@vorionsys/platform-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1847) hide show
  1. package/LICENSE +190 -0
  2. package/README.md +88 -0
  3. package/dist/a2a/attestation.d.ts +145 -0
  4. package/dist/a2a/attestation.d.ts.map +1 -0
  5. package/dist/a2a/attestation.js +353 -0
  6. package/dist/a2a/attestation.js.map +1 -0
  7. package/dist/a2a/chain-of-trust.d.ts +143 -0
  8. package/dist/a2a/chain-of-trust.d.ts.map +1 -0
  9. package/dist/a2a/chain-of-trust.js +422 -0
  10. package/dist/a2a/chain-of-trust.js.map +1 -0
  11. package/dist/a2a/index.d.ts +15 -0
  12. package/dist/a2a/index.d.ts.map +1 -0
  13. package/dist/a2a/index.js +23 -0
  14. package/dist/a2a/index.js.map +1 -0
  15. package/dist/a2a/openapi.d.ts +22 -0
  16. package/dist/a2a/openapi.d.ts.map +1 -0
  17. package/dist/a2a/openapi.js +1133 -0
  18. package/dist/a2a/openapi.js.map +1 -0
  19. package/dist/a2a/router.d.ts +167 -0
  20. package/dist/a2a/router.d.ts.map +1 -0
  21. package/dist/a2a/router.js +454 -0
  22. package/dist/a2a/router.js.map +1 -0
  23. package/dist/a2a/routes.d.ts +11 -0
  24. package/dist/a2a/routes.d.ts.map +1 -0
  25. package/dist/a2a/routes.js +442 -0
  26. package/dist/a2a/routes.js.map +1 -0
  27. package/dist/a2a/trust-negotiation.d.ts +119 -0
  28. package/dist/a2a/trust-negotiation.d.ts.map +1 -0
  29. package/dist/a2a/trust-negotiation.js +425 -0
  30. package/dist/a2a/trust-negotiation.js.map +1 -0
  31. package/dist/a2a/types.d.ts +413 -0
  32. package/dist/a2a/types.d.ts.map +1 -0
  33. package/dist/a2a/types.js +38 -0
  34. package/dist/a2a/types.js.map +1 -0
  35. package/dist/agent-registry/a3i-cache.d.ts +113 -0
  36. package/dist/agent-registry/a3i-cache.d.ts.map +1 -0
  37. package/dist/agent-registry/a3i-cache.js +305 -0
  38. package/dist/agent-registry/a3i-cache.js.map +1 -0
  39. package/dist/agent-registry/index.d.ts +14 -0
  40. package/dist/agent-registry/index.d.ts.map +1 -0
  41. package/dist/agent-registry/index.js +17 -0
  42. package/dist/agent-registry/index.js.map +1 -0
  43. package/dist/agent-registry/openapi.d.ts +23 -0
  44. package/dist/agent-registry/openapi.d.ts.map +1 -0
  45. package/dist/agent-registry/openapi.js +1377 -0
  46. package/dist/agent-registry/openapi.js.map +1 -0
  47. package/dist/agent-registry/routes.d.ts +10 -0
  48. package/dist/agent-registry/routes.d.ts.map +1 -0
  49. package/dist/agent-registry/routes.js +485 -0
  50. package/dist/agent-registry/routes.js.map +1 -0
  51. package/dist/agent-registry/service.d.ts +159 -0
  52. package/dist/agent-registry/service.d.ts.map +1 -0
  53. package/dist/agent-registry/service.js +652 -0
  54. package/dist/agent-registry/service.js.map +1 -0
  55. package/dist/agent-registry/tenant-service.d.ts +104 -0
  56. package/dist/agent-registry/tenant-service.d.ts.map +1 -0
  57. package/dist/agent-registry/tenant-service.js +313 -0
  58. package/dist/agent-registry/tenant-service.js.map +1 -0
  59. package/dist/api/auth.d.ts +55 -0
  60. package/dist/api/auth.d.ts.map +1 -0
  61. package/dist/api/auth.js +322 -0
  62. package/dist/api/auth.js.map +1 -0
  63. package/dist/api/errors.d.ts +146 -0
  64. package/dist/api/errors.d.ts.map +1 -0
  65. package/dist/api/errors.js +464 -0
  66. package/dist/api/errors.js.map +1 -0
  67. package/dist/api/index.d.ts +15 -0
  68. package/dist/api/index.d.ts.map +1 -0
  69. package/dist/api/index.js +19 -0
  70. package/dist/api/index.js.map +1 -0
  71. package/dist/api/middleware/api-key-enforcement.d.ts +131 -0
  72. package/dist/api/middleware/api-key-enforcement.d.ts.map +1 -0
  73. package/dist/api/middleware/api-key-enforcement.js +674 -0
  74. package/dist/api/middleware/api-key-enforcement.js.map +1 -0
  75. package/dist/api/middleware/audit.d.ts +151 -0
  76. package/dist/api/middleware/audit.d.ts.map +1 -0
  77. package/dist/api/middleware/audit.js +384 -0
  78. package/dist/api/middleware/audit.js.map +1 -0
  79. package/dist/api/middleware/dpop-enforcement.d.ts +176 -0
  80. package/dist/api/middleware/dpop-enforcement.d.ts.map +1 -0
  81. package/dist/api/middleware/dpop-enforcement.js +596 -0
  82. package/dist/api/middleware/dpop-enforcement.js.map +1 -0
  83. package/dist/api/middleware/index.d.ts +24 -0
  84. package/dist/api/middleware/index.d.ts.map +1 -0
  85. package/dist/api/middleware/index.js +43 -0
  86. package/dist/api/middleware/index.js.map +1 -0
  87. package/dist/api/middleware/metrics.d.ts +41 -0
  88. package/dist/api/middleware/metrics.d.ts.map +1 -0
  89. package/dist/api/middleware/metrics.js +150 -0
  90. package/dist/api/middleware/metrics.js.map +1 -0
  91. package/dist/api/middleware/rate-limits.d.ts +224 -0
  92. package/dist/api/middleware/rate-limits.d.ts.map +1 -0
  93. package/dist/api/middleware/rate-limits.js +686 -0
  94. package/dist/api/middleware/rate-limits.js.map +1 -0
  95. package/dist/api/middleware/rateLimit.d.ts +165 -0
  96. package/dist/api/middleware/rateLimit.d.ts.map +1 -0
  97. package/dist/api/middleware/rateLimit.js +477 -0
  98. package/dist/api/middleware/rateLimit.js.map +1 -0
  99. package/dist/api/middleware/redis-rate-limiter.d.ts +279 -0
  100. package/dist/api/middleware/redis-rate-limiter.d.ts.map +1 -0
  101. package/dist/api/middleware/redis-rate-limiter.js +1074 -0
  102. package/dist/api/middleware/redis-rate-limiter.js.map +1 -0
  103. package/dist/api/middleware/security-headers.d.ts +248 -0
  104. package/dist/api/middleware/security-headers.d.ts.map +1 -0
  105. package/dist/api/middleware/security-headers.js +410 -0
  106. package/dist/api/middleware/security-headers.js.map +1 -0
  107. package/dist/api/middleware/security.d.ts +156 -0
  108. package/dist/api/middleware/security.d.ts.map +1 -0
  109. package/dist/api/middleware/security.js +412 -0
  110. package/dist/api/middleware/security.js.map +1 -0
  111. package/dist/api/middleware/validation.d.ts +132 -0
  112. package/dist/api/middleware/validation.d.ts.map +1 -0
  113. package/dist/api/middleware/validation.js +363 -0
  114. package/dist/api/middleware/validation.js.map +1 -0
  115. package/dist/api/middleware/webhook-verify.d.ts +130 -0
  116. package/dist/api/middleware/webhook-verify.d.ts.map +1 -0
  117. package/dist/api/middleware/webhook-verify.js +366 -0
  118. package/dist/api/middleware/webhook-verify.js.map +1 -0
  119. package/dist/api/rate-limit.d.ts +115 -0
  120. package/dist/api/rate-limit.d.ts.map +1 -0
  121. package/dist/api/rate-limit.js +335 -0
  122. package/dist/api/rate-limit.js.map +1 -0
  123. package/dist/api/server.d.ts +37 -0
  124. package/dist/api/server.d.ts.map +1 -0
  125. package/dist/api/server.js +2086 -0
  126. package/dist/api/server.js.map +1 -0
  127. package/dist/api/validation.d.ts +243 -0
  128. package/dist/api/validation.d.ts.map +1 -0
  129. package/dist/api/validation.js +247 -0
  130. package/dist/api/validation.js.map +1 -0
  131. package/dist/audit/compliance-reporter.d.ts +271 -0
  132. package/dist/audit/compliance-reporter.d.ts.map +1 -0
  133. package/dist/audit/compliance-reporter.js +587 -0
  134. package/dist/audit/compliance-reporter.js.map +1 -0
  135. package/dist/audit/db-store.d.ts +689 -0
  136. package/dist/audit/db-store.d.ts.map +1 -0
  137. package/dist/audit/db-store.js +589 -0
  138. package/dist/audit/db-store.js.map +1 -0
  139. package/dist/audit/event-schema.d.ts +605 -0
  140. package/dist/audit/event-schema.d.ts.map +1 -0
  141. package/dist/audit/event-schema.js +566 -0
  142. package/dist/audit/event-schema.js.map +1 -0
  143. package/dist/audit/index.d.ts +16 -0
  144. package/dist/audit/index.d.ts.map +1 -0
  145. package/dist/audit/index.js +44 -0
  146. package/dist/audit/index.js.map +1 -0
  147. package/dist/audit/security-events.d.ts +1624 -0
  148. package/dist/audit/security-events.d.ts.map +1 -0
  149. package/dist/audit/security-events.js +775 -0
  150. package/dist/audit/security-events.js.map +1 -0
  151. package/dist/audit/security-logger.d.ts +288 -0
  152. package/dist/audit/security-logger.d.ts.map +1 -0
  153. package/dist/audit/security-logger.js +820 -0
  154. package/dist/audit/security-logger.js.map +1 -0
  155. package/dist/audit/service.d.ts +206 -0
  156. package/dist/audit/service.d.ts.map +1 -0
  157. package/dist/audit/service.js +756 -0
  158. package/dist/audit/service.js.map +1 -0
  159. package/dist/audit/siem/elastic.d.ts +94 -0
  160. package/dist/audit/siem/elastic.d.ts.map +1 -0
  161. package/dist/audit/siem/elastic.js +412 -0
  162. package/dist/audit/siem/elastic.js.map +1 -0
  163. package/dist/audit/siem/index.d.ts +179 -0
  164. package/dist/audit/siem/index.d.ts.map +1 -0
  165. package/dist/audit/siem/index.js +368 -0
  166. package/dist/audit/siem/index.js.map +1 -0
  167. package/dist/audit/siem/loki.d.ts +100 -0
  168. package/dist/audit/siem/loki.d.ts.map +1 -0
  169. package/dist/audit/siem/loki.js +406 -0
  170. package/dist/audit/siem/loki.js.map +1 -0
  171. package/dist/audit/siem/splunk.d.ts +91 -0
  172. package/dist/audit/siem/splunk.d.ts.map +1 -0
  173. package/dist/audit/siem/splunk.js +375 -0
  174. package/dist/audit/siem/splunk.js.map +1 -0
  175. package/dist/audit/siem/types.d.ts +547 -0
  176. package/dist/audit/siem/types.d.ts.map +1 -0
  177. package/dist/audit/siem/types.js +270 -0
  178. package/dist/audit/siem/types.js.map +1 -0
  179. package/dist/audit/types.d.ts +410 -0
  180. package/dist/audit/types.d.ts.map +1 -0
  181. package/dist/audit/types.js +130 -0
  182. package/dist/audit/types.js.map +1 -0
  183. package/dist/auth/index.d.ts +10 -0
  184. package/dist/auth/index.d.ts.map +1 -0
  185. package/dist/auth/index.js +10 -0
  186. package/dist/auth/index.js.map +1 -0
  187. package/dist/auth/mfa/index.d.ts +9 -0
  188. package/dist/auth/mfa/index.d.ts.map +1 -0
  189. package/dist/auth/mfa/index.js +9 -0
  190. package/dist/auth/mfa/index.js.map +1 -0
  191. package/dist/auth/mfa/totp.d.ts +222 -0
  192. package/dist/auth/mfa/totp.d.ts.map +1 -0
  193. package/dist/auth/mfa/totp.js +329 -0
  194. package/dist/auth/mfa/totp.js.map +1 -0
  195. package/dist/auth/piv-cac/card-removal-handler.d.ts +197 -0
  196. package/dist/auth/piv-cac/card-removal-handler.d.ts.map +1 -0
  197. package/dist/auth/piv-cac/card-removal-handler.js +560 -0
  198. package/dist/auth/piv-cac/card-removal-handler.js.map +1 -0
  199. package/dist/auth/piv-cac/certificate-auth.d.ts +117 -0
  200. package/dist/auth/piv-cac/certificate-auth.d.ts.map +1 -0
  201. package/dist/auth/piv-cac/certificate-auth.js +727 -0
  202. package/dist/auth/piv-cac/certificate-auth.js.map +1 -0
  203. package/dist/auth/piv-cac/certificate-mapper.d.ts +141 -0
  204. package/dist/auth/piv-cac/certificate-mapper.d.ts.map +1 -0
  205. package/dist/auth/piv-cac/certificate-mapper.js +569 -0
  206. package/dist/auth/piv-cac/certificate-mapper.js.map +1 -0
  207. package/dist/auth/piv-cac/crl-validator.d.ts +195 -0
  208. package/dist/auth/piv-cac/crl-validator.d.ts.map +1 -0
  209. package/dist/auth/piv-cac/crl-validator.js +824 -0
  210. package/dist/auth/piv-cac/crl-validator.js.map +1 -0
  211. package/dist/auth/piv-cac/index.d.ts +72 -0
  212. package/dist/auth/piv-cac/index.d.ts.map +1 -0
  213. package/dist/auth/piv-cac/index.js +172 -0
  214. package/dist/auth/piv-cac/index.js.map +1 -0
  215. package/dist/auth/piv-cac/ocsp-validator.d.ts +183 -0
  216. package/dist/auth/piv-cac/ocsp-validator.d.ts.map +1 -0
  217. package/dist/auth/piv-cac/ocsp-validator.js +657 -0
  218. package/dist/auth/piv-cac/ocsp-validator.js.map +1 -0
  219. package/dist/auth/piv-cac/piv-middleware.d.ts +95 -0
  220. package/dist/auth/piv-cac/piv-middleware.d.ts.map +1 -0
  221. package/dist/auth/piv-cac/piv-middleware.js +524 -0
  222. package/dist/auth/piv-cac/piv-middleware.js.map +1 -0
  223. package/dist/auth/piv-cac/piv-routes.d.ts +29 -0
  224. package/dist/auth/piv-cac/piv-routes.d.ts.map +1 -0
  225. package/dist/auth/piv-cac/piv-routes.js +534 -0
  226. package/dist/auth/piv-cac/piv-routes.js.map +1 -0
  227. package/dist/auth/piv-cac/pkcs11-provider.d.ts +280 -0
  228. package/dist/auth/piv-cac/pkcs11-provider.d.ts.map +1 -0
  229. package/dist/auth/piv-cac/pkcs11-provider.js +535 -0
  230. package/dist/auth/piv-cac/pkcs11-provider.js.map +1 -0
  231. package/dist/auth/piv-cac/types.d.ts +4098 -0
  232. package/dist/auth/piv-cac/types.d.ts.map +1 -0
  233. package/dist/auth/piv-cac/types.js +495 -0
  234. package/dist/auth/piv-cac/types.js.map +1 -0
  235. package/dist/basis/evaluator.d.ts +72 -0
  236. package/dist/basis/evaluator.d.ts.map +1 -0
  237. package/dist/basis/evaluator.js +275 -0
  238. package/dist/basis/evaluator.js.map +1 -0
  239. package/dist/basis/expression-evaluator.d.ts +77 -0
  240. package/dist/basis/expression-evaluator.d.ts.map +1 -0
  241. package/dist/basis/expression-evaluator.js +826 -0
  242. package/dist/basis/expression-evaluator.js.map +1 -0
  243. package/dist/basis/index.d.ts +13 -0
  244. package/dist/basis/index.d.ts.map +1 -0
  245. package/dist/basis/index.js +13 -0
  246. package/dist/basis/index.js.map +1 -0
  247. package/dist/basis/parser.d.ts +376 -0
  248. package/dist/basis/parser.d.ts.map +1 -0
  249. package/dist/basis/parser.js +178 -0
  250. package/dist/basis/parser.js.map +1 -0
  251. package/dist/basis/types.d.ts +115 -0
  252. package/dist/basis/types.d.ts.map +1 -0
  253. package/dist/basis/types.js +5 -0
  254. package/dist/basis/types.js.map +1 -0
  255. package/dist/car-extensions/aci-string-extensions.d.ts +10 -0
  256. package/dist/car-extensions/aci-string-extensions.d.ts.map +1 -0
  257. package/dist/car-extensions/aci-string-extensions.js +24 -0
  258. package/dist/car-extensions/aci-string-extensions.js.map +1 -0
  259. package/dist/car-extensions/builtin-extensions/audit.d.ts +88 -0
  260. package/dist/car-extensions/builtin-extensions/audit.d.ts.map +1 -0
  261. package/dist/car-extensions/builtin-extensions/audit.js +445 -0
  262. package/dist/car-extensions/builtin-extensions/audit.js.map +1 -0
  263. package/dist/car-extensions/builtin-extensions/governance.d.ts +32 -0
  264. package/dist/car-extensions/builtin-extensions/governance.d.ts.map +1 -0
  265. package/dist/car-extensions/builtin-extensions/governance.js +534 -0
  266. package/dist/car-extensions/builtin-extensions/governance.js.map +1 -0
  267. package/dist/car-extensions/builtin-extensions/monitoring.d.ts +43 -0
  268. package/dist/car-extensions/builtin-extensions/monitoring.d.ts.map +1 -0
  269. package/dist/car-extensions/builtin-extensions/monitoring.js +416 -0
  270. package/dist/car-extensions/builtin-extensions/monitoring.js.map +1 -0
  271. package/dist/car-extensions/car-string-extensions.d.ts +355 -0
  272. package/dist/car-extensions/car-string-extensions.d.ts.map +1 -0
  273. package/dist/car-extensions/car-string-extensions.js +473 -0
  274. package/dist/car-extensions/car-string-extensions.js.map +1 -0
  275. package/dist/car-extensions/executor.d.ts +208 -0
  276. package/dist/car-extensions/executor.d.ts.map +1 -0
  277. package/dist/car-extensions/executor.js +789 -0
  278. package/dist/car-extensions/executor.js.map +1 -0
  279. package/dist/car-extensions/index.d.ts +94 -0
  280. package/dist/car-extensions/index.d.ts.map +1 -0
  281. package/dist/car-extensions/index.js +159 -0
  282. package/dist/car-extensions/index.js.map +1 -0
  283. package/dist/car-extensions/registry.d.ts +217 -0
  284. package/dist/car-extensions/registry.d.ts.map +1 -0
  285. package/dist/car-extensions/registry.js +450 -0
  286. package/dist/car-extensions/registry.js.map +1 -0
  287. package/dist/car-extensions/service.d.ts +220 -0
  288. package/dist/car-extensions/service.d.ts.map +1 -0
  289. package/dist/car-extensions/service.js +486 -0
  290. package/dist/car-extensions/service.js.map +1 -0
  291. package/dist/car-extensions/types.d.ts +2269 -0
  292. package/dist/car-extensions/types.d.ts.map +1 -0
  293. package/dist/car-extensions/types.js +389 -0
  294. package/dist/car-extensions/types.js.map +1 -0
  295. package/dist/cognigate/index.d.ts +192 -0
  296. package/dist/cognigate/index.d.ts.map +1 -0
  297. package/dist/cognigate/index.js +435 -0
  298. package/dist/cognigate/index.js.map +1 -0
  299. package/dist/cognigate/sandbox/capability-broker.d.ts +166 -0
  300. package/dist/cognigate/sandbox/capability-broker.d.ts.map +1 -0
  301. package/dist/cognigate/sandbox/capability-broker.js +461 -0
  302. package/dist/cognigate/sandbox/capability-broker.js.map +1 -0
  303. package/dist/cognigate/sandbox/filesystem-policy.d.ts +139 -0
  304. package/dist/cognigate/sandbox/filesystem-policy.d.ts.map +1 -0
  305. package/dist/cognigate/sandbox/filesystem-policy.js +426 -0
  306. package/dist/cognigate/sandbox/filesystem-policy.js.map +1 -0
  307. package/dist/cognigate/sandbox/index.d.ts +17 -0
  308. package/dist/cognigate/sandbox/index.d.ts.map +1 -0
  309. package/dist/cognigate/sandbox/index.js +24 -0
  310. package/dist/cognigate/sandbox/index.js.map +1 -0
  311. package/dist/cognigate/sandbox/network-policy.d.ts +126 -0
  312. package/dist/cognigate/sandbox/network-policy.d.ts.map +1 -0
  313. package/dist/cognigate/sandbox/network-policy.js +382 -0
  314. package/dist/cognigate/sandbox/network-policy.js.map +1 -0
  315. package/dist/cognigate/sandbox/sandbox-service.d.ts +70 -0
  316. package/dist/cognigate/sandbox/sandbox-service.d.ts.map +1 -0
  317. package/dist/cognigate/sandbox/sandbox-service.js +472 -0
  318. package/dist/cognigate/sandbox/sandbox-service.js.map +1 -0
  319. package/dist/cognigate/sandbox/types.d.ts +376 -0
  320. package/dist/cognigate/sandbox/types.d.ts.map +1 -0
  321. package/dist/cognigate/sandbox/types.js +179 -0
  322. package/dist/cognigate/sandbox/types.js.map +1 -0
  323. package/dist/common/adapters/index.d.ts +34 -0
  324. package/dist/common/adapters/index.d.ts.map +1 -0
  325. package/dist/common/adapters/index.js +46 -0
  326. package/dist/common/adapters/index.js.map +1 -0
  327. package/dist/common/adapters/memory-cache.d.ts +91 -0
  328. package/dist/common/adapters/memory-cache.d.ts.map +1 -0
  329. package/dist/common/adapters/memory-cache.js +201 -0
  330. package/dist/common/adapters/memory-cache.js.map +1 -0
  331. package/dist/common/adapters/memory-lock.d.ts +75 -0
  332. package/dist/common/adapters/memory-lock.d.ts.map +1 -0
  333. package/dist/common/adapters/memory-lock.js +219 -0
  334. package/dist/common/adapters/memory-lock.js.map +1 -0
  335. package/dist/common/adapters/memory-queue.d.ts +64 -0
  336. package/dist/common/adapters/memory-queue.d.ts.map +1 -0
  337. package/dist/common/adapters/memory-queue.js +233 -0
  338. package/dist/common/adapters/memory-queue.js.map +1 -0
  339. package/dist/common/adapters/memory-ratelimit.d.ts +78 -0
  340. package/dist/common/adapters/memory-ratelimit.d.ts.map +1 -0
  341. package/dist/common/adapters/memory-ratelimit.js +196 -0
  342. package/dist/common/adapters/memory-ratelimit.js.map +1 -0
  343. package/dist/common/adapters/memory-session.d.ts +105 -0
  344. package/dist/common/adapters/memory-session.d.ts.map +1 -0
  345. package/dist/common/adapters/memory-session.js +302 -0
  346. package/dist/common/adapters/memory-session.js.map +1 -0
  347. package/dist/common/adapters/provider.d.ts +47 -0
  348. package/dist/common/adapters/provider.d.ts.map +1 -0
  349. package/dist/common/adapters/provider.js +347 -0
  350. package/dist/common/adapters/provider.js.map +1 -0
  351. package/dist/common/adapters/types.d.ts +247 -0
  352. package/dist/common/adapters/types.d.ts.map +1 -0
  353. package/dist/common/adapters/types.js +11 -0
  354. package/dist/common/adapters/types.js.map +1 -0
  355. package/dist/common/alerts.d.ts +57 -0
  356. package/dist/common/alerts.d.ts.map +1 -0
  357. package/dist/common/alerts.js +216 -0
  358. package/dist/common/alerts.js.map +1 -0
  359. package/dist/common/authorization.d.ts +137 -0
  360. package/dist/common/authorization.d.ts.map +1 -0
  361. package/dist/common/authorization.js +270 -0
  362. package/dist/common/authorization.js.map +1 -0
  363. package/dist/common/canonical-bridge.d.ts +153 -0
  364. package/dist/common/canonical-bridge.d.ts.map +1 -0
  365. package/dist/common/canonical-bridge.js +236 -0
  366. package/dist/common/canonical-bridge.js.map +1 -0
  367. package/dist/common/canonical-json.d.ts +64 -0
  368. package/dist/common/canonical-json.d.ts.map +1 -0
  369. package/dist/common/canonical-json.js +95 -0
  370. package/dist/common/canonical-json.js.map +1 -0
  371. package/dist/common/circuit-breaker.d.ts +320 -0
  372. package/dist/common/circuit-breaker.d.ts.map +1 -0
  373. package/dist/common/circuit-breaker.js +887 -0
  374. package/dist/common/circuit-breaker.js.map +1 -0
  375. package/dist/common/config.d.ts +2053 -0
  376. package/dist/common/config.d.ts.map +1 -0
  377. package/dist/common/config.js +1314 -0
  378. package/dist/common/config.js.map +1 -0
  379. package/dist/common/contracts/index.d.ts +2 -0
  380. package/dist/common/contracts/index.d.ts.map +1 -0
  381. package/dist/common/contracts/index.js +2 -0
  382. package/dist/common/contracts/index.js.map +1 -0
  383. package/dist/common/contracts/output.d.ts +81 -0
  384. package/dist/common/contracts/output.d.ts.map +1 -0
  385. package/dist/common/contracts/output.js +38 -0
  386. package/dist/common/contracts/output.js.map +1 -0
  387. package/dist/common/crypto-utils.d.ts +103 -0
  388. package/dist/common/crypto-utils.d.ts.map +1 -0
  389. package/dist/common/crypto-utils.js +275 -0
  390. package/dist/common/crypto-utils.js.map +1 -0
  391. package/dist/common/crypto.d.ts +70 -0
  392. package/dist/common/crypto.d.ts.map +1 -0
  393. package/dist/common/crypto.js +201 -0
  394. package/dist/common/crypto.js.map +1 -0
  395. package/dist/common/database-resilience.d.ts +156 -0
  396. package/dist/common/database-resilience.d.ts.map +1 -0
  397. package/dist/common/database-resilience.js +269 -0
  398. package/dist/common/database-resilience.js.map +1 -0
  399. package/dist/common/db-metrics.d.ts +90 -0
  400. package/dist/common/db-metrics.d.ts.map +1 -0
  401. package/dist/common/db-metrics.js +219 -0
  402. package/dist/common/db-metrics.js.map +1 -0
  403. package/dist/common/db-pool.d.ts +307 -0
  404. package/dist/common/db-pool.d.ts.map +1 -0
  405. package/dist/common/db-pool.js +879 -0
  406. package/dist/common/db-pool.js.map +1 -0
  407. package/dist/common/db.d.ts +105 -0
  408. package/dist/common/db.d.ts.map +1 -0
  409. package/dist/common/db.js +216 -0
  410. package/dist/common/db.js.map +1 -0
  411. package/dist/common/debug-auth-middleware.d.ts +111 -0
  412. package/dist/common/debug-auth-middleware.d.ts.map +1 -0
  413. package/dist/common/debug-auth-middleware.js +285 -0
  414. package/dist/common/debug-auth-middleware.js.map +1 -0
  415. package/dist/common/di.d.ts +202 -0
  416. package/dist/common/di.d.ts.map +1 -0
  417. package/dist/common/di.js +219 -0
  418. package/dist/common/di.js.map +1 -0
  419. package/dist/common/encryption.d.ts +233 -0
  420. package/dist/common/encryption.d.ts.map +1 -0
  421. package/dist/common/encryption.js +527 -0
  422. package/dist/common/encryption.js.map +1 -0
  423. package/dist/common/error-sanitizer.d.ts +67 -0
  424. package/dist/common/error-sanitizer.d.ts.map +1 -0
  425. package/dist/common/error-sanitizer.js +298 -0
  426. package/dist/common/error-sanitizer.js.map +1 -0
  427. package/dist/common/errors.d.ts +229 -0
  428. package/dist/common/errors.d.ts.map +1 -0
  429. package/dist/common/errors.js +349 -0
  430. package/dist/common/errors.js.map +1 -0
  431. package/dist/common/expression/evaluator.d.ts +58 -0
  432. package/dist/common/expression/evaluator.d.ts.map +1 -0
  433. package/dist/common/expression/evaluator.js +326 -0
  434. package/dist/common/expression/evaluator.js.map +1 -0
  435. package/dist/common/expression/index.d.ts +180 -0
  436. package/dist/common/expression/index.d.ts.map +1 -0
  437. package/dist/common/expression/index.js +198 -0
  438. package/dist/common/expression/index.js.map +1 -0
  439. package/dist/common/expression/lexer.d.ts +69 -0
  440. package/dist/common/expression/lexer.d.ts.map +1 -0
  441. package/dist/common/expression/lexer.js +255 -0
  442. package/dist/common/expression/lexer.js.map +1 -0
  443. package/dist/common/expression/parser.d.ts +133 -0
  444. package/dist/common/expression/parser.d.ts.map +1 -0
  445. package/dist/common/expression/parser.js +293 -0
  446. package/dist/common/expression/parser.js.map +1 -0
  447. package/dist/common/group-membership.d.ts +119 -0
  448. package/dist/common/group-membership.d.ts.map +1 -0
  449. package/dist/common/group-membership.js +250 -0
  450. package/dist/common/group-membership.js.map +1 -0
  451. package/dist/common/index.d.ts +14 -0
  452. package/dist/common/index.d.ts.map +1 -0
  453. package/dist/common/index.js +15 -0
  454. package/dist/common/index.js.map +1 -0
  455. package/dist/common/leader-election.d.ts +40 -0
  456. package/dist/common/leader-election.d.ts.map +1 -0
  457. package/dist/common/leader-election.js +232 -0
  458. package/dist/common/leader-election.js.map +1 -0
  459. package/dist/common/lock.d.ts +77 -0
  460. package/dist/common/lock.d.ts.map +1 -0
  461. package/dist/common/lock.js +167 -0
  462. package/dist/common/lock.js.map +1 -0
  463. package/dist/common/logger.d.ts +19 -0
  464. package/dist/common/logger.d.ts.map +1 -0
  465. package/dist/common/logger.js +80 -0
  466. package/dist/common/logger.js.map +1 -0
  467. package/dist/common/metrics-registry.d.ts +48 -0
  468. package/dist/common/metrics-registry.d.ts.map +1 -0
  469. package/dist/common/metrics-registry.js +77 -0
  470. package/dist/common/metrics-registry.js.map +1 -0
  471. package/dist/common/metrics.d.ts +204 -0
  472. package/dist/common/metrics.d.ts.map +1 -0
  473. package/dist/common/metrics.js +497 -0
  474. package/dist/common/metrics.js.map +1 -0
  475. package/dist/common/operation-tracker.d.ts +137 -0
  476. package/dist/common/operation-tracker.d.ts.map +1 -0
  477. package/dist/common/operation-tracker.js +366 -0
  478. package/dist/common/operation-tracker.js.map +1 -0
  479. package/dist/common/provenance/chain.d.ts +54 -0
  480. package/dist/common/provenance/chain.d.ts.map +1 -0
  481. package/dist/common/provenance/chain.js +252 -0
  482. package/dist/common/provenance/chain.js.map +1 -0
  483. package/dist/common/provenance/index.d.ts +14 -0
  484. package/dist/common/provenance/index.d.ts.map +1 -0
  485. package/dist/common/provenance/index.js +19 -0
  486. package/dist/common/provenance/index.js.map +1 -0
  487. package/dist/common/provenance/query.d.ts +111 -0
  488. package/dist/common/provenance/query.d.ts.map +1 -0
  489. package/dist/common/provenance/query.js +310 -0
  490. package/dist/common/provenance/query.js.map +1 -0
  491. package/dist/common/provenance/storage.d.ts +297 -0
  492. package/dist/common/provenance/storage.d.ts.map +1 -0
  493. package/dist/common/provenance/storage.js +436 -0
  494. package/dist/common/provenance/storage.js.map +1 -0
  495. package/dist/common/provenance/tracker.d.ts +57 -0
  496. package/dist/common/provenance/tracker.d.ts.map +1 -0
  497. package/dist/common/provenance/tracker.js +209 -0
  498. package/dist/common/provenance/tracker.js.map +1 -0
  499. package/dist/common/provenance/types.d.ts +146 -0
  500. package/dist/common/provenance/types.d.ts.map +1 -0
  501. package/dist/common/provenance/types.js +10 -0
  502. package/dist/common/provenance/types.js.map +1 -0
  503. package/dist/common/random.d.ts +84 -0
  504. package/dist/common/random.d.ts.map +1 -0
  505. package/dist/common/random.js +130 -0
  506. package/dist/common/random.js.map +1 -0
  507. package/dist/common/redaction.d.ts +49 -0
  508. package/dist/common/redaction.d.ts.map +1 -0
  509. package/dist/common/redaction.js +217 -0
  510. package/dist/common/redaction.js.map +1 -0
  511. package/dist/common/redis-cluster.d.ts +538 -0
  512. package/dist/common/redis-cluster.d.ts.map +1 -0
  513. package/dist/common/redis-cluster.js +1539 -0
  514. package/dist/common/redis-cluster.js.map +1 -0
  515. package/dist/common/redis-resilience.d.ts +270 -0
  516. package/dist/common/redis-resilience.d.ts.map +1 -0
  517. package/dist/common/redis-resilience.js +586 -0
  518. package/dist/common/redis-resilience.js.map +1 -0
  519. package/dist/common/redis.d.ts +19 -0
  520. package/dist/common/redis.d.ts.map +1 -0
  521. package/dist/common/redis.js +73 -0
  522. package/dist/common/redis.js.map +1 -0
  523. package/dist/common/safe-json.d.ts +246 -0
  524. package/dist/common/safe-json.d.ts.map +1 -0
  525. package/dist/common/safe-json.js +442 -0
  526. package/dist/common/safe-json.js.map +1 -0
  527. package/dist/common/secret-generator.d.ts +142 -0
  528. package/dist/common/secret-generator.d.ts.map +1 -0
  529. package/dist/common/secret-generator.js +286 -0
  530. package/dist/common/secret-generator.js.map +1 -0
  531. package/dist/common/secure-fetch.d.ts +182 -0
  532. package/dist/common/secure-fetch.d.ts.map +1 -0
  533. package/dist/common/secure-fetch.js +657 -0
  534. package/dist/common/secure-fetch.js.map +1 -0
  535. package/dist/common/security-mode.d.ts +151 -0
  536. package/dist/common/security-mode.d.ts.map +1 -0
  537. package/dist/common/security-mode.js +482 -0
  538. package/dist/common/security-mode.js.map +1 -0
  539. package/dist/common/telemetry/index.d.ts +82 -0
  540. package/dist/common/telemetry/index.d.ts.map +1 -0
  541. package/dist/common/telemetry/index.js +198 -0
  542. package/dist/common/telemetry/index.js.map +1 -0
  543. package/dist/common/telemetry/instrumentation.d.ts +167 -0
  544. package/dist/common/telemetry/instrumentation.d.ts.map +1 -0
  545. package/dist/common/telemetry/instrumentation.js +492 -0
  546. package/dist/common/telemetry/instrumentation.js.map +1 -0
  547. package/dist/common/telemetry/metrics-bridge.d.ts +227 -0
  548. package/dist/common/telemetry/metrics-bridge.d.ts.map +1 -0
  549. package/dist/common/telemetry/metrics-bridge.js +437 -0
  550. package/dist/common/telemetry/metrics-bridge.js.map +1 -0
  551. package/dist/common/telemetry/middleware.d.ts +114 -0
  552. package/dist/common/telemetry/middleware.d.ts.map +1 -0
  553. package/dist/common/telemetry/middleware.js +353 -0
  554. package/dist/common/telemetry/middleware.js.map +1 -0
  555. package/dist/common/telemetry/propagation.d.ts +221 -0
  556. package/dist/common/telemetry/propagation.d.ts.map +1 -0
  557. package/dist/common/telemetry/propagation.js +409 -0
  558. package/dist/common/telemetry/propagation.js.map +1 -0
  559. package/dist/common/telemetry/spans.d.ts +295 -0
  560. package/dist/common/telemetry/spans.d.ts.map +1 -0
  561. package/dist/common/telemetry/spans.js +439 -0
  562. package/dist/common/telemetry/spans.js.map +1 -0
  563. package/dist/common/telemetry/tracer.d.ts +155 -0
  564. package/dist/common/telemetry/tracer.d.ts.map +1 -0
  565. package/dist/common/telemetry/tracer.js +343 -0
  566. package/dist/common/telemetry/tracer.js.map +1 -0
  567. package/dist/common/telemetry.d.ts +15 -0
  568. package/dist/common/telemetry.d.ts.map +1 -0
  569. package/dist/common/telemetry.js +61 -0
  570. package/dist/common/telemetry.js.map +1 -0
  571. package/dist/common/tenant-context.d.ts +253 -0
  572. package/dist/common/tenant-context.d.ts.map +1 -0
  573. package/dist/common/tenant-context.js +259 -0
  574. package/dist/common/tenant-context.js.map +1 -0
  575. package/dist/common/tenant-verification.d.ts +86 -0
  576. package/dist/common/tenant-verification.d.ts.map +1 -0
  577. package/dist/common/tenant-verification.js +184 -0
  578. package/dist/common/tenant-verification.js.map +1 -0
  579. package/dist/common/timeout.d.ts +40 -0
  580. package/dist/common/timeout.d.ts.map +1 -0
  581. package/dist/common/timeout.js +82 -0
  582. package/dist/common/timeout.js.map +1 -0
  583. package/dist/common/token-revocation.d.ts +44 -0
  584. package/dist/common/token-revocation.d.ts.map +1 -0
  585. package/dist/common/token-revocation.js +169 -0
  586. package/dist/common/token-revocation.js.map +1 -0
  587. package/dist/common/trace.d.ts +149 -0
  588. package/dist/common/trace.d.ts.map +1 -0
  589. package/dist/common/trace.js +328 -0
  590. package/dist/common/trace.js.map +1 -0
  591. package/dist/common/trust-cache.d.ts +263 -0
  592. package/dist/common/trust-cache.d.ts.map +1 -0
  593. package/dist/common/trust-cache.js +670 -0
  594. package/dist/common/trust-cache.js.map +1 -0
  595. package/dist/common/types.d.ts +351 -0
  596. package/dist/common/types.d.ts.map +1 -0
  597. package/dist/common/types.js +55 -0
  598. package/dist/common/types.js.map +1 -0
  599. package/dist/common/validation.d.ts +113 -0
  600. package/dist/common/validation.d.ts.map +1 -0
  601. package/dist/common/validation.js +221 -0
  602. package/dist/common/validation.js.map +1 -0
  603. package/dist/db/client.d.ts +72 -0
  604. package/dist/db/client.d.ts.map +1 -0
  605. package/dist/db/client.js +110 -0
  606. package/dist/db/client.js.map +1 -0
  607. package/dist/db/index.d.ts +9 -0
  608. package/dist/db/index.d.ts.map +1 -0
  609. package/dist/db/index.js +9 -0
  610. package/dist/db/index.js.map +1 -0
  611. package/dist/db/schema/merkle.d.ts +475 -0
  612. package/dist/db/schema/merkle.d.ts.map +1 -0
  613. package/dist/db/schema/merkle.js +100 -0
  614. package/dist/db/schema/merkle.js.map +1 -0
  615. package/dist/db/schema/proofs.d.ts +412 -0
  616. package/dist/db/schema/proofs.d.ts.map +1 -0
  617. package/dist/db/schema/proofs.js +63 -0
  618. package/dist/db/schema/proofs.js.map +1 -0
  619. package/dist/enforce/adapters.d.ts +73 -0
  620. package/dist/enforce/adapters.d.ts.map +1 -0
  621. package/dist/enforce/adapters.js +293 -0
  622. package/dist/enforce/adapters.js.map +1 -0
  623. package/dist/enforce/index.d.ts +213 -0
  624. package/dist/enforce/index.d.ts.map +1 -0
  625. package/dist/enforce/index.js +630 -0
  626. package/dist/enforce/index.js.map +1 -0
  627. package/dist/enforce/repository.d.ts +203 -0
  628. package/dist/enforce/repository.d.ts.map +1 -0
  629. package/dist/enforce/repository.js +359 -0
  630. package/dist/enforce/repository.js.map +1 -0
  631. package/dist/enforce/schema.d.ts +1198 -0
  632. package/dist/enforce/schema.d.ts.map +1 -0
  633. package/dist/enforce/schema.js +257 -0
  634. package/dist/enforce/schema.js.map +1 -0
  635. package/dist/friction/index.d.ts +235 -0
  636. package/dist/friction/index.d.ts.map +1 -0
  637. package/dist/friction/index.js +636 -0
  638. package/dist/friction/index.js.map +1 -0
  639. package/dist/friction/openapi.d.ts +23 -0
  640. package/dist/friction/openapi.d.ts.map +1 -0
  641. package/dist/friction/openapi.js +883 -0
  642. package/dist/friction/openapi.js.map +1 -0
  643. package/dist/friction/routes.d.ts +14 -0
  644. package/dist/friction/routes.d.ts.map +1 -0
  645. package/dist/friction/routes.js +206 -0
  646. package/dist/friction/routes.js.map +1 -0
  647. package/dist/governance/engine.d.ts +158 -0
  648. package/dist/governance/engine.d.ts.map +1 -0
  649. package/dist/governance/engine.js +248 -0
  650. package/dist/governance/engine.js.map +1 -0
  651. package/dist/governance/evaluator.d.ts +106 -0
  652. package/dist/governance/evaluator.d.ts.map +1 -0
  653. package/dist/governance/evaluator.js +277 -0
  654. package/dist/governance/evaluator.js.map +1 -0
  655. package/dist/governance/index.d.ts +11 -0
  656. package/dist/governance/index.d.ts.map +1 -0
  657. package/dist/governance/index.js +14 -0
  658. package/dist/governance/index.js.map +1 -0
  659. package/dist/governance/policy.d.ts +152 -0
  660. package/dist/governance/policy.d.ts.map +1 -0
  661. package/dist/governance/policy.js +152 -0
  662. package/dist/governance/policy.js.map +1 -0
  663. package/dist/index.d.ts +50 -0
  664. package/dist/index.d.ts.map +1 -0
  665. package/dist/index.js +61 -0
  666. package/dist/index.js.map +1 -0
  667. package/dist/intent/adapters.d.ts +101 -0
  668. package/dist/intent/adapters.d.ts.map +1 -0
  669. package/dist/intent/adapters.js +250 -0
  670. package/dist/intent/adapters.js.map +1 -0
  671. package/dist/intent/audit.d.ts +119 -0
  672. package/dist/intent/audit.d.ts.map +1 -0
  673. package/dist/intent/audit.js +463 -0
  674. package/dist/intent/audit.js.map +1 -0
  675. package/dist/intent/classifier/index.d.ts +121 -0
  676. package/dist/intent/classifier/index.d.ts.map +1 -0
  677. package/dist/intent/classifier/index.js +232 -0
  678. package/dist/intent/classifier/index.js.map +1 -0
  679. package/dist/intent/classifier/patterns.d.ts +129 -0
  680. package/dist/intent/classifier/patterns.d.ts.map +1 -0
  681. package/dist/intent/classifier/patterns.js +471 -0
  682. package/dist/intent/classifier/patterns.js.map +1 -0
  683. package/dist/intent/classifier/risk.d.ts +177 -0
  684. package/dist/intent/classifier/risk.d.ts.map +1 -0
  685. package/dist/intent/classifier/risk.js +335 -0
  686. package/dist/intent/classifier/risk.js.map +1 -0
  687. package/dist/intent/cleanup.d.ts +24 -0
  688. package/dist/intent/cleanup.d.ts.map +1 -0
  689. package/dist/intent/cleanup.js +104 -0
  690. package/dist/intent/cleanup.js.map +1 -0
  691. package/dist/intent/consent.d.ts +238 -0
  692. package/dist/intent/consent.d.ts.map +1 -0
  693. package/dist/intent/consent.js +427 -0
  694. package/dist/intent/consent.js.map +1 -0
  695. package/dist/intent/escalation.d.ts +284 -0
  696. package/dist/intent/escalation.d.ts.map +1 -0
  697. package/dist/intent/escalation.js +618 -0
  698. package/dist/intent/escalation.js.map +1 -0
  699. package/dist/intent/gdpr-rate-limiter.d.ts +170 -0
  700. package/dist/intent/gdpr-rate-limiter.d.ts.map +1 -0
  701. package/dist/intent/gdpr-rate-limiter.js +385 -0
  702. package/dist/intent/gdpr-rate-limiter.js.map +1 -0
  703. package/dist/intent/gdpr.d.ts +323 -0
  704. package/dist/intent/gdpr.d.ts.map +1 -0
  705. package/dist/intent/gdpr.js +1013 -0
  706. package/dist/intent/gdpr.js.map +1 -0
  707. package/dist/intent/health.d.ts +214 -0
  708. package/dist/intent/health.d.ts.map +1 -0
  709. package/dist/intent/health.js +526 -0
  710. package/dist/intent/health.js.map +1 -0
  711. package/dist/intent/index.d.ts +565 -0
  712. package/dist/intent/index.d.ts.map +1 -0
  713. package/dist/intent/index.js +756 -0
  714. package/dist/intent/index.js.map +1 -0
  715. package/dist/intent/metrics.d.ts +399 -0
  716. package/dist/intent/metrics.d.ts.map +1 -0
  717. package/dist/intent/metrics.js +886 -0
  718. package/dist/intent/metrics.js.map +1 -0
  719. package/dist/intent/openapi.d.ts +22 -0
  720. package/dist/intent/openapi.d.ts.map +1 -0
  721. package/dist/intent/openapi.js +1674 -0
  722. package/dist/intent/openapi.js.map +1 -0
  723. package/dist/intent/planner/dependency.d.ts +78 -0
  724. package/dist/intent/planner/dependency.d.ts.map +1 -0
  725. package/dist/intent/planner/dependency.js +334 -0
  726. package/dist/intent/planner/dependency.js.map +1 -0
  727. package/dist/intent/planner/index.d.ts +130 -0
  728. package/dist/intent/planner/index.d.ts.map +1 -0
  729. package/dist/intent/planner/index.js +372 -0
  730. package/dist/intent/planner/index.js.map +1 -0
  731. package/dist/intent/planner/rollback.d.ts +92 -0
  732. package/dist/intent/planner/rollback.d.ts.map +1 -0
  733. package/dist/intent/planner/rollback.js +326 -0
  734. package/dist/intent/planner/rollback.js.map +1 -0
  735. package/dist/intent/planner/templates.d.ts +81 -0
  736. package/dist/intent/planner/templates.d.ts.map +1 -0
  737. package/dist/intent/planner/templates.js +560 -0
  738. package/dist/intent/planner/templates.js.map +1 -0
  739. package/dist/intent/planner/types.d.ts +38 -0
  740. package/dist/intent/planner/types.d.ts.map +1 -0
  741. package/dist/intent/planner/types.js +10 -0
  742. package/dist/intent/planner/types.js.map +1 -0
  743. package/dist/intent/queue.d.ts +150 -0
  744. package/dist/intent/queue.d.ts.map +1 -0
  745. package/dist/intent/queue.js +339 -0
  746. package/dist/intent/queue.js.map +1 -0
  747. package/dist/intent/queues.d.ts +176 -0
  748. package/dist/intent/queues.d.ts.map +1 -0
  749. package/dist/intent/queues.js +1393 -0
  750. package/dist/intent/queues.js.map +1 -0
  751. package/dist/intent/ratelimit.d.ts +147 -0
  752. package/dist/intent/ratelimit.d.ts.map +1 -0
  753. package/dist/intent/ratelimit.js +301 -0
  754. package/dist/intent/ratelimit.js.map +1 -0
  755. package/dist/intent/replay/comparator.d.ts +73 -0
  756. package/dist/intent/replay/comparator.d.ts.map +1 -0
  757. package/dist/intent/replay/comparator.js +320 -0
  758. package/dist/intent/replay/comparator.js.map +1 -0
  759. package/dist/intent/replay/index.d.ts +104 -0
  760. package/dist/intent/replay/index.d.ts.map +1 -0
  761. package/dist/intent/replay/index.js +487 -0
  762. package/dist/intent/replay/index.js.map +1 -0
  763. package/dist/intent/replay/simulator.d.ts +184 -0
  764. package/dist/intent/replay/simulator.d.ts.map +1 -0
  765. package/dist/intent/replay/simulator.js +512 -0
  766. package/dist/intent/replay/simulator.js.map +1 -0
  767. package/dist/intent/replay/snapshot.d.ts +149 -0
  768. package/dist/intent/replay/snapshot.d.ts.map +1 -0
  769. package/dist/intent/replay/snapshot.js +245 -0
  770. package/dist/intent/replay/snapshot.js.map +1 -0
  771. package/dist/intent/replay/types.d.ts +143 -0
  772. package/dist/intent/replay/types.d.ts.map +1 -0
  773. package/dist/intent/replay/types.js +10 -0
  774. package/dist/intent/replay/types.js.map +1 -0
  775. package/dist/intent/repository.d.ts +198 -0
  776. package/dist/intent/repository.d.ts.map +1 -0
  777. package/dist/intent/repository.js +538 -0
  778. package/dist/intent/repository.js.map +1 -0
  779. package/dist/intent/response-middleware.d.ts +156 -0
  780. package/dist/intent/response-middleware.d.ts.map +1 -0
  781. package/dist/intent/response-middleware.js +346 -0
  782. package/dist/intent/response-middleware.js.map +1 -0
  783. package/dist/intent/response.d.ts +267 -0
  784. package/dist/intent/response.d.ts.map +1 -0
  785. package/dist/intent/response.js +402 -0
  786. package/dist/intent/response.js.map +1 -0
  787. package/dist/intent/routes.d.ts +35 -0
  788. package/dist/intent/routes.d.ts.map +1 -0
  789. package/dist/intent/routes.js +1023 -0
  790. package/dist/intent/routes.js.map +1 -0
  791. package/dist/intent/scheduler.d.ts +45 -0
  792. package/dist/intent/scheduler.d.ts.map +1 -0
  793. package/dist/intent/scheduler.js +221 -0
  794. package/dist/intent/scheduler.js.map +1 -0
  795. package/dist/intent/schema.d.ts +3817 -0
  796. package/dist/intent/schema.d.ts.map +1 -0
  797. package/dist/intent/schema.js +631 -0
  798. package/dist/intent/schema.js.map +1 -0
  799. package/dist/intent/shutdown.d.ts +145 -0
  800. package/dist/intent/shutdown.d.ts.map +1 -0
  801. package/dist/intent/shutdown.js +468 -0
  802. package/dist/intent/shutdown.js.map +1 -0
  803. package/dist/intent/state-machine.d.ts +111 -0
  804. package/dist/intent/state-machine.d.ts.map +1 -0
  805. package/dist/intent/state-machine.js +242 -0
  806. package/dist/intent/state-machine.js.map +1 -0
  807. package/dist/intent/tracing.d.ts +152 -0
  808. package/dist/intent/tracing.d.ts.map +1 -0
  809. package/dist/intent/tracing.js +658 -0
  810. package/dist/intent/tracing.js.map +1 -0
  811. package/dist/intent/types.d.ts +188 -0
  812. package/dist/intent/types.d.ts.map +1 -0
  813. package/dist/intent/types.js +25 -0
  814. package/dist/intent/types.js.map +1 -0
  815. package/dist/intent/webhooks/delivery-repository.d.ts +80 -0
  816. package/dist/intent/webhooks/delivery-repository.d.ts.map +1 -0
  817. package/dist/intent/webhooks/delivery-repository.js +251 -0
  818. package/dist/intent/webhooks/delivery-repository.js.map +1 -0
  819. package/dist/intent/webhooks/dns-pinning.d.ts +30 -0
  820. package/dist/intent/webhooks/dns-pinning.d.ts.map +1 -0
  821. package/dist/intent/webhooks/dns-pinning.js +69 -0
  822. package/dist/intent/webhooks/dns-pinning.js.map +1 -0
  823. package/dist/intent/webhooks/index.d.ts +14 -0
  824. package/dist/intent/webhooks/index.d.ts.map +1 -0
  825. package/dist/intent/webhooks/index.js +17 -0
  826. package/dist/intent/webhooks/index.js.map +1 -0
  827. package/dist/intent/webhooks/signature.d.ts +47 -0
  828. package/dist/intent/webhooks/signature.d.ts.map +1 -0
  829. package/dist/intent/webhooks/signature.js +80 -0
  830. package/dist/intent/webhooks/signature.js.map +1 -0
  831. package/dist/intent/webhooks/ssrf-protection.d.ts +29 -0
  832. package/dist/intent/webhooks/ssrf-protection.d.ts.map +1 -0
  833. package/dist/intent/webhooks/ssrf-protection.js +161 -0
  834. package/dist/intent/webhooks/ssrf-protection.js.map +1 -0
  835. package/dist/intent/webhooks/types.d.ts +132 -0
  836. package/dist/intent/webhooks/types.d.ts.map +1 -0
  837. package/dist/intent/webhooks/types.js +14 -0
  838. package/dist/intent/webhooks/types.js.map +1 -0
  839. package/dist/intent/webhooks.d.ts +618 -0
  840. package/dist/intent/webhooks.d.ts.map +1 -0
  841. package/dist/intent/webhooks.js +1836 -0
  842. package/dist/intent/webhooks.js.map +1 -0
  843. package/dist/intent-gateway/ai-act-classifier.d.ts +18 -0
  844. package/dist/intent-gateway/ai-act-classifier.d.ts.map +1 -0
  845. package/dist/intent-gateway/ai-act-classifier.js +296 -0
  846. package/dist/intent-gateway/ai-act-classifier.js.map +1 -0
  847. package/dist/intent-gateway/index.d.ts +43 -0
  848. package/dist/intent-gateway/index.d.ts.map +1 -0
  849. package/dist/intent-gateway/index.js +236 -0
  850. package/dist/intent-gateway/index.js.map +1 -0
  851. package/dist/intent-gateway/jurisdiction-resolver.d.ts +19 -0
  852. package/dist/intent-gateway/jurisdiction-resolver.d.ts.map +1 -0
  853. package/dist/intent-gateway/jurisdiction-resolver.js +236 -0
  854. package/dist/intent-gateway/jurisdiction-resolver.js.map +1 -0
  855. package/dist/intent-gateway/policy-composer.d.ts +27 -0
  856. package/dist/intent-gateway/policy-composer.d.ts.map +1 -0
  857. package/dist/intent-gateway/policy-composer.js +418 -0
  858. package/dist/intent-gateway/policy-composer.js.map +1 -0
  859. package/dist/intent-gateway/regime-selector.d.ts +26 -0
  860. package/dist/intent-gateway/regime-selector.d.ts.map +1 -0
  861. package/dist/intent-gateway/regime-selector.js +185 -0
  862. package/dist/intent-gateway/regime-selector.js.map +1 -0
  863. package/dist/intent-gateway/types.d.ts +103 -0
  864. package/dist/intent-gateway/types.d.ts.map +1 -0
  865. package/dist/intent-gateway/types.js +85 -0
  866. package/dist/intent-gateway/types.js.map +1 -0
  867. package/dist/observability/alerts.d.ts +136 -0
  868. package/dist/observability/alerts.d.ts.map +1 -0
  869. package/dist/observability/alerts.js +485 -0
  870. package/dist/observability/alerts.js.map +1 -0
  871. package/dist/observability/health.d.ts +102 -0
  872. package/dist/observability/health.d.ts.map +1 -0
  873. package/dist/observability/health.js +415 -0
  874. package/dist/observability/health.js.map +1 -0
  875. package/dist/observability/index.d.ts +29 -0
  876. package/dist/observability/index.d.ts.map +1 -0
  877. package/dist/observability/index.js +72 -0
  878. package/dist/observability/index.js.map +1 -0
  879. package/dist/observability/logging.d.ts +90 -0
  880. package/dist/observability/logging.d.ts.map +1 -0
  881. package/dist/observability/logging.js +260 -0
  882. package/dist/observability/logging.js.map +1 -0
  883. package/dist/observability/metrics.d.ts +226 -0
  884. package/dist/observability/metrics.d.ts.map +1 -0
  885. package/dist/observability/metrics.js +527 -0
  886. package/dist/observability/metrics.js.map +1 -0
  887. package/dist/observability/tracing.d.ts +120 -0
  888. package/dist/observability/tracing.d.ts.map +1 -0
  889. package/dist/observability/tracing.js +285 -0
  890. package/dist/observability/tracing.js.map +1 -0
  891. package/dist/persistence/audit.d.ts +169 -0
  892. package/dist/persistence/audit.d.ts.map +1 -0
  893. package/dist/persistence/audit.js +342 -0
  894. package/dist/persistence/audit.js.map +1 -0
  895. package/dist/persistence/index.d.ts +13 -0
  896. package/dist/persistence/index.d.ts.map +1 -0
  897. package/dist/persistence/index.js +15 -0
  898. package/dist/persistence/index.js.map +1 -0
  899. package/dist/persistence/repository.d.ts +192 -0
  900. package/dist/persistence/repository.d.ts.map +1 -0
  901. package/dist/persistence/repository.js +223 -0
  902. package/dist/persistence/repository.js.map +1 -0
  903. package/dist/policy/diff.d.ts +88 -0
  904. package/dist/policy/diff.d.ts.map +1 -0
  905. package/dist/policy/diff.js +325 -0
  906. package/dist/policy/diff.js.map +1 -0
  907. package/dist/policy/distributed-cache.d.ts +205 -0
  908. package/dist/policy/distributed-cache.d.ts.map +1 -0
  909. package/dist/policy/distributed-cache.js +683 -0
  910. package/dist/policy/distributed-cache.js.map +1 -0
  911. package/dist/policy/evaluator.d.ts +102 -0
  912. package/dist/policy/evaluator.d.ts.map +1 -0
  913. package/dist/policy/evaluator.js +648 -0
  914. package/dist/policy/evaluator.js.map +1 -0
  915. package/dist/policy/index.d.ts +24 -0
  916. package/dist/policy/index.d.ts.map +1 -0
  917. package/dist/policy/index.js +27 -0
  918. package/dist/policy/index.js.map +1 -0
  919. package/dist/policy/loader.d.ts +63 -0
  920. package/dist/policy/loader.d.ts.map +1 -0
  921. package/dist/policy/loader.js +176 -0
  922. package/dist/policy/loader.js.map +1 -0
  923. package/dist/policy/service.d.ts +240 -0
  924. package/dist/policy/service.d.ts.map +1 -0
  925. package/dist/policy/service.js +1032 -0
  926. package/dist/policy/service.js.map +1 -0
  927. package/dist/policy/types.d.ts +220 -0
  928. package/dist/policy/types.d.ts.map +1 -0
  929. package/dist/policy/types.js +36 -0
  930. package/dist/policy/types.js.map +1 -0
  931. package/dist/policy/visual-builder/index.d.ts +201 -0
  932. package/dist/policy/visual-builder/index.d.ts.map +1 -0
  933. package/dist/policy/visual-builder/index.js +727 -0
  934. package/dist/policy/visual-builder/index.js.map +1 -0
  935. package/dist/policy/visual-builder/inheritance.d.ts +151 -0
  936. package/dist/policy/visual-builder/inheritance.d.ts.map +1 -0
  937. package/dist/policy/visual-builder/inheritance.js +314 -0
  938. package/dist/policy/visual-builder/inheritance.js.map +1 -0
  939. package/dist/policy/visual-builder/propagation.d.ts +146 -0
  940. package/dist/policy/visual-builder/propagation.d.ts.map +1 -0
  941. package/dist/policy/visual-builder/propagation.js +299 -0
  942. package/dist/policy/visual-builder/propagation.js.map +1 -0
  943. package/dist/policy/visual-builder/routes.d.ts +14 -0
  944. package/dist/policy/visual-builder/routes.d.ts.map +1 -0
  945. package/dist/policy/visual-builder/routes.js +528 -0
  946. package/dist/policy/visual-builder/routes.js.map +1 -0
  947. package/dist/policy/visual-builder/simulator.d.ts +161 -0
  948. package/dist/policy/visual-builder/simulator.d.ts.map +1 -0
  949. package/dist/policy/visual-builder/simulator.js +413 -0
  950. package/dist/policy/visual-builder/simulator.js.map +1 -0
  951. package/dist/policy/visual-builder/templates.d.ts +119 -0
  952. package/dist/policy/visual-builder/templates.d.ts.map +1 -0
  953. package/dist/policy/visual-builder/templates.js +627 -0
  954. package/dist/policy/visual-builder/templates.js.map +1 -0
  955. package/dist/proof/chain/index.d.ts +271 -0
  956. package/dist/proof/chain/index.d.ts.map +1 -0
  957. package/dist/proof/chain/index.js +483 -0
  958. package/dist/proof/chain/index.js.map +1 -0
  959. package/dist/proof/index.d.ts +206 -0
  960. package/dist/proof/index.d.ts.map +1 -0
  961. package/dist/proof/index.js +597 -0
  962. package/dist/proof/index.js.map +1 -0
  963. package/dist/proof/merkle-service.d.ts +194 -0
  964. package/dist/proof/merkle-service.d.ts.map +1 -0
  965. package/dist/proof/merkle-service.js +463 -0
  966. package/dist/proof/merkle-service.js.map +1 -0
  967. package/dist/proof/merkle.d.ts +118 -0
  968. package/dist/proof/merkle.d.ts.map +1 -0
  969. package/dist/proof/merkle.js +265 -0
  970. package/dist/proof/merkle.js.map +1 -0
  971. package/dist/security/ai-governance/access-policy.d.ts +197 -0
  972. package/dist/security/ai-governance/access-policy.d.ts.map +1 -0
  973. package/dist/security/ai-governance/access-policy.js +522 -0
  974. package/dist/security/ai-governance/access-policy.js.map +1 -0
  975. package/dist/security/ai-governance/audit-trail.d.ts +241 -0
  976. package/dist/security/ai-governance/audit-trail.d.ts.map +1 -0
  977. package/dist/security/ai-governance/audit-trail.js +645 -0
  978. package/dist/security/ai-governance/audit-trail.js.map +1 -0
  979. package/dist/security/ai-governance/bias-detection.d.ts +221 -0
  980. package/dist/security/ai-governance/bias-detection.d.ts.map +1 -0
  981. package/dist/security/ai-governance/bias-detection.js +615 -0
  982. package/dist/security/ai-governance/bias-detection.js.map +1 -0
  983. package/dist/security/ai-governance/index.d.ts +92 -0
  984. package/dist/security/ai-governance/index.d.ts.map +1 -0
  985. package/dist/security/ai-governance/index.js +184 -0
  986. package/dist/security/ai-governance/index.js.map +1 -0
  987. package/dist/security/ai-governance/middleware.d.ts +110 -0
  988. package/dist/security/ai-governance/middleware.d.ts.map +1 -0
  989. package/dist/security/ai-governance/middleware.js +359 -0
  990. package/dist/security/ai-governance/middleware.js.map +1 -0
  991. package/dist/security/ai-governance/model-registry.d.ts +229 -0
  992. package/dist/security/ai-governance/model-registry.d.ts.map +1 -0
  993. package/dist/security/ai-governance/model-registry.js +535 -0
  994. package/dist/security/ai-governance/model-registry.js.map +1 -0
  995. package/dist/security/ai-governance/output-filter.d.ts +150 -0
  996. package/dist/security/ai-governance/output-filter.d.ts.map +1 -0
  997. package/dist/security/ai-governance/output-filter.js +561 -0
  998. package/dist/security/ai-governance/output-filter.js.map +1 -0
  999. package/dist/security/ai-governance/prompt-injection.d.ts +153 -0
  1000. package/dist/security/ai-governance/prompt-injection.d.ts.map +1 -0
  1001. package/dist/security/ai-governance/prompt-injection.js +614 -0
  1002. package/dist/security/ai-governance/prompt-injection.js.map +1 -0
  1003. package/dist/security/ai-governance/rate-limiter.d.ts +156 -0
  1004. package/dist/security/ai-governance/rate-limiter.d.ts.map +1 -0
  1005. package/dist/security/ai-governance/rate-limiter.js +541 -0
  1006. package/dist/security/ai-governance/rate-limiter.js.map +1 -0
  1007. package/dist/security/ai-governance/types.d.ts +594 -0
  1008. package/dist/security/ai-governance/types.d.ts.map +1 -0
  1009. package/dist/security/ai-governance/types.js +6 -0
  1010. package/dist/security/ai-governance/types.js.map +1 -0
  1011. package/dist/security/alerting/channels/base.d.ts +91 -0
  1012. package/dist/security/alerting/channels/base.d.ts.map +1 -0
  1013. package/dist/security/alerting/channels/base.js +128 -0
  1014. package/dist/security/alerting/channels/base.js.map +1 -0
  1015. package/dist/security/alerting/channels/email.d.ts +92 -0
  1016. package/dist/security/alerting/channels/email.d.ts.map +1 -0
  1017. package/dist/security/alerting/channels/email.js +418 -0
  1018. package/dist/security/alerting/channels/email.js.map +1 -0
  1019. package/dist/security/alerting/channels/http-base.d.ts +86 -0
  1020. package/dist/security/alerting/channels/http-base.d.ts.map +1 -0
  1021. package/dist/security/alerting/channels/http-base.js +133 -0
  1022. package/dist/security/alerting/channels/http-base.js.map +1 -0
  1023. package/dist/security/alerting/channels/index.d.ts +30 -0
  1024. package/dist/security/alerting/channels/index.d.ts.map +1 -0
  1025. package/dist/security/alerting/channels/index.js +22 -0
  1026. package/dist/security/alerting/channels/index.js.map +1 -0
  1027. package/dist/security/alerting/channels/pagerduty.d.ts +70 -0
  1028. package/dist/security/alerting/channels/pagerduty.d.ts.map +1 -0
  1029. package/dist/security/alerting/channels/pagerduty.js +248 -0
  1030. package/dist/security/alerting/channels/pagerduty.js.map +1 -0
  1031. package/dist/security/alerting/channels/slack.d.ts +55 -0
  1032. package/dist/security/alerting/channels/slack.d.ts.map +1 -0
  1033. package/dist/security/alerting/channels/slack.js +215 -0
  1034. package/dist/security/alerting/channels/slack.js.map +1 -0
  1035. package/dist/security/alerting/channels/sns.d.ts +87 -0
  1036. package/dist/security/alerting/channels/sns.d.ts.map +1 -0
  1037. package/dist/security/alerting/channels/sns.js +251 -0
  1038. package/dist/security/alerting/channels/sns.js.map +1 -0
  1039. package/dist/security/alerting/channels/webhook.d.ts +92 -0
  1040. package/dist/security/alerting/channels/webhook.d.ts.map +1 -0
  1041. package/dist/security/alerting/channels/webhook.js +203 -0
  1042. package/dist/security/alerting/channels/webhook.js.map +1 -0
  1043. package/dist/security/alerting/detector.d.ts +217 -0
  1044. package/dist/security/alerting/detector.d.ts.map +1 -0
  1045. package/dist/security/alerting/detector.js +725 -0
  1046. package/dist/security/alerting/detector.js.map +1 -0
  1047. package/dist/security/alerting/index.d.ts +57 -0
  1048. package/dist/security/alerting/index.d.ts.map +1 -0
  1049. package/dist/security/alerting/index.js +214 -0
  1050. package/dist/security/alerting/index.js.map +1 -0
  1051. package/dist/security/alerting/service.d.ts +190 -0
  1052. package/dist/security/alerting/service.d.ts.map +1 -0
  1053. package/dist/security/alerting/service.js +815 -0
  1054. package/dist/security/alerting/service.js.map +1 -0
  1055. package/dist/security/alerting/types.d.ts +2165 -0
  1056. package/dist/security/alerting/types.d.ts.map +1 -0
  1057. package/dist/security/alerting/types.js +278 -0
  1058. package/dist/security/alerting/types.js.map +1 -0
  1059. package/dist/security/anomaly/detectors/account-compromise.d.ts +198 -0
  1060. package/dist/security/anomaly/detectors/account-compromise.d.ts.map +1 -0
  1061. package/dist/security/anomaly/detectors/account-compromise.js +815 -0
  1062. package/dist/security/anomaly/detectors/account-compromise.js.map +1 -0
  1063. package/dist/security/anomaly/detectors/data-exfiltration.d.ts +175 -0
  1064. package/dist/security/anomaly/detectors/data-exfiltration.d.ts.map +1 -0
  1065. package/dist/security/anomaly/detectors/data-exfiltration.js +733 -0
  1066. package/dist/security/anomaly/detectors/data-exfiltration.js.map +1 -0
  1067. package/dist/security/anomaly/detectors/geographic.d.ts +100 -0
  1068. package/dist/security/anomaly/detectors/geographic.d.ts.map +1 -0
  1069. package/dist/security/anomaly/detectors/geographic.js +348 -0
  1070. package/dist/security/anomaly/detectors/geographic.js.map +1 -0
  1071. package/dist/security/anomaly/detectors/index.d.ts +86 -0
  1072. package/dist/security/anomaly/detectors/index.d.ts.map +1 -0
  1073. package/dist/security/anomaly/detectors/index.js +118 -0
  1074. package/dist/security/anomaly/detectors/index.js.map +1 -0
  1075. package/dist/security/anomaly/detectors/lateral-movement.d.ts +168 -0
  1076. package/dist/security/anomaly/detectors/lateral-movement.d.ts.map +1 -0
  1077. package/dist/security/anomaly/detectors/lateral-movement.js +795 -0
  1078. package/dist/security/anomaly/detectors/lateral-movement.js.map +1 -0
  1079. package/dist/security/anomaly/detectors/privilege-escalation.d.ts +177 -0
  1080. package/dist/security/anomaly/detectors/privilege-escalation.d.ts.map +1 -0
  1081. package/dist/security/anomaly/detectors/privilege-escalation.js +741 -0
  1082. package/dist/security/anomaly/detectors/privilege-escalation.js.map +1 -0
  1083. package/dist/security/anomaly/detectors/temporal.d.ts +71 -0
  1084. package/dist/security/anomaly/detectors/temporal.d.ts.map +1 -0
  1085. package/dist/security/anomaly/detectors/temporal.js +398 -0
  1086. package/dist/security/anomaly/detectors/temporal.js.map +1 -0
  1087. package/dist/security/anomaly/detectors/volume.d.ts +97 -0
  1088. package/dist/security/anomaly/detectors/volume.d.ts.map +1 -0
  1089. package/dist/security/anomaly/detectors/volume.js +424 -0
  1090. package/dist/security/anomaly/detectors/volume.js.map +1 -0
  1091. package/dist/security/anomaly/index.d.ts +128 -0
  1092. package/dist/security/anomaly/index.d.ts.map +1 -0
  1093. package/dist/security/anomaly/index.js +378 -0
  1094. package/dist/security/anomaly/index.js.map +1 -0
  1095. package/dist/security/anomaly/types.d.ts +1209 -0
  1096. package/dist/security/anomaly/types.d.ts.map +1 -0
  1097. package/dist/security/anomaly/types.js +193 -0
  1098. package/dist/security/anomaly/types.js.map +1 -0
  1099. package/dist/security/api-keys/cache.d.ts +255 -0
  1100. package/dist/security/api-keys/cache.d.ts.map +1 -0
  1101. package/dist/security/api-keys/cache.js +595 -0
  1102. package/dist/security/api-keys/cache.js.map +1 -0
  1103. package/dist/security/api-keys/db-store.d.ts +150 -0
  1104. package/dist/security/api-keys/db-store.d.ts.map +1 -0
  1105. package/dist/security/api-keys/db-store.js +694 -0
  1106. package/dist/security/api-keys/db-store.js.map +1 -0
  1107. package/dist/security/api-keys/index.d.ts +29 -0
  1108. package/dist/security/api-keys/index.d.ts.map +1 -0
  1109. package/dist/security/api-keys/index.js +81 -0
  1110. package/dist/security/api-keys/index.js.map +1 -0
  1111. package/dist/security/api-keys/middleware.d.ts +164 -0
  1112. package/dist/security/api-keys/middleware.d.ts.map +1 -0
  1113. package/dist/security/api-keys/middleware.js +392 -0
  1114. package/dist/security/api-keys/middleware.js.map +1 -0
  1115. package/dist/security/api-keys/service.d.ts +226 -0
  1116. package/dist/security/api-keys/service.d.ts.map +1 -0
  1117. package/dist/security/api-keys/service.js +861 -0
  1118. package/dist/security/api-keys/service.js.map +1 -0
  1119. package/dist/security/api-keys/store.d.ts +241 -0
  1120. package/dist/security/api-keys/store.d.ts.map +1 -0
  1121. package/dist/security/api-keys/store.js +360 -0
  1122. package/dist/security/api-keys/store.js.map +1 -0
  1123. package/dist/security/api-keys/types.d.ts +718 -0
  1124. package/dist/security/api-keys/types.d.ts.map +1 -0
  1125. package/dist/security/api-keys/types.js +162 -0
  1126. package/dist/security/api-keys/types.js.map +1 -0
  1127. package/dist/security/brute-force.d.ts +390 -0
  1128. package/dist/security/brute-force.d.ts.map +1 -0
  1129. package/dist/security/brute-force.js +677 -0
  1130. package/dist/security/brute-force.js.map +1 -0
  1131. package/dist/security/config-validator.d.ts +152 -0
  1132. package/dist/security/config-validator.d.ts.map +1 -0
  1133. package/dist/security/config-validator.js +667 -0
  1134. package/dist/security/config-validator.js.map +1 -0
  1135. package/dist/security/crypto/fips-mode.d.ts +726 -0
  1136. package/dist/security/crypto/fips-mode.d.ts.map +1 -0
  1137. package/dist/security/crypto/fips-mode.js +1297 -0
  1138. package/dist/security/crypto/fips-mode.js.map +1 -0
  1139. package/dist/security/crypto/index.d.ts +203 -0
  1140. package/dist/security/crypto/index.d.ts.map +1 -0
  1141. package/dist/security/crypto/index.js +293 -0
  1142. package/dist/security/crypto/index.js.map +1 -0
  1143. package/dist/security/crypto/post-quantum/benchmark.d.ts +125 -0
  1144. package/dist/security/crypto/post-quantum/benchmark.d.ts.map +1 -0
  1145. package/dist/security/crypto/post-quantum/benchmark.js +530 -0
  1146. package/dist/security/crypto/post-quantum/benchmark.js.map +1 -0
  1147. package/dist/security/crypto/post-quantum/dilithium.d.ts +146 -0
  1148. package/dist/security/crypto/post-quantum/dilithium.d.ts.map +1 -0
  1149. package/dist/security/crypto/post-quantum/dilithium.js +662 -0
  1150. package/dist/security/crypto/post-quantum/dilithium.js.map +1 -0
  1151. package/dist/security/crypto/post-quantum/hybrid.d.ts +267 -0
  1152. package/dist/security/crypto/post-quantum/hybrid.d.ts.map +1 -0
  1153. package/dist/security/crypto/post-quantum/hybrid.js +457 -0
  1154. package/dist/security/crypto/post-quantum/hybrid.js.map +1 -0
  1155. package/dist/security/crypto/post-quantum/index.d.ts +166 -0
  1156. package/dist/security/crypto/post-quantum/index.d.ts.map +1 -0
  1157. package/dist/security/crypto/post-quantum/index.js +236 -0
  1158. package/dist/security/crypto/post-quantum/index.js.map +1 -0
  1159. package/dist/security/crypto/post-quantum/kyber.d.ts +131 -0
  1160. package/dist/security/crypto/post-quantum/kyber.d.ts.map +1 -0
  1161. package/dist/security/crypto/post-quantum/kyber.js +640 -0
  1162. package/dist/security/crypto/post-quantum/kyber.js.map +1 -0
  1163. package/dist/security/crypto/post-quantum/migration.d.ts +230 -0
  1164. package/dist/security/crypto/post-quantum/migration.d.ts.map +1 -0
  1165. package/dist/security/crypto/post-quantum/migration.js +563 -0
  1166. package/dist/security/crypto/post-quantum/migration.js.map +1 -0
  1167. package/dist/security/crypto/post-quantum/types.d.ts +1056 -0
  1168. package/dist/security/crypto/post-quantum/types.d.ts.map +1 -0
  1169. package/dist/security/crypto/post-quantum/types.js +350 -0
  1170. package/dist/security/crypto/post-quantum/types.js.map +1 -0
  1171. package/dist/security/crypto/shamir/comparison.d.ts +128 -0
  1172. package/dist/security/crypto/shamir/comparison.d.ts.map +1 -0
  1173. package/dist/security/crypto/shamir/comparison.js +423 -0
  1174. package/dist/security/crypto/shamir/comparison.js.map +1 -0
  1175. package/dist/security/crypto/shamir/index.d.ts +76 -0
  1176. package/dist/security/crypto/shamir/index.d.ts.map +1 -0
  1177. package/dist/security/crypto/shamir/index.js +155 -0
  1178. package/dist/security/crypto/shamir/index.js.map +1 -0
  1179. package/dist/security/crypto/shamir/proofs.d.ts +259 -0
  1180. package/dist/security/crypto/shamir/proofs.d.ts.map +1 -0
  1181. package/dist/security/crypto/shamir/proofs.js +605 -0
  1182. package/dist/security/crypto/shamir/proofs.js.map +1 -0
  1183. package/dist/security/crypto/shamir/property-tests.d.ts +104 -0
  1184. package/dist/security/crypto/shamir/property-tests.d.ts.map +1 -0
  1185. package/dist/security/crypto/shamir/property-tests.js +480 -0
  1186. package/dist/security/crypto/shamir/property-tests.js.map +1 -0
  1187. package/dist/security/crypto/shamir/security-analysis.d.ts +97 -0
  1188. package/dist/security/crypto/shamir/security-analysis.d.ts.map +1 -0
  1189. package/dist/security/crypto/shamir/security-analysis.js +503 -0
  1190. package/dist/security/crypto/shamir/security-analysis.js.map +1 -0
  1191. package/dist/security/crypto/shamir/test-vectors.d.ts +116 -0
  1192. package/dist/security/crypto/shamir/test-vectors.d.ts.map +1 -0
  1193. package/dist/security/crypto/shamir/test-vectors.js +377 -0
  1194. package/dist/security/crypto/shamir/test-vectors.js.map +1 -0
  1195. package/dist/security/crypto/shamir/types.d.ts +281 -0
  1196. package/dist/security/crypto/shamir/types.d.ts.map +1 -0
  1197. package/dist/security/crypto/shamir/types.js +82 -0
  1198. package/dist/security/crypto/shamir/types.js.map +1 -0
  1199. package/dist/security/crypto/shamir/verified-shamir.d.ts +170 -0
  1200. package/dist/security/crypto/shamir/verified-shamir.d.ts.map +1 -0
  1201. package/dist/security/crypto/shamir/verified-shamir.js +624 -0
  1202. package/dist/security/crypto/shamir/verified-shamir.js.map +1 -0
  1203. package/dist/security/csrf.d.ts +215 -0
  1204. package/dist/security/csrf.d.ts.map +1 -0
  1205. package/dist/security/csrf.js +467 -0
  1206. package/dist/security/csrf.js.map +1 -0
  1207. package/dist/security/distributed-state.d.ts +331 -0
  1208. package/dist/security/distributed-state.d.ts.map +1 -0
  1209. package/dist/security/distributed-state.js +768 -0
  1210. package/dist/security/distributed-state.js.map +1 -0
  1211. package/dist/security/dlp/index.d.ts +27 -0
  1212. package/dist/security/dlp/index.d.ts.map +1 -0
  1213. package/dist/security/dlp/index.js +54 -0
  1214. package/dist/security/dlp/index.js.map +1 -0
  1215. package/dist/security/dlp/scanner.d.ts +451 -0
  1216. package/dist/security/dlp/scanner.d.ts.map +1 -0
  1217. package/dist/security/dlp/scanner.js +1241 -0
  1218. package/dist/security/dlp/scanner.js.map +1 -0
  1219. package/dist/security/dpop.d.ts +260 -0
  1220. package/dist/security/dpop.d.ts.map +1 -0
  1221. package/dist/security/dpop.js +1058 -0
  1222. package/dist/security/dpop.js.map +1 -0
  1223. package/dist/security/encryption/decorators.d.ts +263 -0
  1224. package/dist/security/encryption/decorators.d.ts.map +1 -0
  1225. package/dist/security/encryption/decorators.js +359 -0
  1226. package/dist/security/encryption/decorators.js.map +1 -0
  1227. package/dist/security/encryption/index.d.ts +83 -0
  1228. package/dist/security/encryption/index.d.ts.map +1 -0
  1229. package/dist/security/encryption/index.js +140 -0
  1230. package/dist/security/encryption/index.js.map +1 -0
  1231. package/dist/security/encryption/key-provider.d.ts +335 -0
  1232. package/dist/security/encryption/key-provider.d.ts.map +1 -0
  1233. package/dist/security/encryption/key-provider.js +853 -0
  1234. package/dist/security/encryption/key-provider.js.map +1 -0
  1235. package/dist/security/encryption/middleware.d.ts +279 -0
  1236. package/dist/security/encryption/middleware.d.ts.map +1 -0
  1237. package/dist/security/encryption/middleware.js +493 -0
  1238. package/dist/security/encryption/middleware.js.map +1 -0
  1239. package/dist/security/encryption/service.d.ts +164 -0
  1240. package/dist/security/encryption/service.d.ts.map +1 -0
  1241. package/dist/security/encryption/service.js +623 -0
  1242. package/dist/security/encryption/service.js.map +1 -0
  1243. package/dist/security/encryption/types.d.ts +745 -0
  1244. package/dist/security/encryption/types.d.ts.map +1 -0
  1245. package/dist/security/encryption/types.js +229 -0
  1246. package/dist/security/encryption/types.js.map +1 -0
  1247. package/dist/security/error-sanitizer.d.ts +329 -0
  1248. package/dist/security/error-sanitizer.d.ts.map +1 -0
  1249. package/dist/security/error-sanitizer.js +700 -0
  1250. package/dist/security/error-sanitizer.js.map +1 -0
  1251. package/dist/security/fingerprint-service.d.ts +139 -0
  1252. package/dist/security/fingerprint-service.d.ts.map +1 -0
  1253. package/dist/security/fingerprint-service.js +240 -0
  1254. package/dist/security/fingerprint-service.js.map +1 -0
  1255. package/dist/security/headers/csp.d.ts +270 -0
  1256. package/dist/security/headers/csp.d.ts.map +1 -0
  1257. package/dist/security/headers/csp.js +655 -0
  1258. package/dist/security/headers/csp.js.map +1 -0
  1259. package/dist/security/headers/hsts.d.ts +161 -0
  1260. package/dist/security/headers/hsts.d.ts.map +1 -0
  1261. package/dist/security/headers/hsts.js +346 -0
  1262. package/dist/security/headers/hsts.js.map +1 -0
  1263. package/dist/security/headers/index.d.ts +47 -0
  1264. package/dist/security/headers/index.d.ts.map +1 -0
  1265. package/dist/security/headers/index.js +110 -0
  1266. package/dist/security/headers/index.js.map +1 -0
  1267. package/dist/security/headers/middleware.d.ts +70 -0
  1268. package/dist/security/headers/middleware.d.ts.map +1 -0
  1269. package/dist/security/headers/middleware.js +549 -0
  1270. package/dist/security/headers/middleware.js.map +1 -0
  1271. package/dist/security/headers/permissions-policy.d.ts +189 -0
  1272. package/dist/security/headers/permissions-policy.d.ts.map +1 -0
  1273. package/dist/security/headers/permissions-policy.js +508 -0
  1274. package/dist/security/headers/permissions-policy.js.map +1 -0
  1275. package/dist/security/headers/types.d.ts +1570 -0
  1276. package/dist/security/headers/types.d.ts.map +1 -0
  1277. package/dist/security/headers/types.js +281 -0
  1278. package/dist/security/headers/types.js.map +1 -0
  1279. package/dist/security/headers/validator.d.ts +36 -0
  1280. package/dist/security/headers/validator.d.ts.map +1 -0
  1281. package/dist/security/headers/validator.js +616 -0
  1282. package/dist/security/headers/validator.js.map +1 -0
  1283. package/dist/security/hsm/aws-cloudhsm.d.ts +157 -0
  1284. package/dist/security/hsm/aws-cloudhsm.d.ts.map +1 -0
  1285. package/dist/security/hsm/aws-cloudhsm.js +712 -0
  1286. package/dist/security/hsm/aws-cloudhsm.js.map +1 -0
  1287. package/dist/security/hsm/azure-hsm.d.ts +174 -0
  1288. package/dist/security/hsm/azure-hsm.d.ts.map +1 -0
  1289. package/dist/security/hsm/azure-hsm.js +792 -0
  1290. package/dist/security/hsm/azure-hsm.js.map +1 -0
  1291. package/dist/security/hsm/gcp-hsm.d.ts +184 -0
  1292. package/dist/security/hsm/gcp-hsm.d.ts.map +1 -0
  1293. package/dist/security/hsm/gcp-hsm.js +817 -0
  1294. package/dist/security/hsm/gcp-hsm.js.map +1 -0
  1295. package/dist/security/hsm/hsm-service.d.ts +264 -0
  1296. package/dist/security/hsm/hsm-service.d.ts.map +1 -0
  1297. package/dist/security/hsm/hsm-service.js +772 -0
  1298. package/dist/security/hsm/hsm-service.js.map +1 -0
  1299. package/dist/security/hsm/index.d.ts +248 -0
  1300. package/dist/security/hsm/index.d.ts.map +1 -0
  1301. package/dist/security/hsm/index.js +329 -0
  1302. package/dist/security/hsm/index.js.map +1 -0
  1303. package/dist/security/hsm/key-ceremony.d.ts +214 -0
  1304. package/dist/security/hsm/key-ceremony.d.ts.map +1 -0
  1305. package/dist/security/hsm/key-ceremony.js +636 -0
  1306. package/dist/security/hsm/key-ceremony.js.map +1 -0
  1307. package/dist/security/hsm/key-operations.d.ts +218 -0
  1308. package/dist/security/hsm/key-operations.d.ts.map +1 -0
  1309. package/dist/security/hsm/key-operations.js +625 -0
  1310. package/dist/security/hsm/key-operations.js.map +1 -0
  1311. package/dist/security/hsm/local-softHSM.d.ts +122 -0
  1312. package/dist/security/hsm/local-softHSM.d.ts.map +1 -0
  1313. package/dist/security/hsm/local-softHSM.js +786 -0
  1314. package/dist/security/hsm/local-softHSM.js.map +1 -0
  1315. package/dist/security/hsm/pkcs11-wrapper.d.ts +386 -0
  1316. package/dist/security/hsm/pkcs11-wrapper.d.ts.map +1 -0
  1317. package/dist/security/hsm/pkcs11-wrapper.js +1149 -0
  1318. package/dist/security/hsm/pkcs11-wrapper.js.map +1 -0
  1319. package/dist/security/hsm/provider.d.ts +333 -0
  1320. package/dist/security/hsm/provider.d.ts.map +1 -0
  1321. package/dist/security/hsm/provider.js +264 -0
  1322. package/dist/security/hsm/provider.js.map +1 -0
  1323. package/dist/security/hsm/thales-luna.d.ts +209 -0
  1324. package/dist/security/hsm/thales-luna.d.ts.map +1 -0
  1325. package/dist/security/hsm/thales-luna.js +820 -0
  1326. package/dist/security/hsm/thales-luna.js.map +1 -0
  1327. package/dist/security/incident/actions/block-ip.d.ts +82 -0
  1328. package/dist/security/incident/actions/block-ip.d.ts.map +1 -0
  1329. package/dist/security/incident/actions/block-ip.js +454 -0
  1330. package/dist/security/incident/actions/block-ip.js.map +1 -0
  1331. package/dist/security/incident/actions/collect-evidence.d.ts +93 -0
  1332. package/dist/security/incident/actions/collect-evidence.d.ts.map +1 -0
  1333. package/dist/security/incident/actions/collect-evidence.js +449 -0
  1334. package/dist/security/incident/actions/collect-evidence.js.map +1 -0
  1335. package/dist/security/incident/actions/index.d.ts +39 -0
  1336. package/dist/security/incident/actions/index.d.ts.map +1 -0
  1337. package/dist/security/incident/actions/index.js +52 -0
  1338. package/dist/security/incident/actions/index.js.map +1 -0
  1339. package/dist/security/incident/actions/isolate-system.d.ts +61 -0
  1340. package/dist/security/incident/actions/isolate-system.d.ts.map +1 -0
  1341. package/dist/security/incident/actions/isolate-system.js +369 -0
  1342. package/dist/security/incident/actions/isolate-system.js.map +1 -0
  1343. package/dist/security/incident/actions/notify-stakeholders.d.ts +70 -0
  1344. package/dist/security/incident/actions/notify-stakeholders.d.ts.map +1 -0
  1345. package/dist/security/incident/actions/notify-stakeholders.js +377 -0
  1346. package/dist/security/incident/actions/notify-stakeholders.js.map +1 -0
  1347. package/dist/security/incident/actions/revoke-credentials.d.ts +75 -0
  1348. package/dist/security/incident/actions/revoke-credentials.d.ts.map +1 -0
  1349. package/dist/security/incident/actions/revoke-credentials.js +320 -0
  1350. package/dist/security/incident/actions/revoke-credentials.js.map +1 -0
  1351. package/dist/security/incident/actions/scale-monitoring.d.ts +88 -0
  1352. package/dist/security/incident/actions/scale-monitoring.d.ts.map +1 -0
  1353. package/dist/security/incident/actions/scale-monitoring.js +473 -0
  1354. package/dist/security/incident/actions/scale-monitoring.js.map +1 -0
  1355. package/dist/security/incident/executor.d.ts +128 -0
  1356. package/dist/security/incident/executor.d.ts.map +1 -0
  1357. package/dist/security/incident/executor.js +695 -0
  1358. package/dist/security/incident/executor.js.map +1 -0
  1359. package/dist/security/incident/index.d.ts +220 -0
  1360. package/dist/security/incident/index.d.ts.map +1 -0
  1361. package/dist/security/incident/index.js +1284 -0
  1362. package/dist/security/incident/index.js.map +1 -0
  1363. package/dist/security/incident/notification.d.ts +68 -0
  1364. package/dist/security/incident/notification.d.ts.map +1 -0
  1365. package/dist/security/incident/notification.js +512 -0
  1366. package/dist/security/incident/notification.js.map +1 -0
  1367. package/dist/security/incident/playbooks/account-compromise.d.ts +13 -0
  1368. package/dist/security/incident/playbooks/account-compromise.d.ts.map +1 -0
  1369. package/dist/security/incident/playbooks/account-compromise.js +379 -0
  1370. package/dist/security/incident/playbooks/account-compromise.js.map +1 -0
  1371. package/dist/security/incident/playbooks/configuration-error.d.ts +17 -0
  1372. package/dist/security/incident/playbooks/configuration-error.d.ts.map +1 -0
  1373. package/dist/security/incident/playbooks/configuration-error.js +340 -0
  1374. package/dist/security/incident/playbooks/configuration-error.js.map +1 -0
  1375. package/dist/security/incident/playbooks/data-breach.d.ts +13 -0
  1376. package/dist/security/incident/playbooks/data-breach.d.ts.map +1 -0
  1377. package/dist/security/incident/playbooks/data-breach.js +394 -0
  1378. package/dist/security/incident/playbooks/data-breach.js.map +1 -0
  1379. package/dist/security/incident/playbooks/denial-of-service.d.ts +13 -0
  1380. package/dist/security/incident/playbooks/denial-of-service.d.ts.map +1 -0
  1381. package/dist/security/incident/playbooks/denial-of-service.js +540 -0
  1382. package/dist/security/incident/playbooks/denial-of-service.js.map +1 -0
  1383. package/dist/security/incident/playbooks/index.d.ts +36 -0
  1384. package/dist/security/incident/playbooks/index.d.ts.map +1 -0
  1385. package/dist/security/incident/playbooks/index.js +56 -0
  1386. package/dist/security/incident/playbooks/index.js.map +1 -0
  1387. package/dist/security/incident/playbooks/insider-threat.d.ts +18 -0
  1388. package/dist/security/incident/playbooks/insider-threat.d.ts.map +1 -0
  1389. package/dist/security/incident/playbooks/insider-threat.js +600 -0
  1390. package/dist/security/incident/playbooks/insider-threat.js.map +1 -0
  1391. package/dist/security/incident/playbooks/malware.d.ts +13 -0
  1392. package/dist/security/incident/playbooks/malware.d.ts.map +1 -0
  1393. package/dist/security/incident/playbooks/malware.js +515 -0
  1394. package/dist/security/incident/playbooks/malware.js.map +1 -0
  1395. package/dist/security/incident/playbooks/ransomware.d.ts +14 -0
  1396. package/dist/security/incident/playbooks/ransomware.d.ts.map +1 -0
  1397. package/dist/security/incident/playbooks/ransomware.js +693 -0
  1398. package/dist/security/incident/playbooks/ransomware.js.map +1 -0
  1399. package/dist/security/incident/playbooks/unauthorized-access.d.ts +13 -0
  1400. package/dist/security/incident/playbooks/unauthorized-access.d.ts.map +1 -0
  1401. package/dist/security/incident/playbooks/unauthorized-access.js +412 -0
  1402. package/dist/security/incident/playbooks/unauthorized-access.js.map +1 -0
  1403. package/dist/security/incident/triggers.d.ts +120 -0
  1404. package/dist/security/incident/triggers.d.ts.map +1 -0
  1405. package/dist/security/incident/triggers.js +708 -0
  1406. package/dist/security/incident/triggers.js.map +1 -0
  1407. package/dist/security/incident/types.d.ts +1517 -0
  1408. package/dist/security/incident/types.d.ts.map +1 -0
  1409. package/dist/security/incident/types.js +222 -0
  1410. package/dist/security/incident/types.js.map +1 -0
  1411. package/dist/security/index.d.ts +59 -0
  1412. package/dist/security/index.d.ts.map +1 -0
  1413. package/dist/security/index.js +295 -0
  1414. package/dist/security/index.js.map +1 -0
  1415. package/dist/security/injection-detector.d.ts +510 -0
  1416. package/dist/security/injection-detector.d.ts.map +1 -0
  1417. package/dist/security/injection-detector.js +1325 -0
  1418. package/dist/security/injection-detector.js.map +1 -0
  1419. package/dist/security/introspection.d.ts +137 -0
  1420. package/dist/security/introspection.d.ts.map +1 -0
  1421. package/dist/security/introspection.js +451 -0
  1422. package/dist/security/introspection.js.map +1 -0
  1423. package/dist/security/key-rotation.d.ts +213 -0
  1424. package/dist/security/key-rotation.d.ts.map +1 -0
  1425. package/dist/security/key-rotation.js +530 -0
  1426. package/dist/security/key-rotation.js.map +1 -0
  1427. package/dist/security/kms/aws-kms.d.ts +152 -0
  1428. package/dist/security/kms/aws-kms.d.ts.map +1 -0
  1429. package/dist/security/kms/aws-kms.js +808 -0
  1430. package/dist/security/kms/aws-kms.js.map +1 -0
  1431. package/dist/security/kms/index.d.ts +165 -0
  1432. package/dist/security/kms/index.d.ts.map +1 -0
  1433. package/dist/security/kms/index.js +351 -0
  1434. package/dist/security/kms/index.js.map +1 -0
  1435. package/dist/security/kms/local.d.ts +127 -0
  1436. package/dist/security/kms/local.d.ts.map +1 -0
  1437. package/dist/security/kms/local.js +682 -0
  1438. package/dist/security/kms/local.js.map +1 -0
  1439. package/dist/security/kms/types.d.ts +1000 -0
  1440. package/dist/security/kms/types.d.ts.map +1 -0
  1441. package/dist/security/kms/types.js +167 -0
  1442. package/dist/security/kms/types.js.map +1 -0
  1443. package/dist/security/kms/vault.d.ts +165 -0
  1444. package/dist/security/kms/vault.d.ts.map +1 -0
  1445. package/dist/security/kms/vault.js +820 -0
  1446. package/dist/security/kms/vault.js.map +1 -0
  1447. package/dist/security/mfa/index.d.ts +17 -0
  1448. package/dist/security/mfa/index.d.ts.map +1 -0
  1449. package/dist/security/mfa/index.js +37 -0
  1450. package/dist/security/mfa/index.js.map +1 -0
  1451. package/dist/security/mfa/mfa-middleware.d.ts +74 -0
  1452. package/dist/security/mfa/mfa-middleware.d.ts.map +1 -0
  1453. package/dist/security/mfa/mfa-middleware.js +244 -0
  1454. package/dist/security/mfa/mfa-middleware.js.map +1 -0
  1455. package/dist/security/mfa/mfa-service.d.ts +115 -0
  1456. package/dist/security/mfa/mfa-service.d.ts.map +1 -0
  1457. package/dist/security/mfa/mfa-service.js +509 -0
  1458. package/dist/security/mfa/mfa-service.js.map +1 -0
  1459. package/dist/security/mfa/mfa-store.d.ts +615 -0
  1460. package/dist/security/mfa/mfa-store.d.ts.map +1 -0
  1461. package/dist/security/mfa/mfa-store.js +431 -0
  1462. package/dist/security/mfa/mfa-store.js.map +1 -0
  1463. package/dist/security/mfa/types.d.ts +417 -0
  1464. package/dist/security/mfa/types.d.ts.map +1 -0
  1465. package/dist/security/mfa/types.js +123 -0
  1466. package/dist/security/mfa/types.js.map +1 -0
  1467. package/dist/security/middleware.d.ts +179 -0
  1468. package/dist/security/middleware.d.ts.map +1 -0
  1469. package/dist/security/middleware.js +534 -0
  1470. package/dist/security/middleware.js.map +1 -0
  1471. package/dist/security/pairwise-did.d.ts +157 -0
  1472. package/dist/security/pairwise-did.d.ts.map +1 -0
  1473. package/dist/security/pairwise-did.js +450 -0
  1474. package/dist/security/pairwise-did.js.map +1 -0
  1475. package/dist/security/pam/break-glass.d.ts +776 -0
  1476. package/dist/security/pam/break-glass.d.ts.map +1 -0
  1477. package/dist/security/pam/break-glass.js +1137 -0
  1478. package/dist/security/pam/break-glass.js.map +1 -0
  1479. package/dist/security/pam/index.d.ts +120 -0
  1480. package/dist/security/pam/index.d.ts.map +1 -0
  1481. package/dist/security/pam/index.js +179 -0
  1482. package/dist/security/pam/index.js.map +1 -0
  1483. package/dist/security/pam/jit-access.d.ts +482 -0
  1484. package/dist/security/pam/jit-access.d.ts.map +1 -0
  1485. package/dist/security/pam/jit-access.js +1030 -0
  1486. package/dist/security/pam/jit-access.js.map +1 -0
  1487. package/dist/security/pam/session-recording.d.ts +1007 -0
  1488. package/dist/security/pam/session-recording.d.ts.map +1 -0
  1489. package/dist/security/pam/session-recording.js +1047 -0
  1490. package/dist/security/pam/session-recording.js.map +1 -0
  1491. package/dist/security/password-hashing.d.ts +199 -0
  1492. package/dist/security/password-hashing.d.ts.map +1 -0
  1493. package/dist/security/password-hashing.js +366 -0
  1494. package/dist/security/password-hashing.js.map +1 -0
  1495. package/dist/security/password-policy.d.ts +304 -0
  1496. package/dist/security/password-policy.d.ts.map +1 -0
  1497. package/dist/security/password-policy.js +730 -0
  1498. package/dist/security/password-policy.js.map +1 -0
  1499. package/dist/security/pkce.d.ts +269 -0
  1500. package/dist/security/pkce.d.ts.map +1 -0
  1501. package/dist/security/pkce.js +408 -0
  1502. package/dist/security/pkce.js.map +1 -0
  1503. package/dist/security/policy-engine/built-in-policies.d.ts +90 -0
  1504. package/dist/security/policy-engine/built-in-policies.d.ts.map +1 -0
  1505. package/dist/security/policy-engine/built-in-policies.js +627 -0
  1506. package/dist/security/policy-engine/built-in-policies.js.map +1 -0
  1507. package/dist/security/policy-engine/condition-evaluator.d.ts +129 -0
  1508. package/dist/security/policy-engine/condition-evaluator.d.ts.map +1 -0
  1509. package/dist/security/policy-engine/condition-evaluator.js +647 -0
  1510. package/dist/security/policy-engine/condition-evaluator.js.map +1 -0
  1511. package/dist/security/policy-engine/engine.d.ts +200 -0
  1512. package/dist/security/policy-engine/engine.d.ts.map +1 -0
  1513. package/dist/security/policy-engine/engine.js +752 -0
  1514. package/dist/security/policy-engine/engine.js.map +1 -0
  1515. package/dist/security/policy-engine/index.d.ts +58 -0
  1516. package/dist/security/policy-engine/index.d.ts.map +1 -0
  1517. package/dist/security/policy-engine/index.js +80 -0
  1518. package/dist/security/policy-engine/index.js.map +1 -0
  1519. package/dist/security/policy-engine/middleware.d.ts +77 -0
  1520. package/dist/security/policy-engine/middleware.d.ts.map +1 -0
  1521. package/dist/security/policy-engine/middleware.js +375 -0
  1522. package/dist/security/policy-engine/middleware.js.map +1 -0
  1523. package/dist/security/policy-engine/rule-evaluator.d.ts +140 -0
  1524. package/dist/security/policy-engine/rule-evaluator.d.ts.map +1 -0
  1525. package/dist/security/policy-engine/rule-evaluator.js +593 -0
  1526. package/dist/security/policy-engine/rule-evaluator.js.map +1 -0
  1527. package/dist/security/policy-engine/types.d.ts +2855 -0
  1528. package/dist/security/policy-engine/types.d.ts.map +1 -0
  1529. package/dist/security/policy-engine/types.js +443 -0
  1530. package/dist/security/policy-engine/types.js.map +1 -0
  1531. package/dist/security/rbac/index.d.ts +317 -0
  1532. package/dist/security/rbac/index.d.ts.map +1 -0
  1533. package/dist/security/rbac/index.js +618 -0
  1534. package/dist/security/rbac/index.js.map +1 -0
  1535. package/dist/security/rbac/permissions.d.ts +305 -0
  1536. package/dist/security/rbac/permissions.d.ts.map +1 -0
  1537. package/dist/security/rbac/permissions.js +947 -0
  1538. package/dist/security/rbac/permissions.js.map +1 -0
  1539. package/dist/security/rbac/policy-engine.d.ts +542 -0
  1540. package/dist/security/rbac/policy-engine.d.ts.map +1 -0
  1541. package/dist/security/rbac/policy-engine.js +1244 -0
  1542. package/dist/security/rbac/policy-engine.js.map +1 -0
  1543. package/dist/security/rbac/roles.d.ts +478 -0
  1544. package/dist/security/rbac/roles.d.ts.map +1 -0
  1545. package/dist/security/rbac/roles.js +363 -0
  1546. package/dist/security/rbac/roles.js.map +1 -0
  1547. package/dist/security/refresh-token.d.ts +305 -0
  1548. package/dist/security/refresh-token.d.ts.map +1 -0
  1549. package/dist/security/refresh-token.js +674 -0
  1550. package/dist/security/refresh-token.js.map +1 -0
  1551. package/dist/security/request-integrity.d.ts +289 -0
  1552. package/dist/security/request-integrity.d.ts.map +1 -0
  1553. package/dist/security/request-integrity.js +663 -0
  1554. package/dist/security/request-integrity.js.map +1 -0
  1555. package/dist/security/revocation-check.d.ts +188 -0
  1556. package/dist/security/revocation-check.d.ts.map +1 -0
  1557. package/dist/security/revocation-check.js +606 -0
  1558. package/dist/security/revocation-check.js.map +1 -0
  1559. package/dist/security/revocation.d.ts +191 -0
  1560. package/dist/security/revocation.d.ts.map +1 -0
  1561. package/dist/security/revocation.js +522 -0
  1562. package/dist/security/revocation.js.map +1 -0
  1563. package/dist/security/secrets-rotation.d.ts +501 -0
  1564. package/dist/security/secrets-rotation.d.ts.map +1 -0
  1565. package/dist/security/secrets-rotation.js +934 -0
  1566. package/dist/security/secrets-rotation.js.map +1 -0
  1567. package/dist/security/secure-memory.d.ts +325 -0
  1568. package/dist/security/secure-memory.d.ts.map +1 -0
  1569. package/dist/security/secure-memory.js +595 -0
  1570. package/dist/security/secure-memory.js.map +1 -0
  1571. package/dist/security/security-service.d.ts +186 -0
  1572. package/dist/security/security-service.d.ts.map +1 -0
  1573. package/dist/security/security-service.js +531 -0
  1574. package/dist/security/security-service.js.map +1 -0
  1575. package/dist/security/service-auth/index.d.ts +20 -0
  1576. package/dist/security/service-auth/index.d.ts.map +1 -0
  1577. package/dist/security/service-auth/index.js +61 -0
  1578. package/dist/security/service-auth/index.js.map +1 -0
  1579. package/dist/security/service-auth/service-account.d.ts +357 -0
  1580. package/dist/security/service-auth/service-account.d.ts.map +1 -0
  1581. package/dist/security/service-auth/service-account.js +475 -0
  1582. package/dist/security/service-auth/service-account.js.map +1 -0
  1583. package/dist/security/service-auth/service-auth-middleware.d.ts +174 -0
  1584. package/dist/security/service-auth/service-auth-middleware.d.ts.map +1 -0
  1585. package/dist/security/service-auth/service-auth-middleware.js +461 -0
  1586. package/dist/security/service-auth/service-auth-middleware.js.map +1 -0
  1587. package/dist/security/service-auth/service-token.d.ts +391 -0
  1588. package/dist/security/service-auth/service-token.d.ts.map +1 -0
  1589. package/dist/security/service-auth/service-token.js +472 -0
  1590. package/dist/security/service-auth/service-token.js.map +1 -0
  1591. package/dist/security/session-manager.d.ts +177 -0
  1592. package/dist/security/session-manager.d.ts.map +1 -0
  1593. package/dist/security/session-manager.js +353 -0
  1594. package/dist/security/session-manager.js.map +1 -0
  1595. package/dist/security/session-store.d.ts +205 -0
  1596. package/dist/security/session-store.d.ts.map +1 -0
  1597. package/dist/security/session-store.js +581 -0
  1598. package/dist/security/session-store.js.map +1 -0
  1599. package/dist/security/siem/connector.d.ts +147 -0
  1600. package/dist/security/siem/connector.d.ts.map +1 -0
  1601. package/dist/security/siem/connector.js +254 -0
  1602. package/dist/security/siem/connector.js.map +1 -0
  1603. package/dist/security/siem/datadog.d.ts +81 -0
  1604. package/dist/security/siem/datadog.d.ts.map +1 -0
  1605. package/dist/security/siem/datadog.js +362 -0
  1606. package/dist/security/siem/datadog.js.map +1 -0
  1607. package/dist/security/siem/elastic.d.ts +83 -0
  1608. package/dist/security/siem/elastic.d.ts.map +1 -0
  1609. package/dist/security/siem/elastic.js +514 -0
  1610. package/dist/security/siem/elastic.js.map +1 -0
  1611. package/dist/security/siem/enrichment.d.ts +133 -0
  1612. package/dist/security/siem/enrichment.d.ts.map +1 -0
  1613. package/dist/security/siem/enrichment.js +434 -0
  1614. package/dist/security/siem/enrichment.js.map +1 -0
  1615. package/dist/security/siem/formatter.d.ts +118 -0
  1616. package/dist/security/siem/formatter.d.ts.map +1 -0
  1617. package/dist/security/siem/formatter.js +381 -0
  1618. package/dist/security/siem/formatter.js.map +1 -0
  1619. package/dist/security/siem/hooks.d.ts +107 -0
  1620. package/dist/security/siem/hooks.d.ts.map +1 -0
  1621. package/dist/security/siem/hooks.js +459 -0
  1622. package/dist/security/siem/hooks.js.map +1 -0
  1623. package/dist/security/siem/index.d.ts +83 -0
  1624. package/dist/security/siem/index.d.ts.map +1 -0
  1625. package/dist/security/siem/index.js +95 -0
  1626. package/dist/security/siem/index.js.map +1 -0
  1627. package/dist/security/siem/service.d.ts +153 -0
  1628. package/dist/security/siem/service.d.ts.map +1 -0
  1629. package/dist/security/siem/service.js +615 -0
  1630. package/dist/security/siem/service.js.map +1 -0
  1631. package/dist/security/siem/splunk.d.ts +76 -0
  1632. package/dist/security/siem/splunk.d.ts.map +1 -0
  1633. package/dist/security/siem/splunk.js +283 -0
  1634. package/dist/security/siem/splunk.js.map +1 -0
  1635. package/dist/security/siem/types.d.ts +1980 -0
  1636. package/dist/security/siem/types.d.ts.map +1 -0
  1637. package/dist/security/siem/types.js +268 -0
  1638. package/dist/security/siem/types.js.map +1 -0
  1639. package/dist/security/tee-production.d.ts +157 -0
  1640. package/dist/security/tee-production.d.ts.map +1 -0
  1641. package/dist/security/tee-production.js +792 -0
  1642. package/dist/security/tee-production.js.map +1 -0
  1643. package/dist/security/tee.d.ts +182 -0
  1644. package/dist/security/tee.d.ts.map +1 -0
  1645. package/dist/security/tee.js +1031 -0
  1646. package/dist/security/tee.js.map +1 -0
  1647. package/dist/security/threat-intel/bot-detection.d.ts +275 -0
  1648. package/dist/security/threat-intel/bot-detection.d.ts.map +1 -0
  1649. package/dist/security/threat-intel/bot-detection.js +890 -0
  1650. package/dist/security/threat-intel/bot-detection.js.map +1 -0
  1651. package/dist/security/threat-intel/credential-stuffing.d.ts +368 -0
  1652. package/dist/security/threat-intel/credential-stuffing.d.ts.map +1 -0
  1653. package/dist/security/threat-intel/credential-stuffing.js +957 -0
  1654. package/dist/security/threat-intel/credential-stuffing.js.map +1 -0
  1655. package/dist/security/threat-intel/index.d.ts +10 -0
  1656. package/dist/security/threat-intel/index.d.ts.map +1 -0
  1657. package/dist/security/threat-intel/index.js +18 -0
  1658. package/dist/security/threat-intel/index.js.map +1 -0
  1659. package/dist/security/threat-intel/ip-reputation.d.ts +323 -0
  1660. package/dist/security/threat-intel/ip-reputation.d.ts.map +1 -0
  1661. package/dist/security/threat-intel/ip-reputation.js +923 -0
  1662. package/dist/security/threat-intel/ip-reputation.js.map +1 -0
  1663. package/dist/security/token-lifecycle.d.ts +272 -0
  1664. package/dist/security/token-lifecycle.d.ts.map +1 -0
  1665. package/dist/security/token-lifecycle.js +732 -0
  1666. package/dist/security/token-lifecycle.js.map +1 -0
  1667. package/dist/security/token-lifetime.d.ts +206 -0
  1668. package/dist/security/token-lifetime.d.ts.map +1 -0
  1669. package/dist/security/token-lifetime.js +388 -0
  1670. package/dist/security/token-lifetime.js.map +1 -0
  1671. package/dist/security/trust-oracle/alerts.d.ts +202 -0
  1672. package/dist/security/trust-oracle/alerts.d.ts.map +1 -0
  1673. package/dist/security/trust-oracle/alerts.js +763 -0
  1674. package/dist/security/trust-oracle/alerts.js.map +1 -0
  1675. package/dist/security/trust-oracle/api.d.ts +116 -0
  1676. package/dist/security/trust-oracle/api.d.ts.map +1 -0
  1677. package/dist/security/trust-oracle/api.js +721 -0
  1678. package/dist/security/trust-oracle/api.js.map +1 -0
  1679. package/dist/security/trust-oracle/continuous-monitoring.d.ts +105 -0
  1680. package/dist/security/trust-oracle/continuous-monitoring.d.ts.map +1 -0
  1681. package/dist/security/trust-oracle/continuous-monitoring.js +696 -0
  1682. package/dist/security/trust-oracle/continuous-monitoring.js.map +1 -0
  1683. package/dist/security/trust-oracle/data-sources.d.ts +126 -0
  1684. package/dist/security/trust-oracle/data-sources.d.ts.map +1 -0
  1685. package/dist/security/trust-oracle/data-sources.js +867 -0
  1686. package/dist/security/trust-oracle/data-sources.js.map +1 -0
  1687. package/dist/security/trust-oracle/index.d.ts +79 -0
  1688. package/dist/security/trust-oracle/index.d.ts.map +1 -0
  1689. package/dist/security/trust-oracle/index.js +206 -0
  1690. package/dist/security/trust-oracle/index.js.map +1 -0
  1691. package/dist/security/trust-oracle/oracle.d.ts +125 -0
  1692. package/dist/security/trust-oracle/oracle.d.ts.map +1 -0
  1693. package/dist/security/trust-oracle/oracle.js +489 -0
  1694. package/dist/security/trust-oracle/oracle.js.map +1 -0
  1695. package/dist/security/trust-oracle/reporting.d.ts +145 -0
  1696. package/dist/security/trust-oracle/reporting.d.ts.map +1 -0
  1697. package/dist/security/trust-oracle/reporting.js +1098 -0
  1698. package/dist/security/trust-oracle/reporting.js.map +1 -0
  1699. package/dist/security/trust-oracle/risk-scorer.d.ts +207 -0
  1700. package/dist/security/trust-oracle/risk-scorer.d.ts.map +1 -0
  1701. package/dist/security/trust-oracle/risk-scorer.js +1033 -0
  1702. package/dist/security/trust-oracle/risk-scorer.js.map +1 -0
  1703. package/dist/security/trust-oracle/types.d.ts +444 -0
  1704. package/dist/security/trust-oracle/types.d.ts.map +1 -0
  1705. package/dist/security/trust-oracle/types.js +6 -0
  1706. package/dist/security/trust-oracle/types.js.map +1 -0
  1707. package/dist/security/trust-oracle/vendor-registry.d.ts +228 -0
  1708. package/dist/security/trust-oracle/vendor-registry.d.ts.map +1 -0
  1709. package/dist/security/trust-oracle/vendor-registry.js +727 -0
  1710. package/dist/security/trust-oracle/vendor-registry.js.map +1 -0
  1711. package/dist/security/types.d.ts +1777 -0
  1712. package/dist/security/types.d.ts.map +1 -0
  1713. package/dist/security/types.js +388 -0
  1714. package/dist/security/types.js.map +1 -0
  1715. package/dist/security/webauthn/index.d.ts +47 -0
  1716. package/dist/security/webauthn/index.d.ts.map +1 -0
  1717. package/dist/security/webauthn/index.js +48 -0
  1718. package/dist/security/webauthn/index.js.map +1 -0
  1719. package/dist/security/webauthn/middleware.d.ts +109 -0
  1720. package/dist/security/webauthn/middleware.d.ts.map +1 -0
  1721. package/dist/security/webauthn/middleware.js +629 -0
  1722. package/dist/security/webauthn/middleware.js.map +1 -0
  1723. package/dist/security/webauthn/service.d.ts +179 -0
  1724. package/dist/security/webauthn/service.d.ts.map +1 -0
  1725. package/dist/security/webauthn/service.js +758 -0
  1726. package/dist/security/webauthn/service.js.map +1 -0
  1727. package/dist/security/webauthn/store.d.ts +240 -0
  1728. package/dist/security/webauthn/store.d.ts.map +1 -0
  1729. package/dist/security/webauthn/store.js +505 -0
  1730. package/dist/security/webauthn/store.js.map +1 -0
  1731. package/dist/security/webauthn/types.d.ts +678 -0
  1732. package/dist/security/webauthn/types.d.ts.map +1 -0
  1733. package/dist/security/webauthn/types.js +176 -0
  1734. package/dist/security/webauthn/types.js.map +1 -0
  1735. package/dist/security/zkp/circuits.d.ts +296 -0
  1736. package/dist/security/zkp/circuits.d.ts.map +1 -0
  1737. package/dist/security/zkp/circuits.js +771 -0
  1738. package/dist/security/zkp/circuits.js.map +1 -0
  1739. package/dist/security/zkp/commitment.d.ts +319 -0
  1740. package/dist/security/zkp/commitment.d.ts.map +1 -0
  1741. package/dist/security/zkp/commitment.js +591 -0
  1742. package/dist/security/zkp/commitment.js.map +1 -0
  1743. package/dist/security/zkp/compliance.d.ts +251 -0
  1744. package/dist/security/zkp/compliance.d.ts.map +1 -0
  1745. package/dist/security/zkp/compliance.js +734 -0
  1746. package/dist/security/zkp/compliance.js.map +1 -0
  1747. package/dist/security/zkp/index.d.ts +184 -0
  1748. package/dist/security/zkp/index.d.ts.map +1 -0
  1749. package/dist/security/zkp/index.js +285 -0
  1750. package/dist/security/zkp/index.js.map +1 -0
  1751. package/dist/security/zkp/integration.d.ts +289 -0
  1752. package/dist/security/zkp/integration.d.ts.map +1 -0
  1753. package/dist/security/zkp/integration.js +571 -0
  1754. package/dist/security/zkp/integration.js.map +1 -0
  1755. package/dist/security/zkp/prover.d.ts +158 -0
  1756. package/dist/security/zkp/prover.d.ts.map +1 -0
  1757. package/dist/security/zkp/prover.js +465 -0
  1758. package/dist/security/zkp/prover.js.map +1 -0
  1759. package/dist/security/zkp/snark-utils.d.ts +321 -0
  1760. package/dist/security/zkp/snark-utils.d.ts.map +1 -0
  1761. package/dist/security/zkp/snark-utils.js +640 -0
  1762. package/dist/security/zkp/snark-utils.js.map +1 -0
  1763. package/dist/security/zkp/types.d.ts +1192 -0
  1764. package/dist/security/zkp/types.d.ts.map +1 -0
  1765. package/dist/security/zkp/types.js +264 -0
  1766. package/dist/security/zkp/types.js.map +1 -0
  1767. package/dist/security/zkp/verifier.d.ts +111 -0
  1768. package/dist/security/zkp/verifier.d.ts.map +1 -0
  1769. package/dist/security/zkp/verifier.js +554 -0
  1770. package/dist/security/zkp/verifier.js.map +1 -0
  1771. package/dist/semantic-governance/context-validator.d.ts +158 -0
  1772. package/dist/semantic-governance/context-validator.d.ts.map +1 -0
  1773. package/dist/semantic-governance/context-validator.js +598 -0
  1774. package/dist/semantic-governance/context-validator.js.map +1 -0
  1775. package/dist/semantic-governance/credential-manager.d.ts +156 -0
  1776. package/dist/semantic-governance/credential-manager.d.ts.map +1 -0
  1777. package/dist/semantic-governance/credential-manager.js +438 -0
  1778. package/dist/semantic-governance/credential-manager.js.map +1 -0
  1779. package/dist/semantic-governance/dual-channel.d.ts +138 -0
  1780. package/dist/semantic-governance/dual-channel.d.ts.map +1 -0
  1781. package/dist/semantic-governance/dual-channel.js +333 -0
  1782. package/dist/semantic-governance/dual-channel.js.map +1 -0
  1783. package/dist/semantic-governance/index.d.ts +107 -0
  1784. package/dist/semantic-governance/index.d.ts.map +1 -0
  1785. package/dist/semantic-governance/index.js +141 -0
  1786. package/dist/semantic-governance/index.js.map +1 -0
  1787. package/dist/semantic-governance/inference-validator.d.ts +114 -0
  1788. package/dist/semantic-governance/inference-validator.d.ts.map +1 -0
  1789. package/dist/semantic-governance/inference-validator.js +390 -0
  1790. package/dist/semantic-governance/inference-validator.js.map +1 -0
  1791. package/dist/semantic-governance/instruction-validator.d.ts +146 -0
  1792. package/dist/semantic-governance/instruction-validator.d.ts.map +1 -0
  1793. package/dist/semantic-governance/instruction-validator.js +363 -0
  1794. package/dist/semantic-governance/instruction-validator.js.map +1 -0
  1795. package/dist/semantic-governance/integration.d.ts +253 -0
  1796. package/dist/semantic-governance/integration.d.ts.map +1 -0
  1797. package/dist/semantic-governance/integration.js +658 -0
  1798. package/dist/semantic-governance/integration.js.map +1 -0
  1799. package/dist/semantic-governance/output-validator.d.ts +135 -0
  1800. package/dist/semantic-governance/output-validator.d.ts.map +1 -0
  1801. package/dist/semantic-governance/output-validator.js +448 -0
  1802. package/dist/semantic-governance/output-validator.js.map +1 -0
  1803. package/dist/semantic-governance/service.d.ts +120 -0
  1804. package/dist/semantic-governance/service.d.ts.map +1 -0
  1805. package/dist/semantic-governance/service.js +527 -0
  1806. package/dist/semantic-governance/service.js.map +1 -0
  1807. package/dist/semantic-governance/types.d.ts +3925 -0
  1808. package/dist/semantic-governance/types.d.ts.map +1 -0
  1809. package/dist/semantic-governance/types.js +471 -0
  1810. package/dist/semantic-governance/types.js.map +1 -0
  1811. package/dist/trust-engine/car-integration.d.ts +263 -0
  1812. package/dist/trust-engine/car-integration.d.ts.map +1 -0
  1813. package/dist/trust-engine/car-integration.js +320 -0
  1814. package/dist/trust-engine/car-integration.js.map +1 -0
  1815. package/dist/trust-engine/context.d.ts +198 -0
  1816. package/dist/trust-engine/context.d.ts.map +1 -0
  1817. package/dist/trust-engine/context.js +308 -0
  1818. package/dist/trust-engine/context.js.map +1 -0
  1819. package/dist/trust-engine/diminishing-returns.d.ts +123 -0
  1820. package/dist/trust-engine/diminishing-returns.d.ts.map +1 -0
  1821. package/dist/trust-engine/diminishing-returns.js +197 -0
  1822. package/dist/trust-engine/diminishing-returns.js.map +1 -0
  1823. package/dist/trust-engine/index.d.ts +433 -0
  1824. package/dist/trust-engine/index.d.ts.map +1 -0
  1825. package/dist/trust-engine/index.js +1241 -0
  1826. package/dist/trust-engine/index.js.map +1 -0
  1827. package/dist/trust-engine/observability.d.ts +175 -0
  1828. package/dist/trust-engine/observability.d.ts.map +1 -0
  1829. package/dist/trust-engine/observability.js +246 -0
  1830. package/dist/trust-engine/observability.js.map +1 -0
  1831. package/dist/trust-engine/signal-diversity.d.ts +130 -0
  1832. package/dist/trust-engine/signal-diversity.d.ts.map +1 -0
  1833. package/dist/trust-engine/signal-diversity.js +238 -0
  1834. package/dist/trust-engine/signal-diversity.js.map +1 -0
  1835. package/dist/versioning/deprecation.d.ts +65 -0
  1836. package/dist/versioning/deprecation.d.ts.map +1 -0
  1837. package/dist/versioning/deprecation.js +199 -0
  1838. package/dist/versioning/deprecation.js.map +1 -0
  1839. package/dist/versioning/index.d.ts +46 -0
  1840. package/dist/versioning/index.d.ts.map +1 -0
  1841. package/dist/versioning/index.js +76 -0
  1842. package/dist/versioning/index.js.map +1 -0
  1843. package/dist/versioning/semver.d.ts +116 -0
  1844. package/dist/versioning/semver.d.ts.map +1 -0
  1845. package/dist/versioning/semver.js +321 -0
  1846. package/dist/versioning/semver.js.map +1 -0
  1847. package/package.json +161 -0
package/dist/auth/piv-cac/types.d.ts ADDED
@@ -0,0 +1,4098 @@
1
+ /**
2
+ * PIV/CAC Smart Card Authentication Types
3
+ *
4
+ * Type definitions for Personal Identity Verification (PIV) and
5
+ * Common Access Card (CAC) smart card authentication.
6
+ *
7
+ * Supports:
8
+ * - X.509 certificate authentication
9
+ * - OCSP/CRL certificate validation
10
+ * - Certificate-to-user mapping (UPN/SAN)
11
+ * - Card removal session termination
12
+ * - DoD PKI compatibility
13
+ *
14
+ * @packageDocumentation
15
+ */
16
+ import { z } from 'zod';
17
+ /**
18
+ * Certificate validation status
19
+ */
20
+ export declare enum CertificateValidationStatus {
21
+ /** Certificate is valid */
22
+ VALID = "valid",
23
+ /** Certificate has been revoked */
24
+ REVOKED = "revoked",
25
+ /** Certificate has expired */
26
+ EXPIRED = "expired",
27
+ /** Certificate is not yet valid */
28
+ NOT_YET_VALID = "not_yet_valid",
29
+ /** Certificate chain is incomplete or invalid */
30
+ CHAIN_INVALID = "chain_invalid",
31
+ /** Certificate signature verification failed */
32
+ SIGNATURE_INVALID = "signature_invalid",
33
+ /** Unable to verify certificate status */
34
+ UNKNOWN = "unknown"
35
+ }
36
+ export declare const certificateValidationStatusSchema: z.ZodNativeEnum<typeof CertificateValidationStatus>;
37
+ /**
38
+ * Certificate revocation check method
39
+ */
40
+ export declare enum RevocationCheckMethod {
41
+ /** Online Certificate Status Protocol */
42
+ OCSP = "ocsp",
43
+ /** Certificate Revocation List */
44
+ CRL = "crl",
45
+ /** Both OCSP and CRL */
46
+ BOTH = "both",
47
+ /** OCSP with CRL fallback */
48
+ OCSP_WITH_CRL_FALLBACK = "ocsp_with_crl_fallback",
49
+ /** No revocation checking (not recommended) */
50
+ NONE = "none"
51
+ }
52
+ export declare const revocationCheckMethodSchema: z.ZodNativeEnum<typeof RevocationCheckMethod>;
53
+ /**
54
+ * PIV key usage types
55
+ */
56
+ export declare enum PIVKeyUsage {
57
+ /** PIV Authentication key */
58
+ PIV_AUTHENTICATION = "piv_authentication",
59
+ /** Card Authentication key */
60
+ CARD_AUTHENTICATION = "card_authentication",
61
+ /** Digital Signature key */
62
+ DIGITAL_SIGNATURE = "digital_signature",
63
+ /** Key Management key */
64
+ KEY_MANAGEMENT = "key_management"
65
+ }
66
+ export declare const pivKeyUsageSchema: z.ZodNativeEnum<typeof PIVKeyUsage>;
67
+ /**
68
+ * Certificate mapping strategy
69
+ */
70
+ export declare enum CertificateMappingStrategy {
71
+ /** Map using Subject Alternative Name (SAN) */
72
+ SAN = "san",
73
+ /** Map using User Principal Name (UPN) from SAN */
74
+ UPN = "upn",
75
+ /** Map using email address from SAN or Subject */
76
+ EMAIL = "email",
77
+ /** Map using Subject Distinguished Name */
78
+ SUBJECT_DN = "subject_dn",
79
+ /** Map using certificate serial number + issuer */
80
+ SERIAL_ISSUER = "serial_issuer",
81
+ /** Custom mapping function */
82
+ CUSTOM = "custom"
83
+ }
84
+ export declare const certificateMappingStrategySchema: z.ZodNativeEnum<typeof CertificateMappingStrategy>;
85
+ /**
86
+ * Card event types
87
+ */
88
+ export declare enum CardEventType {
89
+ /** Card inserted into reader */
90
+ CARD_INSERTED = "card_inserted",
91
+ /** Card removed from reader */
92
+ CARD_REMOVED = "card_removed",
93
+ /** Card reader connected */
94
+ READER_CONNECTED = "reader_connected",
95
+ /** Card reader disconnected */
96
+ READER_DISCONNECTED = "reader_disconnected",
97
+ /** PIN entry required */
98
+ PIN_REQUIRED = "pin_required",
99
+ /** PIN verified successfully */
100
+ PIN_VERIFIED = "pin_verified",
101
+ /** PIN verification failed */
102
+ PIN_FAILED = "pin_failed",
103
+ /** Card locked due to failed PIN attempts */
104
+ CARD_LOCKED = "card_locked"
105
+ }
106
+ export declare const cardEventTypeSchema: z.ZodNativeEnum<typeof CardEventType>;
107
+ /**
108
+ * X.509 certificate extension
109
+ */
110
+ export interface X509Extension {
111
+ /** OID of the extension */
112
+ oid: string;
113
+ /** Whether the extension is critical */
114
+ critical: boolean;
115
+ /** Extension value (base64 encoded) */
116
+ value: string;
117
+ /** Parsed extension data if available */
118
+ parsed?: Record<string, unknown>;
119
+ }
120
+ export declare const x509ExtensionSchema: z.ZodObject<{
121
+ oid: z.ZodString;
122
+ critical: z.ZodBoolean;
123
+ value: z.ZodString;
124
+ parsed: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
125
+ }, "strip", z.ZodTypeAny, {
126
+ value?: string;
127
+ critical?: boolean;
128
+ parsed?: Record<string, unknown>;
129
+ oid?: string;
130
+ }, {
131
+ value?: string;
132
+ critical?: boolean;
133
+ parsed?: Record<string, unknown>;
134
+ oid?: string;
135
+ }>;
136
+ /**
137
+ * Subject Alternative Name entry
138
+ */
139
+ export interface SubjectAltName {
140
+ /** Type of SAN entry */
141
+ type: 'email' | 'dns' | 'uri' | 'ip' | 'upn' | 'other';
142
+ /** Value of the SAN entry */
143
+ value: string;
144
+ /** OID for 'other' type */
145
+ oid?: string;
146
+ }
147
+ export declare const subjectAltNameSchema: z.ZodObject<{
148
+ type: z.ZodEnum<["email", "dns", "uri", "ip", "upn", "other"]>;
149
+ value: z.ZodString;
150
+ oid: z.ZodOptional<z.ZodString>;
151
+ }, "strip", z.ZodTypeAny, {
152
+ value?: string;
153
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
154
+ oid?: string;
155
+ }, {
156
+ value?: string;
157
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
158
+ oid?: string;
159
+ }>;
160
+ /**
161
+ * Distinguished Name components
162
+ */
163
+ export interface DistinguishedName {
164
+ /** Common Name */
165
+ CN?: string;
166
+ /** Organization */
167
+ O?: string;
168
+ /** Organizational Unit */
169
+ OU?: string;
170
+ /** Country */
171
+ C?: string;
172
+ /** State or Province */
173
+ ST?: string;
174
+ /** Locality */
175
+ L?: string;
176
+ /** Email Address */
177
+ E?: string;
178
+ /** Serial Number */
179
+ serialNumber?: string;
180
+ /** Full DN string */
181
+ full: string;
182
+ }
183
+ export declare const distinguishedNameSchema: z.ZodObject<{
184
+ CN: z.ZodOptional<z.ZodString>;
185
+ O: z.ZodOptional<z.ZodString>;
186
+ OU: z.ZodOptional<z.ZodString>;
187
+ C: z.ZodOptional<z.ZodString>;
188
+ ST: z.ZodOptional<z.ZodString>;
189
+ L: z.ZodOptional<z.ZodString>;
190
+ E: z.ZodOptional<z.ZodString>;
191
+ serialNumber: z.ZodOptional<z.ZodString>;
192
+ full: z.ZodString;
193
+ }, "strip", z.ZodTypeAny, {
194
+ full?: string;
195
+ C?: string;
196
+ E?: string;
197
+ L?: string;
198
+ O?: string;
199
+ CN?: string;
200
+ OU?: string;
201
+ ST?: string;
202
+ serialNumber?: string;
203
+ }, {
204
+ full?: string;
205
+ C?: string;
206
+ E?: string;
207
+ L?: string;
208
+ O?: string;
209
+ CN?: string;
210
+ OU?: string;
211
+ ST?: string;
212
+ serialNumber?: string;
213
+ }>;
214
+ /**
215
+ * Parsed X.509 certificate
216
+ */
217
+ export interface ParsedCertificate {
218
+ /** Certificate version (usually 3 for X.509v3) */
219
+ version: number;
220
+ /** Serial number (hex string) */
221
+ serialNumber: string;
222
+ /** Signature algorithm OID */
223
+ signatureAlgorithm: string;
224
+ /** Issuer distinguished name */
225
+ issuer: DistinguishedName;
226
+ /** Subject distinguished name */
227
+ subject: DistinguishedName;
228
+ /** Not valid before date */
229
+ notBefore: Date;
230
+ /** Not valid after date */
231
+ notAfter: Date;
232
+ /** Public key algorithm */
233
+ publicKeyAlgorithm: string;
234
+ /** Public key (PEM encoded) */
235
+ publicKey: string;
236
+ /** Subject Alternative Names */
237
+ subjectAltNames: SubjectAltName[];
238
+ /** Key Usage extension */
239
+ keyUsage?: string[];
240
+ /** Extended Key Usage extension */
241
+ extendedKeyUsage?: string[];
242
+ /** Certificate extensions */
243
+ extensions: X509Extension[];
244
+ /** Authority Information Access URLs */
245
+ authorityInfoAccess?: {
246
+ ocsp?: string[];
247
+ caIssuers?: string[];
248
+ };
249
+ /** CRL Distribution Points */
250
+ crlDistributionPoints?: string[];
251
+ /** SHA-256 fingerprint of the certificate */
252
+ fingerprint: string;
253
+ /** SHA-256 fingerprint of the public key */
254
+ publicKeyFingerprint: string;
255
+ /** Original certificate in PEM format */
256
+ pem: string;
257
+ /** Original certificate in DER format (base64) */
258
+ der: string;
259
+ }
260
+ export declare const parsedCertificateSchema: z.ZodObject<{
261
+ version: z.ZodNumber;
262
+ serialNumber: z.ZodString;
263
+ signatureAlgorithm: z.ZodString;
264
+ issuer: z.ZodObject<{
265
+ CN: z.ZodOptional<z.ZodString>;
266
+ O: z.ZodOptional<z.ZodString>;
267
+ OU: z.ZodOptional<z.ZodString>;
268
+ C: z.ZodOptional<z.ZodString>;
269
+ ST: z.ZodOptional<z.ZodString>;
270
+ L: z.ZodOptional<z.ZodString>;
271
+ E: z.ZodOptional<z.ZodString>;
272
+ serialNumber: z.ZodOptional<z.ZodString>;
273
+ full: z.ZodString;
274
+ }, "strip", z.ZodTypeAny, {
275
+ full?: string;
276
+ C?: string;
277
+ E?: string;
278
+ L?: string;
279
+ O?: string;
280
+ CN?: string;
281
+ OU?: string;
282
+ ST?: string;
283
+ serialNumber?: string;
284
+ }, {
285
+ full?: string;
286
+ C?: string;
287
+ E?: string;
288
+ L?: string;
289
+ O?: string;
290
+ CN?: string;
291
+ OU?: string;
292
+ ST?: string;
293
+ serialNumber?: string;
294
+ }>;
295
+ subject: z.ZodObject<{
296
+ CN: z.ZodOptional<z.ZodString>;
297
+ O: z.ZodOptional<z.ZodString>;
298
+ OU: z.ZodOptional<z.ZodString>;
299
+ C: z.ZodOptional<z.ZodString>;
300
+ ST: z.ZodOptional<z.ZodString>;
301
+ L: z.ZodOptional<z.ZodString>;
302
+ E: z.ZodOptional<z.ZodString>;
303
+ serialNumber: z.ZodOptional<z.ZodString>;
304
+ full: z.ZodString;
305
+ }, "strip", z.ZodTypeAny, {
306
+ full?: string;
307
+ C?: string;
308
+ E?: string;
309
+ L?: string;
310
+ O?: string;
311
+ CN?: string;
312
+ OU?: string;
313
+ ST?: string;
314
+ serialNumber?: string;
315
+ }, {
316
+ full?: string;
317
+ C?: string;
318
+ E?: string;
319
+ L?: string;
320
+ O?: string;
321
+ CN?: string;
322
+ OU?: string;
323
+ ST?: string;
324
+ serialNumber?: string;
325
+ }>;
326
+ notBefore: z.ZodDate;
327
+ notAfter: z.ZodDate;
328
+ publicKeyAlgorithm: z.ZodString;
329
+ publicKey: z.ZodString;
330
+ subjectAltNames: z.ZodArray<z.ZodObject<{
331
+ type: z.ZodEnum<["email", "dns", "uri", "ip", "upn", "other"]>;
332
+ value: z.ZodString;
333
+ oid: z.ZodOptional<z.ZodString>;
334
+ }, "strip", z.ZodTypeAny, {
335
+ value?: string;
336
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
337
+ oid?: string;
338
+ }, {
339
+ value?: string;
340
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
341
+ oid?: string;
342
+ }>, "many">;
343
+ keyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
344
+ extendedKeyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
345
+ extensions: z.ZodArray<z.ZodObject<{
346
+ oid: z.ZodString;
347
+ critical: z.ZodBoolean;
348
+ value: z.ZodString;
349
+ parsed: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
350
+ }, "strip", z.ZodTypeAny, {
351
+ value?: string;
352
+ critical?: boolean;
353
+ parsed?: Record<string, unknown>;
354
+ oid?: string;
355
+ }, {
356
+ value?: string;
357
+ critical?: boolean;
358
+ parsed?: Record<string, unknown>;
359
+ oid?: string;
360
+ }>, "many">;
361
+ authorityInfoAccess: z.ZodOptional<z.ZodObject<{
362
+ ocsp: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
363
+ caIssuers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
364
+ }, "strip", z.ZodTypeAny, {
365
+ ocsp?: string[];
366
+ caIssuers?: string[];
367
+ }, {
368
+ ocsp?: string[];
369
+ caIssuers?: string[];
370
+ }>>;
371
+ crlDistributionPoints: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
372
+ fingerprint: z.ZodString;
373
+ publicKeyFingerprint: z.ZodString;
374
+ pem: z.ZodString;
375
+ der: z.ZodString;
376
+ }, "strip", z.ZodTypeAny, {
377
+ version?: number;
378
+ issuer?: {
379
+ full?: string;
380
+ C?: string;
381
+ E?: string;
382
+ L?: string;
383
+ O?: string;
384
+ CN?: string;
385
+ OU?: string;
386
+ ST?: string;
387
+ serialNumber?: string;
388
+ };
389
+ publicKey?: string;
390
+ signatureAlgorithm?: string;
391
+ fingerprint?: string;
392
+ extensions?: {
393
+ value?: string;
394
+ critical?: boolean;
395
+ parsed?: Record<string, unknown>;
396
+ oid?: string;
397
+ }[];
398
+ subject?: {
399
+ full?: string;
400
+ C?: string;
401
+ E?: string;
402
+ L?: string;
403
+ O?: string;
404
+ CN?: string;
405
+ OU?: string;
406
+ ST?: string;
407
+ serialNumber?: string;
408
+ };
409
+ serialNumber?: string;
410
+ notBefore?: Date;
411
+ notAfter?: Date;
412
+ publicKeyAlgorithm?: string;
413
+ subjectAltNames?: {
414
+ value?: string;
415
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
416
+ oid?: string;
417
+ }[];
418
+ keyUsage?: string[];
419
+ extendedKeyUsage?: string[];
420
+ authorityInfoAccess?: {
421
+ ocsp?: string[];
422
+ caIssuers?: string[];
423
+ };
424
+ crlDistributionPoints?: string[];
425
+ publicKeyFingerprint?: string;
426
+ pem?: string;
427
+ der?: string;
428
+ }, {
429
+ version?: number;
430
+ issuer?: {
431
+ full?: string;
432
+ C?: string;
433
+ E?: string;
434
+ L?: string;
435
+ O?: string;
436
+ CN?: string;
437
+ OU?: string;
438
+ ST?: string;
439
+ serialNumber?: string;
440
+ };
441
+ publicKey?: string;
442
+ signatureAlgorithm?: string;
443
+ fingerprint?: string;
444
+ extensions?: {
445
+ value?: string;
446
+ critical?: boolean;
447
+ parsed?: Record<string, unknown>;
448
+ oid?: string;
449
+ }[];
450
+ subject?: {
451
+ full?: string;
452
+ C?: string;
453
+ E?: string;
454
+ L?: string;
455
+ O?: string;
456
+ CN?: string;
457
+ OU?: string;
458
+ ST?: string;
459
+ serialNumber?: string;
460
+ };
461
+ serialNumber?: string;
462
+ notBefore?: Date;
463
+ notAfter?: Date;
464
+ publicKeyAlgorithm?: string;
465
+ subjectAltNames?: {
466
+ value?: string;
467
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
468
+ oid?: string;
469
+ }[];
470
+ keyUsage?: string[];
471
+ extendedKeyUsage?: string[];
472
+ authorityInfoAccess?: {
473
+ ocsp?: string[];
474
+ caIssuers?: string[];
475
+ };
476
+ crlDistributionPoints?: string[];
477
+ publicKeyFingerprint?: string;
478
+ pem?: string;
479
+ der?: string;
480
+ }>;
481
+ /**
482
+ * Certificate chain
483
+ */
484
+ export interface CertificateChain {
485
+ /** End-entity certificate */
486
+ endEntity: ParsedCertificate;
487
+ /** Intermediate certificates */
488
+ intermediates: ParsedCertificate[];
489
+ /** Root certificate (if included) */
490
+ root?: ParsedCertificate;
491
+ }
492
+ export declare const certificateChainSchema: z.ZodObject<{
493
+ endEntity: z.ZodObject<{
494
+ version: z.ZodNumber;
495
+ serialNumber: z.ZodString;
496
+ signatureAlgorithm: z.ZodString;
497
+ issuer: z.ZodObject<{
498
+ CN: z.ZodOptional<z.ZodString>;
499
+ O: z.ZodOptional<z.ZodString>;
500
+ OU: z.ZodOptional<z.ZodString>;
501
+ C: z.ZodOptional<z.ZodString>;
502
+ ST: z.ZodOptional<z.ZodString>;
503
+ L: z.ZodOptional<z.ZodString>;
504
+ E: z.ZodOptional<z.ZodString>;
505
+ serialNumber: z.ZodOptional<z.ZodString>;
506
+ full: z.ZodString;
507
+ }, "strip", z.ZodTypeAny, {
508
+ full?: string;
509
+ C?: string;
510
+ E?: string;
511
+ L?: string;
512
+ O?: string;
513
+ CN?: string;
514
+ OU?: string;
515
+ ST?: string;
516
+ serialNumber?: string;
517
+ }, {
518
+ full?: string;
519
+ C?: string;
520
+ E?: string;
521
+ L?: string;
522
+ O?: string;
523
+ CN?: string;
524
+ OU?: string;
525
+ ST?: string;
526
+ serialNumber?: string;
527
+ }>;
528
+ subject: z.ZodObject<{
529
+ CN: z.ZodOptional<z.ZodString>;
530
+ O: z.ZodOptional<z.ZodString>;
531
+ OU: z.ZodOptional<z.ZodString>;
532
+ C: z.ZodOptional<z.ZodString>;
533
+ ST: z.ZodOptional<z.ZodString>;
534
+ L: z.ZodOptional<z.ZodString>;
535
+ E: z.ZodOptional<z.ZodString>;
536
+ serialNumber: z.ZodOptional<z.ZodString>;
537
+ full: z.ZodString;
538
+ }, "strip", z.ZodTypeAny, {
539
+ full?: string;
540
+ C?: string;
541
+ E?: string;
542
+ L?: string;
543
+ O?: string;
544
+ CN?: string;
545
+ OU?: string;
546
+ ST?: string;
547
+ serialNumber?: string;
548
+ }, {
549
+ full?: string;
550
+ C?: string;
551
+ E?: string;
552
+ L?: string;
553
+ O?: string;
554
+ CN?: string;
555
+ OU?: string;
556
+ ST?: string;
557
+ serialNumber?: string;
558
+ }>;
559
+ notBefore: z.ZodDate;
560
+ notAfter: z.ZodDate;
561
+ publicKeyAlgorithm: z.ZodString;
562
+ publicKey: z.ZodString;
563
+ subjectAltNames: z.ZodArray<z.ZodObject<{
564
+ type: z.ZodEnum<["email", "dns", "uri", "ip", "upn", "other"]>;
565
+ value: z.ZodString;
566
+ oid: z.ZodOptional<z.ZodString>;
567
+ }, "strip", z.ZodTypeAny, {
568
+ value?: string;
569
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
570
+ oid?: string;
571
+ }, {
572
+ value?: string;
573
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
574
+ oid?: string;
575
+ }>, "many">;
576
+ keyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
577
+ extendedKeyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
578
+ extensions: z.ZodArray<z.ZodObject<{
579
+ oid: z.ZodString;
580
+ critical: z.ZodBoolean;
581
+ value: z.ZodString;
582
+ parsed: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
583
+ }, "strip", z.ZodTypeAny, {
584
+ value?: string;
585
+ critical?: boolean;
586
+ parsed?: Record<string, unknown>;
587
+ oid?: string;
588
+ }, {
589
+ value?: string;
590
+ critical?: boolean;
591
+ parsed?: Record<string, unknown>;
592
+ oid?: string;
593
+ }>, "many">;
594
+ authorityInfoAccess: z.ZodOptional<z.ZodObject<{
595
+ ocsp: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
596
+ caIssuers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
597
+ }, "strip", z.ZodTypeAny, {
598
+ ocsp?: string[];
599
+ caIssuers?: string[];
600
+ }, {
601
+ ocsp?: string[];
602
+ caIssuers?: string[];
603
+ }>>;
604
+ crlDistributionPoints: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
605
+ fingerprint: z.ZodString;
606
+ publicKeyFingerprint: z.ZodString;
607
+ pem: z.ZodString;
608
+ der: z.ZodString;
609
+ }, "strip", z.ZodTypeAny, {
610
+ version?: number;
611
+ issuer?: {
612
+ full?: string;
613
+ C?: string;
614
+ E?: string;
615
+ L?: string;
616
+ O?: string;
617
+ CN?: string;
618
+ OU?: string;
619
+ ST?: string;
620
+ serialNumber?: string;
621
+ };
622
+ publicKey?: string;
623
+ signatureAlgorithm?: string;
624
+ fingerprint?: string;
625
+ extensions?: {
626
+ value?: string;
627
+ critical?: boolean;
628
+ parsed?: Record<string, unknown>;
629
+ oid?: string;
630
+ }[];
631
+ subject?: {
632
+ full?: string;
633
+ C?: string;
634
+ E?: string;
635
+ L?: string;
636
+ O?: string;
637
+ CN?: string;
638
+ OU?: string;
639
+ ST?: string;
640
+ serialNumber?: string;
641
+ };
642
+ serialNumber?: string;
643
+ notBefore?: Date;
644
+ notAfter?: Date;
645
+ publicKeyAlgorithm?: string;
646
+ subjectAltNames?: {
647
+ value?: string;
648
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
649
+ oid?: string;
650
+ }[];
651
+ keyUsage?: string[];
652
+ extendedKeyUsage?: string[];
653
+ authorityInfoAccess?: {
654
+ ocsp?: string[];
655
+ caIssuers?: string[];
656
+ };
657
+ crlDistributionPoints?: string[];
658
+ publicKeyFingerprint?: string;
659
+ pem?: string;
660
+ der?: string;
661
+ }, {
662
+ version?: number;
663
+ issuer?: {
664
+ full?: string;
665
+ C?: string;
666
+ E?: string;
667
+ L?: string;
668
+ O?: string;
669
+ CN?: string;
670
+ OU?: string;
671
+ ST?: string;
672
+ serialNumber?: string;
673
+ };
674
+ publicKey?: string;
675
+ signatureAlgorithm?: string;
676
+ fingerprint?: string;
677
+ extensions?: {
678
+ value?: string;
679
+ critical?: boolean;
680
+ parsed?: Record<string, unknown>;
681
+ oid?: string;
682
+ }[];
683
+ subject?: {
684
+ full?: string;
685
+ C?: string;
686
+ E?: string;
687
+ L?: string;
688
+ O?: string;
689
+ CN?: string;
690
+ OU?: string;
691
+ ST?: string;
692
+ serialNumber?: string;
693
+ };
694
+ serialNumber?: string;
695
+ notBefore?: Date;
696
+ notAfter?: Date;
697
+ publicKeyAlgorithm?: string;
698
+ subjectAltNames?: {
699
+ value?: string;
700
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
701
+ oid?: string;
702
+ }[];
703
+ keyUsage?: string[];
704
+ extendedKeyUsage?: string[];
705
+ authorityInfoAccess?: {
706
+ ocsp?: string[];
707
+ caIssuers?: string[];
708
+ };
709
+ crlDistributionPoints?: string[];
710
+ publicKeyFingerprint?: string;
711
+ pem?: string;
712
+ der?: string;
713
+ }>;
714
+ intermediates: z.ZodArray<z.ZodObject<{
715
+ version: z.ZodNumber;
716
+ serialNumber: z.ZodString;
717
+ signatureAlgorithm: z.ZodString;
718
+ issuer: z.ZodObject<{
719
+ CN: z.ZodOptional<z.ZodString>;
720
+ O: z.ZodOptional<z.ZodString>;
721
+ OU: z.ZodOptional<z.ZodString>;
722
+ C: z.ZodOptional<z.ZodString>;
723
+ ST: z.ZodOptional<z.ZodString>;
724
+ L: z.ZodOptional<z.ZodString>;
725
+ E: z.ZodOptional<z.ZodString>;
726
+ serialNumber: z.ZodOptional<z.ZodString>;
727
+ full: z.ZodString;
728
+ }, "strip", z.ZodTypeAny, {
729
+ full?: string;
730
+ C?: string;
731
+ E?: string;
732
+ L?: string;
733
+ O?: string;
734
+ CN?: string;
735
+ OU?: string;
736
+ ST?: string;
737
+ serialNumber?: string;
738
+ }, {
739
+ full?: string;
740
+ C?: string;
741
+ E?: string;
742
+ L?: string;
743
+ O?: string;
744
+ CN?: string;
745
+ OU?: string;
746
+ ST?: string;
747
+ serialNumber?: string;
748
+ }>;
749
+ subject: z.ZodObject<{
750
+ CN: z.ZodOptional<z.ZodString>;
751
+ O: z.ZodOptional<z.ZodString>;
752
+ OU: z.ZodOptional<z.ZodString>;
753
+ C: z.ZodOptional<z.ZodString>;
754
+ ST: z.ZodOptional<z.ZodString>;
755
+ L: z.ZodOptional<z.ZodString>;
756
+ E: z.ZodOptional<z.ZodString>;
757
+ serialNumber: z.ZodOptional<z.ZodString>;
758
+ full: z.ZodString;
759
+ }, "strip", z.ZodTypeAny, {
760
+ full?: string;
761
+ C?: string;
762
+ E?: string;
763
+ L?: string;
764
+ O?: string;
765
+ CN?: string;
766
+ OU?: string;
767
+ ST?: string;
768
+ serialNumber?: string;
769
+ }, {
770
+ full?: string;
771
+ C?: string;
772
+ E?: string;
773
+ L?: string;
774
+ O?: string;
775
+ CN?: string;
776
+ OU?: string;
777
+ ST?: string;
778
+ serialNumber?: string;
779
+ }>;
780
+ notBefore: z.ZodDate;
781
+ notAfter: z.ZodDate;
782
+ publicKeyAlgorithm: z.ZodString;
783
+ publicKey: z.ZodString;
784
+ subjectAltNames: z.ZodArray<z.ZodObject<{
785
+ type: z.ZodEnum<["email", "dns", "uri", "ip", "upn", "other"]>;
786
+ value: z.ZodString;
787
+ oid: z.ZodOptional<z.ZodString>;
788
+ }, "strip", z.ZodTypeAny, {
789
+ value?: string;
790
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
791
+ oid?: string;
792
+ }, {
793
+ value?: string;
794
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
795
+ oid?: string;
796
+ }>, "many">;
797
+ keyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
798
+ extendedKeyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
799
+ extensions: z.ZodArray<z.ZodObject<{
800
+ oid: z.ZodString;
801
+ critical: z.ZodBoolean;
802
+ value: z.ZodString;
803
+ parsed: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
804
+ }, "strip", z.ZodTypeAny, {
805
+ value?: string;
806
+ critical?: boolean;
807
+ parsed?: Record<string, unknown>;
808
+ oid?: string;
809
+ }, {
810
+ value?: string;
811
+ critical?: boolean;
812
+ parsed?: Record<string, unknown>;
813
+ oid?: string;
814
+ }>, "many">;
815
+ authorityInfoAccess: z.ZodOptional<z.ZodObject<{
816
+ ocsp: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
817
+ caIssuers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
818
+ }, "strip", z.ZodTypeAny, {
819
+ ocsp?: string[];
820
+ caIssuers?: string[];
821
+ }, {
822
+ ocsp?: string[];
823
+ caIssuers?: string[];
824
+ }>>;
825
+ crlDistributionPoints: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
826
+ fingerprint: z.ZodString;
827
+ publicKeyFingerprint: z.ZodString;
828
+ pem: z.ZodString;
829
+ der: z.ZodString;
830
+ }, "strip", z.ZodTypeAny, {
831
+ version?: number;
832
+ issuer?: {
833
+ full?: string;
834
+ C?: string;
835
+ E?: string;
836
+ L?: string;
837
+ O?: string;
838
+ CN?: string;
839
+ OU?: string;
840
+ ST?: string;
841
+ serialNumber?: string;
842
+ };
843
+ publicKey?: string;
844
+ signatureAlgorithm?: string;
845
+ fingerprint?: string;
846
+ extensions?: {
847
+ value?: string;
848
+ critical?: boolean;
849
+ parsed?: Record<string, unknown>;
850
+ oid?: string;
851
+ }[];
852
+ subject?: {
853
+ full?: string;
854
+ C?: string;
855
+ E?: string;
856
+ L?: string;
857
+ O?: string;
858
+ CN?: string;
859
+ OU?: string;
860
+ ST?: string;
861
+ serialNumber?: string;
862
+ };
863
+ serialNumber?: string;
864
+ notBefore?: Date;
865
+ notAfter?: Date;
866
+ publicKeyAlgorithm?: string;
867
+ subjectAltNames?: {
868
+ value?: string;
869
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
870
+ oid?: string;
871
+ }[];
872
+ keyUsage?: string[];
873
+ extendedKeyUsage?: string[];
874
+ authorityInfoAccess?: {
875
+ ocsp?: string[];
876
+ caIssuers?: string[];
877
+ };
878
+ crlDistributionPoints?: string[];
879
+ publicKeyFingerprint?: string;
880
+ pem?: string;
881
+ der?: string;
882
+ }, {
883
+ version?: number;
884
+ issuer?: {
885
+ full?: string;
886
+ C?: string;
887
+ E?: string;
888
+ L?: string;
889
+ O?: string;
890
+ CN?: string;
891
+ OU?: string;
892
+ ST?: string;
893
+ serialNumber?: string;
894
+ };
895
+ publicKey?: string;
896
+ signatureAlgorithm?: string;
897
+ fingerprint?: string;
898
+ extensions?: {
899
+ value?: string;
900
+ critical?: boolean;
901
+ parsed?: Record<string, unknown>;
902
+ oid?: string;
903
+ }[];
904
+ subject?: {
905
+ full?: string;
906
+ C?: string;
907
+ E?: string;
908
+ L?: string;
909
+ O?: string;
910
+ CN?: string;
911
+ OU?: string;
912
+ ST?: string;
913
+ serialNumber?: string;
914
+ };
915
+ serialNumber?: string;
916
+ notBefore?: Date;
917
+ notAfter?: Date;
918
+ publicKeyAlgorithm?: string;
919
+ subjectAltNames?: {
920
+ value?: string;
921
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
922
+ oid?: string;
923
+ }[];
924
+ keyUsage?: string[];
925
+ extendedKeyUsage?: string[];
926
+ authorityInfoAccess?: {
927
+ ocsp?: string[];
928
+ caIssuers?: string[];
929
+ };
930
+ crlDistributionPoints?: string[];
931
+ publicKeyFingerprint?: string;
932
+ pem?: string;
933
+ der?: string;
934
+ }>, "many">;
935
+ root: z.ZodOptional<z.ZodObject<{
936
+ version: z.ZodNumber;
937
+ serialNumber: z.ZodString;
938
+ signatureAlgorithm: z.ZodString;
939
+ issuer: z.ZodObject<{
940
+ CN: z.ZodOptional<z.ZodString>;
941
+ O: z.ZodOptional<z.ZodString>;
942
+ OU: z.ZodOptional<z.ZodString>;
943
+ C: z.ZodOptional<z.ZodString>;
944
+ ST: z.ZodOptional<z.ZodString>;
945
+ L: z.ZodOptional<z.ZodString>;
946
+ E: z.ZodOptional<z.ZodString>;
947
+ serialNumber: z.ZodOptional<z.ZodString>;
948
+ full: z.ZodString;
949
+ }, "strip", z.ZodTypeAny, {
950
+ full?: string;
951
+ C?: string;
952
+ E?: string;
953
+ L?: string;
954
+ O?: string;
955
+ CN?: string;
956
+ OU?: string;
957
+ ST?: string;
958
+ serialNumber?: string;
959
+ }, {
960
+ full?: string;
961
+ C?: string;
962
+ E?: string;
963
+ L?: string;
964
+ O?: string;
965
+ CN?: string;
966
+ OU?: string;
967
+ ST?: string;
968
+ serialNumber?: string;
969
+ }>;
970
+ subject: z.ZodObject<{
971
+ CN: z.ZodOptional<z.ZodString>;
972
+ O: z.ZodOptional<z.ZodString>;
973
+ OU: z.ZodOptional<z.ZodString>;
974
+ C: z.ZodOptional<z.ZodString>;
975
+ ST: z.ZodOptional<z.ZodString>;
976
+ L: z.ZodOptional<z.ZodString>;
977
+ E: z.ZodOptional<z.ZodString>;
978
+ serialNumber: z.ZodOptional<z.ZodString>;
979
+ full: z.ZodString;
980
+ }, "strip", z.ZodTypeAny, {
981
+ full?: string;
982
+ C?: string;
983
+ E?: string;
984
+ L?: string;
985
+ O?: string;
986
+ CN?: string;
987
+ OU?: string;
988
+ ST?: string;
989
+ serialNumber?: string;
990
+ }, {
991
+ full?: string;
992
+ C?: string;
993
+ E?: string;
994
+ L?: string;
995
+ O?: string;
996
+ CN?: string;
997
+ OU?: string;
998
+ ST?: string;
999
+ serialNumber?: string;
1000
+ }>;
1001
+ notBefore: z.ZodDate;
1002
+ notAfter: z.ZodDate;
1003
+ publicKeyAlgorithm: z.ZodString;
1004
+ publicKey: z.ZodString;
1005
+ subjectAltNames: z.ZodArray<z.ZodObject<{
1006
+ type: z.ZodEnum<["email", "dns", "uri", "ip", "upn", "other"]>;
1007
+ value: z.ZodString;
1008
+ oid: z.ZodOptional<z.ZodString>;
1009
+ }, "strip", z.ZodTypeAny, {
1010
+ value?: string;
1011
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1012
+ oid?: string;
1013
+ }, {
1014
+ value?: string;
1015
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1016
+ oid?: string;
1017
+ }>, "many">;
1018
+ keyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1019
+ extendedKeyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1020
+ extensions: z.ZodArray<z.ZodObject<{
1021
+ oid: z.ZodString;
1022
+ critical: z.ZodBoolean;
1023
+ value: z.ZodString;
1024
+ parsed: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
1025
+ }, "strip", z.ZodTypeAny, {
1026
+ value?: string;
1027
+ critical?: boolean;
1028
+ parsed?: Record<string, unknown>;
1029
+ oid?: string;
1030
+ }, {
1031
+ value?: string;
1032
+ critical?: boolean;
1033
+ parsed?: Record<string, unknown>;
1034
+ oid?: string;
1035
+ }>, "many">;
1036
+ authorityInfoAccess: z.ZodOptional<z.ZodObject<{
1037
+ ocsp: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1038
+ caIssuers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1039
+ }, "strip", z.ZodTypeAny, {
1040
+ ocsp?: string[];
1041
+ caIssuers?: string[];
1042
+ }, {
1043
+ ocsp?: string[];
1044
+ caIssuers?: string[];
1045
+ }>>;
1046
+ crlDistributionPoints: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1047
+ fingerprint: z.ZodString;
1048
+ publicKeyFingerprint: z.ZodString;
1049
+ pem: z.ZodString;
1050
+ der: z.ZodString;
1051
+ }, "strip", z.ZodTypeAny, {
1052
+ version?: number;
1053
+ issuer?: {
1054
+ full?: string;
1055
+ C?: string;
1056
+ E?: string;
1057
+ L?: string;
1058
+ O?: string;
1059
+ CN?: string;
1060
+ OU?: string;
1061
+ ST?: string;
1062
+ serialNumber?: string;
1063
+ };
1064
+ publicKey?: string;
1065
+ signatureAlgorithm?: string;
1066
+ fingerprint?: string;
1067
+ extensions?: {
1068
+ value?: string;
1069
+ critical?: boolean;
1070
+ parsed?: Record<string, unknown>;
1071
+ oid?: string;
1072
+ }[];
1073
+ subject?: {
1074
+ full?: string;
1075
+ C?: string;
1076
+ E?: string;
1077
+ L?: string;
1078
+ O?: string;
1079
+ CN?: string;
1080
+ OU?: string;
1081
+ ST?: string;
1082
+ serialNumber?: string;
1083
+ };
1084
+ serialNumber?: string;
1085
+ notBefore?: Date;
1086
+ notAfter?: Date;
1087
+ publicKeyAlgorithm?: string;
1088
+ subjectAltNames?: {
1089
+ value?: string;
1090
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1091
+ oid?: string;
1092
+ }[];
1093
+ keyUsage?: string[];
1094
+ extendedKeyUsage?: string[];
1095
+ authorityInfoAccess?: {
1096
+ ocsp?: string[];
1097
+ caIssuers?: string[];
1098
+ };
1099
+ crlDistributionPoints?: string[];
1100
+ publicKeyFingerprint?: string;
1101
+ pem?: string;
1102
+ der?: string;
1103
+ }, {
1104
+ version?: number;
1105
+ issuer?: {
1106
+ full?: string;
1107
+ C?: string;
1108
+ E?: string;
1109
+ L?: string;
1110
+ O?: string;
1111
+ CN?: string;
1112
+ OU?: string;
1113
+ ST?: string;
1114
+ serialNumber?: string;
1115
+ };
1116
+ publicKey?: string;
1117
+ signatureAlgorithm?: string;
1118
+ fingerprint?: string;
1119
+ extensions?: {
1120
+ value?: string;
1121
+ critical?: boolean;
1122
+ parsed?: Record<string, unknown>;
1123
+ oid?: string;
1124
+ }[];
1125
+ subject?: {
1126
+ full?: string;
1127
+ C?: string;
1128
+ E?: string;
1129
+ L?: string;
1130
+ O?: string;
1131
+ CN?: string;
1132
+ OU?: string;
1133
+ ST?: string;
1134
+ serialNumber?: string;
1135
+ };
1136
+ serialNumber?: string;
1137
+ notBefore?: Date;
1138
+ notAfter?: Date;
1139
+ publicKeyAlgorithm?: string;
1140
+ subjectAltNames?: {
1141
+ value?: string;
1142
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1143
+ oid?: string;
1144
+ }[];
1145
+ keyUsage?: string[];
1146
+ extendedKeyUsage?: string[];
1147
+ authorityInfoAccess?: {
1148
+ ocsp?: string[];
1149
+ caIssuers?: string[];
1150
+ };
1151
+ crlDistributionPoints?: string[];
1152
+ publicKeyFingerprint?: string;
1153
+ pem?: string;
1154
+ der?: string;
1155
+ }>>;
1156
+ }, "strip", z.ZodTypeAny, {
1157
+ root?: {
1158
+ version?: number;
1159
+ issuer?: {
1160
+ full?: string;
1161
+ C?: string;
1162
+ E?: string;
1163
+ L?: string;
1164
+ O?: string;
1165
+ CN?: string;
1166
+ OU?: string;
1167
+ ST?: string;
1168
+ serialNumber?: string;
1169
+ };
1170
+ publicKey?: string;
1171
+ signatureAlgorithm?: string;
1172
+ fingerprint?: string;
1173
+ extensions?: {
1174
+ value?: string;
1175
+ critical?: boolean;
1176
+ parsed?: Record<string, unknown>;
1177
+ oid?: string;
1178
+ }[];
1179
+ subject?: {
1180
+ full?: string;
1181
+ C?: string;
1182
+ E?: string;
1183
+ L?: string;
1184
+ O?: string;
1185
+ CN?: string;
1186
+ OU?: string;
1187
+ ST?: string;
1188
+ serialNumber?: string;
1189
+ };
1190
+ serialNumber?: string;
1191
+ notBefore?: Date;
1192
+ notAfter?: Date;
1193
+ publicKeyAlgorithm?: string;
1194
+ subjectAltNames?: {
1195
+ value?: string;
1196
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1197
+ oid?: string;
1198
+ }[];
1199
+ keyUsage?: string[];
1200
+ extendedKeyUsage?: string[];
1201
+ authorityInfoAccess?: {
1202
+ ocsp?: string[];
1203
+ caIssuers?: string[];
1204
+ };
1205
+ crlDistributionPoints?: string[];
1206
+ publicKeyFingerprint?: string;
1207
+ pem?: string;
1208
+ der?: string;
1209
+ };
1210
+ endEntity?: {
1211
+ version?: number;
1212
+ issuer?: {
1213
+ full?: string;
1214
+ C?: string;
1215
+ E?: string;
1216
+ L?: string;
1217
+ O?: string;
1218
+ CN?: string;
1219
+ OU?: string;
1220
+ ST?: string;
1221
+ serialNumber?: string;
1222
+ };
1223
+ publicKey?: string;
1224
+ signatureAlgorithm?: string;
1225
+ fingerprint?: string;
1226
+ extensions?: {
1227
+ value?: string;
1228
+ critical?: boolean;
1229
+ parsed?: Record<string, unknown>;
1230
+ oid?: string;
1231
+ }[];
1232
+ subject?: {
1233
+ full?: string;
1234
+ C?: string;
1235
+ E?: string;
1236
+ L?: string;
1237
+ O?: string;
1238
+ CN?: string;
1239
+ OU?: string;
1240
+ ST?: string;
1241
+ serialNumber?: string;
1242
+ };
1243
+ serialNumber?: string;
1244
+ notBefore?: Date;
1245
+ notAfter?: Date;
1246
+ publicKeyAlgorithm?: string;
1247
+ subjectAltNames?: {
1248
+ value?: string;
1249
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1250
+ oid?: string;
1251
+ }[];
1252
+ keyUsage?: string[];
1253
+ extendedKeyUsage?: string[];
1254
+ authorityInfoAccess?: {
1255
+ ocsp?: string[];
1256
+ caIssuers?: string[];
1257
+ };
1258
+ crlDistributionPoints?: string[];
1259
+ publicKeyFingerprint?: string;
1260
+ pem?: string;
1261
+ der?: string;
1262
+ };
1263
+ intermediates?: {
1264
+ version?: number;
1265
+ issuer?: {
1266
+ full?: string;
1267
+ C?: string;
1268
+ E?: string;
1269
+ L?: string;
1270
+ O?: string;
1271
+ CN?: string;
1272
+ OU?: string;
1273
+ ST?: string;
1274
+ serialNumber?: string;
1275
+ };
1276
+ publicKey?: string;
1277
+ signatureAlgorithm?: string;
1278
+ fingerprint?: string;
1279
+ extensions?: {
1280
+ value?: string;
1281
+ critical?: boolean;
1282
+ parsed?: Record<string, unknown>;
1283
+ oid?: string;
1284
+ }[];
1285
+ subject?: {
1286
+ full?: string;
1287
+ C?: string;
1288
+ E?: string;
1289
+ L?: string;
1290
+ O?: string;
1291
+ CN?: string;
1292
+ OU?: string;
1293
+ ST?: string;
1294
+ serialNumber?: string;
1295
+ };
1296
+ serialNumber?: string;
1297
+ notBefore?: Date;
1298
+ notAfter?: Date;
1299
+ publicKeyAlgorithm?: string;
1300
+ subjectAltNames?: {
1301
+ value?: string;
1302
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1303
+ oid?: string;
1304
+ }[];
1305
+ keyUsage?: string[];
1306
+ extendedKeyUsage?: string[];
1307
+ authorityInfoAccess?: {
1308
+ ocsp?: string[];
1309
+ caIssuers?: string[];
1310
+ };
1311
+ crlDistributionPoints?: string[];
1312
+ publicKeyFingerprint?: string;
1313
+ pem?: string;
1314
+ der?: string;
1315
+ }[];
1316
+ }, {
1317
+ root?: {
1318
+ version?: number;
1319
+ issuer?: {
1320
+ full?: string;
1321
+ C?: string;
1322
+ E?: string;
1323
+ L?: string;
1324
+ O?: string;
1325
+ CN?: string;
1326
+ OU?: string;
1327
+ ST?: string;
1328
+ serialNumber?: string;
1329
+ };
1330
+ publicKey?: string;
1331
+ signatureAlgorithm?: string;
1332
+ fingerprint?: string;
1333
+ extensions?: {
1334
+ value?: string;
1335
+ critical?: boolean;
1336
+ parsed?: Record<string, unknown>;
1337
+ oid?: string;
1338
+ }[];
1339
+ subject?: {
1340
+ full?: string;
1341
+ C?: string;
1342
+ E?: string;
1343
+ L?: string;
1344
+ O?: string;
1345
+ CN?: string;
1346
+ OU?: string;
1347
+ ST?: string;
1348
+ serialNumber?: string;
1349
+ };
1350
+ serialNumber?: string;
1351
+ notBefore?: Date;
1352
+ notAfter?: Date;
1353
+ publicKeyAlgorithm?: string;
1354
+ subjectAltNames?: {
1355
+ value?: string;
1356
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1357
+ oid?: string;
1358
+ }[];
1359
+ keyUsage?: string[];
1360
+ extendedKeyUsage?: string[];
1361
+ authorityInfoAccess?: {
1362
+ ocsp?: string[];
1363
+ caIssuers?: string[];
1364
+ };
1365
+ crlDistributionPoints?: string[];
1366
+ publicKeyFingerprint?: string;
1367
+ pem?: string;
1368
+ der?: string;
1369
+ };
1370
+ endEntity?: {
1371
+ version?: number;
1372
+ issuer?: {
1373
+ full?: string;
1374
+ C?: string;
1375
+ E?: string;
1376
+ L?: string;
1377
+ O?: string;
1378
+ CN?: string;
1379
+ OU?: string;
1380
+ ST?: string;
1381
+ serialNumber?: string;
1382
+ };
1383
+ publicKey?: string;
1384
+ signatureAlgorithm?: string;
1385
+ fingerprint?: string;
1386
+ extensions?: {
1387
+ value?: string;
1388
+ critical?: boolean;
1389
+ parsed?: Record<string, unknown>;
1390
+ oid?: string;
1391
+ }[];
1392
+ subject?: {
1393
+ full?: string;
1394
+ C?: string;
1395
+ E?: string;
1396
+ L?: string;
1397
+ O?: string;
1398
+ CN?: string;
1399
+ OU?: string;
1400
+ ST?: string;
1401
+ serialNumber?: string;
1402
+ };
1403
+ serialNumber?: string;
1404
+ notBefore?: Date;
1405
+ notAfter?: Date;
1406
+ publicKeyAlgorithm?: string;
1407
+ subjectAltNames?: {
1408
+ value?: string;
1409
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1410
+ oid?: string;
1411
+ }[];
1412
+ keyUsage?: string[];
1413
+ extendedKeyUsage?: string[];
1414
+ authorityInfoAccess?: {
1415
+ ocsp?: string[];
1416
+ caIssuers?: string[];
1417
+ };
1418
+ crlDistributionPoints?: string[];
1419
+ publicKeyFingerprint?: string;
1420
+ pem?: string;
1421
+ der?: string;
1422
+ };
1423
+ intermediates?: {
1424
+ version?: number;
1425
+ issuer?: {
1426
+ full?: string;
1427
+ C?: string;
1428
+ E?: string;
1429
+ L?: string;
1430
+ O?: string;
1431
+ CN?: string;
1432
+ OU?: string;
1433
+ ST?: string;
1434
+ serialNumber?: string;
1435
+ };
1436
+ publicKey?: string;
1437
+ signatureAlgorithm?: string;
1438
+ fingerprint?: string;
1439
+ extensions?: {
1440
+ value?: string;
1441
+ critical?: boolean;
1442
+ parsed?: Record<string, unknown>;
1443
+ oid?: string;
1444
+ }[];
1445
+ subject?: {
1446
+ full?: string;
1447
+ C?: string;
1448
+ E?: string;
1449
+ L?: string;
1450
+ O?: string;
1451
+ CN?: string;
1452
+ OU?: string;
1453
+ ST?: string;
1454
+ serialNumber?: string;
1455
+ };
1456
+ serialNumber?: string;
1457
+ notBefore?: Date;
1458
+ notAfter?: Date;
1459
+ publicKeyAlgorithm?: string;
1460
+ subjectAltNames?: {
1461
+ value?: string;
1462
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
1463
+ oid?: string;
1464
+ }[];
1465
+ keyUsage?: string[];
1466
+ extendedKeyUsage?: string[];
1467
+ authorityInfoAccess?: {
1468
+ ocsp?: string[];
1469
+ caIssuers?: string[];
1470
+ };
1471
+ crlDistributionPoints?: string[];
1472
+ publicKeyFingerprint?: string;
1473
+ pem?: string;
1474
+ der?: string;
1475
+ }[];
1476
+ }>;
1477
+ /**
1478
+ * OCSP response data
1479
+ */
1480
+ export interface OCSPResponse {
1481
+ /** Response status */
1482
+ status: 'good' | 'revoked' | 'unknown';
1483
+ /** Revocation time if revoked */
1484
+ revocationTime?: Date;
1485
+ /** Revocation reason if revoked */
1486
+ revocationReason?: string;
1487
+ /** Response production time */
1488
+ producedAt: Date;
1489
+ /** This update time */
1490
+ thisUpdate: Date;
1491
+ /** Next update time */
1492
+ nextUpdate?: Date;
1493
+ /** Responder ID */
1494
+ responderId: string;
1495
+ /** Whether response was cached */
1496
+ fromCache: boolean;
1497
+ /** OCSP responder URL used */
1498
+ responderUrl: string;
1499
+ }
1500
+ export declare const ocspResponseSchema: z.ZodObject<{
1501
+ status: z.ZodEnum<["good", "revoked", "unknown"]>;
1502
+ revocationTime: z.ZodOptional<z.ZodDate>;
1503
+ revocationReason: z.ZodOptional<z.ZodString>;
1504
+ producedAt: z.ZodDate;
1505
+ thisUpdate: z.ZodDate;
1506
+ nextUpdate: z.ZodOptional<z.ZodDate>;
1507
+ responderId: z.ZodString;
1508
+ fromCache: z.ZodBoolean;
1509
+ responderUrl: z.ZodString;
1510
+ }, "strip", z.ZodTypeAny, {
1511
+ status?: "unknown" | "revoked" | "good";
1512
+ fromCache?: boolean;
1513
+ revocationReason?: string;
1514
+ revocationTime?: Date;
1515
+ producedAt?: Date;
1516
+ thisUpdate?: Date;
1517
+ nextUpdate?: Date;
1518
+ responderId?: string;
1519
+ responderUrl?: string;
1520
+ }, {
1521
+ status?: "unknown" | "revoked" | "good";
1522
+ fromCache?: boolean;
1523
+ revocationReason?: string;
1524
+ revocationTime?: Date;
1525
+ producedAt?: Date;
1526
+ thisUpdate?: Date;
1527
+ nextUpdate?: Date;
1528
+ responderId?: string;
1529
+ responderUrl?: string;
1530
+ }>;
1531
+ /**
1532
+ * CRL entry for a revoked certificate
1533
+ */
1534
+ export interface CRLEntry {
1535
+ /** Serial number of revoked certificate */
1536
+ serialNumber: string;
1537
+ /** Revocation date */
1538
+ revocationDate: Date;
1539
+ /** Revocation reason code */
1540
+ reasonCode?: number;
1541
+ /** Reason description */
1542
+ reason?: string;
1543
+ }
1544
+ export declare const crlEntrySchema: z.ZodObject<{
1545
+ serialNumber: z.ZodString;
1546
+ revocationDate: z.ZodDate;
1547
+ reasonCode: z.ZodOptional<z.ZodNumber>;
1548
+ reason: z.ZodOptional<z.ZodString>;
1549
+ }, "strip", z.ZodTypeAny, {
1550
+ reason?: string;
1551
+ serialNumber?: string;
1552
+ revocationDate?: Date;
1553
+ reasonCode?: number;
1554
+ }, {
1555
+ reason?: string;
1556
+ serialNumber?: string;
1557
+ revocationDate?: Date;
1558
+ reasonCode?: number;
1559
+ }>;
1560
+ /**
1561
+ * CRL data
1562
+ */
1563
+ export interface CRLData {
1564
+ /** CRL issuer */
1565
+ issuer: DistinguishedName;
1566
+ /** This update time */
1567
+ thisUpdate: Date;
1568
+ /** Next update time */
1569
+ nextUpdate?: Date;
1570
+ /** Revoked certificates */
1571
+ revokedCertificates: CRLEntry[];
1572
+ /** CRL number */
1573
+ crlNumber?: string;
1574
+ /** Whether CRL is delta */
1575
+ isDelta: boolean;
1576
+ /** CRL distribution point URL */
1577
+ distributionPoint: string;
1578
+ /** Whether CRL was cached */
1579
+ fromCache: boolean;
1580
+ }
1581
+ export declare const crlDataSchema: z.ZodObject<{
1582
+ issuer: z.ZodObject<{
1583
+ CN: z.ZodOptional<z.ZodString>;
1584
+ O: z.ZodOptional<z.ZodString>;
1585
+ OU: z.ZodOptional<z.ZodString>;
1586
+ C: z.ZodOptional<z.ZodString>;
1587
+ ST: z.ZodOptional<z.ZodString>;
1588
+ L: z.ZodOptional<z.ZodString>;
1589
+ E: z.ZodOptional<z.ZodString>;
1590
+ serialNumber: z.ZodOptional<z.ZodString>;
1591
+ full: z.ZodString;
1592
+ }, "strip", z.ZodTypeAny, {
1593
+ full?: string;
1594
+ C?: string;
1595
+ E?: string;
1596
+ L?: string;
1597
+ O?: string;
1598
+ CN?: string;
1599
+ OU?: string;
1600
+ ST?: string;
1601
+ serialNumber?: string;
1602
+ }, {
1603
+ full?: string;
1604
+ C?: string;
1605
+ E?: string;
1606
+ L?: string;
1607
+ O?: string;
1608
+ CN?: string;
1609
+ OU?: string;
1610
+ ST?: string;
1611
+ serialNumber?: string;
1612
+ }>;
1613
+ thisUpdate: z.ZodDate;
1614
+ nextUpdate: z.ZodOptional<z.ZodDate>;
1615
+ revokedCertificates: z.ZodArray<z.ZodObject<{
1616
+ serialNumber: z.ZodString;
1617
+ revocationDate: z.ZodDate;
1618
+ reasonCode: z.ZodOptional<z.ZodNumber>;
1619
+ reason: z.ZodOptional<z.ZodString>;
1620
+ }, "strip", z.ZodTypeAny, {
1621
+ reason?: string;
1622
+ serialNumber?: string;
1623
+ revocationDate?: Date;
1624
+ reasonCode?: number;
1625
+ }, {
1626
+ reason?: string;
1627
+ serialNumber?: string;
1628
+ revocationDate?: Date;
1629
+ reasonCode?: number;
1630
+ }>, "many">;
1631
+ crlNumber: z.ZodOptional<z.ZodString>;
1632
+ isDelta: z.ZodBoolean;
1633
+ distributionPoint: z.ZodString;
1634
+ fromCache: z.ZodBoolean;
1635
+ }, "strip", z.ZodTypeAny, {
1636
+ issuer?: {
1637
+ full?: string;
1638
+ C?: string;
1639
+ E?: string;
1640
+ L?: string;
1641
+ O?: string;
1642
+ CN?: string;
1643
+ OU?: string;
1644
+ ST?: string;
1645
+ serialNumber?: string;
1646
+ };
1647
+ fromCache?: boolean;
1648
+ thisUpdate?: Date;
1649
+ nextUpdate?: Date;
1650
+ revokedCertificates?: {
1651
+ reason?: string;
1652
+ serialNumber?: string;
1653
+ revocationDate?: Date;
1654
+ reasonCode?: number;
1655
+ }[];
1656
+ crlNumber?: string;
1657
+ isDelta?: boolean;
1658
+ distributionPoint?: string;
1659
+ }, {
1660
+ issuer?: {
1661
+ full?: string;
1662
+ C?: string;
1663
+ E?: string;
1664
+ L?: string;
1665
+ O?: string;
1666
+ CN?: string;
1667
+ OU?: string;
1668
+ ST?: string;
1669
+ serialNumber?: string;
1670
+ };
1671
+ fromCache?: boolean;
1672
+ thisUpdate?: Date;
1673
+ nextUpdate?: Date;
1674
+ revokedCertificates?: {
1675
+ reason?: string;
1676
+ serialNumber?: string;
1677
+ revocationDate?: Date;
1678
+ reasonCode?: number;
1679
+ }[];
1680
+ crlNumber?: string;
1681
+ isDelta?: boolean;
1682
+ distributionPoint?: string;
1683
+ }>;
1684
+ /**
1685
+ * Certificate validation result
1686
+ */
1687
+ export interface CertificateValidationResult {
1688
+ /** Overall validation status */
1689
+ status: CertificateValidationStatus;
1690
+ /** Whether certificate is valid for authentication */
1691
+ isValid: boolean;
1692
+ /** Validation errors */
1693
+ errors: string[];
1694
+ /** Validation warnings */
1695
+ warnings: string[];
1696
+ /** Chain validation details */
1697
+ chainValidation?: {
1698
+ valid: boolean;
1699
+ depth: number;
1700
+ errors: string[];
1701
+ };
1702
+ /** OCSP validation result */
1703
+ ocspResult?: OCSPResponse;
1704
+ /** CRL validation result */
1705
+ crlResult?: CRLData;
1706
+ /** Timestamp of validation */
1707
+ validatedAt: Date;
1708
+ /** Certificate expiration date */
1709
+ expiresAt: Date;
1710
+ /** Trust anchor used */
1711
+ trustAnchor?: string;
1712
+ }
1713
+ export declare const certificateValidationResultSchema: z.ZodObject<{
1714
+ status: z.ZodNativeEnum<typeof CertificateValidationStatus>;
1715
+ isValid: z.ZodBoolean;
1716
+ errors: z.ZodArray<z.ZodString, "many">;
1717
+ warnings: z.ZodArray<z.ZodString, "many">;
1718
+ chainValidation: z.ZodOptional<z.ZodObject<{
1719
+ valid: z.ZodBoolean;
1720
+ depth: z.ZodNumber;
1721
+ errors: z.ZodArray<z.ZodString, "many">;
1722
+ }, "strip", z.ZodTypeAny, {
1723
+ valid?: boolean;
1724
+ errors?: string[];
1725
+ depth?: number;
1726
+ }, {
1727
+ valid?: boolean;
1728
+ errors?: string[];
1729
+ depth?: number;
1730
+ }>>;
1731
+ ocspResult: z.ZodOptional<z.ZodObject<{
1732
+ status: z.ZodEnum<["good", "revoked", "unknown"]>;
1733
+ revocationTime: z.ZodOptional<z.ZodDate>;
1734
+ revocationReason: z.ZodOptional<z.ZodString>;
1735
+ producedAt: z.ZodDate;
1736
+ thisUpdate: z.ZodDate;
1737
+ nextUpdate: z.ZodOptional<z.ZodDate>;
1738
+ responderId: z.ZodString;
1739
+ fromCache: z.ZodBoolean;
1740
+ responderUrl: z.ZodString;
1741
+ }, "strip", z.ZodTypeAny, {
1742
+ status?: "unknown" | "revoked" | "good";
1743
+ fromCache?: boolean;
1744
+ revocationReason?: string;
1745
+ revocationTime?: Date;
1746
+ producedAt?: Date;
1747
+ thisUpdate?: Date;
1748
+ nextUpdate?: Date;
1749
+ responderId?: string;
1750
+ responderUrl?: string;
1751
+ }, {
1752
+ status?: "unknown" | "revoked" | "good";
1753
+ fromCache?: boolean;
1754
+ revocationReason?: string;
1755
+ revocationTime?: Date;
1756
+ producedAt?: Date;
1757
+ thisUpdate?: Date;
1758
+ nextUpdate?: Date;
1759
+ responderId?: string;
1760
+ responderUrl?: string;
1761
+ }>>;
1762
+ crlResult: z.ZodOptional<z.ZodObject<{
1763
+ issuer: z.ZodObject<{
1764
+ CN: z.ZodOptional<z.ZodString>;
1765
+ O: z.ZodOptional<z.ZodString>;
1766
+ OU: z.ZodOptional<z.ZodString>;
1767
+ C: z.ZodOptional<z.ZodString>;
1768
+ ST: z.ZodOptional<z.ZodString>;
1769
+ L: z.ZodOptional<z.ZodString>;
1770
+ E: z.ZodOptional<z.ZodString>;
1771
+ serialNumber: z.ZodOptional<z.ZodString>;
1772
+ full: z.ZodString;
1773
+ }, "strip", z.ZodTypeAny, {
1774
+ full?: string;
1775
+ C?: string;
1776
+ E?: string;
1777
+ L?: string;
1778
+ O?: string;
1779
+ CN?: string;
1780
+ OU?: string;
1781
+ ST?: string;
1782
+ serialNumber?: string;
1783
+ }, {
1784
+ full?: string;
1785
+ C?: string;
1786
+ E?: string;
1787
+ L?: string;
1788
+ O?: string;
1789
+ CN?: string;
1790
+ OU?: string;
1791
+ ST?: string;
1792
+ serialNumber?: string;
1793
+ }>;
1794
+ thisUpdate: z.ZodDate;
1795
+ nextUpdate: z.ZodOptional<z.ZodDate>;
1796
+ revokedCertificates: z.ZodArray<z.ZodObject<{
1797
+ serialNumber: z.ZodString;
1798
+ revocationDate: z.ZodDate;
1799
+ reasonCode: z.ZodOptional<z.ZodNumber>;
1800
+ reason: z.ZodOptional<z.ZodString>;
1801
+ }, "strip", z.ZodTypeAny, {
1802
+ reason?: string;
1803
+ serialNumber?: string;
1804
+ revocationDate?: Date;
1805
+ reasonCode?: number;
1806
+ }, {
1807
+ reason?: string;
1808
+ serialNumber?: string;
1809
+ revocationDate?: Date;
1810
+ reasonCode?: number;
1811
+ }>, "many">;
1812
+ crlNumber: z.ZodOptional<z.ZodString>;
1813
+ isDelta: z.ZodBoolean;
1814
+ distributionPoint: z.ZodString;
1815
+ fromCache: z.ZodBoolean;
1816
+ }, "strip", z.ZodTypeAny, {
1817
+ issuer?: {
1818
+ full?: string;
1819
+ C?: string;
1820
+ E?: string;
1821
+ L?: string;
1822
+ O?: string;
1823
+ CN?: string;
1824
+ OU?: string;
1825
+ ST?: string;
1826
+ serialNumber?: string;
1827
+ };
1828
+ fromCache?: boolean;
1829
+ thisUpdate?: Date;
1830
+ nextUpdate?: Date;
1831
+ revokedCertificates?: {
1832
+ reason?: string;
1833
+ serialNumber?: string;
1834
+ revocationDate?: Date;
1835
+ reasonCode?: number;
1836
+ }[];
1837
+ crlNumber?: string;
1838
+ isDelta?: boolean;
1839
+ distributionPoint?: string;
1840
+ }, {
1841
+ issuer?: {
1842
+ full?: string;
1843
+ C?: string;
1844
+ E?: string;
1845
+ L?: string;
1846
+ O?: string;
1847
+ CN?: string;
1848
+ OU?: string;
1849
+ ST?: string;
1850
+ serialNumber?: string;
1851
+ };
1852
+ fromCache?: boolean;
1853
+ thisUpdate?: Date;
1854
+ nextUpdate?: Date;
1855
+ revokedCertificates?: {
1856
+ reason?: string;
1857
+ serialNumber?: string;
1858
+ revocationDate?: Date;
1859
+ reasonCode?: number;
1860
+ }[];
1861
+ crlNumber?: string;
1862
+ isDelta?: boolean;
1863
+ distributionPoint?: string;
1864
+ }>>;
1865
+ validatedAt: z.ZodDate;
1866
+ expiresAt: z.ZodDate;
1867
+ trustAnchor: z.ZodOptional<z.ZodString>;
1868
+ }, "strip", z.ZodTypeAny, {
1869
+ status?: CertificateValidationStatus;
1870
+ errors?: string[];
1871
+ warnings?: string[];
1872
+ expiresAt?: Date;
1873
+ validatedAt?: Date;
1874
+ isValid?: boolean;
1875
+ chainValidation?: {
1876
+ valid?: boolean;
1877
+ errors?: string[];
1878
+ depth?: number;
1879
+ };
1880
+ ocspResult?: {
1881
+ status?: "unknown" | "revoked" | "good";
1882
+ fromCache?: boolean;
1883
+ revocationReason?: string;
1884
+ revocationTime?: Date;
1885
+ producedAt?: Date;
1886
+ thisUpdate?: Date;
1887
+ nextUpdate?: Date;
1888
+ responderId?: string;
1889
+ responderUrl?: string;
1890
+ };
1891
+ crlResult?: {
1892
+ issuer?: {
1893
+ full?: string;
1894
+ C?: string;
1895
+ E?: string;
1896
+ L?: string;
1897
+ O?: string;
1898
+ CN?: string;
1899
+ OU?: string;
1900
+ ST?: string;
1901
+ serialNumber?: string;
1902
+ };
1903
+ fromCache?: boolean;
1904
+ thisUpdate?: Date;
1905
+ nextUpdate?: Date;
1906
+ revokedCertificates?: {
1907
+ reason?: string;
1908
+ serialNumber?: string;
1909
+ revocationDate?: Date;
1910
+ reasonCode?: number;
1911
+ }[];
1912
+ crlNumber?: string;
1913
+ isDelta?: boolean;
1914
+ distributionPoint?: string;
1915
+ };
1916
+ trustAnchor?: string;
1917
+ }, {
1918
+ status?: CertificateValidationStatus;
1919
+ errors?: string[];
1920
+ warnings?: string[];
1921
+ expiresAt?: Date;
1922
+ validatedAt?: Date;
1923
+ isValid?: boolean;
1924
+ chainValidation?: {
1925
+ valid?: boolean;
1926
+ errors?: string[];
1927
+ depth?: number;
1928
+ };
1929
+ ocspResult?: {
1930
+ status?: "unknown" | "revoked" | "good";
1931
+ fromCache?: boolean;
1932
+ revocationReason?: string;
1933
+ revocationTime?: Date;
1934
+ producedAt?: Date;
1935
+ thisUpdate?: Date;
1936
+ nextUpdate?: Date;
1937
+ responderId?: string;
1938
+ responderUrl?: string;
1939
+ };
1940
+ crlResult?: {
1941
+ issuer?: {
1942
+ full?: string;
1943
+ C?: string;
1944
+ E?: string;
1945
+ L?: string;
1946
+ O?: string;
1947
+ CN?: string;
1948
+ OU?: string;
1949
+ ST?: string;
1950
+ serialNumber?: string;
1951
+ };
1952
+ fromCache?: boolean;
1953
+ thisUpdate?: Date;
1954
+ nextUpdate?: Date;
1955
+ revokedCertificates?: {
1956
+ reason?: string;
1957
+ serialNumber?: string;
1958
+ revocationDate?: Date;
1959
+ reasonCode?: number;
1960
+ }[];
1961
+ crlNumber?: string;
1962
+ isDelta?: boolean;
1963
+ distributionPoint?: string;
1964
+ };
1965
+ trustAnchor?: string;
1966
+ }>;
1967
+ /**
1968
+ * Mapped user identity from certificate
1969
+ */
1970
+ export interface MappedUserIdentity {
1971
+ /** User ID in the system */
1972
+ userId: string;
1973
+ /** Username or login */
1974
+ username?: string;
1975
+ /** Email address */
1976
+ email?: string;
1977
+ /** User Principal Name */
1978
+ upn?: string;
1979
+ /** EDIPI (DoD ID number) */
1980
+ edipi?: string;
1981
+ /** Tenant ID for multi-tenant systems */
1982
+ tenantId?: string;
1983
+ /** Additional attributes */
1984
+ attributes: Record<string, string>;
1985
+ /** Mapping strategy used */
1986
+ mappingStrategy: CertificateMappingStrategy;
1987
+ /** Certificate fingerprint */
1988
+ certificateFingerprint: string;
1989
+ }
1990
+ export declare const mappedUserIdentitySchema: z.ZodObject<{
1991
+ userId: z.ZodString;
1992
+ username: z.ZodOptional<z.ZodString>;
1993
+ email: z.ZodOptional<z.ZodString>;
1994
+ upn: z.ZodOptional<z.ZodString>;
1995
+ edipi: z.ZodOptional<z.ZodString>;
1996
+ tenantId: z.ZodOptional<z.ZodString>;
1997
+ attributes: z.ZodRecord<z.ZodString, z.ZodString>;
1998
+ mappingStrategy: z.ZodNativeEnum<typeof CertificateMappingStrategy>;
1999
+ certificateFingerprint: z.ZodString;
2000
+ }, "strip", z.ZodTypeAny, {
2001
+ email?: string;
2002
+ tenantId?: string;
2003
+ userId?: string;
2004
+ attributes?: Record<string, string>;
2005
+ username?: string;
2006
+ upn?: string;
2007
+ edipi?: string;
2008
+ mappingStrategy?: CertificateMappingStrategy;
2009
+ certificateFingerprint?: string;
2010
+ }, {
2011
+ email?: string;
2012
+ tenantId?: string;
2013
+ userId?: string;
2014
+ attributes?: Record<string, string>;
2015
+ username?: string;
2016
+ upn?: string;
2017
+ edipi?: string;
2018
+ mappingStrategy?: CertificateMappingStrategy;
2019
+ certificateFingerprint?: string;
2020
+ }>;
2021
+ /**
2022
+ * Certificate mapping rule
2023
+ */
2024
+ export interface CertificateMappingRule {
2025
+ /** Rule name */
2026
+ name: string;
2027
+ /** Rule priority (lower = higher priority) */
2028
+ priority: number;
2029
+ /** Issuer DN pattern (regex) */
2030
+ issuerPattern?: string;
2031
+ /** Subject DN pattern (regex) */
2032
+ subjectPattern?: string;
2033
+ /** Required OID in certificate policies */
2034
+ requiredPolicyOid?: string;
2035
+ /** Mapping strategy to use */
2036
+ strategy: CertificateMappingStrategy;
2037
+ /** Attribute to extract user ID from */
2038
+ userIdAttribute?: string;
2039
+ /** Tenant ID to assign */
2040
+ tenantId?: string;
2041
+ /** Custom attribute mappings */
2042
+ attributeMappings?: Record<string, string>;
2043
+ }
2044
+ export declare const certificateMappingRuleSchema: z.ZodObject<{
2045
+ name: z.ZodString;
2046
+ priority: z.ZodNumber;
2047
+ issuerPattern: z.ZodOptional<z.ZodString>;
2048
+ subjectPattern: z.ZodOptional<z.ZodString>;
2049
+ requiredPolicyOid: z.ZodOptional<z.ZodString>;
2050
+ strategy: z.ZodNativeEnum<typeof CertificateMappingStrategy>;
2051
+ userIdAttribute: z.ZodOptional<z.ZodString>;
2052
+ tenantId: z.ZodOptional<z.ZodString>;
2053
+ attributeMappings: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2054
+ }, "strip", z.ZodTypeAny, {
2055
+ name?: string;
2056
+ priority?: number;
2057
+ tenantId?: string;
2058
+ issuerPattern?: string;
2059
+ subjectPattern?: string;
2060
+ requiredPolicyOid?: string;
2061
+ strategy?: CertificateMappingStrategy;
2062
+ userIdAttribute?: string;
2063
+ attributeMappings?: Record<string, string>;
2064
+ }, {
2065
+ name?: string;
2066
+ priority?: number;
2067
+ tenantId?: string;
2068
+ issuerPattern?: string;
2069
+ subjectPattern?: string;
2070
+ requiredPolicyOid?: string;
2071
+ strategy?: CertificateMappingStrategy;
2072
+ userIdAttribute?: string;
2073
+ attributeMappings?: Record<string, string>;
2074
+ }>;
2075
+ /**
2076
+ * Card event data
2077
+ */
2078
+ export interface CardEvent {
2079
+ /** Event type */
2080
+ type: CardEventType;
2081
+ /** Reader name */
2082
+ readerName: string;
2083
+ /** Timestamp */
2084
+ timestamp: Date;
2085
+ /** Card ATR (Answer To Reset) if available */
2086
+ atr?: string;
2087
+ /** Session ID associated with card */
2088
+ sessionId?: string;
2089
+ /** User ID associated with card */
2090
+ userId?: string;
2091
+ }
2092
+ export declare const cardEventSchema: z.ZodObject<{
2093
+ type: z.ZodNativeEnum<typeof CardEventType>;
2094
+ readerName: z.ZodString;
2095
+ timestamp: z.ZodDate;
2096
+ atr: z.ZodOptional<z.ZodString>;
2097
+ sessionId: z.ZodOptional<z.ZodString>;
2098
+ userId: z.ZodOptional<z.ZodString>;
2099
+ }, "strip", z.ZodTypeAny, {
2100
+ type?: CardEventType;
2101
+ userId?: string;
2102
+ sessionId?: string;
2103
+ timestamp?: Date;
2104
+ readerName?: string;
2105
+ atr?: string;
2106
+ }, {
2107
+ type?: CardEventType;
2108
+ userId?: string;
2109
+ sessionId?: string;
2110
+ timestamp?: Date;
2111
+ readerName?: string;
2112
+ atr?: string;
2113
+ }>;
2114
+ /**
2115
+ * Card session binding
2116
+ */
2117
+ export interface CardSessionBinding {
2118
+ /** Session ID */
2119
+ sessionId: string;
2120
+ /** User ID */
2121
+ userId: string;
2122
+ /** Certificate fingerprint */
2123
+ certificateFingerprint: string;
2124
+ /** Reader name */
2125
+ readerName: string;
2126
+ /** Card ATR */
2127
+ atr: string;
2128
+ /** Session creation time */
2129
+ createdAt: Date;
2130
+ /** Last activity time */
2131
+ lastActivity: Date;
2132
+ /** Session expiration time */
2133
+ expiresAt: Date;
2134
+ }
2135
+ export declare const cardSessionBindingSchema: z.ZodObject<{
2136
+ sessionId: z.ZodString;
2137
+ userId: z.ZodString;
2138
+ certificateFingerprint: z.ZodString;
2139
+ readerName: z.ZodString;
2140
+ atr: z.ZodString;
2141
+ createdAt: z.ZodDate;
2142
+ lastActivity: z.ZodDate;
2143
+ expiresAt: z.ZodDate;
2144
+ }, "strip", z.ZodTypeAny, {
2145
+ userId?: string;
2146
+ sessionId?: string;
2147
+ createdAt?: Date;
2148
+ expiresAt?: Date;
2149
+ certificateFingerprint?: string;
2150
+ readerName?: string;
2151
+ atr?: string;
2152
+ lastActivity?: Date;
2153
+ }, {
2154
+ userId?: string;
2155
+ sessionId?: string;
2156
+ createdAt?: Date;
2157
+ expiresAt?: Date;
2158
+ certificateFingerprint?: string;
2159
+ readerName?: string;
2160
+ atr?: string;
2161
+ lastActivity?: Date;
2162
+ }>;
2163
+ /**
2164
+ * Trusted CA configuration
2165
+ */
2166
+ export interface TrustedCAConfig {
2167
+ /** CA name/identifier */
2168
+ name: string;
2169
+ /** CA certificate in PEM format */
2170
+ certificate: string;
2171
+ /** Whether this is a root CA */
2172
+ isRoot: boolean;
2173
+ /** Policy OIDs this CA is trusted for */
2174
+ trustedPolicies?: string[];
2175
+ /** Maximum chain depth */
2176
+ maxPathLength?: number;
2177
+ }
2178
+ export declare const trustedCAConfigSchema: z.ZodObject<{
2179
+ name: z.ZodString;
2180
+ certificate: z.ZodString;
2181
+ isRoot: z.ZodBoolean;
2182
+ trustedPolicies: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2183
+ maxPathLength: z.ZodOptional<z.ZodNumber>;
2184
+ }, "strip", z.ZodTypeAny, {
2185
+ name?: string;
2186
+ certificate?: string;
2187
+ isRoot?: boolean;
2188
+ trustedPolicies?: string[];
2189
+ maxPathLength?: number;
2190
+ }, {
2191
+ name?: string;
2192
+ certificate?: string;
2193
+ isRoot?: boolean;
2194
+ trustedPolicies?: string[];
2195
+ maxPathLength?: number;
2196
+ }>;
2197
+ /**
2198
+ * OCSP configuration
2199
+ */
2200
+ export interface OCSPConfig {
2201
+ /** Enable OCSP checking */
2202
+ enabled: boolean;
2203
+ /** OCSP responder URL override (uses AIA if not set) */
2204
+ responderUrl?: string;
2205
+ /** Request timeout in milliseconds */
2206
+ timeout: number;
2207
+ /** Cache TTL in milliseconds */
2208
+ cacheTtl: number;
2209
+ /** Sign OCSP requests */
2210
+ signRequests: boolean;
2211
+ /** Signing certificate for OCSP requests */
2212
+ signingCertificate?: string;
2213
+ /** Signing key for OCSP requests */
2214
+ signingKey?: string;
2215
+ /** Allow OCSP soft failures (treat network errors as success) */
2216
+ softFail: boolean;
2217
+ /** Nonce in requests */
2218
+ useNonce: boolean;
2219
+ }
2220
+ export declare const ocspConfigSchema: z.ZodObject<{
2221
+ enabled: z.ZodDefault<z.ZodBoolean>;
2222
+ responderUrl: z.ZodOptional<z.ZodString>;
2223
+ timeout: z.ZodDefault<z.ZodNumber>;
2224
+ cacheTtl: z.ZodDefault<z.ZodNumber>;
2225
+ signRequests: z.ZodDefault<z.ZodBoolean>;
2226
+ signingCertificate: z.ZodOptional<z.ZodString>;
2227
+ signingKey: z.ZodOptional<z.ZodString>;
2228
+ softFail: z.ZodDefault<z.ZodBoolean>;
2229
+ useNonce: z.ZodDefault<z.ZodBoolean>;
2230
+ }, "strip", z.ZodTypeAny, {
2231
+ timeout?: number;
2232
+ enabled?: boolean;
2233
+ cacheTtl?: number;
2234
+ useNonce?: boolean;
2235
+ responderUrl?: string;
2236
+ signRequests?: boolean;
2237
+ signingCertificate?: string;
2238
+ signingKey?: string;
2239
+ softFail?: boolean;
2240
+ }, {
2241
+ timeout?: number;
2242
+ enabled?: boolean;
2243
+ cacheTtl?: number;
2244
+ useNonce?: boolean;
2245
+ responderUrl?: string;
2246
+ signRequests?: boolean;
2247
+ signingCertificate?: string;
2248
+ signingKey?: string;
2249
+ softFail?: boolean;
2250
+ }>;
2251
+ /**
2252
+ * CRL configuration
2253
+ */
2254
+ export interface CRLConfig {
2255
+ /** Enable CRL checking */
2256
+ enabled: boolean;
2257
+ /** CRL distribution point URL override */
2258
+ distributionPointUrl?: string;
2259
+ /** Download timeout in milliseconds */
2260
+ timeout: number;
2261
+ /** Cache TTL in milliseconds (uses nextUpdate if not set) */
2262
+ cacheTtl?: number;
2263
+ /** Refresh CRL before expiration (milliseconds) */
2264
+ refreshBefore: number;
2265
+ /** Maximum CRL size in bytes */
2266
+ maxSize: number;
2267
+ /** Allow CRL soft failures */
2268
+ softFail: boolean;
2269
+ /** Check delta CRLs */
2270
+ checkDelta: boolean;
2271
+ }
2272
+ export declare const crlConfigSchema: z.ZodObject<{
2273
+ enabled: z.ZodDefault<z.ZodBoolean>;
2274
+ distributionPointUrl: z.ZodOptional<z.ZodString>;
2275
+ timeout: z.ZodDefault<z.ZodNumber>;
2276
+ cacheTtl: z.ZodOptional<z.ZodNumber>;
2277
+ refreshBefore: z.ZodDefault<z.ZodNumber>;
2278
+ maxSize: z.ZodDefault<z.ZodNumber>;
2279
+ softFail: z.ZodDefault<z.ZodBoolean>;
2280
+ checkDelta: z.ZodDefault<z.ZodBoolean>;
2281
+ }, "strip", z.ZodTypeAny, {
2282
+ timeout?: number;
2283
+ enabled?: boolean;
2284
+ cacheTtl?: number;
2285
+ maxSize?: number;
2286
+ softFail?: boolean;
2287
+ distributionPointUrl?: string;
2288
+ refreshBefore?: number;
2289
+ checkDelta?: boolean;
2290
+ }, {
2291
+ timeout?: number;
2292
+ enabled?: boolean;
2293
+ cacheTtl?: number;
2294
+ maxSize?: number;
2295
+ softFail?: boolean;
2296
+ distributionPointUrl?: string;
2297
+ refreshBefore?: number;
2298
+ checkDelta?: boolean;
2299
+ }>;
2300
+ /**
2301
+ * PKCS#11 configuration
2302
+ */
2303
+ export interface PKCS11Config {
2304
+ /** Path to PKCS#11 library */
2305
+ libraryPath: string;
2306
+ /** Slot ID (uses first available if not set) */
2307
+ slotId?: number;
2308
+ /** Token label */
2309
+ tokenLabel?: string;
2310
+ /** PIN for token access */
2311
+ pin?: string;
2312
+ /** Initialize token on startup */
2313
+ initializeToken: boolean;
2314
+ /** Reader polling interval in milliseconds */
2315
+ pollingInterval: number;
2316
+ }
2317
+ export declare const pkcs11ConfigSchema: z.ZodObject<{
2318
+ libraryPath: z.ZodString;
2319
+ slotId: z.ZodOptional<z.ZodNumber>;
2320
+ tokenLabel: z.ZodOptional<z.ZodString>;
2321
+ pin: z.ZodOptional<z.ZodString>;
2322
+ initializeToken: z.ZodDefault<z.ZodBoolean>;
2323
+ pollingInterval: z.ZodDefault<z.ZodNumber>;
2324
+ }, "strip", z.ZodTypeAny, {
2325
+ pin?: string;
2326
+ libraryPath?: string;
2327
+ slotId?: number;
2328
+ tokenLabel?: string;
2329
+ initializeToken?: boolean;
2330
+ pollingInterval?: number;
2331
+ }, {
2332
+ pin?: string;
2333
+ libraryPath?: string;
2334
+ slotId?: number;
2335
+ tokenLabel?: string;
2336
+ initializeToken?: boolean;
2337
+ pollingInterval?: number;
2338
+ }>;
2339
+ /**
2340
+ * Card removal policy
2341
+ */
2342
+ export interface CardRemovalPolicy {
2343
+ /** Terminate session on card removal */
2344
+ terminateSession: boolean;
2345
+ /** Grace period before termination (milliseconds) */
2346
+ gracePeriod: number;
2347
+ /** Allow session continuation with re-authentication */
2348
+ allowReauthentication: boolean;
2349
+ /** Re-authentication timeout (milliseconds) */
2350
+ reauthenticationTimeout: number;
2351
+ /** Notification webhook URL */
2352
+ notificationWebhook?: string;
2353
+ }
2354
+ export declare const cardRemovalPolicySchema: z.ZodObject<{
2355
+ terminateSession: z.ZodDefault<z.ZodBoolean>;
2356
+ gracePeriod: z.ZodDefault<z.ZodNumber>;
2357
+ allowReauthentication: z.ZodDefault<z.ZodBoolean>;
2358
+ reauthenticationTimeout: z.ZodDefault<z.ZodNumber>;
2359
+ notificationWebhook: z.ZodOptional<z.ZodString>;
2360
+ }, "strip", z.ZodTypeAny, {
2361
+ terminateSession?: boolean;
2362
+ gracePeriod?: number;
2363
+ allowReauthentication?: boolean;
2364
+ reauthenticationTimeout?: number;
2365
+ notificationWebhook?: string;
2366
+ }, {
2367
+ terminateSession?: boolean;
2368
+ gracePeriod?: number;
2369
+ allowReauthentication?: boolean;
2370
+ reauthenticationTimeout?: number;
2371
+ notificationWebhook?: string;
2372
+ }>;
2373
+ /**
2374
+ * PIV/CAC authentication configuration
2375
+ */
2376
+ export interface PIVCACConfig {
2377
+ /** Enable PIV/CAC authentication */
2378
+ enabled: boolean;
2379
+ /** Trusted CA certificates */
2380
+ trustedCAs: TrustedCAConfig[];
2381
+ /** Revocation check method */
2382
+ revocationMethod: RevocationCheckMethod;
2383
+ /** OCSP configuration */
2384
+ ocsp: OCSPConfig;
2385
+ /** CRL configuration */
2386
+ crl: CRLConfig;
2387
+ /** PKCS#11 configuration */
2388
+ pkcs11?: PKCS11Config;
2389
+ /** Card removal policy */
2390
+ cardRemovalPolicy: CardRemovalPolicy;
2391
+ /** Certificate mapping rules */
2392
+ mappingRules: CertificateMappingRule[];
2393
+ /** Required key usage for authentication */
2394
+ requiredKeyUsage: PIVKeyUsage[];
2395
+ /** Required extended key usage OIDs */
2396
+ requiredExtendedKeyUsage?: string[];
2397
+ /** Required certificate policies OIDs */
2398
+ requiredPolicies?: string[];
2399
+ /** Allow expired certificates (not recommended) */
2400
+ allowExpired: boolean;
2401
+ /** Maximum certificate chain depth */
2402
+ maxChainDepth: number;
2403
+ /** Session TTL in milliseconds */
2404
+ sessionTtl: number;
2405
+ /** Enable DoD PKI compatibility mode */
2406
+ dodPkiCompatibility: boolean;
2407
+ /** Enable FIPS 201 compliance mode */
2408
+ fips201Compliance: boolean;
2409
+ /** Cache certificate validation results */
2410
+ cacheValidation: boolean;
2411
+ /** Validation cache TTL in milliseconds */
2412
+ validationCacheTtl: number;
2413
+ }
2414
+ export declare const pivCacConfigSchema: z.ZodObject<{
2415
+ enabled: z.ZodDefault<z.ZodBoolean>;
2416
+ trustedCAs: z.ZodDefault<z.ZodArray<z.ZodObject<{
2417
+ name: z.ZodString;
2418
+ certificate: z.ZodString;
2419
+ isRoot: z.ZodBoolean;
2420
+ trustedPolicies: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2421
+ maxPathLength: z.ZodOptional<z.ZodNumber>;
2422
+ }, "strip", z.ZodTypeAny, {
2423
+ name?: string;
2424
+ certificate?: string;
2425
+ isRoot?: boolean;
2426
+ trustedPolicies?: string[];
2427
+ maxPathLength?: number;
2428
+ }, {
2429
+ name?: string;
2430
+ certificate?: string;
2431
+ isRoot?: boolean;
2432
+ trustedPolicies?: string[];
2433
+ maxPathLength?: number;
2434
+ }>, "many">>;
2435
+ revocationMethod: z.ZodDefault<z.ZodNativeEnum<typeof RevocationCheckMethod>>;
2436
+ ocsp: z.ZodDefault<z.ZodObject<{
2437
+ enabled: z.ZodDefault<z.ZodBoolean>;
2438
+ responderUrl: z.ZodOptional<z.ZodString>;
2439
+ timeout: z.ZodDefault<z.ZodNumber>;
2440
+ cacheTtl: z.ZodDefault<z.ZodNumber>;
2441
+ signRequests: z.ZodDefault<z.ZodBoolean>;
2442
+ signingCertificate: z.ZodOptional<z.ZodString>;
2443
+ signingKey: z.ZodOptional<z.ZodString>;
2444
+ softFail: z.ZodDefault<z.ZodBoolean>;
2445
+ useNonce: z.ZodDefault<z.ZodBoolean>;
2446
+ }, "strip", z.ZodTypeAny, {
2447
+ timeout?: number;
2448
+ enabled?: boolean;
2449
+ cacheTtl?: number;
2450
+ useNonce?: boolean;
2451
+ responderUrl?: string;
2452
+ signRequests?: boolean;
2453
+ signingCertificate?: string;
2454
+ signingKey?: string;
2455
+ softFail?: boolean;
2456
+ }, {
2457
+ timeout?: number;
2458
+ enabled?: boolean;
2459
+ cacheTtl?: number;
2460
+ useNonce?: boolean;
2461
+ responderUrl?: string;
2462
+ signRequests?: boolean;
2463
+ signingCertificate?: string;
2464
+ signingKey?: string;
2465
+ softFail?: boolean;
2466
+ }>>;
2467
+ crl: z.ZodDefault<z.ZodObject<{
2468
+ enabled: z.ZodDefault<z.ZodBoolean>;
2469
+ distributionPointUrl: z.ZodOptional<z.ZodString>;
2470
+ timeout: z.ZodDefault<z.ZodNumber>;
2471
+ cacheTtl: z.ZodOptional<z.ZodNumber>;
2472
+ refreshBefore: z.ZodDefault<z.ZodNumber>;
2473
+ maxSize: z.ZodDefault<z.ZodNumber>;
2474
+ softFail: z.ZodDefault<z.ZodBoolean>;
2475
+ checkDelta: z.ZodDefault<z.ZodBoolean>;
2476
+ }, "strip", z.ZodTypeAny, {
2477
+ timeout?: number;
2478
+ enabled?: boolean;
2479
+ cacheTtl?: number;
2480
+ maxSize?: number;
2481
+ softFail?: boolean;
2482
+ distributionPointUrl?: string;
2483
+ refreshBefore?: number;
2484
+ checkDelta?: boolean;
2485
+ }, {
2486
+ timeout?: number;
2487
+ enabled?: boolean;
2488
+ cacheTtl?: number;
2489
+ maxSize?: number;
2490
+ softFail?: boolean;
2491
+ distributionPointUrl?: string;
2492
+ refreshBefore?: number;
2493
+ checkDelta?: boolean;
2494
+ }>>;
2495
+ pkcs11: z.ZodOptional<z.ZodObject<{
2496
+ libraryPath: z.ZodString;
2497
+ slotId: z.ZodOptional<z.ZodNumber>;
2498
+ tokenLabel: z.ZodOptional<z.ZodString>;
2499
+ pin: z.ZodOptional<z.ZodString>;
2500
+ initializeToken: z.ZodDefault<z.ZodBoolean>;
2501
+ pollingInterval: z.ZodDefault<z.ZodNumber>;
2502
+ }, "strip", z.ZodTypeAny, {
2503
+ pin?: string;
2504
+ libraryPath?: string;
2505
+ slotId?: number;
2506
+ tokenLabel?: string;
2507
+ initializeToken?: boolean;
2508
+ pollingInterval?: number;
2509
+ }, {
2510
+ pin?: string;
2511
+ libraryPath?: string;
2512
+ slotId?: number;
2513
+ tokenLabel?: string;
2514
+ initializeToken?: boolean;
2515
+ pollingInterval?: number;
2516
+ }>>;
2517
+ cardRemovalPolicy: z.ZodDefault<z.ZodObject<{
2518
+ terminateSession: z.ZodDefault<z.ZodBoolean>;
2519
+ gracePeriod: z.ZodDefault<z.ZodNumber>;
2520
+ allowReauthentication: z.ZodDefault<z.ZodBoolean>;
2521
+ reauthenticationTimeout: z.ZodDefault<z.ZodNumber>;
2522
+ notificationWebhook: z.ZodOptional<z.ZodString>;
2523
+ }, "strip", z.ZodTypeAny, {
2524
+ terminateSession?: boolean;
2525
+ gracePeriod?: number;
2526
+ allowReauthentication?: boolean;
2527
+ reauthenticationTimeout?: number;
2528
+ notificationWebhook?: string;
2529
+ }, {
2530
+ terminateSession?: boolean;
2531
+ gracePeriod?: number;
2532
+ allowReauthentication?: boolean;
2533
+ reauthenticationTimeout?: number;
2534
+ notificationWebhook?: string;
2535
+ }>>;
2536
+ mappingRules: z.ZodDefault<z.ZodArray<z.ZodObject<{
2537
+ name: z.ZodString;
2538
+ priority: z.ZodNumber;
2539
+ issuerPattern: z.ZodOptional<z.ZodString>;
2540
+ subjectPattern: z.ZodOptional<z.ZodString>;
2541
+ requiredPolicyOid: z.ZodOptional<z.ZodString>;
2542
+ strategy: z.ZodNativeEnum<typeof CertificateMappingStrategy>;
2543
+ userIdAttribute: z.ZodOptional<z.ZodString>;
2544
+ tenantId: z.ZodOptional<z.ZodString>;
2545
+ attributeMappings: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2546
+ }, "strip", z.ZodTypeAny, {
2547
+ name?: string;
2548
+ priority?: number;
2549
+ tenantId?: string;
2550
+ issuerPattern?: string;
2551
+ subjectPattern?: string;
2552
+ requiredPolicyOid?: string;
2553
+ strategy?: CertificateMappingStrategy;
2554
+ userIdAttribute?: string;
2555
+ attributeMappings?: Record<string, string>;
2556
+ }, {
2557
+ name?: string;
2558
+ priority?: number;
2559
+ tenantId?: string;
2560
+ issuerPattern?: string;
2561
+ subjectPattern?: string;
2562
+ requiredPolicyOid?: string;
2563
+ strategy?: CertificateMappingStrategy;
2564
+ userIdAttribute?: string;
2565
+ attributeMappings?: Record<string, string>;
2566
+ }>, "many">>;
2567
+ requiredKeyUsage: z.ZodDefault<z.ZodArray<z.ZodNativeEnum<typeof PIVKeyUsage>, "many">>;
2568
+ requiredExtendedKeyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2569
+ requiredPolicies: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2570
+ allowExpired: z.ZodDefault<z.ZodBoolean>;
2571
+ maxChainDepth: z.ZodDefault<z.ZodNumber>;
2572
+ sessionTtl: z.ZodDefault<z.ZodNumber>;
2573
+ dodPkiCompatibility: z.ZodDefault<z.ZodBoolean>;
2574
+ fips201Compliance: z.ZodDefault<z.ZodBoolean>;
2575
+ cacheValidation: z.ZodDefault<z.ZodBoolean>;
2576
+ validationCacheTtl: z.ZodDefault<z.ZodNumber>;
2577
+ }, "strip", z.ZodTypeAny, {
2578
+ enabled?: boolean;
2579
+ pkcs11?: {
2580
+ pin?: string;
2581
+ libraryPath?: string;
2582
+ slotId?: number;
2583
+ tokenLabel?: string;
2584
+ initializeToken?: boolean;
2585
+ pollingInterval?: number;
2586
+ };
2587
+ maxChainDepth?: number;
2588
+ ocsp?: {
2589
+ timeout?: number;
2590
+ enabled?: boolean;
2591
+ cacheTtl?: number;
2592
+ useNonce?: boolean;
2593
+ responderUrl?: string;
2594
+ signRequests?: boolean;
2595
+ signingCertificate?: string;
2596
+ signingKey?: string;
2597
+ softFail?: boolean;
2598
+ };
2599
+ trustedCAs?: {
2600
+ name?: string;
2601
+ certificate?: string;
2602
+ isRoot?: boolean;
2603
+ trustedPolicies?: string[];
2604
+ maxPathLength?: number;
2605
+ }[];
2606
+ revocationMethod?: RevocationCheckMethod;
2607
+ crl?: {
2608
+ timeout?: number;
2609
+ enabled?: boolean;
2610
+ cacheTtl?: number;
2611
+ maxSize?: number;
2612
+ softFail?: boolean;
2613
+ distributionPointUrl?: string;
2614
+ refreshBefore?: number;
2615
+ checkDelta?: boolean;
2616
+ };
2617
+ cardRemovalPolicy?: {
2618
+ terminateSession?: boolean;
2619
+ gracePeriod?: number;
2620
+ allowReauthentication?: boolean;
2621
+ reauthenticationTimeout?: number;
2622
+ notificationWebhook?: string;
2623
+ };
2624
+ mappingRules?: {
2625
+ name?: string;
2626
+ priority?: number;
2627
+ tenantId?: string;
2628
+ issuerPattern?: string;
2629
+ subjectPattern?: string;
2630
+ requiredPolicyOid?: string;
2631
+ strategy?: CertificateMappingStrategy;
2632
+ userIdAttribute?: string;
2633
+ attributeMappings?: Record<string, string>;
2634
+ }[];
2635
+ requiredKeyUsage?: PIVKeyUsage[];
2636
+ requiredExtendedKeyUsage?: string[];
2637
+ requiredPolicies?: string[];
2638
+ allowExpired?: boolean;
2639
+ sessionTtl?: number;
2640
+ dodPkiCompatibility?: boolean;
2641
+ fips201Compliance?: boolean;
2642
+ cacheValidation?: boolean;
2643
+ validationCacheTtl?: number;
2644
+ }, {
2645
+ enabled?: boolean;
2646
+ pkcs11?: {
2647
+ pin?: string;
2648
+ libraryPath?: string;
2649
+ slotId?: number;
2650
+ tokenLabel?: string;
2651
+ initializeToken?: boolean;
2652
+ pollingInterval?: number;
2653
+ };
2654
+ maxChainDepth?: number;
2655
+ ocsp?: {
2656
+ timeout?: number;
2657
+ enabled?: boolean;
2658
+ cacheTtl?: number;
2659
+ useNonce?: boolean;
2660
+ responderUrl?: string;
2661
+ signRequests?: boolean;
2662
+ signingCertificate?: string;
2663
+ signingKey?: string;
2664
+ softFail?: boolean;
2665
+ };
2666
+ trustedCAs?: {
2667
+ name?: string;
2668
+ certificate?: string;
2669
+ isRoot?: boolean;
2670
+ trustedPolicies?: string[];
2671
+ maxPathLength?: number;
2672
+ }[];
2673
+ revocationMethod?: RevocationCheckMethod;
2674
+ crl?: {
2675
+ timeout?: number;
2676
+ enabled?: boolean;
2677
+ cacheTtl?: number;
2678
+ maxSize?: number;
2679
+ softFail?: boolean;
2680
+ distributionPointUrl?: string;
2681
+ refreshBefore?: number;
2682
+ checkDelta?: boolean;
2683
+ };
2684
+ cardRemovalPolicy?: {
2685
+ terminateSession?: boolean;
2686
+ gracePeriod?: number;
2687
+ allowReauthentication?: boolean;
2688
+ reauthenticationTimeout?: number;
2689
+ notificationWebhook?: string;
2690
+ };
2691
+ mappingRules?: {
2692
+ name?: string;
2693
+ priority?: number;
2694
+ tenantId?: string;
2695
+ issuerPattern?: string;
2696
+ subjectPattern?: string;
2697
+ requiredPolicyOid?: string;
2698
+ strategy?: CertificateMappingStrategy;
2699
+ userIdAttribute?: string;
2700
+ attributeMappings?: Record<string, string>;
2701
+ }[];
2702
+ requiredKeyUsage?: PIVKeyUsage[];
2703
+ requiredExtendedKeyUsage?: string[];
2704
+ requiredPolicies?: string[];
2705
+ allowExpired?: boolean;
2706
+ sessionTtl?: number;
2707
+ dodPkiCompatibility?: boolean;
2708
+ fips201Compliance?: boolean;
2709
+ cacheValidation?: boolean;
2710
+ validationCacheTtl?: number;
2711
+ }>;
2712
+ /**
2713
+ * PIV authentication request
2714
+ */
2715
+ export interface PIVAuthRequest {
2716
+ /** Client certificate in PEM format */
2717
+ clientCertificate: string;
2718
+ /** Certificate chain in PEM format */
2719
+ certificateChain?: string;
2720
+ /** PIN (if required) */
2721
+ pin?: string;
2722
+ /** Challenge nonce */
2723
+ challenge?: string;
2724
+ /** Signed challenge */
2725
+ signedChallenge?: string;
2726
+ }
2727
+ export declare const pivAuthRequestSchema: z.ZodObject<{
2728
+ clientCertificate: z.ZodString;
2729
+ certificateChain: z.ZodOptional<z.ZodString>;
2730
+ pin: z.ZodOptional<z.ZodString>;
2731
+ challenge: z.ZodOptional<z.ZodString>;
2732
+ signedChallenge: z.ZodOptional<z.ZodString>;
2733
+ }, "strip", z.ZodTypeAny, {
2734
+ pin?: string;
2735
+ certificateChain?: string;
2736
+ challenge?: string;
2737
+ clientCertificate?: string;
2738
+ signedChallenge?: string;
2739
+ }, {
2740
+ pin?: string;
2741
+ certificateChain?: string;
2742
+ challenge?: string;
2743
+ clientCertificate?: string;
2744
+ signedChallenge?: string;
2745
+ }>;
2746
+ /**
2747
+ * PIV authentication result
2748
+ */
2749
+ export interface PIVAuthResult {
2750
+ /** Authentication success */
2751
+ success: boolean;
2752
+ /** Error message if failed */
2753
+ error?: string;
2754
+ /** Error code if failed */
2755
+ errorCode?: string;
2756
+ /** Mapped user identity */
2757
+ user?: MappedUserIdentity;
2758
+ /** Session ID */
2759
+ sessionId?: string;
2760
+ /** Session expiration */
2761
+ expiresAt?: Date;
2762
+ /** Certificate validation result */
2763
+ validation?: CertificateValidationResult;
2764
+ /** JWT access token */
2765
+ accessToken?: string;
2766
+ /** Refresh token */
2767
+ refreshToken?: string;
2768
+ }
2769
+ export declare const pivAuthResultSchema: z.ZodObject<{
2770
+ success: z.ZodBoolean;
2771
+ error: z.ZodOptional<z.ZodString>;
2772
+ errorCode: z.ZodOptional<z.ZodString>;
2773
+ user: z.ZodOptional<z.ZodObject<{
2774
+ userId: z.ZodString;
2775
+ username: z.ZodOptional<z.ZodString>;
2776
+ email: z.ZodOptional<z.ZodString>;
2777
+ upn: z.ZodOptional<z.ZodString>;
2778
+ edipi: z.ZodOptional<z.ZodString>;
2779
+ tenantId: z.ZodOptional<z.ZodString>;
2780
+ attributes: z.ZodRecord<z.ZodString, z.ZodString>;
2781
+ mappingStrategy: z.ZodNativeEnum<typeof CertificateMappingStrategy>;
2782
+ certificateFingerprint: z.ZodString;
2783
+ }, "strip", z.ZodTypeAny, {
2784
+ email?: string;
2785
+ tenantId?: string;
2786
+ userId?: string;
2787
+ attributes?: Record<string, string>;
2788
+ username?: string;
2789
+ upn?: string;
2790
+ edipi?: string;
2791
+ mappingStrategy?: CertificateMappingStrategy;
2792
+ certificateFingerprint?: string;
2793
+ }, {
2794
+ email?: string;
2795
+ tenantId?: string;
2796
+ userId?: string;
2797
+ attributes?: Record<string, string>;
2798
+ username?: string;
2799
+ upn?: string;
2800
+ edipi?: string;
2801
+ mappingStrategy?: CertificateMappingStrategy;
2802
+ certificateFingerprint?: string;
2803
+ }>>;
2804
+ sessionId: z.ZodOptional<z.ZodString>;
2805
+ expiresAt: z.ZodOptional<z.ZodDate>;
2806
+ validation: z.ZodOptional<z.ZodObject<{
2807
+ status: z.ZodNativeEnum<typeof CertificateValidationStatus>;
2808
+ isValid: z.ZodBoolean;
2809
+ errors: z.ZodArray<z.ZodString, "many">;
2810
+ warnings: z.ZodArray<z.ZodString, "many">;
2811
+ chainValidation: z.ZodOptional<z.ZodObject<{
2812
+ valid: z.ZodBoolean;
2813
+ depth: z.ZodNumber;
2814
+ errors: z.ZodArray<z.ZodString, "many">;
2815
+ }, "strip", z.ZodTypeAny, {
2816
+ valid?: boolean;
2817
+ errors?: string[];
2818
+ depth?: number;
2819
+ }, {
2820
+ valid?: boolean;
2821
+ errors?: string[];
2822
+ depth?: number;
2823
+ }>>;
2824
+ ocspResult: z.ZodOptional<z.ZodObject<{
2825
+ status: z.ZodEnum<["good", "revoked", "unknown"]>;
2826
+ revocationTime: z.ZodOptional<z.ZodDate>;
2827
+ revocationReason: z.ZodOptional<z.ZodString>;
2828
+ producedAt: z.ZodDate;
2829
+ thisUpdate: z.ZodDate;
2830
+ nextUpdate: z.ZodOptional<z.ZodDate>;
2831
+ responderId: z.ZodString;
2832
+ fromCache: z.ZodBoolean;
2833
+ responderUrl: z.ZodString;
2834
+ }, "strip", z.ZodTypeAny, {
2835
+ status?: "unknown" | "revoked" | "good";
2836
+ fromCache?: boolean;
2837
+ revocationReason?: string;
2838
+ revocationTime?: Date;
2839
+ producedAt?: Date;
2840
+ thisUpdate?: Date;
2841
+ nextUpdate?: Date;
2842
+ responderId?: string;
2843
+ responderUrl?: string;
2844
+ }, {
2845
+ status?: "unknown" | "revoked" | "good";
2846
+ fromCache?: boolean;
2847
+ revocationReason?: string;
2848
+ revocationTime?: Date;
2849
+ producedAt?: Date;
2850
+ thisUpdate?: Date;
2851
+ nextUpdate?: Date;
2852
+ responderId?: string;
2853
+ responderUrl?: string;
2854
+ }>>;
2855
+ crlResult: z.ZodOptional<z.ZodObject<{
2856
+ issuer: z.ZodObject<{
2857
+ CN: z.ZodOptional<z.ZodString>;
2858
+ O: z.ZodOptional<z.ZodString>;
2859
+ OU: z.ZodOptional<z.ZodString>;
2860
+ C: z.ZodOptional<z.ZodString>;
2861
+ ST: z.ZodOptional<z.ZodString>;
2862
+ L: z.ZodOptional<z.ZodString>;
2863
+ E: z.ZodOptional<z.ZodString>;
2864
+ serialNumber: z.ZodOptional<z.ZodString>;
2865
+ full: z.ZodString;
2866
+ }, "strip", z.ZodTypeAny, {
2867
+ full?: string;
2868
+ C?: string;
2869
+ E?: string;
2870
+ L?: string;
2871
+ O?: string;
2872
+ CN?: string;
2873
+ OU?: string;
2874
+ ST?: string;
2875
+ serialNumber?: string;
2876
+ }, {
2877
+ full?: string;
2878
+ C?: string;
2879
+ E?: string;
2880
+ L?: string;
2881
+ O?: string;
2882
+ CN?: string;
2883
+ OU?: string;
2884
+ ST?: string;
2885
+ serialNumber?: string;
2886
+ }>;
2887
+ thisUpdate: z.ZodDate;
2888
+ nextUpdate: z.ZodOptional<z.ZodDate>;
2889
+ revokedCertificates: z.ZodArray<z.ZodObject<{
2890
+ serialNumber: z.ZodString;
2891
+ revocationDate: z.ZodDate;
2892
+ reasonCode: z.ZodOptional<z.ZodNumber>;
2893
+ reason: z.ZodOptional<z.ZodString>;
2894
+ }, "strip", z.ZodTypeAny, {
2895
+ reason?: string;
2896
+ serialNumber?: string;
2897
+ revocationDate?: Date;
2898
+ reasonCode?: number;
2899
+ }, {
2900
+ reason?: string;
2901
+ serialNumber?: string;
2902
+ revocationDate?: Date;
2903
+ reasonCode?: number;
2904
+ }>, "many">;
2905
+ crlNumber: z.ZodOptional<z.ZodString>;
2906
+ isDelta: z.ZodBoolean;
2907
+ distributionPoint: z.ZodString;
2908
+ fromCache: z.ZodBoolean;
2909
+ }, "strip", z.ZodTypeAny, {
2910
+ issuer?: {
2911
+ full?: string;
2912
+ C?: string;
2913
+ E?: string;
2914
+ L?: string;
2915
+ O?: string;
2916
+ CN?: string;
2917
+ OU?: string;
2918
+ ST?: string;
2919
+ serialNumber?: string;
2920
+ };
2921
+ fromCache?: boolean;
2922
+ thisUpdate?: Date;
2923
+ nextUpdate?: Date;
2924
+ revokedCertificates?: {
2925
+ reason?: string;
2926
+ serialNumber?: string;
2927
+ revocationDate?: Date;
2928
+ reasonCode?: number;
2929
+ }[];
2930
+ crlNumber?: string;
2931
+ isDelta?: boolean;
2932
+ distributionPoint?: string;
2933
+ }, {
2934
+ issuer?: {
2935
+ full?: string;
2936
+ C?: string;
2937
+ E?: string;
2938
+ L?: string;
2939
+ O?: string;
2940
+ CN?: string;
2941
+ OU?: string;
2942
+ ST?: string;
2943
+ serialNumber?: string;
2944
+ };
2945
+ fromCache?: boolean;
2946
+ thisUpdate?: Date;
2947
+ nextUpdate?: Date;
2948
+ revokedCertificates?: {
2949
+ reason?: string;
2950
+ serialNumber?: string;
2951
+ revocationDate?: Date;
2952
+ reasonCode?: number;
2953
+ }[];
2954
+ crlNumber?: string;
2955
+ isDelta?: boolean;
2956
+ distributionPoint?: string;
2957
+ }>>;
2958
+ validatedAt: z.ZodDate;
2959
+ expiresAt: z.ZodDate;
2960
+ trustAnchor: z.ZodOptional<z.ZodString>;
2961
+ }, "strip", z.ZodTypeAny, {
2962
+ status?: CertificateValidationStatus;
2963
+ errors?: string[];
2964
+ warnings?: string[];
2965
+ expiresAt?: Date;
2966
+ validatedAt?: Date;
2967
+ isValid?: boolean;
2968
+ chainValidation?: {
2969
+ valid?: boolean;
2970
+ errors?: string[];
2971
+ depth?: number;
2972
+ };
2973
+ ocspResult?: {
2974
+ status?: "unknown" | "revoked" | "good";
2975
+ fromCache?: boolean;
2976
+ revocationReason?: string;
2977
+ revocationTime?: Date;
2978
+ producedAt?: Date;
2979
+ thisUpdate?: Date;
2980
+ nextUpdate?: Date;
2981
+ responderId?: string;
2982
+ responderUrl?: string;
2983
+ };
2984
+ crlResult?: {
2985
+ issuer?: {
2986
+ full?: string;
2987
+ C?: string;
2988
+ E?: string;
2989
+ L?: string;
2990
+ O?: string;
2991
+ CN?: string;
2992
+ OU?: string;
2993
+ ST?: string;
2994
+ serialNumber?: string;
2995
+ };
2996
+ fromCache?: boolean;
2997
+ thisUpdate?: Date;
2998
+ nextUpdate?: Date;
2999
+ revokedCertificates?: {
3000
+ reason?: string;
3001
+ serialNumber?: string;
3002
+ revocationDate?: Date;
3003
+ reasonCode?: number;
3004
+ }[];
3005
+ crlNumber?: string;
3006
+ isDelta?: boolean;
3007
+ distributionPoint?: string;
3008
+ };
3009
+ trustAnchor?: string;
3010
+ }, {
3011
+ status?: CertificateValidationStatus;
3012
+ errors?: string[];
3013
+ warnings?: string[];
3014
+ expiresAt?: Date;
3015
+ validatedAt?: Date;
3016
+ isValid?: boolean;
3017
+ chainValidation?: {
3018
+ valid?: boolean;
3019
+ errors?: string[];
3020
+ depth?: number;
3021
+ };
3022
+ ocspResult?: {
3023
+ status?: "unknown" | "revoked" | "good";
3024
+ fromCache?: boolean;
3025
+ revocationReason?: string;
3026
+ revocationTime?: Date;
3027
+ producedAt?: Date;
3028
+ thisUpdate?: Date;
3029
+ nextUpdate?: Date;
3030
+ responderId?: string;
3031
+ responderUrl?: string;
3032
+ };
3033
+ crlResult?: {
3034
+ issuer?: {
3035
+ full?: string;
3036
+ C?: string;
3037
+ E?: string;
3038
+ L?: string;
3039
+ O?: string;
3040
+ CN?: string;
3041
+ OU?: string;
3042
+ ST?: string;
3043
+ serialNumber?: string;
3044
+ };
3045
+ fromCache?: boolean;
3046
+ thisUpdate?: Date;
3047
+ nextUpdate?: Date;
3048
+ revokedCertificates?: {
3049
+ reason?: string;
3050
+ serialNumber?: string;
3051
+ revocationDate?: Date;
3052
+ reasonCode?: number;
3053
+ }[];
3054
+ crlNumber?: string;
3055
+ isDelta?: boolean;
3056
+ distributionPoint?: string;
3057
+ };
3058
+ trustAnchor?: string;
3059
+ }>>;
3060
+ accessToken: z.ZodOptional<z.ZodString>;
3061
+ refreshToken: z.ZodOptional<z.ZodString>;
3062
+ }, "strip", z.ZodTypeAny, {
3063
+ user?: {
3064
+ email?: string;
3065
+ tenantId?: string;
3066
+ userId?: string;
3067
+ attributes?: Record<string, string>;
3068
+ username?: string;
3069
+ upn?: string;
3070
+ edipi?: string;
3071
+ mappingStrategy?: CertificateMappingStrategy;
3072
+ certificateFingerprint?: string;
3073
+ };
3074
+ error?: string;
3075
+ validation?: {
3076
+ status?: CertificateValidationStatus;
3077
+ errors?: string[];
3078
+ warnings?: string[];
3079
+ expiresAt?: Date;
3080
+ validatedAt?: Date;
3081
+ isValid?: boolean;
3082
+ chainValidation?: {
3083
+ valid?: boolean;
3084
+ errors?: string[];
3085
+ depth?: number;
3086
+ };
3087
+ ocspResult?: {
3088
+ status?: "unknown" | "revoked" | "good";
3089
+ fromCache?: boolean;
3090
+ revocationReason?: string;
3091
+ revocationTime?: Date;
3092
+ producedAt?: Date;
3093
+ thisUpdate?: Date;
3094
+ nextUpdate?: Date;
3095
+ responderId?: string;
3096
+ responderUrl?: string;
3097
+ };
3098
+ crlResult?: {
3099
+ issuer?: {
3100
+ full?: string;
3101
+ C?: string;
3102
+ E?: string;
3103
+ L?: string;
3104
+ O?: string;
3105
+ CN?: string;
3106
+ OU?: string;
3107
+ ST?: string;
3108
+ serialNumber?: string;
3109
+ };
3110
+ fromCache?: boolean;
3111
+ thisUpdate?: Date;
3112
+ nextUpdate?: Date;
3113
+ revokedCertificates?: {
3114
+ reason?: string;
3115
+ serialNumber?: string;
3116
+ revocationDate?: Date;
3117
+ reasonCode?: number;
3118
+ }[];
3119
+ crlNumber?: string;
3120
+ isDelta?: boolean;
3121
+ distributionPoint?: string;
3122
+ };
3123
+ trustAnchor?: string;
3124
+ };
3125
+ accessToken?: string;
3126
+ refreshToken?: string;
3127
+ success?: boolean;
3128
+ sessionId?: string;
3129
+ errorCode?: string;
3130
+ expiresAt?: Date;
3131
+ }, {
3132
+ user?: {
3133
+ email?: string;
3134
+ tenantId?: string;
3135
+ userId?: string;
3136
+ attributes?: Record<string, string>;
3137
+ username?: string;
3138
+ upn?: string;
3139
+ edipi?: string;
3140
+ mappingStrategy?: CertificateMappingStrategy;
3141
+ certificateFingerprint?: string;
3142
+ };
3143
+ error?: string;
3144
+ validation?: {
3145
+ status?: CertificateValidationStatus;
3146
+ errors?: string[];
3147
+ warnings?: string[];
3148
+ expiresAt?: Date;
3149
+ validatedAt?: Date;
3150
+ isValid?: boolean;
3151
+ chainValidation?: {
3152
+ valid?: boolean;
3153
+ errors?: string[];
3154
+ depth?: number;
3155
+ };
3156
+ ocspResult?: {
3157
+ status?: "unknown" | "revoked" | "good";
3158
+ fromCache?: boolean;
3159
+ revocationReason?: string;
3160
+ revocationTime?: Date;
3161
+ producedAt?: Date;
3162
+ thisUpdate?: Date;
3163
+ nextUpdate?: Date;
3164
+ responderId?: string;
3165
+ responderUrl?: string;
3166
+ };
3167
+ crlResult?: {
3168
+ issuer?: {
3169
+ full?: string;
3170
+ C?: string;
3171
+ E?: string;
3172
+ L?: string;
3173
+ O?: string;
3174
+ CN?: string;
3175
+ OU?: string;
3176
+ ST?: string;
3177
+ serialNumber?: string;
3178
+ };
3179
+ fromCache?: boolean;
3180
+ thisUpdate?: Date;
3181
+ nextUpdate?: Date;
3182
+ revokedCertificates?: {
3183
+ reason?: string;
3184
+ serialNumber?: string;
3185
+ revocationDate?: Date;
3186
+ reasonCode?: number;
3187
+ }[];
3188
+ crlNumber?: string;
3189
+ isDelta?: boolean;
3190
+ distributionPoint?: string;
3191
+ };
3192
+ trustAnchor?: string;
3193
+ };
3194
+ accessToken?: string;
3195
+ refreshToken?: string;
3196
+ success?: boolean;
3197
+ sessionId?: string;
3198
+ errorCode?: string;
3199
+ expiresAt?: Date;
3200
+ }>;
3201
+ /**
3202
+ * PIV authentication context added to requests
3203
+ */
3204
+ export interface PIVAuthContext {
3205
+ /** Whether PIV authentication is present */
3206
+ isPIVAuthenticated: boolean;
3207
+ /** Mapped user identity */
3208
+ user?: MappedUserIdentity;
3209
+ /** Parsed client certificate */
3210
+ certificate?: ParsedCertificate;
3211
+ /** Certificate validation result */
3212
+ validation?: CertificateValidationResult;
3213
+ /** Session binding */
3214
+ sessionBinding?: CardSessionBinding;
3215
+ }
3216
+ export declare const pivAuthContextSchema: z.ZodObject<{
3217
+ isPIVAuthenticated: z.ZodBoolean;
3218
+ user: z.ZodOptional<z.ZodObject<{
3219
+ userId: z.ZodString;
3220
+ username: z.ZodOptional<z.ZodString>;
3221
+ email: z.ZodOptional<z.ZodString>;
3222
+ upn: z.ZodOptional<z.ZodString>;
3223
+ edipi: z.ZodOptional<z.ZodString>;
3224
+ tenantId: z.ZodOptional<z.ZodString>;
3225
+ attributes: z.ZodRecord<z.ZodString, z.ZodString>;
3226
+ mappingStrategy: z.ZodNativeEnum<typeof CertificateMappingStrategy>;
3227
+ certificateFingerprint: z.ZodString;
3228
+ }, "strip", z.ZodTypeAny, {
3229
+ email?: string;
3230
+ tenantId?: string;
3231
+ userId?: string;
3232
+ attributes?: Record<string, string>;
3233
+ username?: string;
3234
+ upn?: string;
3235
+ edipi?: string;
3236
+ mappingStrategy?: CertificateMappingStrategy;
3237
+ certificateFingerprint?: string;
3238
+ }, {
3239
+ email?: string;
3240
+ tenantId?: string;
3241
+ userId?: string;
3242
+ attributes?: Record<string, string>;
3243
+ username?: string;
3244
+ upn?: string;
3245
+ edipi?: string;
3246
+ mappingStrategy?: CertificateMappingStrategy;
3247
+ certificateFingerprint?: string;
3248
+ }>>;
3249
+ certificate: z.ZodOptional<z.ZodObject<{
3250
+ version: z.ZodNumber;
3251
+ serialNumber: z.ZodString;
3252
+ signatureAlgorithm: z.ZodString;
3253
+ issuer: z.ZodObject<{
3254
+ CN: z.ZodOptional<z.ZodString>;
3255
+ O: z.ZodOptional<z.ZodString>;
3256
+ OU: z.ZodOptional<z.ZodString>;
3257
+ C: z.ZodOptional<z.ZodString>;
3258
+ ST: z.ZodOptional<z.ZodString>;
3259
+ L: z.ZodOptional<z.ZodString>;
3260
+ E: z.ZodOptional<z.ZodString>;
3261
+ serialNumber: z.ZodOptional<z.ZodString>;
3262
+ full: z.ZodString;
3263
+ }, "strip", z.ZodTypeAny, {
3264
+ full?: string;
3265
+ C?: string;
3266
+ E?: string;
3267
+ L?: string;
3268
+ O?: string;
3269
+ CN?: string;
3270
+ OU?: string;
3271
+ ST?: string;
3272
+ serialNumber?: string;
3273
+ }, {
3274
+ full?: string;
3275
+ C?: string;
3276
+ E?: string;
3277
+ L?: string;
3278
+ O?: string;
3279
+ CN?: string;
3280
+ OU?: string;
3281
+ ST?: string;
3282
+ serialNumber?: string;
3283
+ }>;
3284
+ subject: z.ZodObject<{
3285
+ CN: z.ZodOptional<z.ZodString>;
3286
+ O: z.ZodOptional<z.ZodString>;
3287
+ OU: z.ZodOptional<z.ZodString>;
3288
+ C: z.ZodOptional<z.ZodString>;
3289
+ ST: z.ZodOptional<z.ZodString>;
3290
+ L: z.ZodOptional<z.ZodString>;
3291
+ E: z.ZodOptional<z.ZodString>;
3292
+ serialNumber: z.ZodOptional<z.ZodString>;
3293
+ full: z.ZodString;
3294
+ }, "strip", z.ZodTypeAny, {
3295
+ full?: string;
3296
+ C?: string;
3297
+ E?: string;
3298
+ L?: string;
3299
+ O?: string;
3300
+ CN?: string;
3301
+ OU?: string;
3302
+ ST?: string;
3303
+ serialNumber?: string;
3304
+ }, {
3305
+ full?: string;
3306
+ C?: string;
3307
+ E?: string;
3308
+ L?: string;
3309
+ O?: string;
3310
+ CN?: string;
3311
+ OU?: string;
3312
+ ST?: string;
3313
+ serialNumber?: string;
3314
+ }>;
3315
+ notBefore: z.ZodDate;
3316
+ notAfter: z.ZodDate;
3317
+ publicKeyAlgorithm: z.ZodString;
3318
+ publicKey: z.ZodString;
3319
+ subjectAltNames: z.ZodArray<z.ZodObject<{
3320
+ type: z.ZodEnum<["email", "dns", "uri", "ip", "upn", "other"]>;
3321
+ value: z.ZodString;
3322
+ oid: z.ZodOptional<z.ZodString>;
3323
+ }, "strip", z.ZodTypeAny, {
3324
+ value?: string;
3325
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
3326
+ oid?: string;
3327
+ }, {
3328
+ value?: string;
3329
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
3330
+ oid?: string;
3331
+ }>, "many">;
3332
+ keyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3333
+ extendedKeyUsage: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3334
+ extensions: z.ZodArray<z.ZodObject<{
3335
+ oid: z.ZodString;
3336
+ critical: z.ZodBoolean;
3337
+ value: z.ZodString;
3338
+ parsed: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
3339
+ }, "strip", z.ZodTypeAny, {
3340
+ value?: string;
3341
+ critical?: boolean;
3342
+ parsed?: Record<string, unknown>;
3343
+ oid?: string;
3344
+ }, {
3345
+ value?: string;
3346
+ critical?: boolean;
3347
+ parsed?: Record<string, unknown>;
3348
+ oid?: string;
3349
+ }>, "many">;
3350
+ authorityInfoAccess: z.ZodOptional<z.ZodObject<{
3351
+ ocsp: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3352
+ caIssuers: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3353
+ }, "strip", z.ZodTypeAny, {
3354
+ ocsp?: string[];
3355
+ caIssuers?: string[];
3356
+ }, {
3357
+ ocsp?: string[];
3358
+ caIssuers?: string[];
3359
+ }>>;
3360
+ crlDistributionPoints: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
3361
+ fingerprint: z.ZodString;
3362
+ publicKeyFingerprint: z.ZodString;
3363
+ pem: z.ZodString;
3364
+ der: z.ZodString;
3365
+ }, "strip", z.ZodTypeAny, {
3366
+ version?: number;
3367
+ issuer?: {
3368
+ full?: string;
3369
+ C?: string;
3370
+ E?: string;
3371
+ L?: string;
3372
+ O?: string;
3373
+ CN?: string;
3374
+ OU?: string;
3375
+ ST?: string;
3376
+ serialNumber?: string;
3377
+ };
3378
+ publicKey?: string;
3379
+ signatureAlgorithm?: string;
3380
+ fingerprint?: string;
3381
+ extensions?: {
3382
+ value?: string;
3383
+ critical?: boolean;
3384
+ parsed?: Record<string, unknown>;
3385
+ oid?: string;
3386
+ }[];
3387
+ subject?: {
3388
+ full?: string;
3389
+ C?: string;
3390
+ E?: string;
3391
+ L?: string;
3392
+ O?: string;
3393
+ CN?: string;
3394
+ OU?: string;
3395
+ ST?: string;
3396
+ serialNumber?: string;
3397
+ };
3398
+ serialNumber?: string;
3399
+ notBefore?: Date;
3400
+ notAfter?: Date;
3401
+ publicKeyAlgorithm?: string;
3402
+ subjectAltNames?: {
3403
+ value?: string;
3404
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
3405
+ oid?: string;
3406
+ }[];
3407
+ keyUsage?: string[];
3408
+ extendedKeyUsage?: string[];
3409
+ authorityInfoAccess?: {
3410
+ ocsp?: string[];
3411
+ caIssuers?: string[];
3412
+ };
3413
+ crlDistributionPoints?: string[];
3414
+ publicKeyFingerprint?: string;
3415
+ pem?: string;
3416
+ der?: string;
3417
+ }, {
3418
+ version?: number;
3419
+ issuer?: {
3420
+ full?: string;
3421
+ C?: string;
3422
+ E?: string;
3423
+ L?: string;
3424
+ O?: string;
3425
+ CN?: string;
3426
+ OU?: string;
3427
+ ST?: string;
3428
+ serialNumber?: string;
3429
+ };
3430
+ publicKey?: string;
3431
+ signatureAlgorithm?: string;
3432
+ fingerprint?: string;
3433
+ extensions?: {
3434
+ value?: string;
3435
+ critical?: boolean;
3436
+ parsed?: Record<string, unknown>;
3437
+ oid?: string;
3438
+ }[];
3439
+ subject?: {
3440
+ full?: string;
3441
+ C?: string;
3442
+ E?: string;
3443
+ L?: string;
3444
+ O?: string;
3445
+ CN?: string;
3446
+ OU?: string;
3447
+ ST?: string;
3448
+ serialNumber?: string;
3449
+ };
3450
+ serialNumber?: string;
3451
+ notBefore?: Date;
3452
+ notAfter?: Date;
3453
+ publicKeyAlgorithm?: string;
3454
+ subjectAltNames?: {
3455
+ value?: string;
3456
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
3457
+ oid?: string;
3458
+ }[];
3459
+ keyUsage?: string[];
3460
+ extendedKeyUsage?: string[];
3461
+ authorityInfoAccess?: {
3462
+ ocsp?: string[];
3463
+ caIssuers?: string[];
3464
+ };
3465
+ crlDistributionPoints?: string[];
3466
+ publicKeyFingerprint?: string;
3467
+ pem?: string;
3468
+ der?: string;
3469
+ }>>;
3470
+ validation: z.ZodOptional<z.ZodObject<{
3471
+ status: z.ZodNativeEnum<typeof CertificateValidationStatus>;
3472
+ isValid: z.ZodBoolean;
3473
+ errors: z.ZodArray<z.ZodString, "many">;
3474
+ warnings: z.ZodArray<z.ZodString, "many">;
3475
+ chainValidation: z.ZodOptional<z.ZodObject<{
3476
+ valid: z.ZodBoolean;
3477
+ depth: z.ZodNumber;
3478
+ errors: z.ZodArray<z.ZodString, "many">;
3479
+ }, "strip", z.ZodTypeAny, {
3480
+ valid?: boolean;
3481
+ errors?: string[];
3482
+ depth?: number;
3483
+ }, {
3484
+ valid?: boolean;
3485
+ errors?: string[];
3486
+ depth?: number;
3487
+ }>>;
3488
+ ocspResult: z.ZodOptional<z.ZodObject<{
3489
+ status: z.ZodEnum<["good", "revoked", "unknown"]>;
3490
+ revocationTime: z.ZodOptional<z.ZodDate>;
3491
+ revocationReason: z.ZodOptional<z.ZodString>;
3492
+ producedAt: z.ZodDate;
3493
+ thisUpdate: z.ZodDate;
3494
+ nextUpdate: z.ZodOptional<z.ZodDate>;
3495
+ responderId: z.ZodString;
3496
+ fromCache: z.ZodBoolean;
3497
+ responderUrl: z.ZodString;
3498
+ }, "strip", z.ZodTypeAny, {
3499
+ status?: "unknown" | "revoked" | "good";
3500
+ fromCache?: boolean;
3501
+ revocationReason?: string;
3502
+ revocationTime?: Date;
3503
+ producedAt?: Date;
3504
+ thisUpdate?: Date;
3505
+ nextUpdate?: Date;
3506
+ responderId?: string;
3507
+ responderUrl?: string;
3508
+ }, {
3509
+ status?: "unknown" | "revoked" | "good";
3510
+ fromCache?: boolean;
3511
+ revocationReason?: string;
3512
+ revocationTime?: Date;
3513
+ producedAt?: Date;
3514
+ thisUpdate?: Date;
3515
+ nextUpdate?: Date;
3516
+ responderId?: string;
3517
+ responderUrl?: string;
3518
+ }>>;
3519
+ crlResult: z.ZodOptional<z.ZodObject<{
3520
+ issuer: z.ZodObject<{
3521
+ CN: z.ZodOptional<z.ZodString>;
3522
+ O: z.ZodOptional<z.ZodString>;
3523
+ OU: z.ZodOptional<z.ZodString>;
3524
+ C: z.ZodOptional<z.ZodString>;
3525
+ ST: z.ZodOptional<z.ZodString>;
3526
+ L: z.ZodOptional<z.ZodString>;
3527
+ E: z.ZodOptional<z.ZodString>;
3528
+ serialNumber: z.ZodOptional<z.ZodString>;
3529
+ full: z.ZodString;
3530
+ }, "strip", z.ZodTypeAny, {
3531
+ full?: string;
3532
+ C?: string;
3533
+ E?: string;
3534
+ L?: string;
3535
+ O?: string;
3536
+ CN?: string;
3537
+ OU?: string;
3538
+ ST?: string;
3539
+ serialNumber?: string;
3540
+ }, {
3541
+ full?: string;
3542
+ C?: string;
3543
+ E?: string;
3544
+ L?: string;
3545
+ O?: string;
3546
+ CN?: string;
3547
+ OU?: string;
3548
+ ST?: string;
3549
+ serialNumber?: string;
3550
+ }>;
3551
+ thisUpdate: z.ZodDate;
3552
+ nextUpdate: z.ZodOptional<z.ZodDate>;
3553
+ revokedCertificates: z.ZodArray<z.ZodObject<{
3554
+ serialNumber: z.ZodString;
3555
+ revocationDate: z.ZodDate;
3556
+ reasonCode: z.ZodOptional<z.ZodNumber>;
3557
+ reason: z.ZodOptional<z.ZodString>;
3558
+ }, "strip", z.ZodTypeAny, {
3559
+ reason?: string;
3560
+ serialNumber?: string;
3561
+ revocationDate?: Date;
3562
+ reasonCode?: number;
3563
+ }, {
3564
+ reason?: string;
3565
+ serialNumber?: string;
3566
+ revocationDate?: Date;
3567
+ reasonCode?: number;
3568
+ }>, "many">;
3569
+ crlNumber: z.ZodOptional<z.ZodString>;
3570
+ isDelta: z.ZodBoolean;
3571
+ distributionPoint: z.ZodString;
3572
+ fromCache: z.ZodBoolean;
3573
+ }, "strip", z.ZodTypeAny, {
3574
+ issuer?: {
3575
+ full?: string;
3576
+ C?: string;
3577
+ E?: string;
3578
+ L?: string;
3579
+ O?: string;
3580
+ CN?: string;
3581
+ OU?: string;
3582
+ ST?: string;
3583
+ serialNumber?: string;
3584
+ };
3585
+ fromCache?: boolean;
3586
+ thisUpdate?: Date;
3587
+ nextUpdate?: Date;
3588
+ revokedCertificates?: {
3589
+ reason?: string;
3590
+ serialNumber?: string;
3591
+ revocationDate?: Date;
3592
+ reasonCode?: number;
3593
+ }[];
3594
+ crlNumber?: string;
3595
+ isDelta?: boolean;
3596
+ distributionPoint?: string;
3597
+ }, {
3598
+ issuer?: {
3599
+ full?: string;
3600
+ C?: string;
3601
+ E?: string;
3602
+ L?: string;
3603
+ O?: string;
3604
+ CN?: string;
3605
+ OU?: string;
3606
+ ST?: string;
3607
+ serialNumber?: string;
3608
+ };
3609
+ fromCache?: boolean;
3610
+ thisUpdate?: Date;
3611
+ nextUpdate?: Date;
3612
+ revokedCertificates?: {
3613
+ reason?: string;
3614
+ serialNumber?: string;
3615
+ revocationDate?: Date;
3616
+ reasonCode?: number;
3617
+ }[];
3618
+ crlNumber?: string;
3619
+ isDelta?: boolean;
3620
+ distributionPoint?: string;
3621
+ }>>;
3622
+ validatedAt: z.ZodDate;
3623
+ expiresAt: z.ZodDate;
3624
+ trustAnchor: z.ZodOptional<z.ZodString>;
3625
+ }, "strip", z.ZodTypeAny, {
3626
+ status?: CertificateValidationStatus;
3627
+ errors?: string[];
3628
+ warnings?: string[];
3629
+ expiresAt?: Date;
3630
+ validatedAt?: Date;
3631
+ isValid?: boolean;
3632
+ chainValidation?: {
3633
+ valid?: boolean;
3634
+ errors?: string[];
3635
+ depth?: number;
3636
+ };
3637
+ ocspResult?: {
3638
+ status?: "unknown" | "revoked" | "good";
3639
+ fromCache?: boolean;
3640
+ revocationReason?: string;
3641
+ revocationTime?: Date;
3642
+ producedAt?: Date;
3643
+ thisUpdate?: Date;
3644
+ nextUpdate?: Date;
3645
+ responderId?: string;
3646
+ responderUrl?: string;
3647
+ };
3648
+ crlResult?: {
3649
+ issuer?: {
3650
+ full?: string;
3651
+ C?: string;
3652
+ E?: string;
3653
+ L?: string;
3654
+ O?: string;
3655
+ CN?: string;
3656
+ OU?: string;
3657
+ ST?: string;
3658
+ serialNumber?: string;
3659
+ };
3660
+ fromCache?: boolean;
3661
+ thisUpdate?: Date;
3662
+ nextUpdate?: Date;
3663
+ revokedCertificates?: {
3664
+ reason?: string;
3665
+ serialNumber?: string;
3666
+ revocationDate?: Date;
3667
+ reasonCode?: number;
3668
+ }[];
3669
+ crlNumber?: string;
3670
+ isDelta?: boolean;
3671
+ distributionPoint?: string;
3672
+ };
3673
+ trustAnchor?: string;
3674
+ }, {
3675
+ status?: CertificateValidationStatus;
3676
+ errors?: string[];
3677
+ warnings?: string[];
3678
+ expiresAt?: Date;
3679
+ validatedAt?: Date;
3680
+ isValid?: boolean;
3681
+ chainValidation?: {
3682
+ valid?: boolean;
3683
+ errors?: string[];
3684
+ depth?: number;
3685
+ };
3686
+ ocspResult?: {
3687
+ status?: "unknown" | "revoked" | "good";
3688
+ fromCache?: boolean;
3689
+ revocationReason?: string;
3690
+ revocationTime?: Date;
3691
+ producedAt?: Date;
3692
+ thisUpdate?: Date;
3693
+ nextUpdate?: Date;
3694
+ responderId?: string;
3695
+ responderUrl?: string;
3696
+ };
3697
+ crlResult?: {
3698
+ issuer?: {
3699
+ full?: string;
3700
+ C?: string;
3701
+ E?: string;
3702
+ L?: string;
3703
+ O?: string;
3704
+ CN?: string;
3705
+ OU?: string;
3706
+ ST?: string;
3707
+ serialNumber?: string;
3708
+ };
3709
+ fromCache?: boolean;
3710
+ thisUpdate?: Date;
3711
+ nextUpdate?: Date;
3712
+ revokedCertificates?: {
3713
+ reason?: string;
3714
+ serialNumber?: string;
3715
+ revocationDate?: Date;
3716
+ reasonCode?: number;
3717
+ }[];
3718
+ crlNumber?: string;
3719
+ isDelta?: boolean;
3720
+ distributionPoint?: string;
3721
+ };
3722
+ trustAnchor?: string;
3723
+ }>>;
3724
+ sessionBinding: z.ZodOptional<z.ZodObject<{
3725
+ sessionId: z.ZodString;
3726
+ userId: z.ZodString;
3727
+ certificateFingerprint: z.ZodString;
3728
+ readerName: z.ZodString;
3729
+ atr: z.ZodString;
3730
+ createdAt: z.ZodDate;
3731
+ lastActivity: z.ZodDate;
3732
+ expiresAt: z.ZodDate;
3733
+ }, "strip", z.ZodTypeAny, {
3734
+ userId?: string;
3735
+ sessionId?: string;
3736
+ createdAt?: Date;
3737
+ expiresAt?: Date;
3738
+ certificateFingerprint?: string;
3739
+ readerName?: string;
3740
+ atr?: string;
3741
+ lastActivity?: Date;
3742
+ }, {
3743
+ userId?: string;
3744
+ sessionId?: string;
3745
+ createdAt?: Date;
3746
+ expiresAt?: Date;
3747
+ certificateFingerprint?: string;
3748
+ readerName?: string;
3749
+ atr?: string;
3750
+ lastActivity?: Date;
3751
+ }>>;
3752
+ }, "strip", z.ZodTypeAny, {
3753
+ user?: {
3754
+ email?: string;
3755
+ tenantId?: string;
3756
+ userId?: string;
3757
+ attributes?: Record<string, string>;
3758
+ username?: string;
3759
+ upn?: string;
3760
+ edipi?: string;
3761
+ mappingStrategy?: CertificateMappingStrategy;
3762
+ certificateFingerprint?: string;
3763
+ };
3764
+ validation?: {
3765
+ status?: CertificateValidationStatus;
3766
+ errors?: string[];
3767
+ warnings?: string[];
3768
+ expiresAt?: Date;
3769
+ validatedAt?: Date;
3770
+ isValid?: boolean;
3771
+ chainValidation?: {
3772
+ valid?: boolean;
3773
+ errors?: string[];
3774
+ depth?: number;
3775
+ };
3776
+ ocspResult?: {
3777
+ status?: "unknown" | "revoked" | "good";
3778
+ fromCache?: boolean;
3779
+ revocationReason?: string;
3780
+ revocationTime?: Date;
3781
+ producedAt?: Date;
3782
+ thisUpdate?: Date;
3783
+ nextUpdate?: Date;
3784
+ responderId?: string;
3785
+ responderUrl?: string;
3786
+ };
3787
+ crlResult?: {
3788
+ issuer?: {
3789
+ full?: string;
3790
+ C?: string;
3791
+ E?: string;
3792
+ L?: string;
3793
+ O?: string;
3794
+ CN?: string;
3795
+ OU?: string;
3796
+ ST?: string;
3797
+ serialNumber?: string;
3798
+ };
3799
+ fromCache?: boolean;
3800
+ thisUpdate?: Date;
3801
+ nextUpdate?: Date;
3802
+ revokedCertificates?: {
3803
+ reason?: string;
3804
+ serialNumber?: string;
3805
+ revocationDate?: Date;
3806
+ reasonCode?: number;
3807
+ }[];
3808
+ crlNumber?: string;
3809
+ isDelta?: boolean;
3810
+ distributionPoint?: string;
3811
+ };
3812
+ trustAnchor?: string;
3813
+ };
3814
+ certificate?: {
3815
+ version?: number;
3816
+ issuer?: {
3817
+ full?: string;
3818
+ C?: string;
3819
+ E?: string;
3820
+ L?: string;
3821
+ O?: string;
3822
+ CN?: string;
3823
+ OU?: string;
3824
+ ST?: string;
3825
+ serialNumber?: string;
3826
+ };
3827
+ publicKey?: string;
3828
+ signatureAlgorithm?: string;
3829
+ fingerprint?: string;
3830
+ extensions?: {
3831
+ value?: string;
3832
+ critical?: boolean;
3833
+ parsed?: Record<string, unknown>;
3834
+ oid?: string;
3835
+ }[];
3836
+ subject?: {
3837
+ full?: string;
3838
+ C?: string;
3839
+ E?: string;
3840
+ L?: string;
3841
+ O?: string;
3842
+ CN?: string;
3843
+ OU?: string;
3844
+ ST?: string;
3845
+ serialNumber?: string;
3846
+ };
3847
+ serialNumber?: string;
3848
+ notBefore?: Date;
3849
+ notAfter?: Date;
3850
+ publicKeyAlgorithm?: string;
3851
+ subjectAltNames?: {
3852
+ value?: string;
3853
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
3854
+ oid?: string;
3855
+ }[];
3856
+ keyUsage?: string[];
3857
+ extendedKeyUsage?: string[];
3858
+ authorityInfoAccess?: {
3859
+ ocsp?: string[];
3860
+ caIssuers?: string[];
3861
+ };
3862
+ crlDistributionPoints?: string[];
3863
+ publicKeyFingerprint?: string;
3864
+ pem?: string;
3865
+ der?: string;
3866
+ };
3867
+ isPIVAuthenticated?: boolean;
3868
+ sessionBinding?: {
3869
+ userId?: string;
3870
+ sessionId?: string;
3871
+ createdAt?: Date;
3872
+ expiresAt?: Date;
3873
+ certificateFingerprint?: string;
3874
+ readerName?: string;
3875
+ atr?: string;
3876
+ lastActivity?: Date;
3877
+ };
3878
+ }, {
3879
+ user?: {
3880
+ email?: string;
3881
+ tenantId?: string;
3882
+ userId?: string;
3883
+ attributes?: Record<string, string>;
3884
+ username?: string;
3885
+ upn?: string;
3886
+ edipi?: string;
3887
+ mappingStrategy?: CertificateMappingStrategy;
3888
+ certificateFingerprint?: string;
3889
+ };
3890
+ validation?: {
3891
+ status?: CertificateValidationStatus;
3892
+ errors?: string[];
3893
+ warnings?: string[];
3894
+ expiresAt?: Date;
3895
+ validatedAt?: Date;
3896
+ isValid?: boolean;
3897
+ chainValidation?: {
3898
+ valid?: boolean;
3899
+ errors?: string[];
3900
+ depth?: number;
3901
+ };
3902
+ ocspResult?: {
3903
+ status?: "unknown" | "revoked" | "good";
3904
+ fromCache?: boolean;
3905
+ revocationReason?: string;
3906
+ revocationTime?: Date;
3907
+ producedAt?: Date;
3908
+ thisUpdate?: Date;
3909
+ nextUpdate?: Date;
3910
+ responderId?: string;
3911
+ responderUrl?: string;
3912
+ };
3913
+ crlResult?: {
3914
+ issuer?: {
3915
+ full?: string;
3916
+ C?: string;
3917
+ E?: string;
3918
+ L?: string;
3919
+ O?: string;
3920
+ CN?: string;
3921
+ OU?: string;
3922
+ ST?: string;
3923
+ serialNumber?: string;
3924
+ };
3925
+ fromCache?: boolean;
3926
+ thisUpdate?: Date;
3927
+ nextUpdate?: Date;
3928
+ revokedCertificates?: {
3929
+ reason?: string;
3930
+ serialNumber?: string;
3931
+ revocationDate?: Date;
3932
+ reasonCode?: number;
3933
+ }[];
3934
+ crlNumber?: string;
3935
+ isDelta?: boolean;
3936
+ distributionPoint?: string;
3937
+ };
3938
+ trustAnchor?: string;
3939
+ };
3940
+ certificate?: {
3941
+ version?: number;
3942
+ issuer?: {
3943
+ full?: string;
3944
+ C?: string;
3945
+ E?: string;
3946
+ L?: string;
3947
+ O?: string;
3948
+ CN?: string;
3949
+ OU?: string;
3950
+ ST?: string;
3951
+ serialNumber?: string;
3952
+ };
3953
+ publicKey?: string;
3954
+ signatureAlgorithm?: string;
3955
+ fingerprint?: string;
3956
+ extensions?: {
3957
+ value?: string;
3958
+ critical?: boolean;
3959
+ parsed?: Record<string, unknown>;
3960
+ oid?: string;
3961
+ }[];
3962
+ subject?: {
3963
+ full?: string;
3964
+ C?: string;
3965
+ E?: string;
3966
+ L?: string;
3967
+ O?: string;
3968
+ CN?: string;
3969
+ OU?: string;
3970
+ ST?: string;
3971
+ serialNumber?: string;
3972
+ };
3973
+ serialNumber?: string;
3974
+ notBefore?: Date;
3975
+ notAfter?: Date;
3976
+ publicKeyAlgorithm?: string;
3977
+ subjectAltNames?: {
3978
+ value?: string;
3979
+ type?: "email" | "ip" | "other" | "uri" | "dns" | "upn";
3980
+ oid?: string;
3981
+ }[];
3982
+ keyUsage?: string[];
3983
+ extendedKeyUsage?: string[];
3984
+ authorityInfoAccess?: {
3985
+ ocsp?: string[];
3986
+ caIssuers?: string[];
3987
+ };
3988
+ crlDistributionPoints?: string[];
3989
+ publicKeyFingerprint?: string;
3990
+ pem?: string;
3991
+ der?: string;
3992
+ };
3993
+ isPIVAuthenticated?: boolean;
3994
+ sessionBinding?: {
3995
+ userId?: string;
3996
+ sessionId?: string;
3997
+ createdAt?: Date;
3998
+ expiresAt?: Date;
3999
+ certificateFingerprint?: string;
4000
+ readerName?: string;
4001
+ atr?: string;
4002
+ lastActivity?: Date;
4003
+ };
4004
+ }>;
4005
+ /**
4006
+ * PIV middleware options
4007
+ */
4008
+ export interface PIVMiddlewareOptions {
4009
+ /** Skip authentication for these paths */
4010
+ skipPaths?: string[];
4011
+ /** Require PIV for these paths (all others optional) */
4012
+ requiredPaths?: string[];
4013
+ /** Extract certificate from header name (default: x-client-certificate) */
4014
+ certificateHeader?: string;
4015
+ /** Extract certificate from header (alternative) */
4016
+ certificateChainHeader?: string;
4017
+ /** Custom trust anchor resolver */
4018
+ trustAnchorResolver?: (cert: ParsedCertificate) => Promise<TrustedCAConfig | undefined>;
4019
+ /** Custom user lookup after mapping */
4020
+ userLookup?: (identity: MappedUserIdentity) => Promise<Record<string, unknown> | undefined>;
4021
+ /** Failure handler */
4022
+ onFailure?: (error: Error, request: unknown, reply: unknown) => Promise<void>;
4023
+ /** Success handler */
4024
+ onSuccess?: (context: PIVAuthContext, request: unknown) => Promise<void>;
4025
+ }
4026
+ export declare const pivMiddlewareOptionsSchema: z.ZodObject<{
4027
+ skipPaths: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
4028
+ requiredPaths: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
4029
+ certificateHeader: z.ZodDefault<z.ZodString>;
4030
+ certificateChainHeader: z.ZodDefault<z.ZodString>;
4031
+ }, "strip", z.ZodTypeAny, {
4032
+ skipPaths?: string[];
4033
+ requiredPaths?: string[];
4034
+ certificateHeader?: string;
4035
+ certificateChainHeader?: string;
4036
+ }, {
4037
+ skipPaths?: string[];
4038
+ requiredPaths?: string[];
4039
+ certificateHeader?: string;
4040
+ certificateChainHeader?: string;
4041
+ }>;
4042
+ /**
4043
+ * Default PIV/CAC configuration
4044
+ */
4045
+ export declare const DEFAULT_PIVCAC_CONFIG: PIVCACConfig;
4046
+ /**
4047
+ * DoD PKI compatible configuration preset
4048
+ */
4049
+ export declare const DOD_PKI_CONFIG: Partial<PIVCACConfig>;
4050
+ /**
4051
+ * PIV authentication error codes
4052
+ */
4053
+ export declare enum PIVErrorCode {
4054
+ /** Certificate not provided */
4055
+ CERTIFICATE_MISSING = "CERTIFICATE_MISSING",
4056
+ /** Certificate parsing failed */
4057
+ CERTIFICATE_PARSE_ERROR = "CERTIFICATE_PARSE_ERROR",
4058
+ /** Certificate expired */
4059
+ CERTIFICATE_EXPIRED = "CERTIFICATE_EXPIRED",
4060
+ /** Certificate not yet valid */
4061
+ CERTIFICATE_NOT_YET_VALID = "CERTIFICATE_NOT_YET_VALID",
4062
+ /** Certificate revoked */
4063
+ CERTIFICATE_REVOKED = "CERTIFICATE_REVOKED",
4064
+ /** Certificate chain invalid */
4065
+ CERTIFICATE_CHAIN_INVALID = "CERTIFICATE_CHAIN_INVALID",
4066
+ /** Certificate signature invalid */
4067
+ CERTIFICATE_SIGNATURE_INVALID = "CERTIFICATE_SIGNATURE_INVALID",
4068
+ /** Certificate key usage invalid */
4069
+ CERTIFICATE_KEY_USAGE_INVALID = "CERTIFICATE_KEY_USAGE_INVALID",
4070
+ /** Certificate policy invalid */
4071
+ CERTIFICATE_POLICY_INVALID = "CERTIFICATE_POLICY_INVALID",
4072
+ /** OCSP check failed */
4073
+ OCSP_CHECK_FAILED = "OCSP_CHECK_FAILED",
4074
+ /** CRL check failed */
4075
+ CRL_CHECK_FAILED = "CRL_CHECK_FAILED",
4076
+ /** User mapping failed */
4077
+ USER_MAPPING_FAILED = "USER_MAPPING_FAILED",
4078
+ /** User not found */
4079
+ USER_NOT_FOUND = "USER_NOT_FOUND",
4080
+ /** Card removed */
4081
+ CARD_REMOVED = "CARD_REMOVED",
4082
+ /** Card locked */
4083
+ CARD_LOCKED = "CARD_LOCKED",
4084
+ /** PIN required */
4085
+ PIN_REQUIRED = "PIN_REQUIRED",
4086
+ /** PIN invalid */
4087
+ PIN_INVALID = "PIN_INVALID",
4088
+ /** PKCS#11 error */
4089
+ PKCS11_ERROR = "PKCS11_ERROR",
4090
+ /** Session expired */
4091
+ SESSION_EXPIRED = "SESSION_EXPIRED",
4092
+ /** Configuration error */
4093
+ CONFIGURATION_ERROR = "CONFIGURATION_ERROR",
4094
+ /** Internal error */
4095
+ INTERNAL_ERROR = "INTERNAL_ERROR"
4096
+ }
4097
+ export declare const pivErrorCodeSchema: z.ZodNativeEnum<typeof PIVErrorCode>;
4098
+ //# sourceMappingURL=types.d.ts.map