npm - openredaction - Versions diffs - 1.0.9 → 1.1.0 - Mend

openredaction 1.0.9 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/README.md +9 -56
package/dist/index.cli.cjs +79 -152
package/dist/index.d.mts +29 -320
package/dist/index.d.mts.map +1 -1
package/dist/index.d.ts +29 -320
package/dist/index.d.ts.map +1 -1
package/dist/index.js +161 -1148
package/dist/index.js.map +1 -1
package/dist/index.mjs +156 -1137
package/dist/index.mjs.map +1 -1
package/dist/react.d.mts +3 -14
package/dist/react.d.mts.map +1 -1
package/dist/react.d.ts +3 -14
package/dist/react.d.ts.map +1 -1
package/dist/react.js +79 -152
package/dist/react.js.map +1 -1
package/dist/react.mjs +79 -152
package/dist/react.mjs.map +1 -1
package/dist/server.d.mts +1809 -0
package/dist/server.d.mts.map +1 -0
package/dist/server.d.ts +1809 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +18124 -0
package/dist/server.js.map +1 -0
package/dist/server.mjs +18109 -0
package/dist/server.mjs.map +1 -0
package/dist/workers/worker.cjs +17240 -0
package/package.json +24 -4

package/dist/index.mjs CHANGED Viewed

@@ -5,6 +5,7 @@ import * as path from "path";
 import { join } from "path";
 import { Worker } from "worker_threads";
 import { cpus } from "os";
+import { Readable } from "stream";
 //#region rolldown:runtime
 var __defProp = Object.defineProperty;
@@ -1001,332 +1002,6 @@ var InMemoryMetricsCollector = class {
 	}
 };
-//#endregion
-//#region src/metrics/PrometheusServer.ts
-/**
-* Prometheus metrics HTTP server
-* Provides a lightweight HTTP server for exposing metrics to Prometheus
-*/
-var PrometheusServer = class {
-	constructor(metricsCollector, options) {
-		this.isRunning = false;
-		this.requestCount = 0;
-		this.metricsCollector = metricsCollector;
-		this.options = {
-			port: options?.port ?? 9090,
-			host: options?.host ?? "0.0.0.0",
-			metricsPath: options?.metricsPath ?? "/metrics",
-			prefix: options?.prefix ?? "openredaction",
-			healthPath: options?.healthPath ?? "/health",
-			enableCors: options?.enableCors ?? false,
-			username: options?.username,
-			password: options?.password
-		};
-	}
-	/**
-	* Start the Prometheus metrics server
-	*/
-	async start() {
-		if (this.isRunning) throw new Error("[PrometheusServer] Server is already running");
-		try {
-			this.server = __require("http").createServer(this.handleRequest.bind(this));
-			return new Promise((resolve, reject) => {
-				this.server.listen(this.options.port, this.options.host, () => {
-					this.isRunning = true;
-					console.log(`[PrometheusServer] Metrics server started on http://${this.options.host}:${this.options.port}${this.options.metricsPath}`);
-					resolve();
-				});
-				this.server.on("error", (error) => {
-					reject(/* @__PURE__ */ new Error(`[PrometheusServer] Failed to start server: ${error.message}`));
-				});
-			});
-		} catch (error) {
-			throw new Error(`[PrometheusServer] Failed to initialize HTTP server: ${error.message}`);
-		}
-	}
-	/**
-	* Stop the server
-	*/
-	async stop() {
-		if (!this.isRunning || !this.server) return;
-		return new Promise((resolve, reject) => {
-			this.server.close((error) => {
-				if (error) reject(/* @__PURE__ */ new Error(`[PrometheusServer] Failed to stop server: ${error.message}`));
-				else {
-					this.isRunning = false;
-					console.log("[PrometheusServer] Server stopped");
-					resolve();
-				}
-			});
-		});
-	}
-	/**
-	* Handle incoming HTTP requests
-	*/
-	handleRequest(req, res) {
-		this.requestCount++;
-		if (this.options.enableCors) {
-			res.setHeader("Access-Control-Allow-Origin", "*");
-			res.setHeader("Access-Control-Allow-Methods", "GET, OPTIONS");
-			res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
-			if (req.method === "OPTIONS") {
-				res.writeHead(204);
-				res.end();
-				return;
-			}
-		}
-		if (req.method !== "GET") {
-			res.writeHead(405, { "Content-Type": "text/plain" });
-			res.end("Method Not Allowed");
-			return;
-		}
-		if (this.options.username && this.options.password) {
-			const authHeader = req.headers.authorization;
-			if (!authHeader || !this.validateAuth(authHeader)) {
-				res.writeHead(401, {
-					"Content-Type": "text/plain",
-					"WWW-Authenticate": "Basic realm=\"Prometheus Metrics\""
-				});
-				res.end("Unauthorized");
-				return;
-			}
-		}
-		const url = req.url;
-		if (url === this.options.metricsPath) this.handleMetrics(req, res);
-		else if (url === this.options.healthPath) this.handleHealth(req, res);
-		else if (url === "/") this.handleRoot(req, res);
-		else {
-			res.writeHead(404, { "Content-Type": "text/plain" });
-			res.end("Not Found");
-		}
-	}
-	/**
-	* Handle /metrics endpoint
-	*/
-	handleMetrics(_req, res) {
-		try {
-			this.lastScrapeTime = /* @__PURE__ */ new Date();
-			const exporter = this.metricsCollector.getExporter();
-			const metrics = exporter.getMetrics();
-			const prometheusFormat = exporter.exportPrometheus(metrics, this.options.prefix);
-			const serverMetrics = this.getServerMetrics();
-			const fullMetrics = prometheusFormat + "\n" + serverMetrics;
-			res.writeHead(200, { "Content-Type": "text/plain; version=0.0.4" });
-			res.end(fullMetrics);
-		} catch (error) {
-			console.error("[PrometheusServer] Error exporting metrics:", error);
-			res.writeHead(500, { "Content-Type": "text/plain" });
-			res.end("Internal Server Error");
-		}
-	}
-	/**
-	* Handle /health endpoint
-	*/
-	handleHealth(_req, res) {
-		const health = {
-			status: "healthy",
-			uptime: process.uptime(),
-			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-			metrics: {
-				requestCount: this.requestCount,
-				lastScrapeTime: this.lastScrapeTime?.toISOString()
-			}
-		};
-		res.writeHead(200, { "Content-Type": "application/json" });
-		res.end(JSON.stringify(health, null, 2));
-	}
-	/**
-	* Handle / root endpoint
-	*/
-	handleRoot(_req, res) {
-		const html = `
-<!DOCTYPE html>
-<html>
-<head>
-  <title>OpenRedaction Prometheus Exporter</title>
-  <style>
-    body { font-family: sans-serif; max-width: 800px; margin: 50px auto; padding: 20px; }
-    h1 { color: #333; }
-    a { color: #0066cc; }
-    .endpoint { background: #f5f5f5; padding: 10px; margin: 10px 0; border-radius: 4px; }
-  </style>
-</head>
-<body>
-  <h1>OpenRedaction Prometheus Exporter</h1>
-  <p>This server exposes metrics for Prometheus monitoring.</p>
-  <h2>Endpoints</h2>
-  <div class="endpoint">
-    <strong>GET <a href="${this.options.metricsPath}">${this.options.metricsPath}</a></strong><br>
-    Prometheus metrics in text format
-  </div>
-  <div class="endpoint">
-    <strong>GET <a href="${this.options.healthPath}">${this.options.healthPath}</a></strong><br>
-    Health check endpoint (JSON)
-  </div>
-  <h2>Configuration</h2>
-  <ul>
-    <li>Host: ${this.options.host}</li>
-    <li>Port: ${this.options.port}</li>
-    <li>Metrics Prefix: ${this.options.prefix}</li>
-    <li>CORS Enabled: ${this.options.enableCors}</li>
-    <li>Authentication: ${this.options.username ? "Enabled" : "Disabled"}</li>
-  </ul>
-  <h2>Prometheus Configuration</h2>
-  <p>Add this to your <code>prometheus.yml</code>:</p>
-  <pre>
-scrape_configs:
-  - job_name: 'openredaction'
-    static_configs:
-      - targets: ['${this.options.host}:${this.options.port}']
-    metrics_path: '${this.options.metricsPath}'
-${this.options.username ? `    basic_auth:
-      username: '${this.options.username}'
-      password: '${this.options.password}'` : ""}
-  </pre>
-</body>
-</html>
-    `.trim();
-		res.writeHead(200, { "Content-Type": "text/html" });
-		res.end(html);
-	}
-	/**
-	* Validate basic authentication
-	*/
-	validateAuth(authHeader) {
-		try {
-			const base64Credentials = authHeader.split(" ")[1];
-			const [username, password] = Buffer.from(base64Credentials, "base64").toString("utf-8").split(":");
-			return username === this.options.username && password === this.options.password;
-		} catch {
-			return false;
-		}
-	}
-	/**
-	* Get server-specific metrics in Prometheus format
-	*/
-	getServerMetrics() {
-		const prefix = this.options.prefix;
-		const timestamp = Date.now();
-		const lines = [];
-		lines.push(`# HELP ${prefix}_server_uptime_seconds Server uptime in seconds`);
-		lines.push(`# TYPE ${prefix}_server_uptime_seconds counter`);
-		lines.push(`${prefix}_server_uptime_seconds ${process.uptime().toFixed(2)} ${timestamp}`);
-		lines.push("");
-		lines.push(`# HELP ${prefix}_server_requests_total Total number of requests to metrics server`);
-		lines.push(`# TYPE ${prefix}_server_requests_total counter`);
-		lines.push(`${prefix}_server_requests_total ${this.requestCount} ${timestamp}`);
-		lines.push("");
-		if (this.lastScrapeTime) {
-			const lastScrapeSeconds = Math.floor((Date.now() - this.lastScrapeTime.getTime()) / 1e3);
-			lines.push(`# HELP ${prefix}_server_last_scrape_seconds Seconds since last metrics scrape`);
-			lines.push(`# TYPE ${prefix}_server_last_scrape_seconds gauge`);
-			lines.push(`${prefix}_server_last_scrape_seconds ${lastScrapeSeconds} ${timestamp}`);
-			lines.push("");
-		}
-		const mem = process.memoryUsage();
-		lines.push(`# HELP ${prefix}_server_memory_bytes Server memory usage in bytes`);
-		lines.push(`# TYPE ${prefix}_server_memory_bytes gauge`);
-		lines.push(`${prefix}_server_memory_bytes{type="rss"} ${mem.rss} ${timestamp}`);
-		lines.push(`${prefix}_server_memory_bytes{type="heapTotal"} ${mem.heapTotal} ${timestamp}`);
-		lines.push(`${prefix}_server_memory_bytes{type="heapUsed"} ${mem.heapUsed} ${timestamp}`);
-		lines.push(`${prefix}_server_memory_bytes{type="external"} ${mem.external} ${timestamp}`);
-		lines.push("");
-		return lines.join("\n");
-	}
-	/**
-	* Get server statistics
-	*/
-	getStats() {
-		return {
-			isRunning: this.isRunning,
-			requestCount: this.requestCount,
-			lastScrapeTime: this.lastScrapeTime,
-			uptime: process.uptime(),
-			host: this.options.host,
-			port: this.options.port,
-			metricsPath: this.options.metricsPath
-		};
-	}
-};
-/**
-* Create a Prometheus server instance
-*/
-function createPrometheusServer(metricsCollector, options) {
-	return new PrometheusServer(metricsCollector, options);
-}
-/**
-* Example Grafana dashboard JSON for OpenRedaction metrics
-* Can be imported directly into Grafana
-*/
-const GRAFANA_DASHBOARD_TEMPLATE = { dashboard: {
-	title: "OpenRedaction Metrics",
-	tags: [
-		"pii",
-		"redaction",
-		"security"
-	],
-	timezone: "browser",
-	panels: [
-		{
-			id: 1,
-			title: "Total Redactions",
-			type: "graph",
-			targets: [{
-				expr: "rate(openredaction_total_redactions[5m])",
-				legendFormat: "Redactions per second"
-			}]
-		},
-		{
-			id: 2,
-			title: "PII Detected by Type",
-			type: "graph",
-			targets: [{
-				expr: "rate(openredaction_pii_by_type[5m])",
-				legendFormat: "{{type}}"
-			}]
-		},
-		{
-			id: 3,
-			title: "Average Processing Time",
-			type: "graph",
-			targets: [{
-				expr: "openredaction_avg_processing_time_ms",
-				legendFormat: "Processing time (ms)"
-			}]
-		},
-		{
-			id: 4,
-			title: "Error Rate",
-			type: "graph",
-			targets: [{
-				expr: "rate(openredaction_total_errors[5m])",
-				legendFormat: "Errors per second"
-			}]
-		},
-		{
-			id: 5,
-			title: "Operations by Redaction Mode",
-			type: "piechart",
-			targets: [{
-				expr: "openredaction_by_redaction_mode",
-				legendFormat: "{{mode}}"
-			}]
-		},
-		{
-			id: 6,
-			title: "Server Memory Usage",
-			type: "graph",
-			targets: [{
-				expr: "openredaction_server_memory_bytes",
-				legendFormat: "{{type}}"
-			}]
-		}
-	]
-} };
 //#endregion
 //#region src/rbac/roles.ts
 /**
@@ -1678,6 +1353,70 @@ function validateRoutingNumber(routingNumber, _context) {
 	return (3 * (digits[0] + digits[3] + digits[6]) + 7 * (digits[1] + digits[4] + digits[7]) + (digits[2] + digits[5] + digits[8])) % 10 === 0;
 }
 /**
+* Luhn check for arbitrary digit string (e.g. Canadian SIN)
+*/
+function validateLuhnDigits(digits) {
+	let sum = 0;
+	let isEven = false;
+	for (let i = digits.length - 1; i >= 0; i--) {
+		let d = parseInt(digits[i], 10);
+		if (Number.isNaN(d)) return false;
+		if (isEven) {
+			d *= 2;
+			if (d > 9) d -= 9;
+		}
+		sum += d;
+		isEven = !isEven;
+	}
+	return sum % 10 === 0;
+}
+/**
+* SWIFT/BIC format validation (ISO 9362: 8 or 11 characters)
+*/
+function validateSWIFTBIC(bic, _context) {
+	const cleaned = bic.replace(/\s/g, "").toUpperCase();
+	return /^[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?$/.test(cleaned);
+}
+/**
+* Canadian Social Insurance Number — Luhn checksum on 9 digits
+*/
+function validateCanadianSIN(sin, _context) {
+	const cleaned = sin.replace(/[\s-]/g, "");
+	if (!/^\d{9}$/.test(cleaned)) return false;
+	if (cleaned === "000000000") return false;
+	return validateLuhnDigits(cleaned);
+}
+/**
+* Australian Tax File Number — weighted checksum (8 or 9 digits)
+*/
+function validateAustralianTFN(tfn, _context) {
+	const cleaned = tfn.replace(/\s/g, "");
+	if (!/^\d{8}$/.test(cleaned) && !/^\d{9}$/.test(cleaned)) return false;
+	const weights = cleaned.length === 8 ? [
+		1,
+		4,
+		3,
+		7,
+		5,
+		8,
+		6,
+		9
+	] : [
+		1,
+		4,
+		3,
+		7,
+		5,
+		8,
+		6,
+		9,
+		10
+	];
+	let sum = 0;
+	for (let i = 0; i < cleaned.length; i++) sum += parseInt(cleaned[i], 10) * weights[i];
+	return sum % 11 === 0;
+}
+/**
 * Context-aware name validator to reduce false positives
 */
 function validateName(name, context) {
@@ -12100,6 +11839,38 @@ const transportLogisticsPreset = {
 	]
 };
 /**
+* PCI-DSS oriented preset — cardholder data and common payment identifiers
+*/
+const pciDssPreset = {
+	includeNames: true,
+	includeEmails: true,
+	includePhones: true,
+	includeAddresses: true,
+	categories: [
+		"personal",
+		"contact",
+		"financial",
+		"network"
+	]
+};
+/**
+* SOC 2 oriented preset — broad PII and credentials for trust services contexts
+*/
+const soc2Preset = {
+	includeNames: true,
+	includeEmails: true,
+	includePhones: true,
+	includeAddresses: true,
+	categories: [
+		"personal",
+		"contact",
+		"financial",
+		"government",
+		"network",
+		"digital-identity"
+	]
+};
+/**
 * Get preset configuration by name
 */
 function getPreset(name) {
@@ -12116,6 +11887,10 @@ function getPreset(name) {
 		case "transport-logistics":
 		case "transportation":
 		case "logistics": return transportLogisticsPreset;
+		case "pci-dss":
+		case "pci_dss": return pciDssPreset;
+		case "soc2":
+		case "soc-2": return soc2Preset;
 		default: return {};
 	}
 }
@@ -12634,7 +12409,7 @@ var ConfigLoader = class {
 	static createDefaultConfig(outputPath = ".openredaction.config.js") {
 		fs.writeFileSync(outputPath, `/**
  * OpenRedaction Configuration
- * @see https://github.com/openredact/openredact
+ * @see https://github.com/sam247/openredaction
  */
 export default {
   // Extend built-in presets
@@ -15294,26 +15069,6 @@ function createValidationError(value, patternType) {
 		patternType
 	});
 }
-function createHighMemoryError(textSize) {
-	const sizeMB = (textSize / 1024 / 1024).toFixed(2);
-	return new OpenRedactionError(`Text size is ${sizeMB}MB. Consider using streaming API for large documents.`, "HIGH_MEMORY_USAGE", {
-		message: "Use StreamingDetector for memory-efficient processing of large documents",
-		code: `import { createStreamingDetector } from 'openredaction';
-const streaming = createStreamingDetector(redactor, {
-  chunkSize: 2048,
-  overlap: 100
-});
-for await (const chunk of streaming.processStream(largeText)) {
-  console.log(chunk.detections);
-}`,
-		docs: "https://github.com/sam247/openredaction#streaming-api"
-	}, {
-		textSize,
-		sizeMB
-	});
-}
 function createConfigLoadError(path, reason) {
 	return new OpenRedactionError(`Failed to load config from '${path}': ${reason}`, "CONFIG_LOAD_ERROR", {
 		message: "Check that your config file exists and is valid JSON",
@@ -15471,133 +15226,6 @@ function compileSafeRegex(pattern, flags) {
 	return new RegExp(patternStr, finalFlags);
 }
-//#endregion
-//#region src/utils/ai-assist.ts
-/**
-* Get the AI endpoint URL from options or environment
-*/
-function getAIEndpoint(aiOptions) {
-	if (!aiOptions?.enabled) return null;
-	if (aiOptions.endpoint) return aiOptions.endpoint;
-	if (typeof process !== "undefined" && process.env) {
-		const envEndpoint = process.env.OPENREDACTION_AI_ENDPOINT;
-		if (envEndpoint) return envEndpoint;
-	}
-	return null;
-}
-/**
-* Check if fetch is available in the current environment
-*/
-function isFetchAvailable() {
-	return typeof fetch !== "undefined";
-}
-/**
-* Call the AI endpoint to get additional PII entities
-* Returns null if AI is disabled, endpoint unavailable, or on error
-*/
-async function callAIDetect(text, endpoint, debug) {
-	if (!isFetchAvailable()) {
-		if (debug) console.warn("[OpenRedaction] AI assist requires fetch API. Not available in this environment.");
-		return null;
-	}
-	try {
-		const url = endpoint.endsWith("/ai-detect") ? endpoint : `${endpoint}/ai-detect`;
-		if (debug) console.log(`[OpenRedaction] Calling AI endpoint: ${url}`);
-		const response = await fetch(url, {
-			method: "POST",
-			headers: { "Content-Type": "application/json" },
-			body: JSON.stringify({ text })
-		});
-		if (!response.ok) {
-			if (debug) {
-				const statusText = response.status === 429 ? "Rate limit exceeded (429)" : `${response.status}: ${response.statusText}`;
-				console.warn(`[OpenRedaction] AI endpoint returned ${statusText}`);
-			}
-			return null;
-		}
-		const data = await response.json();
-		if (!data.entities || !Array.isArray(data.entities)) {
-			if (debug) console.warn("[OpenRedaction] Invalid AI response format: missing entities array");
-			return null;
-		}
-		return data.entities;
-	} catch (error) {
-		if (debug) console.warn(`[OpenRedaction] AI endpoint error: ${error instanceof Error ? error.message : "Unknown error"}`);
-		return null;
-	}
-}
-/**
-* Validate an AI entity
-*/
-function validateAIEntity(entity, textLength) {
-	if (!entity.type || !entity.value || typeof entity.start !== "number" || typeof entity.end !== "number") return false;
-	if (entity.start < 0 || entity.end < 0 || entity.start >= entity.end) return false;
-	if (entity.start >= textLength || entity.end > textLength) return false;
-	if (entity.value.length !== entity.end - entity.start) return false;
-	return true;
-}
-/**
-* Check if two detections overlap significantly
-* Returns true if they overlap by more than 50% of the shorter detection
-*/
-function detectionsOverlap(det1, det2) {
-	const [start1, end1] = det1.position;
-	const [start2, end2] = det2.position;
-	const overlapStart = Math.max(start1, start2);
-	const overlapEnd = Math.min(end1, end2);
-	if (overlapStart >= overlapEnd) return false;
-	const overlapLength = overlapEnd - overlapStart;
-	const length1 = end1 - start1;
-	const length2 = end2 - start2;
-	return overlapLength > Math.min(length1, length2) * .5;
-}
-/**
-* Convert AI entity to PIIDetection format
-*/
-function convertAIEntityToDetection(entity, text) {
-	if (!validateAIEntity(entity, text.length)) return null;
-	const actualValue = text.substring(entity.start, entity.end);
-	let type = entity.type.toUpperCase();
-	if (type.includes("EMAIL") || type === "EMAIL_ADDRESS") type = "EMAIL";
-	else if (type.includes("PHONE") || type === "PHONE_NUMBER") type = "PHONE_US";
-	else if (type.includes("NAME") || type === "PERSON") type = "NAME";
-	else if (type.includes("SSN") || type === "SOCIAL_SECURITY_NUMBER") type = "SSN";
-	else if (type.includes("ADDRESS")) type = "ADDRESS_STREET";
-	let severity = "medium";
-	if (type === "SSN" || type === "CREDIT_CARD") severity = "critical";
-	else if (type === "EMAIL" || type === "PHONE_US" || type === "NAME") severity = "high";
-	return {
-		type,
-		value: actualValue,
-		placeholder: `[${type}_${Math.random().toString(36).substring(2, 9)}]`,
-		position: [entity.start, entity.end],
-		severity,
-		confidence: entity.confidence ?? .7
-	};
-}
-/**
-* Merge AI entities with regex detections
-* Prefers regex detections on conflicts
-*/
-function mergeAIEntities(regexDetections, aiEntities, text) {
-	const merged = [...regexDetections];
-	const processedRanges = regexDetections.map((d) => d.position);
-	for (const aiEntity of aiEntities) {
-		const detection = convertAIEntityToDetection(aiEntity, text);
-		if (!detection) continue;
-		let hasOverlap = false;
-		for (const regexDet of regexDetections) if (detectionsOverlap(regexDet, detection)) {
-			hasOverlap = true;
-			break;
-		}
-		if (!hasOverlap) {
-			merged.push(detection);
-			processedRanges.push(detection.position);
-		}
-	}
-	return merged;
-}
 //#endregion
 //#region src/config/ConfigExporter.ts
 var ConfigExporter_exports = /* @__PURE__ */ __exportAll({
@@ -17742,7 +17370,7 @@ var OpenRedaction = class OpenRedaction {
 			redactionMode: "placeholder",
 			enableContextAnalysis: true,
 			confidenceThreshold: .5,
-			enableFalsePositiveFilter: false,
+			enableFalsePositiveFilter: true,
 			falsePositiveThreshold: .7,
 			enableMultiPass: false,
 			multiPassCount: 3,
@@ -17971,8 +17599,9 @@ var OpenRedaction = class OpenRedaction {
 				throw error;
 			}
 		}
-		if (this.nerDetector && detections.length > 0) {
-			const piiMatches = detections.map((det) => ({
+		if (this.nerDetector && this.nerDetector.isAvailable()) {
+			const nerMatches = this.nerDetector.detect(text);
+			let piiMatches = detections.map((det) => ({
 				type: det.type,
 				value: det.value,
 				start: det.position[0],
@@ -17983,11 +17612,43 @@ var OpenRedaction = class OpenRedaction {
 					after: text.substring(det.position[1], Math.min(text.length, det.position[1] + 50))
 				}
 			}));
-			const hybridMatches = this.nerDetector.hybridDetection(piiMatches, text);
-			detections = detections.map((det, index) => ({
-				...det,
-				confidence: hybridMatches[index].confidence
-			}));
+			if (detections.length > 0) {
+				const hybridMatches = this.nerDetector.hybridDetection(piiMatches, text);
+				detections = detections.map((det, index) => ({
+					...det,
+					confidence: hybridMatches[index].confidence
+				}));
+				piiMatches = detections.map((det) => ({
+					type: det.type,
+					value: det.value,
+					start: det.position[0],
+					end: det.position[1],
+					confidence: det.confidence || 1,
+					context: {
+						before: text.substring(Math.max(0, det.position[0] - 50), det.position[0]),
+						after: text.substring(det.position[1], Math.min(text.length, det.position[1] + 50))
+					}
+				}));
+			}
+			const nerOnly = this.nerDetector.extractNEROnly(nerMatches, piiMatches);
+			for (const ner of nerOnly) {
+				const syntheticPattern = {
+					type: `NER_${ner.type}`,
+					regex: /.^/,
+					priority: 1,
+					placeholder: `[NER_${ner.type}_{n}]`,
+					severity: "medium"
+				};
+				const placeholder = this.generatePlaceholder(ner.text, syntheticPattern);
+				detections.push({
+					type: syntheticPattern.type,
+					value: ner.text,
+					placeholder,
+					position: [ner.start, ner.end],
+					severity: "medium",
+					confidence: ner.confidence
+				});
+			}
 		}
 		if (this.contextRulesEngine && detections.length > 0) {
 			const piiMatches = detections.map((det) => ({
@@ -18011,7 +17672,7 @@ var OpenRedaction = class OpenRedaction {
 	}
 	/**
 	* Detect PII in text
-	* Now async to support optional AI assist
+	* Async API for detection pipeline (NER, multi-pass, etc.)
 	*/
 	async detect(text) {
 		if (this.rbacManager && !this.rbacManager.hasPermission("detection:detect")) throw new Error("[OpenRedaction] Permission denied: detection:detect required");
@@ -18051,21 +17712,6 @@ var OpenRedaction = class OpenRedaction {
 			}
 			detections = mergePassDetections(passDetections, this.multiPassConfig);
 		} else detections = this.processPatterns(text, this.patterns, processedRanges);
-		if (this.options.ai?.enabled) {
-			const aiEndpoint = getAIEndpoint(this.options.ai);
-			if (aiEndpoint) try {
-				if (this.options.debug) console.log("[OpenRedaction] AI assist enabled, calling AI endpoint...");
-				const aiEntities = await callAIDetect(text, aiEndpoint, this.options.debug);
-				if (aiEntities && aiEntities.length > 0) {
-					if (this.options.debug) console.log(`[OpenRedaction] AI returned ${aiEntities.length} additional entities`);
-					detections = mergeAIEntities(detections, aiEntities, text);
-					if (this.options.debug) console.log(`[OpenRedaction] After AI merge: ${detections.length} total detections`);
-				} else if (this.options.debug) console.log("[OpenRedaction] AI endpoint returned no additional entities");
-			} catch (error) {
-				if (this.options.debug) console.warn(`[OpenRedaction] AI assist failed, using regex-only: ${error instanceof Error ? error.message : "Unknown error"}`);
-			}
-			else if (this.options.debug) console.warn("[OpenRedaction] AI assist enabled but no endpoint configured. Set ai.endpoint or OPENREDACTION_AI_ENDPOINT env var.");
-		}
 		detections.sort((a, b) => b.position[0] - a.position[0]);
 		let redacted = text;
 		const redactionMap = {};
@@ -18459,6 +18105,10 @@ var OpenRedaction = class OpenRedaction {
 //#region src/streaming/StreamingDetector.ts
 init_document();
 /**
+* Streaming API for processing large documents
+* Allows efficient processing of documents in chunks
+*/
+/**
 * Streaming detector for large documents
 */
 var StreamingDetector = class {
@@ -18569,8 +18219,13 @@ var StreamingDetector = class {
 			if (buffer.length > 0) for await (const result of this.processStream(buffer)) yield result;
 		} else {
 			const nodeStream = readableStream;
-			for await (const chunk of nodeStream) {
-				buffer += decoder.decode(chunk, { stream: true });
+			const iterable = typeof nodeStream[Symbol.asyncIterator] === "function" ? nodeStream : Readable.from(nodeStream);
+			for await (const chunk of iterable) {
+				if (typeof chunk === "string") buffer += chunk;
+				else {
+					const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+					buffer += decoder.decode(buf, { stream: true });
+				}
 				while (buffer.length >= this.options.chunkSize) {
 					const textChunk = buffer.substring(0, this.options.chunkSize);
 					buffer = buffer.substring(this.options.chunkSize);
@@ -19612,647 +19267,11 @@ function verifyWebhookSignature(payload, signature, secret, algorithm = "sha256"
 	}
 }
-//#endregion
-//#region src/api/APIServer.ts
-/**
-* REST API Server
-* Lightweight HTTP server for OpenRedaction with Express-like interface
-*/
-var APIServer = class {
-	constructor(config) {
-		this.isRunning = false;
-		this.rateLimitTracking = /* @__PURE__ */ new Map();
-		this.config = {
-			port: config?.port ?? 3e3,
-			host: config?.host ?? "0.0.0.0",
-			enableCors: config?.enableCors ?? true,
-			corsOrigin: config?.corsOrigin ?? "*",
-			apiKey: config?.apiKey,
-			enableRateLimit: config?.enableRateLimit ?? true,
-			rateLimit: config?.rateLimit ?? 60,
-			bodyLimit: config?.bodyLimit ?? "10mb",
-			enableLogging: config?.enableLogging ?? true,
-			tenantManager: config?.tenantManager,
-			webhookManager: config?.webhookManager,
-			auditLogger: config?.auditLogger,
-			prometheusServer: config?.prometheusServer,
-			defaultOptions: config?.defaultOptions
-		};
-		if (!this.config.tenantManager) this.detector = new OpenRedaction(this.config.defaultOptions);
-	}
-	/**
-	* Start the API server
-	*/
-	async start() {
-		if (this.isRunning) throw new Error("[APIServer] Server is already running");
-		try {
-			this.server = __require("http").createServer(this.handleRequest.bind(this));
-			return new Promise((resolve, reject) => {
-				this.server.listen(this.config.port, this.config.host, () => {
-					this.isRunning = true;
-					console.log(`[APIServer] Server started on http://${this.config.host}:${this.config.port}`);
-					console.log(`[APIServer] API Documentation: http://${this.config.host}:${this.config.port}/api/docs`);
-					resolve();
-				});
-				this.server.on("error", (error) => {
-					reject(/* @__PURE__ */ new Error(`[APIServer] Failed to start server: ${error.message}`));
-				});
-			});
-		} catch (error) {
-			throw new Error(`[APIServer] Failed to initialize HTTP server: ${error.message}`);
-		}
-	}
-	/**
-	* Stop the server
-	*/
-	async stop() {
-		if (!this.isRunning || !this.server) return;
-		return new Promise((resolve, reject) => {
-			this.server.close((error) => {
-				if (error) reject(/* @__PURE__ */ new Error(`[APIServer] Failed to stop server: ${error.message}`));
-				else {
-					this.isRunning = false;
-					console.log("[APIServer] Server stopped");
-					resolve();
-				}
-			});
-		});
-	}
-	/**
-	* Handle incoming HTTP requests
-	*/
-	async handleRequest(req, res) {
-		const startTime = Date.now();
-		try {
-			const apiReq = await this.parseRequest(req);
-			if (this.config.enableCors) {
-				res.setHeader("Access-Control-Allow-Origin", Array.isArray(this.config.corsOrigin) ? this.config.corsOrigin.join(", ") : this.config.corsOrigin);
-				res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
-				res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-API-Key, X-Tenant-ID");
-				if (req.method === "OPTIONS") {
-					res.writeHead(204);
-					res.end();
-					return;
-				}
-			}
-			if (this.config.apiKey) {
-				if ((apiReq.headers["x-api-key"] || apiReq.headers["authorization"]?.toString().replace("Bearer ", "")) !== this.config.apiKey) {
-					this.sendResponse(res, {
-						status: 401,
-						body: {
-							error: "Unauthorized",
-							message: "Invalid API key"
-						}
-					});
-					return;
-				}
-			}
-			if (this.config.tenantManager) {
-				const tenantApiKey = apiReq.headers["x-api-key"];
-				if (tenantApiKey) {
-					const tenant = this.config.tenantManager.authenticateByApiKey(tenantApiKey);
-					if (tenant) apiReq.tenantId = tenant.tenantId;
-					else {
-						this.sendResponse(res, {
-							status: 401,
-							body: {
-								error: "Unauthorized",
-								message: "Invalid tenant API key"
-							}
-						});
-						return;
-					}
-				} else {
-					const tenantId = apiReq.headers["x-tenant-id"];
-					if (!tenantId) {
-						this.sendResponse(res, {
-							status: 400,
-							body: {
-								error: "Bad Request",
-								message: "X-Tenant-ID header required for multi-tenant mode"
-							}
-						});
-						return;
-					}
-					apiReq.tenantId = tenantId;
-				}
-			}
-			if (this.config.enableRateLimit) {
-				const clientKey = apiReq.tenantId || apiReq.ip || "unknown";
-				if (!this.checkRateLimit(clientKey)) {
-					this.sendResponse(res, {
-						status: 429,
-						body: {
-							error: "Too Many Requests",
-							message: `Rate limit exceeded: ${this.config.rateLimit} requests per minute`
-						}
-					});
-					return;
-				}
-			}
-			const response = await this.routeRequest(apiReq);
-			if (this.config.enableLogging) {
-				const durationMs = Date.now() - startTime;
-				console.log(`[APIServer] ${req.method} ${req.url} ${response.status} ${durationMs}ms`);
-			}
-			this.sendResponse(res, response);
-		} catch (error) {
-			console.error("[APIServer] Request handler error:", error);
-			this.sendResponse(res, {
-				status: 500,
-				body: {
-					error: "Internal Server Error",
-					message: error.message
-				}
-			});
-		}
-	}
-	/**
-	* Parse HTTP request
-	*/
-	async parseRequest(req) {
-		const url = new URL(req.url, `http://${req.headers.host || "localhost"}`);
-		let body = {};
-		if (req.method !== "GET" && req.method !== "HEAD") body = await this.parseBody(req);
-		return {
-			body,
-			headers: req.headers,
-			query: Object.fromEntries(url.searchParams),
-			params: {},
-			ip: req.socket.remoteAddress
-		};
-	}
-	/**
-	* Parse request body
-	*/
-	async parseBody(req) {
-		return new Promise((resolve, reject) => {
-			let body = "";
-			req.on("data", (chunk) => {
-				body += chunk.toString();
-			});
-			req.on("end", () => {
-				try {
-					resolve(JSON.parse(body || "{}"));
-				} catch {
-					resolve({});
-				}
-			});
-			req.on("error", reject);
-		});
-	}
-	/**
-	* Route request to appropriate handler
-	*/
-	async routeRequest(req) {
-		const path = new URL(req.headers.host ? `http://${req.headers.host}` : "http://localhost").pathname;
-		const method = req.headers[":method"] || "GET";
-		if (path === "/api/detect" && method === "POST") return this.handleDetect(req);
-		if (path === "/api/redact" && method === "POST") return this.handleRedact(req);
-		if (path === "/api/restore" && method === "POST") return this.handleRestore(req);
-		if (path === "/api/audit/logs" && method === "GET") return this.handleAuditLogs(req);
-		if (path === "/api/audit/stats" && method === "GET") return this.handleAuditStats(req);
-		if (path === "/api/metrics" && method === "GET") return this.handleMetrics(req);
-		if (path === "/api/patterns" && method === "GET") return this.handleGetPatterns(req);
-		if (path === "/api/health" && method === "GET") return this.handleHealth(req);
-		if (path === "/api/docs" && method === "GET") return this.handleDocs(req);
-		if (path === "/" && method === "GET") return this.handleRoot(req);
-		return {
-			status: 404,
-			body: {
-				error: "Not Found",
-				message: `Route not found: ${method} ${path}`
-			}
-		};
-	}
-	/**
-	* Handle POST /api/detect
-	*/
-	async handleDetect(req) {
-		const { text } = req.body;
-		if (!text || typeof text !== "string") return {
-			status: 400,
-			body: {
-				error: "Bad Request",
-				message: "Missing or invalid \"text\" field"
-			}
-		};
-		try {
-			let result;
-			if (req.tenantId && this.config.tenantManager) result = await this.config.tenantManager.detect(req.tenantId, text);
-			else if (this.detector) result = await this.detector.detect(text);
-			else throw new Error("No detector available");
-			if (this.config.webhookManager) {
-				await this.config.webhookManager.emitHighRiskPII(result, req.tenantId);
-				await this.config.webhookManager.emitBulkPII(result, 10, req.tenantId);
-			}
-			return {
-				status: 200,
-				body: {
-					success: true,
-					result: {
-						detections: result.detections,
-						stats: result.stats
-					}
-				}
-			};
-		} catch (error) {
-			return {
-				status: 500,
-				body: {
-					error: "Detection Failed",
-					message: error.message
-				}
-			};
-		}
-	}
-	/**
-	* Handle POST /api/redact
-	*/
-	async handleRedact(req) {
-		const { text } = req.body;
-		if (!text || typeof text !== "string") return {
-			status: 400,
-			body: {
-				error: "Bad Request",
-				message: "Missing or invalid \"text\" field"
-			}
-		};
-		try {
-			let result;
-			if (req.tenantId && this.config.tenantManager) result = await this.config.tenantManager.detect(req.tenantId, text);
-			else if (this.detector) result = await this.detector.detect(text);
-			else throw new Error("No detector available");
-			return {
-				status: 200,
-				body: {
-					success: true,
-					result: {
-						original: result.original,
-						redacted: result.redacted,
-						detections: result.detections,
-						stats: result.stats
-					}
-				}
-			};
-		} catch (error) {
-			return {
-				status: 500,
-				body: {
-					error: "Redaction Failed",
-					message: error.message
-				}
-			};
-		}
-	}
-	/**
-	* Handle POST /api/restore
-	*/
-	async handleRestore(req) {
-		const { redacted, redactionMap } = req.body;
-		if (!redacted || !redactionMap) return {
-			status: 400,
-			body: {
-				error: "Bad Request",
-				message: "Missing \"redacted\" or \"redactionMap\" fields"
-			}
-		};
-		try {
-			let detector;
-			if (req.tenantId && this.config.tenantManager) detector = this.config.tenantManager.getDetector(req.tenantId);
-			else if (this.detector) detector = this.detector;
-			else throw new Error("No detector available");
-			return {
-				status: 200,
-				body: {
-					success: true,
-					result: { restored: detector.restore(redacted, redactionMap) }
-				}
-			};
-		} catch (error) {
-			return {
-				status: 500,
-				body: {
-					error: "Restore Failed",
-					message: error.message
-				}
-			};
-		}
-	}
-	/**
-	* Handle GET /api/audit/logs
-	*/
-	async handleAuditLogs(req) {
-		if (!this.config.auditLogger) return {
-			status: 501,
-			body: {
-				error: "Not Implemented",
-				message: "Audit logging not configured"
-			}
-		};
-		try {
-			const limit = parseInt(req.query.limit || "100");
-			return {
-				status: 200,
-				body: {
-					success: true,
-					logs: await this.config.auditLogger.queryLogs({ limit })
-				}
-			};
-		} catch (error) {
-			return {
-				status: 500,
-				body: {
-					error: "Query Failed",
-					message: error.message
-				}
-			};
-		}
-	}
-	/**
-	* Handle GET /api/audit/stats
-	*/
-	async handleAuditStats(_req) {
-		if (!this.config.auditLogger) return {
-			status: 501,
-			body: {
-				error: "Not Implemented",
-				message: "Audit logging not configured"
-			}
-		};
-		try {
-			return {
-				status: 200,
-				body: {
-					success: true,
-					stats: await this.config.auditLogger.getStatsAsync()
-				}
-			};
-		} catch (error) {
-			return {
-				status: 500,
-				body: {
-					error: "Query Failed",
-					message: error.message
-				}
-			};
-		}
-	}
-	/**
-	* Handle GET /api/metrics
-	*/
-	async handleMetrics(req) {
-		if (this.detector) return {
-			status: 200,
-			body: {
-				success: true,
-				metrics: {}
-			}
-		};
-		if (this.config.tenantManager && req.tenantId) return {
-			status: 200,
-			body: {
-				success: true,
-				metrics: this.config.tenantManager.getTenantUsage(req.tenantId)
-			}
-		};
-		return {
-			status: 501,
-			body: {
-				error: "Not Implemented",
-				message: "Metrics not configured"
-			}
-		};
-	}
-	/**
-	* Handle GET /api/patterns
-	*/
-	async handleGetPatterns(req) {
-		try {
-			let detector;
-			if (req.tenantId && this.config.tenantManager) detector = this.config.tenantManager.getDetector(req.tenantId);
-			else if (this.detector) detector = this.detector;
-			else throw new Error("No detector available");
-			return {
-				status: 200,
-				body: {
-					success: true,
-					patterns: detector.getPatterns().map((p) => ({
-						type: p.type,
-						priority: p.priority,
-						description: p.description,
-						severity: p.severity
-					}))
-				}
-			};
-		} catch (error) {
-			return {
-				status: 500,
-				body: {
-					error: "Query Failed",
-					message: error.message
-				}
-			};
-		}
-	}
-	/**
-	* Handle GET /api/health
-	*/
-	async handleHealth(_req) {
-		return {
-			status: 200,
-			body: {
-				status: "healthy",
-				uptime: process.uptime(),
-				timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-				multiTenant: !!this.config.tenantManager,
-				features: {
-					audit: !!this.config.auditLogger,
-					webhooks: !!this.config.webhookManager,
-					prometheus: !!this.config.prometheusServer
-				}
-			}
-		};
-	}
-	/**
-	* Handle GET /api/docs
-	*/
-	async handleDocs(_req) {
-		return {
-			status: 200,
-			body: `
-<!DOCTYPE html>
-<html>
-<head>
-  <title>OpenRedaction API Documentation</title>
-  <style>
-    body { font-family: sans-serif; max-width: 1200px; margin: 50px auto; padding: 20px; }
-    h1 { color: #333; }
-    h2 { color: #666; margin-top: 30px; border-bottom: 2px solid #eee; padding-bottom: 10px; }
-    .endpoint { background: #f5f5f5; padding: 15px; margin: 15px 0; border-radius: 4px; border-left: 4px solid #0066cc; }
-    .method { display: inline-block; padding: 4px 8px; border-radius: 3px; font-weight: bold; font-size: 12px; margin-right: 10px; }
-    .method.post { background: #49cc90; color: white; }
-    .method.get { background: #61affe; color: white; }
-    code { background: #f0f0f0; padding: 2px 6px; border-radius: 3px; font-family: monospace; }
-    pre { background: #f5f5f5; padding: 15px; border-radius: 4px; overflow-x: auto; }
-  </style>
-</head>
-<body>
-  <h1>OpenRedaction REST API</h1>
-  <p>Production-ready PII detection and redaction API</p>
-  <h2>Authentication</h2>
-  <p>Include your API key in the <code>X-API-Key</code> header or <code>Authorization: Bearer YOUR_KEY</code> header.</p>
-  ${this.config.tenantManager ? "<p>For multi-tenant mode, also include <code>X-Tenant-ID</code> header.</p>" : ""}
-  <h2>Endpoints</h2>
-  <div class="endpoint">
-    <span class="method post">POST</span>
-    <strong>/api/detect</strong>
-    <p>Detect PII in text without redaction</p>
-    <pre>{
-  "text": "My email is john@example.com and SSN is 123-45-6789",
-  "options": {
-    "includeNames": true,
-    "includeEmails": true
-  }
-}</pre>
-  </div>
-  <div class="endpoint">
-    <span class="method post">POST</span>
-    <strong>/api/redact</strong>
-    <p>Detect and redact PII in text</p>
-    <pre>{
-  "text": "My email is john@example.com",
-  "options": {
-    "redactionMode": "placeholder"
-  }
-}</pre>
-  </div>
-  <div class="endpoint">
-    <span class="method post">POST</span>
-    <strong>/api/restore</strong>
-    <p>Restore original text from redacted text</p>
-    <pre>{
-  "redacted": "My email is [EMAIL_1]",
-  "redactionMap": {
-    "[EMAIL_1]": "john@example.com"
-  }
-}</pre>
-  </div>
-  <div class="endpoint">
-    <span class="method get">GET</span>
-    <strong>/api/patterns</strong>
-    <p>Get available PII patterns</p>
-  </div>
-  <div class="endpoint">
-    <span class="method get">GET</span>
-    <strong>/api/audit/logs</strong>
-    <p>Get audit logs (requires audit logger)</p>
-    <p>Query params: <code>limit</code> (default: 100)</p>
-  </div>
-  <div class="endpoint">
-    <span class="method get">GET</span>
-    <strong>/api/audit/stats</strong>
-    <p>Get audit statistics (requires audit logger)</p>
-  </div>
-  <div class="endpoint">
-    <span class="method get">GET</span>
-    <strong>/api/metrics</strong>
-    <p>Get usage metrics</p>
-  </div>
-  <div class="endpoint">
-    <span class="method get">GET</span>
-    <strong>/api/health</strong>
-    <p>Health check endpoint</p>
-  </div>
-  <h2>Configuration</h2>
-  <ul>
-    <li>Port: ${this.config.port}</li>
-    <li>Host: ${this.config.host}</li>
-    <li>CORS: ${this.config.enableCors ? "Enabled" : "Disabled"}</li>
-    <li>Rate Limiting: ${this.config.enableRateLimit ? `${this.config.rateLimit} req/min` : "Disabled"}</li>
-    <li>Multi-Tenant: ${this.config.tenantManager ? "Enabled" : "Disabled"}</li>
-    <li>Audit Logging: ${this.config.auditLogger ? "Enabled" : "Disabled"}</li>
-    <li>Webhooks: ${this.config.webhookManager ? "Enabled" : "Disabled"}</li>
-  </ul>
-</body>
-</html>
-    `.trim(),
-			headers: { "Content-Type": "text/html" }
-		};
-	}
-	/**
-	* Handle GET /
-	*/
-	async handleRoot(_req) {
-		return {
-			status: 200,
-			body: {
-				name: "OpenRedaction API",
-				version: "1.0.0",
-				documentation: `/api/docs`,
-				health: `/api/health`,
-				endpoints: [
-					"POST /api/detect",
-					"POST /api/redact",
-					"POST /api/restore",
-					"GET /api/patterns",
-					"GET /api/audit/logs",
-					"GET /api/audit/stats",
-					"GET /api/metrics",
-					"GET /api/health"
-				]
-			}
-		};
-	}
-	/**
-	* Send HTTP response
-	*/
-	sendResponse(res, response) {
-		const headers = {
-			"Content-Type": "application/json",
-			...response.headers
-		};
-		res.writeHead(response.status, headers);
-		if (typeof response.body === "string") res.end(response.body);
-		else res.end(JSON.stringify(response.body));
-	}
-	/**
-	* Check rate limit
-	*/
-	checkRateLimit(clientKey) {
-		const now = Date.now();
-		const timestamps = this.rateLimitTracking.get(clientKey) || [];
-		const oneMinuteAgo = now - 60 * 1e3;
-		const recentTimestamps = timestamps.filter((ts) => ts > oneMinuteAgo);
-		if (recentTimestamps.length >= this.config.rateLimit) return false;
-		recentTimestamps.push(now);
-		this.rateLimitTracking.set(clientKey, recentTimestamps);
-		return true;
-	}
-};
-/**
-* Create an API server instance
-*/
-function createAPIServer(config) {
-	return new APIServer(config);
-}
 //#endregion
 //#region src/index.ts
 init_ConfigExporter();
 init_HealthCheck();
 //#endregion
-export { ADMIN_ROLE, ALL_PERMISSIONS, ANALYST_ROLE, APIServer, BatchProcessor, ConfigExporter, ConfigLoader, ConsoleAuditLogger, ContextRulesEngine, CsvProcessor, DEFAULT_DOMAIN_VOCABULARIES, DEFAULT_PROXIMITY_RULES, DEFAULT_SEVERITY_MAP, DEFAULT_TIER_QUOTAS, DocumentProcessor, ExplainAPI, GRAFANA_DASHBOARD_TEMPLATE, HealthChecker, InMemoryAuditLogger, InMemoryMetricsCollector, JsonProcessor, LocalLearningStore, NERDetector, OCRProcessor, OPERATOR_ROLE, OpenRedaction, OpenRedactionError, PersistentAuditLogger, PriorityOptimizer, PrometheusServer, RBACManager, RegexMaxMatchesError, RegexTimeoutError, ReportGenerator, SEVERITY_SCORES, SeverityClassifier, StreamingDetector, TenantManager, TenantNotFoundError, TenantQuotaExceededError, TenantSuspendedError, VIEWER_ROLE, WebhookManager, WorkerPool, XlsxProcessor, allPatterns, analyzeContextFeatures, analyzeFullContext, calculateContextConfidence, calculateRisk, callAIDetect, ccpaPreset, commonFalsePositives, compileSafeRegex, contactPatterns, convertAIEntityToDetection, createAPIServer, createBatchProcessor, createCacheDisabledError, createConfigLoadError, createConfigPreset, createContextRulesEngine, createCsvProcessor, createCustomRole, createDocumentProcessor, createExplainAPI, createHealthChecker, createHighMemoryError, createInvalidPatternError, createJsonProcessor, createLearningDisabledError, createMultiPassDisabledError, createNERDetector, createOCRProcessor, createOptimizationDisabledError, createPersistentAuditLogger, createPriorityOptimizer, createPrometheusServer, createRBACManager, createReportGenerator, createSeverityClassifier, createSimpleMultiPass, createStreamingDetector, createTenantManager, createValidationError, createWebhookManager, createWorkerPool, createXlsxProcessor, defaultPasses, detectPII, detectionsOverlap, educationPreset, exportForVersionControl, extractContext, filterFalsePositives, financePreset, financialPatterns, gdprPreset, generateReport, getAIEndpoint, getPatternsByCategory, getPredefinedRole, getPreset, getSeverity, governmentPatterns, groupPatternsByPass, healthCheckMiddleware, healthcarePreset, healthcareResearchPreset, hipaaPreset, inferDocumentType, isFalsePositive, isUnsafePattern, mergeAIEntities, mergePassDetections, networkPatterns, openredactionMiddleware, personalPatterns, safeExec, safeExecAll, transportLogisticsPreset, validateAIEntity, validateEmail, validateIBAN, validateLuhn, validateNHS, validateNINO, validateName, validatePattern, validateSSN, validateSortCode, validateUKPassport, verifyWebhookSignature };
+export { ADMIN_ROLE, ALL_PERMISSIONS, ANALYST_ROLE, BatchProcessor, ConfigExporter, ConfigLoader, ConsoleAuditLogger, ContextRulesEngine, CsvProcessor, DEFAULT_DOMAIN_VOCABULARIES, DEFAULT_PROXIMITY_RULES, DEFAULT_SEVERITY_MAP, DEFAULT_TIER_QUOTAS, DocumentProcessor, ExplainAPI, HealthChecker, InMemoryAuditLogger, InMemoryMetricsCollector, JsonProcessor, LocalLearningStore, NERDetector, OCRProcessor, OPERATOR_ROLE, OpenRedaction, OpenRedactionError, PersistentAuditLogger, PriorityOptimizer, RBACManager, RegexMaxMatchesError, RegexTimeoutError, ReportGenerator, SEVERITY_SCORES, SeverityClassifier, StreamingDetector, TenantManager, TenantNotFoundError, TenantQuotaExceededError, TenantSuspendedError, VIEWER_ROLE, WebhookManager, WorkerPool, XlsxProcessor, allPatterns, analyzeContextFeatures, analyzeFullContext, calculateContextConfidence, calculateRisk, ccpaPreset, commonFalsePositives, compileSafeRegex, contactPatterns, createBatchProcessor, createCacheDisabledError, createConfigLoadError, createConfigPreset, createContextRulesEngine, createCsvProcessor, createCustomRole, createDocumentProcessor, createExplainAPI, createHealthChecker, createInvalidPatternError, createJsonProcessor, createLearningDisabledError, createMultiPassDisabledError, createNERDetector, createOCRProcessor, createOptimizationDisabledError, createPersistentAuditLogger, createPriorityOptimizer, createRBACManager, createReportGenerator, createSeverityClassifier, createSimpleMultiPass, createStreamingDetector, createTenantManager, createValidationError, createWebhookManager, createWorkerPool, createXlsxProcessor, defaultPasses, detectPII, educationPreset, exportForVersionControl, extractContext, filterFalsePositives, financePreset, financialPatterns, gdprPreset, generateReport, getPatternsByCategory, getPredefinedRole, getPreset, getSeverity, governmentPatterns, groupPatternsByPass, healthCheckMiddleware, healthcarePreset, healthcareResearchPreset, hipaaPreset, inferDocumentType, isFalsePositive, isUnsafePattern, mergePassDetections, networkPatterns, openredactionMiddleware, pciDssPreset, personalPatterns, safeExec, safeExecAll, soc2Preset, transportLogisticsPreset, validateAustralianTFN, validateCanadianSIN, validateEmail, validateIBAN, validateLuhn, validateNHS, validateNINO, validateName, validatePattern, validateRoutingNumber, validateSSN, validateSWIFTBIC, validateSortCode, validateUKPassport, verifyWebhookSignature };
 //# sourceMappingURL=index.mjs.map