mask-privacy 1.0.2 → 2.0.0

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 Mask AI Solutions
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -27,9 +27,9 @@ Instead of trusting the LLM to safeguard plain-text data, the system strictly en
 
 This guarantees that the LLM can orchestrate workflows involving sensitive data without ever actually exposing the raw data to the model or its remote provider logs. 
 
-Additionally, we solve two critical sub-issues to make this enterprise-ready:
-1. **The Statefulness Trap**: Traditional "vaults" break down in multi-node Kubernetes environments. We support pluggable distributed vaults (Redis, DynamoDB, Memcached) so detokenization state is instantly shared across all your horizontally scaled pods.
-2. **The Schema Trap**: Strict downstream tools will crash if handed a random token. We use Format-Preserving Tokenization backed by an encrypted vault to generate tokens that retain the exact format of the original data (Emails, US Phones, SSNs, 16-digit Credit Cards, 9-digit Routing Numbers). Tokens look like real data; the real values are stored encrypted and retrieved via the vault.
+Additionally, the SDK addresses two technical considerations for production use:
+1. **Distributed State Management**: Traditional "vaults" may lose state in multi-node environments. Pluggable backends (Redis, DynamoDB, Memcached) ensure detokenization state is shared across all pods.
+2. **Schema Compatibility**: Downstream tools frequently require specific formats. Format-Preserving Tokenization (Emails, US Phones, SSNs, etc.) generates tokens that retain the format of original data.
 
 ### How We Handle Data (Local-First by Default)
 
@@ -49,7 +49,7 @@ The Data Plane is the open-source, transparent, auditable runtime execution laye
 *   **JIT Cryptography Engine:** The core pre-tool decryption and post-tool encryption hooks that intercept and mutate data in-flight.
 *   **Format-Preserving Tokenization Router:** Ensures downstream databases and strict schemas don't break when handed a token. Tokens look like real data; the real values are stored encrypted and retrieved via the vault.
 *   **Pluggable Distributed Vaults:** Support for enterprise-native caching layers (Redis, DynamoDB, Memcached) to ensure horizontally-scaled edge agents have synchronized access to detokenization mapping.
-*   **Local Audit Logger:** An asynchronous AuditLogger that buffers privacy events to a local SQLite database and emits structured JSON logs for SIEM ingestion.
+*   **Local Audit Logger:** An asynchronous AuditLogger that buffers privacy events in memory and emits structured JSON logs to stdout for SIEM ingestion.
 
 ---
 
@@ -79,21 +79,50 @@ const client = new MaskClient({
 const safeToken = await client.encode("user@tenant.com");
 ```
 
-### 3. Heuristic Safety mathematically guaranteed
-It is catastrophic if an SDK misidentifies a user's *real* SSN as a "token" and accidentally passes it in plaintext to an LLM. Mask's `looksLikeToken()` heuristic algorithm strictly uses universally invalid prefixes. 
-* SSN tokens always begin with `000` (The Social Security Administration has never issued an Area Number of 000).
+### 3. Collision Avoidance
+Mask prevents the misidentification of real data as tokens by using universally invalid prefixes for token generation:
+* SSN tokens always begin with `000` (The Social Security Administration does not issue Area Numbers of 000).
 * Routing tokens always begin with `0000` (The Federal Reserve valid range starts at 01).
 * Credit Card tokens use the `4000-0000-0000` Visa reserved test BIN. 
-By generating statistically impossible tokens, Mask guarantees it will never accidentally swallow real PII.
+
+This prefix-based approach ensures that the SDK does not inadvertently process valid PII as an existing token.
 
 ### 4. Enterprise Async Support
 Mask is built from the ground up for high-concurrency Node.js environments. All core operations are asynchronous and promised-based. Calling `encode()`, `decode()`, or `scanAndTokenize()` allows your event loop to remain unblocked while handling PII tokenization tasks.
 
-### 5. Pluggable Key Providers (AWS KMS / HashiCorp Vault)
-For zero-trust environments, `MASK_ENCRYPTION_KEY` no longer needs to live in a static environment variable. Developers can fetch secrets dynamically from AWS KMS, Azure Key Vault, or HashiCorp Vault at runtime and inject them into the `CryptoEngine`.
+### 5. Pluggable Key Management (Enterprise KMS)
+For zero-trust environments, `MASK_ENCRYPTION_KEY` can be managed outside of static environment variables. Mask supports a pluggable `BaseKeyProvider` architecture that allows you to fetch secrets dynamically from dedicated Key Management Services.
+
+#### Supported Providers
+*   **EnvKeyProvider (Default)**: Reads from `MASK_ENCRYPTION_KEY` and `MASK_MASTER_KEY`.
+*   **AwsKmsKeyProvider (Stub)**: Placeholder for AWS KMS. Requires implementation of `@aws-sdk/client-kms`.
+*   **AzureKeyVaultProvider (Stub)**: Placeholder for Azure Key Vault. Requires implementation of `@azure/keyvault-keys`.
+*   **HashiCorpVaultProvider (Stub)**: Placeholder for HashiCorp Vault.
+
+> [!NOTE]
+> All KMS stub providers are designed for **Fail-Shut** operation. If you attempt to use a stub provider that is not yet implemented, the SDK will throw an `Error` rather than fall back to insecure defaults.
+
+#### Example: Implementing a Custom Provider
+If you need to support a specific KMS today, you can easily implement the `BaseKeyProvider` interface:
 
-### 6. Remote NLP Scanning
-Performance-sensitive deployments can now offload the NLP models (like spaCy or Presidio) to a centralized service using the `RemotePresidioScanner`. This permits "lightweight" edge workers (e.g., AWS Lambda) to run Mask with near-zero memory footprint.
+```typescript
+import { BaseKeyProvider, setKeyProvider } from 'mask-privacy/core/key_provider';
+
+class MyCustomKmsProvider extends BaseKeyProvider {
+  async getEncryptionKey(): Promise<string> {
+    // Logic to fetch from your KMS
+    return "your-secret-key";
+  }
+  async getMasterKey(): Promise<string> {
+    return "your-master-key";
+  }
+}
+
+setKeyProvider(new MyCustomKmsProvider());
+```
+
+### 6. Local NLP Scanning (Default)
+Performance-sensitive deployments utilize the built-in `LocalTransformersScanner` by default. This uses HuggingFace Transformers to run PII detection locally within your Node.js process, eliminating the need for external NLP services.
 
 ### 7. Sub-string Detokenization
 Mask includes the ability to detokenize PII embedded within larger text blocks (like email bodies or chat messages). `detokenizeText()` uses high-performance regex to find and restore all tokens within a paragraph before they hit your tools.
@@ -110,6 +139,7 @@ Add peer dependencies depending on your infrastructure:
 npm install ioredis          # For Redis vaults
 npm install @aws-sdk/client-dynamodb @aws-sdk/lib-dynamodb # For DynamoDB vaults
 npm install memjs            # For Memcached vaults
+npm install @huggingface/transformers # Required for local NLP scanning
 ```
 
 ### Framework Support
@@ -150,6 +180,19 @@ export MASK_DYNAMODB_REGION=us-east-1
 # For Memcached:
 export MASK_MEMCACHED_HOST=localhost
 export MASK_MEMCACHED_PORT=11211
+
+#### 4. Security Enforcement
+# Enable strict mode to refuse startup without MASK_ENCRYPTION_KEY
+export MASK_STRICT_PROD=true
+
+# Configure Blind Index Salt (Optional)
+export MASK_BLIND_INDEX_SALT="custom-salt-here"
+
+> [!IMPORTANT]
+> **Security Warning:** In production, you **must** change the default `MASK_BLIND_INDEX_SALT`. Using the default salt makes your blind indices vulnerable to pre-computed hash (rainbow table) attacks across different SDK installations.
+
+# Configure MemoryVault cleanup aggressiveness (default: 0.01)
+export MASK_VAULT_CLEANUP_FREQUENCY=0.05
 ```
 
 ---
@@ -236,11 +279,14 @@ The SDK includes a thread-safe, asynchronous AuditLogger built-in.
 
 As your agents encrypt and decrypt data, the logger buffers these privacy events (Action, Agent, TTL). **Raw PII is never logged.** 
 
-Audit events are stored locally in a SQLite database (`.mask_audit.db`) and flushed to stdout as structured JSON. Pipe them into your existing Datadog or Splunk agents for SOC2/HIPAA compliance reporting.
+Audit events are buffered in memory and flushed periodically to stdout as structured JSON. Pipe these logs into your existing Datadog or Splunk agents for SOC2/HIPAA compliance reporting.
+
+The `AuditLogger` includes graceful shutdown hooks (`SIGTERM`, `SIGINT`) to ensure all buffered events are flushed before the process exits.
+
+To prevent memory issues in high-volume environments, the buffer size can be capped:
 
-To disable the local SQLite buffer:
 ```bash
-export MASK_DISABLE_AUDIT_DB=true
+export MASK_AUDIT_MAX_BUFFER_SIZE=5000
 ```
 
 ## License

package/dist/index.d.mts

@@ -1,21 +1,24 @@
 /** Interface every vault backend must implement. */
 declare abstract class BaseVault {
     /** Persist a token → plaintext mapping with a TTL. Optionally save a reverse lookup hash. */
-    abstract store(token: string, plaintext: string, ttlSeconds: number, ptHash?: string | null): Promise<void> | void;
+    abstract store(token: string, plaintext: string, ttlSeconds: number, ptHash?: string | null): Promise<void>;
     /** Return the existing unexpired token for a given plaintext hash, or null. */
-    abstract getTokenByPlaintextHash(ptHash: string): Promise<string | null> | string | null;
+    abstract getTokenByPlaintextHash(ptHash: string): Promise<string | null>;
     /** Return the plaintext for token, or null if missing/expired. */
-    abstract retrieve(token: string): Promise<string | null> | string | null;
+    abstract retrieve(token: string): Promise<string | null>;
     /** Delete a token and its reverse mapping. */
-    abstract delete(token: string): Promise<void> | void;
+    abstract delete(token: string): Promise<void>;
 }
 declare function getVault(): BaseVault;
+type EncodeOptions = {
+    ttl?: number;
+    searchBuckets?: ('year' | 'month' | 'day' | 'numeric')[];
+    searchBucketSize?: number;
+};
 /**
  * Tokenise rawText, encrypt it, store in vault, return the FPE token.
  */
-declare function encode(rawText: string, options?: {
-    ttl?: number;
-}): Promise<string>;
+declare function encode(rawText: string, options?: EncodeOptions): Promise<string>;
 /** Async wrapper for encode (parity with Python aencode). */
 declare const aencode: typeof encode;
 /**
@@ -31,42 +34,26 @@ declare function detokenizeText(text: string): Promise<string>;
 /** Async wrapper for detokenizeText (parity with Python adetokenize_text). */
 declare const adetokenizeText: typeof detokenizeText;
 
+/**
+ * Heuristic: return true if value appears to be a Mask token.
+ */
+declare function looksLikeToken(value: string | any): boolean;
+
 /**
  * Format-Preserving Encryption (FPE) token generation.
  *
  * Generates structurally valid, **deterministic** tokens that preserve the
  * format of the original data type so downstream tools, schemas, and
  * validators continue to work without modification.
- *
- * Determinism is achieved via HMAC-SHA256 keyed with a master key, ensuring
- * the same plaintext always produces the same token. This preserves entity
- * relationships for LLMs (e.g. "John" is always [TKN-abc]) without leaking
- * the identity.
- *
- * Supported formats:
- *   - Email  →  tkn-<hex>@email.com
- *   - Phone  →  +1-555-<7 digits>
- *   - SSN    →  000-00-<4 digits>
- *   - CC     →  4000-0000-0000-<4 digits>
- *   - Routing→  000000<3 digits>
- *   - Default→  [TKN-<hex>]
  */
 /** Clear the cached master key. Useful in tests. */
 declare function resetMasterKey(): void;
 /**
  * Return a **deterministic**, format-preserving token for rawText.
- *
- * The token is structurally compatible with the original data type
- * so that downstream schema validators, regex checks, and database
- * constraints continue to pass.
  */
-declare function generateFPEToken(rawText: string): string;
-/**
- * Heuristic: return true if value appears to be a Mask token.
- */
-declare function looksLikeToken(value: string): boolean;
+declare function generateFPEToken(rawText: string): Promise<string>;
 
-declare class PresidioScanner {
+declare class BaseScanner {
     protected _supportedEntities: string[];
     constructor();
     setSupportedEntities(entities: string[]): void;
@@ -92,15 +79,45 @@ declare class PresidioScanner {
         aggressive?: boolean;
     }): Promise<any[]>;
 }
+/** @deprecated Use BaseScanner instead. Kept for backwards compatibility. */
+declare const PresidioScanner: typeof BaseScanner;
+declare function getScanner(): BaseScanner;
+
 /**
- * Scanner that calls a remote Presidio Analyzer endpoint.
+ * Local Transformers-based NER Scanner for Mask SDK.
+ *
+ * Uses @huggingface/transformers via a Piscina worker pool to provide
+ * state-of-the-art PII detection (Names, Locations, Organizations) entirely
+ * on the local machine via ONNX Runtime — without blocking the Node.js event loop.
  */
-declare class RemotePresidioScanner extends PresidioScanner {
-    private endpointUrl;
-    constructor(endpointUrl: string);
+
+declare class LocalTransformersScanner extends BaseScanner {
+    private _pool;
+    private _modelName;
+    private _warmupPromise;
+    constructor(modelName?: string);
+    /**
+     * Initialize the Piscina worker pool and pre-warm the ONNX model.
+     * The model is loaded eagerly at construction time to avoid P99 latency
+     * spikes on the first user request.
+     */
+    private _initPool;
+    /**
+     * Map Transformer entity types to Mask internal entity types.
+     */
+    private _mapEntityType;
     protected _tier2Nlp(text: string, encodeFn: (val: string) => Promise<string>, boostEntities: Set<string>, aggressive: boolean, confidenceThreshold: number): Promise<[string, any[]]>;
+    /**
+     * Merges sub-tokens and entities of the same type while precisely tracking
+     * offsets in the original text.
+     */
+    private _mergeResultsWithOffsets;
+    /**
+     * Gracefully shut down the worker pool.
+     * Call this during application shutdown to prevent the Node.js process from hanging.
+     */
+    close(): Promise<void>;
 }
-declare function getScanner(): PresidioScanner;
 
 /**
  * Custom exception hierarchy for the Mask SDK.
@@ -120,6 +137,9 @@ declare class MaskDecryptionError extends MaskError {
 /** Raised when spaCy / Presidio analysis exceeds the time budget. */
 declare class MaskNLPTimeout extends MaskError {
 }
+/** Raised when mandatory security keys (MASK_MASTER_KEY, etc.) are missing. */
+declare class MaskSecurityError extends MaskError {
+}
 
 /**
  * Core cryptography engine for Mask SDK.
@@ -128,46 +148,62 @@ declare class MaskNLPTimeout extends MaskError {
  * ensuring that plaintext PII is encrypted locally before being
  * transmitted and stored in distributed vaults (Redis/Memcached/DynamoDB).
  *
+ * Uses AES-256-GCM (authenticated encryption) via native Node.js crypto.
+ * Includes a compatibility layer to decrypt legacy Fernet-format tokens.
+ *
  * Requires MASK_ENCRYPTION_KEY to be set in the environment.
  */
 declare class CryptoEngine {
     private static _instance;
-    private _fernet;
+    private _aesKey;
+    private _indexSecret;
     private constructor();
+    /**
+     * Return the singleton instance, initialising it if necessary.
+     * This is asynchronous because key providers (KMS, etc.) might be async.
+     */
+    static getInstanceAsync(): Promise<CryptoEngine>;
+    /** Legacy synchronous accessor — will throw if not already initialised. */
     static getInstance(): CryptoEngine;
     /** Clear the singleton instance to force re-initialization (useful for key rotation). */
     static reset(): void;
     private _init;
+    /** Return the secret used for HMAC-based blind indexing. */
+    getIndexSecret(): Promise<Buffer>;
     encrypt(plaintext: string): string;
     decrypt(ciphertext: string): string;
+    /** Decrypt an AES-256-GCM token (base64 encoded). */
+    private _decryptAesGcm;
+    /**
+     * Attempt to decrypt a legacy Fernet-format token.
+     *
+     * Fernet format: Version (1) || Timestamp (8) || IV (16) || Ciphertext (var) || HMAC (32)
+     * All base64url-encoded.
+     *
+     * We try to use the `fernet` npm package if available, otherwise throw.
+     */
+    private _decryptLegacyFernet;
 }
 
-/**
- * Asynchronous audit logger for Mask Privacy SDK.
- *
- * Logs every tokenisation / detokenisation event *without* recording the
- * plaintext PII. Events are batched and flushed to:
- *   - stdout / Console (default)
- *   - Customer SIEM via structured JSON log lines
- *
- * NOTE: This SDK is LOCAL-FIRST. Audits are stored in a local
- * SQLite file (.mask_audit.db) and are NOT sent anywhere externally.
- */
 declare class AuditLogger {
     private static _instance;
-    private _dbPath;
     private _flushInterval;
     private _running;
     private _timer;
+    private _isFlushing;
     private _buffer;
-    private _dbDisabled;
-    private _db;
+    private _maxBufferSize;
+    private _strictMode;
+    private _bufferFullWarned;
+    private _shutdownRegistered;
     private constructor();
     static getInstance(): AuditLogger;
     log(action: string, token: string, dataType?: string, agent?: string, tool?: string, extra?: Record<string, any>): void;
     start(): void;
-    stop(): void;
+    stop(): Promise<void>;
     private _flush;
+    /** Synchronous flush for use in signal handlers where async is unreliable. */
+    private _flushSync;
 }
 
 /**
@@ -180,29 +216,33 @@ declare class AuditLogger {
 declare class MaskClient {
     vault: BaseVault;
     crypto: CryptoEngine;
-    scanner: PresidioScanner;
+    scanner: BaseScanner;
     auditLogger: AuditLogger;
     /** backward compat alias */
     logger: AuditLogger;
     ttl: number;
     /**
      * Initialise the client with specific component instances.
-     *
-     * If an instance is not provided, the client will fall back to
-     * the standard environment-configured singleton for that component.
      */
     constructor(options?: {
         vault?: BaseVault;
         crypto?: CryptoEngine;
-        scanner?: PresidioScanner;
+        scanner?: BaseScanner;
         auditLogger?: AuditLogger;
         ttl?: number;
     });
+    /**
+     * Static factory to create an initialized MaskClient.
+     */
+    static create(options?: {
+        vault?: BaseVault;
+        crypto?: CryptoEngine;
+        scanner?: BaseScanner;
+        auditLogger?: AuditLogger;
+        ttl?: number;
+    }): Promise<MaskClient>;
     /**
      * Tokenise rawText, encrypt it, and store it in the vault.
-     *
-     * Includes deduplication: if the same plaintext has been encoded
-     * before and the token is still active, the existing token is returned.
      */
     encode(rawText: string): Promise<string>;
     /** Retrieve token from vault and decrypt it. */
@@ -215,10 +255,14 @@ declare class MaskClient {
     adecode(token: string): Promise<string>;
     /** Async wrapper for scanAndTokenize (parity with Python ascan_and_tokenize). */
     ascanAndTokenize(text: string): Promise<string>;
-    /** Find and replace all tokens within text with their plaintext. */
     detokenizeText(text: string): Promise<string>;
     /** Async wrapper for detokenizeText (parity with Python adetokenize_text). */
     adetokenizeText(text: string): Promise<string>;
+    /**
+     * Gracefully shut down all SDK resources (worker pools, vault connections, audit logger).
+     * Call this during application shutdown to prevent the Node.js process from hanging.
+     */
+    close(): Promise<void>;
 }
 
 /**
@@ -228,7 +272,7 @@ declare class MaskClient {
  * Provides format-preserving encryption, local/distributed vaulting,
  * and framework-agnostic tool interception hooks.
  */
-declare const VERSION = "1.0.0";
+declare const VERSION = "2.0.0";
 
 /**
  * Detect PII entities in text and return a list of objects with metadata.
@@ -254,4 +298,4 @@ declare function ascanAndTokenize(text: string, options?: {
  */
 declare function secureTool(...args: any[]): any;
 
-export { MaskClient, MaskDecryptionError, MaskError, MaskNLPTimeout, MaskVaultConnectionError, RemotePresidioScanner, VERSION, adecode, adetokenizeText, aencode, ascanAndTokenize, decode, detectEntitiesWithConfidence, detokenizeText, encode, generateFPEToken, getScanner, getVault, looksLikeToken, resetMasterKey, secureTool };
+export { BaseScanner, LocalTransformersScanner, MaskClient, MaskDecryptionError, MaskError, MaskNLPTimeout, MaskSecurityError, MaskVaultConnectionError, PresidioScanner, VERSION, adecode, adetokenizeText, aencode, ascanAndTokenize, decode, detectEntitiesWithConfidence, detokenizeText, encode, generateFPEToken, getScanner, getVault, looksLikeToken, resetMasterKey, secureTool };