rehydra 0.4.2 → 0.5.0

package/dist/cli/utils/errors.d.ts

@@ -0,0 +1,8 @@
+/**
+ * CLI-specific error with exit code
+ */
+export declare class CLIError extends Error {
+    readonly exitCode: number;
+    constructor(message: string, exitCode?: number);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/cli/utils/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,QAAS,SAAQ,KAAK;aAGf,QAAQ,EAAE,MAAM;gBADhC,OAAO,EAAE,MAAM,EACC,QAAQ,GAAE,MAAU;CAKvC"}

package/dist/cli/utils/errors.js

@@ -0,0 +1,12 @@
+/**
+ * CLI-specific error with exit code
+ */
+export class CLIError extends Error {
+    exitCode;
+    constructor(message, exitCode = 1) {
+        super(message);
+        this.exitCode = exitCode;
+        this.name = "CLIError";
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/cli/utils/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/cli/utils/errors.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAO,QAAS,SAAQ,KAAK;IAGf;IAFlB,YACE,OAAe,EACC,WAAmB,CAAC;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,aAAQ,GAAR,QAAQ,CAAY;QAGpC,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF"}

package/dist/cli/utils/format.d.ts

@@ -0,0 +1,14 @@
+import type { AnonymizationResult, AnonymizationStats, PIIType } from "../../types/index.js";
+export declare function formatText(result: AnonymizationResult): string;
+export declare function formatJson(result: AnonymizationResult): string;
+export declare function formatNdjson(result: AnonymizationResult): string;
+interface InspectEntity {
+    type: PIIType;
+    original: string;
+    start: number;
+    end: number;
+}
+export declare function formatInspect(originalText: string, entities: InspectEntity[]): string;
+export declare function formatStats(stats: AnonymizationStats): string;
+export {};
+//# sourceMappingURL=format.d.ts.map

package/dist/cli/utils/format.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"format.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/format.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,mBAAmB,EACnB,kBAAkB,EAClB,OAAO,EACR,MAAM,sBAAsB,CAAC;AAG9B,wBAAgB,UAAU,CAAC,MAAM,EAAE,mBAAmB,GAAG,MAAM,CAE9D;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,mBAAmB,GAAG,MAAM,CAiB9D;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,mBAAmB,GAAG,MAAM,CAoBhE;AAED,UAAU,aAAa;IACrB,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAED,wBAAgB,aAAa,CAC3B,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,aAAa,EAAE,GACxB,MAAM,CAYR;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,kBAAkB,GAAG,MAAM,CAa7D"}

package/dist/cli/utils/format.js

@@ -0,0 +1,63 @@
+import { bold, dim, piiTypeColor } from "./color.js";
+export function formatText(result) {
+    return result.anonymizedText;
+}
+export function formatJson(result) {
+    const output = {
+        anonymizedText: result.anonymizedText,
+        entities: result.entities.map((e) => ({
+            type: e.type,
+            id: e.id,
+            confidence: e.confidence,
+            source: e.source,
+            ...(e.semantic !== undefined ? { semantic: e.semantic } : {}),
+        })),
+        stats: {
+            totalEntities: result.stats.totalEntities,
+            countsByType: result.stats.countsByType,
+            processingTimeMs: result.stats.processingTimeMs,
+        },
+    };
+    return JSON.stringify(output, null, 2);
+}
+export function formatNdjson(result) {
+    const lines = result.entities.map((e) => JSON.stringify({
+        type: e.type,
+        id: e.id,
+        confidence: e.confidence,
+        source: e.source,
+        ...(e.semantic !== undefined ? { semantic: e.semantic } : {}),
+    }));
+    // Also include a summary line
+    lines.push(JSON.stringify({
+        _type: "summary",
+        anonymizedText: result.anonymizedText,
+        totalEntities: result.stats.totalEntities,
+        processingTimeMs: result.stats.processingTimeMs,
+    }));
+    return lines.join("\n");
+}
+export function formatInspect(originalText, entities) {
+    // Sort entities by position descending so replacements don't shift offsets
+    const sorted = [...entities].sort((a, b) => b.start - a.start);
+    let result = originalText;
+    for (const entity of sorted) {
+        const colorFn = piiTypeColor(entity.type);
+        const label = colorFn(`[${entity.type}: ${entity.original}]`);
+        result = result.slice(0, entity.start) + label + result.slice(entity.end);
+    }
+    return result;
+}
+export function formatStats(stats) {
+    const lines = [];
+    lines.push(`  ${bold("Found")} ${stats.totalEntities} PII ${stats.totalEntities === 1 ? "entity" : "entities"}:`);
+    for (const [type, count] of Object.entries(stats.countsByType)) {
+        if (count > 0) {
+            const colorFn = piiTypeColor(type);
+            lines.push(`    ${colorFn(type)}  ${count}`);
+        }
+    }
+    lines.push(dim(`  Processing time: ${stats.processingTimeMs}ms`));
+    return lines.join("\n");
+}
+//# sourceMappingURL=format.js.map

package/dist/cli/utils/format.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"format.js","sourceRoot":"","sources":["../../../src/cli/utils/format.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAErD,MAAM,UAAU,UAAU,CAAC,MAA2B;IACpD,OAAO,MAAM,CAAC,cAAc,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAA2B;IACpD,MAAM,MAAM,GAAG;QACb,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACpC,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,GAAG,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC9D,CAAC,CAAC;QACH,KAAK,EAAE;YACL,aAAa,EAAE,MAAM,CAAC,KAAK,CAAC,aAAa;YACzC,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,YAAY;YACvC,gBAAgB,EAAE,MAAM,CAAC,KAAK,CAAC,gBAAgB;SAChD;KACF,CAAC;IACF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,MAA2B;IACtD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACtC,IAAI,CAAC,SAAS,CAAC;QACb,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,GAAG,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAC,CACH,CAAC;IACF,8BAA8B;IAC9B,KAAK,CAAC,IAAI,CACR,IAAI,CAAC,SAAS,CAAC;QACb,KAAK,EAAE,SAAS;QAChB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,aAAa,EAAE,MAAM,CAAC,KAAK,CAAC,aAAa;QACzC,gBAAgB,EAAE,MAAM,CAAC,KAAK,CAAC,gBAAgB;KAChD,CAAC,CACH,CAAC;IACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AASD,MAAM,UAAU,aAAa,CAC3B,YAAoB,EACpB,QAAyB;IAEzB,2EAA2E;IAC3E,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAE/D,IAAI,MAAM,GAAG,YAAY,CAAC;IAC1B,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;QAC9D,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAyB;IACnD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CACR,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,aAAa,QAAQ,KAAK,CAAC,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,GAAG,CACtG,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;QAC/D,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,YAAY,CAAC,IAAe,CAAC,CAAC;YAC9C,KAAK,CAAC,IAAI,CAAC,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,sBAAsB,KAAK,CAAC,gBAAgB,IAAI,CAAC,CAAC,CAAC;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/cli/utils/io.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Read input from a file path or stdin.
+ * Throws CLIError if no file and stdin is a TTY (no piped data).
+ */
+export declare function readInput(filePath?: string): Promise<string>;
+/**
+ * Write output to a file path or stdout.
+ */
+export declare function writeOutput(data: string, filePath?: string): Promise<void>;
+//# sourceMappingURL=io.d.ts.map

package/dist/cli/utils/io.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"io.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/io.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,wBAAsB,SAAS,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAoBlE;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,IAAI,EAAE,MAAM,EACZ,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC,CAMf"}

package/dist/cli/utils/io.js

@@ -0,0 +1,37 @@
+import { readFile, writeFile } from "node:fs/promises";
+import { text } from "node:stream/consumers";
+import { CLIError } from "./errors.js";
+/**
+ * Read input from a file path or stdin.
+ * Throws CLIError if no file and stdin is a TTY (no piped data).
+ */
+export async function readInput(filePath) {
+    if (filePath !== undefined) {
+        try {
+            return await readFile(filePath, "utf-8");
+        }
+        catch (err) {
+            const code = err.code;
+            if (code === "ENOENT") {
+                throw new CLIError(`File not found: ${filePath}`);
+            }
+            throw new CLIError(`Failed to read file: ${filePath}`);
+        }
+    }
+    if (process.stdin.isTTY === true) {
+        throw new CLIError("No input: provide a file argument or pipe data via stdin");
+    }
+    return text(process.stdin);
+}
+/**
+ * Write output to a file path or stdout.
+ */
+export async function writeOutput(data, filePath) {
+    if (filePath !== undefined) {
+        await writeFile(filePath, data, "utf-8");
+    }
+    else {
+        process.stdout.write(data);
+    }
+}
+//# sourceMappingURL=io.js.map

package/dist/cli/utils/io.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"io.js","sourceRoot":"","sources":["../../../src/cli/utils/io.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,QAAiB;IAC/C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,OAAO,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;YACjD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtB,MAAM,IAAI,QAAQ,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YACpD,CAAC;YACD,MAAM,IAAI,QAAQ,CAAC,wBAAwB,QAAQ,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;QACjC,MAAM,IAAI,QAAQ,CAChB,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,IAAY,EACZ,QAAiB;IAEjB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC"}

package/dist/cli/utils/pii-map-file.d.ts

@@ -0,0 +1,14 @@
+import type { EncryptedPIIMap } from "../../types/index.js";
+export interface PIIMapFile {
+    version: 1;
+    createdAt: string;
+    key?: string;
+    piiMap: EncryptedPIIMap;
+    stats: {
+        totalEntities: number;
+        countsByType: Record<string, number>;
+    };
+}
+export declare function savePIIMapFile(path: string, data: PIIMapFile): Promise<void>;
+export declare function loadPIIMapFile(path: string): Promise<PIIMapFile>;
+//# sourceMappingURL=pii-map-file.d.ts.map

package/dist/cli/utils/pii-map-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii-map-file.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/pii-map-file.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAG5D,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,CAAC,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,eAAe,CAAC;IACxB,KAAK,EAAE;QACL,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACtC,CAAC;CACH;AAED,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,IAAI,CAAC,CAGf;AAED,wBAAsB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CA2BtE"}

package/dist/cli/utils/pii-map-file.js

@@ -0,0 +1,32 @@
+import { readFile, writeFile } from "node:fs/promises";
+import { CLIError } from "./errors.js";
+export async function savePIIMapFile(path, data) {
+    const json = JSON.stringify(data, null, 2) + "\n";
+    await writeFile(path, json, "utf-8");
+}
+export async function loadPIIMapFile(path) {
+    let raw;
+    try {
+        raw = await readFile(path, "utf-8");
+    }
+    catch (err) {
+        const code = err.code;
+        if (code === "ENOENT") {
+            throw new CLIError(`PII map file not found: ${path}`);
+        }
+        throw new CLIError(`Failed to read PII map file: ${path}`);
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        throw new CLIError(`Invalid JSON in PII map file: ${path}`);
+    }
+    const file = parsed;
+    if (file.version !== 1 || file.piiMap === undefined) {
+        throw new CLIError(`Invalid PII map file format: ${path}`);
+    }
+    return file;
+}
+//# sourceMappingURL=pii-map-file.js.map

package/dist/cli/utils/pii-map-file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii-map-file.js","sourceRoot":"","sources":["../../../src/cli/utils/pii-map-file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAEvD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAavC,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,IAAgB;IAEhB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IAClD,MAAM,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAY;IAC/C,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;QACjD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,MAAM,IAAI,QAAQ,CAAC,2BAA2B,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,IAAI,QAAQ,CAAC,gCAAgC,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,QAAQ,CAAC,iCAAiC,IAAI,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,IAAI,GAAG,MAAoB,CAAC;IAClC,IAAI,IAAI,CAAC,OAAO,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACpD,MAAM,IAAI,QAAQ,CAChB,gCAAgC,IAAI,EAAE,CACvC,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/cli/utils/progress.d.ts

@@ -0,0 +1,4 @@
+export declare function formatProgress(file: string, percent: number | null): string;
+export declare function writeProgress(line: string): void;
+export declare function clearProgress(): void;
+//# sourceMappingURL=progress.d.ts.map

package/dist/cli/utils/progress.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"progress.d.ts","sourceRoot":"","sources":["../../../src/cli/utils/progress.ts"],"names":[],"mappings":"AAEA,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,MAAM,CASR;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAIhD;AAED,wBAAgB,aAAa,IAAI,IAAI,CAIpC"}

package/dist/cli/utils/progress.js

@@ -0,0 +1,21 @@
+const BAR_WIDTH = 30;
+export function formatProgress(file, percent) {
+    if (percent === null) {
+        return `  Downloading ${file}...`;
+    }
+    const filled = Math.round((percent / 100) * BAR_WIDTH);
+    const empty = BAR_WIDTH - filled;
+    const bar = "\u2588".repeat(filled) + "\u2591".repeat(empty);
+    return `  ${file} [${bar}] ${percent.toFixed(0)}%`;
+}
+export function writeProgress(line) {
+    if (process.stderr.isTTY === true) {
+        process.stderr.write(`\r\x1b[K${line}`);
+    }
+}
+export function clearProgress() {
+    if (process.stderr.isTTY === true) {
+        process.stderr.write("\r\x1b[K");
+    }
+}
+//# sourceMappingURL=progress.js.map

package/dist/cli/utils/progress.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"progress.js","sourceRoot":"","sources":["../../../src/cli/utils/progress.ts"],"names":[],"mappings":"AAAA,MAAM,SAAS,GAAG,EAAE,CAAC;AAErB,MAAM,UAAU,cAAc,CAC5B,IAAY,EACZ,OAAsB;IAEtB,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO,iBAAiB,IAAI,KAAK,CAAC;IACpC,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,GAAG,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,SAAS,GAAG,MAAM,CAAC;IACjC,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7D,OAAO,KAAK,IAAI,KAAK,GAAG,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;QAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;QAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;AACH,CAAC"}

package/dist/storage/browser.d.ts

@@ -9,5 +9,5 @@ export type { PIIStorageProvider, PIIMapMetadata, StoredPIIMap, ListOptions, Ano
 export type { EncryptedPIIMap } from "../types/index.js";
 export { InMemoryPIIStorageProvider } from "./in-memory.js";
 export { IndexedDBPIIStorageProvider } from "./indexeddb.js";
-export { AnonymizerSessionImpl } from "./session.js";
+export { AnonymizerSessionImpl } from "./session-base.js";
 //# sourceMappingURL=browser.d.ts.map

package/dist/storage/browser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../src/storage/browser.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,kBAAkB,EAClB,cAAc,EACd,YAAY,EACZ,WAAW,EACX,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAGpB,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGzD,OAAO,EAAE,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,gBAAgB,CAAC;AAG7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../src/storage/browser.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,kBAAkB,EAClB,cAAc,EACd,YAAY,EACZ,WAAW,EACX,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAGpB,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGzD,OAAO,EAAE,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,gBAAgB,CAAC;AAG7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/storage/browser.js

@@ -8,6 +8,6 @@
 // Export browser-compatible implementations only
 export { InMemoryPIIStorageProvider } from "./in-memory.js";
 export { IndexedDBPIIStorageProvider } from "./indexeddb.js";
-// Export session implementation
-export { AnonymizerSessionImpl } from "./session.js";
+// Export session implementation (browser-safe, without streaming support)
+export { AnonymizerSessionImpl } from "./session-base.js";
 //# sourceMappingURL=browser.js.map

package/dist/storage/browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/storage/browser.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH,iDAAiD;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,gBAAgB,CAAC;AAE7D,gCAAgC;AAChC,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/storage/browser.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH,iDAAiD;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,2BAA2B,EAAE,MAAM,gBAAgB,CAAC;AAE7D,0EAA0E;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/storage/session-base.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Anonymizer Session Base Implementation
+ * Browser-safe session wrapper for automatic PII map storage.
+ * Does NOT include createStream() to avoid pulling in node:stream.
+ */
+import type { AnonymizationResult, AnonymizationPolicy } from "../types/index.js";
+import type { KeyProvider } from "../crypto/index.js";
+import type { RawPIIMap } from "../pipeline/tagger.js";
+import type { AnonymizerSession, PIIStorageProvider, StoredPIIMap } from "./types.js";
+/**
+ * Interface for the parent Anonymizer (to avoid circular dependency)
+ */
+export interface IAnonymizer {
+    anonymize(text: string, locale?: string, policy?: Partial<AnonymizationPolicy>, existingPiiMap?: RawPIIMap): Promise<AnonymizationResult>;
+}
+/**
+ * Session implementation that wraps an Anonymizer with automatic storage
+ */
+export declare class AnonymizerSessionImpl implements AnonymizerSession {
+    protected readonly anonymizer: IAnonymizer;
+    protected readonly storage: PIIStorageProvider;
+    protected readonly keyProvider: KeyProvider;
+    readonly sessionId: string;
+    constructor(anonymizer: IAnonymizer, sessionId: string, storage: PIIStorageProvider, keyProvider: KeyProvider);
+    anonymize(text: string, locale?: string, policy?: Partial<AnonymizationPolicy>): Promise<AnonymizationResult>;
+    rehydrate(text: string): Promise<string>;
+    load(): Promise<StoredPIIMap | null>;
+    delete(): Promise<boolean>;
+    exists(): Promise<boolean>;
+}
+//# sourceMappingURL=session-base.d.ts.map

package/dist/storage/session-base.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-base.d.ts","sourceRoot":"","sources":["../../src/storage/session-base.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,KAAK,EACV,iBAAiB,EACjB,kBAAkB,EAClB,YAAY,EACb,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,SAAS,CACP,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,EACrC,cAAc,CAAC,EAAE,SAAS,GACzB,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,qBAAa,qBAAsB,YAAW,iBAAiB;IAI3D,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW;IAE1C,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,kBAAkB;IAC9C,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW;IAN7C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;gBAGN,UAAU,EAAE,WAAW,EAC1C,SAAS,EAAE,MAAM,EACE,OAAO,EAAE,kBAAkB,EAC3B,WAAW,EAAE,WAAW;IAKvC,SAAS,CACb,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC;IAuFzB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkBxC,IAAI,IAAI,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIpC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;IAI1B,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;CAGjC"}

package/dist/storage/session-base.js

@@ -0,0 +1,112 @@
+/**
+ * Anonymizer Session Base Implementation
+ * Browser-safe session wrapper for automatic PII map storage.
+ * Does NOT include createStream() to avoid pulling in node:stream.
+ */
+import { decryptPIIMap, encryptPIIMap } from "../crypto/index.js";
+import { rehydrate as rehydrateText } from "../pipeline/tagger.js";
+/**
+ * Session implementation that wraps an Anonymizer with automatic storage
+ */
+export class AnonymizerSessionImpl {
+    anonymizer;
+    storage;
+    keyProvider;
+    sessionId;
+    constructor(anonymizer, sessionId, storage, keyProvider) {
+        this.anonymizer = anonymizer;
+        this.storage = storage;
+        this.keyProvider = keyProvider;
+        this.sessionId = sessionId;
+    }
+    async anonymize(text, locale, policy) {
+        // Get the encryption key
+        const key = await this.keyProvider.getKey();
+        // Load existing PII map for ID reuse (before calling anonymizer)
+        const existing = await this.storage.load(this.sessionId);
+        let existingPiiMap;
+        let createdAt;
+        let existingEntityCounts;
+        if (existing !== null) {
+            try {
+                existingPiiMap = await decryptPIIMap(existing.piiMap, key);
+                createdAt = existing.metadata.createdAt;
+                existingEntityCounts = existing.metadata.entityCounts;
+            }
+            catch (error) {
+                // Decryption failed - likely key mismatch
+                const isKeyMismatch = error instanceof Error &&
+                    (error.name === "OperationError" ||
+                        error.message.includes("decrypt"));
+                if (isKeyMismatch) {
+                    throw new Error(`Failed to decrypt existing session data for "${this.sessionId}". ` +
+                        `The encryption key may have changed since this session was created.\n\n` +
+                        `To fix this, either:\n` +
+                        `  1. Use the same key that was used to create the session\n` +
+                        `  2. Delete the old session: await session.delete()\n` +
+                        `  3. Use a persistent key provider (e.g., ConfigKeyProvider)`);
+                }
+                throw error;
+            }
+        }
+        else {
+            existingPiiMap = undefined;
+            createdAt = Date.now();
+            existingEntityCounts = {};
+        }
+        // Call the parent anonymizer with existing PII map for ID reuse
+        const result = await this.anonymizer.anonymize(text, locale, policy, existingPiiMap);
+        // Sessions require a PII map (only available in pseudonymize mode)
+        if (result.piiMap === undefined) {
+            throw new Error("Session anonymize() failed: no PII map returned.\n\n" +
+                "This can happen if the anonymizer is in 'anonymize' mode.\n" +
+                "Sessions require 'pseudonymize' mode for PII map storage.");
+        }
+        // Decrypt the new PII map
+        const newPiiMap = await decryptPIIMap(result.piiMap, key);
+        // Merge maps: start with existing (if any), add new entries
+        const mergedPiiMap = existingPiiMap
+            ? new Map(existingPiiMap)
+            : new Map();
+        for (const [k, v] of newPiiMap) {
+            mergedPiiMap.set(k, v);
+        }
+        // Merge entity counts
+        const mergedEntityCounts = { ...existingEntityCounts };
+        for (const [type, count] of Object.entries(result.stats.countsByType)) {
+            mergedEntityCounts[type] = (mergedEntityCounts[type] ?? 0) + count;
+        }
+        // Re-encrypt the merged PII map
+        const encryptedMergedMap = await encryptPIIMap(mergedPiiMap, key);
+        // Save the merged PII map to storage
+        await this.storage.save(this.sessionId, encryptedMergedMap, {
+            createdAt,
+            entityCounts: mergedEntityCounts,
+            modelVersion: result.stats.modelVersion,
+        });
+        return result;
+    }
+    async rehydrate(text) {
+        // Load from storage
+        const stored = await this.storage.load(this.sessionId);
+        if (stored === null) {
+            throw new Error(`No PII map found for session: ${this.sessionId}. ` +
+                `Make sure to call anonymize() before rehydrate().`);
+        }
+        // Decrypt the PII map
+        const key = await this.keyProvider.getKey();
+        const piiMap = await decryptPIIMap(stored.piiMap, key);
+        // Rehydrate the text
+        return rehydrateText(text, piiMap);
+    }
+    async load() {
+        return this.storage.load(this.sessionId);
+    }
+    async delete() {
+        return this.storage.delete(this.sessionId);
+    }
+    async exists() {
+        return this.storage.exists(this.sessionId);
+    }
+}
+//# sourceMappingURL=session-base.js.map

package/dist/storage/session-base.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-base.js","sourceRoot":"","sources":["../../src/storage/session-base.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAOH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,SAAS,IAAI,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAoBnE;;GAEG;AACH,MAAM,OAAO,qBAAqB;IAIX;IAEA;IACA;IANZ,SAAS,CAAS;IAE3B,YACqB,UAAuB,EAC1C,SAAiB,EACE,OAA2B,EAC3B,WAAwB;QAHxB,eAAU,GAAV,UAAU,CAAa;QAEvB,YAAO,GAAP,OAAO,CAAoB;QAC3B,gBAAW,GAAX,WAAW,CAAa;QAE3C,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,SAAS,CACb,IAAY,EACZ,MAAe,EACf,MAAqC;QAErC,yBAAyB;QACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;QAE5C,iEAAiE;QACjE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACzD,IAAI,cAAqC,CAAC;QAC1C,IAAI,SAAiB,CAAC;QACtB,IAAI,oBAA4C,CAAC;QAEjD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,cAAc,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;gBAC3D,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACxC,oBAAoB,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC;YACxD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,0CAA0C;gBAC1C,MAAM,aAAa,GACjB,KAAK,YAAY,KAAK;oBACtB,CAAC,KAAK,CAAC,IAAI,KAAK,gBAAgB;wBAC9B,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;gBAEvC,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CACb,gDAAgD,IAAI,CAAC,SAAS,KAAK;wBACjE,yEAAyE;wBACzE,wBAAwB;wBACxB,6DAA6D;wBAC7D,uDAAuD;wBACvD,8DAA8D,CACjE,CAAC;gBACJ,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,cAAc,GAAG,SAAS,CAAC;YAC3B,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,oBAAoB,GAAG,EAAE,CAAC;QAC5B,CAAC;QAED,gEAAgE;QAChE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAC5C,IAAI,EACJ,MAAM,EACN,MAAM,EACN,cAAc,CACf,CAAC;QAEF,mEAAmE;QACnE,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,sDAAsD;gBACpD,6DAA6D;gBAC7D,2DAA2D,CAC9D,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAE1D,4DAA4D;QAC5D,MAAM,YAAY,GAAc,cAAc;YAC5C,CAAC,CAAC,IAAI,GAAG,CAAiB,cAAc,CAAC;YACzC,CAAC,CAAC,IAAI,GAAG,EAAkB,CAAC;QAC9B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,SAAS,EAAE,CAAC;YAC/B,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC;QAED,sBAAsB;QACtB,MAAM,kBAAkB,GAAG,EAAE,GAAG,oBAAoB,EAAE,CAAC;QACvD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;YACtE,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC;QACrE,CAAC;QAED,gCAAgC;QAChC,MAAM,kBAAkB,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;QAElE,qCAAqC;QACrC,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,EAAE;YAC1D,SAAS;YACT,YAAY,EAAE,kBAAkB;YAChC,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,YAAY;SACxC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,IAAY;QAC1B,oBAAoB;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CACb,iCAAiC,IAAI,CAAC,SAAS,IAAI;gBACjD,mDAAmD,CACtD,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAEvD,qBAAqB;QACrB,OAAO,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,IAAI;QACR,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;CACF"}

package/dist/storage/session.d.ts

@@ -1,33 +1,19 @@
 /**
- * Anonymizer Session Implementation
- * Session-bound wrapper for automatic PII map storage
+ * Anonymizer Session Implementation (Node.js)
+ * Extends the base session with streaming support (requires node:stream).
  */
-import type { AnonymizationResult, AnonymizationPolicy } from "../types/index.js";
+export { type IAnonymizer } from "./session-base.js";
+import { AnonymizerSessionImpl as BaseSessionImpl } from "./session-base.js";
 import type { KeyProvider } from "../crypto/index.js";
-import type { RawPIIMap } from "../pipeline/tagger.js";
-import type { AnonymizerSession, PIIStorageProvider, StoredPIIMap } from "./types.js";
-import type { AnonymizerStream } from "../streaming/anonymizer-stream.js";
+import type { PIIStorageProvider } from "./types.js";
+import { AnonymizerStream } from "../streaming/anonymizer-stream.js";
 import type { StreamConfig } from "../streaming/types.js";
+import type { IAnonymizer } from "./session-base.js";
 /**
- * Interface for the parent Anonymizer (to avoid circular dependency)
+ * Node.js session implementation with streaming support
  */
-export interface IAnonymizer {
-    anonymize(text: string, locale?: string, policy?: Partial<AnonymizationPolicy>, existingPiiMap?: RawPIIMap): Promise<AnonymizationResult>;
-}
-/**
- * Session implementation that wraps an Anonymizer with automatic storage
- */
-export declare class AnonymizerSessionImpl implements AnonymizerSession {
-    private readonly anonymizer;
-    private readonly storage;
-    private readonly keyProvider;
-    readonly sessionId: string;
+export declare class AnonymizerSessionImpl extends BaseSessionImpl {
     constructor(anonymizer: IAnonymizer, sessionId: string, storage: PIIStorageProvider, keyProvider: KeyProvider);
-    anonymize(text: string, locale?: string, policy?: Partial<AnonymizationPolicy>): Promise<AnonymizationResult>;
-    rehydrate(text: string): Promise<string>;
-    load(): Promise<StoredPIIMap | null>;
-    delete(): Promise<boolean>;
-    exists(): Promise<boolean>;
     createStream(config?: Partial<StreamConfig>): Promise<AnonymizerStream>;
 }
 //# sourceMappingURL=session.d.ts.map

package/dist/storage/session.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/storage/session.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,KAAK,EACV,iBAAiB,EACjB,kBAAkB,EAClB,YAAY,EACb,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAE1D;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,SAAS,CACP,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,EACrC,cAAc,CAAC,EAAE,SAAS,GACzB,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,qBAAa,qBAAsB,YAAW,iBAAiB;IAI3D,OAAO,CAAC,QAAQ,CAAC,UAAU;IAE3B,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAN9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;gBAGR,UAAU,EAAE,WAAW,EACxC,SAAS,EAAE,MAAM,EACA,OAAO,EAAE,kBAAkB,EAC3B,WAAW,EAAE,WAAW;IAKrC,SAAS,CACb,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,OAAO,CAAC,mBAAmB,CAAC;IAuFzB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkBxC,IAAI,IAAI,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIpC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;IAI1B,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;IAI1B,YAAY,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC;CAuB9E"}
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/storage/session.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,qBAAqB,IAAI,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC7E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,eAAe;gBAEtD,UAAU,EAAE,WAAW,EACvB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,kBAAkB,EAC3B,WAAW,EAAE,WAAW;IAKpB,YAAY,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC;CAoB9E"}

package/dist/storage/session.js

@@ -1,115 +1,18 @@
 /**
- * Anonymizer Session Implementation
- * Session-bound wrapper for automatic PII map storage
+ * Anonymizer Session Implementation (Node.js)
+ * Extends the base session with streaming support (requires node:stream).
  */
-import { decryptPIIMap, encryptPIIMap } from "../crypto/index.js";
-import { rehydrate as rehydrateText } from "../pipeline/tagger.js";
+import { AnonymizerSessionImpl as BaseSessionImpl } from "./session-base.js";
+import { decryptPIIMap } from "../crypto/index.js";
+import { AnonymizerStream } from "../streaming/anonymizer-stream.js";
 /**
- * Session implementation that wraps an Anonymizer with automatic storage
+ * Node.js session implementation with streaming support
  */
-export class AnonymizerSessionImpl {
-    anonymizer;
-    storage;
-    keyProvider;
-    sessionId;
+export class AnonymizerSessionImpl extends BaseSessionImpl {
     constructor(anonymizer, sessionId, storage, keyProvider) {
-        this.anonymizer = anonymizer;
-        this.storage = storage;
-        this.keyProvider = keyProvider;
-        this.sessionId = sessionId;
-    }
-    async anonymize(text, locale, policy) {
-        // Get the encryption key
-        const key = await this.keyProvider.getKey();
-        // Load existing PII map for ID reuse (before calling anonymizer)
-        const existing = await this.storage.load(this.sessionId);
-        let existingPiiMap;
-        let createdAt;
-        let existingEntityCounts;
-        if (existing !== null) {
-            try {
-                existingPiiMap = await decryptPIIMap(existing.piiMap, key);
-                createdAt = existing.metadata.createdAt;
-                existingEntityCounts = existing.metadata.entityCounts;
-            }
-            catch (error) {
-                // Decryption failed - likely key mismatch
-                const isKeyMismatch = error instanceof Error &&
-                    (error.name === "OperationError" ||
-                        error.message.includes("decrypt"));
-                if (isKeyMismatch) {
-                    throw new Error(`Failed to decrypt existing session data for "${this.sessionId}". ` +
-                        `The encryption key may have changed since this session was created.\n\n` +
-                        `To fix this, either:\n` +
-                        `  1. Use the same key that was used to create the session\n` +
-                        `  2. Delete the old session: await session.delete()\n` +
-                        `  3. Use a persistent key provider (e.g., ConfigKeyProvider)`);
-                }
-                throw error;
-            }
-        }
-        else {
-            existingPiiMap = undefined;
-            createdAt = Date.now();
-            existingEntityCounts = {};
-        }
-        // Call the parent anonymizer with existing PII map for ID reuse
-        const result = await this.anonymizer.anonymize(text, locale, policy, existingPiiMap);
-        // Sessions require a PII map (only available in pseudonymize mode)
-        if (result.piiMap === undefined) {
-            throw new Error("Session anonymize() failed: no PII map returned.\n\n" +
-                "This can happen if the anonymizer is in 'anonymize' mode.\n" +
-                "Sessions require 'pseudonymize' mode for PII map storage.");
-        }
-        // Decrypt the new PII map
-        const newPiiMap = await decryptPIIMap(result.piiMap, key);
-        // Merge maps: start with existing (if any), add new entries
-        const mergedPiiMap = existingPiiMap
-            ? new Map(existingPiiMap)
-            : new Map();
-        for (const [k, v] of newPiiMap) {
-            mergedPiiMap.set(k, v);
-        }
-        // Merge entity counts
-        const mergedEntityCounts = { ...existingEntityCounts };
-        for (const [type, count] of Object.entries(result.stats.countsByType)) {
-            mergedEntityCounts[type] = (mergedEntityCounts[type] ?? 0) + count;
-        }
-        // Re-encrypt the merged PII map
-        const encryptedMergedMap = await encryptPIIMap(mergedPiiMap, key);
-        // Save the merged PII map to storage
-        await this.storage.save(this.sessionId, encryptedMergedMap, {
-            createdAt,
-            entityCounts: mergedEntityCounts,
-            modelVersion: result.stats.modelVersion,
-        });
-        return result;
-    }
-    async rehydrate(text) {
-        // Load from storage
-        const stored = await this.storage.load(this.sessionId);
-        if (stored === null) {
-            throw new Error(`No PII map found for session: ${this.sessionId}. ` +
-                `Make sure to call anonymize() before rehydrate().`);
-        }
-        // Decrypt the PII map
-        const key = await this.keyProvider.getKey();
-        const piiMap = await decryptPIIMap(stored.piiMap, key);
-        // Rehydrate the text
-        return rehydrateText(text, piiMap);
-    }
-    async load() {
-        return this.storage.load(this.sessionId);
-    }
-    async delete() {
-        return this.storage.delete(this.sessionId);
-    }
-    async exists() {
-        return this.storage.exists(this.sessionId);
+        super(anonymizer, sessionId, storage, keyProvider);
     }
     async createStream(config) {
-        // Dynamic import to avoid pulling node:stream into browser bundles
-        const { AnonymizerStream } = await import("../streaming/anonymizer-stream.js");
         // Load existing PII map to seed the stream for ID continuity
         let initialPiiMap;
         const existing = await this.storage.load(this.sessionId);