kratos-memory 1.0.0

package/dist/security/data-retention.js

@@ -0,0 +1,444 @@
+import Database from 'better-sqlite3';
+import fs from 'fs-extra';
+import path from 'path';
+import { Logger } from '../utils/logger.js';
+import { EncryptionManager } from './encryption.js';
+const logger = new Logger('DataRetention');
+/**
+ * Data retention and deletion management
+ */
+export class DataRetentionManager {
+    db;
+    archiveDb;
+    encryption;
+    projectId;
+    policies = new Map();
+    constructor(projectRoot, projectId) {
+        this.projectId = projectId;
+        // Main database
+        const dbPath = path.join(projectRoot, '.kratos', 'memory.db');
+        this.db = new Database(dbPath);
+        // Archive database
+        const archivePath = path.join(projectRoot, '.kratos', 'archive.db');
+        fs.ensureDirSync(path.dirname(archivePath));
+        this.archiveDb = new Database(archivePath);
+        this.initializeArchiveDb();
+        // Encryption for archives
+        this.encryption = new EncryptionManager(projectRoot, projectId);
+        // Load policies
+        this.loadPolicies();
+        // Start background cleanup
+        this.startCleanupScheduler();
+    }
+    /**
+     * Initialize archive database
+     */
+    initializeArchiveDb() {
+        this.archiveDb.exec(`
+      CREATE TABLE IF NOT EXISTS archives (
+        id TEXT PRIMARY KEY,
+        project_id TEXT NOT NULL,
+        memory_id TEXT NOT NULL,
+        encrypted_data TEXT NOT NULL,
+        archived_at INTEGER NOT NULL,
+        expires_at INTEGER NOT NULL,
+        metadata TEXT
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_archives_expires ON archives(expires_at);
+      CREATE INDEX IF NOT EXISTS idx_archives_project ON archives(project_id);
+    `);
+        this.archiveDb.exec(`
+      CREATE TABLE IF NOT EXISTS deletion_log (
+        id TEXT PRIMARY KEY,
+        project_id TEXT NOT NULL,
+        target_type TEXT NOT NULL,
+        target_id TEXT NOT NULL,
+        deleted_by TEXT,
+        reason TEXT,
+        deleted_at INTEGER NOT NULL,
+        data_hash TEXT
+      );
+    `);
+    }
+    /**
+     * Load retention policies
+     */
+    loadPolicies() {
+        // Default policies
+        const defaultPolicies = [
+            {
+                id: 'default',
+                name: 'Default Policy',
+                description: 'Standard retention for all memories',
+                retentionDays: 90,
+                archiveAfterDays: 60,
+                deleteAfterDays: 90,
+                createdAt: new Date()
+            },
+            {
+                id: 'temporary',
+                name: 'Temporary Data',
+                description: 'Short-lived data (debugging, logs)',
+                retentionDays: 7,
+                deleteAfterDays: 7,
+                tags: ['temp', 'debug', 'log'],
+                createdAt: new Date()
+            },
+            {
+                id: 'important',
+                name: 'Important Data',
+                description: 'Long-term retention for critical data',
+                retentionDays: 365,
+                archiveAfterDays: 180,
+                deleteAfterDays: 365,
+                importance: 4,
+                createdAt: new Date()
+            },
+            {
+                id: 'permanent',
+                name: 'Permanent',
+                description: 'Never delete (architecture, decisions)',
+                retentionDays: 36500, // 100 years
+                deleteAfterDays: 36500,
+                importance: 5,
+                tags: ['architecture', 'decision', 'permanent'],
+                createdAt: new Date()
+            }
+        ];
+        for (const policy of defaultPolicies) {
+            this.policies.set(policy.id, policy);
+        }
+    }
+    /**
+     * Apply retention policy
+     */
+    applyPolicy(memoryId, policyId = 'default') {
+        const policy = this.policies.get(policyId);
+        if (!policy) {
+            throw new Error(`Policy not found: ${policyId}`);
+        }
+        const ttlSeconds = policy.retentionDays * 24 * 60 * 60;
+        const expiresAt = Date.now() + (ttlSeconds * 1000);
+        // Update memory TTL
+        const stmt = this.db.prepare(`
+      UPDATE memories
+      SET ttl = ?, expires_at = ?
+      WHERE id = ? AND project_id = ?
+    `);
+        stmt.run(ttlSeconds, expiresAt, memoryId, this.projectId);
+        logger.info(`Applied policy ${policyId} to memory ${memoryId}`);
+    }
+    /**
+     * Archive old memories
+     */
+    async archiveOldMemories() {
+        let archived = 0;
+        // Check if memories table exists
+        const tablesExist = this.db.prepare(`
+      SELECT name FROM sqlite_master
+      WHERE type='table' AND name='memories'
+    `).get();
+        if (!tablesExist) {
+            return 0; // Tables not initialized yet
+        }
+        for (const policy of this.policies.values()) {
+            if (!policy.archiveAfterDays)
+                continue;
+            const cutoffTime = Date.now() - (policy.archiveAfterDays * 24 * 60 * 60 * 1000);
+            // Find memories to archive (simplified query to avoid sub-select on non-existent table)
+            const stmt = this.db.prepare(`
+        SELECT * FROM memories
+        WHERE project_id = ?
+          AND created_at < ?
+      `);
+            const memories = stmt.all(this.projectId, cutoffTime);
+            for (const memory of memories) {
+                await this.archiveMemory(memory, policy);
+                archived++;
+            }
+        }
+        logger.info(`Archived ${archived} memories`);
+        return archived;
+    }
+    /**
+     * Archive a single memory
+     */
+    async archiveMemory(memory, policy) {
+        // Encrypt memory data
+        const encryptedData = this.encryption.encryptJSON(memory);
+        // Calculate expiration
+        const expiresAt = Date.now() + (policy.deleteAfterDays * 24 * 60 * 60 * 1000);
+        // Insert into archive
+        const stmt = this.archiveDb.prepare(`
+      INSERT INTO archives (id, project_id, memory_id, encrypted_data, archived_at, expires_at, metadata)
+      VALUES (?, ?, ?, ?, ?, ?, ?)
+    `);
+        const archiveId = `arch_${Date.now()}_${Math.random().toString(36).substring(7)}`;
+        const metadata = JSON.stringify({
+            originalCreatedAt: memory.created_at,
+            importance: memory.importance,
+            tags: memory.tags
+        });
+        stmt.run(archiveId, this.projectId, memory.id, encryptedData, Date.now(), expiresAt, metadata);
+        // Delete from main database
+        const deleteStmt = this.db.prepare(`
+      DELETE FROM memories WHERE id = ? AND project_id = ?
+    `);
+        deleteStmt.run(memory.id, this.projectId);
+        logger.info(`Archived memory ${memory.id}`);
+    }
+    /**
+     * Restore from archive
+     */
+    async restoreFromArchive(memoryId) {
+        const stmt = this.archiveDb.prepare(`
+      SELECT * FROM archives
+      WHERE memory_id = ? AND project_id = ?
+      ORDER BY archived_at DESC
+      LIMIT 1
+    `);
+        const archive = stmt.get(memoryId, this.projectId);
+        if (!archive) {
+            return false;
+        }
+        // Decrypt data
+        const memory = this.encryption.decryptJSON(archive.encrypted_data);
+        // Restore to main database
+        const insertStmt = this.db.prepare(`
+      INSERT INTO memories (id, project_id, summary, text, tags, paths, importance, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `);
+        insertStmt.run(memory.id, memory.project_id, memory.summary, memory.text, JSON.stringify(memory.tags || []), JSON.stringify(memory.paths || []), memory.importance, memory.created_at, Date.now());
+        // Remove from archive
+        const deleteStmt = this.archiveDb.prepare(`
+      DELETE FROM archives WHERE id = ?
+    `);
+        deleteStmt.run(archive.id);
+        logger.info(`Restored memory ${memoryId} from archive`);
+        return true;
+    }
+    /**
+     * Delete data permanently (GDPR right to erasure)
+     */
+    async deleteData(request) {
+        const deletionId = `del_${Date.now()}_${Math.random().toString(36).substring(7)}`;
+        // Log deletion request
+        const logStmt = this.archiveDb.prepare(`
+      INSERT INTO deletion_log (id, project_id, target_type, target_id, deleted_by, reason, deleted_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?)
+    `);
+        logStmt.run(deletionId, this.projectId, request.targetType, request.targetId, request.userId, request.reason, Date.now());
+        switch (request.targetType) {
+            case 'memory':
+                await this.deleteMemory(request.targetId);
+                break;
+            case 'project':
+                await this.deleteProject(request.targetId);
+                break;
+            case 'user':
+                await this.deleteUserData(request.targetId);
+                break;
+        }
+        logger.info(`Completed deletion: ${deletionId}`);
+    }
+    /**
+     * Delete a single memory
+     */
+    async deleteMemory(memoryId) {
+        // Delete from main database
+        const stmt = this.db.prepare(`
+      DELETE FROM memories WHERE id = ? AND project_id = ?
+    `);
+        stmt.run(memoryId, this.projectId);
+        // Delete from FTS
+        const ftsStmt = this.db.prepare(`
+      DELETE FROM memories_fts WHERE rowid = (
+        SELECT rowid FROM memories WHERE id = ? AND project_id = ?
+      )
+    `);
+        ftsStmt.run(memoryId, this.projectId);
+        // Delete from archives
+        const archiveStmt = this.archiveDb.prepare(`
+      DELETE FROM archives WHERE memory_id = ? AND project_id = ?
+    `);
+        archiveStmt.run(memoryId, this.projectId);
+        logger.info(`Deleted memory ${memoryId}`);
+    }
+    /**
+     * Delete entire project
+     */
+    async deleteProject(projectId) {
+        if (projectId !== this.projectId) {
+            throw new Error('Can only delete current project');
+        }
+        // Delete all memories
+        const stmt = this.db.prepare(`
+      DELETE FROM memories WHERE project_id = ?
+    `);
+        const result = stmt.run(projectId);
+        // Delete all archives
+        const archiveStmt = this.archiveDb.prepare(`
+      DELETE FROM archives WHERE project_id = ?
+    `);
+        archiveStmt.run(projectId);
+        // Destroy encryption key
+        this.encryption.destroyKey();
+        logger.info(`Deleted project ${projectId} (${result.changes} memories)`);
+    }
+    /**
+     * Delete all user data (GDPR)
+     */
+    async deleteUserData(userId) {
+        // This would integrate with RBAC to find all user data
+        // For now, delete memories created by user
+        const stmt = this.db.prepare(`
+      DELETE FROM memories
+      WHERE project_id = ?
+        AND json_extract(metadata, '$.userId') = ?
+    `);
+        const result = stmt.run(this.projectId, userId);
+        logger.info(`Deleted user data for ${userId} (${result.changes} memories)`);
+    }
+    /**
+     * Export data for GDPR compliance
+     */
+    async exportUserData(userId) {
+        try {
+            // Check if memories table exists
+            const tableCheck = this.db.prepare(`
+        SELECT name FROM sqlite_master
+        WHERE type='table' AND name='memories'
+      `).get();
+            if (!tableCheck) {
+                // No memories table yet
+                return JSON.stringify({
+                    exportDate: new Date().toISOString(),
+                    userId,
+                    projectId: this.projectId,
+                    memories: [],
+                    totalCount: 0,
+                    note: 'No memories table exists yet'
+                }, null, 2);
+            }
+            // First try to get user-specific memories (handle missing metadata column)
+            let userMemories = [];
+            try {
+                const userStmt = this.db.prepare(`
+          SELECT * FROM memories
+          WHERE project_id = ?
+            AND json_extract(metadata, '$.userId') = ?
+        `);
+                userMemories = userStmt.all(this.projectId, userId);
+            }
+            catch (e) {
+                // metadata column might not exist
+                logger.debug('No metadata column in memories table');
+            }
+            // If no user-specific memories, get all project memories for demo/testing
+            let memories = userMemories;
+            if (memories.length === 0) {
+                const allStmt = this.db.prepare(`
+          SELECT * FROM memories
+          WHERE project_id = ?
+          LIMIT 10
+        `);
+                memories = allStmt.all(this.projectId);
+            }
+            const exportData = {
+                exportDate: new Date().toISOString(),
+                userId,
+                projectId: this.projectId,
+                memories,
+                totalCount: memories.length,
+                note: memories.length === 0 ? 'No data found for this user' :
+                    userMemories.length === 0 ? 'Showing sample project data (user has no specific data)' :
+                        'User-specific data exported'
+            };
+            return JSON.stringify(exportData, null, 2);
+        }
+        catch (error) {
+            logger.error('GDPR export failed', error);
+            return JSON.stringify({
+                error: 'Export failed',
+                message: error.message,
+                userId,
+                projectId: this.projectId
+            }, null, 2);
+        }
+    }
+    /**
+     * Start background cleanup scheduler
+     */
+    startCleanupScheduler() {
+        // Run cleanup every hour
+        setInterval(() => {
+            this.runCleanup();
+        }, 60 * 60 * 1000);
+        // Initial cleanup
+        this.runCleanup();
+    }
+    /**
+     * Run cleanup tasks
+     */
+    async runCleanup() {
+        try {
+            // Check if tables exist first
+            const tablesExist = this.db.prepare(`
+        SELECT name FROM sqlite_master
+        WHERE type='table' AND name='memories'
+      `).get();
+            if (!tablesExist) {
+                return; // Tables not initialized yet
+            }
+            // Delete expired memories
+            const deleteStmt = this.db.prepare(`
+        DELETE FROM memories
+        WHERE project_id = ?
+          AND expires_at IS NOT NULL
+          AND expires_at < ?
+      `);
+            const deleteResult = deleteStmt.run(this.projectId, Date.now());
+            // Delete expired archives
+            const archiveDeleteStmt = this.archiveDb.prepare(`
+        DELETE FROM archives
+        WHERE project_id = ?
+          AND expires_at < ?
+      `);
+            const archiveResult = archiveDeleteStmt.run(this.projectId, Date.now());
+            if (deleteResult.changes > 0 || archiveResult.changes > 0) {
+                logger.info(`Cleanup: deleted ${deleteResult.changes} memories, ${archiveResult.changes} archives`);
+            }
+            // Archive old memories
+            await this.archiveOldMemories();
+        }
+        catch (error) {
+            logger.error('Cleanup failed:', error);
+        }
+    }
+    /**
+     * Get retention statistics
+     */
+    getStats() {
+        const memoryCount = this.db.prepare(`
+      SELECT COUNT(*) as count FROM memories WHERE project_id = ?
+    `).get(this.projectId);
+        const archiveCount = this.archiveDb.prepare(`
+      SELECT COUNT(*) as count FROM archives WHERE project_id = ?
+    `).get(this.projectId);
+        const deletionCount = this.archiveDb.prepare(`
+      SELECT COUNT(*) as count FROM deletion_log WHERE project_id = ?
+    `).get(this.projectId);
+        return {
+            activeMemories: memoryCount.count,
+            archivedMemories: archiveCount.count,
+            deletions: deletionCount.count,
+            policies: Array.from(this.policies.values())
+        };
+    }
+    close() {
+        this.db.close();
+        this.archiveDb.close();
+    }
+}
+//# sourceMappingURL=data-retention.js.map

package/dist/security/data-retention.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-retention.js","sourceRoot":"","sources":["../../src/security/data-retention.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,MAAM,UAAU,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,CAAC;AAmC3C;;GAEG;AACH,MAAM,OAAO,oBAAoB;IACvB,EAAE,CAAoB;IACtB,SAAS,CAAoB;IAC7B,UAAU,CAAoB;IAC9B,SAAS,CAAS;IAClB,QAAQ,GAAiC,IAAI,GAAG,EAAE,CAAC;IAE3D,YAAY,WAAmB,EAAE,SAAiB;QAChD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAE3B,gBAAgB;QAChB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;QAC9D,IAAI,CAAC,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE/B,mBAAmB;QACnB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;QACpE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;QAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3C,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAE3B,0BAA0B;QAC1B,IAAI,CAAC,UAAU,GAAG,IAAI,iBAAiB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAEhE,gBAAgB;QAChB,IAAI,CAAC,YAAY,EAAE,CAAC;QAEpB,2BAA2B;QAC3B,IAAI,CAAC,qBAAqB,EAAE,CAAC;IAC/B,CAAC;IAED;;OAEG;IACK,mBAAmB;QACzB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;;;;;;;;;;;;;KAanB,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;;;;;;;;;;;KAWnB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,YAAY;QAClB,mBAAmB;QACnB,MAAM,eAAe,GAAsB;YACzC;gBACE,EAAE,EAAE,SAAS;gBACb,IAAI,EAAE,gBAAgB;gBACtB,WAAW,EAAE,qCAAqC;gBAClD,aAAa,EAAE,EAAE;gBACjB,gBAAgB,EAAE,EAAE;gBACpB,eAAe,EAAE,EAAE;gBACnB,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB;YACD;gBACE,EAAE,EAAE,WAAW;gBACf,IAAI,EAAE,gBAAgB;gBACtB,WAAW,EAAE,oCAAoC;gBACjD,aAAa,EAAE,CAAC;gBAChB,eAAe,EAAE,CAAC;gBAClB,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;gBAC9B,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB;YACD;gBACE,EAAE,EAAE,WAAW;gBACf,IAAI,EAAE,gBAAgB;gBACtB,WAAW,EAAE,uCAAuC;gBACpD,aAAa,EAAE,GAAG;gBAClB,gBAAgB,EAAE,GAAG;gBACrB,eAAe,EAAE,GAAG;gBACpB,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB;YACD;gBACE,EAAE,EAAE,WAAW;gBACf,IAAI,EAAE,WAAW;gBACjB,WAAW,EAAE,wCAAwC;gBACrD,aAAa,EAAE,KAAK,EAAE,YAAY;gBAClC,eAAe,EAAE,KAAK;gBACtB,UAAU,EAAE,CAAC;gBACb,IAAI,EAAE,CAAC,cAAc,EAAE,UAAU,EAAE,WAAW,CAAC;gBAC/C,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB;SACF,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;YACrC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,QAAgB,EAAE,WAAmB,SAAS;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;QACvD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;QAEnD,oBAAoB;QACpB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;KAI5B,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAE1D,MAAM,CAAC,IAAI,CAAC,kBAAkB,QAAQ,cAAc,QAAQ,EAAE,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB;QACtB,IAAI,QAAQ,GAAG,CAAC,CAAC;QAEjB,iCAAiC;QACjC,MAAM,WAAW,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;KAGnC,CAAC,CAAC,GAAG,EAAE,CAAC;QAET,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,CAAC,CAAC,6BAA6B;QACzC,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC5C,IAAI,CAAC,MAAM,CAAC,gBAAgB;gBAAE,SAAS;YAEvC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAEhF,wFAAwF;YACxF,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;OAI5B,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAEtD,KAAK,MAAM,MAAM,IAAI,QAAiB,EAAE,CAAC;gBACvC,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBACzC,QAAQ,EAAE,CAAC;YACb,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,YAAY,QAAQ,WAAW,CAAC,CAAC;QAC7C,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,MAAW,EAAE,MAAuB;QAC9D,sBAAsB;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAE1D,uBAAuB;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE9E,sBAAsB;QACtB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;;;KAGnC,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC;YAC9B,iBAAiB,EAAE,MAAM,CAAC,UAAU;YACpC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CACN,SAAS,EACT,IAAI,CAAC,SAAS,EACd,MAAM,CAAC,EAAE,EACT,aAAa,EACb,IAAI,CAAC,GAAG,EAAE,EACV,SAAS,EACT,QAAQ,CACT,CAAC;QAEF,4BAA4B;QAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;KAElC,CAAC,CAAC;QACH,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAE1C,MAAM,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,QAAgB;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;;;;;KAKnC,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAQ,CAAC;QAE1D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC;QACf,CAAC;QAED,eAAe;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAEnE,2BAA2B;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;KAGlC,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,CACZ,MAAM,CAAC,EAAE,EACT,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,EACjC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,EAClC,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,UAAU,EACjB,IAAI,CAAC,GAAG,EAAE,CACX,CAAC;QAEF,sBAAsB;QACtB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;;KAEzC,CAAC,CAAC;QACH,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAE3B,MAAM,CAAC,IAAI,CAAC,mBAAmB,QAAQ,eAAe,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,OAKhB;QACC,MAAM,UAAU,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QAElF,uBAAuB;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;;;KAGtC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CACT,UAAU,EACV,IAAI,CAAC,SAAS,EACd,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,QAAQ,EAChB,OAAO,CAAC,MAAM,EACd,OAAO,CAAC,MAAM,EACd,IAAI,CAAC,GAAG,EAAE,CACX,CAAC;QAEF,QAAQ,OAAO,CAAC,UAAU,EAAE,CAAC;YAC3B,KAAK,QAAQ;gBACX,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC1C,MAAM;YACR,KAAK,SAAS;gBACZ,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC3C,MAAM;YACR,KAAK,MAAM;gBACT,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC5C,MAAM;QACV,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,uBAAuB,UAAU,EAAE,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,QAAgB;QACzC,4BAA4B;QAC5B,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;KAE5B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAEnC,kBAAkB;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;KAI/B,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAEtC,uBAAuB;QACvB,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;;KAE1C,CAAC,CAAC;QACH,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAE1C,MAAM,CAAC,IAAI,CAAC,kBAAkB,QAAQ,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,SAAiB;QAC3C,IAAI,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,sBAAsB;QACtB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;KAE5B,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEnC,sBAAsB;QACtB,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;;KAE1C,CAAC,CAAC;QACH,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE3B,yBAAyB;QACzB,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QAE7B,MAAM,CAAC,IAAI,CAAC,mBAAmB,SAAS,KAAK,MAAM,CAAC,OAAO,YAAY,CAAC,CAAC;IAC3E,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAAC,MAAc;QACzC,uDAAuD;QACvD,2CAA2C;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;KAI5B,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAEhD,MAAM,CAAC,IAAI,CAAC,yBAAyB,MAAM,KAAK,MAAM,CAAC,OAAO,YAAY,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,IAAI,CAAC;YACH,iCAAiC;YACjC,MAAM,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;OAGlC,CAAC,CAAC,GAAG,EAAE,CAAC;YAET,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,wBAAwB;gBACxB,OAAO,IAAI,CAAC,SAAS,CAAC;oBACpB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACpC,MAAM;oBACN,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,CAAC;oBACb,IAAI,EAAE,8BAA8B;iBACrC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YACd,CAAC;YAED,2EAA2E;YAC3E,IAAI,YAAY,GAAU,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;SAIhC,CAAC,CAAC;gBACH,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,kCAAkC;gBAClC,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACvD,CAAC;YAED,0EAA0E;YAC1E,IAAI,QAAQ,GAAG,YAAY,CAAC;YAC5B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;SAI/B,CAAC,CAAC;gBACH,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACzC,CAAC;YAED,MAAM,UAAU,GAAG;gBACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,QAAQ;gBACR,UAAU,EAAE,QAAQ,CAAC,MAAM;gBAC3B,IAAI,EAAE,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC;oBACvD,YAAY,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,yDAAyD,CAAC,CAAC;wBACvF,6BAA6B;aACpC,CAAC;YAEF,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC,SAAS,CAAC;gBACpB,KAAK,EAAE,eAAe;gBACtB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,qBAAqB;QAC3B,yBAAyB;QACzB,WAAW,CAAC,GAAG,EAAE;YACf,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAEnB,kBAAkB;QAClB,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC;YACH,8BAA8B;YAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;OAGnC,CAAC,CAAC,GAAG,EAAE,CAAC;YAET,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,CAAC,6BAA6B;YACvC,CAAC;YAED,0BAA0B;YAC1B,MAAM,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;OAKlC,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAEhE,0BAA0B;YAC1B,MAAM,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;;;;OAIhD,CAAC,CAAC;YACH,MAAM,aAAa,GAAG,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAExE,IAAI,YAAY,CAAC,OAAO,GAAG,CAAC,IAAI,aAAa,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;gBAC1D,MAAM,CAAC,IAAI,CAAC,oBAAoB,YAAY,CAAC,OAAO,cAAc,aAAa,CAAC,OAAO,WAAW,CAAC,CAAC;YACtG,CAAC;YAED,uBAAuB;YACvB,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAElC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,MAAM,WAAW,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;KAEnC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAQ,CAAC;QAE9B,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;;KAE3C,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAQ,CAAC;QAE9B,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;;KAE5C,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAQ,CAAC;QAE9B,OAAO;YACL,cAAc,EAAE,WAAW,CAAC,KAAK;YACjC,gBAAgB,EAAE,YAAY,CAAC,KAAK;YACpC,SAAS,EAAE,aAAa,CAAC,KAAK;YAC9B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;SAC7C,CAAC;IACJ,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAChB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;CACF"}

package/dist/security/encryption.d.ts

@@ -0,0 +1,48 @@
+/**
+ * At-rest encryption using AES-256-GCM
+ * Per-project keys stored securely
+ */
+export declare class EncryptionManager {
+    private projectId;
+    private key;
+    private keyPath;
+    private algorithm;
+    constructor(projectRoot: string, projectId: string);
+    /**
+     * Load existing key or create new one
+     */
+    private loadOrCreateKey;
+    /**
+     * Save key securely (restricted permissions)
+     */
+    private saveKey;
+    /**
+     * Encrypt data
+     */
+    encrypt(text: string): {
+        encrypted: string;
+        iv: string;
+        tag: string;
+    };
+    /**
+     * Decrypt data
+     */
+    decrypt(encrypted: string, iv: string, tag: string): string;
+    /**
+     * Encrypt JSON object
+     */
+    encryptJSON(obj: any): string;
+    /**
+     * Decrypt JSON object
+     */
+    decryptJSON(encryptedData: string): any;
+    /**
+     * Rotate encryption key
+     */
+    rotateKey(reencryptCallback: (oldDecrypt: (data: string) => any, newEncrypt: (data: any) => string) => Promise<void>): Promise<void>;
+    /**
+     * Destroy key (for secure deletion)
+     */
+    destroyKey(): void;
+}
+//# sourceMappingURL=encryption.d.ts.map

package/dist/security/encryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/security/encryption.ts"],"names":[],"mappings":"AAOA;;;GAGG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,SAAS,CAAiB;gBAEtB,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;IAMlD;;OAEG;IACH,OAAO,CAAC,eAAe;IAkBvB;;OAEG;IACH,OAAO,CAAC,OAAO;IAYf;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE;IAgBrE;;OAEG;IACH,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM;IAe3D;;OAEG;IACH,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM;IAQ7B;;OAEG;IACH,WAAW,CAAC,aAAa,EAAE,MAAM,GAAG,GAAG;IAMvC;;OAEG;IACG,SAAS,CAAC,iBAAiB,EAAE,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,GAAG,EAAE,UAAU,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAqB1I;;OAEG;IACH,UAAU,IAAI,IAAI;CAanB"}

package/dist/security/encryption.js

@@ -0,0 +1,131 @@
+import crypto from 'crypto';
+import fs from 'fs-extra';
+import path from 'path';
+import { Logger } from '../utils/logger.js';
+const logger = new Logger('Encryption');
+/**
+ * At-rest encryption using AES-256-GCM
+ * Per-project keys stored securely
+ */
+export class EncryptionManager {
+    projectId;
+    key;
+    keyPath;
+    algorithm = 'aes-256-gcm';
+    constructor(projectRoot, projectId) {
+        this.projectId = projectId;
+        this.keyPath = path.join(projectRoot, '.kratos', '.keys', `${projectId}.key`);
+        this.key = this.loadOrCreateKey();
+    }
+    /**
+     * Load existing key or create new one
+     */
+    loadOrCreateKey() {
+        try {
+            if (fs.existsSync(this.keyPath)) {
+                const keyData = fs.readFileSync(this.keyPath);
+                logger.info(`Loaded encryption key for project ${this.projectId}`);
+                return keyData;
+            }
+        }
+        catch (error) {
+            logger.warn('Failed to load key, creating new one:', error);
+        }
+        // Generate new key
+        const key = crypto.randomBytes(32); // 256 bits
+        this.saveKey(key);
+        logger.info(`Generated new encryption key for project ${this.projectId}`);
+        return key;
+    }
+    /**
+     * Save key securely (restricted permissions)
+     */
+    saveKey(key) {
+        fs.ensureDirSync(path.dirname(this.keyPath));
+        fs.writeFileSync(this.keyPath, key);
+        // Set restrictive permissions (owner read/write only)
+        try {
+            fs.chmodSync(this.keyPath, 0o600);
+        }
+        catch (error) {
+            logger.warn('Could not set key file permissions:', error);
+        }
+    }
+    /**
+     * Encrypt data
+     */
+    encrypt(text) {
+        const iv = crypto.randomBytes(16);
+        const cipher = crypto.createCipheriv(this.algorithm, this.key, iv);
+        let encrypted = cipher.update(text, 'utf8', 'hex');
+        encrypted += cipher.final('hex');
+        const tag = cipher.getAuthTag();
+        return {
+            encrypted,
+            iv: iv.toString('hex'),
+            tag: tag.toString('hex')
+        };
+    }
+    /**
+     * Decrypt data
+     */
+    decrypt(encrypted, iv, tag) {
+        const decipher = crypto.createDecipheriv(this.algorithm, this.key, Buffer.from(iv, 'hex'));
+        decipher.setAuthTag(Buffer.from(tag, 'hex'));
+        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+        return decrypted;
+    }
+    /**
+     * Encrypt JSON object
+     */
+    encryptJSON(obj) {
+        const json = JSON.stringify(obj);
+        const { encrypted, iv, tag } = this.encrypt(json);
+        // Combine into single string
+        return `${iv}:${tag}:${encrypted}`;
+    }
+    /**
+     * Decrypt JSON object
+     */
+    decryptJSON(encryptedData) {
+        const [iv, tag, encrypted] = encryptedData.split(':');
+        const json = this.decrypt(encrypted, iv, tag);
+        return JSON.parse(json);
+    }
+    /**
+     * Rotate encryption key
+     */
+    async rotateKey(reencryptCallback) {
+        const oldKey = this.key;
+        const oldDecrypt = (data) => {
+            const [iv, tag, encrypted] = data.split(':');
+            const decipher = crypto.createDecipheriv(this.algorithm, oldKey, Buffer.from(iv, 'hex'));
+            decipher.setAuthTag(Buffer.from(tag, 'hex'));
+            let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+            decrypted += decipher.final('utf8');
+            return JSON.parse(decrypted);
+        };
+        // Generate new key
+        this.key = crypto.randomBytes(32);
+        this.saveKey(this.key);
+        // Re-encrypt all data
+        await reencryptCallback(oldDecrypt, (data) => this.encryptJSON(data));
+        logger.info('Key rotation completed');
+    }
+    /**
+     * Destroy key (for secure deletion)
+     */
+    destroyKey() {
+        // Overwrite key in memory
+        this.key.fill(0);
+        // Overwrite key file
+        if (fs.existsSync(this.keyPath)) {
+            const randomData = crypto.randomBytes(32);
+            fs.writeFileSync(this.keyPath, randomData);
+            fs.unlinkSync(this.keyPath);
+        }
+        logger.info('Encryption key destroyed');
+    }
+}
+//# sourceMappingURL=encryption.js.map

package/dist/security/encryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../src/security/encryption.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,MAAM,UAAU,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC;AAExC;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IACpB,SAAS,CAAS;IAClB,GAAG,CAAS;IACZ,OAAO,CAAS;IAChB,SAAS,GAAG,aAAa,CAAC;IAElC,YAAY,WAAmB,EAAE,SAAiB;QAChD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,SAAS,MAAM,CAAC,CAAC;QAC9E,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;IACpC,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC9C,MAAM,CAAC,IAAI,CAAC,qCAAqC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;gBACnE,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;QAC9D,CAAC;QAED,mBAAmB;QACnB,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW;QAC/C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClB,MAAM,CAAC,IAAI,CAAC,4CAA4C,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;QAC1E,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,OAAO,CAAC,GAAW;QACzB,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAC7C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAEpC,sDAAsD;QACtD,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAY;QAClB,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAqB,CAAC;QAEvF,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjC,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,OAAO;YACL,SAAS;YACT,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;YACtB,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC;SACzB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,SAAiB,EAAE,EAAU,EAAE,GAAW;QAChD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CACtC,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,GAAG,EACR,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CACD,CAAC;QAExB,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;QAE7C,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,GAAQ;QAClB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAElD,6BAA6B;QAC7B,OAAO,GAAG,EAAE,IAAI,GAAG,IAAI,SAAS,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,aAAqB;QAC/B,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,iBAA0G;QACxH,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC;QACxB,MAAM,UAAU,GAAG,CAAC,IAAY,EAAE,EAAE;YAClC,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CAAuB,CAAC;YAC/G,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;YAC7C,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC,CAAC;QAEF,mBAAmB;QACnB,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEvB,sBAAsB;QACtB,MAAM,iBAAiB,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;QAEtE,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,UAAU;QACR,0BAA0B;QAC1B,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEjB,qBAAqB;QACrB,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAC1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YAC3C,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9B,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;CACF"}