pompelmi 0.34.10 → 0.35.0

package/dist/types/browser-index.d.ts

@@ -15,15 +15,15 @@
  *
  * For the React hook, import from 'pompelmi/react'.
  */
-export { scanFiles, scanBytes, scanFile, type ScanOptions } from './scan';
-export { validateFile } from './validate';
-export { CommonHeuristicsScanner } from './scanners/common-heuristics';
-export { createZipBombGuard } from './scanners/zip-bomb-guard';
-export { definePolicy, DEFAULT_POLICY } from './policy';
-export { POLICY_PACKS, DOCUMENTS_ONLY, IMAGES_ONLY, STRICT_PUBLIC_UPLOAD, CONSERVATIVE_DEFAULT, ARCHIVES, getPolicyPack, type PolicyPackName, } from './policy-packs';
-export { composeScanners, createPresetScanner, type PresetName, type PresetOptions, type NamedScanner, type ComposeScannerOptions, } from './presets';
-export { mapMatchesToVerdict } from './verdict';
-export { PerformanceTracker, aggregateScanStats, type PerformanceMetrics, type ScanStatistics, } from './utils/performance-metrics';
-export { detectPolyglot, detectObfuscatedScripts, analyzeNestedArchives, } from './utils/advanced-detection';
-export { ScanResultExporter, exportScanResults, type ExportFormat, type ExportOptions, } from './utils/export';
-export type { Verdict, Match, YaraMatch, ScanReport, ScanContext, ScanFn, Scanner, FileInfo, Uint8ArrayLike, } from './types';
+export { DEFAULT_POLICY, definePolicy } from "./policy";
+export { ARCHIVES, CONSERVATIVE_DEFAULT, DOCUMENTS_ONLY, getPolicyPack, IMAGES_ONLY, POLICY_PACKS, type PolicyPackName, STRICT_PUBLIC_UPLOAD, } from "./policy-packs";
+export { type ComposeScannerOptions, composeScanners, createPresetScanner, type NamedScanner, type PresetName, type PresetOptions, } from "./presets";
+export { type ScanOptions, scanBytes, scanFile, scanFiles } from "./scan";
+export { CommonHeuristicsScanner } from "./scanners/common-heuristics";
+export { createZipBombGuard } from "./scanners/zip-bomb-guard";
+export type { FileInfo, Match, ScanContext, ScanFn, Scanner, ScanReport, Uint8ArrayLike, Verdict, YaraMatch, } from "./types";
+export { analyzeNestedArchives, detectObfuscatedScripts, detectPolyglot, } from "./utils/advanced-detection";
+export { type ExportFormat, type ExportOptions, exportScanResults, ScanResultExporter, } from "./utils/export";
+export { aggregateScanStats, type PerformanceMetrics, PerformanceTracker, type ScanStatistics, } from "./utils/performance-metrics";
+export { validateFile } from "./validate";
+export { mapMatchesToVerdict } from "./verdict";

package/dist/types/config.d.ts

@@ -2,9 +2,9 @@
  * Advanced configuration system for pompelmi
  * @module config
  */
-import type { PresetName, PresetOptions } from './presets';
-import type { CacheOptions } from './utils/cache-manager';
-import type { ScanReport } from './types';
+import type { PresetName, PresetOptions } from "./presets";
+import type { ScanReport } from "./types";
+import type { CacheOptions } from "./utils/cache-manager";
 export interface ScannerConfig {
     /** Default preset to use */
     defaultPreset?: PresetName;
@@ -50,7 +50,7 @@ export interface ScannerConfig {
         /** Enable detailed logging */
         verbose?: boolean;
         /** Log level (debug, info, warn, error) */
-        level?: 'debug' | 'info' | 'warn' | 'error';
+        level?: "debug" | "info" | "warn" | "error";
         /** Enable scan statistics */
         enableStats?: boolean;
     };

package/dist/types/engines/dynamic-taint.d.ts

@@ -4,7 +4,7 @@
  * Advanced taint tracking implementation for comprehensive data flow analysis
  * with support for memory tainting, register tracking, and vulnerability detection.
  */
-import type { TaintSource, TaintLabel, TaintedMemory, TaintedRegister, TaintConfig, TaintAnalysisResult, TaintCapableEngine } from '../types/taint-tracking';
+import type { TaintAnalysisResult, TaintCapableEngine, TaintConfig, TaintedMemory, TaintedRegister, TaintLabel, TaintSource } from "../types/taint-tracking";
 /**
  * Advanced dynamic taint analysis engine with comprehensive tracking capabilities
  */

package/dist/types/engines/hybrid-orchestrator.d.ts

@@ -4,7 +4,7 @@
  * Advanced orchestration framework for coordinating multiple analysis engines
  * including Binary Ninja, Ghidra, dynamic taint tracking, and custom engines.
  */
-import type { AnalysisEngine, AnalysisPhase, EngineCapability, HybridConfig, HybridAnalysisResult, HybridOrchestrator } from '../types/taint-tracking';
+import type { AnalysisEngine, AnalysisPhase, EngineCapability, HybridAnalysisResult, HybridConfig, HybridOrchestrator } from "../types/taint-tracking";
 /**
  * Main hybrid orchestration engine
  */

package/dist/types/engines/hybrid-taint-integration.d.ts

@@ -4,9 +4,9 @@
  * Complete integration package for dynamic taint tracking and hybrid orchestration
  * with existing Pompelmi decompilation engines and HIPAA compliance.
  */
-import type { TaintConfig, TaintAnalysisResult, HybridConfig, HybridAnalysisResult, AnalysisEngine } from '../types/taint-tracking';
-import type { TaintPolicy } from './taint-policies';
-import type { DecompilationScanner, DecompilationResult } from '../types/decompilation';
+import type { DecompilationResult, DecompilationScanner } from "../types/decompilation";
+import type { AnalysisEngine, HybridAnalysisResult, HybridConfig, TaintAnalysisResult, TaintConfig } from "../types/taint-tracking";
+import type { TaintPolicy } from "./taint-policies";
 /**
  * Enhanced analysis result combining all engines
  */
@@ -33,7 +33,7 @@ export interface EnhancedAnalysisResult {
         riskScore: number;
         vulnerabilities: Array<{
             type: string;
-            severity: 'low' | 'medium' | 'high' | 'critical';
+            severity: "low" | "medium" | "high" | "critical";
             confidence: number;
             description: string;
             evidence: any;
@@ -46,7 +46,7 @@ export interface EnhancedAnalysisResult {
         hipaaCompliant: boolean;
         issues: Array<{
             type: string;
-            severity: 'info' | 'warning' | 'critical';
+            severity: "info" | "warning" | "critical";
             description: string;
             remediation: string;
         }>;
@@ -91,7 +91,7 @@ export declare class HybridTaintAnalyzer {
     /**
      * Get policies by use case
      */
-    getPoliciesByUseCase(useCase: 'malware' | 'vulnerability' | 'compliance' | 'forensics' | 'general'): TaintPolicy[];
+    getPoliciesByUseCase(useCase: "malware" | "vulnerability" | "compliance" | "forensics" | "general"): TaintPolicy[];
     /**
      * Register a custom analysis policy
      */

package/dist/types/engines/taint-policies.d.ts

@@ -5,7 +5,7 @@
  * analysis scenarios including malware analysis, vulnerability assessment,
  * and compliance auditing.
  */
-import type { TaintConfig, OrchestrationStrategy, HybridConfig, AnalysisEngine } from '../types/taint-tracking';
+import type { AnalysisEngine, HybridConfig, OrchestrationStrategy, TaintConfig } from "../types/taint-tracking";
 /**
  * Policy template for different analysis scenarios
  */
@@ -15,7 +15,7 @@ export interface TaintPolicy {
     /** Policy description */
     description: string;
     /** Target use case */
-    useCase: 'malware' | 'vulnerability' | 'compliance' | 'forensics' | 'general';
+    useCase: "malware" | "vulnerability" | "compliance" | "forensics" | "general";
     /** Taint tracking configuration */
     taintConfig: TaintConfig;
     /** Hybrid orchestration strategy */
@@ -26,7 +26,7 @@ export interface TaintPolicy {
         author: string;
         created: string;
         tags: string[];
-        riskLevel: 'low' | 'medium' | 'high' | 'critical';
+        riskLevel: "low" | "medium" | "high" | "critical";
     };
 }
 /**
@@ -47,7 +47,7 @@ export declare class TaintPolicyManager {
     /**
      * Get policies by use case
      */
-    getPoliciesByUseCase(useCase: TaintPolicy['useCase']): TaintPolicy[];
+    getPoliciesByUseCase(useCase: TaintPolicy["useCase"]): TaintPolicy[];
     /**
      * Register a custom policy
      */

package/dist/types/hipaa-compliance.d.ts

@@ -22,7 +22,7 @@ export interface HipaaConfig {
 }
 export interface AuditEvent {
     timestamp: string;
-    eventType: 'file_scan' | 'temp_file_created' | 'temp_file_deleted' | 'error_occurred' | 'phi_detected' | 'security_violation';
+    eventType: "file_scan" | "temp_file_created" | "temp_file_deleted" | "error_occurred" | "phi_detected" | "security_violation";
     sessionId: string;
     userId?: string;
     details: {
@@ -66,7 +66,7 @@ declare class HipaaComplianceManager {
     /**
      * Log audit event
      */
-    auditLog(eventType: AuditEvent['eventType'], details: Partial<AuditEvent['details']>): void;
+    auditLog(eventType: AuditEvent["eventType"], details: Partial<AuditEvent["details"]>): void;
     /**
      * Write audit event to file
      */

package/dist/types/hooks.d.ts

@@ -28,8 +28,8 @@
  *
  * @module hooks
  */
-import type { ScanContext, ScanReport } from './types';
-import type { QuarantineEntry } from './quarantine/types';
+import type { QuarantineEntry } from "./quarantine/types";
+import type { ScanContext, ScanReport } from "./types";
 export interface ScanStartContext extends ScanContext {
     /** Unique identifier for this scan invocation (useful for correlating logs). */
     scanId?: string;

package/dist/types/index.d.ts

@@ -7,23 +7,23 @@
  * For browser-safe usage, import from 'pompelmi/browser'.
  * For React hooks, import from 'pompelmi/react'.
  */
-export { scanFiles, scanBytes, scanFile, type ScanOptions } from './scan';
-export { validateFile } from './validate';
-export { scanFilesWithRemoteYara } from './scan/remote';
-export { CommonHeuristicsScanner } from './scanners/common-heuristics';
-export { createZipBombGuard } from './scanners/zip-bomb-guard';
-export { definePolicy, DEFAULT_POLICY } from './policy';
-export { POLICY_PACKS, DOCUMENTS_ONLY, IMAGES_ONLY, STRICT_PUBLIC_UPLOAD, CONSERVATIVE_DEFAULT, ARCHIVES, getPolicyPack, type PolicyPackName, } from './policy-packs';
-export { composeScanners, createPresetScanner, type PresetName, type PresetOptions, type NamedScanner, type ComposeScannerOptions, } from './presets';
-export { mapMatchesToVerdict } from './verdict';
-export * from './types';
-export type { YaraMatch } from './yara/index';
-export type { NodeScanOptions, NodeFileEntry } from './node/scanDir';
-export { PerformanceTracker, aggregateScanStats, type PerformanceMetrics, type ScanStatistics, } from './utils/performance-metrics';
-export { detectPolyglot, detectObfuscatedScripts, analyzeNestedArchives, } from './utils/advanced-detection';
-export { ScanCacheManager, getDefaultCache, resetDefaultCache, type CacheEntry, type CacheOptions, type CacheStats, } from './utils/cache-manager';
-export { BatchScanner, batchScan, type BatchScanOptions, type BatchScanResult, type ScanTask, } from './utils/batch-scanner';
-export { ThreatIntelligenceAggregator, LocalThreatIntelligence, createThreatIntelligence, getFileHash, type ThreatIntelligenceSource, type ThreatInfo, type EnhancedScanReport, } from './utils/threat-intelligence';
-export { ScanResultExporter, exportScanResults, type ExportFormat, type ExportOptions, } from './utils/export';
-export { ConfigManager, createConfig, getPresetConfig, DEFAULT_CONFIG, CONFIG_PRESETS, type ScannerConfig, } from './config';
-export { initializeHipaaCompliance, getHipaaManager, createHipaaError, HipaaTemp, type HipaaConfig, type AuditEvent, } from './hipaa-compliance';
+export { CONFIG_PRESETS, ConfigManager, createConfig, DEFAULT_CONFIG, getPresetConfig, type ScannerConfig, } from "./config";
+export { type AuditEvent, createHipaaError, getHipaaManager, type HipaaConfig, HipaaTemp, initializeHipaaCompliance, } from "./hipaa-compliance";
+export type { NodeFileEntry, NodeScanOptions } from "./node/scanDir";
+export { DEFAULT_POLICY, definePolicy } from "./policy";
+export { ARCHIVES, CONSERVATIVE_DEFAULT, DOCUMENTS_ONLY, getPolicyPack, IMAGES_ONLY, POLICY_PACKS, type PolicyPackName, STRICT_PUBLIC_UPLOAD, } from "./policy-packs";
+export { type ComposeScannerOptions, composeScanners, createPresetScanner, type NamedScanner, type PresetName, type PresetOptions, } from "./presets";
+export { type ScanOptions, scanBytes, scanFile, scanFiles } from "./scan";
+export { scanFilesWithRemoteYara } from "./scan/remote";
+export { CommonHeuristicsScanner } from "./scanners/common-heuristics";
+export { createZipBombGuard } from "./scanners/zip-bomb-guard";
+export * from "./types";
+export { analyzeNestedArchives, detectObfuscatedScripts, detectPolyglot, } from "./utils/advanced-detection";
+export { BatchScanner, type BatchScanOptions, type BatchScanResult, batchScan, type ScanTask, } from "./utils/batch-scanner";
+export { type CacheEntry, type CacheOptions, type CacheStats, getDefaultCache, resetDefaultCache, ScanCacheManager, } from "./utils/cache-manager";
+export { type ExportFormat, type ExportOptions, exportScanResults, ScanResultExporter, } from "./utils/export";
+export { aggregateScanStats, type PerformanceMetrics, PerformanceTracker, type ScanStatistics, } from "./utils/performance-metrics";
+export { createThreatIntelligence, type EnhancedScanReport, getFileHash, LocalThreatIntelligence, type ThreatInfo, ThreatIntelligenceAggregator, type ThreatIntelligenceSource, } from "./utils/threat-intelligence";
+export { validateFile } from "./validate";
+export { mapMatchesToVerdict } from "./verdict";
+export type { YaraMatch } from "./yara/index";

package/dist/types/node/scanDir.d.ts

@@ -1,4 +1,4 @@
-import type { YaraMatch } from '../yara/index';
+import type { YaraMatch } from "../yara/index";
 export interface NodeScanOptions {
     enableYara?: boolean;
     yaraRules?: string;
@@ -9,14 +9,14 @@ export interface NodeScanOptions {
     yaraSampleBytes?: number;
     yaraPreferBuffer?: boolean;
 }
-export type NodeYaraVerdict = 'malicious' | 'suspicious' | 'clean';
+export type NodeYaraVerdict = "malicious" | "suspicious" | "clean";
 export interface NodeYaraResult {
     matches: YaraMatch[];
-    status: 'scanned' | 'skipped' | 'error';
+    status: "scanned" | "skipped" | "error";
     /** per i 'skipped', perché abbiamo saltato */
-    reason?: 'max-size' | 'filtered-ext' | 'not-enabled' | 'engine-missing' | 'error';
+    reason?: "max-size" | "filtered-ext" | "not-enabled" | "engine-missing" | "error";
     /** come abbiamo scansionato quando status = 'scanned' */
-    mode?: 'async' | 'file' | 'buffer' | 'buffer-sampled';
+    mode?: "async" | "file" | "buffer" | "buffer-sampled";
     /** verdetto derivato dai match (solo quando status='scanned') */
     verdict?: NodeYaraVerdict;
 }

package/dist/types/policy-packs.d.ts

@@ -23,7 +23,7 @@
  *
  * @module policy-packs
  */
-import { type Policy } from './policy';
+import { type Policy } from "./policy";
 /**
  * Documents-only policy.
  *
@@ -81,7 +81,7 @@ export declare const CONSERVATIVE_DEFAULT: Policy;
  * ```
  */
 export declare const ARCHIVES: Policy;
-export type PolicyPackName = 'documents-only' | 'images-only' | 'strict-public-upload' | 'conservative-default' | 'archives';
+export type PolicyPackName = "documents-only" | "images-only" | "strict-public-upload" | "conservative-default" | "archives";
 /**
  * Named map of all built-in policy packs.
  *

package/dist/types/presets.d.ts

@@ -1,10 +1,10 @@
-import type { Scanner, ScanFn, Verdict, AnalysisDepth } from "./types";
-export type PresetName = 'basic' | 'advanced' | 'malware-analysis' | 'decompilation-basic' | 'decompilation-deep' | string;
+import type { AnalysisDepth, ScanFn, Scanner, Verdict } from "./types";
+export type PresetName = "basic" | "advanced" | "malware-analysis" | "decompilation-basic" | "decompilation-deep" | string;
 export interface PresetOptions {
     yaraRules?: string | string[];
     yaraTimeout?: number;
     enableDecompilation?: boolean;
-    decompilationEngine?: 'binaryninja-hlil' | 'ghidra-pcode' | 'both';
+    decompilationEngine?: "binaryninja-hlil" | "ghidra-pcode" | "both";
     decompilationDepth?: AnalysisDepth;
     decompilationTimeout?: number;
     binaryNinjaPath?: string;

package/dist/types/quarantine/index.d.ts

@@ -13,6 +13,6 @@
  * This module is Node.js-only (uses fs/crypto/path).
  * It is NOT included in the 'pompelmi/browser' or 'pompelmi/react' bundles.
  */
-export { QuarantineManager, type QuarantineManagerOptions } from './workflow';
-export { FilesystemQuarantineStorage, type QuarantineStorage, type FilesystemQuarantineStorageOptions, } from './storage';
-export type { QuarantineEntry, QuarantinedFileInfo, QuarantineStatus, QuarantineDecision, QuarantineReview, QuarantineReport, QuarantineFilter, } from './types';
+export { FilesystemQuarantineStorage, type FilesystemQuarantineStorageOptions, type QuarantineStorage, } from "./storage";
+export type { QuarantineDecision, QuarantinedFileInfo, QuarantineEntry, QuarantineFilter, QuarantineReport, QuarantineReview, QuarantineStatus, } from "./types";
+export { QuarantineManager, type QuarantineManagerOptions } from "./workflow";

package/dist/types/quarantine/storage.d.ts

@@ -11,7 +11,7 @@
  *
  * @module quarantine/storage
  */
-import type { QuarantineEntry, QuarantineFilter } from './types';
+import type { QuarantineEntry, QuarantineFilter } from "./types";
 /**
  * Storage adapter for the quarantine workflow.
  * Implement this interface to support any backend (S3, GCS, DB, etc.).

package/dist/types/quarantine/types.d.ts

@@ -10,9 +10,9 @@
  *
  * @module quarantine/types
  */
-import type { ScanReport } from '../types';
+import type { ScanReport } from "../types";
 /** The review status of a quarantined file. */
-export type QuarantineStatus = 'pending' | 'reviewing' | 'promoted' | 'deleted';
+export type QuarantineStatus = "pending" | "reviewing" | "promoted" | "deleted";
 /** Immutable metadata about the file at upload time. */
 export interface QuarantinedFileInfo {
     /** Original filename supplied by the uploader. */
@@ -52,7 +52,7 @@ export interface QuarantineEntry {
     tags?: string[];
 }
 /** The outcome of a manual review. */
-export type QuarantineDecision = 'promote' | 'delete';
+export type QuarantineDecision = "promote" | "delete";
 /** Input required to resolve a quarantine entry. */
 export interface QuarantineReview {
     decision: QuarantineDecision;

package/dist/types/quarantine/workflow.d.ts

@@ -25,9 +25,9 @@
  *
  * @module quarantine/workflow
  */
-import type { ScanReport } from '../types';
-import type { QuarantineEntry, QuarantineFilter, QuarantineReport, QuarantineReview, QuarantinedFileInfo } from './types';
-import type { QuarantineStorage } from './storage';
+import type { ScanReport } from "../types";
+import type { QuarantineStorage } from "./storage";
+import type { QuarantinedFileInfo, QuarantineEntry, QuarantineFilter, QuarantineReport, QuarantineReview } from "./types";
 export interface QuarantineManagerOptions {
     /** Storage adapter — use `FilesystemQuarantineStorage` for local deployments. */
     storage: QuarantineStorage;
@@ -64,7 +64,7 @@ export declare class QuarantineManager {
      * @param report    The scan report that triggered quarantine.
      * @param fileInfo  Partial metadata; `sha256` is derived from `bytes` if omitted.
      */
-    quarantine(bytes: Uint8Array, report: ScanReport, fileInfo: Omit<QuarantinedFileInfo, 'sha256'> & {
+    quarantine(bytes: Uint8Array, report: ScanReport, fileInfo: Omit<QuarantinedFileInfo, "sha256"> & {
         sha256?: string;
     }): Promise<QuarantineEntry>;
     /**

package/dist/types/react-index.d.ts

@@ -9,5 +9,5 @@
  * @example
  * import { useFileScanner } from 'pompelmi/react';
  */
-export * from './browser-index';
-export { useFileScanner } from './useFileScanner';
+export * from "./browser-index";
+export { useFileScanner } from "./useFileScanner";

package/dist/types/risk.d.ts

@@ -1,4 +1,4 @@
-export type Severity = 'clean' | 'suspicious' | 'malicious';
+export type Severity = "clean" | "suspicious" | "malicious";
 export type Match = {
     rule: string;
     meta?: Record<string, any>;

package/dist/types/scan/remote.d.ts

@@ -1,5 +1,5 @@
-import type { YaraMatch } from '../yara/index';
-import type { RemoteEngineOptions } from '../yara/remote';
+import type { YaraMatch } from "../yara/index";
+import type { RemoteEngineOptions } from "../yara/remote";
 export interface RemoteScanResult {
     file: File;
     matches: YaraMatch[];

package/dist/types/scan.d.ts

@@ -1,6 +1,6 @@
-import { type PresetName } from './presets';
-import type { ScanContext, ScanReport } from './types';
-import type { ScannerConfig } from './config';
+import type { ScannerConfig } from "./config";
+import { type PresetName } from "./presets";
+import type { ScanContext, ScanReport } from "./types";
 export type ScanOptions = {
     preset?: PresetName;
     ctx?: ScanContext;
@@ -12,6 +12,6 @@ export type ScanOptions = {
 /** Scan di bytes (browser/node) usando preset (default: zip-basic) */
 export declare function scanBytes(input: Uint8Array, opts?: ScanOptions): Promise<ScanReport>;
 /** Scan di un file su disco (Node). Import dinamico per non vincolare il bundle browser. */
-export declare function scanFile(filePath: string, opts?: Omit<ScanOptions, 'ctx'>): Promise<ScanReport>;
+export declare function scanFile(filePath: string, opts?: Omit<ScanOptions, "ctx">): Promise<ScanReport>;
 /** Scan multipli File (browser) usando scanBytes + preset di default */
-export declare function scanFiles(files: ArrayLike<File>, opts?: Omit<ScanOptions, 'ctx'>): Promise<ScanReport[]>;
+export declare function scanFiles(files: ArrayLike<File>, opts?: Omit<ScanOptions, "ctx">): Promise<ScanReport[]>;

package/dist/types/scanners/common-heuristics.d.ts

@@ -5,7 +5,7 @@
  */
 export type HeuristicMatch = {
     rule: string;
-    severity?: 'info' | 'low' | 'medium' | 'high' | 'critical' | 'suspicious' | 'malicious';
+    severity?: "info" | "low" | "medium" | "high" | "critical" | "suspicious" | "malicious";
     meta?: Record<string, unknown>;
 };
 export interface SimpleScanner {

package/dist/types/scanners/zip-bomb-guard.d.ts

@@ -1,4 +1,4 @@
-import { type Scanner } from '../types';
+import type { Scanner } from "../types";
 export type ZipBombGuardOptions = {
     maxEntries?: number;
     maxTotalUncompressedBytes?: number;

package/dist/types/src/audit.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Audit trail for Pompelmi scan and quarantine events.
+ *
+ * Produces structured, append-only audit records suitable for:
+ *   - compliance logging (HIPAA, SOC 2, ISO 27001)
+ *   - SIEM ingestion
+ *   - operational dashboards
+ *   - incident response
+ *
+ * Usage:
+ * ```ts
+ * import { AuditTrail } from 'pompelmi/audit';
+ *
+ * const audit = new AuditTrail({ dest: 'file', path: './audit.jsonl' });
+ * audit.logScanComplete({ filename: 'upload.zip', verdict: 'suspicious', ... });
+ * audit.logQuarantine({ entryId: '...', sha256: '...', ... });
+ * ```
+ *
+ * @module audit
+ */
+import type { QuarantineEntry } from "./quarantine/types";
+import type { ScanReport } from "./types";
+export type AuditEventType = "scan.complete" | "scan.error" | "threat.detected" | "quarantine.created" | "quarantine.resolved" | "quarantine.deleted";
+interface BaseAuditRecord {
+    /** ISO-8601 timestamp. */
+    timestamp: string;
+    /** Event type for structured log routing. */
+    event: AuditEventType;
+    /** Application-assigned session or request id for correlation. */
+    correlationId?: string;
+    /** Uploader identity. */
+    uploadedBy?: string;
+}
+export interface ScanAuditRecord extends BaseAuditRecord {
+    event: "scan.complete" | "scan.error" | "threat.detected";
+    filename?: string;
+    mimeType?: string;
+    sizeBytes?: number;
+    sha256?: string;
+    verdict: ScanReport["verdict"];
+    matchCount: number;
+    durationMs?: number;
+    engine?: string;
+    error?: string;
+}
+export interface QuarantineAuditRecord extends BaseAuditRecord {
+    event: "quarantine.created" | "quarantine.resolved" | "quarantine.deleted";
+    quarantineId: string;
+    filename?: string;
+    sha256: string;
+    decision?: "promote" | "delete";
+    reviewedBy?: string;
+    reviewNote?: string;
+}
+export type AuditRecord = ScanAuditRecord | QuarantineAuditRecord;
+export type AuditDest = {
+    dest: "console";
+} | {
+    dest: "file";
+    path: string;
+} | {
+    dest: "custom";
+    write: (record: AuditRecord) => void | Promise<void>;
+};
+export interface AuditTrailOptions {
+    /** Where to write audit records. Default: 'console'. */
+    output?: AuditDest;
+    /** If true, pretty-print JSON. Useful for debugging. Default: false. */
+    pretty?: boolean;
+}
+export declare class AuditTrail {
+    private readonly options;
+    constructor(options?: AuditTrailOptions);
+    /** Log a completed scan. */
+    logScanComplete(report: ScanReport, extra?: Pick<ScanAuditRecord, "filename" | "sizeBytes" | "sha256" | "correlationId" | "uploadedBy">): void;
+    /** Log a scan error. */
+    logScanError(error: unknown, extra?: Pick<ScanAuditRecord, "filename" | "correlationId" | "uploadedBy">): void;
+    /** Log a new quarantine entry. */
+    logQuarantine(entry: QuarantineEntry, correlationId?: string): void;
+    /** Log a quarantine resolution (promote or delete). */
+    logQuarantineResolved(entry: QuarantineEntry, correlationId?: string): void;
+    private write;
+}
+export {};

package/dist/types/src/browser-index.d.ts

@@ -0,0 +1,29 @@
+/**
+ * src/browser-index.ts — Browser-safe entry point for Pompelmi.
+ *
+ * This bundle contains ONLY modules that are safe to use in a browser/bundler
+ * environment. It does NOT include:
+ *  - HIPAA compliance module (uses Node.js crypto/os/path)
+ *  - Cache manager (uses Node.js crypto for content hashing)
+ *  - Threat intelligence (uses Node.js crypto)
+ *  - ZIP streaming (uses unzipper, a Node.js stream library)
+ *  - YARA native bindings
+ *  - Batch scanner (Node.js-optimised concurrency)
+ *
+ * For the full Node.js API (all of the above included), import from 'pompelmi'
+ * or 'pompelmi/node'.
+ *
+ * For the React hook, import from 'pompelmi/react'.
+ */
+export { DEFAULT_POLICY, definePolicy } from "./policy";
+export { ARCHIVES, CONSERVATIVE_DEFAULT, DOCUMENTS_ONLY, getPolicyPack, IMAGES_ONLY, POLICY_PACKS, type PolicyPackName, STRICT_PUBLIC_UPLOAD, } from "./policy-packs";
+export { type ComposeScannerOptions, composeScanners, createPresetScanner, type NamedScanner, type PresetName, type PresetOptions, } from "./presets";
+export { type ScanOptions, scanBytes, scanFile, scanFiles } from "./scan";
+export { CommonHeuristicsScanner } from "./scanners/common-heuristics";
+export { createZipBombGuard } from "./scanners/zip-bomb-guard";
+export type { FileInfo, Match, ScanContext, ScanFn, Scanner, ScanReport, Uint8ArrayLike, Verdict, YaraMatch, } from "./types";
+export { analyzeNestedArchives, detectObfuscatedScripts, detectPolyglot, } from "./utils/advanced-detection";
+export { type ExportFormat, type ExportOptions, exportScanResults, ScanResultExporter, } from "./utils/export";
+export { aggregateScanStats, type PerformanceMetrics, PerformanceTracker, type ScanStatistics, } from "./utils/performance-metrics";
+export { validateFile } from "./validate";
+export { mapMatchesToVerdict } from "./verdict";