npm - @vorionsys/security - Versions diffs - 1.0.0 - Mend

@vorionsys/security 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1843) hide show

package/LICENSE +190 -0
package/README.md +85 -0
package/dist/aci-extensions/aci-string-extensions.d.ts +334 -0
package/dist/aci-extensions/aci-string-extensions.d.ts.map +1 -0
package/dist/aci-extensions/aci-string-extensions.js +435 -0
package/dist/aci-extensions/aci-string-extensions.js.map +1 -0
package/dist/aci-extensions/builtin-extensions/audit.d.ts +88 -0
package/dist/aci-extensions/builtin-extensions/audit.d.ts.map +1 -0
package/dist/aci-extensions/builtin-extensions/audit.js +444 -0
package/dist/aci-extensions/builtin-extensions/audit.js.map +1 -0
package/dist/aci-extensions/builtin-extensions/governance.d.ts +32 -0
package/dist/aci-extensions/builtin-extensions/governance.d.ts.map +1 -0
package/dist/aci-extensions/builtin-extensions/governance.js +533 -0
package/dist/aci-extensions/builtin-extensions/governance.js.map +1 -0
package/dist/aci-extensions/builtin-extensions/monitoring.d.ts +43 -0
package/dist/aci-extensions/builtin-extensions/monitoring.d.ts.map +1 -0
package/dist/aci-extensions/builtin-extensions/monitoring.js +416 -0
package/dist/aci-extensions/builtin-extensions/monitoring.js.map +1 -0
package/dist/aci-extensions/executor.d.ts +208 -0
package/dist/aci-extensions/executor.d.ts.map +1 -0
package/dist/aci-extensions/executor.js +789 -0
package/dist/aci-extensions/executor.js.map +1 -0
package/dist/aci-extensions/index.d.ts +6 -0
package/dist/aci-extensions/index.d.ts.map +1 -0
package/dist/aci-extensions/index.js +6 -0
package/dist/aci-extensions/index.js.map +1 -0
package/dist/aci-extensions/registry.d.ts +217 -0
package/dist/aci-extensions/registry.d.ts.map +1 -0
package/dist/aci-extensions/registry.js +443 -0
package/dist/aci-extensions/registry.js.map +1 -0
package/dist/aci-extensions/service.d.ts +220 -0
package/dist/aci-extensions/service.d.ts.map +1 -0
package/dist/aci-extensions/service.js +484 -0
package/dist/aci-extensions/service.js.map +1 -0
package/dist/aci-extensions/types.d.ts +2265 -0
package/dist/aci-extensions/types.d.ts.map +1 -0
package/dist/aci-extensions/types.js +389 -0
package/dist/aci-extensions/types.js.map +1 -0
package/dist/api/auth.d.ts +55 -0
package/dist/api/auth.d.ts.map +1 -0
package/dist/api/auth.js +306 -0
package/dist/api/auth.js.map +1 -0
package/dist/api/errors.d.ts +146 -0
package/dist/api/errors.d.ts.map +1 -0
package/dist/api/errors.js +464 -0
package/dist/api/errors.js.map +1 -0
package/dist/api/index.d.ts +16 -0
package/dist/api/index.d.ts.map +1 -0
package/dist/api/index.js +19 -0
package/dist/api/index.js.map +1 -0
package/dist/api/middleware/api-key-enforcement.d.ts +131 -0
package/dist/api/middleware/api-key-enforcement.d.ts.map +1 -0
package/dist/api/middleware/api-key-enforcement.js +674 -0
package/dist/api/middleware/api-key-enforcement.js.map +1 -0
package/dist/api/middleware/audit.d.ts +151 -0
package/dist/api/middleware/audit.d.ts.map +1 -0
package/dist/api/middleware/audit.js +384 -0
package/dist/api/middleware/audit.js.map +1 -0
package/dist/api/middleware/dpop-enforcement.d.ts +176 -0
package/dist/api/middleware/dpop-enforcement.d.ts.map +1 -0
package/dist/api/middleware/dpop-enforcement.js +596 -0
package/dist/api/middleware/dpop-enforcement.js.map +1 -0
package/dist/api/middleware/index.d.ts +23 -0
package/dist/api/middleware/index.d.ts.map +1 -0
package/dist/api/middleware/index.js +41 -0
package/dist/api/middleware/index.js.map +1 -0
package/dist/api/middleware/metrics.d.ts +41 -0
package/dist/api/middleware/metrics.d.ts.map +1 -0
package/dist/api/middleware/metrics.js +150 -0
package/dist/api/middleware/metrics.js.map +1 -0
package/dist/api/middleware/rate-limits.d.ts +224 -0
package/dist/api/middleware/rate-limits.d.ts.map +1 -0
package/dist/api/middleware/rate-limits.js +686 -0
package/dist/api/middleware/rate-limits.js.map +1 -0
package/dist/api/middleware/rateLimit.d.ts +165 -0
package/dist/api/middleware/rateLimit.d.ts.map +1 -0
package/dist/api/middleware/rateLimit.js +477 -0
package/dist/api/middleware/rateLimit.js.map +1 -0
package/dist/api/middleware/redis-rate-limiter.d.ts +279 -0
package/dist/api/middleware/redis-rate-limiter.d.ts.map +1 -0
package/dist/api/middleware/redis-rate-limiter.js +1074 -0
package/dist/api/middleware/redis-rate-limiter.js.map +1 -0
package/dist/api/middleware/security.d.ts +156 -0
package/dist/api/middleware/security.d.ts.map +1 -0
package/dist/api/middleware/security.js +412 -0
package/dist/api/middleware/security.js.map +1 -0
package/dist/api/middleware/validation.d.ts +132 -0
package/dist/api/middleware/validation.d.ts.map +1 -0
package/dist/api/middleware/validation.js +363 -0
package/dist/api/middleware/validation.js.map +1 -0
package/dist/api/middleware/webhook-verify.d.ts +130 -0
package/dist/api/middleware/webhook-verify.d.ts.map +1 -0
package/dist/api/middleware/webhook-verify.js +366 -0
package/dist/api/middleware/webhook-verify.js.map +1 -0
package/dist/api/rate-limit.d.ts +115 -0
package/dist/api/rate-limit.d.ts.map +1 -0
package/dist/api/rate-limit.js +335 -0
package/dist/api/rate-limit.js.map +1 -0
package/dist/api/routes/extensions.d.ts +40 -0
package/dist/api/routes/extensions.d.ts.map +1 -0
package/dist/api/routes/extensions.js +434 -0
package/dist/api/routes/extensions.js.map +1 -0
package/dist/api/routes/mfa.d.ts +44 -0
package/dist/api/routes/mfa.d.ts.map +1 -0
package/dist/api/routes/mfa.js +270 -0
package/dist/api/routes/mfa.js.map +1 -0
package/dist/api/server.d.ts +37 -0
package/dist/api/server.d.ts.map +1 -0
package/dist/api/server.js +1967 -0
package/dist/api/server.js.map +1 -0
package/dist/api/v1/admin.d.ts +11 -0
package/dist/api/v1/admin.d.ts.map +1 -0
package/dist/api/v1/admin.js +207 -0
package/dist/api/v1/admin.js.map +1 -0
package/dist/api/v1/audit.d.ts +14 -0
package/dist/api/v1/audit.d.ts.map +1 -0
package/dist/api/v1/audit.js +376 -0
package/dist/api/v1/audit.js.map +1 -0
package/dist/api/v1/auth.d.ts +17 -0
package/dist/api/v1/auth.d.ts.map +1 -0
package/dist/api/v1/auth.js +637 -0
package/dist/api/v1/auth.js.map +1 -0
package/dist/api/v1/compliance.d.ts +62 -0
package/dist/api/v1/compliance.d.ts.map +1 -0
package/dist/api/v1/compliance.js +858 -0
package/dist/api/v1/compliance.js.map +1 -0
package/dist/api/v1/constraints.d.ts +11 -0
package/dist/api/v1/constraints.d.ts.map +1 -0
package/dist/api/v1/constraints.js +71 -0
package/dist/api/v1/constraints.js.map +1 -0
package/dist/api/v1/dashboard.d.ts +224 -0
package/dist/api/v1/dashboard.d.ts.map +1 -0
package/dist/api/v1/dashboard.js +833 -0
package/dist/api/v1/dashboard.js.map +1 -0
package/dist/api/v1/docs.d.ts +11 -0
package/dist/api/v1/docs.d.ts.map +1 -0
package/dist/api/v1/docs.js +95 -0
package/dist/api/v1/docs.js.map +1 -0
package/dist/api/v1/escalations.d.ts +11 -0
package/dist/api/v1/escalations.d.ts.map +1 -0
package/dist/api/v1/escalations.js +857 -0
package/dist/api/v1/escalations.js.map +1 -0
package/dist/api/v1/gdpr.d.ts +11 -0
package/dist/api/v1/gdpr.d.ts.map +1 -0
package/dist/api/v1/gdpr.js +220 -0
package/dist/api/v1/gdpr.js.map +1 -0
package/dist/api/v1/health.d.ts +22 -0
package/dist/api/v1/health.d.ts.map +1 -0
package/dist/api/v1/health.js +512 -0
package/dist/api/v1/health.js.map +1 -0
package/dist/api/v1/index.d.ts +22 -0
package/dist/api/v1/index.d.ts.map +1 -0
package/dist/api/v1/index.js +81 -0
package/dist/api/v1/index.js.map +1 -0
package/dist/api/v1/intents.d.ts +11 -0
package/dist/api/v1/intents.d.ts.map +1 -0
package/dist/api/v1/intents.js +239 -0
package/dist/api/v1/intents.js.map +1 -0
package/dist/api/v1/operations.d.ts +21 -0
package/dist/api/v1/operations.d.ts.map +1 -0
package/dist/api/v1/operations.js +140 -0
package/dist/api/v1/operations.js.map +1 -0
package/dist/api/v1/policies.d.ts +11 -0
package/dist/api/v1/policies.d.ts.map +1 -0
package/dist/api/v1/policies.js +763 -0
package/dist/api/v1/policies.js.map +1 -0
package/dist/api/v1/proofs.d.ts +13 -0
package/dist/api/v1/proofs.d.ts.map +1 -0
package/dist/api/v1/proofs.js +239 -0
package/dist/api/v1/proofs.js.map +1 -0
package/dist/api/v1/security-dashboard.d.ts +1090 -0
package/dist/api/v1/security-dashboard.d.ts.map +1 -0
package/dist/api/v1/security-dashboard.js +755 -0
package/dist/api/v1/security-dashboard.js.map +1 -0
package/dist/api/v1/service-accounts.d.ts +16 -0
package/dist/api/v1/service-accounts.d.ts.map +1 -0
package/dist/api/v1/service-accounts.js +563 -0
package/dist/api/v1/service-accounts.js.map +1 -0
package/dist/api/v1/sessions.d.ts +36 -0
package/dist/api/v1/sessions.d.ts.map +1 -0
package/dist/api/v1/sessions.js +333 -0
package/dist/api/v1/sessions.js.map +1 -0
package/dist/api/v1/trust.d.ts +14 -0
package/dist/api/v1/trust.d.ts.map +1 -0
package/dist/api/v1/trust.js +578 -0
package/dist/api/v1/trust.js.map +1 -0
package/dist/api/v1/webhooks.d.ts +11 -0
package/dist/api/v1/webhooks.d.ts.map +1 -0
package/dist/api/v1/webhooks.js +250 -0
package/dist/api/v1/webhooks.js.map +1 -0
package/dist/api/v2/trust.d.ts +20 -0
package/dist/api/v2/trust.d.ts.map +1 -0
package/dist/api/v2/trust.js +362 -0
package/dist/api/v2/trust.js.map +1 -0
package/dist/api/validation.d.ts +243 -0
package/dist/api/validation.d.ts.map +1 -0
package/dist/api/validation.js +247 -0
package/dist/api/validation.js.map +1 -0
package/dist/api/versioning/backward-compat.d.ts +28 -0
package/dist/api/versioning/backward-compat.d.ts.map +1 -0
package/dist/api/versioning/backward-compat.js +161 -0
package/dist/api/versioning/backward-compat.js.map +1 -0
package/dist/api/versioning/index.d.ts +112 -0
package/dist/api/versioning/index.d.ts.map +1 -0
package/dist/api/versioning/index.js +199 -0
package/dist/api/versioning/index.js.map +1 -0
package/dist/audit/compliance-reporter.d.ts +271 -0
package/dist/audit/compliance-reporter.d.ts.map +1 -0
package/dist/audit/compliance-reporter.js +587 -0
package/dist/audit/compliance-reporter.js.map +1 -0
package/dist/audit/db-store.d.ts +689 -0
package/dist/audit/db-store.d.ts.map +1 -0
package/dist/audit/db-store.js +589 -0
package/dist/audit/db-store.js.map +1 -0
package/dist/audit/event-schema.d.ts +605 -0
package/dist/audit/event-schema.d.ts.map +1 -0
package/dist/audit/event-schema.js +566 -0
package/dist/audit/event-schema.js.map +1 -0
package/dist/audit/index.d.ts +16 -0
package/dist/audit/index.d.ts.map +1 -0
package/dist/audit/index.js +44 -0
package/dist/audit/index.js.map +1 -0
package/dist/audit/security-events.d.ts +1624 -0
package/dist/audit/security-events.d.ts.map +1 -0
package/dist/audit/security-events.js +775 -0
package/dist/audit/security-events.js.map +1 -0
package/dist/audit/security-logger.d.ts +288 -0
package/dist/audit/security-logger.d.ts.map +1 -0
package/dist/audit/security-logger.js +820 -0
package/dist/audit/security-logger.js.map +1 -0
package/dist/audit/service.d.ts +206 -0
package/dist/audit/service.d.ts.map +1 -0
package/dist/audit/service.js +756 -0
package/dist/audit/service.js.map +1 -0
package/dist/audit/siem/elastic.d.ts +94 -0
package/dist/audit/siem/elastic.d.ts.map +1 -0
package/dist/audit/siem/elastic.js +411 -0
package/dist/audit/siem/elastic.js.map +1 -0
package/dist/audit/siem/index.d.ts +179 -0
package/dist/audit/siem/index.d.ts.map +1 -0
package/dist/audit/siem/index.js +368 -0
package/dist/audit/siem/index.js.map +1 -0
package/dist/audit/siem/loki.d.ts +100 -0
package/dist/audit/siem/loki.d.ts.map +1 -0
package/dist/audit/siem/loki.js +405 -0
package/dist/audit/siem/loki.js.map +1 -0
package/dist/audit/siem/splunk.d.ts +91 -0
package/dist/audit/siem/splunk.d.ts.map +1 -0
package/dist/audit/siem/splunk.js +374 -0
package/dist/audit/siem/splunk.js.map +1 -0
package/dist/audit/siem/types.d.ts +547 -0
package/dist/audit/siem/types.d.ts.map +1 -0
package/dist/audit/siem/types.js +270 -0
package/dist/audit/siem/types.js.map +1 -0
package/dist/audit/types.d.ts +405 -0
package/dist/audit/types.d.ts.map +1 -0
package/dist/audit/types.js +121 -0
package/dist/audit/types.js.map +1 -0
package/dist/auth/mfa/index.d.ts +66 -0
package/dist/auth/mfa/index.d.ts.map +1 -0
package/dist/auth/mfa/index.js +15 -0
package/dist/auth/mfa/index.js.map +1 -0
package/dist/auth/mfa/totp.d.ts +221 -0
package/dist/auth/mfa/totp.d.ts.map +1 -0
package/dist/auth/mfa/totp.js +324 -0
package/dist/auth/mfa/totp.js.map +1 -0
package/dist/auth/mfa/webauthn.d.ts +224 -0
package/dist/auth/mfa/webauthn.d.ts.map +1 -0
package/dist/auth/mfa/webauthn.js +409 -0
package/dist/auth/mfa/webauthn.js.map +1 -0
package/dist/auth/sso/index.d.ts +247 -0
package/dist/auth/sso/index.d.ts.map +1 -0
package/dist/auth/sso/index.js +763 -0
package/dist/auth/sso/index.js.map +1 -0
package/dist/auth/sso/oidc-provider.d.ts +146 -0
package/dist/auth/sso/oidc-provider.d.ts.map +1 -0
package/dist/auth/sso/oidc-provider.js +589 -0
package/dist/auth/sso/oidc-provider.js.map +1 -0
package/dist/auth/sso/types.d.ts +488 -0
package/dist/auth/sso/types.d.ts.map +1 -0
package/dist/auth/sso/types.js +73 -0
package/dist/auth/sso/types.js.map +1 -0
package/dist/basis/evaluator.d.ts +70 -0
package/dist/basis/evaluator.d.ts.map +1 -0
package/dist/basis/evaluator.js +269 -0
package/dist/basis/evaluator.js.map +1 -0
package/dist/basis/expression-evaluator.d.ts +77 -0
package/dist/basis/expression-evaluator.d.ts.map +1 -0
package/dist/basis/expression-evaluator.js +826 -0
package/dist/basis/expression-evaluator.js.map +1 -0
package/dist/basis/index.d.ts +13 -0
package/dist/basis/index.d.ts.map +1 -0
package/dist/basis/index.js +13 -0
package/dist/basis/index.js.map +1 -0
package/dist/basis/parser.d.ts +376 -0
package/dist/basis/parser.d.ts.map +1 -0
package/dist/basis/parser.js +174 -0
package/dist/basis/parser.js.map +1 -0
package/dist/basis/types.d.ts +115 -0
package/dist/basis/types.d.ts.map +1 -0
package/dist/basis/types.js +5 -0
package/dist/basis/types.js.map +1 -0
package/dist/car-extensions/builtin-extensions/audit.d.ts +88 -0
package/dist/car-extensions/builtin-extensions/audit.d.ts.map +1 -0
package/dist/car-extensions/builtin-extensions/audit.js +444 -0
package/dist/car-extensions/builtin-extensions/audit.js.map +1 -0
package/dist/car-extensions/builtin-extensions/governance.d.ts +32 -0
package/dist/car-extensions/builtin-extensions/governance.d.ts.map +1 -0
package/dist/car-extensions/builtin-extensions/governance.js +533 -0
package/dist/car-extensions/builtin-extensions/governance.js.map +1 -0
package/dist/car-extensions/builtin-extensions/monitoring.d.ts +43 -0
package/dist/car-extensions/builtin-extensions/monitoring.d.ts.map +1 -0
package/dist/car-extensions/builtin-extensions/monitoring.js +416 -0
package/dist/car-extensions/builtin-extensions/monitoring.js.map +1 -0
package/dist/car-extensions/car-string-extensions.d.ts +334 -0
package/dist/car-extensions/car-string-extensions.d.ts.map +1 -0
package/dist/car-extensions/car-string-extensions.js +435 -0
package/dist/car-extensions/car-string-extensions.js.map +1 -0
package/dist/car-extensions/executor.d.ts +208 -0
package/dist/car-extensions/executor.d.ts.map +1 -0
package/dist/car-extensions/executor.js +789 -0
package/dist/car-extensions/executor.js.map +1 -0
package/dist/car-extensions/index.d.ts +94 -0
package/dist/car-extensions/index.d.ts.map +1 -0
package/dist/car-extensions/index.js +157 -0
package/dist/car-extensions/index.js.map +1 -0
package/dist/car-extensions/registry.d.ts +217 -0
package/dist/car-extensions/registry.d.ts.map +1 -0
package/dist/car-extensions/registry.js +443 -0
package/dist/car-extensions/registry.js.map +1 -0
package/dist/car-extensions/service.d.ts +220 -0
package/dist/car-extensions/service.d.ts.map +1 -0
package/dist/car-extensions/service.js +484 -0
package/dist/car-extensions/service.js.map +1 -0
package/dist/car-extensions/types.d.ts +2265 -0
package/dist/car-extensions/types.d.ts.map +1 -0
package/dist/car-extensions/types.js +389 -0
package/dist/car-extensions/types.js.map +1 -0
package/dist/cognigate/index.d.ts +139 -0
package/dist/cognigate/index.d.ts.map +1 -0
package/dist/cognigate/index.js +404 -0
package/dist/cognigate/index.js.map +1 -0
package/dist/cognigate/lua-scripts.d.ts +96 -0
package/dist/cognigate/lua-scripts.d.ts.map +1 -0
package/dist/cognigate/lua-scripts.js +264 -0
package/dist/cognigate/lua-scripts.js.map +1 -0
package/dist/cognigate/metrics.d.ts +112 -0
package/dist/cognigate/metrics.d.ts.map +1 -0
package/dist/cognigate/metrics.js +229 -0
package/dist/cognigate/metrics.js.map +1 -0
package/dist/cognigate/output-integration.d.ts +86 -0
package/dist/cognigate/output-integration.d.ts.map +1 -0
package/dist/cognigate/output-integration.js +184 -0
package/dist/cognigate/output-integration.js.map +1 -0
package/dist/cognigate/resource-interceptors.d.ts +77 -0
package/dist/cognigate/resource-interceptors.d.ts.map +1 -0
package/dist/cognigate/resource-interceptors.js +143 -0
package/dist/cognigate/resource-interceptors.js.map +1 -0
package/dist/cognigate/resource-state-provider.d.ts +103 -0
package/dist/cognigate/resource-state-provider.d.ts.map +1 -0
package/dist/cognigate/resource-state-provider.js +195 -0
package/dist/cognigate/resource-state-provider.js.map +1 -0
package/dist/cognigate/resource-tracker.d.ts +85 -0
package/dist/cognigate/resource-tracker.d.ts.map +1 -0
package/dist/cognigate/resource-tracker.js +216 -0
package/dist/cognigate/resource-tracker.js.map +1 -0
package/dist/cognigate/types.d.ts +199 -0
package/dist/cognigate/types.d.ts.map +1 -0
package/dist/cognigate/types.js +11 -0
package/dist/cognigate/types.js.map +1 -0
package/dist/common/adapters/index.d.ts +34 -0
package/dist/common/adapters/index.d.ts.map +1 -0
package/dist/common/adapters/index.js +46 -0
package/dist/common/adapters/index.js.map +1 -0
package/dist/common/adapters/memory-cache.d.ts +91 -0
package/dist/common/adapters/memory-cache.d.ts.map +1 -0
package/dist/common/adapters/memory-cache.js +201 -0
package/dist/common/adapters/memory-cache.js.map +1 -0
package/dist/common/adapters/memory-lock.d.ts +75 -0
package/dist/common/adapters/memory-lock.d.ts.map +1 -0
package/dist/common/adapters/memory-lock.js +219 -0
package/dist/common/adapters/memory-lock.js.map +1 -0
package/dist/common/adapters/memory-queue.d.ts +64 -0
package/dist/common/adapters/memory-queue.d.ts.map +1 -0
package/dist/common/adapters/memory-queue.js +233 -0
package/dist/common/adapters/memory-queue.js.map +1 -0
package/dist/common/adapters/memory-ratelimit.d.ts +78 -0
package/dist/common/adapters/memory-ratelimit.d.ts.map +1 -0
package/dist/common/adapters/memory-ratelimit.js +196 -0
package/dist/common/adapters/memory-ratelimit.js.map +1 -0
package/dist/common/adapters/memory-session.d.ts +105 -0
package/dist/common/adapters/memory-session.d.ts.map +1 -0
package/dist/common/adapters/memory-session.js +302 -0
package/dist/common/adapters/memory-session.js.map +1 -0
package/dist/common/adapters/provider.d.ts +47 -0
package/dist/common/adapters/provider.d.ts.map +1 -0
package/dist/common/adapters/provider.js +347 -0
package/dist/common/adapters/provider.js.map +1 -0
package/dist/common/adapters/types.d.ts +247 -0
package/dist/common/adapters/types.d.ts.map +1 -0
package/dist/common/adapters/types.js +11 -0
package/dist/common/adapters/types.js.map +1 -0
package/dist/common/authorization.d.ts +137 -0
package/dist/common/authorization.d.ts.map +1 -0
package/dist/common/authorization.js +270 -0
package/dist/common/authorization.js.map +1 -0
package/dist/common/canonical-bridge.d.ts +151 -0
package/dist/common/canonical-bridge.d.ts.map +1 -0
package/dist/common/canonical-bridge.js +231 -0
package/dist/common/canonical-bridge.js.map +1 -0
package/dist/common/canonical-json.d.ts +64 -0
package/dist/common/canonical-json.d.ts.map +1 -0
package/dist/common/canonical-json.js +95 -0
package/dist/common/canonical-json.js.map +1 -0
package/dist/common/circuit-breaker.d.ts +320 -0
package/dist/common/circuit-breaker.d.ts.map +1 -0
package/dist/common/circuit-breaker.js +850 -0
package/dist/common/circuit-breaker.js.map +1 -0
package/dist/common/config.d.ts +1678 -0
package/dist/common/config.d.ts.map +1 -0
package/dist/common/config.js +1057 -0
package/dist/common/config.js.map +1 -0
package/dist/common/contracts/index.d.ts +2 -0
package/dist/common/contracts/index.d.ts.map +1 -0
package/dist/common/contracts/index.js +2 -0
package/dist/common/contracts/index.js.map +1 -0
package/dist/common/contracts/output.d.ts +81 -0
package/dist/common/contracts/output.d.ts.map +1 -0
package/dist/common/contracts/output.js +38 -0
package/dist/common/contracts/output.js.map +1 -0
package/dist/common/crypto.d.ts +70 -0
package/dist/common/crypto.d.ts.map +1 -0
package/dist/common/crypto.js +201 -0
package/dist/common/crypto.js.map +1 -0
package/dist/common/database-resilience.d.ts +156 -0
package/dist/common/database-resilience.d.ts.map +1 -0
package/dist/common/database-resilience.js +269 -0
package/dist/common/database-resilience.js.map +1 -0
package/dist/common/db-metrics.d.ts +90 -0
package/dist/common/db-metrics.d.ts.map +1 -0
package/dist/common/db-metrics.js +219 -0
package/dist/common/db-metrics.js.map +1 -0
package/dist/common/db-pool.d.ts +307 -0
package/dist/common/db-pool.d.ts.map +1 -0
package/dist/common/db-pool.js +879 -0
package/dist/common/db-pool.js.map +1 -0
package/dist/common/db.d.ts +105 -0
package/dist/common/db.d.ts.map +1 -0
package/dist/common/db.js +216 -0
package/dist/common/db.js.map +1 -0
package/dist/common/di.d.ts +202 -0
package/dist/common/di.d.ts.map +1 -0
package/dist/common/di.js +219 -0
package/dist/common/di.js.map +1 -0
package/dist/common/encryption.d.ts +131 -0
package/dist/common/encryption.d.ts.map +1 -0
package/dist/common/encryption.js +255 -0
package/dist/common/encryption.js.map +1 -0
package/dist/common/errors.d.ts +229 -0
package/dist/common/errors.d.ts.map +1 -0
package/dist/common/errors.js +349 -0
package/dist/common/errors.js.map +1 -0
package/dist/common/expression/evaluator.d.ts +58 -0
package/dist/common/expression/evaluator.d.ts.map +1 -0
package/dist/common/expression/evaluator.js +326 -0
package/dist/common/expression/evaluator.js.map +1 -0
package/dist/common/expression/index.d.ts +180 -0
package/dist/common/expression/index.d.ts.map +1 -0
package/dist/common/expression/index.js +198 -0
package/dist/common/expression/index.js.map +1 -0
package/dist/common/expression/lexer.d.ts +69 -0
package/dist/common/expression/lexer.d.ts.map +1 -0
package/dist/common/expression/lexer.js +255 -0
package/dist/common/expression/lexer.js.map +1 -0
package/dist/common/expression/parser.d.ts +133 -0
package/dist/common/expression/parser.d.ts.map +1 -0
package/dist/common/expression/parser.js +293 -0
package/dist/common/expression/parser.js.map +1 -0
package/dist/common/group-membership.d.ts +119 -0
package/dist/common/group-membership.d.ts.map +1 -0
package/dist/common/group-membership.js +250 -0
package/dist/common/group-membership.js.map +1 -0
package/dist/common/index.d.ts +14 -0
package/dist/common/index.d.ts.map +1 -0
package/dist/common/index.js +15 -0
package/dist/common/index.js.map +1 -0
package/dist/common/leader-election.d.ts +40 -0
package/dist/common/leader-election.d.ts.map +1 -0
package/dist/common/leader-election.js +232 -0
package/dist/common/leader-election.js.map +1 -0
package/dist/common/lock.d.ts +77 -0
package/dist/common/lock.d.ts.map +1 -0
package/dist/common/lock.js +167 -0
package/dist/common/lock.js.map +1 -0
package/dist/common/logger.d.ts +19 -0
package/dist/common/logger.d.ts.map +1 -0
package/dist/common/logger.js +80 -0
package/dist/common/logger.js.map +1 -0
package/dist/common/metrics-registry.d.ts +48 -0
package/dist/common/metrics-registry.d.ts.map +1 -0
package/dist/common/metrics-registry.js +77 -0
package/dist/common/metrics-registry.js.map +1 -0
package/dist/common/metrics.d.ts +227 -0
package/dist/common/metrics.d.ts.map +1 -0
package/dist/common/metrics.js +524 -0
package/dist/common/metrics.js.map +1 -0
package/dist/common/operation-tracker.d.ts +137 -0
package/dist/common/operation-tracker.d.ts.map +1 -0
package/dist/common/operation-tracker.js +366 -0
package/dist/common/operation-tracker.js.map +1 -0
package/dist/common/provenance/chain.d.ts +54 -0
package/dist/common/provenance/chain.d.ts.map +1 -0
package/dist/common/provenance/chain.js +252 -0
package/dist/common/provenance/chain.js.map +1 -0
package/dist/common/provenance/index.d.ts +14 -0
package/dist/common/provenance/index.d.ts.map +1 -0
package/dist/common/provenance/index.js +19 -0
package/dist/common/provenance/index.js.map +1 -0
package/dist/common/provenance/query.d.ts +111 -0
package/dist/common/provenance/query.d.ts.map +1 -0
package/dist/common/provenance/query.js +310 -0
package/dist/common/provenance/query.js.map +1 -0
package/dist/common/provenance/storage.d.ts +297 -0
package/dist/common/provenance/storage.d.ts.map +1 -0
package/dist/common/provenance/storage.js +436 -0
package/dist/common/provenance/storage.js.map +1 -0
package/dist/common/provenance/tracker.d.ts +57 -0
package/dist/common/provenance/tracker.d.ts.map +1 -0
package/dist/common/provenance/tracker.js +209 -0
package/dist/common/provenance/tracker.js.map +1 -0
package/dist/common/provenance/types.d.ts +146 -0
package/dist/common/provenance/types.d.ts.map +1 -0
package/dist/common/provenance/types.js +10 -0
package/dist/common/provenance/types.js.map +1 -0
package/dist/common/random.d.ts +84 -0
package/dist/common/random.d.ts.map +1 -0
package/dist/common/random.js +130 -0
package/dist/common/random.js.map +1 -0
package/dist/common/redaction.d.ts +49 -0
package/dist/common/redaction.d.ts.map +1 -0
package/dist/common/redaction.js +217 -0
package/dist/common/redaction.js.map +1 -0
package/dist/common/redis-cluster.d.ts +538 -0
package/dist/common/redis-cluster.d.ts.map +1 -0
package/dist/common/redis-cluster.js +1539 -0
package/dist/common/redis-cluster.js.map +1 -0
package/dist/common/redis-resilience.d.ts +270 -0
package/dist/common/redis-resilience.d.ts.map +1 -0
package/dist/common/redis-resilience.js +586 -0
package/dist/common/redis-resilience.js.map +1 -0
package/dist/common/redis.d.ts +19 -0
package/dist/common/redis.d.ts.map +1 -0
package/dist/common/redis.js +73 -0
package/dist/common/redis.js.map +1 -0
package/dist/common/secret-generator.d.ts +142 -0
package/dist/common/secret-generator.d.ts.map +1 -0
package/dist/common/secret-generator.js +286 -0
package/dist/common/secret-generator.js.map +1 -0
package/dist/common/security-mode.d.ts +101 -0
package/dist/common/security-mode.d.ts.map +1 -0
package/dist/common/security-mode.js +304 -0
package/dist/common/security-mode.js.map +1 -0
package/dist/common/telemetry/index.d.ts +82 -0
package/dist/common/telemetry/index.d.ts.map +1 -0
package/dist/common/telemetry/index.js +198 -0
package/dist/common/telemetry/index.js.map +1 -0
package/dist/common/telemetry/instrumentation.d.ts +167 -0
package/dist/common/telemetry/instrumentation.d.ts.map +1 -0
package/dist/common/telemetry/instrumentation.js +492 -0
package/dist/common/telemetry/instrumentation.js.map +1 -0
package/dist/common/telemetry/metrics-bridge.d.ts +227 -0
package/dist/common/telemetry/metrics-bridge.d.ts.map +1 -0
package/dist/common/telemetry/metrics-bridge.js +437 -0
package/dist/common/telemetry/metrics-bridge.js.map +1 -0
package/dist/common/telemetry/middleware.d.ts +114 -0
package/dist/common/telemetry/middleware.d.ts.map +1 -0
package/dist/common/telemetry/middleware.js +353 -0
package/dist/common/telemetry/middleware.js.map +1 -0
package/dist/common/telemetry/propagation.d.ts +221 -0
package/dist/common/telemetry/propagation.d.ts.map +1 -0
package/dist/common/telemetry/propagation.js +409 -0
package/dist/common/telemetry/propagation.js.map +1 -0
package/dist/common/telemetry/spans.d.ts +295 -0
package/dist/common/telemetry/spans.d.ts.map +1 -0
package/dist/common/telemetry/spans.js +439 -0
package/dist/common/telemetry/spans.js.map +1 -0
package/dist/common/telemetry/tracer.d.ts +155 -0
package/dist/common/telemetry/tracer.d.ts.map +1 -0
package/dist/common/telemetry/tracer.js +343 -0
package/dist/common/telemetry/tracer.js.map +1 -0
package/dist/common/telemetry.d.ts +15 -0
package/dist/common/telemetry.d.ts.map +1 -0
package/dist/common/telemetry.js +61 -0
package/dist/common/telemetry.js.map +1 -0
package/dist/common/tenant-verification.d.ts +86 -0
package/dist/common/tenant-verification.d.ts.map +1 -0
package/dist/common/tenant-verification.js +184 -0
package/dist/common/tenant-verification.js.map +1 -0
package/dist/common/timeout.d.ts +40 -0
package/dist/common/timeout.d.ts.map +1 -0
package/dist/common/timeout.js +82 -0
package/dist/common/timeout.js.map +1 -0
package/dist/common/token-revocation.d.ts +44 -0
package/dist/common/token-revocation.d.ts.map +1 -0
package/dist/common/token-revocation.js +169 -0
package/dist/common/token-revocation.js.map +1 -0
package/dist/common/trace.d.ts +149 -0
package/dist/common/trace.d.ts.map +1 -0
package/dist/common/trace.js +328 -0
package/dist/common/trace.js.map +1 -0
package/dist/common/trust-cache.d.ts +263 -0
package/dist/common/trust-cache.d.ts.map +1 -0
package/dist/common/trust-cache.js +670 -0
package/dist/common/trust-cache.js.map +1 -0
package/dist/common/types.d.ts +328 -0
package/dist/common/types.d.ts.map +1 -0
package/dist/common/types.js +55 -0
package/dist/common/types.js.map +1 -0
package/dist/common/validation.d.ts +113 -0
package/dist/common/validation.d.ts.map +1 -0
package/dist/common/validation.js +221 -0
package/dist/common/validation.js.map +1 -0
package/dist/compliance/export/evidence-collector.d.ts +252 -0
package/dist/compliance/export/evidence-collector.d.ts.map +1 -0
package/dist/compliance/export/evidence-collector.js +488 -0
package/dist/compliance/export/evidence-collector.js.map +1 -0
package/dist/compliance/export/hash-verifier.d.ts +181 -0
package/dist/compliance/export/hash-verifier.d.ts.map +1 -0
package/dist/compliance/export/hash-verifier.js +425 -0
package/dist/compliance/export/hash-verifier.js.map +1 -0
package/dist/compliance/export/index.d.ts +14 -0
package/dist/compliance/export/index.d.ts.map +1 -0
package/dist/compliance/export/index.js +41 -0
package/dist/compliance/export/index.js.map +1 -0
package/dist/compliance/export/report-generator.d.ts +264 -0
package/dist/compliance/export/report-generator.d.ts.map +1 -0
package/dist/compliance/export/report-generator.js +890 -0
package/dist/compliance/export/report-generator.js.map +1 -0
package/dist/compliance/export/scheduled-exports.d.ts +256 -0
package/dist/compliance/export/scheduled-exports.d.ts.map +1 -0
package/dist/compliance/export/scheduled-exports.js +545 -0
package/dist/compliance/export/scheduled-exports.js.map +1 -0
package/dist/compliance/export/service.d.ts +191 -0
package/dist/compliance/export/service.d.ts.map +1 -0
package/dist/compliance/export/service.js +382 -0
package/dist/compliance/export/service.js.map +1 -0
package/dist/compliance/fedramp/assessment.d.ts +654 -0
package/dist/compliance/fedramp/assessment.d.ts.map +1 -0
package/dist/compliance/fedramp/assessment.js +721 -0
package/dist/compliance/fedramp/assessment.js.map +1 -0
package/dist/compliance/fedramp/boundary.d.ts +932 -0
package/dist/compliance/fedramp/boundary.d.ts.map +1 -0
package/dist/compliance/fedramp/boundary.js +645 -0
package/dist/compliance/fedramp/boundary.js.map +1 -0
package/dist/compliance/fedramp/continuous-monitoring.d.ts +705 -0
package/dist/compliance/fedramp/continuous-monitoring.d.ts.map +1 -0
package/dist/compliance/fedramp/continuous-monitoring.js +616 -0
package/dist/compliance/fedramp/continuous-monitoring.js.map +1 -0
package/dist/compliance/fedramp/controls.d.ts +128 -0
package/dist/compliance/fedramp/controls.d.ts.map +1 -0
package/dist/compliance/fedramp/controls.js +1110 -0
package/dist/compliance/fedramp/controls.js.map +1 -0
package/dist/compliance/fedramp/incident-reporting.d.ts +1001 -0
package/dist/compliance/fedramp/incident-reporting.d.ts.map +1 -0
package/dist/compliance/fedramp/incident-reporting.js +764 -0
package/dist/compliance/fedramp/incident-reporting.js.map +1 -0
package/dist/compliance/fedramp/index.d.ts +87 -0
package/dist/compliance/fedramp/index.d.ts.map +1 -0
package/dist/compliance/fedramp/index.js +192 -0
package/dist/compliance/fedramp/index.js.map +1 -0
package/dist/compliance/fedramp/metrics.d.ts +288 -0
package/dist/compliance/fedramp/metrics.d.ts.map +1 -0
package/dist/compliance/fedramp/metrics.js +560 -0
package/dist/compliance/fedramp/metrics.js.map +1 -0
package/dist/compliance/fedramp/poam.d.ts +635 -0
package/dist/compliance/fedramp/poam.d.ts.map +1 -0
package/dist/compliance/fedramp/poam.js +602 -0
package/dist/compliance/fedramp/poam.js.map +1 -0
package/dist/compliance/fedramp/ssp-generator.d.ts +368 -0
package/dist/compliance/fedramp/ssp-generator.d.ts.map +1 -0
package/dist/compliance/fedramp/ssp-generator.js +543 -0
package/dist/compliance/fedramp/ssp-generator.js.map +1 -0
package/dist/compliance/frameworks/nist-800-53.d.ts +35 -0
package/dist/compliance/frameworks/nist-800-53.d.ts.map +1 -0
package/dist/compliance/frameworks/nist-800-53.js +892 -0
package/dist/compliance/frameworks/nist-800-53.js.map +1 -0
package/dist/compliance/frameworks/pci-dss.d.ts +407 -0
package/dist/compliance/frameworks/pci-dss.d.ts.map +1 -0
package/dist/compliance/frameworks/pci-dss.js +1873 -0
package/dist/compliance/frameworks/pci-dss.js.map +1 -0
package/dist/compliance/frameworks/soc2.d.ts +42 -0
package/dist/compliance/frameworks/soc2.d.ts.map +1 -0
package/dist/compliance/frameworks/soc2.js +669 -0
package/dist/compliance/frameworks/soc2.js.map +1 -0
package/dist/compliance/gdpr/data-transfers.d.ts +493 -0
package/dist/compliance/gdpr/data-transfers.d.ts.map +1 -0
package/dist/compliance/gdpr/data-transfers.js +1242 -0
package/dist/compliance/gdpr/data-transfers.js.map +1 -0
package/dist/compliance/gdpr/index.d.ts +7 -0
package/dist/compliance/gdpr/index.d.ts.map +1 -0
package/dist/compliance/gdpr/index.js +7 -0
package/dist/compliance/gdpr/index.js.map +1 -0
package/dist/compliance/index.d.ts +148 -0
package/dist/compliance/index.d.ts.map +1 -0
package/dist/compliance/index.js +532 -0
package/dist/compliance/index.js.map +1 -0
package/dist/compliance/reports.d.ts +141 -0
package/dist/compliance/reports.d.ts.map +1 -0
package/dist/compliance/reports.js +495 -0
package/dist/compliance/reports.js.map +1 -0
package/dist/compliance/retention/index.d.ts +19 -0
package/dist/compliance/retention/index.d.ts.map +1 -0
package/dist/compliance/retention/index.js +46 -0
package/dist/compliance/retention/index.js.map +1 -0
package/dist/compliance/retention/retention-enforcer.d.ts +128 -0
package/dist/compliance/retention/retention-enforcer.d.ts.map +1 -0
package/dist/compliance/retention/retention-enforcer.js +695 -0
package/dist/compliance/retention/retention-enforcer.js.map +1 -0
package/dist/compliance/retention/retention-policy.d.ts +307 -0
package/dist/compliance/retention/retention-policy.d.ts.map +1 -0
package/dist/compliance/retention/retention-policy.js +102 -0
package/dist/compliance/retention/retention-policy.js.map +1 -0
package/dist/compliance/retention/retention-scheduler.d.ts +124 -0
package/dist/compliance/retention/retention-scheduler.d.ts.map +1 -0
package/dist/compliance/retention/retention-scheduler.js +391 -0
package/dist/compliance/retention/retention-scheduler.js.map +1 -0
package/dist/compliance/types.d.ts +1162 -0
package/dist/compliance/types.d.ts.map +1 -0
package/dist/compliance/types.js +191 -0
package/dist/compliance/types.js.map +1 -0
package/dist/db/migration-checker.d.ts +183 -0
package/dist/db/migration-checker.d.ts.map +1 -0
package/dist/db/migration-checker.js +680 -0
package/dist/db/migration-checker.js.map +1 -0
package/dist/db/schema/api-keys.d.ts +506 -0
package/dist/db/schema/api-keys.d.ts.map +1 -0
package/dist/db/schema/api-keys.js +98 -0
package/dist/db/schema/api-keys.js.map +1 -0
package/dist/db/schema/escalations.d.ts +554 -0
package/dist/db/schema/escalations.d.ts.map +1 -0
package/dist/db/schema/escalations.js +97 -0
package/dist/db/schema/escalations.js.map +1 -0
package/dist/db/schema/index.d.ts +19 -0
package/dist/db/schema/index.d.ts.map +1 -0
package/dist/db/schema/index.js +19 -0
package/dist/db/schema/index.js.map +1 -0
package/dist/db/schema/intents.d.ts +535 -0
package/dist/db/schema/intents.d.ts.map +1 -0
package/dist/db/schema/intents.js +90 -0
package/dist/db/schema/intents.js.map +1 -0
package/dist/db/schema/merkle.d.ts +475 -0
package/dist/db/schema/merkle.d.ts.map +1 -0
package/dist/db/schema/merkle.js +100 -0
package/dist/db/schema/merkle.js.map +1 -0
package/dist/db/schema/operations.d.ts +256 -0
package/dist/db/schema/operations.d.ts.map +1 -0
package/dist/db/schema/operations.js +65 -0
package/dist/db/schema/operations.js.map +1 -0
package/dist/db/schema/policy-versions.d.ts +149 -0
package/dist/db/schema/policy-versions.d.ts.map +1 -0
package/dist/db/schema/policy-versions.js +40 -0
package/dist/db/schema/policy-versions.js.map +1 -0
package/dist/db/schema/proofs.d.ts +412 -0
package/dist/db/schema/proofs.d.ts.map +1 -0
package/dist/db/schema/proofs.js +63 -0
package/dist/db/schema/proofs.js.map +1 -0
package/dist/db/schema/service-accounts.d.ts +783 -0
package/dist/db/schema/service-accounts.d.ts.map +1 -0
package/dist/db/schema/service-accounts.js +176 -0
package/dist/db/schema/service-accounts.js.map +1 -0
package/dist/db/schema/trust.d.ts +593 -0
package/dist/db/schema/trust.d.ts.map +1 -0
package/dist/db/schema/trust.js +98 -0
package/dist/db/schema/trust.js.map +1 -0
package/dist/db/schema/users.d.ts +487 -0
package/dist/db/schema/users.d.ts.map +1 -0
package/dist/db/schema/users.js +133 -0
package/dist/db/schema/users.js.map +1 -0
package/dist/db/schema/webhooks.d.ts +382 -0
package/dist/db/schema/webhooks.d.ts.map +1 -0
package/dist/db/schema/webhooks.js +91 -0
package/dist/db/schema/webhooks.js.map +1 -0
package/dist/enforce/constraint-evaluator.d.ts +385 -0
package/dist/enforce/constraint-evaluator.d.ts.map +1 -0
package/dist/enforce/constraint-evaluator.js +648 -0
package/dist/enforce/constraint-evaluator.js.map +1 -0
package/dist/enforce/decision-aggregator.d.ts +269 -0
package/dist/enforce/decision-aggregator.d.ts.map +1 -0
package/dist/enforce/decision-aggregator.js +560 -0
package/dist/enforce/decision-aggregator.js.map +1 -0
package/dist/enforce/escalation-rules.d.ts +411 -0
package/dist/enforce/escalation-rules.d.ts.map +1 -0
package/dist/enforce/escalation-rules.js +681 -0
package/dist/enforce/escalation-rules.js.map +1 -0
package/dist/enforce/index.d.ts +175 -0
package/dist/enforce/index.d.ts.map +1 -0
package/dist/enforce/index.js +402 -0
package/dist/enforce/index.js.map +1 -0
package/dist/enforce/policy-engine.d.ts +390 -0
package/dist/enforce/policy-engine.d.ts.map +1 -0
package/dist/enforce/policy-engine.js +652 -0
package/dist/enforce/policy-engine.js.map +1 -0
package/dist/enforce/runtime-config.d.ts +387 -0
package/dist/enforce/runtime-config.d.ts.map +1 -0
package/dist/enforce/runtime-config.js +709 -0
package/dist/enforce/runtime-config.js.map +1 -0
package/dist/index.d.ts +63 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +74 -0
package/dist/index.js.map +1 -0
package/dist/intent/audit.d.ts +119 -0
package/dist/intent/audit.d.ts.map +1 -0
package/dist/intent/audit.js +457 -0
package/dist/intent/audit.js.map +1 -0
package/dist/intent/classifier/index.d.ts +121 -0
package/dist/intent/classifier/index.d.ts.map +1 -0
package/dist/intent/classifier/index.js +232 -0
package/dist/intent/classifier/index.js.map +1 -0
package/dist/intent/classifier/patterns.d.ts +129 -0
package/dist/intent/classifier/patterns.d.ts.map +1 -0
package/dist/intent/classifier/patterns.js +471 -0
package/dist/intent/classifier/patterns.js.map +1 -0
package/dist/intent/classifier/risk.d.ts +177 -0
package/dist/intent/classifier/risk.d.ts.map +1 -0
package/dist/intent/classifier/risk.js +335 -0
package/dist/intent/classifier/risk.js.map +1 -0
package/dist/intent/cleanup.d.ts +24 -0
package/dist/intent/cleanup.d.ts.map +1 -0
package/dist/intent/cleanup.js +104 -0
package/dist/intent/cleanup.js.map +1 -0
package/dist/intent/consent.d.ts +238 -0
package/dist/intent/consent.d.ts.map +1 -0
package/dist/intent/consent.js +427 -0
package/dist/intent/consent.js.map +1 -0
package/dist/intent/escalation.d.ts +208 -0
package/dist/intent/escalation.d.ts.map +1 -0
package/dist/intent/escalation.js +550 -0
package/dist/intent/escalation.js.map +1 -0
package/dist/intent/gdpr.d.ts +245 -0
package/dist/intent/gdpr.d.ts.map +1 -0
package/dist/intent/gdpr.js +580 -0
package/dist/intent/gdpr.js.map +1 -0
package/dist/intent/health.d.ts +214 -0
package/dist/intent/health.d.ts.map +1 -0
package/dist/intent/health.js +526 -0
package/dist/intent/health.js.map +1 -0
package/dist/intent/index.d.ts +447 -0
package/dist/intent/index.d.ts.map +1 -0
package/dist/intent/index.js +685 -0
package/dist/intent/index.js.map +1 -0
package/dist/intent/metrics.d.ts +391 -0
package/dist/intent/metrics.d.ts.map +1 -0
package/dist/intent/metrics.js +885 -0
package/dist/intent/metrics.js.map +1 -0
package/dist/intent/openapi.d.ts +22 -0
package/dist/intent/openapi.d.ts.map +1 -0
package/dist/intent/openapi.js +1674 -0
package/dist/intent/openapi.js.map +1 -0
package/dist/intent/planner/dependency.d.ts +78 -0
package/dist/intent/planner/dependency.d.ts.map +1 -0
package/dist/intent/planner/dependency.js +334 -0
package/dist/intent/planner/dependency.js.map +1 -0
package/dist/intent/planner/index.d.ts +157 -0
package/dist/intent/planner/index.d.ts.map +1 -0
package/dist/intent/planner/index.js +372 -0
package/dist/intent/planner/index.js.map +1 -0
package/dist/intent/planner/rollback.d.ts +92 -0
package/dist/intent/planner/rollback.d.ts.map +1 -0
package/dist/intent/planner/rollback.js +326 -0
package/dist/intent/planner/rollback.js.map +1 -0
package/dist/intent/planner/templates.d.ts +81 -0
package/dist/intent/planner/templates.d.ts.map +1 -0
package/dist/intent/planner/templates.js +560 -0
package/dist/intent/planner/templates.js.map +1 -0
package/dist/intent/queue.d.ts +150 -0
package/dist/intent/queue.d.ts.map +1 -0
package/dist/intent/queue.js +339 -0
package/dist/intent/queue.js.map +1 -0
package/dist/intent/queues.d.ts +176 -0
package/dist/intent/queues.d.ts.map +1 -0
package/dist/intent/queues.js +1382 -0
package/dist/intent/queues.js.map +1 -0
package/dist/intent/ratelimit.d.ts +147 -0
package/dist/intent/ratelimit.d.ts.map +1 -0
package/dist/intent/ratelimit.js +301 -0
package/dist/intent/ratelimit.js.map +1 -0
package/dist/intent/replay/comparator.d.ts +148 -0
package/dist/intent/replay/comparator.d.ts.map +1 -0
package/dist/intent/replay/comparator.js +320 -0
package/dist/intent/replay/comparator.js.map +1 -0
package/dist/intent/replay/index.d.ts +159 -0
package/dist/intent/replay/index.d.ts.map +1 -0
package/dist/intent/replay/index.js +486 -0
package/dist/intent/replay/index.js.map +1 -0
package/dist/intent/replay/simulator.d.ts +184 -0
package/dist/intent/replay/simulator.d.ts.map +1 -0
package/dist/intent/replay/simulator.js +510 -0
package/dist/intent/replay/simulator.js.map +1 -0
package/dist/intent/replay/snapshot.d.ts +149 -0
package/dist/intent/replay/snapshot.d.ts.map +1 -0
package/dist/intent/replay/snapshot.js +245 -0
package/dist/intent/replay/snapshot.js.map +1 -0
package/dist/intent/repository.d.ts +198 -0
package/dist/intent/repository.d.ts.map +1 -0
package/dist/intent/repository.js +526 -0
package/dist/intent/repository.js.map +1 -0
package/dist/intent/response-middleware.d.ts +156 -0
package/dist/intent/response-middleware.d.ts.map +1 -0
package/dist/intent/response-middleware.js +337 -0
package/dist/intent/response-middleware.js.map +1 -0
package/dist/intent/response.d.ts +267 -0
package/dist/intent/response.d.ts.map +1 -0
package/dist/intent/response.js +402 -0
package/dist/intent/response.js.map +1 -0
package/dist/intent/routes.d.ts +35 -0
package/dist/intent/routes.d.ts.map +1 -0
package/dist/intent/routes.js +801 -0
package/dist/intent/routes.js.map +1 -0
package/dist/intent/scheduler.d.ts +45 -0
package/dist/intent/scheduler.d.ts.map +1 -0
package/dist/intent/scheduler.js +221 -0
package/dist/intent/scheduler.js.map +1 -0
package/dist/intent/schema.d.ts +2997 -0
package/dist/intent/schema.d.ts.map +1 -0
package/dist/intent/schema.js +447 -0
package/dist/intent/schema.js.map +1 -0
package/dist/intent/shutdown.d.ts +145 -0
package/dist/intent/shutdown.d.ts.map +1 -0
package/dist/intent/shutdown.js +468 -0
package/dist/intent/shutdown.js.map +1 -0
package/dist/intent/state-machine.d.ts +111 -0
package/dist/intent/state-machine.d.ts.map +1 -0
package/dist/intent/state-machine.js +242 -0
package/dist/intent/state-machine.js.map +1 -0
package/dist/intent/tracing.d.ts +152 -0
package/dist/intent/tracing.d.ts.map +1 -0
package/dist/intent/tracing.js +658 -0
package/dist/intent/tracing.js.map +1 -0
package/dist/intent/types.d.ts +175 -0
package/dist/intent/types.d.ts.map +1 -0
package/dist/intent/types.js +25 -0
package/dist/intent/types.js.map +1 -0
package/dist/intent/webhooks/delivery-repository.d.ts +80 -0
package/dist/intent/webhooks/delivery-repository.d.ts.map +1 -0
package/dist/intent/webhooks/delivery-repository.js +251 -0
package/dist/intent/webhooks/delivery-repository.js.map +1 -0
package/dist/intent/webhooks/dns-pinning.d.ts +30 -0
package/dist/intent/webhooks/dns-pinning.d.ts.map +1 -0
package/dist/intent/webhooks/dns-pinning.js +69 -0
package/dist/intent/webhooks/dns-pinning.js.map +1 -0
package/dist/intent/webhooks/index.d.ts +14 -0
package/dist/intent/webhooks/index.d.ts.map +1 -0
package/dist/intent/webhooks/index.js +17 -0
package/dist/intent/webhooks/index.js.map +1 -0
package/dist/intent/webhooks/signature.d.ts +47 -0
package/dist/intent/webhooks/signature.d.ts.map +1 -0
package/dist/intent/webhooks/signature.js +80 -0
package/dist/intent/webhooks/signature.js.map +1 -0
package/dist/intent/webhooks/ssrf-protection.d.ts +29 -0
package/dist/intent/webhooks/ssrf-protection.d.ts.map +1 -0
package/dist/intent/webhooks/ssrf-protection.js +161 -0
package/dist/intent/webhooks/ssrf-protection.js.map +1 -0
package/dist/intent/webhooks/types.d.ts +132 -0
package/dist/intent/webhooks/types.d.ts.map +1 -0
package/dist/intent/webhooks/types.js +14 -0
package/dist/intent/webhooks/types.js.map +1 -0
package/dist/intent/webhooks.d.ts +610 -0
package/dist/intent/webhooks.d.ts.map +1 -0
package/dist/intent/webhooks.js +1793 -0
package/dist/intent/webhooks.js.map +1 -0
package/dist/policy/diff.d.ts +88 -0
package/dist/policy/diff.d.ts.map +1 -0
package/dist/policy/diff.js +325 -0
package/dist/policy/diff.js.map +1 -0
package/dist/policy/evaluator.d.ts +102 -0
package/dist/policy/evaluator.d.ts.map +1 -0
package/dist/policy/evaluator.js +647 -0
package/dist/policy/evaluator.js.map +1 -0
package/dist/policy/index.d.ts +16 -0
package/dist/policy/index.d.ts.map +1 -0
package/dist/policy/index.js +19 -0
package/dist/policy/index.js.map +1 -0
package/dist/policy/loader.d.ts +63 -0
package/dist/policy/loader.d.ts.map +1 -0
package/dist/policy/loader.js +173 -0
package/dist/policy/loader.js.map +1 -0
package/dist/policy/service.d.ts +150 -0
package/dist/policy/service.d.ts.map +1 -0
package/dist/policy/service.js +782 -0
package/dist/policy/service.js.map +1 -0
package/dist/policy/types.d.ts +220 -0
package/dist/policy/types.d.ts.map +1 -0
package/dist/policy/types.js +36 -0
package/dist/policy/types.js.map +1 -0
package/dist/proof/hybrid-signing.d.ts +82 -0
package/dist/proof/hybrid-signing.d.ts.map +1 -0
package/dist/proof/hybrid-signing.js +239 -0
package/dist/proof/hybrid-signing.js.map +1 -0
package/dist/proof/index.d.ts +203 -0
package/dist/proof/index.d.ts.map +1 -0
package/dist/proof/index.js +610 -0
package/dist/proof/index.js.map +1 -0
package/dist/proof/merkle-service.d.ts +194 -0
package/dist/proof/merkle-service.d.ts.map +1 -0
package/dist/proof/merkle-service.js +463 -0
package/dist/proof/merkle-service.js.map +1 -0
package/dist/proof/merkle.d.ts +118 -0
package/dist/proof/merkle.d.ts.map +1 -0
package/dist/proof/merkle.js +265 -0
package/dist/proof/merkle.js.map +1 -0
package/dist/security/ai-governance/access-policy.d.ts +197 -0
package/dist/security/ai-governance/access-policy.d.ts.map +1 -0
package/dist/security/ai-governance/access-policy.js +522 -0
package/dist/security/ai-governance/access-policy.js.map +1 -0
package/dist/security/ai-governance/audit-trail.d.ts +241 -0
package/dist/security/ai-governance/audit-trail.d.ts.map +1 -0
package/dist/security/ai-governance/audit-trail.js +645 -0
package/dist/security/ai-governance/audit-trail.js.map +1 -0
package/dist/security/ai-governance/bias-detection.d.ts +221 -0
package/dist/security/ai-governance/bias-detection.d.ts.map +1 -0
package/dist/security/ai-governance/bias-detection.js +615 -0
package/dist/security/ai-governance/bias-detection.js.map +1 -0
package/dist/security/ai-governance/index.d.ts +92 -0
package/dist/security/ai-governance/index.d.ts.map +1 -0
package/dist/security/ai-governance/index.js +184 -0
package/dist/security/ai-governance/index.js.map +1 -0
package/dist/security/ai-governance/middleware.d.ts +110 -0
package/dist/security/ai-governance/middleware.d.ts.map +1 -0
package/dist/security/ai-governance/middleware.js +359 -0
package/dist/security/ai-governance/middleware.js.map +1 -0
package/dist/security/ai-governance/model-registry.d.ts +229 -0
package/dist/security/ai-governance/model-registry.d.ts.map +1 -0
package/dist/security/ai-governance/model-registry.js +535 -0
package/dist/security/ai-governance/model-registry.js.map +1 -0
package/dist/security/ai-governance/output-filter.d.ts +150 -0
package/dist/security/ai-governance/output-filter.d.ts.map +1 -0
package/dist/security/ai-governance/output-filter.js +561 -0
package/dist/security/ai-governance/output-filter.js.map +1 -0
package/dist/security/ai-governance/prompt-injection.d.ts +153 -0
package/dist/security/ai-governance/prompt-injection.d.ts.map +1 -0
package/dist/security/ai-governance/prompt-injection.js +614 -0
package/dist/security/ai-governance/prompt-injection.js.map +1 -0
package/dist/security/ai-governance/rate-limiter.d.ts +156 -0
package/dist/security/ai-governance/rate-limiter.d.ts.map +1 -0
package/dist/security/ai-governance/rate-limiter.js +541 -0
package/dist/security/ai-governance/rate-limiter.js.map +1 -0
package/dist/security/ai-governance/types.d.ts +594 -0
package/dist/security/ai-governance/types.d.ts.map +1 -0
package/dist/security/ai-governance/types.js +6 -0
package/dist/security/ai-governance/types.js.map +1 -0
package/dist/security/alerting/channels/base.d.ts +91 -0
package/dist/security/alerting/channels/base.d.ts.map +1 -0
package/dist/security/alerting/channels/base.js +128 -0
package/dist/security/alerting/channels/base.js.map +1 -0
package/dist/security/alerting/channels/email.d.ts +92 -0
package/dist/security/alerting/channels/email.d.ts.map +1 -0
package/dist/security/alerting/channels/email.js +418 -0
package/dist/security/alerting/channels/email.js.map +1 -0
package/dist/security/alerting/channels/http-base.d.ts +86 -0
package/dist/security/alerting/channels/http-base.d.ts.map +1 -0
package/dist/security/alerting/channels/http-base.js +133 -0
package/dist/security/alerting/channels/http-base.js.map +1 -0
package/dist/security/alerting/channels/index.d.ts +30 -0
package/dist/security/alerting/channels/index.d.ts.map +1 -0
package/dist/security/alerting/channels/index.js +22 -0
package/dist/security/alerting/channels/index.js.map +1 -0
package/dist/security/alerting/channels/pagerduty.d.ts +70 -0
package/dist/security/alerting/channels/pagerduty.d.ts.map +1 -0
package/dist/security/alerting/channels/pagerduty.js +248 -0
package/dist/security/alerting/channels/pagerduty.js.map +1 -0
package/dist/security/alerting/channels/slack.d.ts +55 -0
package/dist/security/alerting/channels/slack.d.ts.map +1 -0
package/dist/security/alerting/channels/slack.js +215 -0
package/dist/security/alerting/channels/slack.js.map +1 -0
package/dist/security/alerting/channels/sns.d.ts +87 -0
package/dist/security/alerting/channels/sns.d.ts.map +1 -0
package/dist/security/alerting/channels/sns.js +251 -0
package/dist/security/alerting/channels/sns.js.map +1 -0
package/dist/security/alerting/channels/webhook.d.ts +92 -0
package/dist/security/alerting/channels/webhook.d.ts.map +1 -0
package/dist/security/alerting/channels/webhook.js +203 -0
package/dist/security/alerting/channels/webhook.js.map +1 -0
package/dist/security/alerting/detector.d.ts +217 -0
package/dist/security/alerting/detector.d.ts.map +1 -0
package/dist/security/alerting/detector.js +725 -0
package/dist/security/alerting/detector.js.map +1 -0
package/dist/security/alerting/index.d.ts +57 -0
package/dist/security/alerting/index.d.ts.map +1 -0
package/dist/security/alerting/index.js +214 -0
package/dist/security/alerting/index.js.map +1 -0
package/dist/security/alerting/service.d.ts +190 -0
package/dist/security/alerting/service.d.ts.map +1 -0
package/dist/security/alerting/service.js +815 -0
package/dist/security/alerting/service.js.map +1 -0
package/dist/security/alerting/types.d.ts +2165 -0
package/dist/security/alerting/types.d.ts.map +1 -0
package/dist/security/alerting/types.js +278 -0
package/dist/security/alerting/types.js.map +1 -0
package/dist/security/anomaly/detectors/account-compromise.d.ts +198 -0
package/dist/security/anomaly/detectors/account-compromise.d.ts.map +1 -0
package/dist/security/anomaly/detectors/account-compromise.js +815 -0
package/dist/security/anomaly/detectors/account-compromise.js.map +1 -0
package/dist/security/anomaly/detectors/data-exfiltration.d.ts +175 -0
package/dist/security/anomaly/detectors/data-exfiltration.d.ts.map +1 -0
package/dist/security/anomaly/detectors/data-exfiltration.js +733 -0
package/dist/security/anomaly/detectors/data-exfiltration.js.map +1 -0
package/dist/security/anomaly/detectors/geographic.d.ts +100 -0
package/dist/security/anomaly/detectors/geographic.d.ts.map +1 -0
package/dist/security/anomaly/detectors/geographic.js +348 -0
package/dist/security/anomaly/detectors/geographic.js.map +1 -0
package/dist/security/anomaly/detectors/index.d.ts +86 -0
package/dist/security/anomaly/detectors/index.d.ts.map +1 -0
package/dist/security/anomaly/detectors/index.js +118 -0
package/dist/security/anomaly/detectors/index.js.map +1 -0
package/dist/security/anomaly/detectors/lateral-movement.d.ts +168 -0
package/dist/security/anomaly/detectors/lateral-movement.d.ts.map +1 -0
package/dist/security/anomaly/detectors/lateral-movement.js +795 -0
package/dist/security/anomaly/detectors/lateral-movement.js.map +1 -0
package/dist/security/anomaly/detectors/privilege-escalation.d.ts +177 -0
package/dist/security/anomaly/detectors/privilege-escalation.d.ts.map +1 -0
package/dist/security/anomaly/detectors/privilege-escalation.js +741 -0
package/dist/security/anomaly/detectors/privilege-escalation.js.map +1 -0
package/dist/security/anomaly/detectors/temporal.d.ts +71 -0
package/dist/security/anomaly/detectors/temporal.d.ts.map +1 -0
package/dist/security/anomaly/detectors/temporal.js +398 -0
package/dist/security/anomaly/detectors/temporal.js.map +1 -0
package/dist/security/anomaly/detectors/volume.d.ts +97 -0
package/dist/security/anomaly/detectors/volume.d.ts.map +1 -0
package/dist/security/anomaly/detectors/volume.js +424 -0
package/dist/security/anomaly/detectors/volume.js.map +1 -0
package/dist/security/anomaly/index.d.ts +128 -0
package/dist/security/anomaly/index.d.ts.map +1 -0
package/dist/security/anomaly/index.js +378 -0
package/dist/security/anomaly/index.js.map +1 -0
package/dist/security/anomaly/types.d.ts +1209 -0
package/dist/security/anomaly/types.d.ts.map +1 -0
package/dist/security/anomaly/types.js +193 -0
package/dist/security/anomaly/types.js.map +1 -0
package/dist/security/api-keys/cache.d.ts +255 -0
package/dist/security/api-keys/cache.d.ts.map +1 -0
package/dist/security/api-keys/cache.js +595 -0
package/dist/security/api-keys/cache.js.map +1 -0
package/dist/security/api-keys/db-store.d.ts +150 -0
package/dist/security/api-keys/db-store.d.ts.map +1 -0
package/dist/security/api-keys/db-store.js +694 -0
package/dist/security/api-keys/db-store.js.map +1 -0
package/dist/security/api-keys/index.d.ts +29 -0
package/dist/security/api-keys/index.d.ts.map +1 -0
package/dist/security/api-keys/index.js +81 -0
package/dist/security/api-keys/index.js.map +1 -0
package/dist/security/api-keys/middleware.d.ts +164 -0
package/dist/security/api-keys/middleware.d.ts.map +1 -0
package/dist/security/api-keys/middleware.js +392 -0
package/dist/security/api-keys/middleware.js.map +1 -0
package/dist/security/api-keys/service.d.ts +226 -0
package/dist/security/api-keys/service.d.ts.map +1 -0
package/dist/security/api-keys/service.js +861 -0
package/dist/security/api-keys/service.js.map +1 -0
package/dist/security/api-keys/store.d.ts +241 -0
package/dist/security/api-keys/store.d.ts.map +1 -0
package/dist/security/api-keys/store.js +360 -0
package/dist/security/api-keys/store.js.map +1 -0
package/dist/security/api-keys/types.d.ts +718 -0
package/dist/security/api-keys/types.d.ts.map +1 -0
package/dist/security/api-keys/types.js +162 -0
package/dist/security/api-keys/types.js.map +1 -0
package/dist/security/brute-force.d.ts +390 -0
package/dist/security/brute-force.d.ts.map +1 -0
package/dist/security/brute-force.js +677 -0
package/dist/security/brute-force.js.map +1 -0
package/dist/security/config-validator.d.ts +152 -0
package/dist/security/config-validator.d.ts.map +1 -0
package/dist/security/config-validator.js +667 -0
package/dist/security/config-validator.js.map +1 -0
package/dist/security/crypto/fips-mode.d.ts +772 -0
package/dist/security/crypto/fips-mode.d.ts.map +1 -0
package/dist/security/crypto/fips-mode.js +1363 -0
package/dist/security/crypto/fips-mode.js.map +1 -0
package/dist/security/crypto/index.d.ts +202 -0
package/dist/security/crypto/index.d.ts.map +1 -0
package/dist/security/crypto/index.js +292 -0
package/dist/security/crypto/index.js.map +1 -0
package/dist/security/crypto/post-quantum/benchmark.d.ts +125 -0
package/dist/security/crypto/post-quantum/benchmark.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/benchmark.js +530 -0
package/dist/security/crypto/post-quantum/benchmark.js.map +1 -0
package/dist/security/crypto/post-quantum/dilithium.d.ts +144 -0
package/dist/security/crypto/post-quantum/dilithium.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/dilithium.js +675 -0
package/dist/security/crypto/post-quantum/dilithium.js.map +1 -0
package/dist/security/crypto/post-quantum/hybrid.d.ts +267 -0
package/dist/security/crypto/post-quantum/hybrid.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/hybrid.js +457 -0
package/dist/security/crypto/post-quantum/hybrid.js.map +1 -0
package/dist/security/crypto/post-quantum/index.d.ts +166 -0
package/dist/security/crypto/post-quantum/index.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/index.js +236 -0
package/dist/security/crypto/post-quantum/index.js.map +1 -0
package/dist/security/crypto/post-quantum/kyber.d.ts +129 -0
package/dist/security/crypto/post-quantum/kyber.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/kyber.js +649 -0
package/dist/security/crypto/post-quantum/kyber.js.map +1 -0
package/dist/security/crypto/post-quantum/migration.d.ts +230 -0
package/dist/security/crypto/post-quantum/migration.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/migration.js +563 -0
package/dist/security/crypto/post-quantum/migration.js.map +1 -0
package/dist/security/crypto/post-quantum/types.d.ts +1056 -0
package/dist/security/crypto/post-quantum/types.d.ts.map +1 -0
package/dist/security/crypto/post-quantum/types.js +350 -0
package/dist/security/crypto/post-quantum/types.js.map +1 -0
package/dist/security/crypto/shamir/comparison.d.ts +128 -0
package/dist/security/crypto/shamir/comparison.d.ts.map +1 -0
package/dist/security/crypto/shamir/comparison.js +423 -0
package/dist/security/crypto/shamir/comparison.js.map +1 -0
package/dist/security/crypto/shamir/index.d.ts +76 -0
package/dist/security/crypto/shamir/index.d.ts.map +1 -0
package/dist/security/crypto/shamir/index.js +155 -0
package/dist/security/crypto/shamir/index.js.map +1 -0
package/dist/security/crypto/shamir/proofs.d.ts +259 -0
package/dist/security/crypto/shamir/proofs.d.ts.map +1 -0
package/dist/security/crypto/shamir/proofs.js +605 -0
package/dist/security/crypto/shamir/proofs.js.map +1 -0
package/dist/security/crypto/shamir/property-tests.d.ts +104 -0
package/dist/security/crypto/shamir/property-tests.d.ts.map +1 -0
package/dist/security/crypto/shamir/property-tests.js +480 -0
package/dist/security/crypto/shamir/property-tests.js.map +1 -0
package/dist/security/crypto/shamir/security-analysis.d.ts +97 -0
package/dist/security/crypto/shamir/security-analysis.d.ts.map +1 -0
package/dist/security/crypto/shamir/security-analysis.js +503 -0
package/dist/security/crypto/shamir/security-analysis.js.map +1 -0
package/dist/security/crypto/shamir/test-vectors.d.ts +116 -0
package/dist/security/crypto/shamir/test-vectors.d.ts.map +1 -0
package/dist/security/crypto/shamir/test-vectors.js +377 -0
package/dist/security/crypto/shamir/test-vectors.js.map +1 -0
package/dist/security/crypto/shamir/types.d.ts +281 -0
package/dist/security/crypto/shamir/types.d.ts.map +1 -0
package/dist/security/crypto/shamir/types.js +82 -0
package/dist/security/crypto/shamir/types.js.map +1 -0
package/dist/security/crypto/shamir/verified-shamir.d.ts +170 -0
package/dist/security/crypto/shamir/verified-shamir.d.ts.map +1 -0
package/dist/security/crypto/shamir/verified-shamir.js +624 -0
package/dist/security/crypto/shamir/verified-shamir.js.map +1 -0
package/dist/security/csrf.d.ts +215 -0
package/dist/security/csrf.d.ts.map +1 -0
package/dist/security/csrf.js +467 -0
package/dist/security/csrf.js.map +1 -0
package/dist/security/distributed-state.d.ts +331 -0
package/dist/security/distributed-state.d.ts.map +1 -0
package/dist/security/distributed-state.js +768 -0
package/dist/security/distributed-state.js.map +1 -0
package/dist/security/dlp/index.d.ts +27 -0
package/dist/security/dlp/index.d.ts.map +1 -0
package/dist/security/dlp/index.js +54 -0
package/dist/security/dlp/index.js.map +1 -0
package/dist/security/dlp/scanner.d.ts +451 -0
package/dist/security/dlp/scanner.d.ts.map +1 -0
package/dist/security/dlp/scanner.js +1241 -0
package/dist/security/dlp/scanner.js.map +1 -0
package/dist/security/dpop.d.ts +260 -0
package/dist/security/dpop.d.ts.map +1 -0
package/dist/security/dpop.js +1058 -0
package/dist/security/dpop.js.map +1 -0
package/dist/security/encryption/decorators.d.ts +263 -0
package/dist/security/encryption/decorators.d.ts.map +1 -0
package/dist/security/encryption/decorators.js +359 -0
package/dist/security/encryption/decorators.js.map +1 -0
package/dist/security/encryption/index.d.ts +83 -0
package/dist/security/encryption/index.d.ts.map +1 -0
package/dist/security/encryption/index.js +140 -0
package/dist/security/encryption/index.js.map +1 -0
package/dist/security/encryption/key-provider.d.ts +335 -0
package/dist/security/encryption/key-provider.d.ts.map +1 -0
package/dist/security/encryption/key-provider.js +853 -0
package/dist/security/encryption/key-provider.js.map +1 -0
package/dist/security/encryption/middleware.d.ts +279 -0
package/dist/security/encryption/middleware.d.ts.map +1 -0
package/dist/security/encryption/middleware.js +493 -0
package/dist/security/encryption/middleware.js.map +1 -0
package/dist/security/encryption/service.d.ts +164 -0
package/dist/security/encryption/service.d.ts.map +1 -0
package/dist/security/encryption/service.js +623 -0
package/dist/security/encryption/service.js.map +1 -0
package/dist/security/encryption/types.d.ts +745 -0
package/dist/security/encryption/types.d.ts.map +1 -0
package/dist/security/encryption/types.js +229 -0
package/dist/security/encryption/types.js.map +1 -0
package/dist/security/error-sanitizer.d.ts +329 -0
package/dist/security/error-sanitizer.d.ts.map +1 -0
package/dist/security/error-sanitizer.js +693 -0
package/dist/security/error-sanitizer.js.map +1 -0
package/dist/security/fingerprint-service.d.ts +139 -0
package/dist/security/fingerprint-service.d.ts.map +1 -0
package/dist/security/fingerprint-service.js +240 -0
package/dist/security/fingerprint-service.js.map +1 -0
package/dist/security/headers/csp.d.ts +270 -0
package/dist/security/headers/csp.d.ts.map +1 -0
package/dist/security/headers/csp.js +655 -0
package/dist/security/headers/csp.js.map +1 -0
package/dist/security/headers/hsts.d.ts +161 -0
package/dist/security/headers/hsts.d.ts.map +1 -0
package/dist/security/headers/hsts.js +346 -0
package/dist/security/headers/hsts.js.map +1 -0
package/dist/security/headers/index.d.ts +47 -0
package/dist/security/headers/index.d.ts.map +1 -0
package/dist/security/headers/index.js +110 -0
package/dist/security/headers/index.js.map +1 -0
package/dist/security/headers/middleware.d.ts +70 -0
package/dist/security/headers/middleware.d.ts.map +1 -0
package/dist/security/headers/middleware.js +549 -0
package/dist/security/headers/middleware.js.map +1 -0
package/dist/security/headers/permissions-policy.d.ts +189 -0
package/dist/security/headers/permissions-policy.d.ts.map +1 -0
package/dist/security/headers/permissions-policy.js +508 -0
package/dist/security/headers/permissions-policy.js.map +1 -0
package/dist/security/headers/types.d.ts +1570 -0
package/dist/security/headers/types.d.ts.map +1 -0
package/dist/security/headers/types.js +281 -0
package/dist/security/headers/types.js.map +1 -0
package/dist/security/headers/validator.d.ts +36 -0
package/dist/security/headers/validator.d.ts.map +1 -0
package/dist/security/headers/validator.js +616 -0
package/dist/security/headers/validator.js.map +1 -0
package/dist/security/hsm/aws-cloudhsm.d.ts +157 -0
package/dist/security/hsm/aws-cloudhsm.d.ts.map +1 -0
package/dist/security/hsm/aws-cloudhsm.js +712 -0
package/dist/security/hsm/aws-cloudhsm.js.map +1 -0
package/dist/security/hsm/azure-hsm.d.ts +174 -0
package/dist/security/hsm/azure-hsm.d.ts.map +1 -0
package/dist/security/hsm/azure-hsm.js +792 -0
package/dist/security/hsm/azure-hsm.js.map +1 -0
package/dist/security/hsm/gcp-hsm.d.ts +184 -0
package/dist/security/hsm/gcp-hsm.d.ts.map +1 -0
package/dist/security/hsm/gcp-hsm.js +817 -0
package/dist/security/hsm/gcp-hsm.js.map +1 -0
package/dist/security/hsm/hsm-service.d.ts +264 -0
package/dist/security/hsm/hsm-service.d.ts.map +1 -0
package/dist/security/hsm/hsm-service.js +772 -0
package/dist/security/hsm/hsm-service.js.map +1 -0
package/dist/security/hsm/index.d.ts +132 -0
package/dist/security/hsm/index.d.ts.map +1 -0
package/dist/security/hsm/index.js +198 -0
package/dist/security/hsm/index.js.map +1 -0
package/dist/security/hsm/key-ceremony.d.ts +214 -0
package/dist/security/hsm/key-ceremony.d.ts.map +1 -0
package/dist/security/hsm/key-ceremony.js +636 -0
package/dist/security/hsm/key-ceremony.js.map +1 -0
package/dist/security/hsm/local-softHSM.d.ts +122 -0
package/dist/security/hsm/local-softHSM.d.ts.map +1 -0
package/dist/security/hsm/local-softHSM.js +786 -0
package/dist/security/hsm/local-softHSM.js.map +1 -0
package/dist/security/hsm/provider.d.ts +333 -0
package/dist/security/hsm/provider.d.ts.map +1 -0
package/dist/security/hsm/provider.js +264 -0
package/dist/security/hsm/provider.js.map +1 -0
package/dist/security/hsm/thales-luna.d.ts +209 -0
package/dist/security/hsm/thales-luna.d.ts.map +1 -0
package/dist/security/hsm/thales-luna.js +820 -0
package/dist/security/hsm/thales-luna.js.map +1 -0
package/dist/security/incident/actions/block-ip.d.ts +84 -0
package/dist/security/incident/actions/block-ip.d.ts.map +1 -0
package/dist/security/incident/actions/block-ip.js +464 -0
package/dist/security/incident/actions/block-ip.js.map +1 -0
package/dist/security/incident/actions/collect-evidence.d.ts +95 -0
package/dist/security/incident/actions/collect-evidence.d.ts.map +1 -0
package/dist/security/incident/actions/collect-evidence.js +458 -0
package/dist/security/incident/actions/collect-evidence.js.map +1 -0
package/dist/security/incident/actions/index.d.ts +39 -0
package/dist/security/incident/actions/index.d.ts.map +1 -0
package/dist/security/incident/actions/index.js +52 -0
package/dist/security/incident/actions/index.js.map +1 -0
package/dist/security/incident/actions/isolate-system.d.ts +63 -0
package/dist/security/incident/actions/isolate-system.d.ts.map +1 -0
package/dist/security/incident/actions/isolate-system.js +379 -0
package/dist/security/incident/actions/isolate-system.js.map +1 -0
package/dist/security/incident/actions/notify-stakeholders.d.ts +72 -0
package/dist/security/incident/actions/notify-stakeholders.d.ts.map +1 -0
package/dist/security/incident/actions/notify-stakeholders.js +387 -0
package/dist/security/incident/actions/notify-stakeholders.js.map +1 -0
package/dist/security/incident/actions/revoke-credentials.d.ts +77 -0
package/dist/security/incident/actions/revoke-credentials.d.ts.map +1 -0
package/dist/security/incident/actions/revoke-credentials.js +329 -0
package/dist/security/incident/actions/revoke-credentials.js.map +1 -0
package/dist/security/incident/actions/scale-monitoring.d.ts +90 -0
package/dist/security/incident/actions/scale-monitoring.d.ts.map +1 -0
package/dist/security/incident/actions/scale-monitoring.js +483 -0
package/dist/security/incident/actions/scale-monitoring.js.map +1 -0
package/dist/security/incident/executor.d.ts +128 -0
package/dist/security/incident/executor.d.ts.map +1 -0
package/dist/security/incident/executor.js +695 -0
package/dist/security/incident/executor.js.map +1 -0
package/dist/security/incident/index.d.ts +220 -0
package/dist/security/incident/index.d.ts.map +1 -0
package/dist/security/incident/index.js +1284 -0
package/dist/security/incident/index.js.map +1 -0
package/dist/security/incident/notification.d.ts +68 -0
package/dist/security/incident/notification.d.ts.map +1 -0
package/dist/security/incident/notification.js +512 -0
package/dist/security/incident/notification.js.map +1 -0
package/dist/security/incident/playbooks/account-compromise.d.ts +13 -0
package/dist/security/incident/playbooks/account-compromise.d.ts.map +1 -0
package/dist/security/incident/playbooks/account-compromise.js +379 -0
package/dist/security/incident/playbooks/account-compromise.js.map +1 -0
package/dist/security/incident/playbooks/configuration-error.d.ts +17 -0
package/dist/security/incident/playbooks/configuration-error.d.ts.map +1 -0
package/dist/security/incident/playbooks/configuration-error.js +340 -0
package/dist/security/incident/playbooks/configuration-error.js.map +1 -0
package/dist/security/incident/playbooks/data-breach.d.ts +13 -0
package/dist/security/incident/playbooks/data-breach.d.ts.map +1 -0
package/dist/security/incident/playbooks/data-breach.js +394 -0
package/dist/security/incident/playbooks/data-breach.js.map +1 -0
package/dist/security/incident/playbooks/denial-of-service.d.ts +13 -0
package/dist/security/incident/playbooks/denial-of-service.d.ts.map +1 -0
package/dist/security/incident/playbooks/denial-of-service.js +540 -0
package/dist/security/incident/playbooks/denial-of-service.js.map +1 -0
package/dist/security/incident/playbooks/index.d.ts +36 -0
package/dist/security/incident/playbooks/index.d.ts.map +1 -0
package/dist/security/incident/playbooks/index.js +56 -0
package/dist/security/incident/playbooks/index.js.map +1 -0
package/dist/security/incident/playbooks/insider-threat.d.ts +18 -0
package/dist/security/incident/playbooks/insider-threat.d.ts.map +1 -0
package/dist/security/incident/playbooks/insider-threat.js +600 -0
package/dist/security/incident/playbooks/insider-threat.js.map +1 -0
package/dist/security/incident/playbooks/malware.d.ts +13 -0
package/dist/security/incident/playbooks/malware.d.ts.map +1 -0
package/dist/security/incident/playbooks/malware.js +515 -0
package/dist/security/incident/playbooks/malware.js.map +1 -0
package/dist/security/incident/playbooks/ransomware.d.ts +14 -0
package/dist/security/incident/playbooks/ransomware.d.ts.map +1 -0
package/dist/security/incident/playbooks/ransomware.js +693 -0
package/dist/security/incident/playbooks/ransomware.js.map +1 -0
package/dist/security/incident/playbooks/unauthorized-access.d.ts +13 -0
package/dist/security/incident/playbooks/unauthorized-access.d.ts.map +1 -0
package/dist/security/incident/playbooks/unauthorized-access.js +412 -0
package/dist/security/incident/playbooks/unauthorized-access.js.map +1 -0
package/dist/security/incident/triggers.d.ts +120 -0
package/dist/security/incident/triggers.d.ts.map +1 -0
package/dist/security/incident/triggers.js +708 -0
package/dist/security/incident/triggers.js.map +1 -0
package/dist/security/incident/types.d.ts +1517 -0
package/dist/security/incident/types.d.ts.map +1 -0
package/dist/security/incident/types.js +222 -0
package/dist/security/incident/types.js.map +1 -0
package/dist/security/index.d.ts +56 -0
package/dist/security/index.d.ts.map +1 -0
package/dist/security/index.js +267 -0
package/dist/security/index.js.map +1 -0
package/dist/security/injection-detector.d.ts +375 -0
package/dist/security/injection-detector.d.ts.map +1 -0
package/dist/security/injection-detector.js +969 -0
package/dist/security/injection-detector.js.map +1 -0
package/dist/security/introspection.d.ts +137 -0
package/dist/security/introspection.d.ts.map +1 -0
package/dist/security/introspection.js +451 -0
package/dist/security/introspection.js.map +1 -0
package/dist/security/key-rotation.d.ts +213 -0
package/dist/security/key-rotation.d.ts.map +1 -0
package/dist/security/key-rotation.js +530 -0
package/dist/security/key-rotation.js.map +1 -0
package/dist/security/kms/aws-kms.d.ts +152 -0
package/dist/security/kms/aws-kms.d.ts.map +1 -0
package/dist/security/kms/aws-kms.js +808 -0
package/dist/security/kms/aws-kms.js.map +1 -0
package/dist/security/kms/index.d.ts +165 -0
package/dist/security/kms/index.d.ts.map +1 -0
package/dist/security/kms/index.js +351 -0
package/dist/security/kms/index.js.map +1 -0
package/dist/security/kms/local.d.ts +127 -0
package/dist/security/kms/local.d.ts.map +1 -0
package/dist/security/kms/local.js +682 -0
package/dist/security/kms/local.js.map +1 -0
package/dist/security/kms/types.d.ts +1000 -0
package/dist/security/kms/types.d.ts.map +1 -0
package/dist/security/kms/types.js +167 -0
package/dist/security/kms/types.js.map +1 -0
package/dist/security/kms/vault.d.ts +165 -0
package/dist/security/kms/vault.d.ts.map +1 -0
package/dist/security/kms/vault.js +820 -0
package/dist/security/kms/vault.js.map +1 -0
package/dist/security/mfa/index.d.ts +17 -0
package/dist/security/mfa/index.d.ts.map +1 -0
package/dist/security/mfa/index.js +37 -0
package/dist/security/mfa/index.js.map +1 -0
package/dist/security/mfa/mfa-middleware.d.ts +74 -0
package/dist/security/mfa/mfa-middleware.d.ts.map +1 -0
package/dist/security/mfa/mfa-middleware.js +244 -0
package/dist/security/mfa/mfa-middleware.js.map +1 -0
package/dist/security/mfa/mfa-service.d.ts +115 -0
package/dist/security/mfa/mfa-service.d.ts.map +1 -0
package/dist/security/mfa/mfa-service.js +508 -0
package/dist/security/mfa/mfa-service.js.map +1 -0
package/dist/security/mfa/mfa-store.d.ts +615 -0
package/dist/security/mfa/mfa-store.d.ts.map +1 -0
package/dist/security/mfa/mfa-store.js +431 -0
package/dist/security/mfa/mfa-store.js.map +1 -0
package/dist/security/mfa/types.d.ts +417 -0
package/dist/security/mfa/types.d.ts.map +1 -0
package/dist/security/mfa/types.js +123 -0
package/dist/security/mfa/types.js.map +1 -0
package/dist/security/middleware.d.ts +179 -0
package/dist/security/middleware.d.ts.map +1 -0
package/dist/security/middleware.js +534 -0
package/dist/security/middleware.js.map +1 -0
package/dist/security/pairwise-did.d.ts +157 -0
package/dist/security/pairwise-did.d.ts.map +1 -0
package/dist/security/pairwise-did.js +450 -0
package/dist/security/pairwise-did.js.map +1 -0
package/dist/security/pam/break-glass.d.ts +776 -0
package/dist/security/pam/break-glass.d.ts.map +1 -0
package/dist/security/pam/break-glass.js +1137 -0
package/dist/security/pam/break-glass.js.map +1 -0
package/dist/security/pam/index.d.ts +120 -0
package/dist/security/pam/index.d.ts.map +1 -0
package/dist/security/pam/index.js +179 -0
package/dist/security/pam/index.js.map +1 -0
package/dist/security/pam/jit-access.d.ts +482 -0
package/dist/security/pam/jit-access.d.ts.map +1 -0
package/dist/security/pam/jit-access.js +1030 -0
package/dist/security/pam/jit-access.js.map +1 -0
package/dist/security/pam/session-recording.d.ts +1007 -0
package/dist/security/pam/session-recording.d.ts.map +1 -0
package/dist/security/pam/session-recording.js +1047 -0
package/dist/security/pam/session-recording.js.map +1 -0
package/dist/security/password-hashing.d.ts +199 -0
package/dist/security/password-hashing.d.ts.map +1 -0
package/dist/security/password-hashing.js +366 -0
package/dist/security/password-hashing.js.map +1 -0
package/dist/security/password-policy.d.ts +304 -0
package/dist/security/password-policy.d.ts.map +1 -0
package/dist/security/password-policy.js +730 -0
package/dist/security/password-policy.js.map +1 -0
package/dist/security/policy-engine/atsf-adapter.d.ts +93 -0
package/dist/security/policy-engine/atsf-adapter.d.ts.map +1 -0
package/dist/security/policy-engine/atsf-adapter.js +265 -0
package/dist/security/policy-engine/atsf-adapter.js.map +1 -0
package/dist/security/policy-engine/built-in-policies.d.ts +90 -0
package/dist/security/policy-engine/built-in-policies.d.ts.map +1 -0
package/dist/security/policy-engine/built-in-policies.js +627 -0
package/dist/security/policy-engine/built-in-policies.js.map +1 -0
package/dist/security/policy-engine/condition-evaluator.d.ts +129 -0
package/dist/security/policy-engine/condition-evaluator.d.ts.map +1 -0
package/dist/security/policy-engine/condition-evaluator.js +647 -0
package/dist/security/policy-engine/condition-evaluator.js.map +1 -0
package/dist/security/policy-engine/engine.d.ts +200 -0
package/dist/security/policy-engine/engine.d.ts.map +1 -0
package/dist/security/policy-engine/engine.js +752 -0
package/dist/security/policy-engine/engine.js.map +1 -0
package/dist/security/policy-engine/index.d.ts +59 -0
package/dist/security/policy-engine/index.d.ts.map +1 -0
package/dist/security/policy-engine/index.js +84 -0
package/dist/security/policy-engine/index.js.map +1 -0
package/dist/security/policy-engine/middleware.d.ts +77 -0
package/dist/security/policy-engine/middleware.d.ts.map +1 -0
package/dist/security/policy-engine/middleware.js +375 -0
package/dist/security/policy-engine/middleware.js.map +1 -0
package/dist/security/policy-engine/rule-evaluator.d.ts +140 -0
package/dist/security/policy-engine/rule-evaluator.d.ts.map +1 -0
package/dist/security/policy-engine/rule-evaluator.js +593 -0
package/dist/security/policy-engine/rule-evaluator.js.map +1 -0
package/dist/security/policy-engine/types.d.ts +2855 -0
package/dist/security/policy-engine/types.d.ts.map +1 -0
package/dist/security/policy-engine/types.js +443 -0
package/dist/security/policy-engine/types.js.map +1 -0
package/dist/security/refresh-token.d.ts +305 -0
package/dist/security/refresh-token.d.ts.map +1 -0
package/dist/security/refresh-token.js +678 -0
package/dist/security/refresh-token.js.map +1 -0
package/dist/security/request-integrity.d.ts +289 -0
package/dist/security/request-integrity.d.ts.map +1 -0
package/dist/security/request-integrity.js +663 -0
package/dist/security/request-integrity.js.map +1 -0
package/dist/security/revocation-check.d.ts +188 -0
package/dist/security/revocation-check.d.ts.map +1 -0
package/dist/security/revocation-check.js +606 -0
package/dist/security/revocation-check.js.map +1 -0
package/dist/security/revocation.d.ts +191 -0
package/dist/security/revocation.d.ts.map +1 -0
package/dist/security/revocation.js +522 -0
package/dist/security/revocation.js.map +1 -0
package/dist/security/secrets-rotation.d.ts +501 -0
package/dist/security/secrets-rotation.d.ts.map +1 -0
package/dist/security/secrets-rotation.js +934 -0
package/dist/security/secrets-rotation.js.map +1 -0
package/dist/security/secure-memory.d.ts +325 -0
package/dist/security/secure-memory.d.ts.map +1 -0
package/dist/security/secure-memory.js +595 -0
package/dist/security/secure-memory.js.map +1 -0
package/dist/security/security-service.d.ts +186 -0
package/dist/security/security-service.d.ts.map +1 -0
package/dist/security/security-service.js +531 -0
package/dist/security/security-service.js.map +1 -0
package/dist/security/service-auth/index.d.ts +20 -0
package/dist/security/service-auth/index.d.ts.map +1 -0
package/dist/security/service-auth/index.js +61 -0
package/dist/security/service-auth/index.js.map +1 -0
package/dist/security/service-auth/service-account.d.ts +357 -0
package/dist/security/service-auth/service-account.d.ts.map +1 -0
package/dist/security/service-auth/service-account.js +475 -0
package/dist/security/service-auth/service-account.js.map +1 -0
package/dist/security/service-auth/service-auth-middleware.d.ts +174 -0
package/dist/security/service-auth/service-auth-middleware.d.ts.map +1 -0
package/dist/security/service-auth/service-auth-middleware.js +461 -0
package/dist/security/service-auth/service-auth-middleware.js.map +1 -0
package/dist/security/service-auth/service-token.d.ts +391 -0
package/dist/security/service-auth/service-token.d.ts.map +1 -0
package/dist/security/service-auth/service-token.js +472 -0
package/dist/security/service-auth/service-token.js.map +1 -0
package/dist/security/session-manager.d.ts +177 -0
package/dist/security/session-manager.d.ts.map +1 -0
package/dist/security/session-manager.js +353 -0
package/dist/security/session-manager.js.map +1 -0
package/dist/security/session-store.d.ts +205 -0
package/dist/security/session-store.d.ts.map +1 -0
package/dist/security/session-store.js +581 -0
package/dist/security/session-store.js.map +1 -0
package/dist/security/siem/connector.d.ts +147 -0
package/dist/security/siem/connector.d.ts.map +1 -0
package/dist/security/siem/connector.js +254 -0
package/dist/security/siem/connector.js.map +1 -0
package/dist/security/siem/datadog.d.ts +81 -0
package/dist/security/siem/datadog.d.ts.map +1 -0
package/dist/security/siem/datadog.js +362 -0
package/dist/security/siem/datadog.js.map +1 -0
package/dist/security/siem/elastic.d.ts +83 -0
package/dist/security/siem/elastic.d.ts.map +1 -0
package/dist/security/siem/elastic.js +514 -0
package/dist/security/siem/elastic.js.map +1 -0
package/dist/security/siem/enrichment.d.ts +133 -0
package/dist/security/siem/enrichment.d.ts.map +1 -0
package/dist/security/siem/enrichment.js +434 -0
package/dist/security/siem/enrichment.js.map +1 -0
package/dist/security/siem/formatter.d.ts +118 -0
package/dist/security/siem/formatter.d.ts.map +1 -0
package/dist/security/siem/formatter.js +381 -0
package/dist/security/siem/formatter.js.map +1 -0
package/dist/security/siem/hooks.d.ts +107 -0
package/dist/security/siem/hooks.d.ts.map +1 -0
package/dist/security/siem/hooks.js +459 -0
package/dist/security/siem/hooks.js.map +1 -0
package/dist/security/siem/index.d.ts +83 -0
package/dist/security/siem/index.d.ts.map +1 -0
package/dist/security/siem/index.js +95 -0
package/dist/security/siem/index.js.map +1 -0
package/dist/security/siem/service.d.ts +153 -0
package/dist/security/siem/service.d.ts.map +1 -0
package/dist/security/siem/service.js +615 -0
package/dist/security/siem/service.js.map +1 -0
package/dist/security/siem/splunk.d.ts +76 -0
package/dist/security/siem/splunk.d.ts.map +1 -0
package/dist/security/siem/splunk.js +283 -0
package/dist/security/siem/splunk.js.map +1 -0
package/dist/security/siem/types.d.ts +1980 -0
package/dist/security/siem/types.d.ts.map +1 -0
package/dist/security/siem/types.js +268 -0
package/dist/security/siem/types.js.map +1 -0
package/dist/security/tee.d.ts +157 -0
package/dist/security/tee.d.ts.map +1 -0
package/dist/security/tee.js +1073 -0
package/dist/security/tee.js.map +1 -0
package/dist/security/threat-intel/bot-detection.d.ts +275 -0
package/dist/security/threat-intel/bot-detection.d.ts.map +1 -0
package/dist/security/threat-intel/bot-detection.js +890 -0
package/dist/security/threat-intel/bot-detection.js.map +1 -0
package/dist/security/threat-intel/credential-stuffing.d.ts +368 -0
package/dist/security/threat-intel/credential-stuffing.d.ts.map +1 -0
package/dist/security/threat-intel/credential-stuffing.js +957 -0
package/dist/security/threat-intel/credential-stuffing.js.map +1 -0
package/dist/security/threat-intel/index.d.ts +10 -0
package/dist/security/threat-intel/index.d.ts.map +1 -0
package/dist/security/threat-intel/index.js +18 -0
package/dist/security/threat-intel/index.js.map +1 -0
package/dist/security/threat-intel/ip-reputation.d.ts +323 -0
package/dist/security/threat-intel/ip-reputation.d.ts.map +1 -0
package/dist/security/threat-intel/ip-reputation.js +923 -0
package/dist/security/threat-intel/ip-reputation.js.map +1 -0
package/dist/security/token-lifecycle.d.ts +272 -0
package/dist/security/token-lifecycle.d.ts.map +1 -0
package/dist/security/token-lifecycle.js +732 -0
package/dist/security/token-lifecycle.js.map +1 -0
package/dist/security/token-lifetime.d.ts +206 -0
package/dist/security/token-lifetime.d.ts.map +1 -0
package/dist/security/token-lifetime.js +388 -0
package/dist/security/token-lifetime.js.map +1 -0
package/dist/security/trust-oracle/alerts.d.ts +202 -0
package/dist/security/trust-oracle/alerts.d.ts.map +1 -0
package/dist/security/trust-oracle/alerts.js +763 -0
package/dist/security/trust-oracle/alerts.js.map +1 -0
package/dist/security/trust-oracle/api.d.ts +116 -0
package/dist/security/trust-oracle/api.d.ts.map +1 -0
package/dist/security/trust-oracle/api.js +721 -0
package/dist/security/trust-oracle/api.js.map +1 -0
package/dist/security/trust-oracle/continuous-monitoring.d.ts +105 -0
package/dist/security/trust-oracle/continuous-monitoring.d.ts.map +1 -0
package/dist/security/trust-oracle/continuous-monitoring.js +710 -0
package/dist/security/trust-oracle/continuous-monitoring.js.map +1 -0
package/dist/security/trust-oracle/data-sources.d.ts +102 -0
package/dist/security/trust-oracle/data-sources.d.ts.map +1 -0
package/dist/security/trust-oracle/data-sources.js +794 -0
package/dist/security/trust-oracle/data-sources.js.map +1 -0
package/dist/security/trust-oracle/index.d.ts +79 -0
package/dist/security/trust-oracle/index.d.ts.map +1 -0
package/dist/security/trust-oracle/index.js +206 -0
package/dist/security/trust-oracle/index.js.map +1 -0
package/dist/security/trust-oracle/oracle.d.ts +125 -0
package/dist/security/trust-oracle/oracle.d.ts.map +1 -0
package/dist/security/trust-oracle/oracle.js +489 -0
package/dist/security/trust-oracle/oracle.js.map +1 -0
package/dist/security/trust-oracle/reporting.d.ts +145 -0
package/dist/security/trust-oracle/reporting.d.ts.map +1 -0
package/dist/security/trust-oracle/reporting.js +1098 -0
package/dist/security/trust-oracle/reporting.js.map +1 -0
package/dist/security/trust-oracle/risk-scorer.d.ts +207 -0
package/dist/security/trust-oracle/risk-scorer.d.ts.map +1 -0
package/dist/security/trust-oracle/risk-scorer.js +1033 -0
package/dist/security/trust-oracle/risk-scorer.js.map +1 -0
package/dist/security/trust-oracle/types.d.ts +444 -0
package/dist/security/trust-oracle/types.d.ts.map +1 -0
package/dist/security/trust-oracle/types.js +6 -0
package/dist/security/trust-oracle/types.js.map +1 -0
package/dist/security/trust-oracle/vendor-registry.d.ts +228 -0
package/dist/security/trust-oracle/vendor-registry.d.ts.map +1 -0
package/dist/security/trust-oracle/vendor-registry.js +727 -0
package/dist/security/trust-oracle/vendor-registry.js.map +1 -0
package/dist/security/types.d.ts +1796 -0
package/dist/security/types.d.ts.map +1 -0
package/dist/security/types.js +389 -0
package/dist/security/types.js.map +1 -0
package/dist/security/webauthn/index.d.ts +47 -0
package/dist/security/webauthn/index.d.ts.map +1 -0
package/dist/security/webauthn/index.js +48 -0
package/dist/security/webauthn/index.js.map +1 -0
package/dist/security/webauthn/middleware.d.ts +109 -0
package/dist/security/webauthn/middleware.d.ts.map +1 -0
package/dist/security/webauthn/middleware.js +629 -0
package/dist/security/webauthn/middleware.js.map +1 -0
package/dist/security/webauthn/service.d.ts +179 -0
package/dist/security/webauthn/service.d.ts.map +1 -0
package/dist/security/webauthn/service.js +757 -0
package/dist/security/webauthn/service.js.map +1 -0
package/dist/security/webauthn/store.d.ts +240 -0
package/dist/security/webauthn/store.d.ts.map +1 -0
package/dist/security/webauthn/store.js +505 -0
package/dist/security/webauthn/store.js.map +1 -0
package/dist/security/webauthn/types.d.ts +678 -0
package/dist/security/webauthn/types.d.ts.map +1 -0
package/dist/security/webauthn/types.js +176 -0
package/dist/security/webauthn/types.js.map +1 -0
package/dist/security/zkp/circuits.d.ts +296 -0
package/dist/security/zkp/circuits.d.ts.map +1 -0
package/dist/security/zkp/circuits.js +771 -0
package/dist/security/zkp/circuits.js.map +1 -0
package/dist/security/zkp/commitment.d.ts +319 -0
package/dist/security/zkp/commitment.d.ts.map +1 -0
package/dist/security/zkp/commitment.js +591 -0
package/dist/security/zkp/commitment.js.map +1 -0
package/dist/security/zkp/compliance.d.ts +251 -0
package/dist/security/zkp/compliance.d.ts.map +1 -0
package/dist/security/zkp/compliance.js +734 -0
package/dist/security/zkp/compliance.js.map +1 -0
package/dist/security/zkp/index.d.ts +184 -0
package/dist/security/zkp/index.d.ts.map +1 -0
package/dist/security/zkp/index.js +285 -0
package/dist/security/zkp/index.js.map +1 -0
package/dist/security/zkp/integration.d.ts +289 -0
package/dist/security/zkp/integration.d.ts.map +1 -0
package/dist/security/zkp/integration.js +571 -0
package/dist/security/zkp/integration.js.map +1 -0
package/dist/security/zkp/prover.d.ts +158 -0
package/dist/security/zkp/prover.d.ts.map +1 -0
package/dist/security/zkp/prover.js +465 -0
package/dist/security/zkp/prover.js.map +1 -0
package/dist/security/zkp/snark-utils.d.ts +321 -0
package/dist/security/zkp/snark-utils.d.ts.map +1 -0
package/dist/security/zkp/snark-utils.js +640 -0
package/dist/security/zkp/snark-utils.js.map +1 -0
package/dist/security/zkp/types.d.ts +1192 -0
package/dist/security/zkp/types.d.ts.map +1 -0
package/dist/security/zkp/types.js +264 -0
package/dist/security/zkp/types.js.map +1 -0
package/dist/security/zkp/verifier.d.ts +111 -0
package/dist/security/zkp/verifier.d.ts.map +1 -0
package/dist/security/zkp/verifier.js +554 -0
package/dist/security/zkp/verifier.js.map +1 -0
package/dist/semantic-governance/context-validator.d.ts +159 -0
package/dist/semantic-governance/context-validator.d.ts.map +1 -0
package/dist/semantic-governance/context-validator.js +599 -0
package/dist/semantic-governance/context-validator.js.map +1 -0
package/dist/semantic-governance/credential-manager.d.ts +156 -0
package/dist/semantic-governance/credential-manager.d.ts.map +1 -0
package/dist/semantic-governance/credential-manager.js +438 -0
package/dist/semantic-governance/credential-manager.js.map +1 -0
package/dist/semantic-governance/dual-channel.d.ts +138 -0
package/dist/semantic-governance/dual-channel.d.ts.map +1 -0
package/dist/semantic-governance/dual-channel.js +333 -0
package/dist/semantic-governance/dual-channel.js.map +1 -0
package/dist/semantic-governance/index.d.ts +107 -0
package/dist/semantic-governance/index.d.ts.map +1 -0
package/dist/semantic-governance/index.js +141 -0
package/dist/semantic-governance/index.js.map +1 -0
package/dist/semantic-governance/inference-validator.d.ts +114 -0
package/dist/semantic-governance/inference-validator.d.ts.map +1 -0
package/dist/semantic-governance/inference-validator.js +390 -0
package/dist/semantic-governance/inference-validator.js.map +1 -0
package/dist/semantic-governance/instruction-validator.d.ts +146 -0
package/dist/semantic-governance/instruction-validator.d.ts.map +1 -0
package/dist/semantic-governance/instruction-validator.js +357 -0
package/dist/semantic-governance/instruction-validator.js.map +1 -0
package/dist/semantic-governance/integration.d.ts +253 -0
package/dist/semantic-governance/integration.d.ts.map +1 -0
package/dist/semantic-governance/integration.js +657 -0
package/dist/semantic-governance/integration.js.map +1 -0
package/dist/semantic-governance/output-validator.d.ts +135 -0
package/dist/semantic-governance/output-validator.d.ts.map +1 -0
package/dist/semantic-governance/output-validator.js +442 -0
package/dist/semantic-governance/output-validator.js.map +1 -0
package/dist/semantic-governance/service.d.ts +120 -0
package/dist/semantic-governance/service.d.ts.map +1 -0
package/dist/semantic-governance/service.js +527 -0
package/dist/semantic-governance/service.js.map +1 -0
package/dist/semantic-governance/types.d.ts +3916 -0
package/dist/semantic-governance/types.d.ts.map +1 -0
package/dist/semantic-governance/types.js +462 -0
package/dist/semantic-governance/types.js.map +1 -0
package/dist/trust-engine/aci-integration.d.ts +6 -0
package/dist/trust-engine/aci-integration.d.ts.map +1 -0
package/dist/trust-engine/aci-integration.js +6 -0
package/dist/trust-engine/aci-integration.js.map +1 -0
package/dist/trust-engine/car-integration.d.ts +244 -0
package/dist/trust-engine/car-integration.d.ts.map +1 -0
package/dist/trust-engine/car-integration.js +332 -0
package/dist/trust-engine/car-integration.js.map +1 -0
package/dist/trust-engine/context.d.ts +197 -0
package/dist/trust-engine/context.d.ts.map +1 -0
package/dist/trust-engine/context.js +307 -0
package/dist/trust-engine/context.js.map +1 -0
package/dist/trust-engine/index.d.ts +410 -0
package/dist/trust-engine/index.d.ts.map +1 -0
package/dist/trust-engine/index.js +1221 -0
package/dist/trust-engine/index.js.map +1 -0
package/dist/trust-engine/observability.d.ts +175 -0
package/dist/trust-engine/observability.d.ts.map +1 -0
package/dist/trust-engine/observability.js +244 -0
package/dist/trust-engine/observability.js.map +1 -0
package/package.json +200 -0

package/dist/security/tee.js ADDED Viewed

@@ -0,0 +1,1073 @@
+/**
+ * TEE (Trusted Execution Environment) Binding Service
+ *
+ * Implements hardware-bound key attestation for CAR ID security hardening (SH-3).
+ * TEE binding ensures that:
+ * 1. Agent keys are generated inside a secure enclave
+ * 2. The DID is bound to the enclave's measurement
+ * 3. At runtime, the expected code is provably executing
+ *
+ * Supported platforms:
+ * - Intel SGX (DCAP/EPID attestation)
+ * - AWS Nitro Enclaves
+ * - AMD SEV-SNP
+ * - ARM TrustZone
+ * - Apple Secure Enclave
+ *
+ * Verification levels:
+ *   Each platform verifier performs real structural validation of attestation data:
+ *   parsing binary formats, validating headers and magic bytes, extracting measurements,
+ *   and checking internal consistency. This catches malformed, truncated, or fabricated
+ *   attestation data without requiring network access.
+ *
+ *   Full cryptographic signature chain verification (proving the attestation was signed
+ *   by genuine hardware) requires external services and is an architectural boundary:
+ *   - Intel SGX: Intel DCAP Quote Verification Library or IAS API
+ *   - AWS Nitro: AWS Nitro Enclaves SDK (COSE_Sign1 signature over attestation doc)
+ *   - AMD SEV-SNP: AMD KDS for VCEK certificate, sev-snp-measure for report signing key
+ *   - ARM TrustZone: Platform-specific OP-TEE client
+ *   - Apple Secure Enclave: DeviceCheck / App Attest API
+ *
+ * @packageDocumentation
+ */
+import { createLogger } from '../common/logger.js';
+import { VorionError } from '../common/errors.js';
+import { Counter, Histogram, Gauge } from 'prom-client';
+import { vorionRegistry } from '../common/metrics-registry.js';
+import { TEEPlatform as TEEPlatformEnum, teeConfigSchema, teeAttestationSchema, teeKeyBindingSchema, } from './types.js';
+const logger = createLogger({ component: 'security-tee' });
+// =============================================================================
+// Metrics
+// =============================================================================
+const teeAttestationsVerified = new Counter({
+    name: 'vorion_security_tee_attestations_verified_total',
+    help: 'Total TEE attestations verified',
+    labelNames: ['platform', 'result'],
+    registers: [vorionRegistry],
+});
+const teeVerificationDuration = new Histogram({
+    name: 'vorion_security_tee_verification_duration_seconds',
+    help: 'Duration of TEE attestation verification',
+    labelNames: ['platform'],
+    buckets: [0.01, 0.05, 0.1, 0.25, 0.5, 1, 2.5],
+    registers: [vorionRegistry],
+});
+const teeKeyBindings = new Counter({
+    name: 'vorion_security_tee_key_bindings_total',
+    help: 'Total TEE key bindings created',
+    labelNames: ['platform'],
+    registers: [vorionRegistry],
+});
+const teeActiveBindings = new Gauge({
+    name: 'vorion_security_tee_active_bindings',
+    help: 'Number of active TEE key bindings',
+    labelNames: ['platform'],
+    registers: [vorionRegistry],
+});
+// =============================================================================
+// Errors
+// =============================================================================
+/**
+ * TEE-specific error
+ */
+export class TEEError extends VorionError {
+    code = 'TEE_ERROR';
+    statusCode = 403;
+    constructor(message, details) {
+        super(message, details);
+        this.name = 'TEEError';
+    }
+}
+/**
+ * TEE attestation verification failed
+ */
+export class TEEAttestationError extends TEEError {
+    code = 'TEE_ATTESTATION_ERROR';
+    constructor(message, details) {
+        super(message, details);
+        this.name = 'TEEAttestationError';
+    }
+}
+/**
+ * TEE key binding error
+ */
+export class TEEKeyBindingError extends TEEError {
+    code = 'TEE_KEY_BINDING_ERROR';
+    constructor(message, details) {
+        super(message, details);
+        this.name = 'TEEKeyBindingError';
+    }
+}
+// =============================================================================
+// Binary Helpers
+// =============================================================================
+/**
+ * Decode a base64 string to a Uint8Array.
+ * Handles both standard and URL-safe base64 encodings.
+ */
+function base64ToBytes(b64) {
+    const normalized = b64.replace(/-/g, '+').replace(/_/g, '/');
+    const padded = normalized + '='.repeat((4 - (normalized.length % 4)) % 4);
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+/**
+ * Convert a Uint8Array to a lowercase hex string
+ */
+function bytesToHex(bytes) {
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * Validate that a string is well-formed hex of a given byte length
+ */
+function isValidHex(hex, expectedBytes) {
+    if (hex.length !== expectedBytes * 2)
+        return false;
+    return /^[0-9a-f]+$/i.test(hex);
+}
+/**
+ * Intel SGX attestation verifier
+ *
+ * Performs structural validation of the SGX DCAP Quote v3 binary format:
+ * - Validates quote header (version, attestation key type, minimum size)
+ * - Extracts MRENCLAVE (bytes 112-144 of quote) and MRSIGNER (bytes 176-208)
+ * - Validates ISV product ID and SVN fields
+ * - Cross-checks extracted MRENCLAVE against the declared measurementHash
+ *
+ * Full cryptographic verification (ECDSA signature chain to Intel root of trust)
+ * requires the Intel DCAP Quote Verification Library or Intel Attestation Service.
+ * That is an architectural boundary: this verifier validates structure and consistency,
+ * not the hardware signature chain.
+ */
+class SGXVerifier {
+    async verify(attestation) {
+        const startTime = Date.now();
+        try {
+            if (!attestation.signature) {
+                return {
+                    valid: false,
+                    reason: 'Missing SGX quote signature',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Decode quote binary
+            let quoteBytes;
+            try {
+                quoteBytes = base64ToBytes(attestation.signature);
+            }
+            catch {
+                return {
+                    valid: false,
+                    reason: 'SGX quote is not valid base64',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // SGX DCAP Quote v3 minimum size: 48-byte header + 384-byte report body = 432 bytes,
+            // plus at least some signature data
+            if (quoteBytes.length < 436) {
+                return {
+                    valid: false,
+                    reason: `SGX quote too short: ${quoteBytes.length} bytes, minimum 436 bytes for a valid quote`,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            const view = new DataView(quoteBytes.buffer, quoteBytes.byteOffset, quoteBytes.byteLength);
+            // Parse header fields
+            const version = view.getUint16(0, true);
+            const attestationKeyType = view.getUint16(2, true);
+            // DCAP v3 quotes have version 3; EPID quotes have version 2
+            if (version !== 2 && version !== 3) {
+                return {
+                    valid: false,
+                    reason: `Unsupported SGX quote version: ${version} (expected 2 or 3)`,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Attestation key type: 2 = ECDSA-256-with-P-256 (DCAP), 0/1 = EPID
+            if (attestationKeyType > 3) {
+                return {
+                    valid: false,
+                    reason: `Invalid SGX attestation key type: ${attestationKeyType}`,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Extract MRENCLAVE (32 bytes at offset 112 in the report body, which starts at offset 48)
+            // Quote layout: [header: 48 bytes][report body: 384 bytes][signature data: variable]
+            // Report body layout at offset 48: ... MRENCLAVE at report body offset 64 => absolute offset 112
+            const mrEnclave = bytesToHex(quoteBytes.slice(112, 144));
+            const mrSigner = bytesToHex(quoteBytes.slice(176, 208));
+            const isvProdId = view.getUint16(304, true);
+            const isvSvn = view.getUint16(306, true);
+            // Validate extracted measurements are non-zero (all-zero MRENCLAVE is invalid)
+            if (/^0+$/.test(mrEnclave)) {
+                return {
+                    valid: false,
+                    reason: 'SGX MRENCLAVE is all zeros, indicating an uninitialized or invalid quote',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Cross-check MRENCLAVE against the declared measurement hash
+            if (attestation.measurementHash && mrEnclave !== attestation.measurementHash.toLowerCase()) {
+                return {
+                    valid: false,
+                    reason: `MRENCLAVE mismatch: quote contains ${mrEnclave}, attestation declares ${attestation.measurementHash}`,
+                    platform: TEEPlatformEnum.SGX,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Validate PCR cross-references if provided
+            if (attestation.pcrs) {
+                if (attestation.pcrs['MRENCLAVE'] && attestation.pcrs['MRENCLAVE'].toLowerCase() !== mrEnclave) {
+                    return {
+                        valid: false,
+                        reason: 'MRENCLAVE PCR value does not match extracted quote measurement',
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+                if (attestation.pcrs['MRSIGNER'] && attestation.pcrs['MRSIGNER'].toLowerCase() !== mrSigner) {
+                    return {
+                        valid: false,
+                        reason: 'MRSIGNER PCR value does not match extracted quote signer',
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+            }
+            // Check attestation freshness
+            const now = new Date();
+            if (attestation.validUntil && attestation.validUntil < now) {
+                return {
+                    valid: false,
+                    reason: 'Attestation has expired',
+                    verifiedAt: now.toISOString(),
+                };
+            }
+            // Structural validation passed. Full cryptographic verification of the ECDSA
+            // signature chain to Intel's root of trust requires the Intel DCAP QVL or IAS API.
+            // That external dependency is an architectural boundary, not a missing feature.
+            logger.info({
+                enclaveId: attestation.enclaveId,
+                mrEnclave: mrEnclave.substring(0, 16) + '...',
+                mrSigner: mrSigner.substring(0, 16) + '...',
+                isvProdId,
+                isvSvn,
+                quoteVersion: version,
+            }, 'SGX attestation structural validation passed');
+            return {
+                valid: true,
+                platform: TEEPlatformEnum.SGX,
+                measurementHash: mrEnclave,
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+        finally {
+            const duration = (Date.now() - startTime) / 1000;
+            teeVerificationDuration.observe({ platform: 'sgx' }, duration);
+        }
+    }
+    validateMeasurement(expectedHash, attestation) {
+        if (attestation.pcrs?.['MRENCLAVE']) {
+            return attestation.pcrs['MRENCLAVE'].toLowerCase() === expectedHash.toLowerCase();
+        }
+        return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
+    }
+}
+/**
+ * AWS Nitro Enclaves attestation verifier
+ *
+ * Performs structural validation of the Nitro attestation document:
+ * - Validates the outer COSE_Sign1 envelope (CBOR tag 18, 4-element array)
+ * - Extracts and validates required PCR values (PCR0, PCR1, PCR2)
+ * - PCR0 = enclave image hash, PCR1 = Linux kernel + bootstrap, PCR2 = application
+ * - Cross-checks PCR0 against the declared measurementHash
+ * - Validates PCR format (SHA-384 = 48 bytes = 96 hex chars)
+ *
+ * Full cryptographic verification (COSE ECDSA-384 signature over the attestation
+ * document, verified against the AWS Nitro root certificate chain) requires the
+ * AWS Nitro Enclaves SDK. That is an architectural boundary.
+ */
+class NitroVerifier {
+    async verify(attestation) {
+        const startTime = Date.now();
+        try {
+            if (!attestation.signature) {
+                return {
+                    valid: false,
+                    reason: 'Missing Nitro attestation document',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Decode the attestation document
+            let docBytes;
+            try {
+                docBytes = base64ToBytes(attestation.signature);
+            }
+            catch {
+                return {
+                    valid: false,
+                    reason: 'Nitro attestation document is not valid base64',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // A COSE_Sign1 structure is CBOR tag 18 wrapping a 4-element array.
+            // CBOR tag 18 = 0xD2 (1-byte). Minimum realistic size for a Nitro doc is ~1KB.
+            if (docBytes.length < 32) {
+                return {
+                    valid: false,
+                    reason: `Nitro attestation document too short: ${docBytes.length} bytes`,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Validate COSE_Sign1 envelope structure:
+            // Byte 0 should be 0xD2 (CBOR tag 18 in 1-byte form) followed by 0x84 (4-element array)
+            // or the tag may use multi-byte encoding. Check for the common single-byte case.
+            const hasCoseTag = docBytes[0] === 0xd2;
+            // If the document starts with 0x84 directly, it may be an untagged COSE_Sign1
+            const hasArrayHeader = docBytes[0] === 0x84 || (hasCoseTag && docBytes.length > 1 && docBytes[1] === 0x84);
+            if (!hasCoseTag && !hasArrayHeader) {
+                // Check for multi-byte CBOR tag encoding: 0xD8 0x12 = tag(18)
+                const hasMultiByteCoseTag = docBytes[0] === 0xd8 && docBytes.length > 1 && docBytes[1] === 0x12;
+                if (!hasMultiByteCoseTag) {
+                    return {
+                        valid: false,
+                        reason: 'Nitro attestation document does not have a valid COSE_Sign1 envelope (expected CBOR tag 18)',
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+            }
+            // Validate required PCRs
+            if (!attestation.pcrs) {
+                return {
+                    valid: false,
+                    reason: 'Missing PCR values for Nitro attestation',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            const requiredPCRs = ['PCR0', 'PCR1', 'PCR2'];
+            for (const pcr of requiredPCRs) {
+                const pcrValue = attestation.pcrs[pcr];
+                if (!pcrValue) {
+                    return {
+                        valid: false,
+                        reason: `Missing required ${pcr}`,
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+                // Nitro PCRs are SHA-384 hashes: 48 bytes = 96 hex characters
+                if (!isValidHex(pcrValue, 48)) {
+                    return {
+                        valid: false,
+                        reason: `${pcr} is not a valid SHA-384 hash (expected 96 hex characters, got ${pcrValue.length})`,
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+                // All-zero PCR0 would mean no enclave image was loaded
+                if (pcr === 'PCR0' && /^0+$/.test(pcrValue)) {
+                    return {
+                        valid: false,
+                        reason: 'PCR0 is all zeros, indicating no enclave image measurement',
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+            }
+            // Cross-check PCR0 (enclave image measurement) against declared measurementHash
+            if (attestation.measurementHash) {
+                const pcr0 = attestation.pcrs['PCR0'].toLowerCase();
+                if (pcr0 !== attestation.measurementHash.toLowerCase()) {
+                    return {
+                        valid: false,
+                        reason: `PCR0 (${pcr0}) does not match declared measurementHash (${attestation.measurementHash})`,
+                        platform: TEEPlatformEnum.NITRO,
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+            }
+            // Check attestation freshness
+            const now = new Date();
+            if (attestation.validUntil && attestation.validUntil < now) {
+                return {
+                    valid: false,
+                    reason: 'Attestation has expired',
+                    verifiedAt: now.toISOString(),
+                };
+            }
+            // Structural validation passed. Full cryptographic verification of the
+            // ECDSA-384 signature and certificate chain to the AWS Nitro root CA
+            // requires the AWS Nitro Enclaves SDK. That is an architectural boundary.
+            logger.info({
+                enclaveId: attestation.enclaveId,
+                pcr0: attestation.pcrs['PCR0'].substring(0, 16) + '...',
+                docSize: docBytes.length,
+            }, 'Nitro attestation structural validation passed');
+            return {
+                valid: true,
+                platform: TEEPlatformEnum.NITRO,
+                measurementHash: attestation.pcrs['PCR0'],
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+        finally {
+            const duration = (Date.now() - startTime) / 1000;
+            teeVerificationDuration.observe({ platform: 'nitro' }, duration);
+        }
+    }
+    validateMeasurement(expectedHash, attestation) {
+        // For Nitro, PCR0 contains the enclave image measurement
+        if (attestation.pcrs?.['PCR0']) {
+            return attestation.pcrs['PCR0'].toLowerCase() === expectedHash.toLowerCase();
+        }
+        return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
+    }
+}
+/**
+ * AMD SEV-SNP attestation verifier
+ *
+ * Performs structural validation of the SEV-SNP attestation report:
+ * - Validates report size (1184 bytes for SEV-SNP v2 report)
+ * - Validates report version (must be 2 for SEV-SNP)
+ * - Extracts the 48-byte MEASUREMENT field (bytes 144-192)
+ * - Validates guest SVN and guest policy fields
+ * - Cross-checks extracted measurement against the declared measurementHash
+ *
+ * Full cryptographic verification (VCEK signature verification using AMD KDS
+ * certificate chain: VCEK -> ASK -> ARK) requires fetching certificates from
+ * the AMD Key Distribution Service. That is an architectural boundary.
+ */
+class SEVVerifier {
+    async verify(attestation) {
+        const startTime = Date.now();
+        try {
+            if (!attestation.signature) {
+                return {
+                    valid: false,
+                    reason: 'Missing SEV-SNP attestation report',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Decode the report
+            let reportBytes;
+            try {
+                reportBytes = base64ToBytes(attestation.signature);
+            }
+            catch {
+                return {
+                    valid: false,
+                    reason: 'SEV-SNP attestation report is not valid base64',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // SEV-SNP attestation report is exactly 1184 bytes
+            if (reportBytes.length < 1184) {
+                return {
+                    valid: false,
+                    reason: `SEV-SNP report too short: ${reportBytes.length} bytes, expected at least 1184 bytes`,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            const view = new DataView(reportBytes.buffer, reportBytes.byteOffset, reportBytes.byteLength);
+            // Version field (bytes 0-3, little-endian uint32). SEV-SNP reports are version 2.
+            const version = view.getUint32(0, true);
+            if (version !== 2) {
+                return {
+                    valid: false,
+                    reason: `Invalid SEV-SNP report version: ${version} (expected 2)`,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Guest SVN (bytes 4-7)
+            const guestSvn = view.getUint32(4, true);
+            // Policy (bytes 8-15, uint64 LE) — the guest policy bitfield
+            const policyLow = view.getUint32(8, true);
+            const policyHigh = view.getUint32(12, true);
+            // Bit 0 of policy = SMT allowed, Bit 1 = reserved, Bit 2 = migration agent,
+            // Bit 3 = debug mode. If debug bit is set, warn but don't fail structural validation.
+            const debugBit = (policyLow & 0x08) !== 0;
+            // VMPL (byte 16)
+            const vmpl = view.getUint32(16, true);
+            // Signature algorithm (bytes 20-23): 1 = ECDSA P-384 with SHA-384
+            const sigAlgo = view.getUint32(20, true);
+            if (sigAlgo !== 1) {
+                return {
+                    valid: false,
+                    reason: `Unsupported SEV-SNP signature algorithm: ${sigAlgo} (expected 1 = ECDSA P-384)`,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // MEASUREMENT field: 48 bytes at offset 144-192
+            const measurement = bytesToHex(reportBytes.slice(144, 192));
+            // Validate measurement is non-zero
+            if (/^0+$/.test(measurement)) {
+                return {
+                    valid: false,
+                    reason: 'SEV-SNP measurement is all zeros, indicating uninitialized report data',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Cross-check measurement against declared measurementHash
+            if (attestation.measurementHash && measurement !== attestation.measurementHash.toLowerCase()) {
+                return {
+                    valid: false,
+                    reason: `SEV-SNP measurement mismatch: report contains ${measurement}, attestation declares ${attestation.measurementHash}`,
+                    platform: TEEPlatformEnum.SEV,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Check attestation freshness
+            const now = new Date();
+            if (attestation.validUntil && attestation.validUntil < now) {
+                return {
+                    valid: false,
+                    reason: 'Attestation has expired',
+                    verifiedAt: now.toISOString(),
+                };
+            }
+            // Structural validation passed. Full cryptographic verification (VCEK
+            // signature chain: VCEK -> ASK -> ARK from AMD Key Distribution Service)
+            // requires the AMD SEV Tool or equivalent. That is an architectural boundary.
+            logger.info({
+                enclaveId: attestation.enclaveId,
+                measurement: measurement.substring(0, 16) + '...',
+                version,
+                guestSvn,
+                vmpl,
+                debugMode: debugBit,
+            }, 'SEV-SNP attestation structural validation passed');
+            return {
+                valid: true,
+                platform: TEEPlatformEnum.SEV,
+                measurementHash: measurement,
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+        finally {
+            const duration = (Date.now() - startTime) / 1000;
+            teeVerificationDuration.observe({ platform: 'sev' }, duration);
+        }
+    }
+    validateMeasurement(expectedHash, attestation) {
+        return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
+    }
+}
+/**
+ * ARM TrustZone attestation verifier
+ *
+ * Performs structural validation of TrustZone attestation metadata:
+ * - Validates the attestation signature payload is valid JSON with required fields
+ * - Checks for required session metadata: tee_name, session_id, and measurement
+ * - Validates tee_name matches a known TrustZone TEE implementation (OP-TEE, Kinibi, TEEGRIS, etc.)
+ * - Cross-checks extracted measurement against the declared measurementHash
+ *
+ * TrustZone attestation is inherently platform-specific. Full verification requires
+ * a platform-specific OP-TEE client or equivalent TEE client API, which is an
+ * architectural boundary. Each SoC vendor provides their own attestation mechanism.
+ */
+class TrustZoneVerifier {
+    static KNOWN_TEE_NAMES = [
+        'op-tee', 'optee', 'kinibi', 'teegris', 'trusty', 'trustonic',
+        'qualcomm-tee', 'qsee', 'samsung-tee', 'mediatek-tee', 'huawei-tee',
+        'itee', 'mtee', 'isee',
+    ];
+    async verify(attestation) {
+        const startTime = Date.now();
+        try {
+            if (!attestation.signature) {
+                return {
+                    valid: false,
+                    reason: 'Missing TrustZone attestation',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // TrustZone attestation data is a JSON payload containing session metadata
+            // signed by the TEE. Parse and validate the structure.
+            let payload;
+            try {
+                const decoded = new TextDecoder().decode(base64ToBytes(attestation.signature));
+                payload = JSON.parse(decoded);
+            }
+            catch {
+                return {
+                    valid: false,
+                    reason: 'TrustZone attestation signature is not valid base64-encoded JSON',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Validate required session metadata fields
+            if (typeof payload['tee_name'] !== 'string' || payload['tee_name'].length === 0) {
+                return {
+                    valid: false,
+                    reason: 'TrustZone attestation missing required "tee_name" field',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            if (typeof payload['session_id'] !== 'string' || payload['session_id'].length === 0) {
+                return {
+                    valid: false,
+                    reason: 'TrustZone attestation missing required "session_id" field',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Validate tee_name is a recognized TrustZone implementation
+            const teeName = payload['tee_name'].toLowerCase();
+            const isKnownTee = TrustZoneVerifier.KNOWN_TEE_NAMES.some((name) => teeName.includes(name));
+            if (!isKnownTee) {
+                return {
+                    valid: false,
+                    reason: `Unrecognized TrustZone TEE implementation: "${payload['tee_name']}"`,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Extract and validate measurement from payload
+            const payloadMeasurement = typeof payload['measurement'] === 'string' ? payload['measurement'] : null;
+            if (payloadMeasurement && attestation.measurementHash) {
+                if (payloadMeasurement.toLowerCase() !== attestation.measurementHash.toLowerCase()) {
+                    return {
+                        valid: false,
+                        reason: `TrustZone measurement mismatch: payload contains ${payloadMeasurement}, attestation declares ${attestation.measurementHash}`,
+                        platform: TEEPlatformEnum.TRUSTZONE,
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+            }
+            // Check attestation freshness
+            const now = new Date();
+            if (attestation.validUntil && attestation.validUntil < now) {
+                return {
+                    valid: false,
+                    reason: 'Attestation has expired',
+                    verifiedAt: now.toISOString(),
+                };
+            }
+            // Structural validation passed. Full cryptographic verification of the
+            // session signature requires the platform-specific OP-TEE client API or
+            // vendor-specific TEE client. That is an architectural boundary — each
+            // SoC vendor (Qualcomm, Samsung, MediaTek, etc.) has their own mechanism.
+            logger.info({
+                enclaveId: attestation.enclaveId,
+                teeName: payload['tee_name'],
+                sessionId: payload['session_id'],
+            }, 'TrustZone attestation structural validation passed');
+            return {
+                valid: true,
+                platform: TEEPlatformEnum.TRUSTZONE,
+                measurementHash: attestation.measurementHash,
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+        finally {
+            const duration = (Date.now() - startTime) / 1000;
+            teeVerificationDuration.observe({ platform: 'trustzone' }, duration);
+        }
+    }
+    validateMeasurement(expectedHash, attestation) {
+        return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
+    }
+}
+/**
+ * Apple Secure Enclave (App Attest) verifier
+ *
+ * Performs structural validation of the App Attest attestation object:
+ * - Validates the attestation signature payload is valid JSON conforming to
+ *   the WebAuthn-style attestation object structure
+ * - Checks for required fields: fmt, attStmt, authData
+ * - Validates fmt = "apple-appattest"
+ * - Extracts the attested credential public key hash from authData
+ * - Cross-checks key hash against declared measurementHash
+ *
+ * Full cryptographic verification (validating the X.509 certificate chain
+ * to Apple's App Attest root CA, and verifying the attestation signature)
+ * requires Apple's DeviceCheck / App Attest API. That is an architectural boundary.
+ */
+class SecureEnclaveVerifier {
+    async verify(attestation) {
+        const startTime = Date.now();
+        try {
+            if (!attestation.signature) {
+                return {
+                    valid: false,
+                    reason: 'Missing Secure Enclave attestation',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Parse the attestation object (CBOR-encoded in production, JSON representation here)
+            let attestObj;
+            try {
+                const decoded = new TextDecoder().decode(base64ToBytes(attestation.signature));
+                attestObj = JSON.parse(decoded);
+            }
+            catch {
+                return {
+                    valid: false,
+                    reason: 'Secure Enclave attestation is not valid base64-encoded JSON',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Validate required attestation object fields per WebAuthn / App Attest spec
+            if (typeof attestObj['fmt'] !== 'string') {
+                return {
+                    valid: false,
+                    reason: 'Secure Enclave attestation missing required "fmt" field',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            if (attestObj['fmt'] !== 'apple-appattest') {
+                return {
+                    valid: false,
+                    reason: `Unexpected attestation format: "${attestObj['fmt']}" (expected "apple-appattest")`,
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            if (!attestObj['attStmt'] || typeof attestObj['attStmt'] !== 'object') {
+                return {
+                    valid: false,
+                    reason: 'Secure Enclave attestation missing required "attStmt" (attestation statement)',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            if (typeof attestObj['authData'] !== 'string' || attestObj['authData'].length === 0) {
+                return {
+                    valid: false,
+                    reason: 'Secure Enclave attestation missing required "authData" (authenticator data)',
+                    verifiedAt: new Date().toISOString(),
+                };
+            }
+            // Extract key hash from attestation statement if present
+            const attStmt = attestObj['attStmt'];
+            const keyHash = typeof attStmt['keyHash'] === 'string' ? attStmt['keyHash'] : null;
+            // Cross-check key hash with declared measurementHash
+            if (keyHash && attestation.measurementHash) {
+                if (keyHash.toLowerCase() !== attestation.measurementHash.toLowerCase()) {
+                    return {
+                        valid: false,
+                        reason: `Secure Enclave key hash mismatch: attestation contains ${keyHash}, declared ${attestation.measurementHash}`,
+                        platform: TEEPlatformEnum.SECURE_ENCLAVE,
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+            }
+            // Check attestation freshness
+            const now = new Date();
+            if (attestation.validUntil && attestation.validUntil < now) {
+                return {
+                    valid: false,
+                    reason: 'Attestation has expired',
+                    verifiedAt: now.toISOString(),
+                };
+            }
+            // Structural validation passed. Full cryptographic verification of the
+            // X.509 attestation certificate chain to Apple's App Attest root CA, and
+            // verification of the CBOR/COSE attestation signature, requires the
+            // Apple DeviceCheck / App Attest API. That is an architectural boundary.
+            logger.info({
+                enclaveId: attestation.enclaveId,
+                fmt: attestObj['fmt'],
+                hasKeyHash: !!keyHash,
+            }, 'Secure Enclave attestation structural validation passed');
+            return {
+                valid: true,
+                platform: TEEPlatformEnum.SECURE_ENCLAVE,
+                measurementHash: attestation.measurementHash,
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+        finally {
+            const duration = (Date.now() - startTime) / 1000;
+            teeVerificationDuration.observe({ platform: 'secure-enclave' }, duration);
+        }
+    }
+    validateMeasurement(expectedHash, attestation) {
+        return attestation.measurementHash.toLowerCase() === expectedHash.toLowerCase();
+    }
+}
+// =============================================================================
+// TEE Binding Service
+// =============================================================================
+/**
+ * TEE Binding Service for hardware attestation and key binding
+ *
+ * @example
+ * ```typescript
+ * const tee = new TEEBindingService({
+ *   requiredForTiers: [TrustTier.T4, TrustTier.T5],
+ *   allowedPlatforms: ['sgx', 'nitro'],
+ *   maxAttestationAge: 86400, // 24 hours
+ * });
+ *
+ * // Verify attestation
+ * const result = await tee.verifyAttestation(attestation);
+ *
+ * // Bind DID key to enclave
+ * const binding = await tee.bindKeyToEnclave(didKeyId, attestation);
+ * ```
+ */
+export class TEEBindingService {
+    config;
+    verifiers;
+    bindings; // didKeyId -> binding
+    /**
+     * Create a new TEE binding service
+     *
+     * @param config - TEE configuration
+     */
+    constructor(config) {
+        const defaultConfig = {
+            requiredForTiers: [4, 5],
+            allowedPlatforms: [TEEPlatformEnum.SGX, TEEPlatformEnum.NITRO],
+            maxAttestationAge: 86400,
+        };
+        this.config = { ...defaultConfig, ...teeConfigSchema.parse(config) };
+        this.bindings = new Map();
+        // Initialize platform-specific verifiers
+        this.verifiers = new Map([
+            [TEEPlatformEnum.SGX, new SGXVerifier()],
+            [TEEPlatformEnum.NITRO, new NitroVerifier()],
+            [TEEPlatformEnum.SEV, new SEVVerifier()],
+            [TEEPlatformEnum.TRUSTZONE, new TrustZoneVerifier()],
+            [TEEPlatformEnum.SECURE_ENCLAVE, new SecureEnclaveVerifier()],
+        ]);
+        logger.info({
+            requiredForTiers: this.config.requiredForTiers,
+            allowedPlatforms: this.config.allowedPlatforms,
+            maxAttestationAge: this.config.maxAttestationAge,
+        }, 'TEE binding service initialized');
+    }
+    /**
+     * Verify a TEE attestation
+     *
+     * @param attestation - TEE attestation to verify
+     * @returns Verification result
+     */
+    async verifyAttestation(attestation) {
+        // Validate attestation format
+        try {
+            teeAttestationSchema.parse(attestation);
+        }
+        catch (error) {
+            teeAttestationsVerified.inc({ platform: attestation.platform, result: 'invalid' });
+            return {
+                valid: false,
+                reason: 'Invalid attestation format',
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+        // Check if platform is allowed
+        if (!this.config.allowedPlatforms.includes(attestation.platform)) {
+            teeAttestationsVerified.inc({ platform: attestation.platform, result: 'invalid' });
+            return {
+                valid: false,
+                reason: `Platform not allowed: ${attestation.platform}`,
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+        // Check attestation age
+        const age = (Date.now() - attestation.timestamp.getTime()) / 1000;
+        if (age > this.config.maxAttestationAge) {
+            teeAttestationsVerified.inc({ platform: attestation.platform, result: 'expired' });
+            return {
+                valid: false,
+                reason: `Attestation too old (age: ${Math.floor(age)}s, max: ${this.config.maxAttestationAge}s)`,
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+        // Get platform-specific verifier
+        const verifier = this.verifiers.get(attestation.platform);
+        if (!verifier) {
+            teeAttestationsVerified.inc({ platform: attestation.platform, result: 'invalid' });
+            return {
+                valid: false,
+                reason: `No verifier available for platform: ${attestation.platform}`,
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+        // Verify attestation
+        const result = await verifier.verify(attestation);
+        // Check expected measurements if configured
+        if (result.valid && this.config.expectedMeasurements) {
+            const expectedHash = this.config.expectedMeasurements[attestation.enclaveId];
+            if (expectedHash) {
+                const measurementValid = verifier.validateMeasurement(expectedHash, attestation);
+                if (!measurementValid) {
+                    teeAttestationsVerified.inc({ platform: attestation.platform, result: 'measurement_mismatch' });
+                    return {
+                        valid: false,
+                        reason: 'Code measurement does not match expected value',
+                        platform: attestation.platform,
+                        verifiedAt: new Date().toISOString(),
+                    };
+                }
+            }
+        }
+        teeAttestationsVerified.inc({
+            platform: attestation.platform,
+            result: result.valid ? 'success' : 'invalid',
+        });
+        return result;
+    }
+    /**
+     * Bind a DID key to an enclave
+     *
+     * @param didKeyId - DID verification method ID
+     * @param enclaveAttestation - TEE attestation proving enclave validity
+     * @returns Key binding record
+     */
+    async bindKeyToEnclave(didKeyId, enclaveAttestation) {
+        // First verify the attestation
+        const verificationResult = await this.verifyAttestation(enclaveAttestation);
+        if (!verificationResult.valid) {
+            throw new TEEAttestationError(`Cannot bind key: ${verificationResult.reason}`, { didKeyId, enclaveId: enclaveAttestation.enclaveId });
+        }
+        // Create binding proof
+        // In a real implementation, this would be a cryptographic proof
+        // that the key was generated inside the enclave
+        const bindingProof = await this.createBindingProof(didKeyId, enclaveAttestation);
+        // Calculate validity period
+        const validUntil = enclaveAttestation.validUntil
+            ? new Date(Math.min(enclaveAttestation.validUntil.getTime(), Date.now() + this.config.maxAttestationAge * 1000))
+            : new Date(Date.now() + this.config.maxAttestationAge * 1000);
+        const binding = {
+            didKeyId,
+            enclaveKeyId: enclaveAttestation.enclaveId,
+            bindingProof,
+            boundAt: new Date(),
+            validUntil,
+        };
+        // Validate binding
+        teeKeyBindingSchema.parse(binding);
+        // Store binding
+        this.bindings.set(didKeyId, binding);
+        teeKeyBindings.inc({ platform: enclaveAttestation.platform });
+        teeActiveBindings.set({ platform: enclaveAttestation.platform }, this.getBindingCount(enclaveAttestation.platform));
+        logger.info({ didKeyId, enclaveId: enclaveAttestation.enclaveId, platform: enclaveAttestation.platform }, 'Key bound to enclave');
+        return binding;
+    }
+    /**
+     * Verify a key binding
+     *
+     * @param binding - Key binding to verify
+     * @returns Whether binding is valid
+     */
+    async verifyKeyBinding(binding) {
+        try {
+            teeKeyBindingSchema.parse(binding);
+        }
+        catch {
+            logger.warn({ didKeyId: binding.didKeyId }, 'Invalid binding format');
+            return false;
+        }
+        // Check if binding has expired
+        if (binding.validUntil && binding.validUntil < new Date()) {
+            logger.debug({ didKeyId: binding.didKeyId }, 'Binding has expired');
+            return false;
+        }
+        // Verify binding proof
+        // In a real implementation, this would verify the cryptographic proof
+        const proofValid = this.verifyBindingProof(binding);
+        if (!proofValid) {
+            logger.warn({ didKeyId: binding.didKeyId }, 'Invalid binding proof');
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Check if TEE binding is required for a trust tier
+     *
+     * @param trustTier - Trust tier to check
+     * @returns Whether TEE binding is required
+     */
+    isRequired(trustTier) {
+        return this.config.requiredForTiers.includes(trustTier);
+    }
+    /**
+     * Validate that running code matches attestation measurement
+     *
+     * @param expectedHash - Expected code measurement hash
+     * @param attestation - TEE attestation to validate
+     * @returns Whether measurement matches
+     */
+    validateCodeMeasurement(expectedHash, attestation) {
+        const verifier = this.verifiers.get(attestation.platform);
+        if (!verifier) {
+            return false;
+        }
+        return verifier.validateMeasurement(expectedHash, attestation);
+    }
+    /**
+     * Get a stored binding
+     *
+     * @param didKeyId - DID verification method ID
+     * @returns Binding if exists
+     */
+    getBinding(didKeyId) {
+        return this.bindings.get(didKeyId);
+    }
+    /**
+     * Remove a binding
+     *
+     * @param didKeyId - DID verification method ID
+     */
+    removeBinding(didKeyId) {
+        const binding = this.bindings.get(didKeyId);
+        if (binding) {
+            this.bindings.delete(didKeyId);
+            logger.info({ didKeyId }, 'Key binding removed');
+        }
+    }
+    /**
+     * Get current configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * Create a binding proof
+     * In a real implementation, this would be a cryptographic proof
+     */
+    async createBindingProof(didKeyId, attestation) {
+        // Create a simple hash-based proof for development
+        // In production, this would be a proper cryptographic binding
+        const data = JSON.stringify({
+            didKeyId,
+            enclaveId: attestation.enclaveId,
+            measurementHash: attestation.measurementHash,
+            timestamp: attestation.timestamp.toISOString(),
+        });
+        const encoder = new TextEncoder();
+        const hashBuffer = await crypto.subtle.digest('SHA-256', encoder.encode(data));
+        const hashArray = new Uint8Array(hashBuffer);
+        let binary = '';
+        for (let i = 0; i < hashArray.length; i++) {
+            binary += String.fromCharCode(hashArray[i]);
+        }
+        return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+    }
+    /**
+     * Verify a binding proof
+     */
+    verifyBindingProof(binding) {
+        // In a real implementation, this would verify the cryptographic proof
+        // For now, just check that the proof exists and has valid format
+        return binding.bindingProof.length > 0;
+    }
+    /**
+     * Get count of bindings for a platform
+     */
+    getBindingCount(_platform) {
+        return this.bindings.size;
+    }
+}
+/**
+ * Create a TEE binding service with default configuration for CAR ID
+ */
+export function createTEEBindingService(config) {
+    const defaultConfig = {
+        requiredForTiers: [4, 5], // T4+
+        allowedPlatforms: [TEEPlatformEnum.SGX, TEEPlatformEnum.NITRO],
+        maxAttestationAge: 86400, // 24 hours
+    };
+    return new TEEBindingService({ ...defaultConfig, ...config });
+}
+//# sourceMappingURL=tee.js.map