/audit.js.map +1 -0
  675. package/dist/intent/classifier/index.d.ts +121 -0
  676. package/dist/intent/classifier/index.d.ts.map +1 -0
  677. package/dist/intent/classifier/index.js +232 -0
  678. package/dist/intent/classifier/index.js.map +1 -0
  679. package/dist/intent/classifier/patterns.d.ts +129 -0
  680. package/dist/intent/classifier/patterns.d.ts.map +1 -0
  681. package/dist/intent/classifier/patterns.js +471 -0
  682. package/dist/intent/classifier/patterns.js.map +1 -0
  683. package/dist/intent/classifier/risk.d.ts +177 -0
  684. package/dist/intent/classifier/risk.d.ts.map +1 -0
  685. package/dist/intent/classifier/risk.js +335 -0
  686. package/dist/intent/classifier/risk.js.map +1 -0
  687. package/dist/intent/cleanup.d.ts +24 -0
  688. package/dist/intent/cleanup.d.ts.map +1 -0
  689. package/dist/intent/cleanup.js +104 -0
  690. package/dist/intent/cleanup.js.map +1 -0
  691. package/dist/intent/consent.d.ts +238 -0
  692. package/dist/intent/consent.d.ts.map +1 -0
  693. package/dist/intent/consent.js +427 -0
  694. package/dist/intent/consent.js.map +1 -0
  695. package/dist/intent/escalation.d.ts +284 -0
  696. package/dist/intent/escalation.d.ts.map +1 -0
  697. package/dist/intent/escalation.js +618 -0
  698. package/dist/intent/escalation.js.map +1 -0
  699. package/dist/intent/gdpr-rate-limiter.d.ts +170 -0
  700. package/dist/intent/gdpr-rate-limiter.d.ts.map +1 -0
  701. package/dist/intent/gdpr-rate-limiter.js +385 -0
  702. package/dist/intent/gdpr-rate-limiter.js.map +1 -0
  703. package/dist/intent/gdpr.d.ts +323 -0
  704. package/dist/intent/gdpr.d.ts.map +1 -0
  705. package/dist/intent/gdpr.js +1013 -0
  706. package/dist/intent/gdpr.js.map +1 -0
  707. package/dist/intent/health.d.ts +214 -0
  708. package/dist/intent/health.d.ts.map +1 -0
  709. package/dist/intent/health.js +526 -0
  710. package/dist/intent/health.js.map +1 -0
  711. package/dist/intent/index.d.ts +565 -0
  712. package/dist/intent/index.d.ts.map +1 -0
  713. package/dist/intent/index.js +756 -0
  714. package/dist/intent/index.js.map +1 -0
  715. package/dist/intent/metrics.d.ts +399 -0
  716. package/dist/intent/metrics.d.ts.map +1 -0
  717. package/dist/intent/metrics.js +886 -0
  718. package/dist/intent/metrics.js.map +1 -0
  719. package/dist/intent/openapi.d.ts +22 -0
  720. package/dist/intent/openapi.d.ts.map +1 -0
  721. package/dist/intent/openapi.js +1674 -0
  722. package/dist/intent/openapi.js.map +1 -0
  723. package/dist/intent/planner/dependency.d.ts +78 -0
  724. package/dist/intent/planner/dependency.d.ts.map +1 -0
  725. package/dist/intent/planner/dependency.js +334 -0
  726. package/dist/intent/planner/dependency.js.map +1 -0
  727. package/dist/intent/planner/index.d.ts +130 -0
  728. package/dist/intent/planner/index.d.ts.map +1 -0
  729. package/dist/intent/planner/index.js +372 -0
  730. package/dist/intent/planner/index.js.map +1 -0
  731. package/dist/intent/planner/rollback.d.ts +92 -0
  732. package/dist/intent/planner/rollback.d.ts.map +1 -0
  733. package/dist/intent/planner/rollback.js +326 -0
  734. package/dist/intent/planner/rollback.js.map +1 -0
  735. package/dist/intent/planner/templates.d.ts +81 -0
  736. package/dist/intent/planner/templates.d.ts.map +1 -0
  737. package/dist/intent/planner/templates.js +560 -0
  738. package/dist/intent/planner/templates.js.map +1 -0
  739. package/dist/intent/planner/types.d.ts +38 -0
  740. package/dist/intent/planner/types.d.ts.map +1 -0
  741. package/dist/intent/planner/types.js +10 -0
  742. package/dist/intent/planner/types.js.map +1 -0
  743. package/dist/intent/queue.d.ts +150 -0
  744. package/dist/intent/queue.d.ts.map +1 -0
  745. package/dist/intent/queue.js +339 -0
  746. package/dist/intent/queue.js.map +1 -0
  747. package/dist/intent/queues.d.ts +176 -0
  748. package/dist/intent/queues.d.ts.map +1 -0
  749. package/dist/intent/queues.js +1393 -0
  750. package/dist/intent/queues.js.map +1 -0
  751. package/dist/intent/ratelimit.d.ts +147 -0
  752. package/dist/intent/ratelimit.d.ts.map +1 -0
  753. package/dist/intent/ratelimit.js +301 -0
  754. package/dist/intent/ratelimit.js.map +1 -0
  755. package/dist/intent/replay/comparator.d.ts +73 -0
  756. package/dist/intent/replay/comparator.d.ts.map +1 -0
  757. package/dist/intent/replay/comparator.js +320 -0
  758. package/dist/intent/replay/comparator.js.map +1 -0
  759. package/dist/intent/replay/index.d.ts +104 -0
  760. package/dist/intent/replay/index.d.ts.map +1 -0
  761. package/dist/intent/replay/index.js +487 -0
  762. package/dist/intent/replay/index.js.map +1 -0
  763. package/dist/intent/replay/simulator.d.ts +184 -0
  764. package/dist/intent/replay/simulator.d.ts.map +1 -0
  765. package/dist/intent/replay/simulator.js +512 -0
  766. package/dist/intent/replay/simulator.js.map +1 -0
  767. package/dist/intent/replay/snapshot.d.ts +149 -0
  768. package/dist/intent/replay/snapshot.d.ts.map +1 -0
  769. package/dist/intent/replay/snapshot.js +245 -0
  770. package/dist/intent/replay/snapshot.js.map +1 -0
  771. package/dist/intent/replay/types.d.ts +143 -0
  772. package/dist/intent/replay/types.d.ts.map +1 -0
  773. package/dist/intent/replay/types.js +10 -0
  774. package/dist/intent/replay/types.js.map +1 -0
  775. package/dist/intent/repository.d.ts +198 -0
  776. package/dist/intent/repository.d.ts.map +1 -0
  777. package/dist/intent/repository.js +538 -0
  778. package/dist/intent/repository.js.map +1 -0
  779. package/dist/intent/response-middleware.d.ts +156 -0
  780. package/dist/intent/response-middleware.d.ts.map +1 -0
  781. package/dist/intent/response-middleware.js +346 -0
  782. package/dist/intent/response-middleware.js.map +1 -0
  783. package/dist/intent/response.d.ts +267 -0
  784. package/dist/intent/response.d.ts.map +1 -0
  785. package/dist/intent/response.js +402 -0
  786. package/dist/intent/response.js.map +1 -0
  787. package/dist/intent/routes.d.ts +35 -0
  788. package/dist/intent/routes.d.ts.map +1 -0
  789. package/dist/intent/routes.js +1023 -0
  790. package/dist/intent/routes.js.map +1 -0
  791. package/dist/intent/scheduler.d.ts +45 -0
  792. package/dist/intent/scheduler.d.ts.map +1 -0
  793. package/dist/intent/scheduler.js +221 -0
  794. package/dist/intent/scheduler.js.map +1 -0
  795. package/dist/intent/schema.d.ts +3817 -0
  796. package/dist/intent/schema.d.ts.map +1 -0
  797. package/dist/intent/schema.js +631 -0
  798. package/dist/intent/schema.js.map +1 -0
  799. package/dist/intent/shutdown.d.ts +145 -0
  800. package/dist/intent/shutdown.d.ts.map +1 -0
  801. package/dist/intent/shutdown.js +468 -0
  802. package/dist/intent/shutdown.js.map +1 -0
  803. package/dist/intent/state-machine.d.ts +111 -0
  804. package/dist/intent/state-machine.d.ts.map +1 -0
  805. package/dist/intent/state-machine.js +242 -0
  806. package/dist/intent/state-machine.js.map +1 -0
  807. package/dist/intent/tracing.d.ts +152 -0
  808. package/dist/intent/tracing.d.ts.map +1 -0
  809. package/dist/intent/tracing.js +658 -0
  810. package/dist/intent/tracing.js.map +1 -0
  811. package/dist/intent/types.d.ts +188 -0
  812. package/dist/intent/types.d.ts.map +1 -0
  813. package/dist/intent/types.js +25 -0
  814. package/dist/intent/types.js.map +1 -0
  815. package/dist/intent/webhooks/delivery-repository.d.ts +80 -0
  816. package/dist/intent/webhooks/delivery-repository.d.ts.map +1 -0
  817. package/dist/intent/webhooks/delivery-repository.js +251 -0
  818. package/dist/intent/webhooks/delivery-repository.js.map +1 -0
  819. package/dist/intent/webhooks/dns-pinning.d.ts +30 -0
  820. package/dist/intent/webhooks/dns-pinning.d.ts.map +1 -0
  821. package/dist/intent/webhooks/dns-pinning.js +69 -0
  822. package/dist/intent/webhooks/dns-pinning.js.map +1 -0
  823. package/dist/intent/webhooks/index.d.ts +14 -0
  824. package/dist/intent/webhooks/index.d.ts.map +1 -0
  825. package/dist/intent/webhooks/index.js +17 -0
  826. package/dist/intent/webhooks/index.js.map +1 -0
  827. package/dist/intent/webhooks/signature.d.ts +47 -0
  828. package/dist/intent/webhooks/signature.d.ts.map +1 -0
  829. package/dist/intent/webhooks/signature.js +80 -0
  830. package/dist/intent/webhooks/signature.js.map +1 -0
  831. package/dist/intent/webhooks/ssrf-protection.d.ts +29 -0
  832. package/dist/intent/webhooks/ssrf-protection.d.ts.map +1 -0
  833. package/dist/intent/webhooks/ssrf-protection.js +161 -0
  834. package/dist/intent/webhooks/ssrf-protection.js.map +1 -0
  835. package/dist/intent/webhooks/types.d.ts +132 -0
  836. package/dist/intent/webhooks/types.d.ts.map +1 -0
  837. package/dist/intent/webhooks/types.js +14 -0
  838. package/dist/intent/webhooks/types.js.map +1 -0
  839. package/dist/intent/webhooks.d.ts +618 -0
  840. package/dist/intent/webhooks.d.ts.map +1 -0
  841. package/dist/intent/webhooks.js +1836 -0
  842. package/dist/intent/webhooks.js.map +1 -0
  843. package/dist/intent-gateway/ai-act-classifier.d.ts +18 -0
  844. package/dist/intent-gateway/ai-act-classifier.d.ts.map +1 -0
  845. package/dist/intent-gateway/ai-act-classifier.js +296 -0
  846. package/dist/intent-gateway/ai-act-classifier.js.map +1 -0
  847. package/dist/intent-gateway/index.d.ts +43 -0
  848. package/dist/intent-gateway/index.d.ts.map +1 -0
  849. package/dist/intent-gateway/index.js +236 -0
  850. package/dist/intent-gateway/index.js.map +1 -0
  851. package/dist/intent-gateway/jurisdiction-resolver.d.ts +19 -0
  852. package/dist/intent-gateway/jurisdiction-resolver.d.ts.map +1 -0
  853. package/dist/intent-gateway/jurisdiction-resolver.js +236 -0
  854. package/dist/intent-gateway/jurisdiction-resolver.js.map +1 -0
  855. package/dist/intent-gateway/policy-composer.d.ts +27 -0
  856. package/dist/intent-gateway/policy-composer.d.ts.map +1 -0
  857. package/dist/intent-gateway/policy-composer.js +418 -0
  858. package/dist/intent-gateway/policy-composer.js.map +1 -0
  859. package/dist/intent-gateway/regime-selector.d.ts +26 -0
  860. package/dist/intent-gateway/regime-selector.d.ts.map +1 -0
  861. package/dist/intent-gateway/regime-selector.js +185 -0
  862. package/dist/intent-gateway/regime-selector.js.map +1 -0
  863. package/dist/intent-gateway/types.d.ts +103 -0
  864. package/dist/intent-gateway/types.d.ts.map +1 -0
  865. package/dist/intent-gateway/types.js +85 -0
  866. package/dist/intent-gateway/types.js.map +1 -0
  867. package/dist/observability/alerts.d.ts +136 -0
  868. package/dist/observability/alerts.d.ts.map +1 -0
  869. package/dist/observability/alerts.js +485 -0
  870. package/dist/observability/alerts.js.map +1 -0
  871. package/dist/observability/health.d.ts +102 -0
  872. package/dist/observability/health.d.ts.map +1 -0
  873. package/dist/observability/health.js +415 -0
  874. package/dist/observability/health.js.map +1 -0
  875. package/dist/observability/index.d.ts +29 -0
  876. package/dist/observability/index.d.ts.map +1 -0
  877. package/dist/observability/index.js +72 -0
  878. package/dist/observability/index.js.map +1 -0
  879. package/dist/observability/logging.d.ts +90 -0
  880. package/dist/observability/logging.d.ts.map +1 -0
  881. package/dist/observability/logging.js +260 -0
  882. package/dist/observability/logging.js.map +1 -0
  883. package/dist/observability/metrics.d.ts +226 -0
  884. package/dist/observability/metrics.d.ts.map +1 -0
  885. package/dist/observability/metrics.js +527 -0
  886. package/dist/observability/metrics.js.map +1 -0
  887. package/dist/observability/tracing.d.ts +120 -0
  888. package/dist/observability/tracing.d.ts.map +1 -0
  889. package/dist/observability/tracing.js +285 -0
  890. package/dist/observability/tracing.js.map +1 -0
  891. package/dist/persistence/audit.d.ts +169 -0
  892. package/dist/persistence/audit.d.ts.map +1 -0
  893. package/dist/persistence/audit.js +342 -0
  894. package/dist/persistence/audit.js.map +1 -0
  895. package/dist/persistence/index.d.ts +13 -0
  896. package/dist/persistence/index.d.ts.map +1 -0
  897. package/dist/persistence/index.js +15 -0
  898. package/dist/persistence/index.js.map +1 -0
  899. package/dist/persistence/repository.d.ts +192 -0
  900. package/dist/persistence/repository.d.ts.map +1 -0
  901. package/dist/persistence/repository.js +223 -0
  902. package/dist/persistence/repository.js.map +1 -0
  903. package/dist/policy/diff.d.ts +88 -0
  904. package/dist/policy/diff.d.ts.map +1 -0
  905. package/dist/policy/diff.js +325 -0
  906. package/dist/policy/diff.js.map +1 -0
  907. package/dist/policy/distributed-cache.d.ts +205 -0
  908. package/dist/policy/distributed-cache.d.ts.map +1 -0
  909. package/dist/policy/distributed-cache.js +683 -0
  910. package/dist/policy/distributed-cache.js.map +1 -0
  911. package/dist/policy/evaluator.d.ts +102 -0
  912. package/dist/policy/evaluator.d.ts.map +1 -0
  913. package/dist/policy/evaluator.js +648 -0
  914. package/dist/policy/evaluator.js.map +1 -0
  915. package/dist/policy/index.d.ts +24 -0
  916. package/dist/policy/index.d.ts.map +1 -0
  917. package/dist/policy/index.js +27 -0
  918. package/dist/policy/index.js.map +1 -0
  919. package/dist/policy/loader.d.ts +63 -0
  920. package/dist/policy/loader.d.ts.map +1 -0
  921. package/dist/policy/loader.js +176 -0
  922. package/dist/policy/loader.js.map +1 -0
  923. package/dist/policy/service.d.ts +240 -0
  924. package/dist/policy/service.d.ts.map +1 -0
  925. package/dist/policy/service.js +1032 -0
  926. package/dist/policy/service.js.map +1 -0
  927. package/dist/policy/types.d.ts +220 -0
  928. package/dist/policy/types.d.ts.map +1 -0
  929. package/dist/policy/types.js +36 -0
  930. package/dist/policy/types.js.map +1 -0
  931. package/dist/policy/visual-builder/index.d.ts +201 -0
  932. package/dist/policy/visual-builder/index.d.ts.map +1 -0
  933. package/dist/policy/visual-builder/index.js +727 -0
  934. package/dist/policy/visual-builder/index.js.map +1 -0
  935. package/dist/policy/visual-builder/inheritance.d.ts +151 -0
  936. package/dist/policy/visual-builder/inheritance.d.ts.map +1 -0
  937. package/dist/policy/visual-builder/inheritance.js +314 -0
  938. package/dist/policy/visual-builder/inheritance.js.map +1 -0
  939. package/dist/policy/visual-builder/propagation.d.ts +146 -0
  940. package/dist/policy/visual-builder/propagation.d.ts.map +1 -0
  941. package/dist/policy/visual-builder/propagation.js +299 -0
  942. package/dist/policy/visual-builder/propagation.js.map +1 -0
  943. package/dist/policy/visual-builder/routes.d.ts +14 -0
  944. package/dist/policy/visual-builder/routes.d.ts.map +1 -0
  945. package/dist/policy/visual-builder/routes.js +528 -0
  946. package/dist/policy/visual-builder/routes.js.map +1 -0
  947. package/dist/policy/visual-builder/simulator.d.ts +161 -0
  948. package/dist/policy/visual-builder/simulator.d.ts.map +1 -0
  949. package/dist/policy/visual-builder/simulator.js +413 -0
  950. package/dist/policy/visual-builder/simulator.js.map +1 -0
  951. package/dist/policy/visual-builder/templates.d.ts +119 -0
  952. package/dist/policy/visual-builder/templates.d.ts.map +1 -0
  953. package/dist/policy/visual-builder/templates.js +627 -0
  954. package/dist/policy/visual-builder/templates.js.map +1 -0
  955. package/dist/proof/chain/index.d.ts +271 -0
  956. package/dist/proof/chain/index.d.ts.map +1 -0
  957. package/dist/proof/chain/index.js +483 -0
  958. package/dist/proof/chain/index.js.map +1 -0
  959. package/dist/proof/index.d.ts +206 -0
  960. package/dist/proof/index.d.ts.map +1 -0
  961. package/dist/proof/index.js +597 -0
  962. package/dist/proof/index.js.map +1 -0
  963. package/dist/proof/merkle-service.d.ts +194 -0
  964. package/dist/proof/merkle-service.d.ts.map +1 -0
  965. package/dist/proof/merkle-service.js +463 -0
  966. package/dist/proof/merkle-service.js.map +1 -0
  967. package/dist/proof/merkle.d.ts +118 -0
  968. package/dist/proof/merkle.d.ts.map +1 -0
  969. package/dist/proof/merkle.js +265 -0
  970. package/dist/proof/merkle.js.map +1 -0
  971. package/dist/security/ai-governance/access-policy.d.ts +197 -0
  972. package/dist/security/ai-governance/access-policy.d.ts.map +1 -0
  973. package/dist/security/ai-governance/access-policy.js +522 -0
  974. package/dist/security/ai-governance/access-policy.js.map +1 -0
  975. package/dist/security/ai-governance/audit-trail.d.ts +241 -0
  976. package/dist/security/ai-governance/audit-trail.d.ts.map +1 -0
  977. package/dist/security/ai-governance/audit-trail.js +645 -0
  978. package/dist/security/ai-governance/audit-trail.js.map +1 -0
  979. package/dist/security/ai-governance/bias-detection.d.ts +221 -0
  980. package/dist/security/ai-governance/bias-detection.d.ts.map +1 -0
  981. package/dist/security/ai-governance/bias-detection.js +615 -0
  982. package/dist/security/ai-governance/bias-detection.js.map +1 -0
  983. package/dist/security/ai-governance/index.d.ts +92 -0
  984. package/dist/security/ai-governance/index.d.ts.map +1 -0
  985. package/dist/security/ai-governance/index.js +184 -0
  986. package/dist/security/ai-governance/index.js.map +1 -0
  987. package/dist/security/ai-governance/middleware.d.ts +110 -0
  988. package/dist/security/ai-governance/middleware.d.ts.map +1 -0
  989. package/dist/security/ai-governance/middleware.js +359 -0
  990. package/dist/security/ai-governance/middleware.js.map +1 -0
  991. package/dist/security/ai-governance/model-registry.d.ts +229 -0
  992. package/dist/security/ai-governance/model-registry.d.ts.map +1 -0
  993. package/dist/security/ai-governance/model-registry.js +535 -0
  994. package/dist/security/ai-governance/model-registry.js.map +1 -0
  995. package/dist/security/ai-governance/output-filter.d.ts +150 -0
  996. package/dist/security/ai-governance/output-filter.d.ts.map +1 -0
  997. package/dist/security/ai-governance/output-filter.js +561 -0
  998. package/dist/security/ai-governance/output-filter.js.map +1 -0
  999. package/dist/security/ai-governance/prompt-injection.d.ts +153 -0
  1000. package/dist/security/ai-governance/prompt-injection.d.ts.map +1 -0
  1001. package/dist/security/ai-governance/prompt-injection.js +614 -0
  1002. package/dist/security/ai-governance/prompt-injection.js.map +1 -0
  1003. package/dist/security/ai-governance/rate-limiter.d.ts +156 -0
  1004. package/dist/security/ai-governance/rate-limiter.d.ts.map +1 -0
  1005. package/dist/security/ai-governance/rate-limiter.js +541 -0
  1006. package/dist/security/ai-governance/rate-limiter.js.map +1 -0
  1007. package/dist/security/ai-governance/types.d.ts +594 -0
  1008. package/dist/security/ai-governance/types.d.ts.map +1 -0
  1009. package/dist/security/ai-governance/types.js +6 -0
  1010. package/dist/security/ai-governance/types.js.map +1 -0
  1011. package/dist/security/alerting/channels/base.d.ts +91 -0
  1012. package/dist/security/alerting/channels/base.d.ts.map +1 -0
  1013. package/dist/security/alerting/channels/base.js +128 -0
  1014. package/dist/security/alerting/channels/base.js.map +1 -0
  1015. package/dist/security/alerting/channels/email.d.ts +92 -0
  1016. package/dist/security/alerting/channels/email.d.ts.map +1 -0
  1017. package/dist/security/alerting/channels/email.js +418 -0
  1018. package/dist/security/alerting/channels/email.js.map +1 -0
  1019. package/dist/security/alerting/channels/http-base.d.ts +86 -0
  1020. package/dist/security/alerting/channels/http-base.d.ts.map +1 -0
  1021. package/dist/security/alerting/channels/http-base.js +133 -0
  1022. package/dist/security/alerting/channels/http-base.js.map +1 -0
  1023. package/dist/security/alerting/channels/index.d.ts +30 -0
  1024. package/dist/security/alerting/channels/index.d.ts.map +1 -0
  1025. package/dist/security/alerting/channels/index.js +22 -0
  1026. package/dist/security/alerting/channels/index.js.map +1 -0
  1027. package/dist/security/alerting/channels/pagerduty.d.ts +70 -0
  1028. package/dist/security/alerting/channels/pagerduty.d.ts.map +1 -0
  1029. package/dist/security/alerting/channels/pagerduty.js +248 -0
  1030. package/dist/security/alerting/channels/pagerduty.js.map +1 -0
  1031. package/dist/security/alerting/channels/slack.d.ts +55 -0
  1032. package/dist/security/alerting/channels/slack.d.ts.map +1 -0
  1033. package/dist/security/alerting/channels/slack.js +215 -0
  1034. package/dist/security/alerting/channels/slack.js.map +1 -0
  1035. package/dist/security/alerting/channels/sns.d.ts +87 -0
  1036. package/dist/security/alerting/channels/sns.d.ts.map +1 -0
  1037. package/dist/security/alerting/channels/sns.js +251 -0
  1038. package/dist/security/alerting/channels/sns.js.map +1 -0
  1039. package/dist/security/alerting/channels/webhook.d.ts +92 -0
  1040. package/dist/security/alerting/channels/webhook.d.ts.map +1 -0
  1041. package/dist/security/alerting/channels/webhook.js +203 -0
  1042. package/dist/security/alerting/channels/webhook.js.map +1 -0
  1043. package/dist/security/alerting/detector.d.ts +217 -0
  1044. package/dist/security/alerting/detector.d.ts.map +1 -0
  1045. package/dist/security/alerting/detector.js +725 -0
  1046. package/dist/security/alerting/detector.js.map +1 -0
  1047. package/dist/security/alerting/index.d.ts +57 -0
  1048. package/dist/security/alerting/index.d.ts.map +1 -0
  1049. package/dist/security/alerting/index.js +214 -0
  1050. package/dist/security/alerting/index.js.map +1 -0
  1051. package/dist/security/alerting/service.d.ts +190 -0
  1052. package/dist/security/alerting/service.d.ts.map +1 -0
  1053. package/dist/security/alerting/service.js +815 -0
  1054. package/dist/security/alerting/service.js.map +1 -0
  1055. package/dist/security/alerting/types.d.ts +2165 -0
  1056. package/dist/security/alerting/types.d.ts.map +1 -0
  1057. package/dist/security/alerting/types.js +278 -0
  1058. package/dist/security/alerting/types.js.map +1 -0
  1059. package/dist/security/anomaly/detectors/account-compromise.d.ts +198 -0
  1060. package/dist/security/anomaly/detectors/account-compromise.d.ts.map +1 -0
  1061. package/dist/security/anomaly/detectors/account-compromise.js +815 -0
  1062. package/dist/security/anomaly/detectors/account-compromise.js.map +1 -0
  1063. package/dist/security/anomaly/detectors/data-exfiltration.d.ts +175 -0
  1064. package/dist/security/anomaly/detectors/data-exfiltration.d.ts.map +1 -0
  1065. package/dist/security/anomaly/detectors/data-exfiltration.js +733 -0
  1066. package/dist/security/anomaly/detectors/data-exfiltration.js.map +1 -0
  1067. package/dist/security/anomaly/detectors/geographic.d.ts +100 -0
  1068. package/dist/security/anomaly/detectors/geographic.d.ts.map +1 -0
  1069. package/dist/security/anomaly/detectors/geographic.js +348 -0
  1070. package/dist/security/anomaly/detectors/geographic.js.map +1 -0
  1071. package/dist/security/anomaly/detectors/index.d.ts +86 -0
  1072. package/dist/security/anomaly/detectors/index.d.ts.map +1 -0
  1073. package/dist/security/anomaly/detectors/index.js +118 -0
  1074. package/dist/security/anomaly/detectors/index.js.map +1 -0
  1075. package/dist/security/anomaly/detectors/lateral-movement.d.ts +168 -0
  1076. package/dist/security/anomaly/detectors/lateral-movement.d.ts.map +1 -0
  1077. package/dist/security/anomaly/detectors/lateral-movement.js +795 -0
  1078. package/dist/security/anomaly/detectors/lateral-movement.js.map +1 -0
  1079. package/dist/security/anomaly/detectors/privilege-escalation.d.ts +177 -0
  1080. package/dist/security/anomaly/detectors/privilege-escalation.d.ts.map +1 -0
  1081. package/dist/security/anomaly/detectors/privilege-escalation.js +741 -0
  1082. package/dist/security/anomaly/detectors/privilege-escalation.js.map +1 -0
  1083. package/dist/security/anomaly/detectors/temporal.d.ts +71 -0
  1084. package/dist/security/anomaly/detectors/temporal.d.ts.map +1 -0
  1085. package/dist/security/anomaly/detectors/temporal.js +398 -0
  1086. package/dist/security/anomaly/detectors/temporal.js.map +1 -0
  1087. package/dist/security/anomaly/detectors/volume.d.ts +97 -0
  1088. package/dist/security/anomaly/detectors/volume.d.ts.map +1 -0
  1089. package/dist/security/anomaly/detectors/volume.js +424 -0
  1090. package/dist/security/anomaly/detectors/volume.js.map +1 -0
  1091. package/dist/security/anomaly/index.d.ts +128 -0
  1092. package/dist/security/anomaly/index.d.ts.map +1 -0
  1093. package/dist/security/anomaly/index.js +378 -0
  1094. package/dist/security/anomaly/index.js.map +1 -0
  1095. package/dist/security/anomaly/types.d.ts +1209 -0
  1096. package/dist/security/anomaly/types.d.ts.map +1 -0
  1097. package/dist/security/anomaly/types.js +193 -0
  1098. package/dist/security/anomaly/types.js.map +1 -0
  1099. package/dist/security/api-keys/cache.d.ts +255 -0
  1100. package/dist/security/api-keys/cache.d.ts.map +1 -0
  1101. package/dist/security/api-keys/cache.js +595 -0
  1102. package/dist/security/api-keys/cache.js.map +1 -0
  1103. package/dist/security/api-keys/db-store.d.ts +150 -0
  1104. package/dist/security/api-keys/db-store.d.ts.map +1 -0
  1105. package/dist/security/api-keys/db-store.js +694 -0
  1106. package/dist/security/api-keys/db-store.js.map +1 -0
  1107. package/dist/security/api-keys/index.d.ts +29 -0
  1108. package/dist/security/api-keys/index.d.ts.map +1 -0
  1109. package/dist/security/api-keys/index.js +81 -0
  1110. package/dist/security/api-keys/index.js.map +1 -0
  1111. package/dist/security/api-keys/middleware.d.ts +164 -0
  1112. package/dist/security/api-keys/middleware.d.ts.map +1 -0
  1113. package/dist/security/api-keys/middleware.js +392 -0
  1114. package/dist/security/api-keys/middleware.js.map +1 -0
  1115. package/dist/security/api-keys/service.d.ts +226 -0
  1116. package/dist/security/api-keys/service.d.ts.map +1 -0
  1117. package/dist/security/api-keys/service.js +861 -0
  1118. package/dist/security/api-keys/service.js.map +1 -0
  1119. package/dist/security/api-keys/store.d.ts +241 -0
  1120. package/dist/security/api-keys/store.d.ts.map +1 -0
  1121. package/dist/security/api-keys/store.js +360 -0
  1122. package/dist/security/api-keys/store.js.map +1 -0
  1123. package/dist/security/api-keys/types.d.ts +718 -0
  1124. package/dist/security/api-keys/types.d.ts.map +1 -0
  1125. package/dist/security/api-keys/types.js +162 -0
  1126. package/dist/security/api-keys/types.js.map +1 -0
  1127. package/dist/security/brute-force.d.ts +390 -0
  1128. package/dist/security/brute-force.d.ts.map +1 -0
  1129. package/dist/security/brute-force.js +677 -0
  1130. package/dist/security/brute-force.js.map +1 -0
  1131. package/dist/security/config-validator.d.ts +152 -0
  1132. package/dist/security/config-validator.d.ts.map +1 -0
  1133. package/dist/security/config-validator.js +667 -0
  1134. package/dist/security/config-validator.js.map +1 -0
  1135. package/dist/security/crypto/fips-mode.d.ts +726 -0
  1136. package/dist/security/crypto/fips-mode.d.ts.map +1 -0
  1137. package/dist/security/crypto/fips-mode.js +1297 -0
  1138. package/dist/security/crypto/fips-mode.js.map +1 -0
  1139. package/dist/security/crypto/index.d.ts +203 -0
  1140. package/dist/security/crypto/index.d.ts.map +1 -0
  1141. package/dist/security/crypto/index.js +293 -0
  1142. package/dist/security/crypto/index.js.map +1 -0
  1143. package/dist/security/crypto/post-quantum/benchmark.d.ts +125 -0
  1144. package/dist/security/crypto/post-quantum/benchmark.d.ts.map +1 -0
  1145. package/dist/security/crypto/post-quantum/benchmark.js +530 -0
  1146. package/dist/security/crypto/post-quantum/benchmark.js.map +1 -0
  1147. package/dist/security/crypto/post-quantum/dilithium.d.ts +146 -0
  1148. package/dist/security/crypto/post-quantum/dilithium.d.ts.map +1 -0
  1149. package/dist/security/crypto/post-quantum/dilithium.js +662 -0
  1150. package/dist/security/crypto/post-quantum/dilithium.js.map +1 -0
  1151. package/dist/security/crypto/post-quantum/hybrid.d.ts +267 -0
  1152. package/dist/security/crypto/post-quantum/hybrid.d.ts.map +1 -0
  1153. package/dist/security/crypto/post-quantum/hybrid.js +457 -0
  1154. package/dist/security/crypto/post-quantum/hybrid.js.map +1 -0
  1155. package/dist/security/crypto/post-quantum/index.d.ts +166 -0
  1156. package/dist/security/crypto/post-quantum/index.d.ts.map +1 -0
  1157. package/dist/security/crypto/post-quantum/index.js +236 -0
  1158. package/dist/security/crypto/post-quantum/index.js.map +1 -0
  1159. package/dist/security/crypto/post-quantum/kyber.d.ts +131 -0
  1160. package/dist/security/crypto/post-quantum/kyber.d.ts.map +1 -0
  1161. package/dist/security/crypto/post-quantum/kyber.js +640 -0
  1162. package/dist/security/crypto/post-quantum/kyber.js.map +1 -0
  1163. package/dist/security/crypto/post-quantum/migration.d.ts +230 -0
  1164. package/dist/security/crypto/post-quantum/migration.d.ts.map +1 -0
  1165. package/dist/security/crypto/post-quantum/migration.js +563 -0
  1166. package/dist/security/crypto/post-quantum/migration.js.map +1 -0
  1167. package/dist/security/crypto/post-quantum/types.d.ts +1056 -0
  1168. package/dist/security/crypto/post-quantum/types.d.ts.map +1 -0
  1169. package/dist/security/crypto/post-quantum/types.js +350 -0
  1170. package/dist/security/crypto/post-quantum/types.js.map +1 -0
  1171. package/dist/security/crypto/shamir/comparison.d.ts +128 -0
  1172. package/dist/security/crypto/shamir/comparison.d.ts.map +1 -0
  1173. package/dist/security/crypto/shamir/comparison.js +423 -0
  1174. package/dist/security/crypto/shamir/comparison.js.map +1 -0
  1175. package/dist/security/crypto/shamir/index.d.ts +76 -0
  1176. package/dist/security/crypto/shamir/index.d.ts.map +1 -0
  1177. package/dist/security/crypto/shamir/index.js +155 -0
  1178. package/dist/security/crypto/shamir/index.js.map +1 -0
  1179. package/dist/security/crypto/shamir/proofs.d.ts +259 -0
  1180. package/dist/security/crypto/shamir/proofs.d.ts.map +1 -0
  1181. package/dist/security/crypto/shamir/proofs.js +605 -0
  1182. package/dist/security/crypto/shamir/proofs.js.map +1 -0
  1183. package/dist/security/crypto/shamir/property-tests.d.ts +104 -0
  1184. package/dist/security/crypto/shamir/property-tests.d.ts.map +1 -0
  1185. package/dist/security/crypto/shamir/property-tests.js +480 -0
  1186. package/dist/security/crypto/shamir/property-tests.js.map +1 -0
  1187. package/dist/security/crypto/shamir/security-analysis.d.ts +97 -0
  1188. package/dist/security/crypto/shamir/security-analysis.d.ts.map +1 -0
  1189. package/dist/security/crypto/shamir/security-analysis.js +503 -0
  1190. package/dist/security/crypto/shamir/security-analysis.js.map +1 -0
  1191. package/dist/security/crypto/shamir/test-vectors.d.ts +116 -0
  1192. package/dist/security/crypto/shamir/test-vectors.d.ts.map +1 -0
  1193. package/dist/security/crypto/shamir/test-vectors.js +377 -0
  1194. package/dist/security/crypto/shamir/test-vectors.js.map +1 -0
  1195. package/dist/security/crypto/shamir/types.d.ts +281 -0
  1196. package/dist/security/crypto/shamir/types.d.ts.map +1 -0
  1197. package/dist/security/crypto/shamir/types.js +82 -0
  1198. package/dist/security/crypto/shamir/types.js.map +1 -0
  1199. package/dist/security/crypto/shamir/verified-shamir.d.ts +170 -0
  1200. package/dist/security/crypto/shamir/verified-shamir.d.ts.map +1 -0
  1201. package/dist/security/crypto/shamir/verified-shamir.js +624 -0
  1202. package/dist/security/crypto/shamir/verified-shamir.js.map +1 -0
  1203. package/dist/security/csrf.d.ts +215 -0
  1204. package/dist/security/csrf.d.ts.map +1 -0
  1205. package/dist/security/csrf.js +467 -0
  1206. package/dist/security/csrf.js.map +1 -0
  1207. package/dist/security/distributed-state.d.ts +331 -0
  1208. package/dist/security/distributed-state.d.ts.map +1 -0
  1209. package/dist/security/distributed-state.js +768 -0
  1210. package/dist/security/distributed-state.js.map +1 -0
  1211. package/dist/security/dlp/index.d.ts +27 -0
  1212. package/dist/security/dlp/index.d.ts.map +1 -0
  1213. package/dist/security/dlp/index.js +54 -0
  1214. package/dist/security/dlp/index.js.map +1 -0
  1215. package/dist/security/dlp/scanner.d.ts +451 -0
  1216. package/dist/security/dlp/scanner.d.ts.map +1 -0
  1217. package/dist/security/dlp/scanner.js +1241 -0
  1218. package/dist/security/dlp/scanner.js.map +1 -0
  1219. package/dist/security/dpop.d.ts +260 -0
  1220. package/dist/security/dpop.d.ts.map +1 -0
  1221. package/dist/security/dpop.js +1058 -0
  1222. package/dist/security/dpop.js.map +1 -0
  1223. package/dist/security/encryption/decorators.d.ts +263 -0
  1224. package/dist/security/encryption/decorators.d.ts.map +1 -0
  1225. package/dist/security/encryption/decorators.js +359 -0
  1226. package/dist/security/encryption/decorators.js.map +1 -0
  1227. package/dist/security/encryption/index.d.ts +83 -0
  1228. package/dist/security/encryption/index.d.ts.map +1 -0
  1229. package/dist/security/encryption/index.js +140 -0
  1230. package/dist/security/encryption/index.js.map +1 -0
  1231. package/dist/security/encryption/key-provider.d.ts +335 -0
  1232. package/dist/security/encryption/key-provider.d.ts.map +1 -0
  1233. package/dist/security/encryption/key-provider.js +853 -0
  1234. package/dist/security/encryption/key-provider.js.map +1 -0
  1235. package/dist/security/encryption/middleware.d.ts +279 -0
  1236. package/dist/security/encryption/middleware.d.ts.map +1 -0
  1237. package/dist/security/encryption/middleware.js +493 -0
  1238. package/dist/security/encryption/middleware.js.map +1 -0
  1239. package/dist/security/encryption/service.d.ts +164 -0
  1240. package/dist/security/encryption/service.d.ts.map +1 -0
  1241. package/dist/security/encryption/service.js +623 -0
  1242. package/dist/security/encryption/service.js.map +1 -0
  1243. package/dist/security/encryption/types.d.ts +745 -0
  1244. package/dist/security/encryption/types.d.ts.map +1 -0
  1245. package/dist/security/encryption/types.js +229 -0
  1246. package/dist/security/encryption/types.js.map +1 -0
  1247. package/dist/security/error-sanitizer.d.ts +329 -0
  1248. package/dist/security/error-sanitizer.d.ts.map +1 -0
  1249. package/dist/security/error-sanitizer.js +700 -0
  1250. package/dist/security/error-sanitizer.js.map +1 -0
  1251. package/dist/security/fingerprint-service.d.ts +139 -0
  1252. package/dist/security/fingerprint-service.d.ts.map +1 -0
  1253. package/dist/security/fingerprint-service.js +240 -0
  1254. package/dist/security/fingerprint-service.js.map +1 -0
  1255. package/dist/security/headers/csp.d.ts +270 -0
  1256. package/dist/security/headers/csp.d.ts.map +1 -0
  1257. package/dist/security/headers/csp.js +655 -0
  1258. package/dist/security/headers/csp.js.map +1 -0
  1259. package/dist/security/headers/hsts.d.ts +161 -0
  1260. package/dist/security/headers/hsts.d.ts.map +1 -0
  1261. package/dist/security/headers/hsts.js +346 -0
  1262. package/dist/security/headers/hsts.js.map +1 -0
  1263. package/dist/security/headers/index.d.ts +47 -0
  1264. package/dist/security/headers/index.d.ts.map +1 -0
  1265. package/dist/security/headers/index.js +110 -0
  1266. package/dist/security/headers/index.js.map +1 -0
  1267. package/dist/security/headers/middleware.d.ts +70 -0
  1268. package/dist/security/headers/middleware.d.ts.map +1 -0
  1269. package/dist/security/headers/middleware.js +549 -0
  1270. package/dist/security/headers/middleware.js.map +1 -0
  1271. package/dist/security/headers/permissions-policy.d.ts +189 -0
  1272. package/dist/security/headers/permissions-policy.d.ts.map +1 -0
  1273. package/dist/security/headers/permissions-policy.js +508 -0
  1274. package/dist/security/headers/permissions-policy.js.map +1 -0
  1275. package/dist/security/headers/types.d.ts +1570 -0
  1276. package/dist/security/headers/types.d.ts.map +1 -0
  1277. package/dist/security/headers/types.js +281 -0
  1278. package/dist/security/headers/types.js.map +1 -0
  1279. package/dist/security/headers/validator.d.ts +36 -0
  1280. package/dist/security/headers/validator.d.ts.map +1 -0
  1281. package/dist/security/headers/validator.js +616 -0
  1282. package/dist/security/headers/validator.js.map +1 -0
  1283. package/dist/security/hsm/aws-cloudhsm.d.ts +157 -0
  1284. package/dist/security/hsm/aws-cloudhsm.d.ts.map +1 -0
  1285. package/dist/security/hsm/aws-cloudhsm.js +712 -0
  1286. package/dist/security/hsm/aws-cloudhsm.js.map +1 -0
  1287. package/dist/security/hsm/azure-hsm.d.ts +174 -0
  1288. package/dist/security/hsm/azure-hsm.d.ts.map +1 -0
  1289. package/dist/security/hsm/azure-hsm.js +792 -0
  1290. package/dist/security/hsm/azure-hsm.js.map +1 -0
  1291. package/dist/security/hsm/gcp-hsm.d.ts +184 -0
  1292. package/dist/security/hsm/gcp-hsm.d.ts.map +1 -0
  1293. package/dist/security/hsm/gcp-hsm.js +817 -0
  1294. package/dist/security/hsm/gcp-hsm.js.map +1 -0
  1295. package/dist/security/hsm/hsm-service.d.ts +264 -0
  1296. package/dist/security/hsm/hsm-service.d.ts.map +1 -0
  1297. package/dist/security/hsm/hsm-service.js +772 -0
  1298. package/dist/security/hsm/hsm-service.js.map +1 -0
  1299. package/dist/security/hsm/index.d.ts +248 -0
  1300. package/dist/security/hsm/index.d.ts.map +1 -0
  1301. package/dist/security/hsm/index.js +329 -0
  1302. package/dist/security/hsm/index.js.map +1 -0
  1303. package/dist/security/hsm/key-ceremony.d.ts +214 -0
  1304. package/dist/security/hsm/key-ceremony.d.ts.map +1 -0
  1305. package/dist/security/hsm/key-ceremony.js +636 -0
  1306. package/dist/security/hsm/key-ceremony.js.map +1 -0
  1307. package/dist/security/hsm/key-operations.d.ts +218 -0
  1308. package/dist/security/hsm/key-operations.d.ts.map +1 -0
  1309. package/dist/security/hsm/key-operations.js +625 -0
  1310. package/dist/security/hsm/key-operations.js.map +1 -0
  1311. package/dist/security/hsm/local-softHSM.d.ts +122 -0
  1312. package/dist/security/hsm/local-softHSM.d.ts.map +1 -0
  1313. package/dist/security/hsm/local-softHSM.js +786 -0
  1314. package/dist/security/hsm/local-softHSM.js.map +1 -0
  1315. package/dist/security/hsm/pkcs11-wrapper.d.ts +386 -0
  1316. package/dist/security/hsm/pkcs11-wrapper.d.ts.map +1 -0
  1317. package/dist/security/hsm/pkcs11-wrapper.js +1149 -0
  1318. package/dist/security/hsm/pkcs11-wrapper.js.map +1 -0
  1319. package/dist/security/hsm/provider.d.ts +333 -0
  1320. package/dist/security/hsm/provider.d.ts.map +1 -0
  1321. package/dist/security/hsm/provider.js +264 -0
  1322. package/dist/security/hsm/provider.js.map +1 -0
  1323. package/dist/security/hsm/thales-luna.d.ts +209 -0
  1324. package/dist/security/hsm/thales-luna.d.ts.map +1 -0
  1325. package/dist/security/hsm/thales-luna.js +820 -0
  1326. package/dist/security/hsm/thales-luna.js.map +1 -0
  1327. package/dist/security/incident/actions/block-ip.d.ts +82 -0
  1328. package/dist/security/incident/actions/block-ip.d.ts.map +1 -0
  1329. package/dist/security/incident/actions/block-ip.js +454 -0
  1330. package/dist/security/incident/actions/block-ip.js.map +1 -0
  1331. package/dist/security/incident/actions/collect-evidence.d.ts +93 -0
  1332. package/dist/security/incident/actions/collect-evidence.d.ts.map +1 -0
  1333. package/dist/security/incident/actions/collect-evidence.js +449 -0
  1334. package/dist/security/incident/actions/collect-evidence.js.map +1 -0
  1335. package/dist/security/incident/actions/index.d.ts +39 -0
  1336. package/dist/security/incident/actions/index.d.ts.map +1 -0
  1337. package/dist/security/incident/actions/index.js +52 -0
  1338. package/dist/security/incident/actions/index.js.map +1 -0
  1339. package/dist/security/incident/actions/isolate-system.d.ts +61 -0
  1340. package/dist/security/incident/actions/isolate-system.d.ts.map +1 -0
  1341. package/dist/security/incident/actions/isolate-system.js +369 -0
  1342. package/dist/security/incident/actions/isolate-system.js.map +1 -0
  1343. package/dist/security/incident/actions/notify-stakeholders.d.ts +70 -0
  1344. package/dist/security/incident/actions/notify-stakeholders.d.ts.map +1 -0
  1345. package/dist/security/incident/actions/notify-stakeholders.js +377 -0
  1346. package/dist/security/incident/actions/notify-stakeholders.js.map +1 -0
  1347. package/dist/security/incident/actions/revoke-credentials.d.ts +75 -0
  1348. package/dist/security/incident/actions/revoke-credentials.d.ts.map +1 -0
  1349. package/dist/security/incident/actions/revoke-credentials.js +320 -0
  1350. package/dist/security/incident/actions/revoke-credentials.js.map +1 -0
  1351. package/dist/security/incident/actions/scale-monitoring.d.ts +88 -0
  1352. package/dist/security/incident/actions/scale-monitoring.d.ts.map +1 -0
  1353. package/dist/security/incident/actions/scale-monitoring.js +473 -0
  1354. package/dist/security/incident/actions/scale-monitoring.js.map +1 -0
  1355. package/dist/security/incident/executor.d.ts +128 -0
  1356. package/dist/security/incident/executor.d.ts.map +1 -0
  1357. package/dist/security/incident/executor.js +695 -0
  1358. package/dist/security/incident/executor.js.map +1 -0
  1359. package/dist/security/incident/index.d.ts +220 -0
  1360. package/dist/security/incident/index.d.ts.map +1 -0
  1361. package/dist/security/incident/index.js +1284 -0
  1362. package/dist/security/incident/index.js.map +1 -0
  1363. package/dist/security/incident/notification.d.ts +68 -0
  1364. package/dist/security/incident/notification.d.ts.map +1 -0
  1365. package/dist/security/incident/notification.js +512 -0
  1366. package/dist/security/incident/notification.js.map +1 -0
  1367. package/dist/security/incident/playbooks/account-compromise.d.ts +13 -0
  1368. package/dist/security/incident/playbooks/account-compromise.d.ts.map +1 -0
  1369. package/dist/security/incident/playbooks/account-compromise.js +379 -0
  1370. package/dist/security/incident/playbooks/account-compromise.js.map +1 -0
  1371. package/dist/security/incident/playbooks/configuration-error.d.ts +17 -0
  1372. package/dist/security/incident/playbooks/configuration-error.d.ts.map +1 -0
  1373. package/dist/security/incident/playbooks/configuration-error.js +340 -0
  1374. package/dist/security/incident/playbooks/configuration-error.js.map +1 -0
  1375. package/dist/security/incident/playbooks/data-breach.d.ts +13 -0
  1376. package/dist/security/incident/playbooks/data-breach.d.ts.map +1 -0
  1377. package/dist/security/incident/playbooks/data-breach.js +394 -0
  1378. package/dist/security/incident/playbooks/data-breach.js.map +1 -0
  1379. package/dist/security/incident/playbooks/denial-of-service.d.ts +13 -0
  1380. package/dist/security/incident/playbooks/denial-of-service.d.ts.map +1 -0
  1381. package/dist/security/incident/playbooks/denial-of-service.js +540 -0
  1382. package/dist/security/incident/playbooks/denial-of-service.js.map +1 -0
  1383. package/dist/security/incident/playbooks/index.d.ts +36 -0
  1384. package/dist/security/incident/playbooks/index.d.ts.map +1 -0
  1385. package/dist/security/incident/playbooks/index.js +56 -0
  1386. package/dist/security/incident/playbooks/index.js.map +1 -0
  1387. package/dist/security/incident/playbooks/insider-threat.d.ts +18 -0
  1388. package/dist/security/incident/playbooks/insider-threat.d.ts.map +1 -0
  1389. package/dist/security/incident/playbooks/insider-threat.js +600 -0
  1390. package/dist/security/incident/playbooks/insider-threat.js.map +1 -0
  1391. package/dist/security/incident/playbooks/malware.d.ts +13 -0
  1392. package/dist/security/incident/playbooks/malware.d.ts.map +1 -0
  1393. package/dist/security/incident/playbooks/malware.js +515 -0
  1394. package/dist/security/incident/playbooks/malware.js.map +1 -0
  1395. package/dist/security/incident/playbooks/ransomware.d.ts +14 -0
  1396. package/dist/security/incident/playbooks/ransomware.d.ts.map +1 -0
  1397. package/dist/security/incident/playbooks/ransomware.js +693 -0
  1398. package/dist/security/incident/playbooks/ransomware.js.map +1 -0
  1399. package/dist/security/incident/playbooks/unauthorized-access.d.ts +13 -0
  1400. package/dist/security/incident/playbooks/unauthorized-access.d.ts.map +1 -0
  1401. package/dist/security/incident/playbooks/unauthorized-access.js +412 -0
  1402. package/dist/security/incident/playbooks/unauthorized-access.js.map +1 -0
  1403. package/dist/security/incident/triggers.d.ts +120 -0
  1404. package/dist/security/incident/triggers.d.ts.map +1 -0
  1405. package/dist/security/incident/triggers.js +708 -0
  1406. package/dist/security/incident/triggers.js.map +1 -0
  1407. package/dist/security/incident/types.d.ts +1517 -0
  1408. package/dist/security/incident/types.d.ts.map +1 -0
  1409. package/dist/security/incident/types.js +222 -0
  1410. package/dist/security/incident/types.js.map +1 -0
  1411. package/dist/security/index.d.ts +59 -0
  1412. package/dist/security/index.d.ts.map +1 -0
  1413. package/dist/security/index.js +295 -0
  1414. package/dist/security/index.js.map +1 -0
  1415. package/dist/security/injection-detector.d.ts +510 -0
  1416. package/dist/security/injection-detector.d.ts.map +1 -0
  1417. package/dist/security/injection-detector.js +1325 -0
  1418. package/dist/security/injection-detector.js.map +1 -0
  1419. package/dist/security/introspection.d.ts +137 -0
  1420. package/dist/security/introspection.d.ts.map +1 -0
  1421. package/dist/security/introspection.js +451 -0
  1422. package/dist/security/introspection.js.map +1 -0
  1423. package/dist/security/key-rotation.d.ts +213 -0
  1424. package/dist/security/key-rotation.d.ts.map +1 -0
  1425. package/dist/security/key-rotation.js +530 -0
  1426. package/dist/security/key-rotation.js.map +1 -0
  1427. package/dist/security/kms/aws-kms.d.ts +152 -0
  1428. package/dist/security/kms/aws-kms.d.ts.map +1 -0
  1429. package/dist/security/kms/aws-kms.js +808 -0
  1430. package/dist/security/kms/aws-kms.js.map +1 -0
  1431. package/dist/security/kms/index.d.ts +165 -0
  1432. package/dist/security/kms/index.d.ts.map +1 -0
  1433. package/dist/security/kms/index.js +351 -0
  1434. package/dist/security/kms/index.js.map +1 -0
  1435. package/dist/security/kms/local.d.ts +127 -0
  1436. package/dist/security/kms/local.d.ts.map +1 -0
  1437. package/dist/security/kms/local.js +682 -0
  1438. package/dist/security/kms/local.js.map +1 -0
  1439. package/dist/security/kms/types.d.ts +1000 -0
  1440. package/dist/security/kms/types.d.ts.map +1 -0
  1441. package/dist/security/kms/types.js +167 -0
  1442. package/dist/security/kms/types.js.map +1 -0
  1443. package/dist/security/kms/vault.d.ts +165 -0
  1444. package/dist/security/kms/vault.d.ts.map +1 -0
  1445. package/dist/security/kms/vault.js +820 -0
  1446. package/dist/security/kms/vault.js.map +1 -0
  1447. package/dist/security/mfa/index.d.ts +17 -0
  1448. package/dist/security/mfa/index.d.ts.map +1 -0
  1449. package/dist/security/mfa/index.js +37 -0
  1450. package/dist/security/mfa/index.js.map +1 -0
  1451. package/dist/security/mfa/mfa-middleware.d.ts +74 -0
  1452. package/dist/security/mfa/mfa-middleware.d.ts.map +1 -0
  1453. package/dist/security/mfa/mfa-middleware.js +244 -0
  1454. package/dist/security/mfa/mfa-middleware.js.map +1 -0
  1455. package/dist/security/mfa/mfa-service.d.ts +115 -0
  1456. package/dist/security/mfa/mfa-service.d.ts.map +1 -0
  1457. package/dist/security/mfa/mfa-service.js +509 -0
  1458. package/dist/security/mfa/mfa-service.js.map +1 -0
  1459. package/dist/security/mfa/mfa-store.d.ts +615 -0
  1460. package/dist/security/mfa/mfa-store.d.ts.map +1 -0
  1461. package/dist/security/mfa/mfa-store.js +431 -0
  1462. package/dist/security/mfa/mfa-store.js.map +1 -0
  1463. package/dist/security/mfa/types.d.ts +417 -0
  1464. package/dist/security/mfa/types.d.ts.map +1 -0
  1465. package/dist/security/mfa/types.js +123 -0
  1466. package/dist/security/mfa/types.js.map +1 -0
  1467. package/dist/security/middleware.d.ts +179 -0
  1468. package/dist/security/middleware.d.ts.map +1 -0
  1469. package/dist/security/middleware.js +534 -0
  1470. package/dist/security/middleware.js.map +1 -0
  1471. package/dist/security/pairwise-did.d.ts +157 -0
  1472. package/dist/security/pairwise-did.d.ts.map +1 -0
  1473. package/dist/security/pairwise-did.js +450 -0
  1474. package/dist/security/pairwise-did.js.map +1 -0
  1475. package/dist/security/pam/break-glass.d.ts +776 -0
  1476. package/dist/security/pam/break-glass.d.ts.map +1 -0
  1477. package/dist/security/pam/break-glass.js +1137 -0
  1478. package/dist/security/pam/break-glass.js.map +1 -0
  1479. package/dist/security/pam/index.d.ts +120 -0
  1480. package/dist/security/pam/index.d.ts.map +1 -0
  1481. package/dist/security/pam/index.js +179 -0
  1482. package/dist/security/pam/index.js.map +1 -0
  1483. package/dist/security/pam/jit-access.d.ts +482 -0
  1484. package/dist/security/pam/jit-access.d.ts.map +1 -0
  1485. package/dist/security/pam/jit-access.js +1030 -0
  1486. package/dist/security/pam/jit-access.js.map +1 -0
  1487. package/dist/security/pam/session-recording.d.ts +1007 -0
  1488. package/dist/security/pam/session-recording.d.ts.map +1 -0
  1489. package/dist/security/pam/session-recording.js +1047 -0
  1490. package/dist/security/pam/session-recording.js.map +1 -0
  1491. package/dist/security/password-hashing.d.ts +199 -0
  1492. package/dist/security/password-hashing.d.ts.map +1 -0
  1493. package/dist/security/password-hashing.js +366 -0
  1494. package/dist/security/password-hashing.js.map +1 -0
  1495. package/dist/security/password-policy.d.ts +304 -0
  1496. package/dist/security/password-policy.d.ts.map +1 -0
  1497. package/dist/security/password-policy.js +730 -0
  1498. package/dist/security/password-policy.js.map +1 -0
  1499. package/dist/security/pkce.d.ts +269 -0
  1500. package/dist/security/pkce.d.ts.map +1 -0
  1501. package/dist/security/pkce.js +408 -0
  1502. package/dist/security/pkce.js.map +1 -0
  1503. package/dist/security/policy-engine/built-in-policies.d.ts +90 -0
  1504. package/dist/security/policy-engine/built-in-policies.d.ts.map +1 -0
  1505. package/dist/security/policy-engine/built-in-policies.js +627 -0
  1506. package/dist/security/policy-engine/built-in-policies.js.map +1 -0
  1507. package/dist/security/policy-engine/condition-evaluator.d.ts +129 -0
  1508. package/dist/security/policy-engine/condition-evaluator.d.ts.map +1 -0
  1509. package/dist/security/policy-engine/condition-evaluator.js +647 -0
  1510. package/dist/security/policy-engine/condition-evaluator.js.map +1 -0
  1511. package/dist/security/policy-engine/engine.d.ts +200 -0
  1512. package/dist/security/policy-engine/engine.d.ts.map +1 -0
  1513. package/dist/security/policy-engine/engine.js +752 -0
  1514. package/dist/security/policy-engine/engine.js.map +1 -0
  1515. package/dist/security/policy-engine/index.d.ts +58 -0
  1516. package/dist/security/policy-engine/index.d.ts.map +1 -0
  1517. package/dist/security/policy-engine/index.js +80 -0
  1518. package/dist/security/policy-engine/index.js.map +1 -0
  1519. package/dist/security/policy-engine/middleware.d.ts +77 -0
  1520. package/dist/security/policy-engine/middleware.d.ts.map +1 -0
  1521. package/dist/security/policy-engine/middleware.js +375 -0
  1522. package/dist/security/policy-engine/middleware.js.map +1 -0
  1523. package/dist/security/policy-engine/rule-evaluator.d.ts +140 -0
  1524. package/dist/security/policy-engine/rule-evaluator.d.ts.map +1 -0
  1525. package/dist/security/policy-engine/rule-evaluator.js +593 -0
  1526. package/dist/security/policy-engine/rule-evaluator.js.map +1 -0
  1527. package/dist/security/policy-engine/types.d.ts +2855 -0
  1528. package/dist/security/policy-engine/types.d.ts.map +1 -0
  1529. package/dist/security/policy-engine/types.js +443 -0
  1530. package/dist/security/policy-engine/types.js.map +1 -0
  1531. package/dist/security/rbac/index.d.ts +317 -0
  1532. package/dist/security/rbac/index.d.ts.map +1 -0
  1533. package/dist/security/rbac/index.js +618 -0
  1534. package/dist/security/rbac/index.js.map +1 -0
  1535. package/dist/security/rbac/permissions.d.ts +305 -0
  1536. package/dist/security/rbac/permissions.d.ts.map +1 -0
  1537. package/dist/security/rbac/permissions.js +947 -0
  1538. package/dist/security/rbac/permissions.js.map +1 -0
  1539. package/dist/security/rbac/policy-engine.d.ts +542 -0
  1540. package/dist/security/rbac/policy-engine.d.ts.map +1 -0
  1541. package/dist/security/rbac/policy-engine.js +1244 -0
  1542. package/dist/security/rbac/policy-engine.js.map +1 -0
  1543. package/dist/security/rbac/roles.d.ts +478 -0
  1544. package/dist/security/rbac/roles.d.ts.map +1 -0
  1545. package/dist/security/rbac/roles.js +363 -0
  1546. package/dist/security/rbac/roles.js.map +1 -0
  1547. package/dist/security/refresh-token.d.ts +305 -0
  1548. package/dist/security/refresh-token.d.ts.map +1 -0
  1549. package/dist/security/refresh-token.js +674 -0
  1550. package/dist/security/refresh-token.js.map +1 -0
  1551. package/dist/security/request-integrity.d.ts +289 -0
  1552. package/dist/security/request-integrity.d.ts.map +1 -0
  1553. package/dist/security/request-integrity.js +663 -0
  1554. package/dist/security/request-integrity.js.map +1 -0
  1555. package/dist/security/revocation-check.d.ts +188 -0
  1556. package/dist/security/revocation-check.d.ts.map +1 -0
  1557. package/dist/security/revocation-check.js +606 -0
  1558. package/dist/security/revocation-check.js.map +1 -0
  1559. package/dist/security/revocation.d.ts +191 -0
  1560. package/dist/security/revocation.d.ts.map +1 -0
  1561. package/dist/security/revocation.js +522 -0
  1562. package/dist/security/revocation.js.map +1 -0
  1563. package/dist/security/secrets-rotation.d.ts +501 -0
  1564. package/dist/security/secrets-rotation.d.ts.map +1 -0
  1565. package/dist/security/secrets-rotation.js +934 -0
  1566. package/dist/security/secrets-rotation.js.map +1 -0
  1567. package/dist/security/secure-memory.d.ts +325 -0
  1568. package/dist/security/secure-memory.d.ts.map +1 -0
  1569. package/dist/security/secure-memory.js +595 -0
  1570. package/dist/security/secure-memory.js.map +1 -0
  1571. package/dist/security/security-service.d.ts +186 -0
  1572. package/dist/security/security-service.d.ts.map +1 -0
  1573. package/dist/security/security-service.js +531 -0
  1574. package/dist/security/security-service.js.map +1 -0
  1575. package/dist/security/service-auth/index.d.ts +20 -0
  1576. package/dist/security/service-auth/index.d.ts.map +1 -0
  1577. package/dist/security/service-auth/index.js +61 -0
  1578. package/dist/security/service-auth/index.js.map +1 -0
  1579. package/dist/security/service-auth/service-account.d.ts +357 -0
  1580. package/dist/security/service-auth/service-account.d.ts.map +1 -0
  1581. package/dist/security/service-auth/service-account.js +475 -0
  1582. package/dist/security/service-auth/service-account.js.map +1 -0
  1583. package/dist/security/service-auth/service-auth-middleware.d.ts +174 -0
  1584. package/dist/security/service-auth/service-auth-middleware.d.ts.map +1 -0
  1585. package/dist/security/service-auth/service-auth-middleware.js +461 -0
  1586. package/dist/security/service-auth/service-auth-middleware.js.map +1 -0
  1587. package/dist/security/service-auth/service-token.d.ts +391 -0
  1588. package/dist/security/service-auth/service-token.d.ts.map +1 -0
  1589. package/dist/security/service-auth/service-token.js +472 -0
  1590. package/dist/security/service-auth/service-token.js.map +1 -0
  1591. package/dist/security/session-manager.d.ts +177 -0
  1592. package/dist/security/session-manager.d.ts.map +1 -0
  1593. package/dist/security/session-manager.js +353 -0
  1594. package/dist/security/session-manager.js.map +1 -0
  1595. package/dist/security/session-store.d.ts +205 -0
  1596. package/dist/security/session-store.d.ts.map +1 -0
  1597. package/dist/security/session-store.js +581 -0
  1598. package/dist/security/session-store.js.map +1 -0
  1599. package/dist/security/siem/connector.d.ts +147 -0
  1600. package/dist/security/siem/connector.d.ts.map +1 -0
  1601. package/dist/security/siem/connector.js +254 -0
  1602. package/dist/security/siem/connector.js.map +1 -0
  1603. package/dist/security/siem/datadog.d.ts +81 -0
  1604. package/dist/security/siem/datadog.d.ts.map +1 -0
  1605. package/dist/security/siem/datadog.js +362 -0
  1606. package/dist/security/siem/datadog.js.map +1 -0
  1607. package/dist/security/siem/elastic.d.ts +83 -0
  1608. package/dist/security/siem/elastic.d.ts.map +1 -0
  1609. package/dist/security/siem/elastic.js +514 -0
  1610. package/dist/security/siem/elastic.js.map +1 -0
  1611. package/dist/security/siem/enrichment.d.ts +133 -0
  1612. package/dist/security/siem/enrichment.d.ts.map +1 -0
  1613. package/dist/security/siem/enrichment.js +434 -0
  1614. package/dist/security/siem/enrichment.js.map +1 -0
  1615. package/dist/security/siem/formatter.d.ts +118 -0
  1616. package/dist/security/siem/formatter.d.ts.map +1 -0
  1617. package/dist/security/siem/formatter.js +381 -0
  1618. package/dist/security/siem/formatter.js.map +1 -0
  1619. package/dist/security/siem/hooks.d.ts +107 -0
  1620. package/dist/security/siem/hooks.d.ts.map +1 -0
  1621. package/dist/security/siem/hooks.js +459 -0
  1622. package/dist/security/siem/hooks.js.map +1 -0
  1623. package/dist/security/siem/index.d.ts +83 -0
  1624. package/dist/security/siem/index.d.ts.map +1 -0
  1625. package/dist/security/siem/index.js +95 -0
  1626. package/dist/security/siem/index.js.map +1 -0
  1627. package/dist/security/siem/service.d.ts +153 -0
  1628. package/dist/security/siem/service.d.ts.map +1 -0
  1629. package/dist/security/siem/service.js +615 -0
  1630. package/dist/security/siem/service.js.map +1 -0
  1631. package/dist/security/siem/splunk.d.ts +76 -0
  1632. package/dist/security/siem/splunk.d.ts.map +1 -0
  1633. package/dist/security/siem/splunk.js +283 -0
  1634. package/dist/security/siem/splunk.js.map +1 -0
  1635. package/dist/security/siem/types.d.ts +1980 -0
  1636. package/dist/security/siem/types.d.ts.map +1 -0
  1637. package/dist/security/siem/types.js +268 -0
  1638. package/dist/security/siem/types.js.map +1 -0
  1639. package/dist/security/tee-production.d.ts +157 -0
  1640. package/dist/security/tee-production.d.ts.map +1 -0
  1641. package/dist/security/tee-production.js +792 -0
  1642. package/dist/security/tee-production.js.map +1 -0
  1643. package/dist/security/tee.d.ts +182 -0
  1644. package/dist/security/tee.d.ts.map +1 -0
  1645. package/dist/security/tee.js +1031 -0
  1646. package/dist/security/tee.js.map +1 -0
  1647. package/dist/security/threat-intel/bot-detection.d.ts +275 -0
  1648. package/dist/security/threat-intel/bot-detection.d.ts.map +1 -0
  1649. package/dist/security/threat-intel/bot-detection.js +890 -0
  1650. package/dist/security/threat-intel/bot-detection.js.map +1 -0
  1651. package/dist/security/threat-intel/credential-stuffing.d.ts +368 -0
  1652. package/dist/security/threat-intel/credential-stuffing.d.ts.map +1 -0
  1653. package/dist/security/threat-intel/credential-stuffing.js +957 -0
  1654. package/dist/security/threat-intel/credential-stuffing.js.map +1 -0
  1655. package/dist/security/threat-intel/index.d.ts +10 -0
  1656. package/dist/security/threat-intel/index.d.ts.map +1 -0
  1657. package/dist/security/threat-intel/index.js +18 -0
  1658. package/dist/security/threat-intel/index.js.map +1 -0
  1659. package/dist/security/threat-intel/ip-reputation.d.ts +323 -0
  1660. package/dist/security/threat-intel/ip-reputation.d.ts.map +1 -0
  1661. package/dist/security/threat-intel/ip-reputation.js +923 -0
  1662. package/dist/security/threat-intel/ip-reputation.js.map +1 -0
  1663. package/dist/security/token-lifecycle.d.ts +272 -0
  1664. package/dist/security/token-lifecycle.d.ts.map +1 -0
  1665. package/dist/security/token-lifecycle.js +732 -0
  1666. package/dist/security/token-lifecycle.js.map +1 -0
  1667. package/dist/security/token-lifetime.d.ts +206 -0
  1668. package/dist/security/token-lifetime.d.ts.map +1 -0
  1669. package/dist/security/token-lifetime.js +388 -0
  1670. package/dist/security/token-lifetime.js.map +1 -0
  1671. package/dist/security/trust-oracle/alerts.d.ts +202 -0
  1672. package/dist/security/trust-oracle/alerts.d.ts.map +1 -0
  1673. package/dist/security/trust-oracle/alerts.js +763 -0
  1674. package/dist/security/trust-oracle/alerts.js.map +1 -0
  1675. package/dist/security/trust-oracle/api.d.ts +116 -0
  1676. package/dist/security/trust-oracle/api.d.ts.map +1 -0
  1677. package/dist/security/trust-oracle/api.js +721 -0
  1678. package/dist/security/trust-oracle/api.js.map +1 -0
  1679. package/dist/security/trust-oracle/continuous-monitoring.d.ts +105 -0
  1680. package/dist/security/trust-oracle/continuous-monitoring.d.ts.map +1 -0
  1681. package/dist/security/trust-oracle/continuous-monitoring.js +696 -0
  1682. package/dist/security/trust-oracle/continuous-monitoring.js.map +1 -0
  1683. package/dist/security/trust-oracle/data-sources.d.ts +126 -0
  1684. package/dist/security/trust-oracle/data-sources.d.ts.map +1 -0
  1685. package/dist/security/trust-oracle/data-sources.js +867 -0
  1686. package/dist/security/trust-oracle/data-sources.js.map +1 -0
  1687. package/dist/security/trust-oracle/index.d.ts +79 -0
  1688. package/dist/security/trust-oracle/index.d.ts.map +1 -0
  1689. package/dist/security/trust-oracle/index.js +206 -0
  1690. package/dist/security/trust-oracle/index.js.map +1 -0
  1691. package/dist/security/trust-oracle/oracle.d.ts +125 -0
  1692. package/dist/security/trust-oracle/oracle.d.ts.map +1 -0
  1693. package/dist/security/trust-oracle/oracle.js +489 -0
  1694. package/dist/security/trust-oracle/oracle.js.map +1 -0
  1695. package/dist/security/trust-oracle/reporting.d.ts +145 -0
  1696. package/dist/security/trust-oracle/reporting.d.ts.map +1 -0
  1697. package/dist/security/trust-oracle/reporting.js +1098 -0
  1698. package/dist/security/trust-oracle/reporting.js.map +1 -0
  1699. package/dist/security/trust-oracle/risk-scorer.d.ts +207 -0
  1700. package/dist/security/trust-oracle/risk-scorer.d.ts.map +1 -0
  1701. package/dist/security/trust-oracle/risk-scorer.js +1033 -0
  1702. package/dist/security/trust-oracle/risk-scorer.js.map +1 -0
  1703. package/dist/security/trust-oracle/types.d.ts +444 -0
  1704. package/dist/security/trust-oracle/types.d.ts.map +1 -0
  1705. package/dist/security/trust-oracle/types.js +6 -0
  1706. package/dist/security/trust-oracle/types.js.map +1 -0
  1707. package/dist/security/trust-oracle/vendor-registry.d.ts +228 -0
  1708. package/dist/security/trust-oracle/vendor-registry.d.ts.map +1 -0
  1709. package/dist/security/trust-oracle/vendor-registry.js +727 -0
  1710. package/dist/security/trust-oracle/vendor-registry.js.map +1 -0
  1711. package/dist/security/types.d.ts +1777 -0
  1712. package/dist/security/types.d.ts.map +1 -0
  1713. package/dist/security/types.js +388 -0
  1714. package/dist/security/types.js.map +1 -0
  1715. package/dist/security/webauthn/index.d.ts +47 -0
  1716. package/dist/security/webauthn/index.d.ts.map +1 -0
  1717. package/dist/security/webauthn/index.js +48 -0
  1718. package/dist/security/webauthn/index.js.map +1 -0
  1719. package/dist/security/webauthn/middleware.d.ts +109 -0
  1720. package/dist/security/webauthn/middleware.d.ts.map +1 -0
  1721. package/dist/security/webauthn/middleware.js +629 -0
  1722. package/dist/security/webauthn/middleware.js.map +1 -0
  1723. package/dist/security/webauthn/service.d.ts +179 -0
  1724. package/dist/security/webauthn/service.d.ts.map +1 -0
  1725. package/dist/security/webauthn/service.js +758 -0
  1726. package/dist/security/webauthn/service.js.map +1 -0
  1727. package/dist/security/webauthn/store.d.ts +240 -0
  1728. package/dist/security/webauthn/store.d.ts.map +1 -0
  1729. package/dist/security/webauthn/store.js +505 -0
  1730. package/dist/security/webauthn/store.js.map +1 -0
  1731. package/dist/security/webauthn/types.d.ts +678 -0
  1732. package/dist/security/webauthn/types.d.ts.map +1 -0
  1733. package/dist/security/webauthn/types.js +176 -0
  1734. package/dist/security/webauthn/types.js.map +1 -0
  1735. package/dist/security/zkp/circuits.d.ts +296 -0
  1736. package/dist/security/zkp/circuits.d.ts.map +1 -0
  1737. package/dist/security/zkp/circuits.js +771 -0
  1738. package/dist/security/zkp/circuits.js.map +1 -0
  1739. package/dist/security/zkp/commitment.d.ts +319 -0
  1740. package/dist/security/zkp/commitment.d.ts.map +1 -0
  1741. package/dist/security/zkp/commitment.js +591 -0
  1742. package/dist/security/zkp/commitment.js.map +1 -0
  1743. package/dist/security/zkp/compliance.d.ts +251 -0
  1744. package/dist/security/zkp/compliance.d.ts.map +1 -0
  1745. package/dist/security/zkp/compliance.js +734 -0
  1746. package/dist/security/zkp/compliance.js.map +1 -0
  1747. package/dist/security/zkp/index.d.ts +184 -0
  1748. package/dist/security/zkp/index.d.ts.map +1 -0
  1749. package/dist/security/zkp/index.js +285 -0
  1750. package/dist/security/zkp/index.js.map +1 -0
  1751. package/dist/security/zkp/integration.d.ts +289 -0
  1752. package/dist/security/zkp/integration.d.ts.map +1 -0
  1753. package/dist/security/zkp/integration.js +571 -0
  1754. package/dist/security/zkp/integration.js.map +1 -0
  1755. package/dist/security/zkp/prover.d.ts +158 -0
  1756. package/dist/security/zkp/prover.d.ts.map +1 -0
  1757. package/dist/security/zkp/prover.js +465 -0
  1758. package/dist/security/zkp/prover.js.map +1 -0
  1759. package/dist/security/zkp/snark-utils.d.ts +321 -0
  1760. package/dist/security/zkp/snark-utils.d.ts.map +1 -0
  1761. package/dist/security/zkp/snark-utils.js +640 -0
  1762. package/dist/security/zkp/snark-utils.js.map +1 -0
  1763. package/dist/security/zkp/types.d.ts +1192 -0
  1764. package/dist/security/zkp/types.d.ts.map +1 -0
  1765. package/dist/security/zkp/types.js +264 -0
  1766. package/dist/security/zkp/types.js.map +1 -0
  1767. package/dist/security/zkp/verifier.d.ts +111 -0
  1768. package/dist/security/zkp/verifier.d.ts.map +1 -0
  1769. package/dist/security/zkp/verifier.js +554 -0
  1770. package/dist/security/zkp/verifier.js.map +1 -0
  1771. package/dist/semantic-governance/context-validator.d.ts +158 -0
  1772. package/dist/semantic-governance/context-validator.d.ts.map +1 -0
  1773. package/dist/semantic-governance/context-validator.js +598 -0
  1774. package/dist/semantic-governance/context-validator.js.map +1 -0
  1775. package/dist/semantic-governance/credential-manager.d.ts +156 -0
  1776. package/dist/semantic-governance/credential-manager.d.ts.map +1 -0
  1777. package/dist/semantic-governance/credential-manager.js +438 -0
  1778. package/dist/semantic-governance/credential-manager.js.map +1 -0
  1779. package/dist/semantic-governance/dual-channel.d.ts +138 -0
  1780. package/dist/semantic-governance/dual-channel.d.ts.map +1 -0
  1781. package/dist/semantic-governance/dual-channel.js +333 -0
  1782. package/dist/semantic-governance/dual-channel.js.map +1 -0
  1783. package/dist/semantic-governance/index.d.ts +107 -0
  1784. package/dist/semantic-governance/index.d.ts.map +1 -0
  1785. package/dist/semantic-governance/index.js +141 -0
  1786. package/dist/semantic-governance/index.js.map +1 -0
  1787. package/dist/semantic-governance/inference-validator.d.ts +114 -0
  1788. package/dist/semantic-governance/inference-validator.d.ts.map +1 -0
  1789. package/dist/semantic-governance/inference-validator.js +390 -0
  1790. package/dist/semantic-governance/inference-validator.js.map +1 -0
  1791. package/dist/semantic-governance/instruction-validator.d.ts +146 -0
  1792. package/dist/semantic-governance/instruction-validator.d.ts.map +1 -0
  1793. package/dist/semantic-governance/instruction-validator.js +363 -0
  1794. package/dist/semantic-governance/instruction-validator.js.map +1 -0
  1795. package/dist/semantic-governance/integration.d.ts +253 -0
  1796. package/dist/semantic-governance/integration.d.ts.map +1 -0
  1797. package/dist/semantic-governance/integration.js +658 -0
  1798. package/dist/semantic-governance/integration.js.map +1 -0
  1799. package/dist/semantic-governance/output-validator.d.ts +135 -0
  1800. package/dist/semantic-governance/output-validator.d.ts.map +1 -0
  1801. package/dist/semantic-governance/output-validator.js +448 -0
  1802. package/dist/semantic-governance/output-validator.js.map +1 -0
  1803. package/dist/semantic-governance/service.d.ts +120 -0
  1804. package/dist/semantic-governance/service.d.ts.map +1 -0
  1805. package/dist/semantic-governance/service.js +527 -0
  1806. package/dist/semantic-governance/service.js.map +1 -0
  1807. package/dist/semantic-governance/types.d.ts +3925 -0
  1808. package/dist/semantic-governance/types.d.ts.map +1 -0
  1809. package/dist/semantic-governance/types.js +471 -0
  1810. package/dist/semantic-governance/types.js.map +1 -0
  1811. package/dist/trust-engine/car-integration.d.ts +263 -0
  1812. package/dist/trust-engine/car-integration.d.ts.map +1 -0
  1813. package/dist/trust-engine/car-integration.js +320 -0
  1814. package/dist/trust-engine/car-integration.js.map +1 -0
  1815. package/dist/trust-engine/context.d.ts +198 -0
  1816. package/dist/trust-engine/context.d.ts.map +1 -0
  1817. package/dist/trust-engine/context.js +308 -0
  1818. package/dist/trust-engine/context.js.map +1 -0
  1819. package/dist/trust-engine/diminishing-returns.d.ts +123 -0
  1820. package/dist/trust-engine/diminishing-returns.d.ts.map +1 -0
  1821. package/dist/trust-engine/diminishing-returns.js +197 -0
  1822. package/dist/trust-engine/diminishing-returns.js.map +1 -0
  1823. package/dist/trust-engine/index.d.ts +433 -0
  1824. package/dist/trust-engine/index.d.ts.map +1 -0
  1825. package/dist/trust-engine/index.js +1241 -0
  1826. package/dist/trust-engine/index.js.map +1 -0
  1827. package/dist/trust-engine/observability.d.ts +175 -0
  1828. package/dist/trust-engine/observability.d.ts.map +1 -0
  1829. package/dist/trust-engine/observability.js +246 -0
  1830. package/dist/trust-engine/observability.js.map +1 -0
  1831. package/dist/trust-engine/signal-diversity.d.ts +130 -0
  1832. package/dist/trust-engine/signal-diversity.d.ts.map +1 -0
  1833. package/dist/trust-engine/signal-diversity.js +238 -0
  1834. package/dist/trust-engine/signal-diversity.js.map +1 -0
  1835. package/dist/versioning/deprecation.d.ts +65 -0
  1836. package/dist/versioning/deprecation.d.ts.map +1 -0
  1837. package/dist/versioning/deprecation.js +199 -0
  1838. package/dist/versioning/deprecation.js.map +1 -0
  1839. package/dist/versioning/index.d.ts +46 -0
  1840. package/dist/versioning/index.d.ts.map +1 -0
  1841. package/dist/versioning/index.js +76 -0
  1842. package/dist/versioning/index.js.map +1 -0
  1843. package/dist/versioning/semver.d.ts +116 -0
  1844. package/dist/versioning/semver.d.ts.map +1 -0
  1845. package/dist/versioning/semver.js +321 -0
  1846. package/dist/versioning/semver.js.map +1 -0
  1847. package/package.json +161 -0
package/dist/security/tee.js ADDED
@@ -0,0 +1,1031 @@
1
+ /**
2
+ * TEE (Trusted Execution Environment) Binding Service
3
+ *
4
+ * Implements hardware-bound key attestation for CAR security hardening (SH-3).
5
+ * TEE binding ensures that:
6
+ * 1. Agent keys are generated inside a secure enclave
7
+ * 2. The DID is bound to the enclave's measurement
8
+ * 3. At runtime, the expected code is provably executing
9
+ *
10
+ * Supported platforms:
11
+ * - Intel SGX (DCAP/EPID attestation)
12
+ * - AWS Nitro Enclaves
13
+ * - AMD SEV-SNP
14
+ * - ARM TrustZone
15
+ * - Apple Secure Enclave
16
+ *
17
+ * Verification modes:
18
+ * - Structural validation (default): real parsing of binary attestation formats,
19
+ * header validation, measurement extraction, cross-checking. No network access needed.
20
+ * - Production verification: delegates to tee-production.ts which additionally performs
21
+ * cryptographic verification against manufacturer root certificates. Requires network
22
+ * access and external SDK configuration.
23
+ *
24
+ * @packageDocumentation
25
+ */
26
+ import { createLogger } from '../common/logger.js';
27
+ import { VorionError } from '../common/errors.js';
28
+ import { Counter, Histogram, Gauge } from 'prom-client';
29
+ import { vorionRegistry } from '../common/metrics-registry.js';
30
+ import { TEEPlatform as TEEPlatformEnum, teeConfigSchema, teeAttestationSchema, teeKeyBindingSchema, } from './types.js';
31
+ import { ProductionAttestationVerifier, } from './tee-production.js';
32
+ const logger = createLogger({ component: 'security-tee' });
33
+ // =============================================================================
34
+ // Metrics
35
+ // =============================================================================
36
+ const teeAttestationsVerified = new Counter({
37
+ name: 'vorion_security_tee_attestations_verified_total',
38
+ help: 'Total TEE attestations verified',
39
+ labelNames: ['platform', 'result'],
40
+ registers: [vorionRegistry],
41
+ });
42
+ const teeVerificationDuration = new Histogram({
43
+ name: 'vorion_security_tee_verification_duration_seconds',
44
+ help: 'Duration of TEE attestation verification',
45
+ labelNames: ['platform'],
46
+ buckets: [0.01, 0.05, 0.1, 0.25, 0.5, 1, 2.5],
47
+ registers: [vorionRegistry],
48
+ });
49
+ const teeKeyBindings = new Counter({
50
+ name: 'vorion_security_tee_key_bindings_total',
51
+ help: 'Total TEE key bindings created',
52
+ labelNames: ['platform'],
53
+ registers: [vorionRegistry],
54
+ });
55
+ const teeActiveBindings = new Gauge({
56
+ name: 'vorion_security_tee_active_bindings',
57
+ help: 'Number of active TEE key bindings',
58
+ labelNames: ['platform'],
59
+ registers: [vorionRegistry],
60
+ });
61
+ // =============================================================================
62
+ // Errors
63
+ // =============================================================================
64
+ /**
65
+ * TEE-specific error
66
+ */
67
+ export class TEEError extends VorionError {
68
+ code = 'TEE_ERROR';
69
+ statusCode = 403;
70
+ constructor(message, details) {
71
+ super(message, details);
72
+ this.name = 'TEEError';
73
+ }
74
+ }
75
+ /**
76
+ * TEE attestation verification failed
77
+ */
78
+ export class TEEAttestationError extends TEEError {
79
+ code = 'TEE_ATTESTATION_ERROR';
80
+ constructor(message, details) {
81
+ super(message, details);
82
+ this.name = 'TEEAttestationError';
83
+ }
84
+ }
85
+ /**
86
+ * TEE key binding error
87
+ */
88
+ export class TEEKeyBindingError extends TEEError {
89
+ code = 'TEE_KEY_BINDING_ERROR';
90
+ constructor(message, details) {
91
+ super(message, details);
92
+ this.name = 'TEEKeyBindingError';
93
+ }
94
+ }
95
+ // =============================================================================
96
+ // Binary Helpers
97
+ // =============================================================================
98
+ /**
99
+ * Decode a base64 string to a Uint8Array.
100
+ * Handles both standard and URL-safe base64 encodings.
101
+ */
102
+ function base64ToBytes(b64) {
103
+ const normalized = b64.replace(/-/g, '+').replace(/_/g, '/');
104
+ const padded = normalized + '='.repeat((4 - (normalized.length % 4)) % 4);
105
+ const binary = atob(padded);
106
+ const bytes = new Uint8Array(binary.length);
107
+ for (let i = 0; i < binary.length; i++) {
108
+ bytes[i] = binary.charCodeAt(i);
109
+ }
110
+ return bytes;
111
+ }
112
+ /**
113
+ * Convert a Uint8Array to a lowercase hex string
114
+ */
115
+ function bytesToHex(bytes) {
116
+ return Array.from(bytes)
117
+ .map((b) => b.toString(16).padStart(2, '0'))
118
+ .join('');
119
+ }
120
+ /**
121
+ * Validate that a string is well-formed hex of a given byte length
122
+ */
123
+ function isValidHex(hex, expectedBytes) {
124
+ if (hex.length !== expectedBytes * 2)
125
+ return false;
126
+ return /^[0-9a-f]+$/i.test(hex);
127
+ }
128
+ /**
129
+ * Intel SGX attestation verifier — structural validation.
130
+ *
131
+ * Parses the SGX DCAP Quote v3 binary format, validates the header (version,
132
+ * attestation key type), extracts MRENCLAVE (bytes 112-144) and MRSIGNER
133
+ * (bytes 176-208), and cross-checks against the declared measurementHash.
134
+ *
135
+ * Full cryptographic verification (ECDSA signature chain to Intel root of trust)
136
+ * requires the Intel DCAP QVL or IAS API — an architectural boundary that is
137
+ * handled by the ProductionAttestationVerifier in tee-production.ts.
138
+ */
139
+ class SGXVerifier {
140
+ async verify(attestation) {
141
+ const startTime = Date.now();
142
+ try {
143
+ if (!attestation.signature) {
144
+ return {
145
+ valid: false,
146
+ reason: 'Missing SGX quote signature',
147
+ verifiedAt: new Date().toISOString(),
148
+ };
149
+ }
150
+ let quoteBytes;
151
+ try {
152
+ quoteBytes = base64ToBytes(attestation.signature);
153
+ }
154
+ catch {
155
+ return {
156
+ valid: false,
157
+ reason: 'SGX quote is not valid base64',
158
+ verifiedAt: new Date().toISOString(),
159
+ };
160
+ }
161
+ // SGX DCAP Quote v3: 48-byte header + 384-byte report body = 432 bytes minimum,
162
+ // plus at least some signature data
163
+ if (quoteBytes.length < 436) {
164
+ return {
165
+ valid: false,
166
+ reason: `SGX quote too short: ${quoteBytes.length} bytes, minimum 436 bytes for a valid quote`,
167
+ verifiedAt: new Date().toISOString(),
168
+ };
169
+ }
170
+ const view = new DataView(quoteBytes.buffer, quoteBytes.byteOffset, quoteBytes.byteLength);
171
+ const version = view.getUint16(0, true);
172
+ const attestationKeyType = view.getUint16(2, true);
173
+ if (version !== 2 && version !== 3) {
174
+ return {
175
+ valid: false,
176
+ reason: `Unsupported SGX quote version: ${version} (expected 2 or 3)`,
177
+ verifiedAt: new Date().toISOString(),
178
+ };
179
+ }
180
+ if (attestationKeyType > 3) {
181
+ return {
182
+ valid: false,
183
+ reason: `Invalid SGX attestation key type: ${attestationKeyType}`,
184
+ verifiedAt: new Date().toISOString(),
185
+ };
186
+ }
187
+ // Extract MRENCLAVE and MRSIGNER from the report body
188
+ const mrEnclave = bytesToHex(quoteBytes.slice(112, 144));
189
+ const mrSigner = bytesToHex(quoteBytes.slice(176, 208));
190
+ const isvProdId = view.getUint16(304, true);
191
+ const isvSvn = view.getUint16(306, true);
192
+ if (/^0+$/.test(mrEnclave)) {
193
+ return {
194
+ valid: false,
195
+ reason: 'SGX MRENCLAVE is all zeros, indicating an uninitialized or invalid quote',
196
+ verifiedAt: new Date().toISOString(),
197
+ };
198
+ }
199
+ if (attestation.measurementHash && mrEnclave !== attestation.measurementHash.toLowerCase()) {
200
+ return {
201
+ valid: false,
202
+ reason: `MRENCLAVE mismatch: quote contains ${mrEnclave}, attestation declares ${attestation.measurementHash}`,
203
+ platform: TEEPlatformEnum.SGX,
204
+ verifiedAt: new Date().toISOString(),
205
+ };
206
+ }
207
+ if (attestation.pcrs) {
208
+ if (attestation.pcrs['MRENCLAVE'] && attestation.pcrs['MRENCLAVE'].toLowerCase() !== mrEnclave) {
209
+ return {
210
+ valid: false,
211
+ reason: 'MRENCLAVE PCR value does not match extracted quote measurement',
212
+ verifiedAt: new Date().toISOString(),
213
+ };
214
+ }
215
+ if (attestation.pcrs['MRSIGNER'] && attestation.pcrs['MRSIGNER'].toLowerCase() !== mrSigner) {
216
+ return {
217
+ valid: false,
218
+ reason: 'MRSIGNER PCR value does not match extracted quote signer',
219
+ verifiedAt: new Date().toISOString(),
220
+ };
221
+ }
222
+ }
223
+ const now = new Date();
224
+ if (attestation.validUntil && attestation.validUntil < now) {
225
+ return {
226
+ valid: false,
227
+ reason: 'Attestation has expired',
228
+ verifiedAt: now.toISOString(),
229
+ };
230
+ }
231
+ logger.info({
232
+ enclaveId: attestation.enclaveId,
233
+ mrEnclave: mrEnclave.substring(0, 16) + '...',
234
+ mrSigner: mrSigner.substring(0, 16) + '...',
235
+ isvProdId,
236
+ isvSvn,
237
+ quoteVersion: version,
238
+ }, 'SGX attestation structural validation passed');
239
+ return {
240
+ valid: true,
241
+ platform: TEEPlatformEnum.SGX,
242
+ measurementHash: mrEnclave,
243
+ verifiedAt: new Date().toISOString(),
244
+ };
245
+ }
246
+ finally {
247
+ const duration = (Date.now() - startTime) / 1000;
248
+ teeVerificationDuration.observe({ platform: 'sgx' }, duration);
249
+ }
250
+ }
251
+ validateMeasurement(expectedHash, attestation) {
252
+ if (attestation.pcrs?.['MRENCLAVE']) {
253
+ return attestation.pcrs['MRENCLAVE'].toLowerCase() === expectedHash.toLowerCase();
254
+ }
255
+ return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
256
+ }
257
+ }
258
+ /**
259
+ * AWS Nitro Enclaves attestation verifier — structural validation.
260
+ *
261
+ * Validates the COSE_Sign1 envelope (CBOR tag 18), validates required PCR values
262
+ * (PCR0/PCR1/PCR2 as SHA-384 hashes), and cross-checks PCR0 against the declared
263
+ * measurementHash.
264
+ *
265
+ * Full cryptographic verification (ECDSA-384 signature + AWS Nitro root cert chain)
266
+ * requires the AWS Nitro Enclaves SDK — handled by ProductionAttestationVerifier.
267
+ */
268
+ class NitroVerifier {
269
+ async verify(attestation) {
270
+ const startTime = Date.now();
271
+ try {
272
+ if (!attestation.signature) {
273
+ return {
274
+ valid: false,
275
+ reason: 'Missing Nitro attestation document',
276
+ verifiedAt: new Date().toISOString(),
277
+ };
278
+ }
279
+ let docBytes;
280
+ try {
281
+ docBytes = base64ToBytes(attestation.signature);
282
+ }
283
+ catch {
284
+ return {
285
+ valid: false,
286
+ reason: 'Nitro attestation document is not valid base64',
287
+ verifiedAt: new Date().toISOString(),
288
+ };
289
+ }
290
+ if (docBytes.length < 32) {
291
+ return {
292
+ valid: false,
293
+ reason: `Nitro attestation document too short: ${docBytes.length} bytes`,
294
+ verifiedAt: new Date().toISOString(),
295
+ };
296
+ }
297
+ // Validate COSE_Sign1 envelope: CBOR tag 18 (0xD2) or multi-byte (0xD8 0x12)
298
+ const hasCoseTag = docBytes[0] === 0xd2;
299
+ const hasArrayHeader = docBytes[0] === 0x84 || (hasCoseTag && docBytes.length > 1 && docBytes[1] === 0x84);
300
+ if (!hasCoseTag && !hasArrayHeader) {
301
+ const hasMultiByteCoseTag = docBytes[0] === 0xd8 && docBytes.length > 1 && docBytes[1] === 0x12;
302
+ if (!hasMultiByteCoseTag) {
303
+ return {
304
+ valid: false,
305
+ reason: 'Nitro attestation document does not have a valid COSE_Sign1 envelope (expected CBOR tag 18)',
306
+ verifiedAt: new Date().toISOString(),
307
+ };
308
+ }
309
+ }
310
+ if (!attestation.pcrs) {
311
+ return {
312
+ valid: false,
313
+ reason: 'Missing PCR values for Nitro attestation',
314
+ verifiedAt: new Date().toISOString(),
315
+ };
316
+ }
317
+ const requiredPCRs = ['PCR0', 'PCR1', 'PCR2'];
318
+ for (const pcr of requiredPCRs) {
319
+ const pcrValue = attestation.pcrs[pcr];
320
+ if (!pcrValue) {
321
+ return {
322
+ valid: false,
323
+ reason: `Missing required ${pcr}`,
324
+ verifiedAt: new Date().toISOString(),
325
+ };
326
+ }
327
+ if (!isValidHex(pcrValue, 48)) {
328
+ return {
329
+ valid: false,
330
+ reason: `${pcr} is not a valid SHA-384 hash (expected 96 hex characters, got ${pcrValue.length})`,
331
+ verifiedAt: new Date().toISOString(),
332
+ };
333
+ }
334
+ if (pcr === 'PCR0' && /^0+$/.test(pcrValue)) {
335
+ return {
336
+ valid: false,
337
+ reason: 'PCR0 is all zeros, indicating no enclave image measurement',
338
+ verifiedAt: new Date().toISOString(),
339
+ };
340
+ }
341
+ }
342
+ if (attestation.measurementHash) {
343
+ const pcr0 = attestation.pcrs['PCR0'].toLowerCase();
344
+ if (pcr0 !== attestation.measurementHash.toLowerCase()) {
345
+ return {
346
+ valid: false,
347
+ reason: `PCR0 (${pcr0}) does not match declared measurementHash (${attestation.measurementHash})`,
348
+ platform: TEEPlatformEnum.NITRO,
349
+ verifiedAt: new Date().toISOString(),
350
+ };
351
+ }
352
+ }
353
+ const now = new Date();
354
+ if (attestation.validUntil && attestation.validUntil < now) {
355
+ return {
356
+ valid: false,
357
+ reason: 'Attestation has expired',
358
+ verifiedAt: now.toISOString(),
359
+ };
360
+ }
361
+ logger.info({
362
+ enclaveId: attestation.enclaveId,
363
+ pcr0: attestation.pcrs['PCR0'].substring(0, 16) + '...',
364
+ docSize: docBytes.length,
365
+ }, 'Nitro attestation structural validation passed');
366
+ return {
367
+ valid: true,
368
+ platform: TEEPlatformEnum.NITRO,
369
+ measurementHash: attestation.pcrs['PCR0'],
370
+ verifiedAt: new Date().toISOString(),
371
+ };
372
+ }
373
+ finally {
374
+ const duration = (Date.now() - startTime) / 1000;
375
+ teeVerificationDuration.observe({ platform: 'nitro' }, duration);
376
+ }
377
+ }
378
+ validateMeasurement(expectedHash, attestation) {
379
+ if (attestation.pcrs?.['PCR0']) {
380
+ return attestation.pcrs['PCR0'].toLowerCase() === expectedHash.toLowerCase();
381
+ }
382
+ return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
383
+ }
384
+ }
385
+ /**
386
+ * AMD SEV-SNP attestation verifier — structural validation.
387
+ *
388
+ * Validates the SEV-SNP report format (1184 bytes, version 2), extracts the 48-byte
389
+ * MEASUREMENT field (bytes 144-192), validates the signature algorithm field, and
390
+ * cross-checks against the declared measurementHash.
391
+ *
392
+ * Full cryptographic verification (VCEK -> ASK -> ARK chain from AMD KDS)
393
+ * requires the AMD SEV Tool — handled by ProductionAttestationVerifier.
394
+ */
395
+ class SEVVerifier {
396
+ async verify(attestation) {
397
+ const startTime = Date.now();
398
+ try {
399
+ if (!attestation.signature) {
400
+ return {
401
+ valid: false,
402
+ reason: 'Missing SEV-SNP attestation report',
403
+ verifiedAt: new Date().toISOString(),
404
+ };
405
+ }
406
+ let reportBytes;
407
+ try {
408
+ reportBytes = base64ToBytes(attestation.signature);
409
+ }
410
+ catch {
411
+ return {
412
+ valid: false,
413
+ reason: 'SEV-SNP attestation report is not valid base64',
414
+ verifiedAt: new Date().toISOString(),
415
+ };
416
+ }
417
+ if (reportBytes.length < 1184) {
418
+ return {
419
+ valid: false,
420
+ reason: `SEV-SNP report too short: ${reportBytes.length} bytes, expected at least 1184 bytes`,
421
+ verifiedAt: new Date().toISOString(),
422
+ };
423
+ }
424
+ const view = new DataView(reportBytes.buffer, reportBytes.byteOffset, reportBytes.byteLength);
425
+ const version = view.getUint32(0, true);
426
+ if (version !== 2) {
427
+ return {
428
+ valid: false,
429
+ reason: `Invalid SEV-SNP report version: ${version} (expected 2)`,
430
+ verifiedAt: new Date().toISOString(),
431
+ };
432
+ }
433
+ const guestSvn = view.getUint32(4, true);
434
+ const policyLow = view.getUint32(8, true);
435
+ const debugBit = (policyLow & 0x08) !== 0;
436
+ const vmpl = view.getUint32(16, true);
437
+ const sigAlgo = view.getUint32(20, true);
438
+ if (sigAlgo !== 1) {
439
+ return {
440
+ valid: false,
441
+ reason: `Unsupported SEV-SNP signature algorithm: ${sigAlgo} (expected 1 = ECDSA P-384)`,
442
+ verifiedAt: new Date().toISOString(),
443
+ };
444
+ }
445
+ const measurement = bytesToHex(reportBytes.slice(144, 192));
446
+ if (/^0+$/.test(measurement)) {
447
+ return {
448
+ valid: false,
449
+ reason: 'SEV-SNP measurement is all zeros, indicating uninitialized report data',
450
+ verifiedAt: new Date().toISOString(),
451
+ };
452
+ }
453
+ if (attestation.measurementHash && measurement !== attestation.measurementHash.toLowerCase()) {
454
+ return {
455
+ valid: false,
456
+ reason: `SEV-SNP measurement mismatch: report contains ${measurement}, attestation declares ${attestation.measurementHash}`,
457
+ platform: TEEPlatformEnum.SEV,
458
+ verifiedAt: new Date().toISOString(),
459
+ };
460
+ }
461
+ const now = new Date();
462
+ if (attestation.validUntil && attestation.validUntil < now) {
463
+ return {
464
+ valid: false,
465
+ reason: 'Attestation has expired',
466
+ verifiedAt: now.toISOString(),
467
+ };
468
+ }
469
+ logger.info({
470
+ enclaveId: attestation.enclaveId,
471
+ measurement: measurement.substring(0, 16) + '...',
472
+ version,
473
+ guestSvn,
474
+ vmpl,
475
+ debugMode: debugBit,
476
+ }, 'SEV-SNP attestation structural validation passed');
477
+ return {
478
+ valid: true,
479
+ platform: TEEPlatformEnum.SEV,
480
+ measurementHash: measurement,
481
+ verifiedAt: new Date().toISOString(),
482
+ };
483
+ }
484
+ finally {
485
+ const duration = (Date.now() - startTime) / 1000;
486
+ teeVerificationDuration.observe({ platform: 'sev' }, duration);
487
+ }
488
+ }
489
+ validateMeasurement(expectedHash, attestation) {
490
+ return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
491
+ }
492
+ }
493
+ /**
494
+ * ARM TrustZone attestation verifier — structural validation.
495
+ *
496
+ * Validates TrustZone attestation metadata (JSON): required fields tee_name,
497
+ * session_id, and measurement; validates tee_name against known implementations.
498
+ *
499
+ * Full verification requires a platform-specific OP-TEE client or equivalent
500
+ * TEE client API — an architectural boundary per SoC vendor.
501
+ */
502
+ class TrustZoneVerifier {
503
+ static KNOWN_TEE_NAMES = [
504
+ 'op-tee', 'optee', 'kinibi', 'teegris', 'trusty', 'trustonic',
505
+ 'qualcomm-tee', 'qsee', 'samsung-tee', 'mediatek-tee', 'huawei-tee',
506
+ 'itee', 'mtee', 'isee',
507
+ ];
508
+ async verify(attestation) {
509
+ const startTime = Date.now();
510
+ try {
511
+ if (!attestation.signature) {
512
+ return {
513
+ valid: false,
514
+ reason: 'Missing TrustZone attestation',
515
+ verifiedAt: new Date().toISOString(),
516
+ };
517
+ }
518
+ let payload;
519
+ try {
520
+ const decoded = new TextDecoder().decode(base64ToBytes(attestation.signature));
521
+ payload = JSON.parse(decoded);
522
+ }
523
+ catch {
524
+ return {
525
+ valid: false,
526
+ reason: 'TrustZone attestation signature is not valid base64-encoded JSON',
527
+ verifiedAt: new Date().toISOString(),
528
+ };
529
+ }
530
+ if (typeof payload['tee_name'] !== 'string' || payload['tee_name'].length === 0) {
531
+ return {
532
+ valid: false,
533
+ reason: 'TrustZone attestation missing required "tee_name" field',
534
+ verifiedAt: new Date().toISOString(),
535
+ };
536
+ }
537
+ if (typeof payload['session_id'] !== 'string' || payload['session_id'].length === 0) {
538
+ return {
539
+ valid: false,
540
+ reason: 'TrustZone attestation missing required "session_id" field',
541
+ verifiedAt: new Date().toISOString(),
542
+ };
543
+ }
544
+ const teeName = payload['tee_name'].toLowerCase();
545
+ const isKnownTee = TrustZoneVerifier.KNOWN_TEE_NAMES.some((name) => teeName.includes(name));
546
+ if (!isKnownTee) {
547
+ return {
548
+ valid: false,
549
+ reason: `Unrecognized TrustZone TEE implementation: "${payload['tee_name']}"`,
550
+ verifiedAt: new Date().toISOString(),
551
+ };
552
+ }
553
+ const payloadMeasurement = typeof payload['measurement'] === 'string' ? payload['measurement'] : null;
554
+ if (payloadMeasurement && attestation.measurementHash) {
555
+ if (payloadMeasurement.toLowerCase() !== attestation.measurementHash.toLowerCase()) {
556
+ return {
557
+ valid: false,
558
+ reason: `TrustZone measurement mismatch: payload contains ${payloadMeasurement}, attestation declares ${attestation.measurementHash}`,
559
+ platform: TEEPlatformEnum.TRUSTZONE,
560
+ verifiedAt: new Date().toISOString(),
561
+ };
562
+ }
563
+ }
564
+ const now = new Date();
565
+ if (attestation.validUntil && attestation.validUntil < now) {
566
+ return {
567
+ valid: false,
568
+ reason: 'Attestation has expired',
569
+ verifiedAt: now.toISOString(),
570
+ };
571
+ }
572
+ logger.info({
573
+ enclaveId: attestation.enclaveId,
574
+ teeName: payload['tee_name'],
575
+ sessionId: payload['session_id'],
576
+ }, 'TrustZone attestation structural validation passed');
577
+ return {
578
+ valid: true,
579
+ platform: TEEPlatformEnum.TRUSTZONE,
580
+ measurementHash: attestation.measurementHash,
581
+ verifiedAt: new Date().toISOString(),
582
+ };
583
+ }
584
+ finally {
585
+ const duration = (Date.now() - startTime) / 1000;
586
+ teeVerificationDuration.observe({ platform: 'trustzone' }, duration);
587
+ }
588
+ }
589
+ validateMeasurement(expectedHash, attestation) {
590
+ return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
591
+ }
592
+ }
593
+ /**
594
+ * Apple Secure Enclave (App Attest) verifier — structural validation.
595
+ *
596
+ * Validates the App Attest attestation object structure (fmt, attStmt, authData),
597
+ * checks fmt = "apple-appattest", and extracts the key hash for cross-checking.
598
+ *
599
+ * Full verification (X.509 cert chain to Apple's App Attest root CA) requires the
600
+ * DeviceCheck / App Attest API — an architectural boundary.
601
+ */
602
+ class SecureEnclaveVerifier {
603
+ async verify(attestation) {
604
+ const startTime = Date.now();
605
+ try {
606
+ if (!attestation.signature) {
607
+ return {
608
+ valid: false,
609
+ reason: 'Missing Secure Enclave attestation',
610
+ verifiedAt: new Date().toISOString(),
611
+ };
612
+ }
613
+ let attestObj;
614
+ try {
615
+ const decoded = new TextDecoder().decode(base64ToBytes(attestation.signature));
616
+ attestObj = JSON.parse(decoded);
617
+ }
618
+ catch {
619
+ return {
620
+ valid: false,
621
+ reason: 'Secure Enclave attestation is not valid base64-encoded JSON',
622
+ verifiedAt: new Date().toISOString(),
623
+ };
624
+ }
625
+ if (typeof attestObj['fmt'] !== 'string') {
626
+ return {
627
+ valid: false,
628
+ reason: 'Secure Enclave attestation missing required "fmt" field',
629
+ verifiedAt: new Date().toISOString(),
630
+ };
631
+ }
632
+ if (attestObj['fmt'] !== 'apple-appattest') {
633
+ return {
634
+ valid: false,
635
+ reason: `Unexpected attestation format: "${attestObj['fmt']}" (expected "apple-appattest")`,
636
+ verifiedAt: new Date().toISOString(),
637
+ };
638
+ }
639
+ if (!attestObj['attStmt'] || typeof attestObj['attStmt'] !== 'object') {
640
+ return {
641
+ valid: false,
642
+ reason: 'Secure Enclave attestation missing required "attStmt" (attestation statement)',
643
+ verifiedAt: new Date().toISOString(),
644
+ };
645
+ }
646
+ if (typeof attestObj['authData'] !== 'string' || attestObj['authData'].length === 0) {
647
+ return {
648
+ valid: false,
649
+ reason: 'Secure Enclave attestation missing required "authData" (authenticator data)',
650
+ verifiedAt: new Date().toISOString(),
651
+ };
652
+ }
653
+ const attStmt = attestObj['attStmt'];
654
+ const keyHash = typeof attStmt['keyHash'] === 'string' ? attStmt['keyHash'] : null;
655
+ if (keyHash && attestation.measurementHash) {
656
+ if (keyHash.toLowerCase() !== attestation.measurementHash.toLowerCase()) {
657
+ return {
658
+ valid: false,
659
+ reason: `Secure Enclave key hash mismatch: attestation contains ${keyHash}, declared ${attestation.measurementHash}`,
660
+ platform: TEEPlatformEnum.SECURE_ENCLAVE,
661
+ verifiedAt: new Date().toISOString(),
662
+ };
663
+ }
664
+ }
665
+ const now = new Date();
666
+ if (attestation.validUntil && attestation.validUntil < now) {
667
+ return {
668
+ valid: false,
669
+ reason: 'Attestation has expired',
670
+ verifiedAt: now.toISOString(),
671
+ };
672
+ }
673
+ logger.info({
674
+ enclaveId: attestation.enclaveId,
675
+ fmt: attestObj['fmt'],
676
+ hasKeyHash: !!keyHash,
677
+ }, 'Secure Enclave attestation structural validation passed');
678
+ return {
679
+ valid: true,
680
+ platform: TEEPlatformEnum.SECURE_ENCLAVE,
681
+ measurementHash: attestation.measurementHash,
682
+ verifiedAt: new Date().toISOString(),
683
+ };
684
+ }
685
+ finally {
686
+ const duration = (Date.now() - startTime) / 1000;
687
+ teeVerificationDuration.observe({ platform: 'secure-enclave' }, duration);
688
+ }
689
+ }
690
+ validateMeasurement(expectedHash, attestation) {
691
+ return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
692
+ }
693
+ }
694
+ /**
695
+ * TEE Binding Service for hardware attestation and key binding
696
+ *
697
+ * Performs real structural validation of attestation data by default.
698
+ * When productionConfig is provided, delegates to the ProductionAttestationVerifier
699
+ * for full cryptographic verification against manufacturer root certificates.
700
+ *
701
+ * @example
702
+ * ```typescript
703
+ * // Structural validation only
704
+ * const tee = new TEEBindingService({
705
+ * requiredForTiers: [TrustTier.T4, TrustTier.T5],
706
+ * allowedPlatforms: ['sgx', 'nitro'],
707
+ * maxAttestationAge: 86400,
708
+ * });
709
+ *
710
+ * // With production crypto verification
711
+ * const teeProd = new TEEBindingService({
712
+ * requiredForTiers: [TrustTier.T4, TrustTier.T5],
713
+ * allowedPlatforms: ['sgx', 'nitro'],
714
+ * maxAttestationAge: 86400,
715
+ * productionConfig: { productionMode: true, sgx: { pccsUrl: '...' } },
716
+ * });
717
+ *
718
+ * const result = await tee.verifyAttestation(attestation);
719
+ * const binding = await tee.bindKeyToEnclave(didKeyId, attestation);
720
+ * ```
721
+ */
722
+ export class TEEBindingService {
723
+ config;
724
+ verifiers;
725
+ bindings; // didKeyId -> binding
726
+ productionVerifier;
727
+ /**
728
+ * Create a new TEE binding service
729
+ *
730
+ * @param config - TEE configuration, optionally with productionConfig
731
+ */
732
+ constructor(config) {
733
+ const defaultConfig = {
734
+ requiredForTiers: [4, 5],
735
+ allowedPlatforms: [TEEPlatformEnum.SGX, TEEPlatformEnum.NITRO],
736
+ maxAttestationAge: 86400,
737
+ };
738
+ this.config = { ...defaultConfig, ...teeConfigSchema.parse(config) };
739
+ this.bindings = new Map();
740
+ // Initialize production verifier if configured
741
+ if (config.productionConfig) {
742
+ this.productionVerifier = new ProductionAttestationVerifier(config.productionConfig);
743
+ logger.info({ productionMode: config.productionConfig.productionMode }, 'Production attestation verifier enabled');
744
+ }
745
+ else {
746
+ this.productionVerifier = null;
747
+ }
748
+ // Initialize platform-specific verifiers for structural validation
749
+ this.verifiers = new Map([
750
+ [TEEPlatformEnum.SGX, new SGXVerifier()],
751
+ [TEEPlatformEnum.NITRO, new NitroVerifier()],
752
+ [TEEPlatformEnum.SEV, new SEVVerifier()],
753
+ [TEEPlatformEnum.TRUSTZONE, new TrustZoneVerifier()],
754
+ [TEEPlatformEnum.SECURE_ENCLAVE, new SecureEnclaveVerifier()],
755
+ ]);
756
+ logger.info({
757
+ requiredForTiers: this.config.requiredForTiers,
758
+ allowedPlatforms: this.config.allowedPlatforms,
759
+ maxAttestationAge: this.config.maxAttestationAge,
760
+ productionMode: !!this.productionVerifier,
761
+ }, 'TEE binding service initialized');
762
+ }
763
+ /**
764
+ * Verify a TEE attestation
765
+ *
766
+ * When a production verifier is configured, it is used for SGX/Nitro/SEV
767
+ * platforms. The production verifier performs its own structural validation
768
+ * plus cryptographic signature chain verification.
769
+ *
770
+ * Otherwise, the built-in structural verifiers are used. These parse binary
771
+ * formats, validate headers, extract measurements, and cross-check consistency
772
+ * without requiring network access.
773
+ *
774
+ * @param attestation - TEE attestation to verify
775
+ * @returns Verification result
776
+ */
777
+ async verifyAttestation(attestation) {
778
+ // Validate attestation format
779
+ try {
780
+ teeAttestationSchema.parse(attestation);
781
+ }
782
+ catch (error) {
783
+ teeAttestationsVerified.inc({ platform: attestation.platform, result: 'invalid' });
784
+ return {
785
+ valid: false,
786
+ reason: 'Invalid attestation format',
787
+ verifiedAt: new Date().toISOString(),
788
+ };
789
+ }
790
+ // Check if platform is allowed
791
+ if (!this.config.allowedPlatforms.includes(attestation.platform)) {
792
+ teeAttestationsVerified.inc({ platform: attestation.platform, result: 'invalid' });
793
+ return {
794
+ valid: false,
795
+ reason: `Platform not allowed: ${attestation.platform}`,
796
+ verifiedAt: new Date().toISOString(),
797
+ };
798
+ }
799
+ // Check attestation age
800
+ const age = (Date.now() - attestation.timestamp.getTime()) / 1000;
801
+ if (age > this.config.maxAttestationAge) {
802
+ teeAttestationsVerified.inc({ platform: attestation.platform, result: 'expired' });
803
+ return {
804
+ valid: false,
805
+ reason: `Attestation too old (age: ${Math.floor(age)}s, max: ${this.config.maxAttestationAge}s)`,
806
+ verifiedAt: new Date().toISOString(),
807
+ };
808
+ }
809
+ // Delegate to production verifier if configured and platform is supported
810
+ if (this.productionVerifier) {
811
+ const productionPlatforms = [TEEPlatformEnum.SGX, TEEPlatformEnum.NITRO, TEEPlatformEnum.SEV];
812
+ if (productionPlatforms.includes(attestation.platform)) {
813
+ const result = await this.productionVerifier.verify(attestation);
814
+ if (result.valid && this.config.expectedMeasurements) {
815
+ const expectedHash = this.config.expectedMeasurements[attestation.enclaveId];
816
+ if (expectedHash) {
817
+ const verifier = this.verifiers.get(attestation.platform);
818
+ if (verifier && !verifier.validateMeasurement(expectedHash, attestation)) {
819
+ teeAttestationsVerified.inc({ platform: attestation.platform, result: 'measurement_mismatch' });
820
+ return {
821
+ valid: false,
822
+ reason: 'Code measurement does not match expected value',
823
+ platform: attestation.platform,
824
+ verifiedAt: new Date().toISOString(),
825
+ };
826
+ }
827
+ }
828
+ }
829
+ teeAttestationsVerified.inc({
830
+ platform: attestation.platform,
831
+ result: result.valid ? 'success' : 'invalid',
832
+ });
833
+ return result;
834
+ }
835
+ }
836
+ // Get platform-specific structural verifier
837
+ const verifier = this.verifiers.get(attestation.platform);
838
+ if (!verifier) {
839
+ teeAttestationsVerified.inc({ platform: attestation.platform, result: 'invalid' });
840
+ return {
841
+ valid: false,
842
+ reason: `No verifier available for platform: ${attestation.platform}`,
843
+ verifiedAt: new Date().toISOString(),
844
+ };
845
+ }
846
+ // Verify attestation with structural validation
847
+ const result = await verifier.verify(attestation);
848
+ // Check expected measurements if configured
849
+ if (result.valid && this.config.expectedMeasurements) {
850
+ const expectedHash = this.config.expectedMeasurements[attestation.enclaveId];
851
+ if (expectedHash) {
852
+ const measurementValid = verifier.validateMeasurement(expectedHash, attestation);
853
+ if (!measurementValid) {
854
+ teeAttestationsVerified.inc({ platform: attestation.platform, result: 'measurement_mismatch' });
855
+ return {
856
+ valid: false,
857
+ reason: 'Code measurement does not match expected value',
858
+ platform: attestation.platform,
859
+ verifiedAt: new Date().toISOString(),
860
+ };
861
+ }
862
+ }
863
+ }
864
+ teeAttestationsVerified.inc({
865
+ platform: attestation.platform,
866
+ result: result.valid ? 'success' : 'invalid',
867
+ });
868
+ return result;
869
+ }
870
+ /**
871
+ * Bind a DID key to an enclave
872
+ *
873
+ * @param didKeyId - DID verification method ID
874
+ * @param enclaveAttestation - TEE attestation proving enclave validity
875
+ * @returns Key binding record
876
+ */
877
+ async bindKeyToEnclave(didKeyId, enclaveAttestation) {
878
+ // First verify the attestation
879
+ const verificationResult = await this.verifyAttestation(enclaveAttestation);
880
+ if (!verificationResult.valid) {
881
+ throw new TEEAttestationError(`Cannot bind key: ${verificationResult.reason}`, { didKeyId, enclaveId: enclaveAttestation.enclaveId });
882
+ }
883
+ // Create binding proof
884
+ const bindingProof = await this.createBindingProof(didKeyId, enclaveAttestation);
885
+ // Calculate validity period
886
+ const validUntil = enclaveAttestation.validUntil
887
+ ? new Date(Math.min(enclaveAttestation.validUntil.getTime(), Date.now() + this.config.maxAttestationAge * 1000))
888
+ : new Date(Date.now() + this.config.maxAttestationAge * 1000);
889
+ const binding = {
890
+ didKeyId,
891
+ enclaveKeyId: enclaveAttestation.enclaveId,
892
+ bindingProof,
893
+ boundAt: new Date(),
894
+ validUntil,
895
+ };
896
+ // Validate binding
897
+ teeKeyBindingSchema.parse(binding);
898
+ // Store binding
899
+ this.bindings.set(didKeyId, binding);
900
+ teeKeyBindings.inc({ platform: enclaveAttestation.platform });
901
+ teeActiveBindings.set({ platform: enclaveAttestation.platform }, this.getBindingCount(enclaveAttestation.platform));
902
+ logger.info({ didKeyId, enclaveId: enclaveAttestation.enclaveId, platform: enclaveAttestation.platform }, 'Key bound to enclave');
903
+ return binding;
904
+ }
905
+ /**
906
+ * Verify a key binding
907
+ *
908
+ * @param binding - Key binding to verify
909
+ * @returns Whether binding is valid
910
+ */
911
+ async verifyKeyBinding(binding) {
912
+ try {
913
+ teeKeyBindingSchema.parse(binding);
914
+ }
915
+ catch {
916
+ logger.warn({ didKeyId: binding.didKeyId }, 'Invalid binding format');
917
+ return false;
918
+ }
919
+ // Check if binding has expired
920
+ if (binding.validUntil && binding.validUntil < new Date()) {
921
+ logger.debug({ didKeyId: binding.didKeyId }, 'Binding has expired');
922
+ return false;
923
+ }
924
+ // Verify binding proof
925
+ const proofValid = this.verifyBindingProof(binding);
926
+ if (!proofValid) {
927
+ logger.warn({ didKeyId: binding.didKeyId }, 'Invalid binding proof');
928
+ return false;
929
+ }
930
+ return true;
931
+ }
932
+ /**
933
+ * Check if TEE binding is required for a trust tier
934
+ *
935
+ * @param trustTier - Trust tier to check
936
+ * @returns Whether TEE binding is required
937
+ */
938
+ isRequired(trustTier) {
939
+ return this.config.requiredForTiers.includes(trustTier);
940
+ }
941
+ /**
942
+ * Validate that running code matches attestation measurement
943
+ *
944
+ * @param expectedHash - Expected code measurement hash
945
+ * @param attestation - TEE attestation to validate
946
+ * @returns Whether measurement matches
947
+ */
948
+ validateCodeMeasurement(expectedHash, attestation) {
949
+ const verifier = this.verifiers.get(attestation.platform);
950
+ if (!verifier) {
951
+ return false;
952
+ }
953
+ return verifier.validateMeasurement(expectedHash, attestation);
954
+ }
955
+ /**
956
+ * Get a stored binding
957
+ *
958
+ * @param didKeyId - DID verification method ID
959
+ * @returns Binding if exists
960
+ */
961
+ getBinding(didKeyId) {
962
+ return this.bindings.get(didKeyId);
963
+ }
964
+ /**
965
+ * Remove a binding
966
+ *
967
+ * @param didKeyId - DID verification method ID
968
+ */
969
+ removeBinding(didKeyId) {
970
+ const binding = this.bindings.get(didKeyId);
971
+ if (binding) {
972
+ this.bindings.delete(didKeyId);
973
+ logger.info({ didKeyId }, 'Key binding removed');
974
+ }
975
+ }
976
+ /**
977
+ * Get current configuration
978
+ */
979
+ getConfig() {
980
+ return { ...this.config };
981
+ }
982
+ /**
983
+ * Check whether production verification is active
984
+ */
985
+ isProductionMode() {
986
+ return this.productionVerifier !== null && this.productionVerifier.isProductionMode();
987
+ }
988
+ /**
989
+ * Create a binding proof using SHA-256 hash of binding context
990
+ */
991
+ async createBindingProof(didKeyId, attestation) {
992
+ const data = JSON.stringify({
993
+ didKeyId,
994
+ enclaveId: attestation.enclaveId,
995
+ measurementHash: attestation.measurementHash,
996
+ timestamp: attestation.timestamp.toISOString(),
997
+ });
998
+ const encoder = new TextEncoder();
999
+ const hashBuffer = await crypto.subtle.digest('SHA-256', encoder.encode(data));
1000
+ const hashArray = new Uint8Array(hashBuffer);
1001
+ let binary = '';
1002
+ for (let i = 0; i < hashArray.length; i++) {
1003
+ binary += String.fromCharCode(hashArray[i]);
1004
+ }
1005
+ return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
1006
+ }
1007
+ /**
1008
+ * Verify a binding proof exists and has valid format
1009
+ */
1010
+ verifyBindingProof(binding) {
1011
+ return binding.bindingProof.length > 0;
1012
+ }
1013
+ /**
1014
+ * Get count of bindings for a platform
1015
+ */
1016
+ getBindingCount(_platform) {
1017
+ return this.bindings.size;
1018
+ }
1019
+ }
1020
+ /**
1021
+ * Create a TEE binding service with default configuration for CAR
1022
+ */
1023
+ export function createTEEBindingService(config) {
1024
+ const defaultConfig = {
1025
+ requiredForTiers: [4, 5], // T4+
1026
+ allowedPlatforms: [TEEPlatformEnum.SGX, TEEPlatformEnum.NITRO],
1027
+ maxAttestationAge: 86400, // 24 hours
1028
+ };
1029
+ return new TEEBindingService({ ...defaultConfig, ...config });
1030
+ }
1031
+ //# sourceMappingURL=tee.js.map