react-native-security-suite 0.9.22 → 1.0.0-rc.1

package/lib/typescript/module/src/index.d.ts

@@ -1,4 +1,49 @@
+import { type CryptoOptions } from './legacy/cryptoOptions';
+import { type GenerateJWSOptions, type JwsFetchOptions } from './jws';
 export * from './SecureView';
+export type { GenerateJWSOptions, JwsAlgorithm, JwsFetchOptions, JwsHeaderValue, JwsHeaders, JwsPayload, } from './jws';
+export type { CryptoOptions, KeyAgreementAlgorithm, KeyType, EncryptionKeyAlgorithm, HmacAlgorithm, CipherAlgorithm, } from './legacy/cryptoOptions';
+export { SecurityError, SecurityErrorCode, mapNativeError, isSecurityError } from './errors';
+export { DeviceSecurity } from './device';
+export { RuntimeSecurity } from './runtime';
+export { AppIntegrity } from './integrity';
+export { Crypto } from './crypto';
+export { SecuritySuite } from './securitySuite';
+export type { RuntimeThreatReport, AppIntegrityReport, DeviceEnvironment, DeviceSecurityReport, SecurityReport, RiskLevel, BuildType, } from './types/detection';
+/** @deprecated Use `JwsHeaders` (optional `Record<string, JwsHeaderValue>`) instead. */
+export interface LegacyJwsHeaders {
+    kid: string;
+    request_id: string;
+    [key: string]: string;
+}
+export interface SslPinningOptions {
+    /** Base64-encoded SPKI SHA-256 hashes (with or without `sha256/` prefix). */
+    certificates: string[];
+    /** Allowed hostnames. Request host must match one of these before pinning is evaluated. */
+    validDomains: string[];
+}
+interface Header {
+    [key: string]: string;
+}
+export interface Options {
+    body?: string | object;
+    headers: Header;
+    method?: 'DELETE' | 'GET' | 'POST' | 'PUT' | 'PATCH';
+    timeout?: number;
+    /** SSL pinning configuration. Both certificates and validDomains are required together. */
+    certificates?: string[];
+    validDomains?: string[];
+    /** @deprecated Use `jws` instead. */
+    keyId?: string;
+    /** @deprecated Use `jws` instead. */
+    requestId?: string;
+    /**
+     * @deprecated Legacy signing secret. Use `jws.secret` instead.
+     */
+    secret?: string;
+    /** JWS request-signing configuration. */
+    jws?: JwsFetchOptions;
+}
 interface Response {
     status: number;
     url: string;
@@ -19,17 +64,6 @@ export interface ErrorResponse extends Response {
     message: string;
     code: string;
 }
-interface Header {
-    [key: string]: string;
-}
-export interface Options {
-    body?: string | object;
-    headers: Header;
-    method?: 'DELETE' | 'GET' | 'POST' | 'PUT';
-    certificates?: string[];
-    validDomains?: string[];
-    timeout?: number;
-}
 export interface FetchEventResponse {
     url: string;
     options: Options;
@@ -47,27 +81,46 @@ export interface FetchEventResponse {
         duration: string;
     };
 }
-declare const SecuritySuite: any;
+declare const NativeSecuritySuiteModule: any;
 export declare const getPublicKey: () => Promise<string>;
-export declare const getSharedKey: (serverPublicKey: string) => Promise<string>;
-export declare const encryptBySharedKey: (input: string) => Promise<string>;
-export declare const decryptBySharedKey: (input: string) => any;
+/**
+ * @deprecated Prefer `Crypto.establishSharedKey()` which keeps the derived key in native memory.
+ */
+export declare const getSharedKey: (serverPublicKey: string, options?: CryptoOptions) => Promise<string>;
+export declare const encryptBySharedKey: (input: string, options?: CryptoOptions) => Promise<string>;
+export declare const decryptBySharedKey: (input: string, options?: CryptoOptions) => Promise<string>;
+export declare const generateJWS: (options: GenerateJWSOptions) => Promise<string>;
+/**
+ * Local obfuscation only — NOT secure encryption. Requires an explicit secret.
+ * Never use for credentials, tokens, or PII at rest.
+ */
+export declare const obfuscate: (input: string, secret: string) => Promise<string>;
+export declare const deobfuscate: (input: string, secret: string) => Promise<string>;
 export declare const getDeviceId: () => Promise<string>;
-export declare const encrypt: (input: string, hardEncryption?: boolean, secretKey?: null) => Promise<string>;
-export declare const decrypt: (input: string, hardEncryption?: boolean, secretKey?: null) => Promise<string>;
+/**
+ * @deprecated Use `obfuscate()` with an explicit secret, or `SecureStorage` for at-rest data.
+ */
+export declare const encrypt: (input: string, hardEncryption?: boolean, secretKey?: string | null) => Promise<string>;
+/**
+ * @deprecated Use `deobfuscate()` with an explicit secret, or `SecureStorage` for at-rest data.
+ */
+export declare const decrypt: (input: string, hardEncryption?: boolean, secretKey?: string | null) => Promise<string>;
+/** Hardware-backed encrypted storage (Keychain on iOS, EncryptedSharedPreferences on Android). */
 export declare const SecureStorage: {
     setItem: (key: string, value: string) => Promise<void>;
     getItem: (key: string) => Promise<string | null>;
-    mergeItem: (key: string, value: string) => Promise<void>;
     removeItem: (key: string) => Promise<void>;
-    getAllKeys: () => Promise<readonly string[]>;
-    multiSet: (keyValuePairs: Array<Array<string>>) => Promise<void>;
-    multiGet: (keys: Array<string>) => Promise<readonly [string, string | null][]>;
-    multiMerge: (keyValuePairs: Array<Array<string>>) => Promise<void>;
-    multiRemove: (keys: Array<string>) => Promise<void>;
+    getAllKeys: () => Promise<string[]>;
     clear: () => Promise<void>;
+    multiSet: (keyValuePairs: Array<[string, string]>) => Promise<void>;
+    multiGet: (keys: string[]) => Promise<readonly [string, string | null][]>;
+    multiRemove: (keys: string[]) => Promise<void>;
+    /** @deprecated Use multiSet instead. */
+    mergeItem: (key: string, value: string) => Promise<void>;
+    /** @deprecated Use multiSet instead. */
+    multiMerge: (keyValuePairs: Array<[string, string]>) => Promise<void>;
 };
 export declare function fetch(url: string, options: Options, loggerIsEnabled?: boolean): Promise<SuccessResponse | ErrorResponse>;
 export declare function deviceHasSecurityRisk(): Promise<boolean>;
-export default SecuritySuite;
+export default NativeSecuritySuiteModule;
 //# sourceMappingURL=index.d.ts.map

package/lib/typescript/module/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/index.tsx"],"names":[],"mappings":"AAIA,cAAc,cAAc,CAAC;AAK7B,UAAU,QAAQ;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,OAAO,CAAC;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAgB,SAAQ,QAAQ;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,aAAc,SAAQ,QAAQ;IAC7C,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,UAAU,MAAM;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,CAAC;IAC3C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE;QACR,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,OAAO,CAAC;YAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;SAAE,CAAC,CAAC;QAC5C,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAQD,QAAA,MAAM,aAAa,KASd,CAAC;AAEN,eAAO,MAAM,YAAY,QAAO,OAAO,CAAC,MAAM,CAAiC,CAAC;AAEhF,eAAO,MAAM,YAAY,oBAAqB,MAAM,KAAG,OAAO,CAAC,MAAM,CACxB,CAAC;AAE9C,eAAO,MAAM,kBAAkB,UAAW,MAAM,KAAG,OAAO,CAAC,MAAM,CACO,CAAC;AAEzE,eAAO,MAAM,kBAAkB,UAAW,MAAM,QACwB,CAAC;AAEzE,eAAO,MAAM,WAAW,QAAO,OAAO,CAAC,MAAM,CAMzC,CAAC;AAEL,eAAO,MAAM,OAAO,UACX,MAAM,iDAGZ,OAAO,CAAC,MAAM,CAab,CAAC;AAEL,eAAO,MAAM,OAAO,UACX,MAAM,iDAGZ,OAAO,CAAC,MAAM,CAab,CAAC;AAEL,eAAO,MAAM,aAAa;mBACH,MAAM,SAAS,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;mBASrC,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;qBAU7B,MAAM,SAAS,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;sBAepC,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;sBAQxB,OAAO,CAAC,SAAS,MAAM,EAAE,CAAC;8BAchB,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,KAAG,OAAO,CAAC,IAAI,CAAC;qBAmB5D,KAAK,CAAC,MAAM,CAAC,KAClB,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;gCAuBZ,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,KAAG,OAAO,CAAC,IAAI,CAAC;wBAqB5C,KAAK,CAAC,MAAM,CAAC,KAAG,OAAO,CAAC,IAAI,CAAC;iBAatC,OAAO,CAAC,IAAI,CAAC;CAO/B,CAAC;AAEF,wBAAgB,KAAK,CACnB,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,OAAO,EAChB,eAAe,UAAQ,GACtB,OAAO,CAAC,eAAe,GAAG,aAAa,CAAC,CA4B1C;AAED,wBAAgB,qBAAqB,IAAI,OAAO,CAAC,OAAO,CAAC,CAExD;AAED,eAAe,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/index.tsx"],"names":[],"mappings":"AAEA,OAAO,EAEL,KAAK,aAAa,EACnB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAGL,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACrB,MAAM,OAAO,CAAC;AAEf,cAAc,cAAc,CAAC;AAC7B,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,cAAc,EACd,UAAU,EACV,UAAU,GACX,MAAM,OAAO,CAAC;AAEf,YAAY,EACV,aAAa,EACb,qBAAqB,EACrB,OAAO,EACP,sBAAsB,EACtB,aAAa,EACb,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC7F,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,YAAY,EACV,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,EACpB,cAAc,EACd,SAAS,EACT,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B,wFAAwF;AACxF,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,6EAA6E;IAC7E,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,2FAA2F;IAC3F,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,UAAU,MAAM;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,CAAC;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2FAA2F;IAC3F,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,GAAG,CAAC,EAAE,eAAe,CAAC;CACvB;AAED,UAAU,QAAQ;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,OAAO,CAAC;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAgB,SAAQ,QAAQ;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,aAAc,SAAQ,QAAQ;IAC7C,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE;QACR,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,OAAO,CAAC;YAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;SAAE,CAAC,CAAC;QAC5C,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAQD,QAAA,MAAM,yBAAyB,KAS1B,CAAC;AAEN,eAAO,MAAM,YAAY,QAAO,OAAO,CAAC,MAAM,CACJ,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,YAAY,GACvB,iBAAiB,MAAM,EACvB,UAAU,aAAa,KACtB,OAAO,CAAC,MAAM,CACwE,CAAC;AAE1F,eAAO,MAAM,kBAAkB,GAC7B,OAAO,MAAM,EACb,UAAU,aAAa,KACtB,OAAO,CAAC,MAAM,CAKhB,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAC7B,OAAO,MAAM,EACb,UAAU,aAAa,KACtB,OAAO,CAAC,MAAM,CAKhB,CAAC;AAEF,eAAO,MAAM,WAAW,GAAI,SAAS,kBAAkB,KAAG,OAAO,CAAC,MAAM,CAGvE,CAAC;AAuBF;;;GAGG;AACH,eAAO,MAAM,SAAS,GAAI,OAAO,MAAM,EAAE,QAAQ,MAAM,KAAG,OAAO,CAAC,MAAM,CACpB,CAAC;AAErD,eAAO,MAAM,WAAW,GAAI,OAAO,MAAM,EAAE,QAAQ,MAAM,KAAG,OAAO,CAAC,MAAM,CACpB,CAAC;AAEvD,eAAO,MAAM,WAAW,QAAO,OAAO,CAAC,MAAM,CAOzC,CAAC;AAEL;;GAEG;AACH,eAAO,MAAM,OAAO,GAClB,OAAO,MAAM,EACb,wBAAqB,EACrB,YAAW,MAAM,GAAG,IAAW,KAC9B,OAAO,CAAC,MAAM,CAwBb,CAAC;AAEL;;GAEG;AACH,eAAO,MAAM,OAAO,GAClB,OAAO,MAAM,EACb,wBAAqB,EACrB,YAAW,MAAM,GAAG,IAAW,KAC9B,OAAO,CAAC,MAAM,CAwBb,CAAC;AAgBL,kGAAkG;AAClG,eAAO,MAAM,aAAa;mBACT,MAAM,SAAS,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;mBAMrC,MAAM,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;sBAM5B,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;sBAMxB,OAAO,CAAC,MAAM,EAAE,CAAC;iBAMtB,OAAO,CAAC,IAAI,CAAC;8BAGQ,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,KAAG,OAAO,CAAC,IAAI,CAAC;qBAO/D,MAAM,EAAE,KACb,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;wBAQpB,MAAM,EAAE,KAAG,OAAO,CAAC,IAAI,CAAC;IAIlD,wCAAwC;qBACjB,MAAM,SAAS,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;IAiB5D,wCAAwC;gCACN,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,KAAG,OAAO,CAAC,IAAI,CAAC;CAK1E,CAAC;AAEF,wBAAgB,KAAK,CACnB,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,OAAO,EAChB,eAAe,UAAU,GACxB,OAAO,CAAC,eAAe,GAAG,aAAa,CAAC,CA8B1C;AAED,wBAAgB,qBAAqB,IAAI,OAAO,CAAC,OAAO,CAAC,CAExD;AAED,eAAe,yBAAyB,CAAC"}

package/lib/typescript/module/src/integrity/index.d.ts

@@ -0,0 +1,6 @@
+import type { AppIntegrityReport, BuildType } from '../types/detection';
+export declare const AppIntegrity: {
+    verify(): Promise<AppIntegrityReport>;
+};
+export type { AppIntegrityReport, BuildType };
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/module/src/integrity/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/integrity/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAoCxE,eAAO,MAAM,YAAY;cACb,OAAO,CAAC,kBAAkB,CAAC;CAKtC,CAAC;AAEF,YAAY,EAAE,kBAAkB,EAAE,SAAS,EAAE,CAAC"}

package/lib/typescript/module/src/jws.d.ts

@@ -0,0 +1,44 @@
+export type JwsAlgorithm = 'HS256' | 'HS384' | 'HS512';
+export type JwsPayload = string | Record<string, unknown> | unknown[] | number | boolean | null | undefined;
+export type JwsHeaderValue = string | number | boolean | null;
+export type JwsHeaders = Record<string, JwsHeaderValue>;
+export interface GenerateJWSOptions {
+    payload?: JwsPayload;
+    algorithm?: JwsAlgorithm;
+    headers?: JwsHeaders;
+    secret: string;
+}
+export interface JwsFetchOptions {
+    algorithm?: JwsAlgorithm;
+    headers?: JwsHeaders;
+    secret: string;
+    payload?: JwsPayload;
+    detached?: boolean;
+    headerName?: string;
+}
+export declare function isEmptyJwsPayload(payload: JwsPayload | undefined): boolean;
+/**
+ * Normalizes a JWS payload to the exact UTF-8 string used for signing.
+ * Empty payload cases return an empty string (never "null" or "undefined").
+ */
+export declare function normalizeJwsPayload(payload: JwsPayload | undefined): string;
+export declare function validateJwsAlgorithm(algorithm: string | undefined): JwsAlgorithm;
+export declare function validateJwsSecret(secret: unknown): string;
+export declare function validateJwsHeaderKey(key: string): void;
+export declare function validateJwsHeaderValue(key: string, value: unknown): JwsHeaderValue;
+export declare function validateJwsHeaders(headers: unknown): JwsHeaders;
+/**
+ * Resolves the JWS algorithm from options and/or protected headers.
+ */
+export declare function resolveJwsAlgorithm(algorithm: JwsAlgorithm | undefined, headers: JwsHeaders): JwsAlgorithm;
+export interface NativeGenerateJWSOptions {
+    payload: string;
+    algorithm: JwsAlgorithm;
+    secret: string;
+    headers: JwsHeaders;
+    detached: boolean;
+}
+export declare function toNativeGenerateJWSOptions(options: GenerateJWSOptions, detached?: boolean): NativeGenerateJWSOptions;
+export declare function toNativeJwsFetchOptions(jws: JwsFetchOptions): NativeGenerateJWSOptions;
+export declare function assertCompactJwsShape(jws: string): void;
+//# sourceMappingURL=jws.d.ts.map

package/lib/typescript/module/src/jws.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jws.d.ts","sourceRoot":"","sources":["../../../../src/jws.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;AAEvD,MAAM,MAAM,UAAU,GAClB,MAAM,GACN,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACvB,OAAO,EAAE,GACT,MAAM,GACN,OAAO,GACP,IAAI,GACJ,SAAS,CAAC;AAEd,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC;AAE9D,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AAUxD,MAAM,WAAW,kBAAkB;IACjC,OAAO,CAAC,EAAE,UAAU,CAAC;IACrB,SAAS,CAAC,EAAE,YAAY,CAAC;IACzB,OAAO,CAAC,EAAE,UAAU,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,EAAE,YAAY,CAAC;IACzB,OAAO,CAAC,EAAE,UAAU,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,UAAU,CAAC;IACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,UAAU,GAAG,SAAS,GAAG,OAAO,CAM1E;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,UAAU,GAAG,SAAS,GAAG,MAAM,CAc3E;AAED,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,YAAY,CAQd;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,CAKzD;AAED,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAItD;AAED,wBAAgB,sBAAsB,CACpC,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,OAAO,GACb,cAAc,CAqBhB;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,OAAO,GAAG,UAAU,CAc/D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,YAAY,GAAG,SAAS,EACnC,OAAO,EAAE,UAAU,GAClB,YAAY,CAqBd;AAED,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,YAAY,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,UAAU,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,kBAAkB,EAC3B,QAAQ,UAAQ,GACf,wBAAwB,CAa1B;AAED,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,eAAe,GACnB,wBAAwB,CAY1B;AAED,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAOvD"}

package/lib/typescript/module/src/legacy/cryptoOptions.d.ts

@@ -0,0 +1,35 @@
+/** Shared crypto option types used by legacy exports and the Crypto namespace. */
+export type KeyAgreementAlgorithm = 'X25519' | 'ECDH' | (string & {});
+export type KeyType = 'OKP' | 'EC' | (string & {});
+export type EncryptionKeyAlgorithm = 'AES-256' | 'AES' | (string & {});
+export type HmacAlgorithm = 'HMAC-SHA-256' | 'HMAC-SHA-384' | 'HMAC-SHA-512' | 'HmacSHA256' | 'HmacSHA384' | 'HmacSHA512' | (string & {});
+export type CipherAlgorithm = 'AES-GCM' | 'AES/GCM/NoPadding' | (string & {});
+export interface CryptoOptions {
+    keyAgreementAlgorithm?: KeyAgreementAlgorithm;
+    keyType?: KeyType;
+    encryptionKeyAlgorithm?: EncryptionKeyAlgorithm;
+    hmacAlgorithm?: HmacAlgorithm;
+    cipher?: CipherAlgorithm;
+    tagLength?: number;
+    ivLength?: number;
+    /** @deprecated Use `keyType` instead. */
+    keyFactoryAlgorithm?: KeyType;
+    /** @deprecated Use `hmacAlgorithm` instead. */
+    hmacKeyAlgorithm?: HmacAlgorithm;
+    /** @deprecated Use `cipher` instead. */
+    cipherTransformation?: CipherAlgorithm;
+    /** @deprecated Use `tagLength` instead. */
+    gcmTagLength?: number;
+    /** @deprecated Use `ivLength` instead. */
+    gcmIvLength?: number;
+}
+export declare function toNativeCryptoOptions(options?: CryptoOptions | null): {
+    keyAgreementAlgorithm: KeyAgreementAlgorithm;
+    keyFactoryAlgorithm: KeyType;
+    encryptionKeyAlgorithm: EncryptionKeyAlgorithm;
+    hmacKeyAlgorithm: HmacAlgorithm;
+    cipherTransformation: CipherAlgorithm;
+    gcmTagLength: number;
+    gcmIvLength: number;
+};
+//# sourceMappingURL=cryptoOptions.d.ts.map

package/lib/typescript/module/src/legacy/cryptoOptions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cryptoOptions.d.ts","sourceRoot":"","sources":["../../../../../src/legacy/cryptoOptions.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAEtE,MAAM,MAAM,OAAO,GAAG,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAEnD,MAAM,MAAM,sBAAsB,GAAG,SAAS,GAAG,KAAK,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAEvE,MAAM,MAAM,aAAa,GACrB,cAAc,GACd,cAAc,GACd,cAAc,GACd,YAAY,GACZ,YAAY,GACZ,YAAY,GACZ,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,mBAAmB,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAE9E,MAAM,WAAW,aAAa;IAC5B,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;IAChD,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,MAAM,CAAC,EAAE,eAAe,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE,aAAa,CAAC;IACjC,wCAAwC;IACxC,oBAAoB,CAAC,EAAE,eAAe,CAAC;IACvC,2CAA2C;IAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,qBAAqB,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,IAAI;;;;;;;;EAUnE"}

package/lib/typescript/module/src/native/bridge.d.ts

@@ -0,0 +1,12 @@
+export interface SecuritySuiteNativeModule {
+    getPublicKey(): Promise<string>;
+    getSharedKey(serverPK: string, options: Record<string, unknown>): Promise<string>;
+    establishSharedKey?(serverPK: string, options: Record<string, unknown>): Promise<void>;
+    runtimeDetect(): Promise<Record<string, unknown>>;
+    appIntegrityVerify(): Promise<Record<string, unknown>>;
+    deviceGetEnvironment(): Promise<Record<string, unknown>>;
+    deviceHasSecurityRisk(): Promise<boolean>;
+    [key: string]: unknown;
+}
+export declare function getNativeModule(): SecuritySuiteNativeModule;
+//# sourceMappingURL=bridge.d.ts.map

package/lib/typescript/module/src/native/bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bridge.d.ts","sourceRoot":"","sources":["../../../../../src/native/bridge.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,yBAAyB;IACxC,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClF,kBAAkB,CAAC,CACjB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAClD,kBAAkB,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACvD,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACzD,qBAAqB,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,wBAAgB,eAAe,IAAI,yBAAyB,CAc3D"}

package/lib/typescript/module/src/network/index.d.ts

@@ -0,0 +1,2 @@
+/** Phase 2+ namespace placeholder — fetch remains on legacy export for v0.9 compat. */
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/module/src/network/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/network/index.ts"],"names":[],"mappings":"AAAA,uFAAuF"}

package/lib/typescript/module/src/risk/score.d.ts

@@ -0,0 +1,12 @@
+import type { AppIntegrityReport, DeviceEnvironment, RiskLevel, RuntimeThreatReport } from '../types/detection';
+export declare function computeRiskScore(input: {
+    isRooted: boolean;
+    isJailbroken: boolean;
+    runtime: RuntimeThreatReport;
+    app: AppIntegrityReport;
+    environment: DeviceEnvironment;
+}): {
+    riskScore: number;
+    riskLevel: RiskLevel;
+};
+//# sourceMappingURL=score.d.ts.map

package/lib/typescript/module/src/risk/score.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"score.d.ts","sourceRoot":"","sources":["../../../../../src/risk/score.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,mBAAmB,EACpB,MAAM,oBAAoB,CAAC;AAE5B,wBAAgB,gBAAgB,CAAC,KAAK,EAAE;IACtC,QAAQ,EAAE,OAAO,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;IACtB,OAAO,EAAE,mBAAmB,CAAC;IAC7B,GAAG,EAAE,kBAAkB,CAAC;IACxB,WAAW,EAAE,iBAAiB,CAAC;CAChC,GAAG;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,SAAS,CAAA;CAAE,CAmC9C"}

package/lib/typescript/module/src/runtime/index.d.ts

@@ -0,0 +1,6 @@
+import type { RuntimeThreatReport } from '../types/detection';
+export declare const RuntimeSecurity: {
+    detect(): Promise<RuntimeThreatReport>;
+};
+export type { RuntimeThreatReport };
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/module/src/runtime/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/runtime/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAiC9D,eAAO,MAAM,eAAe;cAChB,OAAO,CAAC,mBAAmB,CAAC;CAKvC,CAAC;AAEF,YAAY,EAAE,mBAAmB,EAAE,CAAC"}

package/lib/typescript/module/src/screen/index.d.ts

@@ -0,0 +1,3 @@
+/** Phase 2+ namespace placeholder — SecureView remains on legacy export for v0.9 compat. */
+export { SecureView } from '../SecureView';
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/module/src/screen/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/screen/index.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC"}

package/lib/typescript/module/src/securitySuite/index.d.ts

@@ -0,0 +1,6 @@
+import type { SecurityReport } from '../types/detection';
+export declare const SecuritySuite: {
+    getSecurityReport(): Promise<SecurityReport>;
+};
+export type { SecurityReport };
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/module/src/securitySuite/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/securitySuite/index.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEzD,eAAO,MAAM,aAAa;yBACG,OAAO,CAAC,cAAc,CAAC;CAiCnD,CAAC;AAEF,YAAY,EAAE,cAAc,EAAE,CAAC"}

package/lib/typescript/module/src/storage/index.d.ts

@@ -0,0 +1,2 @@
+/** Phase 2+ namespace placeholder — SecureStorage remains on the legacy export for v0.9 compat. */
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/module/src/storage/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/storage/index.ts"],"names":[],"mappings":"AAAA,mGAAmG"}

package/lib/typescript/module/src/types/detection.d.ts

@@ -0,0 +1,41 @@
+export interface RuntimeThreatReport {
+    debuggerAttached: boolean;
+    fridaDetected: boolean;
+    xposedDetected?: boolean;
+    substrateDetected?: boolean;
+    magiskDetected?: boolean;
+    suspiciousLibraries: string[];
+    suspiciousPorts: number[];
+}
+export type BuildType = 'debug' | 'release' | 'testflight';
+export interface AppIntegrityReport {
+    validSignature: boolean;
+    installerTrusted?: boolean;
+    debuggable: boolean;
+    tampered: boolean;
+    buildType: BuildType;
+    signingCertificateSha256?: string;
+    installerPackage?: string | null;
+    bundleIdentifier?: string;
+}
+export interface DeviceEnvironment {
+    isEmulator: boolean;
+    isSimulator: boolean;
+    indicators: string[];
+}
+export interface DeviceSecurityReport {
+    isRooted: boolean;
+    isJailbroken: boolean;
+    isEmulator: boolean;
+    isSimulator: boolean;
+    environmentIndicators: string[];
+}
+export type RiskLevel = 'low' | 'medium' | 'high';
+export interface SecurityReport {
+    device: DeviceSecurityReport;
+    runtime: RuntimeThreatReport;
+    app: AppIntegrityReport;
+    riskScore: number;
+    riskLevel: RiskLevel;
+}
+//# sourceMappingURL=detection.d.ts.map

package/lib/typescript/module/src/types/detection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detection.d.ts","sourceRoot":"","sources":["../../../../../src/types/detection.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,SAAS,GAAG,YAAY,CAAC;AAE3D,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,SAAS,CAAC;IACrB,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,OAAO,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;IACtB,UAAU,EAAE,OAAO,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC;AAED,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAElD,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,oBAAoB,CAAC;IAC7B,OAAO,EAAE,mBAAmB,CAAC;IAC7B,GAAG,EAAE,kBAAkB,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,SAAS,CAAC;CACtB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-security-suite",
-  "version": "0.9.22",
+  "version": "1.0.0-rc.1",
   "description": "Comprehensive security suite for React Native apps - Root/Jailbreak detection, SSL pinning, encryption, secure storage, screenshot protection, and network monitoring",
   "source": "./src/index.tsx",
   "main": "./lib/commonjs/index.js",
@@ -106,15 +106,9 @@
     "@types/react": "^18.2.44"
   },
   "peerDependencies": {
-    "@react-native-async-storage/async-storage": "*",
     "react": "*",
     "react-native": "*"
   },
-  "peerDependenciesMeta": {
-    "@react-native-async-storage/async-storage": {
-      "optional": false
-    }
-  },
   "workspaces": [
     "example"
   ],
@@ -209,7 +203,5 @@
     "languages": "kotlin-swift",
     "version": "0.45.5"
   },
-  "dependencies": {
-    "@react-native-async-storage/async-storage": "^1.19.0"
-  }
+  "dependencies": {}
 }

package/src/clipboard/index.ts

@@ -0,0 +1 @@
+/** Phase 2+ namespace placeholder. */

package/src/crypto/index.ts

@@ -0,0 +1,49 @@
+import { getNativeModule } from '../native/bridge';
+import type { CryptoOptions } from '../legacy/cryptoOptions';
+
+function toNativeCryptoOptions(options?: CryptoOptions | null) {
+  return {
+    keyAgreementAlgorithm: options?.keyAgreementAlgorithm ?? 'X25519',
+    keyFactoryAlgorithm: options?.keyType ?? options?.keyFactoryAlgorithm ?? 'OKP',
+    encryptionKeyAlgorithm: options?.encryptionKeyAlgorithm ?? 'AES-256',
+    hmacKeyAlgorithm: options?.hmacAlgorithm ?? options?.hmacKeyAlgorithm ?? 'HMAC-SHA-512',
+    cipherTransformation: options?.cipher ?? options?.cipherTransformation ?? 'AES-GCM',
+    gcmTagLength: options?.tagLength ?? options?.gcmTagLength ?? 128,
+    gcmIvLength: options?.ivLength ?? options?.gcmIvLength ?? 12,
+  };
+}
+
+export interface EstablishSharedKeyOptions extends CryptoOptions {
+  /** @deprecated Prefer native-only flow; set true only for legacy compatibility. */
+  returnSharedKey?: boolean;
+}
+
+export const Crypto = {
+  getPublicKey(): Promise<string> {
+    return getNativeModule().getPublicKey();
+  },
+
+  /**
+   * Derives a shared encryption key natively without returning it to JavaScript.
+   * Call `encryptBySharedKey` / `decryptBySharedKey` afterward (legacy bridge methods).
+   */
+  establishSharedKey(
+    serverPublicKey: string,
+    options?: EstablishSharedKeyOptions
+  ): Promise<string | void> {
+    const native = getNativeModule();
+    const nativeOptions = toNativeCryptoOptions(options);
+
+    if (options?.returnSharedKey) {
+      return native.getSharedKey(serverPublicKey, nativeOptions);
+    }
+
+    if (typeof native.establishSharedKey === 'function') {
+      return native.establishSharedKey(serverPublicKey, nativeOptions);
+    }
+
+    return native.getSharedKey(serverPublicKey, nativeOptions).then(() => undefined);
+  },
+};
+
+export type { CryptoOptions } from '../legacy/cryptoOptions';

package/src/device/index.ts

@@ -0,0 +1,47 @@
+import { Platform } from 'react-native';
+
+import { getNativeModule } from '../native/bridge';
+import type { DeviceEnvironment } from '../types/detection';
+
+function parseEnvironment(raw: Record<string, unknown>): DeviceEnvironment {
+  return {
+    isEmulator: Boolean(raw.isEmulator),
+    isSimulator: Boolean(raw.isSimulator),
+    indicators: Array.isArray(raw.indicators)
+      ? raw.indicators.filter((item): item is string => typeof item === 'string')
+      : [],
+  };
+}
+
+export const DeviceSecurity = {
+  /** @deprecated Use `isCompromised()` or `SecuritySuite.getSecurityReport()`. */
+  hasSecurityRisk(): Promise<boolean> {
+    return getNativeModule().deviceHasSecurityRisk();
+  },
+
+  isCompromised(): Promise<boolean> {
+    return getNativeModule().deviceHasSecurityRisk();
+  },
+
+  isRooted(): Promise<boolean> {
+    if (Platform.OS !== 'android') {
+      return Promise.resolve(false);
+    }
+    return getNativeModule().deviceHasSecurityRisk();
+  },
+
+  isJailbroken(): Promise<boolean> {
+    if (Platform.OS !== 'ios') {
+      return Promise.resolve(false);
+    }
+    return getNativeModule().deviceHasSecurityRisk();
+  },
+
+  getEnvironment(): Promise<DeviceEnvironment> {
+    return getNativeModule()
+      .deviceGetEnvironment()
+      .then((result) => parseEnvironment(result));
+  },
+};
+
+export type { DeviceEnvironment };

package/src/errors.ts

@@ -0,0 +1,84 @@
+export enum SecurityErrorCode {
+  ROOT_DETECTED = 'ROOT_DETECTED',
+  JAILBREAK_DETECTED = 'JAILBREAK_DETECTED',
+  FRIDA_DETECTED = 'FRIDA_DETECTED',
+  DEBUGGER_DETECTED = 'DEBUGGER_DETECTED',
+  SSL_PINNING_FAILED = 'SSL_PINNING_FAILED',
+  SECURE_STORAGE_UNAVAILABLE = 'SECURE_STORAGE_UNAVAILABLE',
+  CRYPTO_KEY_NOT_FOUND = 'CRYPTO_KEY_NOT_FOUND',
+}
+
+const NATIVE_CODE_MAP: Record<string, SecurityErrorCode> = {
+  ROOT_DETECTED: SecurityErrorCode.ROOT_DETECTED,
+  JAILBREAK_DETECTED: SecurityErrorCode.JAILBREAK_DETECTED,
+  FRIDA_DETECTED: SecurityErrorCode.FRIDA_DETECTED,
+  DEBUGGER_DETECTED: SecurityErrorCode.DEBUGGER_DETECTED,
+  SSL_PINNING_FAILED: SecurityErrorCode.SSL_PINNING_FAILED,
+  SECURE_STORAGE_ERROR: SecurityErrorCode.SECURE_STORAGE_UNAVAILABLE,
+  SECURE_STORAGE_UNAVAILABLE: SecurityErrorCode.SECURE_STORAGE_UNAVAILABLE,
+  GET_SHARED_KEY_ERROR: SecurityErrorCode.CRYPTO_KEY_NOT_FOUND,
+  ENCRYPT_ERROR: SecurityErrorCode.CRYPTO_KEY_NOT_FOUND,
+  DECRYPT_ERROR: SecurityErrorCode.CRYPTO_KEY_NOT_FOUND,
+  CRYPTO_KEY_NOT_FOUND: SecurityErrorCode.CRYPTO_KEY_NOT_FOUND,
+};
+
+export class SecurityError extends Error {
+  readonly code: SecurityErrorCode;
+  readonly details?: Record<string, unknown>;
+
+  constructor(
+    code: SecurityErrorCode,
+    message: string,
+    details?: Record<string, unknown>
+  ) {
+    super(message);
+    this.name = 'SecurityError';
+    this.code = code;
+    this.details = details;
+  }
+}
+
+export function isSecurityError(error: unknown): error is SecurityError {
+  return error instanceof SecurityError;
+}
+
+export function mapNativeError(error: unknown): SecurityError | Error {
+  if (error instanceof SecurityError) {
+    return error;
+  }
+
+  const nativeError = error as {
+    code?: string;
+    message?: string;
+    userInfo?: Record<string, unknown>;
+  };
+
+  const code =
+    typeof nativeError?.code === 'string'
+      ? nativeError.code
+      : error instanceof Error && 'code' in error
+        ? String((error as Error & { code?: string }).code)
+        : undefined;
+
+  const message =
+    typeof nativeError?.message === 'string'
+      ? nativeError.message
+      : error instanceof Error
+        ? error.message
+        : typeof error === 'string'
+          ? error
+          : 'Unknown security error';
+
+  if (code && NATIVE_CODE_MAP[code]) {
+    return new SecurityError(NATIVE_CODE_MAP[code], message, {
+      nativeCode: code,
+      ...(nativeError?.userInfo ?? {}),
+    });
+  }
+
+  if (error instanceof Error) {
+    return error;
+  }
+
+  return new Error(message);
+}