pompelmi 0.35.5 → 1.1.0

package/dist/types/src/hooks.d.ts

@@ -1,89 +0,0 @@
-/**
- * Scan lifecycle hooks for Pompelmi.
- *
- * Hooks let you observe and react to scan events without modifying the scan
- * pipeline itself.  They are the recommended integration point for:
- *   - logging / metrics collection
- *   - alerting on threats
- *   - triggering quarantine automatically
- *   - OpenTelemetry span creation
- *
- * Usage:
- * ```ts
- * import { scanBytes } from 'pompelmi';
- * import { createScanHooks, withHooks } from 'pompelmi/hooks';
- *
- * const hooks = createScanHooks({
- *   onScanComplete(ctx, report) {
- *     console.log(ctx.filename, report.verdict, report.durationMs + 'ms');
- *   },
- *   onThreatDetected(ctx, report) {
- *     alertTeam({ file: ctx.filename, verdict: report.verdict });
- *   },
- * });
- *
- * const scan = withHooks(scanBytes, hooks);
- * const report = await scan(bytes, { ctx: { filename: 'upload.zip' } });
- * ```
- *
- * @module hooks
- */
-import type { QuarantineEntry } from "./quarantine/types";
-import type { ScanContext, ScanReport } from "./types";
-export interface ScanStartContext extends ScanContext {
-    /** Unique identifier for this scan invocation (useful for correlating logs). */
-    scanId?: string;
-    /** Timestamp when the scan started (ms since epoch). */
-    startedAt: number;
-}
-export interface ScanCompleteContext extends ScanStartContext {
-    /** Duration of the scan in milliseconds. */
-    durationMs: number;
-}
-/**
- * Callbacks for the scan lifecycle.  All hooks are optional.
- *
- * Hooks MUST NOT throw — wrap logic in try/catch if it can fail.
- * Async hooks are fire-and-forget; they do not block the scan result.
- */
-export interface ScanHooks {
-    /**
-     * Called immediately before a scan begins.
-     */
-    onScanStart?: (ctx: ScanStartContext) => void | Promise<void>;
-    /**
-     * Called when a scan completes successfully (any verdict, including clean).
-     */
-    onScanComplete?: (ctx: ScanCompleteContext, report: ScanReport) => void | Promise<void>;
-    /**
-     * Called when the scan verdict is 'suspicious' or 'malicious'.
-     * Fired in addition to `onScanComplete`.
-     */
-    onThreatDetected?: (ctx: ScanCompleteContext, report: ScanReport) => void | Promise<void>;
-    /**
-     * Called when a file has been quarantined.
-     * Requires wiring with a `QuarantineManager`; not fired automatically by `scanBytes`.
-     */
-    onQuarantine?: (entry: QuarantineEntry) => void | Promise<void>;
-    /**
-     * Called when a scan throws an unexpected error.
-     */
-    onScanError?: (ctx: ScanStartContext, error: unknown) => void | Promise<void>;
-}
-/**
- * Create a `ScanHooks` object with optional defaults.
- * This is a thin factory — the value of using it is the inline TS types.
- */
-export declare function createScanHooks(hooks: ScanHooks): ScanHooks;
-type ScanFn = (bytes: Uint8Array, opts?: {
-    ctx?: ScanContext;
-    [k: string]: unknown;
-}) => Promise<ScanReport>;
-/**
- * Wrap a scan function with lifecycle hooks.
- *
- * Returns a new function with the same signature that fires the hooks
- * around each scan call.
- */
-export declare function withHooks(scanFn: ScanFn, hooks: ScanHooks): ScanFn;
-export {};

package/dist/types/src/index.d.ts

@@ -1,29 +0,0 @@
-/**
- * src/index.ts — Primary Node.js entry point for Pompelmi.
- *
- * This is the full API including Node.js-only modules (HIPAA compliance,
- * crypto-based caching and hashing, ZIP streaming, YARA native bindings).
- *
- * For browser-safe usage, import from 'pompelmi/browser'.
- * For React hooks, import from 'pompelmi/react'.
- */
-export { CONFIG_PRESETS, ConfigManager, createConfig, DEFAULT_CONFIG, getPresetConfig, type ScannerConfig, } from "./config";
-export { type AuditEvent, createHipaaError, getHipaaManager, type HipaaConfig, HipaaTemp, initializeHipaaCompliance, } from "./hipaa-compliance";
-export type { NodeFileEntry, NodeScanOptions } from "./node/scanDir";
-export { DEFAULT_POLICY, definePolicy } from "./policy";
-export { ARCHIVES, CONSERVATIVE_DEFAULT, DOCUMENTS_ONLY, getPolicyPack, IMAGES_ONLY, POLICY_PACKS, type PolicyPackName, STRICT_PUBLIC_UPLOAD, } from "./policy-packs";
-export { type ComposeScannerOptions, composeScanners, createPresetScanner, type NamedScanner, type PresetName, type PresetOptions, } from "./presets";
-export { type ScanOptions, scanBytes, scanFile, scanFiles } from "./scan";
-export { scanFilesWithRemoteYara } from "./scan/remote";
-export { CommonHeuristicsScanner } from "./scanners/common-heuristics";
-export { createZipBombGuard } from "./scanners/zip-bomb-guard";
-export * from "./types";
-export { analyzeNestedArchives, detectObfuscatedScripts, detectPolyglot, } from "./utils/advanced-detection";
-export { BatchScanner, type BatchScanOptions, type BatchScanResult, batchScan, type ScanTask, } from "./utils/batch-scanner";
-export { type CacheEntry, type CacheOptions, type CacheStats, getDefaultCache, resetDefaultCache, ScanCacheManager, } from "./utils/cache-manager";
-export { type ExportFormat, type ExportOptions, exportScanResults, ScanResultExporter, } from "./utils/export";
-export { aggregateScanStats, type PerformanceMetrics, PerformanceTracker, type ScanStatistics, } from "./utils/performance-metrics";
-export { createThreatIntelligence, type EnhancedScanReport, getFileHash, LocalThreatIntelligence, type ThreatInfo, ThreatIntelligenceAggregator, type ThreatIntelligenceSource, } from "./utils/threat-intelligence";
-export { validateFile } from "./validate";
-export { mapMatchesToVerdict } from "./verdict";
-export type { YaraMatch } from "./yara/index";

package/dist/types/src/magic.d.ts

@@ -1,7 +0,0 @@
-export type Sniff = {
-    mime: string;
-    extHint?: string;
-    confidence: number;
-};
-export declare function sniff(bytes: Uint8Array): Sniff | null;
-export declare function hasSuspiciousJpegTrailer(bytes: Uint8Array, maxTrailer?: number): boolean;

package/dist/types/src/node/scanDir.d.ts

@@ -1,30 +0,0 @@
-import type { YaraMatch } from "../yara/index";
-export interface NodeScanOptions {
-    enableYara?: boolean;
-    yaraRules?: string;
-    yaraRulesPath?: string;
-    includeExtensions?: string[];
-    yaraAsync?: boolean;
-    maxFileSizeBytes?: number;
-    yaraSampleBytes?: number;
-    yaraPreferBuffer?: boolean;
-}
-export type NodeYaraVerdict = "malicious" | "suspicious" | "clean";
-export interface NodeYaraResult {
-    matches: YaraMatch[];
-    status: "scanned" | "skipped" | "error";
-    /** per i 'skipped', perché abbiamo saltato */
-    reason?: "max-size" | "filtered-ext" | "not-enabled" | "engine-missing" | "error";
-    /** come abbiamo scansionato quando status = 'scanned' */
-    mode?: "async" | "file" | "buffer" | "buffer-sampled";
-    /** verdetto derivato dai match (solo quando status='scanned') */
-    verdict?: NodeYaraVerdict;
-}
-export interface NodeFileEntry {
-    path: string;
-    absPath: string;
-    isDir: boolean;
-    yara?: NodeYaraResult;
-}
-/** Scansiona una directory in modo ricorsivo, emettendo le entry e (opzionale) i match YARA. */
-export declare function scanDir(root: string, opts?: NodeScanOptions): AsyncGenerator<NodeFileEntry>;

package/dist/types/src/policy-packs.d.ts

@@ -1,98 +0,0 @@
-/**
- * Policy packs for Pompelmi.
- *
- * Pre-configured, named policies for common upload scenarios.  Each pack
- * defines the file type allowlist, size limits, and timeout appropriate for
- * its use case.
- *
- * All packs are built on `definePolicy` and are fully overridable:
- *
- * ```ts
- * import { POLICY_PACKS } from 'pompelmi/policy-packs';
- *
- * // Use a pack as-is:
- * const policy = POLICY_PACKS['images-only'];
- *
- * // Or override individual fields:
- * import { definePolicy } from 'pompelmi';
- * const custom = definePolicy({ ...POLICY_PACKS['documents-only'], maxFileSizeBytes: 5 * 1024 * 1024 });
- * ```
- *
- * These packs are *deterministic* and *descriptor-based* — they do not
- * depend on any external threat intelligence feed.
- *
- * @module policy-packs
- */
-import { type Policy } from "./policy";
-/**
- * Documents-only policy.
- *
- * Appropriate for: document management APIs, PDF/Office file upload endpoints,
- * data import pipelines.
- *
- * Allowed: PDF, Word (.docx/.doc), Excel (.xlsx/.xls), PowerPoint (.pptx/.ppt),
- *   CSV, plain text, JSON, YAML, ODT/ODS/ODP (OpenDocument).
- * Max size: 25 MB.
- */
-export declare const DOCUMENTS_ONLY: Policy;
-/**
- * Images-only policy.
- *
- * Appropriate for: avatar uploads, product image APIs, content platforms with
- * user-generated imagery.
- *
- * Allowed: JPEG, PNG, GIF, WebP, AVIF, TIFF, BMP, ICO.
- * Max size: 10 MB.
- * Note: SVG is intentionally excluded — inline SVGs can contain scripts.
- */
-export declare const IMAGES_ONLY: Policy;
-/**
- * Strict public-upload policy.
- *
- * Appropriate for: anonymous or low-trust upload endpoints, public APIs,
- * any surface exposed to untrusted users.
- *
- * Aggressive size limit (5 MB), short timeout, fail-closed, narrow MIME
- * allowlist.  Only allows plain images and PDF.
- */
-export declare const STRICT_PUBLIC_UPLOAD: Policy;
-/**
- * Conservative default policy.
- *
- * A hardened version of the built-in `DEFAULT_POLICY` suitable for
- * production without further customisation.  Stricter size limit and
- * shorter timeout than the permissive default.
- */
-export declare const CONSERVATIVE_DEFAULT: Policy;
-/**
- * Archives policy.
- *
- * Appropriate for: endpoints that accept ZIP, tar, or compressed archives.
- * Combines a generous size allowance with a longer timeout for deep inspection.
- *
- * NOTE: Pair this policy with `createZipBombGuard()` to defend against
- * decompression-bomb attacks:
- *
- * ```ts
- * import { composeScanners, createZipBombGuard, CommonHeuristicsScanner } from 'pompelmi';
- * const scanner = composeScanners(
- *   [['zipGuard', createZipBombGuard()], ['heuristics', CommonHeuristicsScanner]]
- * );
- * ```
- */
-export declare const ARCHIVES: Policy;
-export type PolicyPackName = "documents-only" | "images-only" | "strict-public-upload" | "conservative-default" | "archives";
-/**
- * Named map of all built-in policy packs.
- *
- * ```ts
- * import { POLICY_PACKS } from 'pompelmi/policy-packs';
- * const policy = POLICY_PACKS['strict-public-upload'];
- * ```
- */
-export declare const POLICY_PACKS: Record<PolicyPackName, Policy>;
-/**
- * Look up a policy pack by name.
- * Throws if the name is not recognised.
- */
-export declare function getPolicyPack(name: PolicyPackName): Policy;

package/dist/types/src/policy.d.ts

@@ -1,12 +0,0 @@
-export interface Policy {
-    includeExtensions: string[];
-    allowedMimeTypes: string[];
-    maxFileSizeBytes: number;
-    timeoutMs: number;
-    concurrency: number;
-    failClosed: boolean;
-    onScanEvent?: (ev: unknown) => void;
-}
-export type PolicyInput = Partial<Policy>;
-export declare const DEFAULT_POLICY: Policy;
-export declare function definePolicy(input?: PolicyInput): Policy;

package/dist/types/src/presets.d.ts

@@ -1,72 +0,0 @@
-import type { AnalysisDepth, ScanFn, Scanner, Verdict } from "./types";
-export type PresetName = "basic" | "advanced" | "malware-analysis" | "decompilation-basic" | "decompilation-deep" | string;
-export interface PresetOptions {
-    yaraRules?: string | string[];
-    yaraTimeout?: number;
-    enableDecompilation?: boolean;
-    decompilationEngine?: "binaryninja-hlil" | "ghidra-pcode" | "both";
-    decompilationDepth?: AnalysisDepth;
-    decompilationTimeout?: number;
-    binaryNinjaPath?: string;
-    pythonPath?: string;
-    ghidraPath?: string;
-    analyzeHeadless?: string;
-    timeout?: number;
-    [key: string]: unknown;
-}
-/**
- * A named scanner entry used with the array form of `composeScanners`.
- * The first element is a display name for the scanner (used when
- * `tagSourceName: true`), and the second element is the scanner itself.
- *
- * @example
- * const entry: NamedScanner = ['zipGuard', createZipBombGuard({ ... })];
- */
-export type NamedScanner = [name: string, scanner: Scanner];
-/**
- * Options for `composeScanners` when using the named-scanner array form.
- */
-export interface ComposeScannerOptions {
-    /**
-     * When `true` scanners run concurrently (Promise.all).
-     * When `false` (default) they run sequentially in order.
-     */
-    parallel?: boolean;
-    /**
-     * Stop scanning as soon as a match at this severity level (or higher) is
-     * found.  Severity order: `'malicious'` > `'suspicious'` > `'clean'`.
-     * Only effective when `parallel` is `false`.
-     */
-    stopOn?: Verdict;
-    /** Maximum time in milliseconds to wait for each individual scanner. */
-    timeoutMsPerScanner?: number;
-    /**
-     * When `true`, each match is tagged with the scanner's display name via
-     * `match.meta._sourceName`.  Useful for tracing which scanner produced a
-     * given result.
-     */
-    tagSourceName?: boolean;
-}
-/**
- * Compose multiple scanners into a single scanner.
- *
- * **Named-scanner array form** (recommended — matches the README examples):
- * ```ts
- * const scanner = composeScanners(
- *   [
- *     ['zipGuard', createZipBombGuard({ maxEntries: 512, maxCompressionRatio: 12 })],
- *     ['heuristics', CommonHeuristicsScanner],
- *   ],
- *   { parallel: false, stopOn: 'malicious', timeoutMsPerScanner: 5000, tagSourceName: true }
- * );
- * ```
- *
- * **Variadic form** (backward-compatible):
- * ```ts
- * const scanner = composeScanners(scannerA, scannerB, scannerC);
- * ```
- */
-export declare function composeScanners(namedScanners: NamedScanner[], opts?: ComposeScannerOptions): ScanFn;
-export declare function composeScanners(...scanners: Scanner[]): ScanFn;
-export declare function createPresetScanner(preset: PresetName, opts?: PresetOptions): Scanner;
-export declare const PRESET_CONFIGS: Record<string, PresetOptions>;

package/dist/types/src/quarantine/index.d.ts

@@ -1,18 +0,0 @@
-/**
- * Pompelmi Quarantine Module
- *
- * Provides a first-class quarantine workflow for secure upload pipelines:
- *   scan → flag → quarantine → review → promote | delete
- *
- * Entry points:
- *   import { QuarantineManager, FilesystemQuarantineStorage } from 'pompelmi/quarantine';
- *
- * The storage layer is pluggable via the `QuarantineStorage` interface.
- * `FilesystemQuarantineStorage` is the reference implementation for local/on-premise use.
- *
- * This module is Node.js-only (uses fs/crypto/path).
- * It is NOT included in the 'pompelmi/browser' or 'pompelmi/react' bundles.
- */
-export { FilesystemQuarantineStorage, type FilesystemQuarantineStorageOptions, type QuarantineStorage, } from "./storage";
-export type { QuarantineDecision, QuarantinedFileInfo, QuarantineEntry, QuarantineFilter, QuarantineReport, QuarantineReview, QuarantineStatus, } from "./types";
-export { QuarantineManager, type QuarantineManagerOptions } from "./workflow";

package/dist/types/src/quarantine/storage.d.ts

@@ -1,77 +0,0 @@
-/**
- * Quarantine storage adapter interface and filesystem reference implementation.
- *
- * The `QuarantineStorage` interface decouples the quarantine workflow from any
- * specific persistence layer.  You can implement it for S3, GCS, a database,
- * or any other backend.
- *
- * The built-in `FilesystemQuarantineStorage` stores files and metadata as JSON
- * in a local directory — suitable for development, self-hosted, and on-premise
- * deployments where data must not leave the machine.
- *
- * @module quarantine/storage
- */
-import type { QuarantineEntry, QuarantineFilter } from "./types";
-/**
- * Storage adapter for the quarantine workflow.
- * Implement this interface to support any backend (S3, GCS, DB, etc.).
- */
-export interface QuarantineStorage {
-    /**
-     * Persist the raw bytes of a quarantined file.
-     * Returns a `storageKey` that can later be used to retrieve or delete the bytes.
-     */
-    saveFile(id: string, bytes: Uint8Array): Promise<string>;
-    /**
-     * Retrieve the raw bytes of a quarantined file.
-     * Returns `null` if the file is not found.
-     */
-    getFile(storageKey: string): Promise<Uint8Array | null>;
-    /**
-     * Permanently remove the raw bytes of a quarantined file.
-     * No-op if already removed.
-     */
-    deleteFile(storageKey: string): Promise<void>;
-    /** Persist a quarantine entry (metadata + scan report). */
-    saveEntry(entry: QuarantineEntry): Promise<void>;
-    /** Load a quarantine entry by id. Returns `null` if not found. */
-    getEntry(id: string): Promise<QuarantineEntry | null>;
-    /** Update an existing quarantine entry (partial update). */
-    updateEntry(id: string, patch: Partial<QuarantineEntry>): Promise<QuarantineEntry>;
-    /** List quarantine entries matching the given filter. */
-    listEntries(filter?: QuarantineFilter): Promise<QuarantineEntry[]>;
-    /** Return the total count of quarantine entries matching the filter. */
-    countEntries(filter?: QuarantineFilter): Promise<number>;
-}
-export interface FilesystemQuarantineStorageOptions {
-    /**
-     * Root directory for quarantine storage.
-     * Two subdirectories are created: `files/` (raw bytes) and `meta/` (JSON).
-     */
-    dir: string;
-    /** Create the directory if it does not exist (default: true). */
-    createIfMissing?: boolean;
-}
-/**
- * Reference implementation of `QuarantineStorage` backed by the local filesystem.
- *
- * File layout:
- *   <dir>/files/<storageKey>   — raw file bytes
- *   <dir>/meta/<id>.json       — QuarantineEntry JSON
- *
- * Suitable for single-process servers.  For multi-process or distributed
- * deployments, implement `QuarantineStorage` against a shared backend.
- */
-export declare class FilesystemQuarantineStorage implements QuarantineStorage {
-    private readonly filesDir;
-    private readonly metaDir;
-    constructor(options: FilesystemQuarantineStorageOptions);
-    saveFile(id: string, bytes: Uint8Array): Promise<string>;
-    getFile(storageKey: string): Promise<Uint8Array | null>;
-    deleteFile(storageKey: string): Promise<void>;
-    saveEntry(entry: QuarantineEntry): Promise<void>;
-    getEntry(id: string): Promise<QuarantineEntry | null>;
-    updateEntry(id: string, patch: Partial<QuarantineEntry>): Promise<QuarantineEntry>;
-    listEntries(filter?: QuarantineFilter): Promise<QuarantineEntry[]>;
-    countEntries(filter?: QuarantineFilter): Promise<number>;
-}

package/dist/types/src/quarantine/types.d.ts

@@ -1,78 +0,0 @@
-/**
- * Quarantine system types for Pompelmi.
- *
- * A quarantine entry represents a file that was flagged during scanning and is
- * held for manual review before being accepted or permanently removed.
- *
- * The lifecycle of a quarantined entry:
- *
- *   scan → flagged → quarantined → reviewed → promoted | deleted
- *
- * @module quarantine/types
- */
-import type { ScanReport } from "../types";
-/** The review status of a quarantined file. */
-export type QuarantineStatus = "pending" | "reviewing" | "promoted" | "deleted";
-/** Immutable metadata about the file at upload time. */
-export interface QuarantinedFileInfo {
-    /** Original filename supplied by the uploader. */
-    originalName: string;
-    /** Detected MIME type (from magic bytes, not the Content-Type header). */
-    mimeType?: string;
-    /** File size in bytes. */
-    sizeBytes: number;
-    /** SHA-256 hex digest of the file content. */
-    sha256: string;
-    /** Uploader identity — opaque string (user id, session id, IP, etc.). */
-    uploadedBy?: string;
-}
-/** A quarantine entry created when a file is flagged. */
-export interface QuarantineEntry {
-    /** Stable identifier for this quarantine entry (UUID). */
-    id: string;
-    /** Filename used to locate the quarantined bytes in storage. */
-    storageKey: string;
-    /** Metadata captured at upload time. */
-    file: QuarantinedFileInfo;
-    /** The scan report that triggered quarantine. */
-    scanReport: ScanReport;
-    /** ISO-8601 timestamp when the file was quarantined. */
-    quarantinedAt: string;
-    /** Current review status. */
-    status: QuarantineStatus;
-    /** ISO-8601 timestamp of the last status change. */
-    updatedAt: string;
-    /** Identity of the reviewer (operator id, etc.). Populated at review time. */
-    reviewedBy?: string;
-    /** Free-text review note from the operator. */
-    reviewNote?: string;
-    /** ISO-8601 timestamp when the final decision (promote/delete) was made. */
-    resolvedAt?: string;
-    /** Optional application-specific tags or labels. */
-    tags?: string[];
-}
-/** The outcome of a manual review. */
-export type QuarantineDecision = "promote" | "delete";
-/** Input required to resolve a quarantine entry. */
-export interface QuarantineReview {
-    decision: QuarantineDecision;
-    reviewedBy?: string;
-    reviewNote?: string;
-}
-/** A structured JSON report of all quarantined entries (for audit/export). */
-export interface QuarantineReport {
-    generatedAt: string;
-    totalEntries: number;
-    byStatus: Record<QuarantineStatus, number>;
-    entries: QuarantineEntry[];
-}
-/** Filter parameters for listing quarantine entries. */
-export interface QuarantineFilter {
-    status?: QuarantineStatus | QuarantineStatus[];
-    /** Return only entries quarantined after this ISO-8601 timestamp. */
-    after?: string;
-    /** Return only entries quarantined before this ISO-8601 timestamp. */
-    before?: string;
-    /** Maximum number of results to return. */
-    limit?: number;
-}

package/dist/types/src/quarantine/workflow.d.ts

@@ -1,97 +0,0 @@
-/**
- * Quarantine workflow — core API for the quarantine/review/resolve lifecycle.
- *
- * Usage (Node.js):
- *
- * ```ts
- * import { scanBytes } from 'pompelmi';
- * import { QuarantineManager, FilesystemQuarantineStorage } from 'pompelmi/quarantine';
- *
- * const quarantine = new QuarantineManager({
- *   storage: new FilesystemQuarantineStorage({ dir: './quarantine' }),
- * });
- *
- * const report = await scanBytes(fileBytes, { ctx: { filename: file.name } });
- *
- * if (report.verdict !== 'clean') {
- *   const entry = await quarantine.quarantine(fileBytes, report, {
- *     originalName: file.name,
- *     sizeBytes: fileBytes.length,
- *     uploadedBy: req.user?.id,
- *   });
- *   console.log('Quarantined:', entry.id);
- * }
- * ```
- *
- * @module quarantine/workflow
- */
-import type { ScanReport } from "../types";
-import type { QuarantineStorage } from "./storage";
-import type { QuarantinedFileInfo, QuarantineEntry, QuarantineFilter, QuarantineReport, QuarantineReview } from "./types";
-export interface QuarantineManagerOptions {
-    /** Storage adapter — use `FilesystemQuarantineStorage` for local deployments. */
-    storage: QuarantineStorage;
-    /**
-     * If true, files with a 'suspicious' verdict are also quarantined.
-     * Default: true.
-     */
-    quarantineSuspicious?: boolean;
-    /**
-     * If true, files with a 'malicious' verdict are also quarantined.
-     * Default: true.
-     */
-    quarantineMalicious?: boolean;
-}
-/**
- * Manages the full lifecycle of quarantined files:
- *   scan → quarantine → review → promote | delete
- */
-export declare class QuarantineManager {
-    private readonly storage;
-    private readonly quarantineSuspicious;
-    private readonly quarantineMalicious;
-    constructor(options: QuarantineManagerOptions);
-    /**
-     * Determine whether a scan report should trigger quarantine per the
-     * configured policy.
-     */
-    shouldQuarantine(report: ScanReport): boolean;
-    /**
-     * Quarantine a file: save the bytes in storage, create the metadata entry,
-     * and return the entry.
-     *
-     * @param bytes     Raw file bytes.
-     * @param report    The scan report that triggered quarantine.
-     * @param fileInfo  Partial metadata; `sha256` is derived from `bytes` if omitted.
-     */
-    quarantine(bytes: Uint8Array, report: ScanReport, fileInfo: Omit<QuarantinedFileInfo, "sha256"> & {
-        sha256?: string;
-    }): Promise<QuarantineEntry>;
-    /**
-     * Mark an entry as being actively reviewed.
-     */
-    startReview(id: string, reviewedBy?: string): Promise<QuarantineEntry>;
-    /**
-     * Resolve a quarantine entry with a final decision.
-     *
-     * - `promote`: the file is cleared — bytes remain in storage for the caller
-     *   to move to its final destination.
-     * - `delete`: the bytes are permanently removed from quarantine storage.
-     */
-    resolve(id: string, review: QuarantineReview): Promise<QuarantineEntry>;
-    /**
-     * Retrieve the raw bytes of a promoted file so the caller can move it to
-     * permanent storage.  Returns `null` if the entry is not found or has been
-     * deleted.
-     */
-    getFile(id: string): Promise<Uint8Array | null>;
-    getEntry(id: string): Promise<QuarantineEntry | null>;
-    listEntries(filter?: QuarantineFilter): Promise<QuarantineEntry[]>;
-    listPending(): Promise<QuarantineEntry[]>;
-    countEntries(filter?: QuarantineFilter): Promise<number>;
-    /**
-     * Generate a structured JSON report of all quarantine entries matching the
-     * filter — suitable for audit logs and dashboards.
-     */
-    report(filter?: QuarantineFilter): Promise<QuarantineReport>;
-}

package/dist/types/src/react-index.d.ts

@@ -1,13 +0,0 @@
-/**
- * src/react-index.ts — React entry point for Pompelmi.
- *
- * Re-exports the full browser-safe Pompelmi API plus the React hook.
- * Import from 'pompelmi/react'.
- *
- * Peer dependency: react ^18 || ^19
- *
- * @example
- * import { useFileScanner } from 'pompelmi/react';
- */
-export * from "./browser-index";
-export { useFileScanner } from "./useFileScanner";

package/dist/types/src/risk.d.ts

@@ -1,18 +0,0 @@
-export type Severity = "clean" | "suspicious" | "malicious";
-export type Match = {
-    rule: string;
-    meta?: Record<string, any>;
-};
-export type Verdict = {
-    severity: Severity;
-    reasons: string[];
-    matches: Match[];
-    mime?: string;
-};
-export type Policy = {
-    includeExtensions: string[];
-    allowedMimeTypes: string[];
-    maxFileSizeBytes: number;
-    denyScriptableSvg?: boolean;
-};
-export declare function prefilter(bytes: Uint8Array, origName: string, policy: Policy): Verdict;

package/dist/types/src/scan/remote.d.ts

@@ -1,12 +0,0 @@
-import type { YaraMatch } from "../yara/index";
-import type { RemoteEngineOptions } from "../yara/remote";
-export interface RemoteScanResult {
-    file: File;
-    matches: YaraMatch[];
-    error?: string;
-}
-/**
- * Scansiona una lista di File nel browser usando il motore remoto via HTTP.
- * Non richiede WASM né dipendenze native sul client.
- */
-export declare function scanFilesWithRemoteYara(files: File[], rulesSource: string, remote: RemoteEngineOptions): Promise<RemoteScanResult[]>;