buildhive-agent 1.0.0-beta.1

package/dist/security.js

@@ -0,0 +1,470 @@
+/**
+ * Security Manager - Enhanced Docker security configuration and validation
+ *
+ * Provides comprehensive security measures for container execution including
+ * resource limits, network isolation, filesystem security, and monitoring.
+ *
+ * Requirements: 4.1, 4.2, 4.3, 4.4, 4.5
+ */
+import { createLogger } from './utils/logger.js';
+import { promises as fs } from 'fs';
+import { join, resolve } from 'path';
+import { spawn } from 'child_process';
+const logger = createLogger('security');
+export class SecurityManager {
+    config;
+    violations = [];
+    resourceMonitors = new Map();
+    constructor(config) {
+        this.config = config;
+        logger.info('Security manager initialized with enhanced configuration');
+    }
+    /**
+     * Generate secure Docker arguments for container creation
+     */
+    generateSecureDockerArgs(containerId) {
+        const args = [];
+        // Basic security settings
+        args.push('--security-opt', 'no-new-privileges:true');
+        // Drop all capabilities by default
+        if (this.config.dropAllCapabilities) {
+            args.push('--cap-drop', 'ALL');
+            // Add only explicitly allowed capabilities
+            for (const cap of this.config.allowedCapabilities) {
+                args.push('--cap-add', cap);
+            }
+        }
+        // Network isolation
+        args.push('--network', this.config.networkMode);
+        if (this.config.networkMode === 'none') {
+            logger.info(`Container ${containerId} will have no network access`);
+        }
+        // Resource limits
+        args.push('--memory', `${this.config.maxMemoryMB}m`);
+        args.push('--cpus', this.config.maxCpuCores.toString());
+        args.push('--pids-limit', this.config.maxProcesses.toString());
+        args.push('--ulimit', `nofile=${this.config.maxFileDescriptors}:${this.config.maxFileDescriptors}`);
+        // Filesystem security
+        if (this.config.readOnlyRoot) {
+            args.push('--read-only');
+            // Create secure temporary directories
+            args.push('--tmpfs', `/tmp:rw,noexec,nosuid,nodev,size=${this.config.tempDirSizeMB}m`);
+            args.push('--tmpfs', `/var/tmp:rw,noexec,nosuid,nodev,size=${this.config.tempDirSizeMB}m`);
+            // Add writable paths as tmpfs mounts
+            for (const writePath of this.config.allowedWritePaths) {
+                args.push('--tmpfs', `${writePath}:rw,noexec,nosuid,nodev,size=100m`);
+            }
+        }
+        // Security profiles
+        if (this.config.seccompProfile) {
+            args.push('--security-opt', `seccomp=${this.config.seccompProfile}`);
+        }
+        if (this.config.apparmorProfile) {
+            args.push('--security-opt', `apparmor=${this.config.apparmorProfile}`);
+        }
+        // Additional hardening
+        args.push('--security-opt', 'no-new-privileges:true');
+        args.push('--user', '1000:1000'); // Run as non-root user
+        args.push('--init'); // Use proper init system
+        logger.info(`Generated ${args.length / 2} security arguments for container ${containerId}`);
+        return args;
+    }
+    /**
+     * Validate container configuration against security policies
+     */
+    async validateContainerConfig(config) {
+        const violations = [];
+        // Check resource limits
+        if (config.memoryLimit && this.parseMemoryLimit(config.memoryLimit) > this.config.maxMemoryMB) {
+            violations.push({
+                type: 'resource',
+                severity: 'high',
+                message: `Memory limit ${config.memoryLimit} exceeds maximum allowed ${this.config.maxMemoryMB}MB`,
+                containerId: config.containerId || 'unknown',
+                timestamp: new Date()
+            });
+        }
+        // Check CPU limits
+        if (config.cpuLimit && parseFloat(config.cpuLimit) > this.config.maxCpuCores) {
+            violations.push({
+                type: 'resource',
+                severity: 'high',
+                message: `CPU limit ${config.cpuLimit} exceeds maximum allowed ${this.config.maxCpuCores}`,
+                containerId: config.containerId || 'unknown',
+                timestamp: new Date()
+            });
+        }
+        // Check network configuration
+        if (config.networkMode && config.networkMode !== this.config.networkMode) {
+            violations.push({
+                type: 'network',
+                severity: 'critical',
+                message: `Network mode ${config.networkMode} not allowed, must use ${this.config.networkMode}`,
+                containerId: config.containerId || 'unknown',
+                timestamp: new Date()
+            });
+        }
+        // Check for privileged mode
+        if (config.privileged) {
+            violations.push({
+                type: 'capability',
+                severity: 'critical',
+                message: 'Privileged mode is not allowed',
+                containerId: config.containerId || 'unknown',
+                timestamp: new Date()
+            });
+        }
+        // Check volume mounts for security risks
+        if (config.volumeMounts) {
+            for (const mount of config.volumeMounts) {
+                if (this.isUnsafeMount(mount.hostPath)) {
+                    violations.push({
+                        type: 'filesystem',
+                        severity: 'critical',
+                        message: `Unsafe volume mount detected: ${mount.hostPath}`,
+                        containerId: config.containerId || 'unknown',
+                        timestamp: new Date(),
+                        details: { mount }
+                    });
+                }
+            }
+        }
+        return violations;
+    }
+    /**
+     * Start resource monitoring for a container
+     */
+    async startResourceMonitoring(containerId) {
+        if (!this.config.enableResourceMonitoring) {
+            return;
+        }
+        logger.info(`Starting resource monitoring for container: ${containerId}`);
+        const monitor = setInterval(async () => {
+            try {
+                const usage = await this.getResourceUsage(containerId);
+                await this.checkResourceLimits(containerId, usage);
+            }
+            catch (error) {
+                logger.error(`Resource monitoring failed for container ${containerId}:`, error);
+            }
+        }, 5000); // Check every 5 seconds
+        this.resourceMonitors.set(containerId, monitor);
+        // Set up execution timeout
+        setTimeout(async () => {
+            await this.handleExecutionTimeout(containerId);
+        }, this.config.maxExecutionTimeSeconds * 1000);
+    }
+    /**
+     * Stop resource monitoring for a container
+     */
+    stopResourceMonitoring(containerId) {
+        const monitor = this.resourceMonitors.get(containerId);
+        if (monitor) {
+            clearInterval(monitor);
+            this.resourceMonitors.delete(containerId);
+            logger.info(`Stopped resource monitoring for container: ${containerId}`);
+        }
+    }
+    /**
+     * Get current resource usage for a container
+     */
+    async getResourceUsage(containerId) {
+        try {
+            const statsResult = await this.executeCommand('docker', [
+                'stats', containerId, '--no-stream', '--format',
+                'table {{.MemUsage}}\t{{.CPUPerc}}\t{{.PIDs}}\t{{.NetIO}}'
+            ]);
+            if (statsResult.exitCode !== 0) {
+                throw new Error(`Failed to get container stats: ${statsResult.error}`);
+            }
+            return this.parseResourceStats(statsResult.output);
+        }
+        catch (error) {
+            logger.error(`Failed to get resource usage for container ${containerId}:`, error);
+            throw error;
+        }
+    }
+    /**
+     * Check if resource usage exceeds limits
+     */
+    async checkResourceLimits(containerId, usage) {
+        const violations = [];
+        // Check memory usage
+        if (usage.memoryUsageMB > this.config.maxMemoryMB * 0.9) { // 90% threshold
+            violations.push({
+                type: 'resource',
+                severity: 'high',
+                message: `Memory usage ${usage.memoryUsageMB}MB approaching limit ${this.config.maxMemoryMB}MB`,
+                containerId,
+                timestamp: new Date(),
+                details: { usage }
+            });
+        }
+        // Check CPU usage
+        if (usage.cpuUsagePercent > this.config.maxCpuCores * 100 * 0.9) { // 90% threshold
+            violations.push({
+                type: 'resource',
+                severity: 'medium',
+                message: `CPU usage ${usage.cpuUsagePercent}% approaching limit`,
+                containerId,
+                timestamp: new Date(),
+                details: { usage }
+            });
+        }
+        // Check process count
+        if (usage.processCount > this.config.maxProcesses * 0.9) { // 90% threshold
+            violations.push({
+                type: 'resource',
+                severity: 'medium',
+                message: `Process count ${usage.processCount} approaching limit ${this.config.maxProcesses}`,
+                containerId,
+                timestamp: new Date(),
+                details: { usage }
+            });
+        }
+        // Log violations
+        for (const violation of violations) {
+            this.recordViolation(violation);
+        }
+    }
+    /**
+     * Handle execution timeout
+     */
+    async handleExecutionTimeout(containerId) {
+        logger.warn(`Container ${containerId} exceeded maximum execution time, terminating`);
+        const violation = {
+            type: 'execution',
+            severity: 'high',
+            message: `Container exceeded maximum execution time of ${this.config.maxExecutionTimeSeconds} seconds`,
+            containerId,
+            timestamp: new Date()
+        };
+        this.recordViolation(violation);
+        // Force kill the container
+        try {
+            await this.executeCommand('docker', ['kill', containerId]);
+        }
+        catch (error) {
+            logger.error(`Failed to kill timed-out container ${containerId}:`, error);
+        }
+    }
+    /**
+     * Create secure temporary directory for container
+     */
+    async createSecureTempDir(containerId) {
+        const tempDir = join('/tmp', `buildhive-${containerId}`);
+        try {
+            await fs.mkdir(tempDir, { recursive: true, mode: 0o700 });
+            // Set strict permissions
+            await fs.chmod(tempDir, 0o700);
+            logger.info(`Created secure temp directory: ${tempDir}`);
+            return tempDir;
+        }
+        catch (error) {
+            logger.error(`Failed to create secure temp directory:`, error);
+            throw error;
+        }
+    }
+    /**
+     * Clean up secure temporary directory
+     */
+    async cleanupSecureTempDir(tempDir) {
+        try {
+            await fs.rm(tempDir, { recursive: true, force: true });
+            logger.info(`Cleaned up temp directory: ${tempDir}`);
+        }
+        catch (error) {
+            logger.error(`Failed to cleanup temp directory ${tempDir}:`, error);
+        }
+    }
+    /**
+     * Validate Docker image security
+     */
+    async validateImageSecurity(image) {
+        const violations = [];
+        try {
+            // Check if image is from trusted registry
+            if (!this.isTrustedImage(image)) {
+                violations.push({
+                    type: 'filesystem',
+                    severity: 'medium',
+                    message: `Image ${image} is not from a trusted registry`,
+                    containerId: 'image-validation',
+                    timestamp: new Date(),
+                    details: { image }
+                });
+            }
+            // Inspect image for security issues
+            const inspectResult = await this.executeCommand('docker', ['inspect', image]);
+            if (inspectResult.exitCode === 0) {
+                const imageInfo = JSON.parse(inspectResult.output)[0];
+                // Check for root user
+                if (imageInfo.Config?.User === 'root' || !imageInfo.Config?.User) {
+                    violations.push({
+                        type: 'capability',
+                        severity: 'medium',
+                        message: `Image ${image} runs as root user`,
+                        containerId: 'image-validation',
+                        timestamp: new Date(),
+                        details: { image }
+                    });
+                }
+            }
+        }
+        catch (error) {
+            logger.error(`Failed to validate image security for ${image}:`, error);
+        }
+        return violations;
+    }
+    /**
+     * Get security violations
+     */
+    getViolations() {
+        return [...this.violations];
+    }
+    /**
+     * Clear security violations
+     */
+    clearViolations() {
+        this.violations = [];
+    }
+    /**
+     * Record a security violation
+     */
+    recordViolation(violation) {
+        this.violations.push(violation);
+        if (this.config.logSecurityEvents) {
+            logger.warn(`Security violation [${violation.severity}]: ${violation.message}`, {
+                containerId: violation.containerId,
+                type: violation.type,
+                details: violation.details
+            });
+        }
+        // Keep only last 1000 violations to prevent memory issues
+        if (this.violations.length > 1000) {
+            this.violations = this.violations.slice(-1000);
+        }
+    }
+    /**
+     * Check if a volume mount is unsafe
+     */
+    isUnsafeMount(hostPath) {
+        const unsafePaths = [
+            '/',
+            '/etc',
+            '/usr',
+            '/bin',
+            '/sbin',
+            '/boot',
+            '/sys',
+            '/proc',
+            '/dev',
+            '/var/run/docker.sock',
+            '/home',
+            '/root'
+        ];
+        const resolvedPath = resolve(hostPath);
+        return unsafePaths.some(unsafePath => resolvedPath === unsafePath || resolvedPath.startsWith(unsafePath + '/'));
+    }
+    /**
+     * Check if image is from trusted registry
+     */
+    isTrustedImage(image) {
+        const trustedRegistries = [
+            'docker.io',
+            'gcr.io',
+            'quay.io',
+            'registry.hub.docker.com'
+        ];
+        // If no registry specified, assume docker.io
+        if (!image.includes('/') || !image.includes('.')) {
+            return true;
+        }
+        const registry = image.split('/')[0];
+        return trustedRegistries.includes(registry);
+    }
+    /**
+     * Parse memory limit string to MB
+     */
+    parseMemoryLimit(limit) {
+        const match = limit.match(/^(\d+)([kmg]?)$/i);
+        if (!match)
+            return 0;
+        const value = parseInt(match[1]);
+        const unit = match[2]?.toLowerCase() || '';
+        switch (unit) {
+            case 'k': return value / 1024;
+            case 'm': return value;
+            case 'g': return value * 1024;
+            default: return value / (1024 * 1024); // bytes to MB
+        }
+    }
+    /**
+     * Parse resource stats output
+     */
+    parseResourceStats(output) {
+        // This is a simplified parser - in production, you'd want more robust parsing
+        const lines = output.trim().split('\n');
+        const dataLine = lines[1] || '';
+        const parts = dataLine.split('\t');
+        return {
+            memoryUsageMB: this.parseMemoryUsage(parts[0] || '0'),
+            cpuUsagePercent: parseFloat(parts[1]?.replace('%', '') || '0'),
+            processCount: parseInt(parts[2] || '0'),
+            networkBytesIn: 0, // Would need more complex parsing
+            networkBytesOut: 0,
+            diskUsageMB: 0 // Would need additional docker command
+        };
+    }
+    /**
+     * Parse memory usage string
+     */
+    parseMemoryUsage(usage) {
+        const match = usage.match(/^([\d.]+)([KMGT]?i?B)/);
+        if (!match)
+            return 0;
+        const value = parseFloat(match[1]);
+        const unit = match[2];
+        switch (unit) {
+            case 'KiB':
+            case 'KB': return value / 1024;
+            case 'MiB':
+            case 'MB': return value;
+            case 'GiB':
+            case 'GB': return value * 1024;
+            case 'TiB':
+            case 'TB': return value * 1024 * 1024;
+            default: return value / (1024 * 1024); // bytes to MB
+        }
+    }
+    /**
+     * Execute a system command
+     */
+    async executeCommand(command, args) {
+        return new Promise((resolve) => {
+            const process = spawn(command, args, { stdio: ['pipe', 'pipe', 'pipe'] });
+            let output = '';
+            let error = '';
+            process.stdout.on('data', (data) => output += data.toString());
+            process.stderr.on('data', (data) => error += data.toString());
+            process.on('close', (code) => {
+                resolve({
+                    exitCode: code || 0,
+                    output: output.trim(),
+                    error: error.trim()
+                });
+            });
+        });
+    }
+    /**
+     * Cleanup all monitoring
+     */
+    cleanup() {
+        for (const [containerId, monitor] of this.resourceMonitors) {
+            clearInterval(monitor);
+        }
+        this.resourceMonitors.clear();
+        logger.info('Security manager cleanup completed');
+    }
+}
+//# sourceMappingURL=security.js.map

package/dist/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,IAAI,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAEtC,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;AAuDxC,MAAM,OAAO,eAAe;IAClB,MAAM,CAAiB;IACvB,UAAU,GAAwB,EAAE,CAAC;IACrC,gBAAgB,GAAG,IAAI,GAAG,EAA0B,CAAC;IAE7D,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,WAAmB;QAC1C,MAAM,IAAI,GAAa,EAAE,CAAC;QAE1B,0BAA0B;QAC1B,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,wBAAwB,CAAC,CAAC;QAEtD,mCAAmC;QACnC,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;YAE/B,2CAA2C;YAC3C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;gBAClD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAEhD,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,8BAA8B,CAAC,CAAC;QACtE,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC/D,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAEpG,sBAAsB;QACtB,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAEzB,sCAAsC;YACtC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,oCAAoC,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC;YACvF,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,wCAAwC,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC;YAE3F,qCAAqC;YACrC,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBACtD,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,SAAS,mCAAmC,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,WAAW,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YAChC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,YAAY,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,wBAAwB,CAAC,CAAC;QACtD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,uBAAuB;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,yBAAyB;QAE9C,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,GAAG,CAAC,qCAAqC,WAAW,EAAE,CAAC,CAAC;QAC5F,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB,CAAC,MAAW;QACvC,MAAM,UAAU,GAAwB,EAAE,CAAC;QAE3C,wBAAwB;QACxB,IAAI,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC9F,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,gBAAgB,MAAM,CAAC,WAAW,4BAA4B,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI;gBAClG,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,SAAS;gBAC5C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;QACL,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,QAAQ,IAAI,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC7E,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,aAAa,MAAM,CAAC,QAAQ,4BAA4B,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE;gBAC1F,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,SAAS;gBAC5C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;QACL,CAAC;QAED,8BAA8B;QAC9B,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACzE,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,gBAAgB,MAAM,CAAC,WAAW,0BAA0B,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE;gBAC9F,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,SAAS;gBAC5C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;QACL,CAAC;QAED,4BAA4B;QAC5B,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,gCAAgC;gBACzC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,SAAS;gBAC5C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB,CAAC,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxC,IAAI,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACvC,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,YAAY;wBAClB,QAAQ,EAAE,UAAU;wBACpB,OAAO,EAAE,iCAAiC,KAAK,CAAC,QAAQ,EAAE;wBAC1D,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,SAAS;wBAC5C,SAAS,EAAE,IAAI,IAAI,EAAE;wBACrB,OAAO,EAAE,EAAE,KAAK,EAAE;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB,CAAC,WAAmB;QAC/C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,+CAA+C,WAAW,EAAE,CAAC,CAAC;QAE1E,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;YACrC,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBACvD,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,4CAA4C,WAAW,GAAG,EAAE,KAAK,CAAC,CAAC;YAClF,CAAC;QACH,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,wBAAwB;QAElC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAEhD,2BAA2B;QAC3B,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,MAAM,IAAI,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QACjD,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,WAAmB;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACvD,IAAI,OAAO,EAAE,CAAC;YACZ,aAAa,CAAC,OAAO,CAAC,CAAC;YACvB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,8CAA8C,WAAW,EAAE,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,WAAmB;QACxC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE;gBACtD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,UAAU;gBAC/C,0DAA0D;aAC3D,CAAC,CAAC;YAEH,IAAI,WAAW,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,kCAAkC,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;YACzE,CAAC;YAED,OAAO,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,8CAA8C,WAAW,GAAG,EAAE,KAAK,CAAC,CAAC;YAClF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB,CAAC,WAAmB,EAAE,KAAoB;QACzE,MAAM,UAAU,GAAwB,EAAE,CAAC;QAE3C,qBAAqB;QACrB,IAAI,KAAK,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC,CAAC,gBAAgB;YACzE,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,gBAAgB,KAAK,CAAC,aAAa,wBAAwB,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI;gBAC/F,WAAW;gBACX,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,OAAO,EAAE,EAAE,KAAK,EAAE;aACnB,CAAC,CAAC;QACL,CAAC;QAED,kBAAkB;QAClB,IAAI,KAAK,CAAC,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC,CAAC,gBAAgB;YACjF,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,aAAa,KAAK,CAAC,eAAe,qBAAqB;gBAChE,WAAW;gBACX,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,OAAO,EAAE,EAAE,KAAK,EAAE;aACnB,CAAC,CAAC;QACL,CAAC;QAED,sBAAsB;QACtB,IAAI,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,GAAG,EAAE,CAAC,CAAC,gBAAgB;YACzE,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,iBAAiB,KAAK,CAAC,YAAY,sBAAsB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE;gBAC5F,WAAW;gBACX,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,OAAO,EAAE,EAAE,KAAK,EAAE;aACnB,CAAC,CAAC;QACL,CAAC;QAED,iBAAiB;QACjB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,WAAmB;QACtD,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,+CAA+C,CAAC,CAAC;QAErF,MAAM,SAAS,GAAsB;YACnC,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,gDAAgD,IAAI,CAAC,MAAM,CAAC,uBAAuB,UAAU;YACtG,WAAW;YACX,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;QAEF,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAEhC,2BAA2B;QAC3B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,sCAAsC,WAAW,GAAG,EAAE,KAAK,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,WAAmB;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,aAAa,WAAW,EAAE,CAAC,CAAC;QAEzD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAE1D,yBAAyB;YACzB,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAE/B,MAAM,CAAC,IAAI,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAC;YACzD,OAAO,OAAO,CAAC;QAEjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CAAC,OAAe;QACxC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,IAAI,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,oCAAoC,OAAO,GAAG,EAAE,KAAK,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,KAAa;QACvC,MAAM,UAAU,GAAwB,EAAE,CAAC;QAE3C,IAAI,CAAC;YACH,0CAA0C;YAC1C,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,YAAY;oBAClB,QAAQ,EAAE,QAAQ;oBAClB,OAAO,EAAE,SAAS,KAAK,iCAAiC;oBACxD,WAAW,EAAE,kBAAkB;oBAC/B,SAAS,EAAE,IAAI,IAAI,EAAE;oBACrB,OAAO,EAAE,EAAE,KAAK,EAAE;iBACnB,CAAC,CAAC;YACL,CAAC;YAED,oCAAoC;YACpC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;YAE9E,IAAI,aAAa,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBACjC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAEtD,sBAAsB;gBACtB,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,KAAK,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;oBACjE,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,YAAY;wBAClB,QAAQ,EAAE,QAAQ;wBAClB,OAAO,EAAE,SAAS,KAAK,oBAAoB;wBAC3C,WAAW,EAAE,kBAAkB;wBAC/B,SAAS,EAAE,IAAI,IAAI,EAAE;wBACrB,OAAO,EAAE,EAAE,KAAK,EAAE;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QAEH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yCAAyC,KAAK,GAAG,EAAE,KAAK,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,SAA4B;QAClD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEhC,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,uBAAuB,SAAS,CAAC,QAAQ,MAAM,SAAS,CAAC,OAAO,EAAE,EAAE;gBAC9E,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,OAAO,EAAE,SAAS,CAAC,OAAO;aAC3B,CAAC,CAAC;QACL,CAAC;QAED,0DAA0D;QAC1D,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,QAAgB;QACpC,MAAM,WAAW,GAAG;YAClB,GAAG;YACH,MAAM;YACN,MAAM;YACN,MAAM;YACN,OAAO;YACP,OAAO;YACP,MAAM;YACN,OAAO;YACP,MAAM;YACN,sBAAsB;YACtB,OAAO;YACP,OAAO;SACR,CAAC;QAEF,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEvC,OAAO,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CACnC,YAAY,KAAK,UAAU,IAAI,YAAY,CAAC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,CACzE,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,KAAa;QAClC,MAAM,iBAAiB,GAAG;YACxB,WAAW;YACX,QAAQ;YACR,SAAS;YACT,yBAAyB;SAC1B,CAAC;QAEF,6CAA6C;QAC7C,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,OAAO,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,KAAa;QACpC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC;QAErB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAE3C,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,IAAI,CAAC;YAC9B,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,CAAC;YACvB,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,IAAI,CAAC;YAC9B,OAAO,CAAC,CAAC,OAAO,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,cAAc;QACvD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,MAAc;QACvC,8EAA8E;QAC9E,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEnC,OAAO;YACL,aAAa,EAAE,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;YACrD,eAAe,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC;YAC9D,YAAY,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;YACvC,cAAc,EAAE,CAAC,EAAE,kCAAkC;YACrD,eAAe,EAAE,CAAC;YAClB,WAAW,EAAE,CAAC,CAAC,uCAAuC;SACvD,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,KAAa;QACpC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC;QAErB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,KAAK,CAAC;YAAC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,IAAI,CAAC;YAC3C,KAAK,KAAK,CAAC;YAAC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,CAAC;YACpC,KAAK,KAAK,CAAC;YAAC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,IAAI,CAAC;YAC3C,KAAK,KAAK,CAAC;YAAC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,IAAI,GAAG,IAAI,CAAC;YAClD,OAAO,CAAC,CAAC,OAAO,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,cAAc;QACvD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAAC,OAAe,EAAE,IAAc;QAC1D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;YAE1E,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,KAAK,GAAG,EAAE,CAAC;YAEf,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC/D,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YAE9D,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC3B,OAAO,CAAC;oBACN,QAAQ,EAAE,IAAI,IAAI,CAAC;oBACnB,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;oBACrB,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE;iBACpB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,OAAO;QACL,KAAK,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3D,aAAa,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACpD,CAAC;CACF"}

package/dist/storage/artifactUploader.d.ts

@@ -0,0 +1,155 @@
+/**
+ * Artifact Uploader - MVP.4.2.4
+ *
+ * Handles artifact upload to storage backends (local or S3).
+ *
+ * Features:
+ * - Local file storage with configurable base path
+ * - S3 upload with multipart support for large files (>50MB)
+ * - S3-compatible storage support (MinIO, Cloudflare R2, etc.)
+ * - Presigned download URL generation
+ * - Retry logic with exponential backoff
+ * - Proper error handling and logging
+ * - Cleanup of temporary files after upload
+ * - Batch S3 object deletion for retention cleanup
+ *
+ * @module storage/artifactUploader
+ */
+import type { StorageConfig } from '../config/types.js';
+export interface UploadResult {
+    url: string;
+    size: number;
+    uploadedAt: Date;
+}
+export interface UploadOptions {
+    /**
+     * Maximum number of retry attempts on failure
+     */
+    maxRetries?: number;
+    /**
+     * Base delay in milliseconds for exponential backoff
+     */
+    retryDelayMs?: number;
+    /**
+     * Whether to delete the source file after successful upload
+     */
+    deleteAfterUpload?: boolean;
+}
+export declare class ArtifactUploader {
+    private config;
+    private s3Client;
+    constructor(config: StorageConfig);
+    /**
+     * Lazily create and cache an S3Client instance based on the current config.
+     */
+    private getS3Client;
+    /**
+     * Build the S3 object key from an artifact name, applying the configured path prefix.
+     */
+    private buildS3Key;
+    /**
+     * Build a public-style S3 URL for an object.
+     */
+    private buildS3Url;
+    /**
+     * Upload an artifact to the configured storage backend
+     *
+     * @param sourcePath - Absolute path to the artifact file
+     * @param artifactName - Name/path for the artifact in storage
+     * @param options - Upload options
+     * @returns Upload result with URL and metadata
+     */
+    uploadArtifact(sourcePath: string, artifactName: string, options?: UploadOptions): Promise<UploadResult>;
+    /**
+     * Upload artifact to local storage
+     *
+     * @param sourcePath - Source file path
+     * @param artifactName - Target artifact name
+     * @param maxRetries - Maximum retry attempts
+     * @param retryDelayMs - Retry delay in milliseconds
+     * @returns Upload result
+     */
+    private uploadToLocal;
+    /**
+     * Upload artifact to S3
+     *
+     * Uses PutObjectCommand for files <= 50 MB and multipart Upload for larger files.
+     * Supports S3-compatible storage (MinIO, Cloudflare R2) via custom endpoint.
+     *
+     * @param sourcePath - Source file path
+     * @param artifactName - Target artifact name
+     * @param maxRetries - Maximum retry attempts
+     * @param retryDelayMs - Retry delay in milliseconds
+     * @returns Upload result
+     */
+    private uploadToS3;
+    /**
+     * Generate a presigned download URL for an artifact in S3.
+     *
+     * @param artifactName - The artifact name/path in storage
+     * @param expiresInSeconds - URL expiration time (default: 3600 = 1 hour)
+     * @returns Presigned download URL
+     */
+    getSignedDownloadUrl(artifactName: string, expiresInSeconds?: number): Promise<string>;
+    /**
+     * Delete S3 objects in batch using DeleteObjectsCommand.
+     *
+     * @param keys - Array of S3 object keys to delete
+     * @returns Number of objects successfully deleted
+     */
+    deleteS3Objects(keys: string[]): Promise<number>;
+    /**
+     * Delete a file from the filesystem
+     *
+     * @param filePath - Path to the file to delete
+     */
+    private deleteFile;
+    /**
+     * Retry an operation with exponential backoff
+     *
+     * @param operation - Async operation to retry
+     * @param maxRetries - Maximum number of retry attempts
+     * @param baseDelayMs - Base delay for exponential backoff
+     * @param operationName - Name for logging
+     */
+    private retryOperation;
+    /**
+     * Clean up old artifacts based on retention policy
+     *
+     * @param basePath - Base path to scan for old artifacts
+     * @returns Number of files deleted
+     */
+    cleanupOldArtifacts(basePath?: string): Promise<number>;
+    /**
+     * Recursively find files older than the cutoff time
+     *
+     * @param dirPath - Directory to scan
+     * @param cutoffTime - Cutoff timestamp (files older than this will be included)
+     * @returns Array of file paths
+     */
+    private findOldFiles;
+    /**
+     * Get storage statistics
+     *
+     * @returns Storage usage statistics
+     */
+    getStorageStats(): Promise<{
+        type: 'local' | 's3';
+        totalFiles: number;
+        totalSizeBytes: number;
+        oldestFileDate?: Date;
+        newestFileDate?: Date;
+    }>;
+    /**
+     * Recursively find all files in a directory
+     *
+     * @param dirPath - Directory to scan
+     * @returns Array of file paths
+     */
+    private findAllFiles;
+    /**
+     * Retrieve storage statistics from S3 using ListObjectsV2 with pagination.
+     */
+    private getS3StorageStats;
+}
+//# sourceMappingURL=artifactUploader.d.ts.map

package/dist/storage/artifactUploader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"artifactUploader.d.ts","sourceRoot":"","sources":["../../src/storage/artifactUploader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAY,MAAM,oBAAoB,CAAC;AAclE,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,IAAI,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAKD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,QAAQ,CAAyB;gBAE7B,MAAM,EAAE,aAAa;IASjC;;OAEG;IACH,OAAO,CAAC,WAAW;IAgCnB;;OAEG;IACH,OAAO,CAAC,UAAU;IAQlB;;OAEG;IACH,OAAO,CAAC,UAAU;IAUlB;;;;;;;OAOG;IACG,cAAc,CAClB,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC;IA+CxB;;;;;;;;OAQG;YACW,aAAa;IAkC3B;;;;;;;;;;;OAWG;YACW,UAAU;IAwFxB;;;;;;OAMG;IACG,oBAAoB,CACxB,YAAY,EAAE,MAAM,EACpB,gBAAgB,GAAE,MAAa,GAC9B,OAAO,CAAC,MAAM,CAAC;IAgClB;;;;;OAKG;IACG,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAwDtD;;;;OAIG;YACW,UAAU;IAaxB;;;;;;;OAOG;YACW,cAAc;IAiC5B;;;;;OAKG;IACG,mBAAmB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAoC7D;;;;;;OAMG;YACW,YAAY;IA+B1B;;;;OAIG;IACG,eAAe,IAAI,OAAO,CAAC;QAC/B,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,CAAC,EAAE,IAAI,CAAC;QACtB,cAAc,CAAC,EAAE,IAAI,CAAC;KACvB,CAAC;IAkCF;;;;;OAKG;YACW,YAAY;IA4B1B;;OAEG;YACW,iBAAiB;CA+DhC"}