@codai/memorai-core/dist/security/SecurityManager.d.ts

Simplified advanced memory engine - no tiers, just powerful semantic search with persistence

/**
 * Security utilities and enhancements for Memorai
 * Includes input validation, rate limiting, and security auditing
 */
export interface ValidationRule {
    field: string;
    type: 'string' | 'number' | 'boolean' | 'object' | 'array';
    required?: boolean;
    minLength?: number;
    maxLength?: number;
    pattern?: RegExp;
    allowedValues?: string[] | number[];
    customValidator?: (value: unknown) => boolean | string;
}
export interface RateLimitConfig {
    windowMs: number;
    maxRequests: number;
    keyGenerator?: (tenantId: string, agentId?: string) => string;
    skipSuccessfulRequests?: boolean;
    skipFailedRequests?: boolean;
}
export interface SecurityAuditEvent {
    timestamp: Date;
    eventType: 'auth' | 'access' | 'modification' | 'error' | 'security_violation';
    severity: 'low' | 'medium' | 'high' | 'critical';
    tenantId: string;
    agentId?: string;
    action: string;
    resource?: string;
    ipAddress?: string;
    userAgent?: string;
    metadata?: Record<string, unknown>;
    success: boolean;
    errorMessage?: string;
}
export declare class InputValidator {
    /**
     * Validate input against a set of rules
     */
    static validate(input: Record<string, unknown>, rules: ValidationRule[]): {
        isValid: boolean;
        errors: string[];
    };
    /**
     * Sanitize string input to prevent injection attacks
     */
    static sanitizeString(input: string): string;
    /**
     * Validate and sanitize memory content
     */
    static validateMemoryContent(content: string): {
        isValid: boolean;
        sanitizedContent: string;
        errors: string[];
    };
    private static validateType;
}
export declare class RateLimiter {
    private config;
    private requests;
    constructor(config: RateLimitConfig);
    /**
     * Check if a request should be allowed
     */
    isAllowed(tenantId: string, agentId?: string): {
        allowed: boolean;
        remainingRequests: number;
        resetTime: Date;
    };
    /**
     * Get current rate limit status for a tenant/agent
     */
    getStatus(tenantId: string, agentId?: string): {
        requestCount: number;
        remainingRequests: number;
        resetTime: Date;
    };
    /**
     * Clear rate limit data (useful for testing)
     */
    clear(): void;
}
export declare class SecurityAuditor {
    private auditLog;
    private readonly maxLogSize;
    /**
     * Log a security audit event
     */
    logEvent(event: Omit<SecurityAuditEvent, 'timestamp'>): void;
    /**
     * Get audit events for a specific tenant
     */
    getTenantAuditLog(tenantId: string, options?: {
        startDate?: Date;
        endDate?: Date;
        eventType?: SecurityAuditEvent['eventType'];
        severity?: SecurityAuditEvent['severity'];
        limit?: number;
    }): SecurityAuditEvent[];
    /**
     * Get security statistics
     */
    getSecurityStats(tenantId?: string): {
        totalEvents: number;
        eventsBySeverity: Record<string, number>;
        eventsByType: Record<string, number>;
        failureRate: number;
        recentCriticalEvents: number;
    };
    /**
     * Export audit log for external security systems
     */
    exportAuditLog(format?: 'json' | 'csv'): string;
}
export declare class EncryptionManager {
    private encryptionKey;
    private algorithm;
    private key;
    constructor(encryptionKey: string); /**
     * Encrypt sensitive data
     */
    encrypt(text: string): string;
    /**
     * Decrypt sensitive data
     */
    decrypt(encryptedText: string): string;
    /**
     * Hash data for secure comparison
     */
    hash(data: string, salt?: string): string;
    /**
     * Verify hashed data
     */
    verifyHash(data: string, hashedData: string): boolean;
}
/**
 * Main SecurityManager class that coordinates all security functionality
 */
export interface SecurityManagerConfig {
    encryptionKey: string;
    auditLog?: boolean;
    rateLimiting?: RateLimitConfig;
    dataRetention?: {
        enabled: boolean;
        maxAge: number;
        compressionEnabled?: boolean;
    };
}
export declare class SecurityManager {
    private encryptionManager;
    private auditor;
    private rateLimiter;
    private config;
    constructor(config: SecurityManagerConfig);
    /**
     * Encrypt sensitive data
     */
    encrypt(data: string): string;
    /**
     * Decrypt sensitive data
     */
    decrypt(encryptedData: string): string;
    /**
     * Hash data for secure comparison
     */
    hash(data: string, salt?: string): string;
    /**
     * Verify hashed data
     */
    verifyHash(data: string, hashedData: string): boolean;
    /**
     * Validate input data
     */
    validateInput(input: Record<string, unknown>, rules: ValidationRule[]): {
        isValid: boolean;
        errors: string[];
    };
    /**
     * Check if operation is rate limited
     */
    checkRateLimit(tenantId: string, agentId?: string): boolean;
    /**
     * Record security audit event
     */
    auditEvent(event: SecurityAuditEvent): void;
    /**
     * Get security audit events
     */
    getAuditEvents(filter?: {
        tenantId?: string;
        eventType?: string;
        severity?: string;
        startDate?: Date;
        endDate?: Date;
    }): SecurityAuditEvent[];
    /**
     * Get security statistics
     */
    getStats(): {
        totalEvents: number;
        eventsByType: Record<string, number>;
        eventsBySeverity: Record<string, number>;
        rateLimitStatus: Record<string, unknown>;
    };
}
export declare const globalRateLimiter: RateLimiter;
export declare const securityAuditor: SecurityAuditor;
//# sourceMappingURL=SecurityManager.d.ts.map