npm - @vorionsys/security - Versions diffs - 1.0.0 - Mend

@vorionsys/security 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1843) hide show

package/LICENSE +190 -0
package/README.md +85 -0
package/dist/aci-extensions/aci-string-extensions.d.ts +334 -0
package/dist/aci-extensions/aci-string-extensions.d.ts.map +1 -0
package/dist/aci-extensions/aci-string-extensions.js +435 -0
package/dist/aci-extensions/aci-string-extensions.js.map +1 -0
package/dist/aci-extensions/builtin-extensions/audit.d.ts +88 -0
package/dist/aci-extensions/builtin-extensions/audit.d.ts.map +1 -0
package/dist/aci-extensions/builtin-extensions/audit.js +444 -0
package/dist/aci-extensions/builtin-extensions/audit.js.map +1 -0
package/dist/aci-extensions/builtin-extensions/governance.d.ts +32 -0
package/dist/aci-extensions/builtin-extensions/governance.d.ts.map +1 -0
package/dist/aci-extensions/builtin-extensions/governance.js +533 -0
package/dist/aci-extensions/builtin-extensions/governance.js.map +1 -0
package/dist/aci-extensions/builtin-extensions/monitoring.d.ts +43 -0
package/dist/aci-extensions/builtin-extensions/monitoring.d.ts.map +1 -0
package/dist/aci-extensions/builtin-extensions/monitoring.js +416 -0
package/dist/aci-extensions/builtin-extensions/monitoring.js.map +1 -0
package/dist/aci-extensions/executor.d.ts +208 -0
package/dist/aci-extensions/executor.d.ts.map +1 -0
package/dist/aci-extensions/executor.js +789 -0
package/dist/aci-extensions/executor.js.map +1 -0
package/dist/aci-extensions/index.d.ts +6 -0
package/dist/aci-extensions/index.d.ts.map +1 -0
package/dist/aci-extensions/index.js +6 -0
package/dist/aci-extensions/index.js.map +1 -0
package/dist/aci-extensions/registry.d.ts +217 -0
package/dist/aci-extensions/registry.d.ts.map +1 -0
package/dist/aci-extensions/registry.js +443 -0
package/dist/aci-extensions/registry.js.map +1 -0
package/dist/aci-extensions/service.d.ts +220 -0
package/dist/aci-extensions/service.d.ts.map +1 -0
package/dist/aci-extensions/service.js +484 -0
package/dist/aci-extensions/service.js.map +1 -0
package/dist/aci-extensions/types.d.ts +2265 -0
package/dist/aci-extensions/types.d.ts.map +1 -0
package/dist/aci-extensions/types.js +389 -0
package/dist/aci-extensions/types.js.map +1 -0
package/dist/api/auth.d.ts +55 -0
package/dist/api/auth.d.ts.map +1 -0
package/dist/api/auth.js +306 -0
package/dist/api/auth.js.map +1 -0
package/dist/api/errors.d.ts +146 -0
package/dist/api/errors.d.ts.map +1 -0
package/dist/api/errors.js +464 -0
package/dist/api/errors.js.map +1 -0
package/dist/api/index.d.ts +16 -0
package/dist/api/index.d.ts.map +1 -0
package/dist/api/index.js +19 -0
package/dist/api/index.js.map +1 -0
package/dist/api/middleware/api-key-enforcement.d.ts +131 -0
package/dist/api/middleware/api-key-enforcement.d.ts.map +1 -0
package/dist/api/middleware/api-key-enforcement.js +674 -0
package/dist/api/middleware/api-key-enforcement.js.map +1 -0
package/dist/api/middleware/audit.d.ts +151 -0
package/dist/api/middleware/audit.d.ts.map +1 -0
package/dist/api/middleware/audit.js +384 -0
package/dist/api/middleware/audit.js.map +1 -0
package/dist/api/middleware/dpop-enforcement.d.ts +176 -0
package/dist/api/middleware/dpop-enforcement.d.ts.map +1 -0
package/dist/api/middleware/dpop-enforcement.js +596 -0
package/dist/api/middleware/dpop-enforcement.js.map +1 -0
package/dist/api/middleware/index.d.ts +23 -0
package/dist/api/middleware/index.d.ts.map +1 -0
package/dist/api/middleware/index.js +41 -0
package/dist/api/middleware/index.js.map +1 -0
package/dist/api/middleware/metrics.d.ts +41 -0
package/dist/api/middleware/metrics.d.ts.map +1 -0
package/dist/api/middleware/metrics.js +150 -0
package/dist/api/middleware/metrics.js.map +1 -0
package/dist/api/middleware/rate-limits.d.ts +224 -0
package/dist/api/middleware/rate-limits.d.ts.map +1 -0
package/dist/api/middleware/rate-limits.js +686 -0
package/dist/api/middleware/rate-limits.js.map +1 -0
package/dist/api/middleware/rateLimit.d.ts +165 -0
package/dist/api/middleware/rateLimit.d.ts.map +1 -0
package/dist/api/middleware/rateLimit.js +477 -0
package/dist/api/middleware/rateLimit.js.map +1 -0
package/dist/api/middleware/redis-rate-limiter.d.ts +279 -0
package/dist/api/middleware/redis-rate-limiter.d.ts.map +1 -0
package/dist/api/middleware/redis-rate-limiter.js +1074 -0
package/dist/api/middleware/redis-rate-limiter.js.map +1 -0
package/dist/api/middleware/security.d.ts +156 -0
package/dist/api/middleware/security.d.ts.map +1 -0
package/dist/api/middleware/security.js +412 -0
package/dist/api/middleware/security.js.map +1 -0
package/dist/api/middleware/validation.d.ts +132 -0
package/dist/api/middleware/validation.d.ts.map +1 -0
package/dist/api/middleware/validation.js +363 -0
package/dist/api/middleware/validation.js.map +1 -0
package/dist/api/middleware/webhook-verify.d.ts +130 -0
package/dist/api/middleware/webhook-verify.d.ts.map +1 -0
package/dist/api/middleware/webhook-verify.js +366 -0
package/dist/api/middleware/webhook-verify.js.map +1 -0
package/dist/api/rate-limit.d.ts +115 -0
package/dist/api/rate-limit.d.ts.map +1 -0
package/dist/api/rate-limit.js +335 -0
package/dist/api/rate-limit.js.map +1 -0
package/dist/api/routes/extensions.d.ts +40 -0
package/dist/api/routes/extensions.d.ts.map +1 -0
package/dist/api/routes/extensions.js +434 -0
package/dist/api/routes/extensions.js.map +1 -0
package/dist/api/routes/mfa.d.ts +44 -0
package/dist/api/routes/mfa.d.ts.map +1 -0
package/dist/api/routes/mfa.js +270 -0
package/dist/api/routes/mfa.js.map +1 -0
package/dist/api/server.d.ts +37 -0
package/dist/api/server.d.ts.map +1 -0
package/dist/api/server.js +1967 -0
package/dist/api/server.js.map +1 -0
package/dist/api/v1/admin.d.ts +11 -0
package/dist/api/v1/admin.d.ts.map +1 -0
package/dist/api/v1/admin.js +207 -0
package/dist/api/v1/admin.js.map +1 -0
package/dist/api/v1/audit.d.ts +14 -0
package/dist/api/v1/audit.d.ts.map +1 -0
package/dist/api/v1/audit.js +376 -0
package/dist/api/v1/audit.js.map +1 -0
package/dist/api/v1/auth.d.ts +17 -0
package/dist/api/v1/auth.d.ts.map +1 -0
package/dist/api/v1/auth.js +637 -0
package/dist/api/v1/auth.js.map +1 -0
package/dist/api/v1/compliance.d.ts +62 -0
package/dist/api/v1/compliance.d.ts.map +1 -0
package/dist/api/v1/compliance.js +858 -0
package/dist/api/v1/compliance.js.map +1 -0
package/dist/api/v1/constraints.d.ts +11 -0
package/dist/api/v1/constraints.d.ts.map +1 -0
package/dist/api/v1/constraints.js +71 -0
package/dist/api/v1/constraints.js.map +1 -0
package/dist/api/v1/dashboard.d.ts +224 -0
package/dist/api/v1/dashboard.d.ts.map +1 -0
package/dist/api/v1/dashboard.js +833 -0
package/dist/api/v1/dashboard.js.map +1 -0
package/dist/api/v1/docs.d.ts +11 -0
package/dist/api/v1/docs.d.ts.map +1 -0
package/dist/api/v1/docs.js +95 -0
package/dist/api/v1/docs.js.map +1 -0
package/dist/api/v1/escalations.d.ts +11 -0
package/dist/api/v1/escalations.d.ts.map +1 -0
package/dist/api/v1/escalations.js +857 -0
package/dist/api/v1/escalations.js.map +1 -0
package/dist/api/v1/gdpr.d.ts +11 -0
package/dist/api/v1/gdpr.d.ts.map +1 -0
package/dist/api/v1/gdpr.js +220 -0
package/dist/api/v1/gdpr.js.map +1 -0
package/dist/api/v1/health.d.ts +22 -0
package/dist/api/v1/health.d.ts.map +1 -0
package/dist/api/v1/health.js +512 -0
package/dist/api/v1/health.js.map +1 -0
package/dist/api/v1/index.d.ts +22 -0
package/dist/api/v1/index.d.ts.map +1 -0
package/dist/api/v1/index.js +81 -0
package/dist/api/v1/index.js.map +1 -0
package/dist/api/v1/intents.d.ts +11 -0
package/dist/api/v1/intents.d.ts.map +1 -0
package/dist/api/v1/intents.js +239 -0
package/dist/api/v1/intents.js.map +1 -0
package/dist/api/v1/operations.d.ts +21 -0
package/dist/api/v1/operations.d.ts.map +1 -0
package/dist/api/v1/operations.js +140 -0
package/dist/api/v1/operations.js.map +1 -0
package/dist/api/v1/policies.d.ts +11 -0
package/dist/api/v1/policies.d.ts.map +1 -0
package/dist/api/v1/policies.js +763 -0
package/dist/api/v1/policies.js.map +1 -0
package/dist/api/v1/proofs.d.ts +13 -0
package/dist/api/v1/proofs.d.ts.map +1 -0
package/dist/api/v1/proofs.js +239 -0
package/dist/api/v1/proofs.js.map +1 -0
package/dist/api/v1/security-dashboard.d.ts +1090 -0
package/dist/api/v1/security-dashboard.d.ts.map +1 -0
package/dist/api/v1/security-dashboard.js +755 -0
package/dist/api/v1/security-dashboard.js.map +1 -0
package/dist/api/v1/service-accounts.d.ts +16 -0
package/dist/api/v1/service-accounts.d.ts.map +1 -0
package/dist/api/v1/service-accounts.js +563 -0
package/dist/api/v1/service-accounts.js.map +1 -0
package/dist/api/v1/sessions.d.ts +36 -0
package/dist/api/v1/sessions.d.ts.map +1 -0
package/dist/api/v1/sessions.js +333 -0
package/dist/api/v1/sessions.js.map +1 -0
package/dist/api/v1/trust.d.ts +14 -0
package/dist/api/v1/trust.d.ts.map +1 -0
package/dist/api/v1/trust.js +578 -0
package/dist/api/v1/trust.js.map +1 -0
package/dist/api/v1/webhooks.d.ts +11 -0
package/dist/api/v1/webhooks.d.ts.map +1 -0
package/dist/api/v1/webhooks.js +250 -0
package/dist/api/v1/webhooks.js.map +1 -0
package/dist/api/v2/trust.d.ts +20 -0
package/dist/api/v2/trust.d.ts.map +1 -0
package/dist/api/v2/trust.js +362 -0
package/dist/api/v2/trust.js.map +1 -0
package/dist/api/validation.d.ts +243 -0
package/dist/api/validation.d.ts.map +1 -0
package/dist/api/validation.js +247 -0
package/dist/api/validation.js.map +1 -0
package/dist/api/versioning/backward-compat.d.ts +28 -0
package/dist/api/versioning/backward-compat.d.ts.map +1 -0
package/dist/api/versioning/backward-compat.js +161 -0
package/dist/api/versioning/backward-compat.js.map +1 -0
package/dist/api/versioning/index.d.ts +112 -0
package/dist/api/versioning/index.d.ts.map +1 -0
package/dist/api/versioning/index.js +199 -0
package/dist/api/versioning/index.js.map +1 -0
package/dist/audit/compliance-reporter.d.ts +271 -0
package/dist/audit/compliance-reporter.d.ts.map +1 -0
package/dist/audit/compliance-reporter.js +587 -0
package/dist/audit/compliance-reporter.js.map +1 -0
package/dist/audit/db-store.d.ts +689 -0
package/dist/audit/db-store.d.ts.map +1 -0
package/dist/audit/db-store.js +589 -0
package/dist/audit/db-store.js.map +1 -0
package/dist/audit/event-schema.d.ts +605 -0
package/dist/audit/event-schema.d.ts.map +1 -0
package/dist/audit/event-schema.js +566 -0
package/dist/audit/event-schema.js.map +1 -0
package/dist/audit/index.d.ts +16 -0
package/dist/audit/index.d.ts.map +1 -0
package/dist/audit/index.js +44 -0
package/dist/audit/index.js.map +1 -0
package/dist/audit/security-events.d.ts +1624 -0
package/dist/audit/security-events.d.ts.map +1 -0
package/dist/audit/security-events.js +775 -0
package/dist/audit/security-events.js.map +1 -0
package/dist/audit/security-logger.d.ts +288 -0
package/dist/audit/security-logger.d.ts.map +1 -0
package/dist/audit/security-logger.js +820 -0
package/dist/audit/security-logger.js.map +1 -0
package/dist/audit/service.d.ts +206 -0
package/dist/audit/service.d.ts.map +1 -0
package/dist/audit/service.js +756 -0
package/dist/audit/service.js.map +1 -0
package/dist/audit/siem/elastic.d.ts +94 -0
package/dist/audit/siem/elastic.d.ts.map +1 -0
package/dist/audit/siem/elastic.js +411 -0
package/dist/audit/siem/elastic.js.map +1 -0
package/dist/audit/siem/index.d.ts +179 -0
package/dist/audit/siem/index.d.ts.map +1 -0
package/dist/audit/siem/index.js +368 -0
package/dist/audit/siem/index.js.map +1 -0
package/dist/audit/siem/loki.d.ts +100 -0
package/dist/audit/siem/loki.d.ts.map +1 -0
package/dist/audit/siem/loki.js +405 -0
package/dist/audit/siem/loki.js.map +1 -0
package/dist/audit/siem/splunk.d.ts +91 -0
package/dist/audit/siem/splunk.d.ts.map +1 -0
package/dist/audit/siem/splunk.js +374 -0
package/dist/audit/siem/splunk.js.map +1 -0
package/dist/audit/siem/types.d.ts +547 -0
package/dist/audit/siem/types.d.ts.map +1 -0
package/dist/audit/siem/types.js +270 -0
package/dist/audit/siem/types.js.map +1 -0
package/dist/audit/types.d.ts +405 -0
package/dist/audit/types.d.ts.map +1 -0
package/dist/audit/types.js +121 -0
package/dist/audit/types.js.map +1 -0
package/dist/auth/mfa/index.d.ts +66 -0
package/dist/auth/mfa/index.d.ts.map +1 -0
package/dist/auth/mfa/index.js +15 -0
package/dist/auth/mfa/index.js.map +1 -0
package/dist/auth/mfa/totp.d.ts +221 -0
package/dist/auth/mfa/totp.d.ts.map +1 -0
package/dist/auth/mfa/totp.js +324 -0
package/dist/auth/mfa/totp.js.map +1 -0
package/dist/auth/mfa/webauthn.d.ts +224 -0
package/dist/auth/mfa/webauthn.d.ts.map +1 -0
package/dist/auth/mfa/webauthn.js +409 -0
package/dist/auth/mfa/webauthn.js.map +1 -0
package/dist/auth/sso/index.d.ts +247 -0
package/dist/auth/sso/index.d.ts.map +1 -0
package/dist/auth/sso/index.js +763 -0
package/dist/auth/sso/index.js.map +1 -0
package/dist/auth/sso/oidc-provider.d.ts +146 -0
package/dist/auth/sso/oidc-provider.d.ts.map +1 -0
package/dist/auth/sso/oidc-provider.js +589 -0
package/dist/auth/sso/oidc-provider.js.map +1 -0
package/dist/auth/sso/types.d.ts +488 -0
package/dist/auth/sso/types.d.ts.map +1 -0
package/dist/auth/sso/types.js +73 -0
package/dist/auth/sso/types.js.map +1 -0
package/dist/basis/evaluator.d.ts +70 -0
package/dist/basis/evaluator.d.ts.map +1 -0
package/dist/basis/evaluator.js +269 -0
package/dist/basis/evaluator.js.map +1 -0
package/dist/basis/expression-evaluator.d.ts +77 -0
package/dist/basis/expression-evaluator.d.ts.map +1 -0
package/dist/basis/expression-evaluator.js +826 -0
package/dist/basis/expression-evaluator.js.map +1 -0
package/dist/basis/index.d.ts +13 -0
package/dist/basis/index.d.ts.map +1 -0
package/dist/basis/index.js +13 -0
package/dist/basis/index.js.map +1 -0
package/dist/basis/parser.d.ts +376 -0
package/dist/basis/parser.d.ts.map +1 -0
package/dist/basis/parser.js +174 -0
package/dist/basis/parser.js.map +1 -0
package/dist/basis/types.d.ts +115 -0
package/dist/basis/types.d.ts.map +1 -0
package/dist/basis/types.js +5 -0
package/dist/basis/types.js.map +1 -0
package/dist/car-extensions/builtin-extensions/audit.d.ts +88 -0
package/dist/car-extensions/builtin-extensions/audit.d.ts.map +1 -0
package/dist/car-extensions/builtin-extensions/audit.js +444 -0
package/dist/car-extensions/builtin-extensions/audit.js.map +1 -0
package/dist/car-extensions/builtin-extensions/governance.d.ts +32 -0
package/dist/car-extensions/builtin-extensions/governance.d.ts.map +1 -0
package/dist/car-extensions/builtin-extensions/governance.js +533 -0
package/dist/car-extensions/builtin-extensions/governance.js.map +1 -0
package/dist/car-extensions/builtin-extensions/monitoring.d.ts +43 -0
package/dist/car-extensions/builtin-extensions/monitoring.d.ts.map +1 -0
package/dist/car-extensions/builtin-extensions/monitoring.js +416 -0
package/dist/car-extensions/builtin-extensions/monitoring.js.map +1 -0
package/dist/car-extensions/car-string-extensions.d.ts +334 -0
package/dist/car-extensions/car-string-extensions.d.ts.map +1 -0
package/dist/car-extensions/car-string-extensions.js +435 -0
package/dist/car-extensions/car-string-extensions.js.map +1 -0
package/dist/car-extensions/executor.d.ts +208 -0
package/dist/car-extensions/executor.d.ts.map +1 -0
package/dist/car-extensions/executor.js +789 -0
package/dist/car-extensions/executor.js.map +1 -0
package/dist/car-extensions/index.d.ts +94 -0
package/dist/car-extensions/index.d.ts.map +1 -0
package/dist/car-extensions/index.js +157 -0
package/dist/car-extensions/index.js.map +1 -0
package/dist/car-extensions/registry.d.ts +217 -0
package/dist/car-extensions/registry.d.ts.map +1 -0
package/dist/car-extensions/registry.js +443 -0
package/dist/car-extensions/registry.js.map +1 -0
package/dist/car-extensions/service.d.ts +220 -0
package/dist/car-extensions/service.d.ts.map +1 -0
package/dist/car-extensions/service.js +484 -0
package/dist/car-extensions/service.js.map +1 -0
package/dist/car-extensions/types.d.ts +2265 -0
package/dist/car-extensions/types.d.ts.map +1 -0
package/dist/car-extensions/types.js +389 -0
package/dist/car-extensions/types.js.map +1 -0
package/dist/cognigate/index.d.ts +139 -0
package/dist/cognigate/index.d.ts.map +1 -0
package/dist/cognigate/index.js +404 -0
package/dist/cognigate/index.js.map +1 -0
package/dist/cognigate/lua-scripts.d.ts +96 -0
package/dist/cognigate/lua-scripts.d.ts.map +1 -0
package/dist/cognigate/lua-scripts.js +264 -0
package/dist/cognigate/lua-scripts.js.map +1 -0
package/dist/cognigate/metrics.d.ts +112 -0
package/dist/cognigate/metrics.d.ts.map +1 -0
package/dist/cognigate/metrics.js +229 -0
package/dist/cognigate/metrics.js.map +1 -0
package/dist/cognigate/output-integration.d.ts +86 -0
package/dist/cognigate/output-integration.d.ts.map +1 -0
package/dist/cognigate/output-integration.js +184 -0
package/dist/cognigate/output-integration.js.map +1 -0
package/dist/cognigate/resource-interceptors.d.ts +77 -0
package/dist/cognigate/resource-interceptors.d.ts.map +1 -0
package/dist/cognigate/resource-interceptors.js +143 -0
package/dist/cognigate/resource-interceptors.js.map +1 -0
package/dist/cognigate/resource-state-provider.d.ts +103 -0
package/dist/cognigate/resource-state-provider.d.ts.map +1 -0
package/dist/cognigate/resource-state-provider.js +195 -0
package/dist/cognigate/resource-state-provider.js.map +1 -0
package/dist/cognigate/resource-tracker.d.ts +85 -0
package/dist/cognigate/resource-tracker.d.ts.map +1 -0
package/dist/cognigate/resource-tracker.js +216 -0
package/dist/cognigate/resource-tracker.js.map +1 -0
package/dist/cognigate/types.d.ts +199 -0
package/dist/cognigate/types.d.ts.map +1 -0
package/dist/cognigate/types.js +11 -0
package/dist/cognigate/types.js.map +1 -0
package/dist/common/adapters/index.d.ts +34 -0
package/dist/common/adapters/index.d.ts.map +1 -0
package/dist/common/adapters/index.js +46 -0
package/dist/common/adapters/index.js.map +1 -0
package/dist/common/adapters/memory-cache.d.ts +91 -0
package/dist/common/adapters/memory-cache.d.ts.map +1 -0
package/dist/common/adapters/memory-cache.js +201 -0
package/dist/common/adapters/memory-cache.js.map +1 -0
package/dist/common/adapters/memory-lock.d.ts +75 -0
package/dist/common/adapters/memory-lock.d.ts.map +1 -0
package/dist/common/adapters/memory-lock.js +219 -0
package/dist/common/adapters/memory-lock.js.map +1 -0
package/dist/common/adapters/memory-queue.d.ts +64 -0
package/dist/common/adapters/memory-queue.d.ts.map +1 -0
package/dist/common/adapters/memory-queue.js +233 -0
package/dist/common/adapters/memory-queue.js.map +1 -0
package/dist/common/adapters/memory-ratelimit.d.ts +78 -0
package/dist/common/adapters/memory-ratelimit.d.ts.map +1 -0
package/dist/common/adapters/memory-ratelimit.js +196 -0
package/dist/common/adapters/memory-ratelimit.js.map +1 -0
package/dist/common/adapters/memory-session.d.ts +105 -0
package/dist/common/adapters/memory-session.d.ts.map +1 -0
package/dist/common/adapters/memory-session.js +302 -0
package/dist/common/adapters/memory-session.js.map +1 -0
package/dist/common/adapters/provider.d.ts +47 -0
package/dist/common/adapters/provider.d.ts.map +1 -0
package/dist/common/adapters/provider.js +347 -0
package/dist/common/adapters/provider.js.map +1 -0
package/dist/common/adapters/types.d.ts +247 -0
package/dist/common/adapters/types.d.ts.map +1 -0
package/dist/common/adapters/types.js +11 -0
package/dist/common/adapters/types.js.map +1 -0
package/dist/common/authorization.d.ts +137 -0
package/dist/common/authorization.d.ts.map +1 -0
package/dist/common/authorization.js +270 -0
package/dist/common/authorization.js.map +1 -0
package/dist/common/canonical-bridge.d.ts +151 -0
package/dist/common/canonical-bridge.d.ts.map +1 -0
package/dist/common/canonical-bridge.js +231 -0
package/dist/common/canonical-bridge.js.map +1 -0
package/dist/common/canonical-json.d.ts +64 -0
package/dist/common/canonical-json.d.ts.map +1 -0
package/dist/common/canonical-json.js +95 -0
package/dist/common/canonical-json.js.map +1 -0
package/dist/common/circuit-breaker.d.ts +320 -0
package/dist/common/circuit-breaker.d.ts.map +1 -0
package/dist/common/circuit-breaker.js +850 -0
package/dist/common/circuit-breaker.js.map +1 -0
package/dist/common/config.d.ts +1678 -0
package/dist/common/config.d.ts.map +1 -0
package/dist/common/config.js +1057 -0
package/dist/common/config.js.map +1 -0
package/dist/common/contracts/index.d.ts +2 -0
package/dist/common/contracts/index.d.ts.map +1 -0
package/dist/common/contracts/index.js +2 -0
package/dist/common/contracts/index.js.map +1 -0
package/dist/common/contracts/output.d.ts +81 -0
package/dist/common/contracts/output.d.ts.map +1 -0
package/dist/common/contracts/output.js +38 -0
package/dist/common/contracts/output.js.map +1 -0
package/dist/common/crypto.d.ts +70 -0
package/dist/common/crypto.d.ts.map +1 -0
package/dist/common/crypto.js +201 -0
package/dist/common/crypto.js.map +1 -0
package/dist/common/database-resilience.d.ts +156 -0
package/dist/common/database-resilience.d.ts.map +1 -0
package/dist/common/database-resilience.js +269 -0
package/dist/common/database-resilience.js.map +1 -0
package/dist/common/db-metrics.d.ts +90 -0
package/dist/common/db-metrics.d.ts.map +1 -0
package/dist/common/db-metrics.js +219 -0
package/dist/common/db-metrics.js.map +1 -0
package/dist/common/db-pool.d.ts +307 -0
package/dist/common/db-pool.d.ts.map +1 -0
package/dist/common/db-pool.js +879 -0
package/dist/common/db-pool.js.map +1 -0
package/dist/common/db.d.ts +105 -0
package/dist/common/db.d.ts.map +1 -0
package/dist/common/db.js +216 -0
package/dist/common/db.js.map +1 -0
package/dist/common/di.d.ts +202 -0
package/dist/common/di.d.ts.map +1 -0
package/dist/common/di.js +219 -0
package/dist/common/di.js.map +1 -0
package/dist/common/encryption.d.ts +131 -0
package/dist/common/encryption.d.ts.map +1 -0
package/dist/common/encryption.js +255 -0
package/dist/common/encryption.js.map +1 -0
package/dist/common/errors.d.ts +229 -0
package/dist/common/errors.d.ts.map +1 -0
package/dist/common/errors.js +349 -0
package/dist/common/errors.js.map +1 -0
package/dist/common/expression/evaluator.d.ts +58 -0
package/dist/common/expression/evaluator.d.ts.map +1 -0
package/dist/common/expression/evaluator.js +326 -0
package/dist/common/expression/evaluator.js.map +1 -0
package/dist/common/expression/index.d.ts +180 -0
package/dist/common/expression/index.d.ts.map +1 -0
package/dist/common/expression/index.js +198 -0
package/dist/common/expression/index.js.map +1 -0
package/dist/common/expression/lexer.d.ts +69 -0
package/dist/common/expression/lexer.d.ts.map +1 -0
package/dist/common/expression/lexer.js +255 -0
package/dist/common/expression/lexer.js.map +1 -0
package/dist/common/expression/parser.d.ts +133 -0
package/dist/common/expression/parser.d.ts.map +1 -0
package/dist/common/expression/parser.js +293 -0
package/dist/common/expression/parser.js.map +1 -0
package/dist/common/group-membership.d.ts +119 -0
package/dist/common/group-membership.d.ts.map +1 -0
package/dist/common/group-membership.js +250 -0
package/dist/common/group-membership.js.map +1 -0
package/dist/common/index.d.ts +14 -0
package/dist/common/index.d.ts.map +1 -0
package/dist/common/index.js +15 -0
package/dist/common/index.js.map +1 -0
package/dist/common/leader-election.d.ts +40 -0
package/dist/common/leader-election.d.ts.map +1 -0
package/dist/common/leader-election.js +232 -0
package/dist/common/leader-election.js.map +1 -0
package/dist/common/lock.d.ts +77 -0
package/dist/common/lock.d.ts.map +1 -0
package/dist/common/lock.js +167 -0
package/dist/common/lock.js.map +1 -0
package/dist/common/logger.d.ts +19 -0
package/dist/common/logger.d.ts.map +1 -0
package/dist/common/logger.js +80 -0
package/dist/common/logger.js.map +1 -0
package/dist/common/metrics-registry.d.ts +48 -0
package/dist/common/metrics-registry.d.ts.map +1 -0
package/dist/common/metrics-registry.js +77 -0
package/dist/common/metrics-registry.js.map +1 -0
package/dist/common/metrics.d.ts +227 -0
package/dist/common/metrics.d.ts.map +1 -0
package/dist/common/metrics.js +524 -0
package/dist/common/metrics.js.map +1 -0
package/dist/common/operation-tracker.d.ts +137 -0
package/dist/common/operation-tracker.d.ts.map +1 -0
package/dist/common/operation-tracker.js +366 -0
package/dist/common/operation-tracker.js.map +1 -0
package/dist/common/provenance/chain.d.ts +54 -0
package/dist/common/provenance/chain.d.ts.map +1 -0
package/dist/common/provenance/chain.js +252 -0
package/dist/common/provenance/chain.js.map +1 -0
package/dist/common/provenance/index.d.ts +14 -0
package/dist/common/provenance/index.d.ts.map +1 -0
package/dist/common/provenance/index.js +19 -0
package/dist/common/provenance/index.js.map +1 -0
package/dist/common/provenance/query.d.ts +111 -0
package/dist/common/provenance/query.d.ts.map +1 -0
package/dist/common/provenance/query.js +310 -0
package/dist/common/provenance/query.js.map +1 -0
package/dist/common/provenance/storage.d.ts +297 -0
package/dist/common/provenance/storage.d.ts.map +1 -0
package/dist/common/provenance/storage.js +436 -0
package/dist/common/provenance/storage.js.map +1 -0
package/dist/common/provenance/tracker.d.ts +57 -0
package/dist/common/provenance/tracker.d.ts.map +1 -0
package/dist/common/provenance/tracker.js +209 -0
package/dist/common/provenance/tracker.js.map +1 -0
package/dist/common/provenance/types.d.ts +146 -0
package/dist/common/provenance/types.d.ts.map +1 -0
package/dist/common/provenance/types.js +10 -0
package/dist/common/provenance/types.js.map +1 -0
package/dist/common/random.d.ts +84 -0
package/dist/common/random.d.ts.map +1 -0
package/dist/common/random.js +130 -0
package/dist/common/random.js.map +1 -0
package/dist/common/redaction.d.ts +49 -0
package/dist/common/redaction.d.ts.map +1 -0
package/dist/common/redaction.js +217 -0
package/dist/common/redaction.js.map +1 -0
package/dist/common/redis-cluster.d.ts +538 -0
package/dist/common/redis-cluster.d.ts.map +1 -0
package/dist/common/redis-cluster.js +1539 -0
package/dist/common/redis-cluster.js.map +1 -0
package/dist/common/redis-resilience.d.ts +270 -0
package/dist/common/redis-resilience.d.ts.map +1 -0
package/dist/common/redis-resilience.js +586 -0
package/dist/common/redis-resilience.js.map +1 -0
package/dist/common/redis.d.ts +19 -0
package/dist/common/redis.d.ts.map +1 -0
package/dist/common/redis.js +73 -0
package/dist/common/redis.js.map +1 -0
package/dist/common/secret-generator.d.ts +142 -0
package/dist/common/secret-generator.d.ts.map +1 -0
package/dist/common/secret-generator.js +286 -0
package/dist/common/secret-generator.js.map +1 -0
package/dist/common/security-mode.d.ts +101 -0
package/dist/common/security-mode.d.ts.map +1 -0
package/dist/common/security-mode.js +304 -0
package/dist/common/security-mode.js.map +1 -0
package/dist/common/telemetry/index.d.ts +82 -0
package/dist/common/telemetry/index.d.ts.map +1 -0
package/dist/common/telemetry/index.js +198 -0
package/dist/common/telemetry/index.js.map +1 -0
package/dist/common/telemetry/instrumentation.d.ts +167 -0
package/dist/common/telemetry/instrumentation.d.ts.map +1 -0
package/dist/common/telemetry/instrumentation.js +492 -0
package/dist/common/telemetry/instrumentation.js.map +1 -0
package/dist/common/telemetry/metrics-bridge.d.ts +227 -0
package/dist/common/telemetry/metrics-bridge.d.ts.map +1 -0
package/dist/common/telemetry/metrics-bridge.js +437 -0
package/dist/common/telemetry/metrics-bridge.js.map +1 -0
package/dist/common/telemetry/middleware.d.ts +114 -0
package/dist/common/telemetry/middleware.d.ts.map +1 -0
package/dist/common/telemetry/middleware.js +353 -0
package/dist/common/telemetry/middleware.js.map +1 -0
package/dist/common/telemetry/propagation.d.ts +221 -0
package/dist/common/telemetry/propagation.d.ts.map +1 -0
package/dist/common/telemetry/propagation.js +409 -0
package/dist/common/telemetry/propagation.js.map +1 -0
package/dist/common/telemetry/spans.d.ts +295 -0
package/dist/common/telemetry/spans.d.ts.map +1 -0
package/dist/common/telemetry/spans.js +439 -0
package/dist/common/telemetry/spans.js.map +1 -0
package/dist/common/telemetry/tracer.d.ts +155 -0
package/dist/common/telemetry/tracer.d.ts.map +1 -0
package/dist/common/telemetry/tracer.js +343 -0
package/dist/common/telemetry/tracer.js.map +1 -0
package/dist/common/telemetry.d.ts +15 -0
package/dist/common/telemetry.d.ts.map +1 -0
package/dist/common/telemetry.js +61 -0
package/dist/common/telemetry.js.map +1 -0
package/dist/common/tenant-verification.d.ts +86 -0
package/dist/common/tenant-verification.d.ts.map +1 -0
package/dist/common/tenant-verification.js +184 -0
package/dist/common/tenant-verification.js.map +1 -0
package/dist/common/timeout.d.ts +40 -0
package/dist/common/timeout.d.ts.map +1 -0
package/dist/common/timeout.js +82 -0
package/dist/common/timeout.js.map +1 -0
package/dist/common/token-revocation.d.ts +44 -0
package/dist/common/token-revocation.d.ts.map +1 -0
package/dist/common/token-revocation.js +169 -0
package/dist/common/token-revocation.js.map +1 -0
package/dist/common/trace.d.ts +149 -0
package/dist/common/trace.d.ts.map +1 -0
package/dist/common/trace.js +328 -0
package/dist/common/trace.js.map +1 -0
package/dist/common/trust-cache.d.ts +263 -0
package/dist/common/trust-cache.d.ts.map +1 -0
package/dist/common/trust-cache.js +670 -0
package/dist/common/trust-cache.js.map +1 -0
package/dist/common/types.d.ts +328 -0
package/dist/common/types.d.ts.map +1 -0
package/dist/common/types.js +55 -0
package/dist/common/types.js.map +1 -0
package/dist/common/validation.d.ts +113 -0
package/dist/common/validation.d.ts.map +1 -0
package/dist/common/validation.js +221 -0
package/dist/common/validation.js.map +1 -0
package/dist/compliance/export/evidence-collector.d.ts +252 -0
package/dist/compliance/export/evidence-collector.d.ts.map +1 -0
package/dist/compliance/export/evidence-collector.js +488 -0
package/dist/compliance/export/evidence-collector.js.map +1 -0
package/dist/compliance/export/hash-verifier.d.ts +181 -0
package/dist/compliance/export/hash-verifier.d.ts.map +1 -0
package/dist/compliance/export/hash-verifier.js +425 -0
package/dist/compliance/export/hash-verifier.js.map +1 -0
package/dist/compliance/export/index.d.ts +14 -0
package/dist/compliance/export/index.d.ts.map +1 -0
package/dist/compliance/export/index.js +41 -0
package/dist/compliance/export/index.js.map +1 -0
package/dist/compliance/export/report-generator.d.ts +264 -0
package/dist/compliance/export/report-generator.d.ts.map +1 -0
package/dist/compliance/export/report-generator.js +890 -0
package/dist/compliance/export/report-generator.js.map +1 -0
package/dist/compliance/export/scheduled-exports.d.ts +256 -0
package/dist/compliance/export/scheduled-exports.d.ts.map +1 -0
package/dist/compliance/export/scheduled-exports.js +545 -0
package/dist/compliance/export/scheduled-exports.js.map +1 -0
package/dist/compliance/export/service.d.ts +191 -0
package/dist/compliance/export/service.d.ts.map +1 -0
package/dist/compliance/export/service.js +382 -0
package/dist/compliance/export/service.js.map +1 -0
package/dist/compliance/fedramp/assessment.d.ts +654 -0
package/dist/compliance/fedramp/assessment.d.ts.map +1 -0
package/dist/compliance/fedramp/assessment.js +721 -0
package/dist/compliance/fedramp/assessment.js.map +1 -0
package/dist/compliance/fedramp/boundary.d.ts +932 -0
package/dist/compliance/fedramp/boundary.d.ts.map +1 -0
package/dist/compliance/fedramp/boundary.js +645 -0
package/dist/compliance/fedramp/boundary.js.map +1 -0
package/dist/compliance/fedramp/continuous-monitoring.d.ts +705 -0
package/dist/compliance/fedramp/continuous-monitoring.d.ts.map +1 -0
package/dist/compliance/fedramp/continuous-monitoring.js +616 -0
package/dist/compliance/fedramp/continuous-monitoring.js.map +1 -0
package/dist/compliance/fedramp/controls.d.ts +128 -0
package/dist/compliance/fedramp/controls.d.ts.map +1 -0
package/dist/compliance/fedramp/controls.js +1110 -0
package/dist/compliance/fedramp/controls.js.map +1 -0
package/dist/compliance/fedramp/incident-reporting.d.ts +1001 -0
package/dist/compliance/fedramp/incident-reporting.d.ts.map +1 -0
package/dist/compliance/fedramp/incident-reporting.js +764 -0
package/dist/compliance/fedramp/incident-reporting.js.map +1 -0
package/dist/compliance/fedramp/index.d.ts +87 -0
package/dist/compliance/fedramp/index.d.ts.map +1 -0
package/dist/compliance/fedramp/index.js +192 -0
package/dist/compliance/fedramp/index.js.map +1 -0
package/dist/compliance/fedramp/metrics.d.ts +288 -0
package/dist/compliance/fedramp/metrics.d.ts.map +1 -0
package/dist/compliance/fedramp/metrics.js +560 -0
package/dist/compliance/fedramp/metrics.js.map +1 -0
package/dist/compliance/fedramp/poam.d.ts +635 -0
package/dist/compliance/fedramp/poam.d.ts.map +1 -0
package/dist/compliance/fedramp/poam.js +602 -0
package/dist/compliance/fedramp/poam.js.map +1 -0
package/dist/compliance/fedramp/ssp-generator.d.ts +368 -0
package/dist/compliance/fedramp/ssp-generator.d.ts.map +1 -0
package/dist/compliance/fedramp/ssp-generator.js +543 -0
package/dist/compliance/fedramp/ssp-generator.js.map +1 -0
package/dist/compliance/frameworks/nist-800-53.d.ts +35 -0
package/dist/compliance/frameworks/nist-800-53.d.ts.map +1 -0
package/dist/compliance/frameworks/nist-800-53.js +892 -0
package/dist/compliance/frameworks/nist-800-53.js.map +1 -0
package/dist/compliance/frameworks/pci-dss.d.ts +407 -0
package/dist/compliance/frameworks/pci-dss.d.ts.map +1 -0
package/dist/compliance/frameworks/pci-dss.js +1873 -0
package/dist/compliance/frameworks/pci-dss.js.map +1 -0
package/dist/compliance/frameworks/soc2.d.ts +42 -0
package/dist/compliance/frameworks/soc2.d.ts.map +1 -0
package/dist/compliance/frameworks/soc2.js +669 -0
package/dist/compliance/frameworks/soc2.js.map +1 -0
package/dist/compliance/gdpr/data-transfers.d.ts +493 -0
package/dist/compliance/gdpr/data-transfers.d.ts.map +1 -0
package/dist/compliance/gdpr/data-transfers.js +1242 -0
package/dist/compliance/gdpr/data-transfers.js.map +1 -0
package/dist/compliance/gdpr/index.d.ts +7 -0
package/dist/compliance/gdpr/index.d.ts.map +1 -0
package/dist/compliance/gdpr/index.js +7 -0
package/dist/compliance/gdpr/index.js.map +1 -0
package/dist/compliance/index.d.ts +148 -0
package/dist/compliance/index.d.ts.map +1 -0
package/dist/compliance/index.js +532 -0
package/dist/compliance/index.js.map +1 -0
package/dist/compliance/reports.d.ts +141 -0
package/dist/compliance/reports.d.ts.map +1 -0
package/dist/compliance/reports.js +495 -0
package/dist/compliance/reports.js.map +1 -0
package/dist/compliance/retention/index.d.ts +19 -0
package/dist/compliance/retention/index.d.ts.map +1 -0
package/dist/compliance/retention/index.js +46 -0
package/dist/compliance/retention/index.js.map +1 -0
package/dist/compliance/retention/retention-enforcer.d.ts +128 -0
package/dist/compliance/retention/retention-enforcer.d.ts.map +1 -0
package/dist/compliance/retention/retention-enforcer.js +695 -0
package/dist/compliance/retention/retention-enforcer.js.map +1 -0
package/dist/compliance/retention/retention-policy.d.ts +307 -0
package/dist/compliance/retention/retention-policy.d.ts.map +1 -0
package/dist/compliance/retention/retention-policy.js +102 -0
package/dist/compliance/retention/retention-policy.js.map +1 -0
package/dist/compliance/retention/retention-scheduler.d.ts +124 -0
package/dist/compliance/retention/retention-scheduler.d.ts.map +1 -0
package/dist/compliance/retention/retention-scheduler.js +391 -0
package/dist/compliance/retention/retention-scheduler.js.map +1 -0
package/dist/compliance/types.d.ts +1162 -0
package/dist/compliance/types.d.ts.map +1 -0
package/dist/compliance/types.js +191 -0
package/dist/compliance/types.js.map +1 -0
package/dist/db/migration-checker.d.ts +183 -0
package/dist/db/migration-checker.d.ts.map +1 -0
package/dist/db/migration-checker.js +680 -0
package/dist/db/migration-checker.js.map +1 -0
package/dist/db/schema/api-keys.d.ts +506 -0
package/dist/db/schema/api-keys.d.ts.map +1 -0
package/dist/db/schema/api-keys.js +98 -0
package/dist/db/schema/api-keys.js.map +1 -0
package/dist/db/schema/escalations.d.ts +554 -0
package/dist/db/schema/escalations.d.ts.map +1 -0
package/dist/db/schema/escalations.js +97 -0
package/dist/db/schema/escalations.js.map +1 -0
package/dist/db/schema/index.d.ts +19 -0
package/dist/db/schema/index.d.ts.map +1 -0
package/dist/db/schema/index.js +19 -0
package/dist/db/schema/index.js.map +1 -0
package/dist/db/schema/intents.d.ts +535 -0
package/dist/db/schema/intents.d.ts.map +1 -0
package/dist/db/schema/intents.js +90 -0
package/dist/db/schema/intents.js.map +1 -0
package/dist/db/schema/merkle.d.ts +475 -0
package/dist/db/schema/merkle.d.ts.map +1 -0
package/dist/db/schema/merkle.js +100 -0
package/dist/db/schema/merkle.js.map +1 -0
package/dist/db/schema/operations.d.ts +256 -0
package/dist/db/schema/operations.d.ts.map +1 -0
package/dist/db/schema/operations.js +65 -0
package/dist/db/schema/operations.js.map +1 -0
package/dist/db/schema/policy-versions.d.ts +149 -0
package/dist/db/schema/policy-versions.d.ts.map +1 -0
package/dist/db/schema/policy-versions.js +40 -0
package/dist/db/schema/policy-versions.js.map +1 -0
package/dist/db/schema/proofs.d.ts +412 -0
package/dist/db/schema/proofs.d.ts.map +1 -0
package/dist/db/schema/proofs.js +63 -0
package/dist/db/schema/proofs.js.map +1 -0
package/dist/db/schema/service-accounts.d.ts +783 -0
package/dist/db/schema/service-accounts.d.ts.map +1 -0
package/dist/db/schema/service-accounts.js +176 -0
package/dist/db/schema/service-accounts.js.map +1 -0
package/dist/db/schema/trust.d.ts +593 -0
package/dist/db/schema/trust.d.ts.map +1 -0
package/dist/db/schema/trust.js +98 -0
package/dist/db/schema/trust.js.map +1 -0
package/dist/db/schema/users.d.ts +487 -0
package/dist/db/schema/users.d.ts.map +1 -0
package/dist/db/schema/users.js +133 -0
package/dist/db/schema/users.js.map +1 -0
package/dist/db/schema/webhooks.d.ts +382 -0
package/dist/db/schema/webhooks.d.ts.map +1 -0
package/dist/db/schema/webhooks.js +91 -0
package/dist/db/schema/webhooks.js.map +1 -0
package/dist/enforce/constraint-evaluator.d.ts +385 -0
package/dist/enforce/constraint-evaluator.d.ts.map +1 -0
package/dist/enforce/constraint-evaluator.js +648 -0
package/dist/enforce/constraint-evaluator.js.map +1 -0
package/dist/enforce/decision-aggregator.d.ts +269 -0
package/dist/enforce/decision-aggregator.d.ts.map +1 -0
package/dist/enforce/decision-aggregator.js +560 -0
package/dist/enforce/decision-aggregator.js.map +1 -0
package/dist/enforce/escalation-rules.d.ts +411 -0
package/dist/enforce/escalation-rules.d.ts.map +1 -0
package/dist/enforce/escalation-rules.js +681 -0
package/dist/enforce/escalation-rules.js.map +1 -0
package/dist/enforce/index.d.ts +175 -0
package/dist/enforce/index.d.ts.map +1 -0
package/dist/enforce/index.js +402 -0
package/dist/enforce/index.js.map +1 -0
package/dist/enforce/policy-engine.d.ts +390 -0
package/dist/enforce/policy-engine.d.ts.map +1 -0
package/dist/enforce/policy-engine.js +652 -0
package/dist/enforce/policy-engine.js.map +1 -0
package/dist/enforce/runtime-config.d.ts +387 -0
package/dist/enforce/runtime-config.d.ts.map +1 -0
package/dist/enforce/runtime-config.js +709 -0
package/dist/enforce/runtime-config.js.map +1 -0
package/dist/index.d.ts +63 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +74 -0
package/dist/index.js.map +1 -0
package/dist/intent/audit.d.ts +119 -0
package/dist/intent/audit.d.ts.map +1 -0
package/dist/intent/audit.js +457 -0
package/dist/intent/audit.js.map +1 -0
package/dist/intent/classifier/index.d.ts +121 -0
package/dist/intent/classifier/index.d.ts.map +1 -0
package/dist/intent/classifier/index.js +232 -0
package/dist/intent/classifier/index.js.map +1 -0
package/dist/intent/classifier/patterns.d.ts +129 -0
package/dist/intent/classifier/patterns.d.ts.map +1 -0
package/dist/intent/classifier/patterns.js +471 -0
package/dist/intent/classifier/patterns.js.map +1 -0
package/dist/intent/classifier/risk.d.ts +177 -0
package/dist/intent/classifier/risk.d.ts.map +1 -0
package/dist/intent/classifier/risk.js +335 -0
package/dist/intent/classifier/risk.js.map +1 -0
package/dist/intent/cleanup.d.ts +24 -0
package/dist/intent/cleanup.d.ts.map +1 -0
package/dist/intent/cleanup.js +104 -0
package/dist/intent/cleanup.js.map +1 -0
package/dist/intent/consent.d.ts +238 -0
package/dist/intent/consent.d.ts.map +1 -0
package/dist/intent/consent.js +427 -0
package/dist/intent/consent.js.map +1 -0
package/dist/intent/escalation.d.ts +208 -0
package/dist/intent/escalation.d.ts.map +1 -0
package/dist/intent/escalation.js +550 -0
package/dist/intent/escalation.js.map +1 -0
package/dist/intent/gdpr.d.ts +245 -0
package/dist/intent/gdpr.d.ts.map +1 -0
package/dist/intent/gdpr.js +580 -0
package/dist/intent/gdpr.js.map +1 -0
package/dist/intent/health.d.ts +214 -0
package/dist/intent/health.d.ts.map +1 -0
package/dist/intent/health.js +526 -0
package/dist/intent/health.js.map +1 -0
package/dist/intent/index.d.ts +447 -0
package/dist/intent/index.d.ts.map +1 -0
package/dist/intent/index.js +685 -0
package/dist/intent/index.js.map +1 -0
package/dist/intent/metrics.d.ts +391 -0
package/dist/intent/metrics.d.ts.map +1 -0
package/dist/intent/metrics.js +885 -0
package/dist/intent/metrics.js.map +1 -0
package/dist/intent/openapi.d.ts +22 -0
package/dist/intent/openapi.d.ts.map +1 -0
package/dist/intent/openapi.js +1674 -0
package/dist/intent/openapi.js.map +1 -0
package/dist/intent/planner/dependency.d.ts +78 -0
package/dist/intent/planner/dependency.d.ts.map +1 -0
package/dist/intent/planner/dependency.js +334 -0
package/dist/intent/planner/dependency.js.map +1 -0
package/dist/intent/planner/index.d.ts +157 -0
package/dist/intent/planner/index.d.ts.map +1 -0
package/dist/intent/planner/index.js +372 -0
package/dist/intent/planner/index.js.map +1 -0
package/dist/intent/planner/rollback.d.ts +92 -0
package/dist/intent/planner/rollback.d.ts.map +1 -0
package/dist/intent/planner/rollback.js +326 -0
package/dist/intent/planner/rollback.js.map +1 -0
package/dist/intent/planner/templates.d.ts +81 -0
package/dist/intent/planner/templates.d.ts.map +1 -0
package/dist/intent/planner/templates.js +560 -0
package/dist/intent/planner/templates.js.map +1 -0
package/dist/intent/queue.d.ts +150 -0
package/dist/intent/queue.d.ts.map +1 -0
package/dist/intent/queue.js +339 -0
package/dist/intent/queue.js.map +1 -0
package/dist/intent/queues.d.ts +176 -0
package/dist/intent/queues.d.ts.map +1 -0
package/dist/intent/queues.js +1382 -0
package/dist/intent/queues.js.map +1 -0
package/dist/intent/ratelimit.d.ts +147 -0
package/dist/intent/ratelimit.d.ts.map +1 -0
package/dist/intent/ratelimit.js +301 -0
package/dist/intent/ratelimit.js.map +1 -0
package/dist/intent/replay/comparator.d.ts +148 -0
package/dist/intent/replay/comparator.d.ts.map +1 -0
package/dist/intent/replay/comparator.js +320 -0
package/dist/intent/replay/comparator.js.map +1 -0
package/dist/intent/replay/index.d.ts +159 -0
package/dist/intent/replay/index.d.ts.map +1 -0
package/dist/intent/replay/index.js +486 -0
package/dist/intent/replay/index.js.map +1 -0
package/dist/intent/replay/simulator.d.ts +184 -0
package/dist/intent/replay/simulator.d.ts.map +1 -0
package/dist/intent/replay/simulator.js +510 -0
package/dist/intent/replay/simulator.js.map +1 -0
package/dist/intent/replay/snapshot.d.ts +149 -0
package/dist/intent/replay/snapshot.d.ts.map +1 -0
package/dist/intent/replay/snapshot.js +245 -0
package/dist/intent/replay/snapshot.js.map +1 -0
package/dist/intent/repository.d.ts +198 -0
package/dist/intent/repository.d.ts.map +1 -0
package/dist/intent/repository.js +526 -0
package/dist/intent/repository.js.map +1 -0
package/dist/intent/response-middleware.d.ts +156 -0
package/dist/intent/response-middleware.d.ts.map +1 -0
package/dist/intent/response-middleware.js +337 -0
package/dist/intent/response-middleware.js.map +1 -0
package/dist/intent/response.d.ts +267 -0
package/dist/intent/response.d.ts.map +1 -0
package/dist/intent/response.js +402 -0
package/dist/intent/response.js.map +1 -0
package/dist/intent/routes.d.ts +35 -0
package/dist/intent/routes.d.ts.map +1 -0
package/dist/intent/routes.js +801 -0
package/dist/intent/routes.js.map +1 -0
package/dist/intent/scheduler.d.ts +45 -0
package/dist/intent/scheduler.d.ts.map +1 -0
package/dist/intent/scheduler.js +221 -0
package/dist/intent/scheduler.js.map +1 -0
package/dist/intent/schema.d.ts +2997 -0
package/dist/intent/schema.d.ts.map +1 -0
package/dist/intent/schema.js +447 -0
package/dist/intent/schema.js.map +1 -0
package/dist/intent/shutdown.d.ts +145 -0
package/dist/intent/shutdown.d.ts.map +1 -0
package/dist/intent/shutdown.js +468 -0
package/dist/intent/shutdown.js.map +1 -0
package/dist/intent/state-machine.d.ts +111 -0
package/dist/intent/state-machine.d.ts.map +1 -0
package/dist/intent/state-machine.js +242 -0
package/dist/intent/state-machine.js.map +1 -0
package/dist/intent/tracing.d.ts +152 -0
package/dist/intent/tracing.d.ts.map +1 -0
package/dist/intent/tracing.js +658 -0
package/dist/intent/tracing.js.map +1 -0
package/dist/intent/types.d.ts +175 -0
package/dist/intent/types.d.ts.map +1 -0
package/dist/intent/types.js +25 -0
package/dist/intent/types.js.map +1 -0
package/dist/intent/webhooks/delivery-repository.d.ts +80 -0
package/dist/intent/webhooks/delivery-repository.d.ts.map +1 -0
package/dist/intent/webhooks/delivery-repository.js +251 -0
package/dist/intent/webhooks/delivery-repository.js.map +1 -0
package/dist/intent/webhooks/dns-pinning.d.ts +30 -0
package/dist/intent/webhooks/dns-pinning.d.ts.map +1 -0
package/dist/intent/webhooks/dns-pinning.js +69 -0
package/dist/intent/webhooks/dns-pinning.js.map +1 -0
package/dist/intent/webhooks/index.d.ts +14 -0
package/dist/intent/webhooks/index.d.ts.map +1 -0
package/dist/intent/webhooks/index.js +17 -0
package/dist/intent/webhooks/index.js.map +1 -0
package/dist/intent/webhooks/signature.d.ts +47 -0
package/dist/intent/webhooks/signature.d.ts.map +1 -0
package/dist/intent/webhooks/signature.js +80 -0
package/dist/intent/webhooks/signature.js.map +1 -0
package/dist/intent/webhooks/ssrf-protection.d.ts +29 -0
package/dist/intent/webhooks/ssrf-protection.d.ts.map +1 -0
package/dist/intent/webhooks/ssrf-protection.js +161 -0
package/dist/intent/webhooks/ssrf-protection.js.map +1 -0
package/dist/intent/webhooks/types.d.ts +132 -0
package/dist/intent/webhooks/types.d.ts.map +1 -0
package/dist/intent/webhooks/types.js +14 -0
package/dist/intent/webhooks/types.js.map +1 -0
package/dist/intent/webhooks.d.ts +610 -0
package/dist/intent/webhooks.d.ts.map +1 -0
package/dist/intent/webhooks.js +1793 -0
package/dist/intent/webhooks.js.map +1 -0
package/dist/policy/diff.d.ts +88 -0
package/dist/policy/diff.d.ts.map +1 -0
package/dist/policy/diff.js +325 -0
package/dist/policy/diff.js.map +1 -0
package/dist/policy/evaluator.d.ts +102 -0
package/dist/policy/evaluator.d.ts.map +1 -0
package/dist/policy/evaluator.js +647 -0
package/dist/policy/evaluator.js.map +1 -0
package/dist/policy/index.d.ts +16 -0
package/dist/policy/index.d.ts.map +1 -0
package/dist/policy/index.js +19 -0
package/dist/policy/index.js.map +1 -0
package/dist/policy/loader.d.ts +63 -0
package/dist/policy/loader.d.ts.map +1 -0
package/dist/policy/loader.js +173 -0
package/dist/policy/loader.js.map +1 -0
package/dist/policy/service.d.ts +150 -0
package/dist/policy/service.d.ts.map +1 -0
package/dist/policy/service.js +782 -0
package/dist/policy/service.js.map +1 -0
package/dist/policy/types.d.ts +220 -0
package/dist/policy/types.d.ts.map +1 -0
package/dist/policy/types.js +36 -0
package/dist/policy/types.js.map +1 -0
package/dist/proof/hybrid-signing.d.ts +82 -0
package/dist/proof/hybrid-signing.d.ts.map +1 -0
package/dist/proof/hybrid-signing.js +239 -0
package/dist/proof/hybrid-signing.js.map +1 -0
package/dist/proof/index.d.ts +203 -0
package/dist/proof/index.d.ts.map +1 -0
package/dist/proof/index.js +610 -0
package/dist/proof/index.js.map +1 -0
package/dist/proof/merkle-service.d.ts +194 -0
package/dist/proof/merkle-service.d.ts.map +1 -0
package/dist/proof/merkle-service.js +463 -0
package/dist/proof/merkle-service.js.map +1 -0
package/dist/proof/merkle.d.ts +118 -0
package/dist/proof/merkle.d.ts.map +1 -0
package/dist/proof/merkle.js +265 -0
package/dist/proof/merkle.js.map +1 -0
package/dist/security/ai-governance/access-policy.d.ts +197 -0
package/dist/security/ai-governance/access-policy.d.ts.map +1 -0
package/dist/security/ai-governance/access-policy.js +522 -0
package/dist/security/ai-governance/access-policy.js.map +1 -0
package/dist/security/ai-governance/audit-trail.d.ts +241 -0
package/dist/security/ai-governance/audit-trail.d.ts.map +1 -0
package/dist/security/ai-governance/audit-trail.js +645 -0
package/dist/security/ai-governance/audit-trail.js.map +1 -0
package/dist/security/ai-governance/bias-detection.d.ts +221 -0
package/dist/security/ai-governance/bias-detection.d.ts.map +1 -0
package/dist/security/ai-governance/bias-detection.js +615 -0
package/dist/security/ai-governance/bias-detection.js.map +1 -0
package/dist/security/ai-governance/index.d.ts +92 -0
package/dist/security/ai-governance/index.d.ts.map +1 -0
package/dist/security/ai-governance/index.js +184 -0
package/dist/security/ai-governance/index.js.map +1 -0
package/dist/security/ai-governance/middleware.d.ts +110 -0
package/dist/security/ai-governance/middleware.d.ts.map +1 -0
package/dist/security/ai-governance/middleware.js +359 -0
package/dist/security/ai-governance/middleware.js.map +1 -0
package/dist/security/ai-governance/model-registry.d.ts +229 -0
package/dist/security/ai-governance/model-registry.d.ts.map +1 -0
package/dist/security/ai-governance/model-registry.js +535 -0
package/dist/security/ai-governance/model-registry.js.map +1 -0
package/dist/security/ai-governance/output-filter.d.ts +150 -0
package/dist/security/ai-governance/output-filter.d.ts.map +1 -0
package/dist/security/ai-governance/output-filter.js +561 -0
package/dist/security/ai-governance/output-filter.js.map +1 -0
package/dist/security/ai-governance/prompt-injection.d.ts +153 -0
package/dist/security/ai-governance/prompt-injection.d.ts.map +1 -0
package/dist/security/ai-governance/prompt-injection.js +614 -0
package/dist/security/ai-governance/prompt-injection.js.map +1 -0
package/dist/security/ai-governance/rate-limiter.d.ts +156 -0
package/dist/security/ai-governance/rate-limiter.d.ts.map +1 -0
package/dist/security/ai-governance/rate-limiter.js +541 -0
package/dist/security/ai-governance/rate-limiter.js.map +1 -0
package/dist/security/ai-governance/types.d.ts +594 -0
package/dist/security/ai-governance/types.d.ts.map +1 -0
package/dist/security/ai-governance/types.js +6 -0
package/dist/security/ai-governance/types.js.map +1 -0
package/dist/security/alerting/channels/base.d.ts +91 -0
package/dist/security/alerting/channels/base.d.ts.map +1 -0
package/dist/security/alerting/channels/base.js +128 -0
package/dist/security/alerting/channels/base.js.map +1 -0
package/dist/security/alerting/channels/email.d.ts +92 -0
package/dist/security/alerting/channels/email.d.ts.map +1 -0
package/dist/security/alerting/channels/email.js +418 -0
package/dist/security/alerting/channels/email.js.map +1 -0
package/dist/security/alerting/channels/http-base.d.ts +86 -0
package/dist/security/alerting/channels/http-base.d.ts.map +1 -0
package/dist/security/alerting/channels/http-base.js +133 -0
package/dist/security/alerting/channels/http-base.js.map +1 -0
package/dist/security/alerting/channels/index.d.ts +30 -0
package/dist/security/alerting/channels/index.d.ts.map +1 -0
package/dist/security/alerting/channels/index.js +22 -0
package/dist/security/alerting/channels/index.js.map +1 -0
package/dist/security/alerting/channels/pagerduty.d.ts +70 -0
package/dist/security/alerting/channels/pagerduty.d.ts.map +1 -0
package/dist/security/alerting/channels/pagerduty.js +248 -0
package/dist/security/alerting/channels/pagerduty.js.map +1 -0
package/dist/security/alerting/channels/slack.d.ts +55 -0
package/dist/security/alerting/channels/slack.d.ts.map +1 -0
package/dist/security/alerting/channels/slack.js +215 -0
package/dist/security/alerting/channels/slack.js.map +1 -0
package/dist/security/alerting/channels/sns.d.ts +87 -0
package/dist/security/alerting/channels/sns.d.ts.map +1 -0
package/dist/security/alerting/channels/sns.js +251 -0
package/dist/security/alerting/channels/sns.js.map +1 -0
package/dist/security/alerting/channels/webhook.d.ts +92 -0
package/dist/security/alerting/channels/webhook.d.ts.map +1 -0
package/dist/security/alerting/channels/webhook.js +203 -0
package/dist/security/alerting/channels/webhook.js.map +1 -0
package/dist/security/alerting/detector.d.ts +217 -0
package/dist/security/alerting/detector.d.ts.map +1 -0
package/dist/security/alerting/detector.js +725 -0
package/dist/security/alerting/detector.js.map +1 -0
package/dist/security/alerting/index.d.ts +57 -0
package/dist/security/alerting/index.d.ts.map +1 -0
package/dist/security/alerting/index.js +214 -0
package/dist/security/alerting/index.js.map +1 -0
package/dist/security/alerting/service.d.ts +190 -0
package/dist/security/alerting/service.d.ts.map +1 -0
package/dist/security/alerting/service.js +815 -0
package/dist/security/alerting/service.js.map +1 -0
package/dist/security/alerting/types.d.ts +2165 -0
package/dist/security/alerting/types.d.ts.map +1 -0
package/dist/security/alerting/types.js +278 -0
package/dist/security/alerting/types.js.map +1 -0
package/dist/security/anomaly/detectors/account-compromise.d.ts +198 -0
package/dist/security/anomaly/detectors/account-compromise.d.ts.map +1 -0
package/dist/security/anomaly/detectors/account-compromise.js +815 -0
package/dist/security/anomaly/detectors/account-compromise.js.map +1 -0
package/dist/security/anomaly/detectors/data-exfiltration.d.ts +175 -0
package/dist/security/anomaly/detectors/data-exfiltration.d.ts.map +1 -0
package/dist/security/anomaly/detectors/data-exfiltration.js +733 -0
package/dist/security/anomaly/detectors/data-exfiltration.js.map +1 -0
package/dist/security/anomaly/detectors/geographic.d.ts +100 -0
package/dist/security/anomaly/detectors/geographic.d.ts.map +1 -0
package/dist/security/anomaly/detectors/geographic.js +348 -0
package/dist/security/anomaly/detectors/geographic.js.map +1 -0
package/dist/security/anomaly/detectors/index.d.ts +86 -0
package/dist/security/anomaly/detectors/index.d.ts.map +1 -0
package/dist/security/anomaly/detectors/index.js +118 -0
package/dist/security/anomaly/detectors/index.js.map +1 -0
package/dist/security/anomaly/detectors/lateral-movement.d.ts +168 -0
package/dist/security/anomaly/detectors/lateral-movement.d.ts.map +1 -0
package/dist/security/anomaly/detectors/lateral-movement.js +795 -0
package/dist/security/anomaly/detectors/lateral-movement.js.map +1 -0
package/dist/security/anomaly/detectors/privilege-escalation.d.ts +177 -0
package/dist/security/anomaly/detectors/privilege-escalation.d.ts.map +1 -0
package/dist/security/anomaly/detectors/privilege-escalation.js +741 -0
package/dist/security/anomaly/detectors/privilege-escalation.js.map +1 -0
package/dist/security/anomaly/detectors/temporal.d.ts +71 -0
package/dist/security/anomaly/detectors/temporal.d.ts.map +1 -0
package/dist/security/anomaly/detectors/temporal.js +398 -0
package/dist/security/anomaly/detectors/temporal.js.map +1 -0
package/dist/security/anomaly/detectors/volume.d.ts +97 -0
package/dist/security/anomaly/detectors/volume.d.ts.map +1 -0
package/dist/security/anomaly/detectors/volume.js +424 -0
package/dist/security/anomaly/detectors/volume.js.map +1 -0
package/dist/security/anomaly/index.d.ts +128 -0
package/dist/security/anomaly/index.d.ts.map +1 -0
package/dist/security/anomaly/index.js +378 -0
package/dist/security/anomaly/index.js.map +1 -0
package/dist/security/anomaly/types.d.ts +1209 -0
package/dist/security/anomaly/types.d.ts.map +1 -0
package/dist/security/anomaly/types.js +193 -0
package/dist/security/anomaly/types.js.map +1 -0
package/dist/security/api-keys/cache.d.ts +255 -0
package/dist/security/api-keys/cache.d.ts.map +1 -0
package/dist/security/api-keys/cache.js +595 -0
package/dist/security/api-keys/cache.js.map +1 -0
package/dist/security/api-keys/db-store.d.ts +150 -0
package/dist/security/api-keys/db-store.d.ts.map +1 -0
package/dist/security/api-keys/db-store.js +694 -0
package/dist/security/api-keys/db-store.js.map +1 -0
package/dist/security/api-keys/index.d.ts +29 -0
package/dist/security/api-keys/index.d.ts.map +1 -0
package/dist/security/api-keys/index.js +81 -0
package/dist/security/api-keys/index.js.map +1 -0
package/dist/security/api-keys/middleware.d.ts +164 -0
package/dist/security/api-keys/middleware.d.ts.map +1 -0
package/dist/security/api-keys/middleware.js +392 -0
package/dist/security/api-keys/middleware.js.map +1 -0
package/dist/security/api-keys/service.d.ts +226 -0
package/dist/security/api-keys/service.d.ts.map +1 -0
package/dist/security/api-keys/service.js +861 -0
package/dist/security/api-keys/service.js.map +1 -0
package/dist/security/api-keys/store.d.ts +241 -0
package/dist/security/api-keys/store.d.ts.map +1 -0
package/dist/security/api-keys/store.js +360 -0
package/dist/security/api-keys/store.js.map +1 -0
package/dist/security/api-keys/types.d.ts +718 -0
package/dist/security/api-keys/types.d.ts.map +1 -0
package/dist/security/api-keys/types.js +162 -0
package/dist/security/api-keys/types.js.map +1 -0
package/dist/security/brute-force.d.ts +390 -0
package/dist/security/brute-force.d.ts.map +1 -0
package/dist/security/brute-force.js +677 -0
package/dist/security/brute-force.js.map +1 -0
package/dist/security/config-validator.d.ts +152 -0
package/dist/security/config-validator.d.ts.map +1 -0
package/dist/security/config-validator.js +667 -0
package/dist/security/config-validator.js.map +1 -0
package/dist/security/crypto/fips-mode.d.ts +772 -0
package/dist/security/crypto/fips-mode.d.ts.map +1 -0
package/dist/security/crypto/fips-mode.js +1363 -0
package/dist/security/crypto/fips-mode.js.map +1 -0
package/dist/security/crypto/index.d.ts +202 -0
package/dist/security/crypto/index.d.ts.map +1 -0
package/dist/security/crypto/index.js +292 -0
package/dist/security/crypto/index.js.map +1 -0
package/dist/security/crypto/post-quantum/benchmark.d.ts +125 -0
package/dist/security/crypto/post-quantum/benchmark.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/benchmark.js +530 -0
package/dist/security/crypto/post-quantum/benchmark.js.map +1 -0
package/dist/security/crypto/post-quantum/dilithium.d.ts +144 -0
package/dist/security/crypto/post-quantum/dilithium.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/dilithium.js +675 -0
package/dist/security/crypto/post-quantum/dilithium.js.map +1 -0
package/dist/security/crypto/post-quantum/hybrid.d.ts +267 -0
package/dist/security/crypto/post-quantum/hybrid.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/hybrid.js +457 -0
package/dist/security/crypto/post-quantum/hybrid.js.map +1 -0
package/dist/security/crypto/post-quantum/index.d.ts +166 -0
package/dist/security/crypto/post-quantum/index.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/index.js +236 -0
package/dist/security/crypto/post-quantum/index.js.map +1 -0
package/dist/security/crypto/post-quantum/kyber.d.ts +129 -0
package/dist/security/crypto/post-quantum/kyber.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/kyber.js +649 -0
package/dist/security/crypto/post-quantum/kyber.js.map +1 -0
package/dist/security/crypto/post-quantum/migration.d.ts +230 -0
package/dist/security/crypto/post-quantum/migration.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/migration.js +563 -0
package/dist/security/crypto/post-quantum/migration.js.map +1 -0
package/dist/security/crypto/post-quantum/types.d.ts +1056 -0
package/dist/security/crypto/post-quantum/types.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/types.js +350 -0
package/dist/security/crypto/post-quantum/types.js.map +1 -0
package/dist/security/crypto/shamir/comparison.d.ts +128 -0
package/dist/security/crypto/shamir/comparison.d.ts.map +1 -0
package/dist/security/crypto/shamir/comparison.js +423 -0
package/dist/security/crypto/shamir/comparison.js.map +1 -0
package/dist/security/crypto/shamir/index.d.ts +76 -0
package/dist/security/crypto/shamir/index.d.ts.map +1 -0
package/dist/security/crypto/shamir/index.js +155 -0
package/dist/security/crypto/shamir/index.js.map +1 -0
package/dist/security/crypto/shamir/proofs.d.ts +259 -0
package/dist/security/crypto/shamir/proofs.d.ts.map +1 -0
package/dist/security/crypto/shamir/proofs.js +605 -0
package/dist/security/crypto/shamir/proofs.js.map +1 -0
package/dist/security/crypto/shamir/property-tests.d.ts +104 -0
package/dist/security/crypto/shamir/property-tests.d.ts.map +1 -0
package/dist/security/crypto/shamir/property-tests.js +480 -0
package/dist/security/crypto/shamir/property-tests.js.map +1 -0
package/dist/security/crypto/shamir/security-analysis.d.ts +97 -0
package/dist/security/crypto/shamir/security-analysis.d.ts.map +1 -0
package/dist/security/crypto/shamir/security-analysis.js +503 -0
package/dist/security/crypto/shamir/security-analysis.js.map +1 -0
package/dist/security/crypto/shamir/test-vectors.d.ts +116 -0
package/dist/security/crypto/shamir/test-vectors.d.ts.map +1 -0
package/dist/security/crypto/shamir/test-vectors.js +377 -0
package/dist/security/crypto/shamir/test-vectors.js.map +1 -0
package/dist/security/crypto/shamir/types.d.ts +281 -0
package/dist/security/crypto/shamir/types.d.ts.map +1 -0
package/dist/security/crypto/shamir/types.js +82 -0
package/dist/security/crypto/shamir/types.js.map +1 -0
package/dist/security/crypto/shamir/verified-shamir.d.ts +170 -0
package/dist/security/crypto/shamir/verified-shamir.d.ts.map +1 -0
package/dist/security/crypto/shamir/verified-shamir.js +624 -0
package/dist/security/crypto/shamir/verified-shamir.js.map +1 -0
package/dist/security/csrf.d.ts +215 -0
package/dist/security/csrf.d.ts.map +1 -0
package/dist/security/csrf.js +467 -0
package/dist/security/csrf.js.map +1 -0
package/dist/security/distributed-state.d.ts +331 -0
package/dist/security/distributed-state.d.ts.map +1 -0
package/dist/security/distributed-state.js +768 -0
package/dist/security/distributed-state.js.map +1 -0
package/dist/security/dlp/index.d.ts +27 -0
package/dist/security/dlp/index.d.ts.map +1 -0
package/dist/security/dlp/index.js +54 -0
package/dist/security/dlp/index.js.map +1 -0
package/dist/security/dlp/scanner.d.ts +451 -0
package/dist/security/dlp/scanner.d.ts.map +1 -0
package/dist/security/dlp/scanner.js +1241 -0
package/dist/security/dlp/scanner.js.map +1 -0
package/dist/security/dpop.d.ts +260 -0
package/dist/security/dpop.d.ts.map +1 -0
package/dist/security/dpop.js +1058 -0
package/dist/security/dpop.js.map +1 -0
package/dist/security/encryption/decorators.d.ts +263 -0
package/dist/security/encryption/decorators.d.ts.map +1 -0
package/dist/security/encryption/decorators.js +359 -0
package/dist/security/encryption/decorators.js.map +1 -0
package/dist/security/encryption/index.d.ts +83 -0
package/dist/security/encryption/index.d.ts.map +1 -0
package/dist/security/encryption/index.js +140 -0
package/dist/security/encryption/index.js.map +1 -0
package/dist/security/encryption/key-provider.d.ts +335 -0
package/dist/security/encryption/key-provider.d.ts.map +1 -0
package/dist/security/encryption/key-provider.js +853 -0
package/dist/security/encryption/key-provider.js.map +1 -0
package/dist/security/encryption/middleware.d.ts +279 -0
package/dist/security/encryption/middleware.d.ts.map +1 -0
package/dist/security/encryption/middleware.js +493 -0
package/dist/security/encryption/middleware.js.map +1 -0
package/dist/security/encryption/service.d.ts +164 -0
package/dist/security/encryption/service.d.ts.map +1 -0
package/dist/security/encryption/service.js +623 -0
package/dist/security/encryption/service.js.map +1 -0
package/dist/security/encryption/types.d.ts +745 -0
package/dist/security/encryption/types.d.ts.map +1 -0
package/dist/security/encryption/types.js +229 -0
package/dist/security/encryption/types.js.map +1 -0
package/dist/security/error-sanitizer.d.ts +329 -0
package/dist/security/error-sanitizer.d.ts.map +1 -0
package/dist/security/error-sanitizer.js +693 -0
package/dist/security/error-sanitizer.js.map +1 -0
package/dist/security/fingerprint-service.d.ts +139 -0
package/dist/security/fingerprint-service.d.ts.map +1 -0
package/dist/security/fingerprint-service.js +240 -0
package/dist/security/fingerprint-service.js.map +1 -0
package/dist/security/headers/csp.d.ts +270 -0
package/dist/security/headers/csp.d.ts.map +1 -0
package/dist/security/headers/csp.js +655 -0
package/dist/security/headers/csp.js.map +1 -0
package/dist/security/headers/hsts.d.ts +161 -0
package/dist/security/headers/hsts.d.ts.map +1 -0
package/dist/security/headers/hsts.js +346 -0
package/dist/security/headers/hsts.js.map +1 -0
package/dist/security/headers/index.d.ts +47 -0
package/dist/security/headers/index.d.ts.map +1 -0
package/dist/security/headers/index.js +110 -0
package/dist/security/headers/index.js.map +1 -0
package/dist/security/headers/middleware.d.ts +70 -0
package/dist/security/headers/middleware.d.ts.map +1 -0
package/dist/security/headers/middleware.js +549 -0
package/dist/security/headers/middleware.js.map +1 -0
package/dist/security/headers/permissions-policy.d.ts +189 -0
package/dist/security/headers/permissions-policy.d.ts.map +1 -0
package/dist/security/headers/permissions-policy.js +508 -0
package/dist/security/headers/permissions-policy.js.map +1 -0
package/dist/security/headers/types.d.ts +1570 -0
package/dist/security/headers/types.d.ts.map +1 -0
package/dist/security/headers/types.js +281 -0
package/dist/security/headers/types.js.map +1 -0
package/dist/security/headers/validator.d.ts +36 -0
package/dist/security/headers/validator.d.ts.map +1 -0
package/dist/security/headers/validator.js +616 -0
package/dist/security/headers/validator.js.map +1 -0
package/dist/security/hsm/aws-cloudhsm.d.ts +157 -0
package/dist/security/hsm/aws-cloudhsm.d.ts.map +1 -0
package/dist/security/hsm/aws-cloudhsm.js +712 -0
package/dist/security/hsm/aws-cloudhsm.js.map +1 -0
package/dist/security/hsm/azure-hsm.d.ts +174 -0
package/dist/security/hsm/azure-hsm.d.ts.map +1 -0
package/dist/security/hsm/azure-hsm.js +792 -0
package/dist/security/hsm/azure-hsm.js.map +1 -0
package/dist/security/hsm/gcp-hsm.d.ts +184 -0
package/dist/security/hsm/gcp-hsm.d.ts.map +1 -0
package/dist/security/hsm/gcp-hsm.js +817 -0
package/dist/security/hsm/gcp-hsm.js.map +1 -0
package/dist/security/hsm/hsm-service.d.ts +264 -0
package/dist/security/hsm/hsm-service.d.ts.map +1 -0
package/dist/security/hsm/hsm-service.js +772 -0
package/dist/security/hsm/hsm-service.js.map +1 -0
package/dist/security/hsm/index.d.ts +132 -0
package/dist/security/hsm/index.d.ts.map +1 -0
package/dist/security/hsm/index.js +198 -0
package/dist/security/hsm/index.js.map +1 -0
package/dist/security/hsm/key-ceremony.d.ts +214 -0
package/dist/security/hsm/key-ceremony.d.ts.map +1 -0
package/dist/security/hsm/key-ceremony.js +636 -0
package/dist/security/hsm/key-ceremony.js.map +1 -0
package/dist/security/hsm/local-softHSM.d.ts +122 -0
package/dist/security/hsm/local-softHSM.d.ts.map +1 -0
package/dist/security/hsm/local-softHSM.js +786 -0
package/dist/security/hsm/local-softHSM.js.map +1 -0
package/dist/security/hsm/provider.d.ts +333 -0
package/dist/security/hsm/provider.d.ts.map +1 -0
package/dist/security/hsm/provider.js +264 -0
package/dist/security/hsm/provider.js.map +1 -0
package/dist/security/hsm/thales-luna.d.ts +209 -0
package/dist/security/hsm/thales-luna.d.ts.map +1 -0
package/dist/security/hsm/thales-luna.js +820 -0
package/dist/security/hsm/thales-luna.js.map +1 -0
package/dist/security/incident/actions/block-ip.d.ts +84 -0
package/dist/security/incident/actions/block-ip.d.ts.map +1 -0
package/dist/security/incident/actions/block-ip.js +464 -0
package/dist/security/incident/actions/block-ip.js.map +1 -0
package/dist/security/incident/actions/collect-evidence.d.ts +95 -0
package/dist/security/incident/actions/collect-evidence.d.ts.map +1 -0
package/dist/security/incident/actions/collect-evidence.js +458 -0
package/dist/security/incident/actions/collect-evidence.js.map +1 -0
package/dist/security/incident/actions/index.d.ts +39 -0
package/dist/security/incident/actions/index.d.ts.map +1 -0
package/dist/security/incident/actions/index.js +52 -0
package/dist/security/incident/actions/index.js.map +1 -0
package/dist/security/incident/actions/isolate-system.d.ts +63 -0
package/dist/security/incident/actions/isolate-system.d.ts.map +1 -0
package/dist/security/incident/actions/isolate-system.js +379 -0
package/dist/security/incident/actions/isolate-system.js.map +1 -0
package/dist/security/incident/actions/notify-stakeholders.d.ts +72 -0
package/dist/security/incident/actions/notify-stakeholders.d.ts.map +1 -0
package/dist/security/incident/actions/notify-stakeholders.js +387 -0
package/dist/security/incident/actions/notify-stakeholders.js.map +1 -0
package/dist/security/incident/actions/revoke-credentials.d.ts +77 -0
package/dist/security/incident/actions/revoke-credentials.d.ts.map +1 -0
package/dist/security/incident/actions/revoke-credentials.js +329 -0
package/dist/security/incident/actions/revoke-credentials.js.map +1 -0
package/dist/security/incident/actions/scale-monitoring.d.ts +90 -0
package/dist/security/incident/actions/scale-monitoring.d.ts.map +1 -0
package/dist/security/incident/actions/scale-monitoring.js +483 -0
package/dist/security/incident/actions/scale-monitoring.js.map +1 -0
package/dist/security/incident/executor.d.ts +128 -0
package/dist/security/incident/executor.d.ts.map +1 -0
package/dist/security/incident/executor.js +695 -0
package/dist/security/incident/executor.js.map +1 -0
package/dist/security/incident/index.d.ts +220 -0
package/dist/security/incident/index.d.ts.map +1 -0
package/dist/security/incident/index.js +1284 -0
package/dist/security/incident/index.js.map +1 -0
package/dist/security/incident/notification.d.ts +68 -0
package/dist/security/incident/notification.d.ts.map +1 -0
package/dist/security/incident/notification.js +512 -0
package/dist/security/incident/notification.js.map +1 -0
package/dist/security/incident/playbooks/account-compromise.d.ts +13 -0
package/dist/security/incident/playbooks/account-compromise.d.ts.map +1 -0
package/dist/security/incident/playbooks/account-compromise.js +379 -0
package/dist/security/incident/playbooks/account-compromise.js.map +1 -0
package/dist/security/incident/playbooks/configuration-error.d.ts +17 -0
package/dist/security/incident/playbooks/configuration-error.d.ts.map +1 -0
package/dist/security/incident/playbooks/configuration-error.js +340 -0
package/dist/security/incident/playbooks/configuration-error.js.map +1 -0
package/dist/security/incident/playbooks/data-breach.d.ts +13 -0
package/dist/security/incident/playbooks/data-breach.d.ts.map +1 -0
package/dist/security/incident/playbooks/data-breach.js +394 -0
package/dist/security/incident/playbooks/data-breach.js.map +1 -0
package/dist/security/incident/playbooks/denial-of-service.d.ts +13 -0
package/dist/security/incident/playbooks/denial-of-service.d.ts.map +1 -0
package/dist/security/incident/playbooks/denial-of-service.js +540 -0
package/dist/security/incident/playbooks/denial-of-service.js.map +1 -0
package/dist/security/incident/playbooks/index.d.ts +36 -0
package/dist/security/incident/playbooks/index.d.ts.map +1 -0
package/dist/security/incident/playbooks/index.js +56 -0
package/dist/security/incident/playbooks/index.js.map +1 -0
package/dist/security/incident/playbooks/insider-threat.d.ts +18 -0
package/dist/security/incident/playbooks/insider-threat.d.ts.map +1 -0
package/dist/security/incident/playbooks/insider-threat.js +600 -0
package/dist/security/incident/playbooks/insider-threat.js.map +1 -0
package/dist/security/incident/playbooks/malware.d.ts +13 -0
package/dist/security/incident/playbooks/malware.d.ts.map +1 -0
package/dist/security/incident/playbooks/malware.js +515 -0
package/dist/security/incident/playbooks/malware.js.map +1 -0
package/dist/security/incident/playbooks/ransomware.d.ts +14 -0
package/dist/security/incident/playbooks/ransomware.d.ts.map +1 -0
package/dist/security/incident/playbooks/ransomware.js +693 -0
package/dist/security/incident/playbooks/ransomware.js.map +1 -0
package/dist/security/incident/playbooks/unauthorized-access.d.ts +13 -0
package/dist/security/incident/playbooks/unauthorized-access.d.ts.map +1 -0
package/dist/security/incident/playbooks/unauthorized-access.js +412 -0
package/dist/security/incident/playbooks/unauthorized-access.js.map +1 -0
package/dist/security/incident/triggers.d.ts +120 -0
package/dist/security/incident/triggers.d.ts.map +1 -0
package/dist/security/incident/triggers.js +708 -0
package/dist/security/incident/triggers.js.map +1 -0
package/dist/security/incident/types.d.ts +1517 -0
package/dist/security/incident/types.d.ts.map +1 -0
package/dist/security/incident/types.js +222 -0
package/dist/security/incident/types.js.map +1 -0
package/dist/security/index.d.ts +56 -0
package/dist/security/index.d.ts.map +1 -0
package/dist/security/index.js +267 -0
package/dist/security/index.js.map +1 -0
package/dist/security/injection-detector.d.ts +375 -0
package/dist/security/injection-detector.d.ts.map +1 -0
package/dist/security/injection-detector.js +969 -0
package/dist/security/injection-detector.js.map +1 -0
package/dist/security/introspection.d.ts +137 -0
package/dist/security/introspection.d.ts.map +1 -0
package/dist/security/introspection.js +451 -0
package/dist/security/introspection.js.map +1 -0
package/dist/security/key-rotation.d.ts +213 -0
package/dist/security/key-rotation.d.ts.map +1 -0
package/dist/security/key-rotation.js +530 -0
package/dist/security/key-rotation.js.map +1 -0
package/dist/security/kms/aws-kms.d.ts +152 -0
package/dist/security/kms/aws-kms.d.ts.map +1 -0
package/dist/security/kms/aws-kms.js +808 -0
package/dist/security/kms/aws-kms.js.map +1 -0
package/dist/security/kms/index.d.ts +165 -0
package/dist/security/kms/index.d.ts.map +1 -0
package/dist/security/kms/index.js +351 -0
package/dist/security/kms/index.js.map +1 -0
package/dist/security/kms/local.d.ts +127 -0
package/dist/security/kms/local.d.ts.map +1 -0
package/dist/security/kms/local.js +682 -0
package/dist/security/kms/local.js.map +1 -0
package/dist/security/kms/types.d.ts +1000 -0
package/dist/security/kms/types.d.ts.map +1 -0
package/dist/security/kms/types.js +167 -0
package/dist/security/kms/types.js.map +1 -0
package/dist/security/kms/vault.d.ts +165 -0
package/dist/security/kms/vault.d.ts.map +1 -0
package/dist/security/kms/vault.js +820 -0
package/dist/security/kms/vault.js.map +1 -0
package/dist/security/mfa/index.d.ts +17 -0
package/dist/security/mfa/index.d.ts.map +1 -0
package/dist/security/mfa/index.js +37 -0
package/dist/security/mfa/index.js.map +1 -0
package/dist/security/mfa/mfa-middleware.d.ts +74 -0
package/dist/security/mfa/mfa-middleware.d.ts.map +1 -0
package/dist/security/mfa/mfa-middleware.js +244 -0
package/dist/security/mfa/mfa-middleware.js.map +1 -0
package/dist/security/mfa/mfa-service.d.ts +115 -0
package/dist/security/mfa/mfa-service.d.ts.map +1 -0
package/dist/security/mfa/mfa-service.js +508 -0
package/dist/security/mfa/mfa-service.js.map +1 -0
package/dist/security/mfa/mfa-store.d.ts +615 -0
package/dist/security/mfa/mfa-store.d.ts.map +1 -0
package/dist/security/mfa/mfa-store.js +431 -0
package/dist/security/mfa/mfa-store.js.map +1 -0
package/dist/security/mfa/types.d.ts +417 -0
package/dist/security/mfa/types.d.ts.map +1 -0
package/dist/security/mfa/types.js +123 -0
package/dist/security/mfa/types.js.map +1 -0
package/dist/security/middleware.d.ts +179 -0
package/dist/security/middleware.d.ts.map +1 -0
package/dist/security/middleware.js +534 -0
package/dist/security/middleware.js.map +1 -0
package/dist/security/pairwise-did.d.ts +157 -0
package/dist/security/pairwise-did.d.ts.map +1 -0
package/dist/security/pairwise-did.js +450 -0
package/dist/security/pairwise-did.js.map +1 -0
package/dist/security/pam/break-glass.d.ts +776 -0
package/dist/security/pam/break-glass.d.ts.map +1 -0
package/dist/security/pam/break-glass.js +1137 -0
package/dist/security/pam/break-glass.js.map +1 -0
package/dist/security/pam/index.d.ts +120 -0
package/dist/security/pam/index.d.ts.map +1 -0
package/dist/security/pam/index.js +179 -0
package/dist/security/pam/index.js.map +1 -0
package/dist/security/pam/jit-access.d.ts +482 -0
package/dist/security/pam/jit-access.d.ts.map +1 -0
package/dist/security/pam/jit-access.js +1030 -0
package/dist/security/pam/jit-access.js.map +1 -0
package/dist/security/pam/session-recording.d.ts +1007 -0
package/dist/security/pam/session-recording.d.ts.map +1 -0
package/dist/security/pam/session-recording.js +1047 -0
package/dist/security/pam/session-recording.js.map +1 -0
package/dist/security/password-hashing.d.ts +199 -0
package/dist/security/password-hashing.d.ts.map +1 -0
package/dist/security/password-hashing.js +366 -0
package/dist/security/password-hashing.js.map +1 -0
package/dist/security/password-policy.d.ts +304 -0
package/dist/security/password-policy.d.ts.map +1 -0
package/dist/security/password-policy.js +730 -0
package/dist/security/password-policy.js.map +1 -0
package/dist/security/policy-engine/atsf-adapter.d.ts +93 -0
package/dist/security/policy-engine/atsf-adapter.d.ts.map +1 -0
package/dist/security/policy-engine/atsf-adapter.js +265 -0
package/dist/security/policy-engine/atsf-adapter.js.map +1 -0
package/dist/security/policy-engine/built-in-policies.d.ts +90 -0
package/dist/security/policy-engine/built-in-policies.d.ts.map +1 -0
package/dist/security/policy-engine/built-in-policies.js +627 -0
package/dist/security/policy-engine/built-in-policies.js.map +1 -0
package/dist/security/policy-engine/condition-evaluator.d.ts +129 -0
package/dist/security/policy-engine/condition-evaluator.d.ts.map +1 -0
package/dist/security/policy-engine/condition-evaluator.js +647 -0
package/dist/security/policy-engine/condition-evaluator.js.map +1 -0
package/dist/security/policy-engine/engine.d.ts +200 -0
package/dist/security/policy-engine/engine.d.ts.map +1 -0
package/dist/security/policy-engine/engine.js +752 -0
package/dist/security/policy-engine/engine.js.map +1 -0
package/dist/security/policy-engine/index.d.ts +59 -0
package/dist/security/policy-engine/index.d.ts.map +1 -0
package/dist/security/policy-engine/index.js +84 -0
package/dist/security/policy-engine/index.js.map +1 -0
package/dist/security/policy-engine/middleware.d.ts +77 -0
package/dist/security/policy-engine/middleware.d.ts.map +1 -0
package/dist/security/policy-engine/middleware.js +375 -0
package/dist/security/policy-engine/middleware.js.map +1 -0
package/dist/security/policy-engine/rule-evaluator.d.ts +140 -0
package/dist/security/policy-engine/rule-evaluator.d.ts.map +1 -0
package/dist/security/policy-engine/rule-evaluator.js +593 -0
package/dist/security/policy-engine/rule-evaluator.js.map +1 -0
package/dist/security/policy-engine/types.d.ts +2855 -0
package/dist/security/policy-engine/types.d.ts.map +1 -0
package/dist/security/policy-engine/types.js +443 -0
package/dist/security/policy-engine/types.js.map +1 -0
package/dist/security/refresh-token.d.ts +305 -0
package/dist/security/refresh-token.d.ts.map +1 -0
package/dist/security/refresh-token.js +678 -0
package/dist/security/refresh-token.js.map +1 -0
package/dist/security/request-integrity.d.ts +289 -0
package/dist/security/request-integrity.d.ts.map +1 -0
package/dist/security/request-integrity.js +663 -0
package/dist/security/request-integrity.js.map +1 -0
package/dist/security/revocation-check.d.ts +188 -0
package/dist/security/revocation-check.d.ts.map +1 -0
package/dist/security/revocation-check.js +606 -0
package/dist/security/revocation-check.js.map +1 -0
package/dist/security/revocation.d.ts +191 -0
package/dist/security/revocation.d.ts.map +1 -0
package/dist/security/revocation.js +522 -0
package/dist/security/revocation.js.map +1 -0
package/dist/security/secrets-rotation.d.ts +501 -0
package/dist/security/secrets-rotation.d.ts.map +1 -0
package/dist/security/secrets-rotation.js +934 -0
package/dist/security/secrets-rotation.js.map +1 -0
package/dist/security/secure-memory.d.ts +325 -0
package/dist/security/secure-memory.d.ts.map +1 -0
package/dist/security/secure-memory.js +595 -0
package/dist/security/secure-memory.js.map +1 -0
package/dist/security/security-service.d.ts +186 -0
package/dist/security/security-service.d.ts.map +1 -0
package/dist/security/security-service.js +531 -0
package/dist/security/security-service.js.map +1 -0
package/dist/security/service-auth/index.d.ts +20 -0
package/dist/security/service-auth/index.d.ts.map +1 -0
package/dist/security/service-auth/index.js +61 -0
package/dist/security/service-auth/index.js.map +1 -0
package/dist/security/service-auth/service-account.d.ts +357 -0
package/dist/security/service-auth/service-account.d.ts.map +1 -0
package/dist/security/service-auth/service-account.js +475 -0
package/dist/security/service-auth/service-account.js.map +1 -0
package/dist/security/service-auth/service-auth-middleware.d.ts +174 -0
package/dist/security/service-auth/service-auth-middleware.d.ts.map +1 -0
package/dist/security/service-auth/service-auth-middleware.js +461 -0
package/dist/security/service-auth/service-auth-middleware.js.map +1 -0
package/dist/security/service-auth/service-token.d.ts +391 -0
package/dist/security/service-auth/service-token.d.ts.map +1 -0
package/dist/security/service-auth/service-token.js +472 -0
package/dist/security/service-auth/service-token.js.map +1 -0
package/dist/security/session-manager.d.ts +177 -0
package/dist/security/session-manager.d.ts.map +1 -0
package/dist/security/session-manager.js +353 -0
package/dist/security/session-manager.js.map +1 -0
package/dist/security/session-store.d.ts +205 -0
package/dist/security/session-store.d.ts.map +1 -0
package/dist/security/session-store.js +581 -0
package/dist/security/session-store.js.map +1 -0
package/dist/security/siem/connector.d.ts +147 -0
package/dist/security/siem/connector.d.ts.map +1 -0
package/dist/security/siem/connector.js +254 -0
package/dist/security/siem/connector.js.map +1 -0
package/dist/security/siem/datadog.d.ts +81 -0
package/dist/security/siem/datadog.d.ts.map +1 -0
package/dist/security/siem/datadog.js +362 -0
package/dist/security/siem/datadog.js.map +1 -0
package/dist/security/siem/elastic.d.ts +83 -0
package/dist/security/siem/elastic.d.ts.map +1 -0
package/dist/security/siem/elastic.js +514 -0
package/dist/security/siem/elastic.js.map +1 -0
package/dist/security/siem/enrichment.d.ts +133 -0
package/dist/security/siem/enrichment.d.ts.map +1 -0
package/dist/security/siem/enrichment.js +434 -0
package/dist/security/siem/enrichment.js.map +1 -0
package/dist/security/siem/formatter.d.ts +118 -0
package/dist/security/siem/formatter.d.ts.map +1 -0
package/dist/security/siem/formatter.js +381 -0
package/dist/security/siem/formatter.js.map +1 -0
package/dist/security/siem/hooks.d.ts +107 -0
package/dist/security/siem/hooks.d.ts.map +1 -0
package/dist/security/siem/hooks.js +459 -0
package/dist/security/siem/hooks.js.map +1 -0
package/dist/security/siem/index.d.ts +83 -0
package/dist/security/siem/index.d.ts.map +1 -0
package/dist/security/siem/index.js +95 -0
package/dist/security/siem/index.js.map +1 -0
package/dist/security/siem/service.d.ts +153 -0
package/dist/security/siem/service.d.ts.map +1 -0
package/dist/security/siem/service.js +615 -0
package/dist/security/siem/service.js.map +1 -0
package/dist/security/siem/splunk.d.ts +76 -0
package/dist/security/siem/splunk.d.ts.map +1 -0
package/dist/security/siem/splunk.js +283 -0
package/dist/security/siem/splunk.js.map +1 -0
package/dist/security/siem/types.d.ts +1980 -0
package/dist/security/siem/types.d.ts.map +1 -0
package/dist/security/siem/types.js +268 -0
package/dist/security/siem/types.js.map +1 -0
package/dist/security/tee.d.ts +157 -0
package/dist/security/tee.d.ts.map +1 -0
package/dist/security/tee.js +1073 -0
package/dist/security/tee.js.map +1 -0
package/dist/security/threat-intel/bot-detection.d.ts +275 -0
package/dist/security/threat-intel/bot-detection.d.ts.map +1 -0
package/dist/security/threat-intel/bot-detection.js +890 -0
package/dist/security/threat-intel/bot-detection.js.map +1 -0
package/dist/security/threat-intel/credential-stuffing.d.ts +368 -0
package/dist/security/threat-intel/credential-stuffing.d.ts.map +1 -0
package/dist/security/threat-intel/credential-stuffing.js +957 -0
package/dist/security/threat-intel/credential-stuffing.js.map +1 -0
package/dist/security/threat-intel/index.d.ts +10 -0
package/dist/security/threat-intel/index.d.ts.map +1 -0
package/dist/security/threat-intel/index.js +18 -0
package/dist/security/threat-intel/index.js.map +1 -0
package/dist/security/threat-intel/ip-reputation.d.ts +323 -0
package/dist/security/threat-intel/ip-reputation.d.ts.map +1 -0
package/dist/security/threat-intel/ip-reputation.js +923 -0
package/dist/security/threat-intel/ip-reputation.js.map +1 -0
package/dist/security/token-lifecycle.d.ts +272 -0
package/dist/security/token-lifecycle.d.ts.map +1 -0
package/dist/security/token-lifecycle.js +732 -0
package/dist/security/token-lifecycle.js.map +1 -0
package/dist/security/token-lifetime.d.ts +206 -0
package/dist/security/token-lifetime.d.ts.map +1 -0
package/dist/security/token-lifetime.js +388 -0
package/dist/security/token-lifetime.js.map +1 -0
package/dist/security/trust-oracle/alerts.d.ts +202 -0
package/dist/security/trust-oracle/alerts.d.ts.map +1 -0
package/dist/security/trust-oracle/alerts.js +763 -0
package/dist/security/trust-oracle/alerts.js.map +1 -0
package/dist/security/trust-oracle/api.d.ts +116 -0
package/dist/security/trust-oracle/api.d.ts.map +1 -0
package/dist/security/trust-oracle/api.js +721 -0
package/dist/security/trust-oracle/api.js.map +1 -0
package/dist/security/trust-oracle/continuous-monitoring.d.ts +105 -0
package/dist/security/trust-oracle/continuous-monitoring.d.ts.map +1 -0
package/dist/security/trust-oracle/continuous-monitoring.js +710 -0
package/dist/security/trust-oracle/continuous-monitoring.js.map +1 -0
package/dist/security/trust-oracle/data-sources.d.ts +102 -0
package/dist/security/trust-oracle/data-sources.d.ts.map +1 -0
package/dist/security/trust-oracle/data-sources.js +794 -0
package/dist/security/trust-oracle/data-sources.js.map +1 -0
package/dist/security/trust-oracle/index.d.ts +79 -0
package/dist/security/trust-oracle/index.d.ts.map +1 -0
package/dist/security/trust-oracle/index.js +206 -0
package/dist/security/trust-oracle/index.js.map +1 -0
package/dist/security/trust-oracle/oracle.d.ts +125 -0
package/dist/security/trust-oracle/oracle.d.ts.map +1 -0
package/dist/security/trust-oracle/oracle.js +489 -0
package/dist/security/trust-oracle/oracle.js.map +1 -0
package/dist/security/trust-oracle/reporting.d.ts +145 -0
package/dist/security/trust-oracle/reporting.d.ts.map +1 -0
package/dist/security/trust-oracle/reporting.js +1098 -0
package/dist/security/trust-oracle/reporting.js.map +1 -0
package/dist/security/trust-oracle/risk-scorer.d.ts +207 -0
package/dist/security/trust-oracle/risk-scorer.d.ts.map +1 -0
package/dist/security/trust-oracle/risk-scorer.js +1033 -0
package/dist/security/trust-oracle/risk-scorer.js.map +1 -0
package/dist/security/trust-oracle/types.d.ts +444 -0
package/dist/security/trust-oracle/types.d.ts.map +1 -0
package/dist/security/trust-oracle/types.js +6 -0
package/dist/security/trust-oracle/types.js.map +1 -0
package/dist/security/trust-oracle/vendor-registry.d.ts +228 -0
package/dist/security/trust-oracle/vendor-registry.d.ts.map +1 -0
package/dist/security/trust-oracle/vendor-registry.js +727 -0
package/dist/security/trust-oracle/vendor-registry.js.map +1 -0
package/dist/security/types.d.ts +1796 -0
package/dist/security/types.d.ts.map +1 -0
package/dist/security/types.js +389 -0
package/dist/security/types.js.map +1 -0
package/dist/security/webauthn/index.d.ts +47 -0
package/dist/security/webauthn/index.d.ts.map +1 -0
package/dist/security/webauthn/index.js +48 -0
package/dist/security/webauthn/index.js.map +1 -0
package/dist/security/webauthn/middleware.d.ts +109 -0
package/dist/security/webauthn/middleware.d.ts.map +1 -0
package/dist/security/webauthn/middleware.js +629 -0
package/dist/security/webauthn/middleware.js.map +1 -0
package/dist/security/webauthn/service.d.ts +179 -0
package/dist/security/webauthn/service.d.ts.map +1 -0
package/dist/security/webauthn/service.js +757 -0
package/dist/security/webauthn/service.js.map +1 -0
package/dist/security/webauthn/store.d.ts +240 -0
package/dist/security/webauthn/store.d.ts.map +1 -0
package/dist/security/webauthn/store.js +505 -0
package/dist/security/webauthn/store.js.map +1 -0
package/dist/security/webauthn/types.d.ts +678 -0
package/dist/security/webauthn/types.d.ts.map +1 -0
package/dist/security/webauthn/types.js +176 -0
package/dist/security/webauthn/types.js.map +1 -0
package/dist/security/zkp/circuits.d.ts +296 -0
package/dist/security/zkp/circuits.d.ts.map +1 -0
package/dist/security/zkp/circuits.js +771 -0
package/dist/security/zkp/circuits.js.map +1 -0
package/dist/security/zkp/commitment.d.ts +319 -0
package/dist/security/zkp/commitment.d.ts.map +1 -0
package/dist/security/zkp/commitment.js +591 -0
package/dist/security/zkp/commitment.js.map +1 -0
package/dist/security/zkp/compliance.d.ts +251 -0
package/dist/security/zkp/compliance.d.ts.map +1 -0
package/dist/security/zkp/compliance.js +734 -0
package/dist/security/zkp/compliance.js.map +1 -0
package/dist/security/zkp/index.d.ts +184 -0
package/dist/security/zkp/index.d.ts.map +1 -0
package/dist/security/zkp/index.js +285 -0
package/dist/security/zkp/index.js.map +1 -0
package/dist/security/zkp/integration.d.ts +289 -0
package/dist/security/zkp/integration.d.ts.map +1 -0
package/dist/security/zkp/integration.js +571 -0
package/dist/security/zkp/integration.js.map +1 -0
package/dist/security/zkp/prover.d.ts +158 -0
package/dist/security/zkp/prover.d.ts.map +1 -0
package/dist/security/zkp/prover.js +465 -0
package/dist/security/zkp/prover.js.map +1 -0
package/dist/security/zkp/snark-utils.d.ts +321 -0
package/dist/security/zkp/snark-utils.d.ts.map +1 -0
package/dist/security/zkp/snark-utils.js +640 -0
package/dist/security/zkp/snark-utils.js.map +1 -0
package/dist/security/zkp/types.d.ts +1192 -0
package/dist/security/zkp/types.d.ts.map +1 -0
package/dist/security/zkp/types.js +264 -0
package/dist/security/zkp/types.js.map +1 -0
package/dist/security/zkp/verifier.d.ts +111 -0
package/dist/security/zkp/verifier.d.ts.map +1 -0
package/dist/security/zkp/verifier.js +554 -0
package/dist/security/zkp/verifier.js.map +1 -0
package/dist/semantic-governance/context-validator.d.ts +159 -0
package/dist/semantic-governance/context-validator.d.ts.map +1 -0
package/dist/semantic-governance/context-validator.js +599 -0
package/dist/semantic-governance/context-validator.js.map +1 -0
package/dist/semantic-governance/credential-manager.d.ts +156 -0
package/dist/semantic-governance/credential-manager.d.ts.map +1 -0
package/dist/semantic-governance/credential-manager.js +438 -0
package/dist/semantic-governance/credential-manager.js.map +1 -0
package/dist/semantic-governance/dual-channel.d.ts +138 -0
package/dist/semantic-governance/dual-channel.d.ts.map +1 -0
package/dist/semantic-governance/dual-channel.js +333 -0
package/dist/semantic-governance/dual-channel.js.map +1 -0
package/dist/semantic-governance/index.d.ts +107 -0
package/dist/semantic-governance/index.d.ts.map +1 -0
package/dist/semantic-governance/index.js +141 -0
package/dist/semantic-governance/index.js.map +1 -0
package/dist/semantic-governance/inference-validator.d.ts +114 -0
package/dist/semantic-governance/inference-validator.d.ts.map +1 -0
package/dist/semantic-governance/inference-validator.js +390 -0
package/dist/semantic-governance/inference-validator.js.map +1 -0
package/dist/semantic-governance/instruction-validator.d.ts +146 -0
package/dist/semantic-governance/instruction-validator.d.ts.map +1 -0
package/dist/semantic-governance/instruction-validator.js +357 -0
package/dist/semantic-governance/instruction-validator.js.map +1 -0
package/dist/semantic-governance/integration.d.ts +253 -0
package/dist/semantic-governance/integration.d.ts.map +1 -0
package/dist/semantic-governance/integration.js +657 -0
package/dist/semantic-governance/integration.js.map +1 -0
package/dist/semantic-governance/output-validator.d.ts +135 -0
package/dist/semantic-governance/output-validator.d.ts.map +1 -0
package/dist/semantic-governance/output-validator.js +442 -0
package/dist/semantic-governance/output-validator.js.map +1 -0
package/dist/semantic-governance/service.d.ts +120 -0
package/dist/semantic-governance/service.d.ts.map +1 -0
package/dist/semantic-governance/service.js +527 -0
package/dist/semantic-governance/service.js.map +1 -0
package/dist/semantic-governance/types.d.ts +3916 -0
package/dist/semantic-governance/types.d.ts.map +1 -0
package/dist/semantic-governance/types.js +462 -0
package/dist/semantic-governance/types.js.map +1 -0
package/dist/trust-engine/aci-integration.d.ts +6 -0
package/dist/trust-engine/aci-integration.d.ts.map +1 -0
package/dist/trust-engine/aci-integration.js +6 -0
package/dist/trust-engine/aci-integration.js.map +1 -0
package/dist/trust-engine/car-integration.d.ts +244 -0
package/dist/trust-engine/car-integration.d.ts.map +1 -0
package/dist/trust-engine/car-integration.js +332 -0
package/dist/trust-engine/car-integration.js.map +1 -0
package/dist/trust-engine/context.d.ts +197 -0
package/dist/trust-engine/context.d.ts.map +1 -0
package/dist/trust-engine/context.js +307 -0
package/dist/trust-engine/context.js.map +1 -0
package/dist/trust-engine/index.d.ts +410 -0
package/dist/trust-engine/index.d.ts.map +1 -0
package/dist/trust-engine/index.js +1221 -0
package/dist/trust-engine/index.js.map +1 -0
package/dist/trust-engine/observability.d.ts +175 -0
package/dist/trust-engine/observability.d.ts.map +1 -0
package/dist/trust-engine/observability.js +244 -0
package/dist/trust-engine/observability.js.map +1 -0
package/package.json +200 -0

package/dist/security/crypto/fips-mode.js ADDED Viewed

@@ -0,0 +1,1363 @@
+/**
+ * FIPS 140-2 Compliant Cryptography Mode
+ *
+ * Provides FIPS 140-2 Level 1 compliant cryptographic operations for FedRAMP
+ * compliance. Enforces the use of only FIPS-approved algorithms and key lengths.
+ *
+ * FIPS Approved Algorithms:
+ * - Symmetric Encryption: AES-128, AES-256 (GCM, CBC, CTR modes)
+ * - Hash Functions: SHA-256, SHA-384, SHA-512 (NO SHA-1, MD5)
+ * - Asymmetric: RSA (2048+ bits), ECDSA (P-256, P-384, P-521)
+ * - MACs: HMAC-SHA256, HMAC-SHA384, HMAC-SHA512
+ * - Key Derivation: PBKDF2, HKDF with approved hash functions
+ * - Transport: TLS 1.2+ only
+ * - Post-Quantum KEM (FIPS 203): ML-KEM-512, ML-KEM-768, ML-KEM-1024
+ * - Post-Quantum Signatures (FIPS 204): ML-DSA-44, ML-DSA-65, ML-DSA-87
+ *
+ * Security Guarantees:
+ * - Algorithm validation before every operation
+ * - Key length enforcement per algorithm
+ * - Comprehensive audit logging
+ * - Runtime enforcement with configurable strict mode
+ *
+ * @packageDocumentation
+ * @module security/crypto/fips-mode
+ */
+import * as crypto from 'node:crypto';
+import { randomUUID } from 'node:crypto';
+import { z } from 'zod';
+import { createLogger } from '../../common/logger.js';
+const logger = createLogger({ component: 'fips-crypto' });
+// =============================================================================
+// FIPS Constants
+// =============================================================================
+/**
+ * FIPS 140-2 approved symmetric encryption algorithms
+ */
+export const FIPS_SYMMETRIC_ALGORITHMS = {
+    'AES-128-GCM': 'aes-128-gcm',
+    'AES-256-GCM': 'aes-256-gcm',
+    'AES-128-CBC': 'aes-128-cbc',
+    'AES-256-CBC': 'aes-256-cbc',
+    'AES-128-CTR': 'aes-128-ctr',
+    'AES-256-CTR': 'aes-256-ctr',
+};
+/**
+ * FIPS 140-2 approved hash algorithms
+ */
+export const FIPS_HASH_ALGORITHMS = {
+    'SHA-256': 'sha256',
+    'SHA-384': 'sha384',
+    'SHA-512': 'sha512',
+};
+/**
+ * FIPS 140-2 approved HMAC algorithms
+ */
+export const FIPS_HMAC_ALGORITHMS = {
+    'HMAC-SHA256': 'sha256',
+    'HMAC-SHA384': 'sha384',
+    'HMAC-SHA512': 'sha512',
+};
+/**
+ * FIPS 140-2 approved asymmetric algorithms
+ */
+export const FIPS_ASYMMETRIC_ALGORITHMS = {
+    'RSA-2048': 'rsa',
+    'RSA-3072': 'rsa',
+    'RSA-4096': 'rsa',
+    'ECDSA-P256': 'ec',
+    'ECDSA-P384': 'ec',
+    'ECDSA-P521': 'ec',
+};
+/**
+ * FIPS 140-2 approved ECDSA curves
+ */
+export const FIPS_ECDSA_CURVES = {
+    'P-256': 'prime256v1',
+    'P-384': 'secp384r1',
+    'P-521': 'secp521r1',
+};
+/**
+ * FIPS 203 approved ML-KEM (Key Encapsulation Mechanism) algorithms
+ *
+ * Finalized August 2024. ML-KEM replaces CRYSTALS-Kyber.
+ * - ML-KEM-512: NIST Security Level 1 (equivalent to AES-128)
+ * - ML-KEM-768: NIST Security Level 3 (equivalent to AES-192) — recommended
+ * - ML-KEM-1024: NIST Security Level 5 (equivalent to AES-256)
+ */
+export const FIPS_KEM_ALGORITHMS = {
+    'ML-KEM-512': 'ml-kem-512',
+    'ML-KEM-768': 'ml-kem-768',
+    'ML-KEM-1024': 'ml-kem-1024',
+};
+/**
+ * FIPS 204 approved ML-DSA (Digital Signature Algorithm) algorithms
+ *
+ * Finalized August 2024. ML-DSA replaces CRYSTALS-Dilithium.
+ * - ML-DSA-44: NIST Security Level 2 (128-bit classical security)
+ * - ML-DSA-65: NIST Security Level 3 (192-bit classical security) — recommended
+ * - ML-DSA-87: NIST Security Level 5 (256-bit classical security)
+ */
+export const FIPS_PQ_SIGNATURE_ALGORITHMS = {
+    'ML-DSA-44': 'ml-dsa-44',
+    'ML-DSA-65': 'ml-dsa-65',
+    'ML-DSA-87': 'ml-dsa-87',
+};
+/**
+ * ML-KEM public key sizes in bytes (FIPS 203)
+ */
+export const ML_KEM_PUBLIC_KEY_SIZES = {
+    'ml-kem-512': 800,
+    'ml-kem-768': 1184,
+    'ml-kem-1024': 1568,
+};
+/**
+ * ML-DSA public key sizes in bytes (FIPS 204)
+ */
+export const ML_DSA_PUBLIC_KEY_SIZES = {
+    'ml-dsa-44': 1312,
+    'ml-dsa-65': 1952,
+    'ml-dsa-87': 2592,
+};
+/**
+ * FIPS 140-2 minimum key lengths by algorithm type
+ */
+export const FIPS_MINIMUM_KEY_LENGTHS = {
+    aes: 128,
+    rsa: 2048,
+    'ec-p256': 256,
+    'ec-p384': 384,
+    'ec-p521': 521,
+    hmac: 128,
+    // FIPS 203 ML-KEM security levels (public key size in bytes * 8 = bits)
+    'ml-kem-512': 6400, // 800 bytes pk
+    'ml-kem-768': 9472, // 1184 bytes pk
+    'ml-kem-1024': 12544, // 1568 bytes pk
+    // FIPS 204 ML-DSA security levels (public key size in bytes * 8 = bits)
+    'ml-dsa-44': 10496, // 1312 bytes pk
+    'ml-dsa-65': 15616, // 1952 bytes pk
+    'ml-dsa-87': 20736, // 2592 bytes pk
+};
+/**
+ * Non-FIPS algorithms that should be rejected
+ */
+export const NON_FIPS_ALGORITHMS = [
+    'md5',
+    'sha1',
+    'sha-1',
+    'des',
+    '3des',
+    'des-ede',
+    'des-ede3',
+    'rc2',
+    'rc4',
+    'blowfish',
+    'bf',
+    'idea',
+    'cast',
+    'cast5',
+    'seed',
+];
+/**
+ * FIPS-approved TLS versions
+ */
+export const FIPS_TLS_VERSIONS = ['TLSv1.2', 'TLSv1.3'];
+/**
+ * Non-FIPS TLS versions that should be rejected
+ */
+export const NON_FIPS_TLS_VERSIONS = ['SSLv2', 'SSLv3', 'TLSv1', 'TLSv1.1'];
+export const fipsModeConfigSchema = z.object({
+    enabled: z.boolean().default(false),
+    strictMode: z.boolean().default(true),
+    allowedAlgorithms: z.array(z.string()).default([
+        ...Object.values(FIPS_SYMMETRIC_ALGORITHMS),
+        ...Object.values(FIPS_HASH_ALGORITHMS),
+    ]),
+    minimumKeyLengths: z.record(z.string(), z.number()).default(FIPS_MINIMUM_KEY_LENGTHS),
+    auditAllCryptoOperations: z.boolean().default(true),
+    alertOnViolations: z.boolean().default(true),
+});
+/**
+ * Default FIPS mode configuration
+ */
+export const DEFAULT_FIPS_CONFIG = {
+    enabled: process.env['VORION_FIPS_MODE'] === 'true',
+    strictMode: true,
+    allowedAlgorithms: [
+        ...Object.values(FIPS_SYMMETRIC_ALGORITHMS),
+        ...Object.values(FIPS_HASH_ALGORITHMS),
+        ...Object.values(FIPS_KEM_ALGORITHMS),
+        ...Object.values(FIPS_PQ_SIGNATURE_ALGORITHMS),
+    ],
+    minimumKeyLengths: { ...FIPS_MINIMUM_KEY_LENGTHS },
+    auditAllCryptoOperations: true,
+    alertOnViolations: true,
+};
+/**
+ * Crypto operation types for audit logging
+ */
+export const CryptoOperationType = {
+    ENCRYPT: 'encrypt',
+    DECRYPT: 'decrypt',
+    HASH: 'hash',
+    HMAC: 'hmac',
+    SIGN: 'sign',
+    VERIFY: 'verify',
+    KEY_DERIVE: 'key_derive',
+    RANDOM: 'random',
+    KEY_GENERATE: 'key_generate',
+    KEM_ENCAPSULATE: 'kem_encapsulate',
+    KEM_DECAPSULATE: 'kem_decapsulate',
+};
+export const cryptoOperationSchema = z.object({
+    type: z.nativeEnum(CryptoOperationType),
+    algorithm: z.string().min(1),
+    keyLength: z.number().int().positive().optional(),
+    curve: z.string().optional(),
+    hashFunction: z.string().optional(),
+    context: z.record(z.unknown()).optional(),
+});
+export const fipsViolationSchema = z.object({
+    id: z.string().uuid(),
+    timestamp: z.coerce.date(),
+    type: z.enum(['algorithm', 'key_length', 'hash', 'tls', 'certificate']),
+    operation: cryptoOperationSchema,
+    reason: z.string(),
+    blocked: z.boolean(),
+    stackTrace: z.string().optional(),
+});
+export const fipsAuditEntrySchema = z.object({
+    id: z.string().uuid(),
+    timestamp: z.coerce.date(),
+    operationType: z.nativeEnum(CryptoOperationType),
+    algorithm: z.string(),
+    keyLength: z.number().int().positive().optional(),
+    success: z.boolean(),
+    fipsCompliant: z.boolean(),
+    durationMs: z.number().nonnegative(),
+    error: z.string().optional(),
+    requestId: z.string().optional(),
+    userId: z.string().optional(),
+    tenantId: z.string().optional(),
+});
+export const DEFAULT_CERT_VALIDATION_OPTIONS = {
+    minRSAKeySize: 2048,
+    minECDSACurve: 'P-256',
+    requireTLS12: true,
+    rejectWeakCipherSuites: true,
+};
+// =============================================================================
+// FIPS Error
+// =============================================================================
+/**
+ * Error codes for FIPS operations
+ */
+export const FIPSErrorCode = {
+    /** Non-FIPS algorithm attempted */
+    NON_FIPS_ALGORITHM: 'FIPS_NON_COMPLIANT_ALGORITHM',
+    /** Key length below minimum */
+    INSUFFICIENT_KEY_LENGTH: 'FIPS_INSUFFICIENT_KEY_LENGTH',
+    /** Non-FIPS hash function */
+    NON_FIPS_HASH: 'FIPS_NON_COMPLIANT_HASH',
+    /** Non-FIPS TLS version */
+    NON_FIPS_TLS: 'FIPS_NON_COMPLIANT_TLS',
+    /** Weak certificate */
+    WEAK_CERTIFICATE: 'FIPS_WEAK_CERTIFICATE',
+    /** Provider not initialized */
+    NOT_INITIALIZED: 'FIPS_NOT_INITIALIZED',
+    /** Operation failed */
+    OPERATION_FAILED: 'FIPS_OPERATION_FAILED',
+    /** Invalid configuration */
+    INVALID_CONFIG: 'FIPS_INVALID_CONFIG',
+};
+/**
+ * Custom error class for FIPS operations
+ */
+export class FIPSError extends Error {
+    code;
+    details;
+    constructor(message, code, details) {
+        super(message);
+        this.code = code;
+        this.details = details;
+        this.name = 'FIPSError';
+    }
+}
+// =============================================================================
+// Validation Functions
+// =============================================================================
+/**
+ * Validate if an algorithm is FIPS 140-2 compliant
+ *
+ * @param algorithm - The algorithm name to validate
+ * @returns true if the algorithm is FIPS compliant
+ */
+export function validateAlgorithm(algorithm) {
+    const normalizedAlgorithm = algorithm.toLowerCase().replace(/_/g, '-');
+    // Check if it's a known non-FIPS algorithm
+    if (NON_FIPS_ALGORITHMS.some(nonFips => normalizedAlgorithm.includes(nonFips.toLowerCase()))) {
+        return false;
+    }
+    // Check against approved algorithms
+    const approvedAlgorithms = [
+        ...Object.values(FIPS_SYMMETRIC_ALGORITHMS),
+        ...Object.values(FIPS_HASH_ALGORITHMS),
+        ...Object.values(FIPS_HMAC_ALGORITHMS),
+        ...Object.values(FIPS_KEM_ALGORITHMS),
+        ...Object.values(FIPS_PQ_SIGNATURE_ALGORITHMS),
+    ].map(a => a.toLowerCase());
+    // Direct match
+    if (approvedAlgorithms.includes(normalizedAlgorithm)) {
+        return true;
+    }
+    // Check for AES variants
+    if (normalizedAlgorithm.startsWith('aes-')) {
+        const match = normalizedAlgorithm.match(/aes-(\d+)/);
+        if (match) {
+            const keySize = parseInt(match[1], 10);
+            return keySize === 128 || keySize === 192 || keySize === 256;
+        }
+    }
+    // Check for SHA-2 variants
+    if (normalizedAlgorithm.startsWith('sha') && !normalizedAlgorithm.includes('sha1')) {
+        return ['sha256', 'sha384', 'sha512', 'sha-256', 'sha-384', 'sha-512'].includes(normalizedAlgorithm);
+    }
+    return false;
+}
+/**
+ * Validate if a key length meets FIPS 140-2 requirements
+ *
+ * @param algorithm - The algorithm type
+ * @param keyLength - The key length in bits
+ * @returns true if the key length is FIPS compliant
+ */
+export function validateKeyLength(algorithm, keyLength) {
+    const normalizedAlgorithm = algorithm.toLowerCase();
+    // AES key lengths
+    if (normalizedAlgorithm.includes('aes')) {
+        return keyLength >= 128 && [128, 192, 256].includes(keyLength);
+    }
+    // RSA key lengths
+    if (normalizedAlgorithm.includes('rsa')) {
+        return keyLength >= 2048;
+    }
+    // ECDSA key lengths (based on curve)
+    if (normalizedAlgorithm.includes('ec') || normalizedAlgorithm.includes('ecdsa')) {
+        return keyLength >= 256 && [256, 384, 521].includes(keyLength);
+    }
+    // HMAC key lengths
+    if (normalizedAlgorithm.includes('hmac')) {
+        return keyLength >= 128;
+    }
+    // ML-KEM key lengths (FIPS 203) — validate public key size in bits
+    if (normalizedAlgorithm.includes('ml-kem')) {
+        return [6400, 9472, 12544].includes(keyLength); // 800, 1184, 1568 bytes
+    }
+    // ML-DSA key lengths (FIPS 204) — validate public key size in bits
+    if (normalizedAlgorithm.includes('ml-dsa')) {
+        return [10496, 15616, 20736].includes(keyLength); // 1312, 1952, 2592 bytes
+    }
+    // Default minimum
+    return keyLength >= 128;
+}
+/**
+ * Validate if a hash function is FIPS 140-2 compliant
+ *
+ * @param hashFunction - The hash function name
+ * @returns true if the hash is FIPS compliant
+ */
+export function validateHash(hashFunction) {
+    const normalizedHash = hashFunction.toLowerCase().replace(/_/g, '-');
+    // Explicitly reject non-FIPS hashes
+    const nonFIPSHashes = ['md5', 'sha1', 'sha-1', 'md4', 'md2', 'ripemd'];
+    if (nonFIPSHashes.some(h => normalizedHash.includes(h))) {
+        return false;
+    }
+    // Check approved hashes
+    const approvedHashes = ['sha256', 'sha384', 'sha512', 'sha-256', 'sha-384', 'sha-512'];
+    return approvedHashes.includes(normalizedHash);
+}
+/**
+ * Validate if a complete crypto operation is FIPS 140-2 compliant
+ *
+ * @param operation - The crypto operation to validate
+ * @returns true if the operation is FIPS compliant
+ */
+export function isFIPSCompliant(operation) {
+    // Validate algorithm
+    if (!validateAlgorithm(operation.algorithm)) {
+        return false;
+    }
+    // Validate key length if provided
+    if (operation.keyLength !== undefined) {
+        if (!validateKeyLength(operation.algorithm, operation.keyLength)) {
+            return false;
+        }
+    }
+    // Validate hash function if provided
+    if (operation.hashFunction !== undefined) {
+        if (!validateHash(operation.hashFunction)) {
+            return false;
+        }
+    }
+    // Validate ECDSA curve if provided
+    if (operation.curve !== undefined) {
+        const approvedCurves = Object.values(FIPS_ECDSA_CURVES);
+        const curveNames = Object.keys(FIPS_ECDSA_CURVES);
+        if (!approvedCurves.includes(operation.curve) &&
+            !curveNames.includes(operation.curve)) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Validate TLS version
+ *
+ * @param tlsVersion - The TLS version string
+ * @returns true if the TLS version is FIPS compliant
+ */
+export function validateTLSVersion(tlsVersion) {
+    const normalized = tlsVersion.replace(/\s+/g, '');
+    return FIPS_TLS_VERSIONS.includes(normalized);
+}
+/**
+ * Validate cipher suite
+ *
+ * @param cipherSuite - The cipher suite string
+ * @returns true if the cipher suite is FIPS compliant
+ */
+export function validateCipherSuite(cipherSuite) {
+    const weakCiphers = [
+        'RC4',
+        'DES',
+        '3DES',
+        'MD5',
+        'SHA1',
+        'NULL',
+        'EXPORT',
+        'anon',
+        'IDEA',
+    ];
+    const normalizedSuite = cipherSuite.toUpperCase();
+    return !weakCiphers.some(weak => normalizedSuite.includes(weak));
+}
+// =============================================================================
+// FIPS Crypto Provider
+// =============================================================================
+/**
+ * FIPS 140-2 Compliant Crypto Provider
+ *
+ * Provides cryptographic operations that enforce FIPS 140-2 compliance.
+ * All operations are validated and audited.
+ *
+ * @example
+ * ```typescript
+ * const provider = new FIPSCryptoProvider();
+ * await provider.initialize();
+ *
+ * // Encrypt data
+ * const encrypted = await provider.fipsEncrypt(
+ *   Buffer.from('sensitive data'),
+ *   key,
+ *   'aes-256-gcm'
+ * );
+ *
+ * // Hash data
+ * const hash = await provider.fipsHash(
+ *   Buffer.from('data'),
+ *   'sha256'
+ * );
+ * ```
+ */
+export class FIPSCryptoProvider {
+    config;
+    auditCallbacks = [];
+    violations = [];
+    initialized = false;
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_FIPS_CONFIG, ...config };
+    }
+    /**
+     * Initialize the FIPS crypto provider
+     */
+    async initialize() {
+        if (this.initialized) {
+            logger.warn('FIPSCryptoProvider already initialized');
+            return;
+        }
+        logger.info({
+            enabled: this.config.enabled,
+            strictMode: this.config.strictMode,
+            auditEnabled: this.config.auditAllCryptoOperations,
+        }, 'Initializing FIPSCryptoProvider');
+        // Check if Node.js has FIPS mode available
+        if (this.config.enabled) {
+            try {
+                // Check for FIPS module availability
+                const fipsEnabled = crypto.getFips?.() ?? false;
+                if (!fipsEnabled) {
+                    logger.warn('Node.js FIPS mode is not enabled. Software-based FIPS validation will be used.');
+                }
+            }
+            catch {
+                logger.warn('Unable to check Node.js FIPS status');
+            }
+        }
+        this.initialized = true;
+        logger.info('FIPSCryptoProvider initialized');
+    }
+    /**
+     * Ensure the provider is initialized
+     */
+    ensureInitialized() {
+        if (!this.initialized) {
+            throw new FIPSError('FIPSCryptoProvider not initialized. Call initialize() first.', FIPSErrorCode.NOT_INITIALIZED);
+        }
+    }
+    /**
+     * Get current configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * Check if FIPS mode is enabled
+     */
+    isFIPSModeEnabled() {
+        return this.config.enabled;
+    }
+    /**
+     * Register an audit callback
+     */
+    onAudit(callback) {
+        this.auditCallbacks.push(callback);
+    }
+    /**
+     * Get recorded violations
+     */
+    getViolations() {
+        return [...this.violations];
+    }
+    /**
+     * Clear recorded violations
+     */
+    clearViolations() {
+        this.violations.length = 0;
+    }
+    /**
+     * Emit audit event
+     */
+    async emitAudit(entry) {
+        if (!this.config.auditAllCryptoOperations)
+            return;
+        for (const callback of this.auditCallbacks) {
+            try {
+                await callback(entry);
+            }
+            catch (error) {
+                logger.error({ error, entryId: entry.id }, 'FIPS audit callback failed');
+            }
+        }
+    }
+    /**
+     * Record a FIPS violation
+     */
+    async recordViolation(type, operation, reason, blocked) {
+        const violation = {
+            id: randomUUID(),
+            timestamp: new Date(),
+            type,
+            operation,
+            reason,
+            blocked,
+            stackTrace: new Error().stack,
+        };
+        this.violations.push(violation);
+        logger.warn({
+            violationId: violation.id,
+            type,
+            algorithm: operation.algorithm,
+            reason,
+            blocked,
+        }, 'FIPS violation detected');
+        if (this.config.alertOnViolations && this.config.alertCallback) {
+            try {
+                await this.config.alertCallback(violation);
+            }
+            catch (error) {
+                logger.error({ error, violationId: violation.id }, 'FIPS alert callback failed');
+            }
+        }
+    }
+    /**
+     * Validate and potentially block a crypto operation
+     */
+    async validateOperation(operation) {
+        if (!this.config.enabled) {
+            return; // FIPS mode disabled, allow all operations
+        }
+        const compliant = isFIPSCompliant(operation);
+        if (!compliant) {
+            let violationType = 'algorithm';
+            let reason = `Non-FIPS algorithm: ${operation.algorithm}`;
+            if (!validateAlgorithm(operation.algorithm)) {
+                violationType = 'algorithm';
+                reason = `Non-FIPS algorithm: ${operation.algorithm}`;
+            }
+            else if (operation.keyLength !== undefined &&
+                !validateKeyLength(operation.algorithm, operation.keyLength)) {
+                violationType = 'key_length';
+                reason = `Insufficient key length ${operation.keyLength} bits for ${operation.algorithm}`;
+            }
+            else if (operation.hashFunction !== undefined &&
+                !validateHash(operation.hashFunction)) {
+                violationType = 'hash';
+                reason = `Non-FIPS hash function: ${operation.hashFunction}`;
+            }
+            await this.recordViolation(violationType, operation, reason, this.config.strictMode);
+            if (this.config.strictMode) {
+                throw new FIPSError(`FIPS violation: ${reason}`, violationType === 'algorithm'
+                    ? FIPSErrorCode.NON_FIPS_ALGORITHM
+                    : violationType === 'key_length'
+                        ? FIPSErrorCode.INSUFFICIENT_KEY_LENGTH
+                        : FIPSErrorCode.NON_FIPS_HASH, { operation });
+            }
+        }
+    }
+    /**
+     * Create audit entry helper
+     */
+    createAuditEntry(operationType, algorithm, keyLength, success, fipsCompliant, durationMs, error) {
+        return {
+            id: randomUUID(),
+            timestamp: new Date(),
+            operationType,
+            algorithm,
+            keyLength,
+            success,
+            fipsCompliant,
+            durationMs,
+            error,
+        };
+    }
+    // ===========================================================================
+    // FIPS-Compliant Crypto Operations
+    // ===========================================================================
+    /**
+     * FIPS-compliant encryption
+     *
+     * Only allows FIPS 140-2 approved algorithms (AES-128, AES-256 in GCM, CBC, CTR modes)
+     *
+     * @param data - Data to encrypt
+     * @param key - Encryption key
+     * @param algorithm - FIPS-approved algorithm (default: aes-256-gcm)
+     * @returns Encrypted data with IV and auth tag
+     */
+    async fipsEncrypt(data, key, algorithm = 'aes-256-gcm') {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        const keyLengthBits = key.length * 8;
+        const operation = {
+            type: CryptoOperationType.ENCRYPT,
+            algorithm,
+            keyLength: keyLengthBits,
+        };
+        try {
+            await this.validateOperation(operation);
+            const isGCM = algorithm.includes('gcm');
+            const isCTR = algorithm.includes('ctr');
+            const ivLength = isGCM || isCTR ? 12 : 16;
+            const iv = crypto.randomBytes(ivLength);
+            let ciphertext;
+            let authTag;
+            if (isGCM) {
+                const cipherOptions = { authTagLength: 16 };
+                const cipher = crypto.createCipheriv(algorithm, key, iv, cipherOptions);
+                ciphertext = Buffer.concat([cipher.update(data), cipher.final()]);
+                authTag = cipher.getAuthTag();
+            }
+            else {
+                const cipher = crypto.createCipheriv(algorithm, key, iv);
+                ciphertext = Buffer.concat([cipher.update(data), cipher.final()]);
+            }
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.ENCRYPT, algorithm, keyLengthBits, true, true, durationMs));
+            return { ciphertext, iv, authTag };
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.ENCRYPT, algorithm, keyLengthBits, false, isFIPSCompliant(operation), durationMs, errorMessage));
+            if (error instanceof FIPSError) {
+                throw error;
+            }
+            throw new FIPSError(`FIPS encryption failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED, { algorithm });
+        }
+    }
+    /**
+     * FIPS-compliant decryption
+     *
+     * Only allows FIPS 140-2 approved algorithms
+     *
+     * @param ciphertext - Encrypted data
+     * @param key - Decryption key
+     * @param iv - Initialization vector
+     * @param algorithm - FIPS-approved algorithm (default: aes-256-gcm)
+     * @param authTag - Authentication tag (required for GCM mode)
+     * @returns Decrypted data
+     */
+    async fipsDecrypt(ciphertext, key, iv, algorithm = 'aes-256-gcm', authTag) {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        const keyLengthBits = key.length * 8;
+        const operation = {
+            type: CryptoOperationType.DECRYPT,
+            algorithm,
+            keyLength: keyLengthBits,
+        };
+        try {
+            await this.validateOperation(operation);
+            const isGCM = algorithm.includes('gcm');
+            let plaintext;
+            if (isGCM) {
+                if (!authTag) {
+                    throw new FIPSError('Authentication tag required for GCM mode', FIPSErrorCode.OPERATION_FAILED, { algorithm });
+                }
+                const decipherOptions = { authTagLength: 16 };
+                const decipher = crypto.createDecipheriv(algorithm, key, iv, decipherOptions);
+                decipher.setAuthTag(authTag);
+                plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+            }
+            else {
+                const decipher = crypto.createDecipheriv(algorithm, key, iv);
+                plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+            }
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.DECRYPT, algorithm, keyLengthBits, true, true, durationMs));
+            return plaintext;
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.DECRYPT, algorithm, keyLengthBits, false, isFIPSCompliant(operation), durationMs, errorMessage));
+            if (error instanceof FIPSError) {
+                throw error;
+            }
+            throw new FIPSError(`FIPS decryption failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED, { algorithm });
+        }
+    }
+    /**
+     * FIPS-compliant hashing
+     *
+     * Only allows SHA-2 family (SHA-256, SHA-384, SHA-512)
+     *
+     * @param data - Data to hash
+     * @param algorithm - FIPS-approved hash algorithm (default: sha256)
+     * @returns Hash digest
+     */
+    async fipsHash(data, algorithm = 'sha256') {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        const operation = {
+            type: CryptoOperationType.HASH,
+            algorithm,
+        };
+        try {
+            await this.validateOperation(operation);
+            const hash = crypto.createHash(algorithm);
+            hash.update(data);
+            const digest = hash.digest();
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.HASH, algorithm, undefined, true, true, durationMs));
+            return digest;
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.HASH, algorithm, undefined, false, isFIPSCompliant(operation), durationMs, errorMessage));
+            if (error instanceof FIPSError) {
+                throw error;
+            }
+            throw new FIPSError(`FIPS hash failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED, { algorithm });
+        }
+    }
+    /**
+     * FIPS-compliant HMAC
+     *
+     * Only allows HMAC-SHA256, HMAC-SHA384, HMAC-SHA512
+     *
+     * @param data - Data to authenticate
+     * @param key - HMAC key
+     * @param algorithm - Hash algorithm for HMAC (default: sha256)
+     * @returns HMAC digest
+     */
+    async fipsHmac(data, key, algorithm = 'sha256') {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        const keyLengthBits = key.length * 8;
+        const operation = {
+            type: CryptoOperationType.HMAC,
+            algorithm: `hmac-${algorithm}`,
+            keyLength: keyLengthBits,
+            hashFunction: algorithm,
+        };
+        try {
+            await this.validateOperation(operation);
+            const hmac = crypto.createHmac(algorithm, key);
+            hmac.update(data);
+            const digest = hmac.digest();
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.HMAC, `hmac-${algorithm}`, keyLengthBits, true, true, durationMs));
+            return digest;
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.HMAC, `hmac-${algorithm}`, keyLengthBits, false, isFIPSCompliant(operation), durationMs, errorMessage));
+            if (error instanceof FIPSError) {
+                throw error;
+            }
+            throw new FIPSError(`FIPS HMAC failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED, { algorithm });
+        }
+    }
+    /**
+     * FIPS-compliant digital signature
+     *
+     * Only allows RSA (2048+ bits) and ECDSA (P-256, P-384, P-521)
+     *
+     * @param data - Data to sign
+     * @param privateKey - Private key for signing
+     * @param algorithm - Signing algorithm (default: sha256)
+     * @returns Digital signature
+     */
+    async fipsSign(data, privateKey, algorithm = 'sha256') {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        // Determine key type and length
+        let keyType = 'rsa';
+        let keyLengthBits;
+        let curve;
+        if (typeof privateKey !== 'string') {
+            const keyDetails = privateKey.asymmetricKeyDetails;
+            if (keyDetails) {
+                if ('modulusLength' in keyDetails) {
+                    keyType = 'rsa';
+                    keyLengthBits = keyDetails.modulusLength;
+                }
+                else if ('namedCurve' in keyDetails) {
+                    keyType = 'ec';
+                    curve = keyDetails.namedCurve;
+                    // Map curve to key length
+                    if (curve === 'prime256v1' || curve === 'P-256')
+                        keyLengthBits = 256;
+                    else if (curve === 'secp384r1' || curve === 'P-384')
+                        keyLengthBits = 384;
+                    else if (curve === 'secp521r1' || curve === 'P-521')
+                        keyLengthBits = 521;
+                }
+            }
+        }
+        const operation = {
+            type: CryptoOperationType.SIGN,
+            algorithm: `${keyType}-${algorithm}`,
+            keyLength: keyLengthBits,
+            hashFunction: algorithm,
+            curve,
+        };
+        try {
+            await this.validateOperation(operation);
+            const sign = crypto.createSign(algorithm);
+            sign.update(data);
+            const signature = sign.sign(privateKey);
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.SIGN, `${keyType}-${algorithm}`, keyLengthBits, true, true, durationMs));
+            return signature;
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.SIGN, `${keyType}-${algorithm}`, keyLengthBits, false, isFIPSCompliant(operation), durationMs, errorMessage));
+            if (error instanceof FIPSError) {
+                throw error;
+            }
+            throw new FIPSError(`FIPS sign failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED, { algorithm });
+        }
+    }
+    /**
+     * FIPS-compliant signature verification
+     *
+     * @param data - Data that was signed
+     * @param signature - Signature to verify
+     * @param publicKey - Public key for verification
+     * @param algorithm - Hash algorithm used for signing (default: sha256)
+     * @returns true if signature is valid
+     */
+    async fipsVerify(data, signature, publicKey, algorithm = 'sha256') {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        let keyType = 'rsa';
+        let keyLengthBits;
+        if (typeof publicKey !== 'string') {
+            const keyDetails = publicKey.asymmetricKeyDetails;
+            if (keyDetails) {
+                if ('modulusLength' in keyDetails) {
+                    keyType = 'rsa';
+                    keyLengthBits = keyDetails.modulusLength;
+                }
+                else if ('namedCurve' in keyDetails) {
+                    keyType = 'ec';
+                }
+            }
+        }
+        const operation = {
+            type: CryptoOperationType.VERIFY,
+            algorithm: `${keyType}-${algorithm}`,
+            keyLength: keyLengthBits,
+            hashFunction: algorithm,
+        };
+        try {
+            await this.validateOperation(operation);
+            const verify = crypto.createVerify(algorithm);
+            verify.update(data);
+            const isValid = verify.verify(publicKey, signature);
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.VERIFY, `${keyType}-${algorithm}`, keyLengthBits, true, true, durationMs));
+            return isValid;
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.VERIFY, `${keyType}-${algorithm}`, keyLengthBits, false, isFIPSCompliant(operation), durationMs, errorMessage));
+            if (error instanceof FIPSError) {
+                throw error;
+            }
+            throw new FIPSError(`FIPS verify failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED, { algorithm });
+        }
+    }
+    /**
+     * FIPS-compliant random bytes generation
+     *
+     * Uses DRBG (Deterministic Random Bit Generator) compliant with SP 800-90A
+     *
+     * @param length - Number of bytes to generate
+     * @returns Random bytes
+     */
+    async fipsRandomBytes(length) {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        const operation = {
+            type: CryptoOperationType.RANDOM,
+            algorithm: 'drbg',
+            context: { length },
+        };
+        try {
+            // Node.js uses OpenSSL's DRBG which is FIPS compliant
+            const bytes = crypto.randomBytes(length);
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.RANDOM, 'drbg', undefined, true, true, durationMs));
+            return bytes;
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.RANDOM, 'drbg', undefined, false, true, durationMs, errorMessage));
+            throw new FIPSError(`FIPS random generation failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED);
+        }
+    }
+    /**
+     * FIPS-compliant key derivation using PBKDF2
+     *
+     * @param password - Password to derive key from
+     * @param salt - Salt value
+     * @param iterations - Number of iterations (minimum 1000)
+     * @param keyLength - Desired key length in bytes
+     * @param digest - Hash algorithm (default: sha256)
+     * @returns Derived key
+     */
+    async fipsPBKDF2(password, salt, iterations, keyLength, digest = 'sha256') {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        const operation = {
+            type: CryptoOperationType.KEY_DERIVE,
+            algorithm: 'pbkdf2',
+            keyLength: keyLength * 8,
+            hashFunction: digest,
+        };
+        try {
+            await this.validateOperation(operation);
+            // NIST SP 800-132 recommends at least 1000 iterations
+            if (iterations < 1000) {
+                throw new FIPSError('PBKDF2 iterations must be at least 1000 for FIPS compliance', FIPSErrorCode.INVALID_CONFIG, { iterations });
+            }
+            const derivedKey = await new Promise((resolve, reject) => {
+                crypto.pbkdf2(password, salt, iterations, keyLength, digest, (err, key) => {
+                    if (err)
+                        reject(err);
+                    else
+                        resolve(key);
+                });
+            });
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.KEY_DERIVE, 'pbkdf2', keyLength * 8, true, true, durationMs));
+            return derivedKey;
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.KEY_DERIVE, 'pbkdf2', keyLength * 8, false, isFIPSCompliant(operation), durationMs, errorMessage));
+            if (error instanceof FIPSError) {
+                throw error;
+            }
+            throw new FIPSError(`FIPS PBKDF2 failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED, { digest });
+        }
+    }
+    /**
+     * FIPS-compliant key derivation using HKDF
+     *
+     * @param ikm - Input keying material
+     * @param salt - Salt value
+     * @param info - Context and application specific information
+     * @param keyLength - Desired key length in bytes
+     * @param digest - Hash algorithm (default: sha256)
+     * @returns Derived key
+     */
+    async fipsHKDF(ikm, salt, info, keyLength, digest = 'sha256') {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        const operation = {
+            type: CryptoOperationType.KEY_DERIVE,
+            algorithm: 'hkdf',
+            keyLength: keyLength * 8,
+            hashFunction: digest,
+        };
+        try {
+            await this.validateOperation(operation);
+            const derivedKey = await new Promise((resolve, reject) => {
+                crypto.hkdf(digest, ikm, salt, info, keyLength, (err, key) => {
+                    if (err)
+                        reject(err);
+                    else
+                        resolve(Buffer.from(key));
+                });
+            });
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.KEY_DERIVE, 'hkdf', keyLength * 8, true, true, durationMs));
+            return derivedKey;
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.KEY_DERIVE, 'hkdf', keyLength * 8, false, isFIPSCompliant(operation), durationMs, errorMessage));
+            if (error instanceof FIPSError) {
+                throw error;
+            }
+            throw new FIPSError(`FIPS HKDF failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED, { digest });
+        }
+    }
+    /**
+     * Generate FIPS-compliant key pair
+     *
+     * @param type - Key type ('rsa' or 'ec')
+     * @param options - Key generation options
+     * @returns Key pair
+     */
+    async fipsGenerateKeyPair(type, options = {}) {
+        this.ensureInitialized();
+        const startTime = performance.now();
+        let keyLengthBits;
+        let curve;
+        if (type === 'rsa') {
+            keyLengthBits = options.modulusLength ?? 2048;
+            if (keyLengthBits < 2048) {
+                throw new FIPSError(`RSA key length must be at least 2048 bits for FIPS compliance`, FIPSErrorCode.INSUFFICIENT_KEY_LENGTH, { keyLength: keyLengthBits });
+            }
+        }
+        else {
+            curve = options.namedCurve ?? 'prime256v1';
+            const validCurves = Object.values(FIPS_ECDSA_CURVES);
+            const curveNames = Object.keys(FIPS_ECDSA_CURVES);
+            if (!validCurves.includes(curve) && !curveNames.includes(curve)) {
+                throw new FIPSError(`ECDSA curve must be P-256, P-384, or P-521 for FIPS compliance`, FIPSErrorCode.NON_FIPS_ALGORITHM, { curve });
+            }
+            // Map curve to key length
+            if (curve === 'prime256v1' || curve === 'P-256')
+                keyLengthBits = 256;
+            else if (curve === 'secp384r1' || curve === 'P-384')
+                keyLengthBits = 384;
+            else if (curve === 'secp521r1' || curve === 'P-521')
+                keyLengthBits = 521;
+        }
+        const operation = {
+            type: CryptoOperationType.KEY_GENERATE,
+            algorithm: type,
+            keyLength: keyLengthBits,
+            curve,
+        };
+        try {
+            await this.validateOperation(operation);
+            const keyPair = await new Promise((resolve, reject) => {
+                if (type === 'rsa') {
+                    crypto.generateKeyPair('rsa', {
+                        modulusLength: keyLengthBits,
+                        publicExponent: 65537,
+                    }, (err, publicKey, privateKey) => {
+                        if (err)
+                            reject(err);
+                        else
+                            resolve({ publicKey, privateKey });
+                    });
+                }
+                else {
+                    crypto.generateKeyPair('ec', {
+                        namedCurve: curve,
+                    }, (err, publicKey, privateKey) => {
+                        if (err)
+                            reject(err);
+                        else
+                            resolve({ publicKey, privateKey });
+                    });
+                }
+            });
+            const durationMs = performance.now() - startTime;
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.KEY_GENERATE, type, keyLengthBits, true, true, durationMs));
+            return keyPair;
+        }
+        catch (error) {
+            const durationMs = performance.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            await this.emitAudit(this.createAuditEntry(CryptoOperationType.KEY_GENERATE, type, keyLengthBits, false, isFIPSCompliant(operation), durationMs, errorMessage));
+            if (error instanceof FIPSError) {
+                throw error;
+            }
+            throw new FIPSError(`FIPS key generation failed: ${errorMessage}`, FIPSErrorCode.OPERATION_FAILED, { type, options });
+        }
+    }
+    // ===========================================================================
+    // Certificate Validation
+    // ===========================================================================
+    /**
+     * Validate certificate for FIPS compliance
+     *
+     * @param cert - X.509 certificate (PEM format or X509Certificate object)
+     * @param options - Validation options
+     * @returns Validation result
+     */
+    validateCertificate(cert, options = DEFAULT_CERT_VALIDATION_OPTIONS) {
+        const errors = [];
+        const warnings = [];
+        try {
+            const x509 = typeof cert === 'string' ? new crypto.X509Certificate(cert) : cert;
+            // Get public key details
+            const publicKey = x509.publicKey;
+            const keyDetails = publicKey.asymmetricKeyDetails;
+            if (keyDetails) {
+                // Check RSA key size
+                if ('modulusLength' in keyDetails) {
+                    const keySize = keyDetails.modulusLength;
+                    if (keySize !== undefined && keySize < options.minRSAKeySize) {
+                        errors.push(`RSA key size ${keySize} bits is below minimum ${options.minRSAKeySize} bits`);
+                    }
+                }
+                // Check ECDSA curve
+                if ('namedCurve' in keyDetails) {
+                    const curve = keyDetails.namedCurve;
+                    const curveStrengths = {
+                        'prime256v1': 256,
+                        'P-256': 256,
+                        'secp384r1': 384,
+                        'P-384': 384,
+                        'secp521r1': 521,
+                        'P-521': 521,
+                    };
+                    const minCurveStrengths = {
+                        'P-256': 256,
+                        'P-384': 384,
+                        'P-521': 521,
+                    };
+                    const curveStrength = curveStrengths[curve ?? ''] ?? 0;
+                    const minStrength = minCurveStrengths[options.minECDSACurve] ?? 256;
+                    if (curveStrength < minStrength) {
+                        errors.push(`ECDSA curve ${curve} is weaker than minimum ${options.minECDSACurve}`);
+                    }
+                    // Check for non-FIPS curves
+                    if (!curveStrengths[curve ?? '']) {
+                        errors.push(`ECDSA curve ${curve} is not FIPS approved`);
+                    }
+                }
+            }
+            // Check signature algorithm
+            // Note: X509Certificate doesn't expose signatureAlgorithm directly,
+            // we check the raw certificate string or fingerprint algorithm
+            const certString = x509.toString();
+            if (certString.includes('sha1WithRSAEncryption') ||
+                certString.includes('SHA1') ||
+                certString.includes('sha1')) {
+                errors.push('Certificate uses SHA-1 signature algorithm which is not FIPS approved');
+            }
+            if (certString.includes('md5WithRSAEncryption') ||
+                certString.includes('MD5') ||
+                certString.includes('md5')) {
+                errors.push('Certificate uses MD5 signature algorithm which is not FIPS approved');
+            }
+            // Check validity dates
+            const now = new Date();
+            const notBefore = new Date(x509.validFrom);
+            const notAfter = new Date(x509.validTo);
+            if (now < notBefore) {
+                errors.push('Certificate is not yet valid');
+            }
+            if (now > notAfter) {
+                errors.push('Certificate has expired');
+            }
+            // Check for short validity period (warning only)
+            const validityDays = (notAfter.getTime() - notBefore.getTime()) / (1000 * 60 * 60 * 24);
+            if (validityDays > 825) {
+                // Apple/browser requirements
+                warnings.push(`Certificate validity period (${Math.floor(validityDays)} days) exceeds recommended maximum of 825 days`);
+            }
+        }
+        catch (error) {
+            errors.push(`Certificate parsing failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+        return {
+            valid: errors.length === 0,
+            errors,
+            warnings,
+        };
+    }
+    /**
+     * Shutdown the provider
+     */
+    async shutdown() {
+        logger.info('Shutting down FIPSCryptoProvider');
+        this.initialized = false;
+        this.violations.length = 0;
+        logger.info('FIPSCryptoProvider shutdown complete');
+    }
+}
+// =============================================================================
+// Global FIPS Mode
+// =============================================================================
+let globalFIPSMode = process.env['VORION_FIPS_MODE'] === 'true';
+let defaultProvider = null;
+/**
+ * Enable global FIPS mode
+ */
+export function enableFIPSMode() {
+    globalFIPSMode = true;
+    logger.info('Global FIPS mode enabled');
+}
+/**
+ * Disable global FIPS mode
+ */
+export function disableFIPSMode() {
+    globalFIPSMode = false;
+    logger.info('Global FIPS mode disabled');
+}
+/**
+ * Check if global FIPS mode is enabled
+ */
+export function isFIPSModeEnabled() {
+    return globalFIPSMode;
+}
+/**
+ * Get the default FIPS crypto provider
+ */
+export function getFIPSCryptoProvider() {
+    if (!defaultProvider) {
+        defaultProvider = new FIPSCryptoProvider({
+            enabled: globalFIPSMode,
+        });
+    }
+    return defaultProvider;
+}
+/**
+ * Set a custom FIPS crypto provider as the default
+ */
+export function setFIPSCryptoProvider(provider) {
+    defaultProvider = provider;
+}
+/**
+ * Reset the default FIPS crypto provider (for testing)
+ */
+export async function resetFIPSCryptoProvider() {
+    if (defaultProvider) {
+        await defaultProvider.shutdown();
+        defaultProvider = null;
+    }
+}
+// =============================================================================
+// Convenience Functions
+// =============================================================================
+/**
+ * FIPS-compliant encrypt using default provider
+ */
+export async function fipsEncrypt(data, key, algorithm = 'aes-256-gcm') {
+    const provider = getFIPSCryptoProvider();
+    if (!provider['initialized']) {
+        await provider.initialize();
+    }
+    return provider.fipsEncrypt(data, key, algorithm);
+}
+/**
+ * FIPS-compliant decrypt using default provider
+ */
+export async function fipsDecrypt(ciphertext, key, iv, algorithm = 'aes-256-gcm', authTag) {
+    const provider = getFIPSCryptoProvider();
+    if (!provider['initialized']) {
+        await provider.initialize();
+    }
+    return provider.fipsDecrypt(ciphertext, key, iv, algorithm, authTag);
+}
+/**
+ * FIPS-compliant hash using default provider
+ */
+export async function fipsHash(data, algorithm = 'sha256') {
+    const provider = getFIPSCryptoProvider();
+    if (!provider['initialized']) {
+        await provider.initialize();
+    }
+    return provider.fipsHash(data, algorithm);
+}
+/**
+ * FIPS-compliant sign using default provider
+ */
+export async function fipsSign(data, privateKey, algorithm = 'sha256') {
+    const provider = getFIPSCryptoProvider();
+    if (!provider['initialized']) {
+        await provider.initialize();
+    }
+    return provider.fipsSign(data, privateKey, algorithm);
+}
+/**
+ * FIPS-compliant random bytes using default provider
+ */
+export async function fipsRandomBytes(length) {
+    const provider = getFIPSCryptoProvider();
+    if (!provider['initialized']) {
+        await provider.initialize();
+    }
+    return provider.fipsRandomBytes(length);
+}
+// =============================================================================
+// Factory Functions
+// =============================================================================
+/**
+ * Create a new FIPSCryptoProvider instance
+ */
+export function createFIPSCryptoProvider(config) {
+    return new FIPSCryptoProvider(config);
+}
+/**
+ * Create FIPSCryptoProvider from environment variables
+ */
+export function createFIPSCryptoProviderFromEnv() {
+    return new FIPSCryptoProvider({
+        enabled: process.env['VORION_FIPS_MODE'] === 'true',
+        strictMode: process.env['VORION_FIPS_STRICT'] !== 'false',
+        auditAllCryptoOperations: process.env['VORION_FIPS_AUDIT'] !== 'false',
+        alertOnViolations: process.env['VORION_FIPS_ALERT'] !== 'false',
+    });
+}
+//# sourceMappingURL=fips-mode.js.map