npm - limen-ai - Versions diffs - 1.0.0 - Mend

limen-ai 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (704) hide show

package/dist/kernel/audit/audit_trail.js ADDED Viewed

@@ -0,0 +1,569 @@
+/**
+ * Audit trail implementation.
+ * S ref: I-03, I-06, §3.5, FM-08, T-5
+ *
+ * Phase: 1 (Kernel) -- Build Order 3
+ * Must exist before any state mutation occurs.
+ *
+ * I-03: Every state mutation and its audit entry in same transaction.
+ * I-06: Append-only. No modify, no delete. Retention = archival.
+ * §3.5: SHA-256 hash chaining. Monotonic sequence numbers. Append-only.
+ * FM-08: Defense against audit trail tampering via hash chain + triggers.
+ */
+import { randomUUID } from 'node:crypto';
+import { createRequire } from 'node:module';
+// ─── Genesis hash: SHA-256 of empty string ───
+// Well-known constant. Anchors the hash chain (SDD A06-3).
+const GENESIS_HASH = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855';
+/**
+ * FM-10 + §3.5: Unwrap tenant-scoped connection for audit chain queries.
+ * The audit hash chain is GLOBAL (all tenants share one monotonic sequence).
+ * TenantScopedConnection.raw provides the unscoped connection.
+ * If conn is not scoped, returns conn unchanged.
+ *
+ * S ref: §3.5 (global hash chain), FM-10 (tenant scoping must not corrupt chain)
+ */
+function unwrapForChainQuery(conn) {
+    return 'raw' in conn && conn.raw !== undefined
+        ? conn.raw
+        : conn;
+}
+/**
+ * Compute SHA-256 hash for audit chain entry.
+ * Uses a deterministic field ordering for consistent hashing.
+ * S ref: §3.5 (SHA-256 hash chaining)
+ */
+function computeEntryHash(sha256Fn, previousHash, input, timestamp, seqNo) {
+    // Deterministic serialization: fixed field order, canonical JSON
+    const data = [
+        previousHash,
+        String(seqNo),
+        timestamp,
+        input.actorType,
+        input.actorId,
+        input.operation,
+        input.resourceType,
+        input.resourceId,
+        input.detail ? JSON.stringify(input.detail, Object.keys(input.detail).sort()) : '',
+    ].join('|');
+    return sha256Fn(data);
+}
+/**
+ * Create an AuditTrail implementation.
+ * Requires a sha256 function from the crypto module.
+ * S ref: I-03 (atomic audit), I-06 (immutability),
+ *        §3.5 (hash chaining), FM-08 (tamper detection)
+ */
+export function createAuditTrail(sha256Fn, time) {
+    const clock = time ?? { nowISO: () => new Date().toISOString(), nowMs: () => Date.now() };
+    return {
+        /**
+         * Append entry. MUST be called within same transaction as mutation (I-03).
+         * S ref: I-03 (atomic audit), §3.5 (hash chaining, monotonic sequence)
+         */
+        append(conn, input) {
+            try {
+                const id = randomUUID();
+                const timestamp = clock.nowISO();
+                // Get previous hash (chain head or genesis)
+                // FM-10: Use raw connection — hash chain is GLOBAL, not per-tenant (§3.5)
+                const rawConn = unwrapForChainQuery(conn);
+                const lastEntry = rawConn.get(`SELECT current_hash, seq_no FROM core_audit_log ORDER BY seq_no DESC LIMIT 1`);
+                const previousHash = lastEntry?.current_hash ?? GENESIS_HASH;
+                const seqNo = (lastEntry?.seq_no ?? 0) + 1;
+                // Compute hash for this entry
+                const currentHash = computeEntryHash(sha256Fn, previousHash, input, timestamp, seqNo);
+                // Insert into audit log
+                const detailJson = input.detail ? JSON.stringify(input.detail) : null;
+                conn.run(`INSERT INTO core_audit_log (id, seq_no, tenant_id, timestamp, actor_type, actor_id,
+           operation, resource_type, resource_id, detail, previous_hash, current_hash)
+           VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, [id, seqNo, input.tenantId, timestamp, input.actorType, input.actorId,
+                    input.operation, input.resourceType, input.resourceId,
+                    detailJson, previousHash, currentHash]);
+                const entry = {
+                    seqNo,
+                    id,
+                    tenantId: input.tenantId,
+                    timestamp,
+                    actorType: input.actorType,
+                    actorId: input.actorId,
+                    operation: input.operation,
+                    resourceType: input.resourceType,
+                    resourceId: input.resourceId,
+                    detail: input.detail ?? null,
+                    previousHash,
+                    currentHash,
+                };
+                return { ok: true, value: entry };
+            }
+            catch (err) {
+                return {
+                    ok: false,
+                    error: {
+                        code: 'AUDIT_APPEND_FAILED',
+                        message: err instanceof Error ? err.message : String(err),
+                        spec: 'I-03, I-06',
+                    },
+                };
+            }
+        },
+        /**
+         * Batch append for observational (non-mutating) audits.
+         * S ref: §3.5 (observational audit batching)
+         */
+        appendBatch(conn, inputs) {
+            try {
+                const entries = [];
+                // Get chain head once
+                // FM-10: Use raw connection — hash chain is GLOBAL, not per-tenant (§3.5)
+                const rawConn = unwrapForChainQuery(conn);
+                const lastEntry = rawConn.get(`SELECT current_hash, seq_no FROM core_audit_log ORDER BY seq_no DESC LIMIT 1`);
+                let previousHash = lastEntry?.current_hash ?? GENESIS_HASH;
+                let seqNo = (lastEntry?.seq_no ?? 0);
+                const insertStmt = `INSERT INTO core_audit_log (id, seq_no, tenant_id, timestamp, actor_type, actor_id,
+           operation, resource_type, resource_id, detail, previous_hash, current_hash)
+           VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`;
+                for (const input of inputs) {
+                    const id = randomUUID();
+                    const timestamp = clock.nowISO();
+                    seqNo += 1;
+                    const currentHash = computeEntryHash(sha256Fn, previousHash, input, timestamp, seqNo);
+                    const detailJson = input.detail ? JSON.stringify(input.detail) : null;
+                    conn.run(insertStmt, [id, seqNo, input.tenantId, timestamp, input.actorType, input.actorId,
+                        input.operation, input.resourceType, input.resourceId,
+                        detailJson, previousHash, currentHash]);
+                    entries.push({
+                        seqNo,
+                        id,
+                        tenantId: input.tenantId,
+                        timestamp,
+                        actorType: input.actorType,
+                        actorId: input.actorId,
+                        operation: input.operation,
+                        resourceType: input.resourceType,
+                        resourceId: input.resourceId,
+                        detail: input.detail ?? null,
+                        previousHash,
+                        currentHash,
+                    });
+                    previousHash = currentHash;
+                }
+                return { ok: true, value: entries };
+            }
+            catch (err) {
+                return {
+                    ok: false,
+                    error: {
+                        code: 'AUDIT_BATCH_FAILED',
+                        message: err instanceof Error ? err.message : String(err),
+                        spec: 'I-03, I-06',
+                    },
+                };
+            }
+        },
+        /**
+         * Query entries. RBAC: requires 'view_audit' permission.
+         * S ref: I-13 (authorization on audit read)
+         */
+        query(conn, ctx, filter) {
+            try {
+                // I-13: Check view_audit permission
+                if (ctx.permissions.size > 0 && !ctx.permissions.has('view_audit')) {
+                    return {
+                        ok: false,
+                        error: {
+                            code: 'PERMISSION_DENIED',
+                            message: 'view_audit permission required to query audit entries',
+                            spec: 'I-13',
+                        },
+                    };
+                }
+                const conditions = [];
+                const params = [];
+                if (filter.tenantId !== undefined) {
+                    conditions.push('tenant_id = ?');
+                    params.push(filter.tenantId);
+                }
+                if (filter.actorId !== undefined) {
+                    conditions.push('actor_id = ?');
+                    params.push(filter.actorId);
+                }
+                if (filter.operation !== undefined) {
+                    conditions.push('operation = ?');
+                    params.push(filter.operation);
+                }
+                if (filter.resourceType !== undefined) {
+                    conditions.push('resource_type = ?');
+                    params.push(filter.resourceType);
+                }
+                if (filter.resourceId !== undefined) {
+                    conditions.push('resource_id = ?');
+                    params.push(filter.resourceId);
+                }
+                if (filter.fromTimestamp !== undefined) {
+                    conditions.push('timestamp >= ?');
+                    params.push(filter.fromTimestamp);
+                }
+                if (filter.toTimestamp !== undefined) {
+                    conditions.push('timestamp <= ?');
+                    params.push(filter.toTimestamp);
+                }
+                const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
+                const limit = filter.limit ?? 100;
+                const offset = filter.offset ?? 0;
+                const sql = `SELECT seq_no, id, tenant_id, timestamp, actor_type, actor_id,
+                     operation, resource_type, resource_id, detail, previous_hash, current_hash
+                     FROM core_audit_log ${where}
+                     ORDER BY seq_no ASC LIMIT ? OFFSET ?`;
+                params.push(limit, offset);
+                const rows = conn.query(sql, params);
+                const entries = rows.map(row => ({
+                    seqNo: row.seq_no,
+                    id: row.id,
+                    tenantId: row.tenant_id,
+                    timestamp: row.timestamp,
+                    actorType: row.actor_type,
+                    actorId: row.actor_id,
+                    operation: row.operation,
+                    resourceType: row.resource_type,
+                    resourceId: row.resource_id,
+                    detail: row.detail ? JSON.parse(row.detail) : null,
+                    previousHash: row.previous_hash,
+                    currentHash: row.current_hash,
+                }));
+                return { ok: true, value: entries };
+            }
+            catch (err) {
+                return {
+                    ok: false,
+                    error: {
+                        code: 'AUDIT_QUERY_FAILED',
+                        message: err instanceof Error ? err.message : String(err),
+                        spec: 'I-06',
+                    },
+                };
+            }
+        },
+        /**
+         * Verify hash chain integrity.
+         * S ref: FM-08 (chain verification as runtime health check)
+         */
+        verifyChain(conn, tenantId) {
+            try {
+                const tenantFilter = tenantId !== undefined ? 'WHERE tenant_id = ?' : '';
+                const params = tenantId !== undefined ? [tenantId] : [];
+                const rows = conn.query(`SELECT seq_no, tenant_id, timestamp, actor_type, actor_id, operation,
+           resource_type, resource_id, detail, previous_hash, current_hash
+           FROM core_audit_log ${tenantFilter} ORDER BY seq_no ASC`, params);
+                if (rows.length === 0) {
+                    return {
+                        ok: true,
+                        value: {
+                            valid: true,
+                            totalEntries: 0,
+                            firstSeqNo: 0,
+                            lastSeqNo: 0,
+                            brokenAt: null,
+                            expectedHash: null,
+                            actualHash: null,
+                            gaps: [],
+                        },
+                    };
+                }
+                const gaps = [];
+                let valid = true;
+                let brokenAt = null;
+                let expectedHash = null;
+                let actualHash = null;
+                let prevHash = GENESIS_HASH;
+                for (let i = 0; i < rows.length; i++) {
+                    const row = rows[i];
+                    // Check for sequence gaps
+                    if (i > 0) {
+                        const prevSeqNo = rows[i - 1].seq_no;
+                        for (let s = prevSeqNo + 1; s < row.seq_no; s++) {
+                            gaps.push(s);
+                        }
+                    }
+                    // Verify previousHash links
+                    if (row.previous_hash !== prevHash) {
+                        valid = false;
+                        brokenAt = row.seq_no;
+                        expectedHash = prevHash;
+                        actualHash = row.previous_hash;
+                        break;
+                    }
+                    // Recompute hash
+                    const input = {
+                        tenantId: row.tenant_id,
+                        actorType: row.actor_type,
+                        actorId: row.actor_id,
+                        operation: row.operation,
+                        resourceType: row.resource_type,
+                        resourceId: row.resource_id,
+                        ...(row.detail ? { detail: JSON.parse(row.detail) } : {}),
+                    };
+                    const recomputedHash = computeEntryHash(sha256Fn, row.previous_hash, input, row.timestamp, row.seq_no);
+                    if (recomputedHash !== row.current_hash) {
+                        valid = false;
+                        brokenAt = row.seq_no;
+                        expectedHash = recomputedHash;
+                        actualHash = row.current_hash;
+                        break;
+                    }
+                    prevHash = row.current_hash;
+                }
+                return {
+                    ok: true,
+                    value: {
+                        valid: valid && gaps.length === 0,
+                        totalEntries: rows.length,
+                        firstSeqNo: rows[0].seq_no,
+                        lastSeqNo: rows[rows.length - 1].seq_no,
+                        brokenAt,
+                        expectedHash,
+                        actualHash,
+                        gaps,
+                    },
+                };
+            }
+            catch (err) {
+                return {
+                    ok: false,
+                    error: {
+                        code: 'CHAIN_VERIFY_FAILED',
+                        message: err instanceof Error ? err.message : String(err),
+                        spec: 'FM-08',
+                    },
+                };
+            }
+        },
+        /**
+         * Archive entries to sealed file.
+         * S ref: I-06 (archival to sealed file, not deletion)
+         */
+        archive(conn, olderThan, outputPath) {
+            try {
+                // Find entries to archive
+                const entries = conn.query(`SELECT seq_no, current_hash FROM core_audit_log WHERE timestamp < ? ORDER BY seq_no ASC`, [olderThan]);
+                if (entries.length === 0) {
+                    return {
+                        ok: false,
+                        error: {
+                            code: 'NO_ENTRIES_TO_ARCHIVE',
+                            message: 'No audit entries found older than the specified timestamp',
+                            spec: 'I-06',
+                        },
+                    };
+                }
+                const firstSeqNo = entries[0].seq_no;
+                const lastSeqNo = entries[entries.length - 1].seq_no;
+                const finalHash = entries[entries.length - 1].current_hash;
+                const segmentId = randomUUID();
+                // Create archive database and copy entries
+                // NOTE: Archive DB creation uses better-sqlite3 directly
+                // This is the only place outside database_lifecycle.ts that opens a DB
+                // because archive files are independent sealed databases.
+                // S ref: I-06 (sealed archive files are independent SQLite databases)
+                const require = createRequire(import.meta.url);
+                // eslint-disable-next-line @typescript-eslint/no-require-imports -- synchronous import required for sealed archive DB (I-06)
+                const BetterSqlite3 = require('better-sqlite3');
+                const archiveDb = new BetterSqlite3(outputPath);
+                archiveDb.exec(`
+          CREATE TABLE core_audit_log (
+            seq_no        INTEGER PRIMARY KEY,
+            id            TEXT    NOT NULL UNIQUE,
+            tenant_id     TEXT,
+            timestamp     TEXT    NOT NULL,
+            actor_type    TEXT    NOT NULL,
+            actor_id      TEXT    NOT NULL,
+            operation     TEXT    NOT NULL,
+            resource_type TEXT    NOT NULL,
+            resource_id   TEXT    NOT NULL,
+            detail        TEXT,
+            previous_hash TEXT    NOT NULL,
+            current_hash  TEXT    NOT NULL
+          );
+        `);
+                // Copy entries
+                const sourceEntries = conn.query(`SELECT * FROM core_audit_log WHERE seq_no >= ? AND seq_no <= ? ORDER BY seq_no ASC`, [firstSeqNo, lastSeqNo]);
+                const insertStmt = archiveDb.prepare(`INSERT INTO core_audit_log VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`);
+                const insertAll = archiveDb.transaction(() => {
+                    for (const entry of sourceEntries) {
+                        insertStmt.run(entry.seq_no, entry.id, entry.tenant_id, entry.timestamp, entry.actor_type, entry.actor_id, entry.operation, entry.resource_type, entry.resource_id, entry.detail, entry.previous_hash, entry.current_hash);
+                    }
+                });
+                insertAll();
+                archiveDb.close();
+                // Record archive segment
+                conn.run(`INSERT INTO core_audit_archive_segments (id, file_path, first_seq_no, last_seq_no, final_hash, entry_count, archived_at)
+           VALUES (?, ?, ?, ?, ?, ?, strftime('%Y-%m-%dT%H:%M:%fZ','now'))`, [segmentId, outputPath, firstSeqNo, lastSeqNo, finalHash, entries.length]);
+                // Remove archived entries from active table.
+                // SEC-004 fix: Set archival flag to bypass DELETE trigger (I-06 defense-in-depth).
+                // The trigger WHEN clause checks core_audit_archive_active; if a row exists, DELETE is allowed.
+                // Flag is inserted and removed within the same transaction for atomicity.
+                conn.run(`INSERT OR IGNORE INTO core_audit_archive_active (id) VALUES (1)`);
+                conn.run(`DELETE FROM core_audit_log WHERE seq_no >= ? AND seq_no <= ?`, [firstSeqNo, lastSeqNo]);
+                conn.run(`DELETE FROM core_audit_archive_active WHERE id = 1`);
+                return {
+                    ok: true,
+                    value: {
+                        segmentId,
+                        archivedEntries: entries.length,
+                        firstSeqNo,
+                        lastSeqNo,
+                        finalHash,
+                        filePath: outputPath,
+                    },
+                };
+            }
+            catch (err) {
+                return {
+                    ok: false,
+                    error: {
+                        code: 'ARCHIVE_FAILED',
+                        message: err instanceof Error ? err.message : String(err),
+                        spec: 'I-06',
+                    },
+                };
+            }
+        },
+        /**
+         * CF-035, GDPR Art. 17: Tombstone audit entries for a tenant.
+         * Replaces PII fields (detail, actor_id) with sanitized values
+         * while preserving hash chain integrity via cascade re-hash.
+         *
+         * Algorithm:
+         *   1. Find all entries for the given tenant
+         *   2. Set tombstone flag (bypasses I-06 UPDATE trigger)
+         *   3. For each tenant entry: replace detail → {"purged":true,"purge_date":"..."}, actor_id → "purged"
+         *   4. Starting from the earliest tombstoned entry, cascade re-hash ALL subsequent entries
+         *      (even non-tenant entries, because the chain is global per DEC-CERT-001)
+         *   5. Clear tombstone flag
+         *   6. Verify chain integrity
+         *
+         * S ref: I-06 (controlled UPDATE exception), I-02 (right to erasure),
+         *        DEC-CERT-001 (global chain GDPR condition), §3.5 (hash chaining)
+         */
+        tombstone(conn, tenantId) {
+            try {
+                // FM-10: Use raw connection — hash chain is GLOBAL (§3.5)
+                const rawConn = unwrapForChainQuery(conn);
+                // Find entries to tombstone
+                const tenantEntries = rawConn.query(`SELECT seq_no FROM core_audit_log WHERE tenant_id = ? ORDER BY seq_no ASC`, [tenantId]);
+                if (tenantEntries.length === 0) {
+                    return {
+                        ok: true,
+                        value: { tombstonedEntries: 0, rehashedEntries: 0, chainValid: true },
+                    };
+                }
+                const firstTombstoneSeqNo = tenantEntries[0].seq_no;
+                const purgeDate = clock.nowISO().split('T')[0]; // YYYY-MM-DD
+                const tombstoneDetail = JSON.stringify({ purged: true, purge_date: purgeDate });
+                // Execute within a transaction for atomicity
+                rawConn.transaction(() => {
+                    // Set tombstone flag to bypass I-06 UPDATE trigger
+                    rawConn.run(`INSERT OR IGNORE INTO core_audit_tombstone_active (id) VALUES (1)`);
+                    // Step 1: Tombstone all tenant entries (replace PII fields)
+                    rawConn.run(`UPDATE core_audit_log SET detail = ?, actor_id = 'purged' WHERE tenant_id = ?`, [tombstoneDetail, tenantId]);
+                    // Step 2: Cascade re-hash from first tombstoned entry to end of chain
+                    // Read ALL entries from first tombstoned entry onward
+                    const allEntries = rawConn.query(`SELECT seq_no, tenant_id, timestamp, actor_type, actor_id, operation,
+             resource_type, resource_id, detail, previous_hash, current_hash
+             FROM core_audit_log WHERE seq_no >= ? ORDER BY seq_no ASC`, [firstTombstoneSeqNo]);
+                    // Get the previous_hash for the first entry in the re-hash range
+                    let prevHash;
+                    if (firstTombstoneSeqNo === 1) {
+                        prevHash = GENESIS_HASH;
+                    }
+                    else {
+                        const predecessor = rawConn.get(`SELECT current_hash FROM core_audit_log WHERE seq_no < ? ORDER BY seq_no DESC LIMIT 1`, [firstTombstoneSeqNo]);
+                        prevHash = predecessor?.current_hash ?? GENESIS_HASH;
+                    }
+                    // Re-hash each entry
+                    for (const entry of allEntries) {
+                        const input = {
+                            tenantId: entry.tenant_id,
+                            actorType: entry.actor_type,
+                            actorId: entry.actor_id,
+                            operation: entry.operation,
+                            resourceType: entry.resource_type,
+                            resourceId: entry.resource_id,
+                            ...(entry.detail ? { detail: JSON.parse(entry.detail) } : {}),
+                        };
+                        const newHash = computeEntryHash(sha256Fn, prevHash, input, entry.timestamp, entry.seq_no);
+                        rawConn.run(`UPDATE core_audit_log SET previous_hash = ?, current_hash = ? WHERE seq_no = ?`, [prevHash, newHash, entry.seq_no]);
+                        prevHash = newHash;
+                    }
+                    // Clear tombstone flag
+                    rawConn.run(`DELETE FROM core_audit_tombstone_active WHERE id = 1`);
+                });
+                // Verify chain integrity post-tombstone
+                const verifyResult = this.verifyChain(rawConn);
+                const chainValid = verifyResult.ok ? verifyResult.value.valid : false;
+                const rehashedEntries = rawConn.get(`SELECT COUNT(*) as count FROM core_audit_log WHERE seq_no >= ?`, [firstTombstoneSeqNo])?.count ?? 0;
+                // FO-001: Meta-audit entry recording the tombstone operation itself.
+                // Uses null tenantId because this is a system-level operation on the global chain.
+                // Appended AFTER the tombstone transaction so it extends the chain normally.
+                this.append(conn, {
+                    tenantId: null,
+                    actorType: 'system',
+                    actorId: 'gdpr_tombstone',
+                    operation: 'gdpr_tombstone',
+                    resourceType: 'audit_trail',
+                    resourceId: tenantId,
+                    detail: { tombstonedEntries: tenantEntries.length, rehashedEntries, chainValid },
+                });
+                return {
+                    ok: true,
+                    value: { tombstonedEntries: tenantEntries.length, rehashedEntries, chainValid },
+                };
+            }
+            catch (err) {
+                // Ensure tombstone flag is cleaned up on error
+                try {
+                    const rawConn = unwrapForChainQuery(conn);
+                    rawConn.run(`DELETE FROM core_audit_tombstone_active WHERE id = 1`);
+                }
+                catch { /* cleanup best-effort */ }
+                return {
+                    ok: false,
+                    error: {
+                        code: 'TOMBSTONE_FAILED',
+                        message: err instanceof Error ? err.message : String(err),
+                        spec: 'CF-035, I-06, GDPR Art. 17',
+                    },
+                };
+            }
+        },
+        /**
+         * Get current chain head hash.
+         * S ref: §3.5 (hash chaining state)
+         */
+        getChainHead(conn, tenantId) {
+            try {
+                const tenantFilter = tenantId !== undefined ? 'WHERE tenant_id = ?' : '';
+                const params = tenantId !== undefined ? [tenantId] : [];
+                const row = conn.get(`SELECT current_hash FROM core_audit_log ${tenantFilter} ORDER BY seq_no DESC LIMIT 1`, params);
+                // If no entries, check archive segments for chain continuity
+                if (!row) {
+                    const archiveRow = conn.get(`SELECT final_hash FROM core_audit_archive_segments ORDER BY last_seq_no DESC LIMIT 1`);
+                    return { ok: true, value: archiveRow?.final_hash ?? GENESIS_HASH };
+                }
+                return { ok: true, value: row.current_hash };
+            }
+            catch (err) {
+                return {
+                    ok: false,
+                    error: {
+                        code: 'CHAIN_HEAD_FAILED',
+                        message: err instanceof Error ? err.message : String(err),
+                        spec: '§3.5',
+                    },
+                };
+            }
+        },
+    };
+}
+export { GENESIS_HASH };
+//# sourceMappingURL=audit_trail.js.map

package/dist/kernel/audit/audit_trail.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit_trail.js","sourceRoot":"","sources":["../../../src/kernel/audit/audit_trail.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAS5C,gDAAgD;AAChD,2DAA2D;AAC3D,MAAM,YAAY,GAAG,kEAAkE,CAAC;AAExF;;;;;;;GAOG;AACH,SAAS,mBAAmB,CAAC,IAAwB;IACnD,OAAO,KAAK,IAAI,IAAI,IAAK,IAAgC,CAAC,GAAG,KAAK,SAAS;QACzE,CAAC,CAAE,IAAgC,CAAC,GAAyB;QAC7D,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,QAAkC,EAAE,YAAoB,EAAE,KAAuB,EAAE,SAAiB,EAAE,KAAa;IAC3I,iEAAiE;IACjE,MAAM,IAAI,GAAG;QACX,YAAY;QACZ,MAAM,CAAC,KAAK,CAAC;QACb,SAAS;QACT,KAAK,CAAC,SAAS;QACf,KAAK,CAAC,OAAO;QACb,KAAK,CAAC,SAAS;QACf,KAAK,CAAC,YAAY;QAClB,KAAK,CAAC,UAAU;QAChB,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;KACnF,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAkC,EAAE,IAAmB;IACtF,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAC1F,OAAO;QACL;;;WAGG;QACH,MAAM,CAAC,IAAwB,EAAE,KAAuB;YACtD,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;gBACxB,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;gBAEjC,4CAA4C;gBAC5C,0EAA0E;gBAC1E,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAC3B,8EAA8E,CAC/E,CAAC;gBAEF,MAAM,YAAY,GAAG,SAAS,EAAE,YAAY,IAAI,YAAY,CAAC;gBAC7D,MAAM,KAAK,GAAG,CAAC,SAAS,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;gBAE3C,8BAA8B;gBAC9B,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;gBAEtF,wBAAwB;gBACxB,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAEtE,IAAI,CAAC,GAAG,CACN;;uDAE6C,EAC7C,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO;oBACpE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU;oBACrD,UAAU,EAAE,YAAY,EAAE,WAAW,CAAC,CACxC,CAAC;gBAEF,MAAM,KAAK,GAAe;oBACxB,KAAK;oBACL,EAAE;oBACF,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,SAAS;oBACT,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,YAAY,EAAE,KAAK,CAAC,YAAY;oBAChC,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,IAAI;oBAC5B,YAAY;oBACZ,WAAW;iBACZ,CAAC;gBAEF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;YACpC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE;wBACL,IAAI,EAAE,qBAAqB;wBAC3B,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;wBACzD,IAAI,EAAE,YAAY;qBACnB;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED;;;WAGG;QACH,WAAW,CAAC,IAAwB,EAAE,MAA0B;YAC9D,IAAI,CAAC;gBACH,MAAM,OAAO,GAAiB,EAAE,CAAC;gBAEjC,sBAAsB;gBACtB,0EAA0E;gBAC1E,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAC3B,8EAA8E,CAC/E,CAAC;gBAEF,IAAI,YAAY,GAAG,SAAS,EAAE,YAAY,IAAI,YAAY,CAAC;gBAC3D,IAAI,KAAK,GAAG,CAAC,SAAS,EAAE,MAAM,IAAI,CAAC,CAAC,CAAC;gBAErC,MAAM,UAAU,GAAG;;uDAE4B,CAAC;gBAEhD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;oBAC3B,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;oBACxB,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;oBACjC,KAAK,IAAI,CAAC,CAAC;oBAEX,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;oBACtF,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;oBAEtE,IAAI,CAAC,GAAG,CAAC,UAAU,EACjB,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO;wBACpE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,UAAU;wBACrD,UAAU,EAAE,YAAY,EAAE,WAAW,CAAC,CACxC,CAAC;oBAEF,OAAO,CAAC,IAAI,CAAC;wBACX,KAAK;wBACL,EAAE;wBACF,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,SAAS;wBACT,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,YAAY,EAAE,KAAK,CAAC,YAAY;wBAChC,UAAU,EAAE,KAAK,CAAC,UAAU;wBAC5B,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,IAAI;wBAC5B,YAAY;wBACZ,WAAW;qBACZ,CAAC,CAAC;oBAEH,YAAY,GAAG,WAAW,CAAC;gBAC7B,CAAC;gBAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;YACtC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;wBACzD,IAAI,EAAE,YAAY;qBACnB;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED;;;WAGG;QACH,KAAK,CAAC,IAAwB,EAAE,GAAqB,EAAE,MAAwB;YAC7E,IAAI,CAAC;gBACH,oCAAoC;gBACpC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;oBACnE,OAAO;wBACL,EAAE,EAAE,KAAK;wBACT,KAAK,EAAE;4BACL,IAAI,EAAE,mBAAmB;4BACzB,OAAO,EAAE,uDAAuD;4BAChE,IAAI,EAAE,MAAM;yBACb;qBACF,CAAC;gBACJ,CAAC;gBAED,MAAM,UAAU,GAAa,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAc,EAAE,CAAC;gBAE7B,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAClC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;oBACjC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAC/B,CAAC;gBACD,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;oBACjC,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC9B,CAAC;gBACD,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBACnC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;oBACjC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAChC,CAAC;gBACD,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;oBACtC,UAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;oBACrC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACnC,CAAC;gBACD,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;oBACpC,UAAU,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;oBACnC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBACjC,CAAC;gBACD,IAAI,MAAM,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;oBACvC,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;oBAClC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gBACpC,CAAC;gBACD,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;oBACrC,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;oBAClC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBAClC,CAAC;gBAED,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC/E,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,GAAG,CAAC;gBAClC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;gBAElC,MAAM,GAAG,GAAG;;2CAEuB,KAAK;0DACU,CAAC;gBAEnD,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAE3B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAKpB,GAAG,EAAE,MAAM,CAAC,CAAC;gBAEhB,MAAM,OAAO,GAAiB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAC7C,KAAK,EAAE,GAAG,CAAC,MAAM;oBACjB,EAAE,EAAE,GAAG,CAAC,EAAE;oBACV,QAAQ,EAAE,GAAG,CAAC,SAA4B;oBAC1C,SAAS,EAAE,GAAG,CAAC,SAAS;oBACxB,SAAS,EAAE,GAAG,CAAC,UAAqC;oBACpD,OAAO,EAAE,GAAG,CAAC,QAAQ;oBACrB,SAAS,EAAE,GAAG,CAAC,SAAS;oBACxB,YAAY,EAAE,GAAG,CAAC,aAAa;oBAC/B,UAAU,EAAE,GAAG,CAAC,WAAW;oBAC3B,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAA4B,CAAC,CAAC,CAAC,IAAI;oBAC7E,YAAY,EAAE,GAAG,CAAC,aAAa;oBAC/B,WAAW,EAAE,GAAG,CAAC,YAAY;iBAC9B,CAAC,CAAC,CAAC;gBAEJ,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;YACtC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;wBACzD,IAAI,EAAE,MAAM;qBACb;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED;;;WAGG;QACH,WAAW,CAAC,IAAwB,EAAE,QAAmB;YACvD,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,MAAM,MAAM,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAExD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAMrB;;iCAEuB,YAAY,sBAAsB,EACzD,MAAM,CACP,CAAC;gBAEF,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACtB,OAAO;wBACL,EAAE,EAAE,IAAI;wBACR,KAAK,EAAE;4BACL,KAAK,EAAE,IAAI;4BACX,YAAY,EAAE,CAAC;4BACf,UAAU,EAAE,CAAC;4BACb,SAAS,EAAE,CAAC;4BACZ,QAAQ,EAAE,IAAI;4BACd,YAAY,EAAE,IAAI;4BAClB,UAAU,EAAE,IAAI;4BAChB,IAAI,EAAE,EAAE;yBACT;qBACF,CAAC;gBACJ,CAAC;gBAED,MAAM,IAAI,GAAa,EAAE,CAAC;gBAC1B,IAAI,KAAK,GAAG,IAAI,CAAC;gBACjB,IAAI,QAAQ,GAAkB,IAAI,CAAC;gBACnC,IAAI,YAAY,GAAkB,IAAI,CAAC;gBACvC,IAAI,UAAU,GAAkB,IAAI,CAAC;gBAErC,IAAI,QAAQ,GAAG,YAAY,CAAC;gBAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;oBAErB,0BAA0B;oBAC1B,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;wBACV,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,MAAM,CAAC;wBACtC,KAAK,IAAI,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;4BAChD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;wBACf,CAAC;oBACH,CAAC;oBAED,4BAA4B;oBAC5B,IAAI,GAAG,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;wBACnC,KAAK,GAAG,KAAK,CAAC;wBACd,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC;wBACtB,YAAY,GAAG,QAAQ,CAAC;wBACxB,UAAU,GAAG,GAAG,CAAC,aAAa,CAAC;wBAC/B,MAAM;oBACR,CAAC;oBAED,iBAAiB;oBACjB,MAAM,KAAK,GAAqB;wBAC9B,QAAQ,EAAE,GAAG,CAAC,SAA4B;wBAC1C,SAAS,EAAE,GAAG,CAAC,UAA2C;wBAC1D,OAAO,EAAE,GAAG,CAAC,QAAQ;wBACrB,SAAS,EAAE,GAAG,CAAC,SAAS;wBACxB,YAAY,EAAE,GAAG,CAAC,aAAa;wBAC/B,UAAU,EAAE,GAAG,CAAC,WAAW;wBAC3B,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAA4B,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;qBACrF,CAAC;oBAEF,MAAM,cAAc,GAAG,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,aAAa,EAAE,KAAK,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;oBAEvG,IAAI,cAAc,KAAK,GAAG,CAAC,YAAY,EAAE,CAAC;wBACxC,KAAK,GAAG,KAAK,CAAC;wBACd,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC;wBACtB,YAAY,GAAG,cAAc,CAAC;wBAC9B,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC;wBAC9B,MAAM;oBACR,CAAC;oBAED,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC;gBAC9B,CAAC;gBAED,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,KAAK,EAAE;wBACL,KAAK,EAAE,KAAK,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;wBACjC,YAAY,EAAE,IAAI,CAAC,MAAM;wBACzB,UAAU,EAAE,IAAI,CAAC,CAAC,CAAE,CAAC,MAAM;wBAC3B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,MAAM;wBACxC,QAAQ;wBACR,YAAY;wBACZ,UAAU;wBACV,IAAI;qBACL;iBACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE;wBACL,IAAI,EAAE,qBAAqB;wBAC3B,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;wBACzD,IAAI,EAAE,OAAO;qBACd;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED;;;WAGG;QACH,OAAO,CAAC,IAAwB,EAAE,SAAiB,EAAE,UAAkB;YACrE,IAAI,CAAC;gBACH,0BAA0B;gBAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAGxB,yFAAyF,EACzF,CAAC,SAAS,CAAC,CACZ,CAAC;gBAEF,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO;wBACL,EAAE,EAAE,KAAK;wBACT,KAAK,EAAE;4BACL,IAAI,EAAE,uBAAuB;4BAC7B,OAAO,EAAE,2DAA2D;4BACpE,IAAI,EAAE,MAAM;yBACb;qBACF,CAAC;gBACJ,CAAC;gBAED,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC,MAAM,CAAC;gBACtC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,MAAM,CAAC;gBACtD,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,YAAY,CAAC;gBAC5D,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;gBAE/B,2CAA2C;gBAC3C,yDAAyD;gBACzD,uEAAuE;gBACvE,0DAA0D;gBAC1D,sEAAsE;gBACtE,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC/C,6HAA6H;gBAC7H,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,CAO7C,CAAC;gBACF,MAAM,SAAS,GAAG,IAAI,aAAa,CAAC,UAAU,CAAC,CAAC;gBAEhD,SAAS,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;SAed,CAAC,CAAC;gBAEH,eAAe;gBACf,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAM9B,oFAAoF,EACpF,CAAC,UAAU,EAAE,SAAS,CAAC,CACxB,CAAC;gBAEF,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAClC,wEAAwE,CACzE,CAAC;gBAEF,MAAM,SAAS,GAAG,SAAS,CAAC,WAAW,CAAC,GAAG,EAAE;oBAC3C,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;wBAClC,UAAU,CAAC,GAAG,CACZ,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,SAAS,EACxD,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,EACjD,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,MAAM,EACpD,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,YAAY,CACxC,CAAC;oBACJ,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,SAAS,EAAE,CAAC;gBAEZ,SAAS,CAAC,KAAK,EAAE,CAAC;gBAElB,yBAAyB;gBACzB,IAAI,CAAC,GAAG,CACN;2EACiE,EACjE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAC1E,CAAC;gBAEF,6CAA6C;gBAC7C,mFAAmF;gBACnF,gGAAgG;gBAChG,0EAA0E;gBAC1E,IAAI,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;gBAC5E,IAAI,CAAC,GAAG,CACN,8DAA8D,EAC9D,CAAC,UAAU,EAAE,SAAS,CAAC,CACxB,CAAC;gBACF,IAAI,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;gBAE/D,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,KAAK,EAAE;wBACL,SAAS;wBACT,eAAe,EAAE,OAAO,CAAC,MAAM;wBAC/B,UAAU;wBACV,SAAS;wBACT,SAAS;wBACT,QAAQ,EAAE,UAAU;qBACrB;iBACF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE;wBACL,IAAI,EAAE,gBAAgB;wBACtB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;wBACzD,IAAI,EAAE,MAAM;qBACb;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED;;;;;;;;;;;;;;;;WAgBG;QACH,SAAS,CAAC,IAAwB,EAAE,QAAkB;YACpD,IAAI,CAAC;gBACH,0DAA0D;gBAC1D,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBAE1C,4BAA4B;gBAC5B,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CACjC,2EAA2E,EAC3E,CAAC,QAAQ,CAAC,CACX,CAAC;gBAEF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC/B,OAAO;wBACL,EAAE,EAAE,IAAI;wBACR,KAAK,EAAE,EAAE,iBAAiB,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE;qBACtE,CAAC;gBACJ,CAAC;gBAED,MAAM,mBAAmB,GAAG,aAAa,CAAC,CAAC,CAAE,CAAC,MAAM,CAAC;gBACrD,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,aAAa;gBAC9D,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;gBAEhF,6CAA6C;gBAC7C,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE;oBACvB,mDAAmD;oBACnD,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC;oBAEjF,4DAA4D;oBAC5D,OAAO,CAAC,GAAG,CACT,+EAA+E,EAC/E,CAAC,eAAe,EAAE,QAAQ,CAAC,CAC5B,CAAC;oBAEF,sEAAsE;oBACtE,sDAAsD;oBACtD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAM9B;;uEAE2D,EAC3D,CAAC,mBAAmB,CAAC,CACtB,CAAC;oBAEF,iEAAiE;oBACjE,IAAI,QAAgB,CAAC;oBACrB,IAAI,mBAAmB,KAAK,CAAC,EAAE,CAAC;wBAC9B,QAAQ,GAAG,YAAY,CAAC;oBAC1B,CAAC;yBAAM,CAAC;wBACN,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAC7B,uFAAuF,EACvF,CAAC,mBAAmB,CAAC,CACtB,CAAC;wBACF,QAAQ,GAAG,WAAW,EAAE,YAAY,IAAI,YAAY,CAAC;oBACvD,CAAC;oBAED,qBAAqB;oBACrB,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;wBAC/B,MAAM,KAAK,GAAqB;4BAC9B,QAAQ,EAAE,KAAK,CAAC,SAA4B;4BAC5C,SAAS,EAAE,KAAK,CAAC,UAA2C;4BAC5D,OAAO,EAAE,KAAK,CAAC,QAAQ;4BACvB,SAAS,EAAE,KAAK,CAAC,SAAS;4BAC1B,YAAY,EAAE,KAAK,CAAC,aAAa;4BACjC,UAAU,EAAE,KAAK,CAAC,WAAW;4BAC7B,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAA4B,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;yBACzF,CAAC;wBAEF,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;wBAE3F,OAAO,CAAC,GAAG,CACT,gFAAgF,EAChF,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,CAClC,CAAC;wBAEF,QAAQ,GAAG,OAAO,CAAC;oBACrB,CAAC;oBAED,uBAAuB;oBACvB,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBACtE,CAAC,CAAC,CAAC;gBAEH,wCAAwC;gBACxC,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;gBAEtE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CACjC,gEAAgE,EAChE,CAAC,mBAAmB,CAAC,CACtB,EAAE,KAAK,IAAI,CAAC,CAAC;gBAEd,qEAAqE;gBACrE,mFAAmF;gBACnF,6EAA6E;gBAC7E,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;oBAChB,QAAQ,EAAE,IAAI;oBACd,SAAS,EAAE,QAAQ;oBACnB,OAAO,EAAE,gBAAgB;oBACzB,SAAS,EAAE,gBAAgB;oBAC3B,YAAY,EAAE,aAAa;oBAC3B,UAAU,EAAE,QAAQ;oBACpB,MAAM,EAAE,EAAE,iBAAiB,EAAE,aAAa,CAAC,MAAM,EAAE,eAAe,EAAE,UAAU,EAAE;iBACjF,CAAC,CAAC;gBAEH,OAAO;oBACL,EAAE,EAAE,IAAI;oBACR,KAAK,EAAE,EAAE,iBAAiB,EAAE,aAAa,CAAC,MAAM,EAAE,eAAe,EAAE,UAAU,EAAE;iBAChF,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,+CAA+C;gBAC/C,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;oBAC1C,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBACtE,CAAC;gBAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;gBAErC,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE;wBACL,IAAI,EAAE,kBAAkB;wBACxB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;wBACzD,IAAI,EAAE,4BAA4B;qBACnC;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED;;;WAGG;QACH,YAAY,CAAC,IAAwB,EAAE,QAAmB;YACxD,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,MAAM,MAAM,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAExD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAClB,2CAA2C,YAAY,+BAA+B,EACtF,MAAM,CACP,CAAC;gBAEF,6DAA6D;gBAC7D,IAAI,CAAC,GAAG,EAAE,CAAC;oBACT,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CACzB,sFAAsF,CACvF,CAAC;oBACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,IAAI,YAAY,EAAE,CAAC;gBACrE,CAAC;gBAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC;YAC/C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE;wBACL,IAAI,EAAE,mBAAmB;wBACzB,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;wBACzD,IAAI,EAAE,MAAM;qBACb;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/kernel/crypto/crypto_engine.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * Cryptographic primitives implementation.
+ * S ref: I-11, FM-10, IP-1, IP-6
+ *
+ * Phase: 1 (Kernel) -- Build Order 4
+ * Required by audit (SHA-256 hash chaining) and vault.
+ *
+ * I-11: AES-256-GCM default encryption. PBKDF2 key derivation (600k iterations).
+ * IP-1: Vault for secure credential storage.
+ * IP-6: HMAC-SHA256 for webhook signing.
+ *
+ * All crypto uses Node.js built-in crypto module (I-01 compliance).
+ */
+import type { CryptoEngine, VaultOperations } from '../interfaces/index.js';
+/** AES-256-GCM constants. S ref: I-11. */
+declare const AES_256_GCM: "aes-256-gcm";
+declare const KEY_LENGTH = 32;
+declare const IV_LENGTH = 12;
+declare const AUTH_TAG_LENGTH = 16;
+/** Default PBKDF2 iterations. S ref: I-11. */
+declare const DEFAULT_PBKDF2_ITERATIONS = 600000;
+/**
+ * Create a CryptoEngine implementation.
+ * S ref: I-11 (encryption at rest), §3.5 (SHA-256), IP-6 (HMAC)
+ */
+export declare function createCryptoEngine(): CryptoEngine;
+/**
+ * Create VaultOperations implementation.
+ * S ref: I-11 (encryption at rest), IP-1 (secure credential storage)
+ */
+export declare function createVaultOperations(crypto: CryptoEngine, masterKey: Buffer): VaultOperations;
+/**
+ * CF-010: String-level encryption adapter.
+ * Wraps CryptoEngine's Buffer-based AES-256-GCM encrypt/decrypt into a
+ * string-in/string-out interface suitable for LLM gateway and event bus.
+ *
+ * Format: base64(iv):base64(authTag):base64(ciphertext)
+ * Uses the first 32 bytes of masterKey directly (no derivation — derivation
+ * is for per-tenant vault entries, not for system-level encryption).
+ *
+ * S ref: I-11 (encryption at rest), CF-010 (LLM + webhook encryption)
+ */
+export interface StringEncryption {
+    encrypt(plaintext: string): string;
+    decrypt(ciphertext: string): string;
+}
+export declare function createStringEncryption(crypto: CryptoEngine, masterKey: Buffer): StringEncryption;
+export { DEFAULT_PBKDF2_ITERATIONS, KEY_LENGTH, IV_LENGTH, AUTH_TAG_LENGTH, AES_256_GCM };
+//# sourceMappingURL=crypto_engine.d.ts.map

package/dist/kernel/crypto/crypto_engine.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"crypto_engine.d.ts","sourceRoot":"","sources":["../../../src/kernel/crypto/crypto_engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAOH,OAAO,KAAK,EAEV,YAAY,EAAE,eAAe,EAE9B,MAAM,wBAAwB,CAAC;AAEhC,0CAA0C;AAC1C,QAAA,MAAM,WAAW,EAAG,aAAsB,CAAC;AAC3C,QAAA,MAAM,UAAU,KAAK,CAAC;AACtB,QAAA,MAAM,SAAS,KAAK,CAAC;AACrB,QAAA,MAAM,eAAe,KAAK,CAAC;AAE3B,8CAA8C;AAC9C,QAAA,MAAM,yBAAyB,SAAU,CAAC;AAE1C;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,YAAY,CAiIjD;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,GAAG,eAAe,CA6L9F;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IACnC,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;CACrC;AAED,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,GAAG,gBAAgB,CAkChG;AAED,OAAO,EAAE,yBAAyB,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,EAAE,WAAW,EAAE,CAAC"}