@iota-big3/sdk-security

import { z as z } from 'zod'; export interface ServiceIdentity { id: string; name: string; namespace: string; spiffeId: string; certificate: string; privateKey?: string; validFrom: Date; validTo: Date; attributes: Record<string, any>; } export interface ZeroTrustPolicy { id: string; name: string; description?: string; rules: PolicyRule[]; effect: 'allow' | 'deny'; priority: number; conditions?: PolicyCondition[]; enabled: boolean; } export interface PolicyRule { id: string; resource: string; actions: string[]; subjects: string[]; conditions?: PolicyCondition[]; } export interface PolicyCondition { type: 'time' | 'location' | 'attribute' | 'custom'; operator: 'equals' | 'not_equals' | 'contains' | 'greater_than' | 'less_than'; value: unknown; field?: string; } export interface User { id: string; username: string; email: string; roles: Role[]; attributes: Record<string, any>; mfaEnabled: boolean; lastLogin?: Date; createdAt: Date; updatedAt: Date; } export interface Role { id: string; name: string; description?: string; _permissions: Permission[]; parentRoles?: string[]; metadata?: Record<string, any>; } export interface Permission { id: string; resource: string; action: string; constraints?: Record<string, any>; effect: 'allow' | 'deny'; } export interface Session { id: string; userId: string; _token: string; refreshToken?: string; expiresAt: Date; createdAt: Date; ipAddress?: string; userAgent?: string; mfaVerified: boolean; } export interface AccessRequest { subject: string | User; resource: string; action: string; context?: Record<string, any>; attributes?: Record<string, any>; } export interface AccessDecision { allowed: boolean; reason?: string; appliedPolicies: string[]; evaluationTime: number; obligations?: PolicyObligation[]; } export interface PolicyObligation { type: 'log' | 'notify' | 'encrypt' | 'custom'; params: Record<string, any>; } export type ComplianceFramework = 'SOC2' | 'HIPAA' | 'GDPR' | 'PCI_DSS' | 'ISO27001' | 'NIST'; export interface ComplianceControl { id: string; framework: ComplianceFramework; controlId: string; title: string; description: string; category: string; status: ComplianceStatus; evidence: ComplianceEvidence[]; lastAssessed?: Date; assessor?: string; } export type ComplianceStatus = 'compliant' | 'non_compliant' | 'partial' | 'not_applicable' | 'pending'; export interface ComplianceEvidence { id: string; type: 'document' | 'screenshot' | 'log' | 'config' | 'test_result'; title: string; description?: string; url?: string; data?: unknown; collectedAt: Date; collectedBy: string; hash?: string; } export interface ComplianceReport { id: string; framework: ComplianceFramework; reportDate: Date; overallStatus: ComplianceStatus; controls: ComplianceControl[]; summary: ComplianceSummary; recommendations: string[]; nextAssessmentDate?: Date; } export interface ComplianceSummary { totalControls: number; compliantControls: number; nonCompliantControls: number; partialControls: number; notApplicableControls: number; complianceScore: number; criticalFindings: number; } export interface SecurityScan { id: string; type: ScanType; targetType: 'application' | 'container' | 'infrastructure' | 'dependency'; target: string; status: ScanStatus; startedAt: Date; completedAt?: Date; findings: SecurityFinding[]; summary: ScanSummary; scannerVersion: string; } export type ScanType = 'SAST' | 'DAST' | 'SCA' | 'Container' | 'IaC' | 'Secret'; export type ScanStatus = 'pending' | 'running' | 'completed' | 'failed' | 'cancelled'; export interface SecurityFinding { id: string; type: FindingType; severity: 'critical' | 'high' | 'medium' | 'low' | 'info'; title: string; description: string; location?: FindingLocation; cwe?: string; cve?: string; cvssScore?: number; remediation?: string; references?: string[]; falsePositive?: boolean; } export type FindingType = 'vulnerability' | 'code_smell' | 'security_hotspot' | 'secret' | 'misconfiguration' | 'outdated_dependency'; export interface FindingLocation { file?: string; line?: number; column?: number; function?: string; package?: string; version?: string; } export interface ScanSummary { totalFindings: number; criticalCount: number; highCount: number; mediumCount: number; lowCount: number; infoCount: number; suppressedCount: number; } export interface AuditEvent { id: string; timestamp: Date; eventType: AuditEventType; actor: AuditActor; resource: AuditResource; action: string; outcome: 'success' | 'failure' | 'partial'; details?: Record<string, any>; ipAddress?: string; userAgent?: string; correlationId?: string; blockchainTxHash?: string; immutable: boolean; } export type AuditEventType = 'authentication' | 'authorization' | 'data_access' | 'data_modification' | 'configuration_change' | 'security_event' | 'compliance_event' | 'system_event'; export interface AuditActor { type: 'user' | 'service' | 'system'; id: string; name: string; roles?: string[]; attributes?: Record<string, any>; } export interface AuditResource { type: string; id: string; name: string; attributes?: Record<string, any>; before?: unknown; after?: unknown; } export interface AuditQuery { startDate?: Date; endDate?: Date; eventTypes?: AuditEventType[]; actors?: string[]; resources?: string[]; outcomes?: ('success' | 'failure' | 'partial')[]; searchText?: string; limit?: number; offset?: number; sortBy?: 'timestamp' | 'eventType' | 'actor'; sortOrder?: 'asc' | 'desc'; } export interface BlockchainAuditConfig { type: 'hyperledger' | 'ethereum' | 'private'; networkUrl: string; channelName?: string; contractAddress?: string; credentials?: BlockchainCredentials; confirmations?: number; } export interface BlockchainCredentials { identity: string; privateKey?: string; certificate?: string; mspId?: string; } export interface BlockchainTransaction { txHash: string; blockNumber: number; timestamp: Date; data: unknown; status: 'pending' | 'confirmed' | 'failed'; confirmations: number; } export interface SecurityConfig { zeroTrust: { enabled: boolean; serviceMesh?: 'istio' | 'linkerd'; mtlsMode: 'strict' | 'permissive' | 'disabled'; certificateRotationDays: number; }; iam: { providers: AuthProvider[]; sessionTimeout: number; mfaRequired: boolean; passwordPolicy: PasswordPolicy; apiKeyRotationDays: number; }; compliance: { frameworks: ComplianceFramework[]; autoAssessment: boolean; reportingSchedule: 'daily' | 'weekly' | 'monthly'; evidenceRetentionDays: number; }; scanning: { enabledScanners: ScanType[]; scheduledScans: boolean; scanOnCommit: boolean; severityThreshold: 'critical' | 'high' | 'medium' | 'low'; }; audit: { enabled: boolean; blockchain?: BlockchainAuditConfig; retentionDays: number; realTimeStreaming: boolean; encryptionEnabled: boolean; }; } export interface AuthProvider { type: 'saml' | 'oauth2' | 'oidc' | 'ldap'; name: string; config: Record<string, any>; enabled: boolean; } export interface PasswordPolicy { minLength: number; requireUppercase: boolean; requireLowercase: boolean; requireNumbers: boolean; requireSpecialChars: boolean; maxAge: number; historyCount: number; } export declare const AccessRequestSchema: z.ZodObject<{ subject: z.ZodUnion<[z.ZodString, z.ZodObject<{ id: z.ZodString; username: z.ZodString; roles: z.ZodArray<z.ZodAny, "many">; }, "strip", z.ZodTypeAny, { id: string; username: string; roles: any[]; }, { id: string; username: string; roles: any[]; }>]>; resource: z.ZodString; action: z.ZodString; context: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>; attributes: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>; }, "strip", z.ZodTypeAny, { action: string; resource: string; subject: string | { id: string; username: string; roles: any[]; }; attributes?: Record<string, any> | undefined; context?: Record<string, any> | undefined; }, { action: string; resource: string; subject: string | { id: string; username: string; roles: any[]; }; attributes?: Record<string, any> | undefined; context?: Record<string, any> | undefined; }>; export declare const SecurityConfigSchema: z.ZodObject<{ zeroTrust: z.ZodObject<{ enabled: z.ZodBoolean; serviceMesh: z.ZodOptional<z.ZodEnum<["istio", "linkerd"]>>; mtlsMode: z.ZodEnum<["strict", "permissive", "disabled"]>; certificateRotationDays: z.ZodNumber; }, "strip", z.ZodTypeAny, { enabled: boolean; mtlsMode: "strict" | "permissive" | "disabled"; certificateRotationDays: number; serviceMesh?: "istio" | "linkerd" | undefined; }, { enabled: boolean; mtlsMode: "strict" | "permissive" | "disabled"; certificateRotationDays: number; serviceMesh?: "istio" | "linkerd" | undefined; }>; iam: z.ZodObject<{ providers: z.ZodArray<z.ZodObject<{ type: z.ZodEnum<["saml", "oauth2", "oidc", "ldap"]>; name: z.ZodString; config: z.ZodRecord<z.ZodString, z.ZodAny>; enabled: z.ZodBoolean; }, "strip", z.ZodTypeAny, { type: "saml" | "oauth2" | "oidc" | "ldap"; name: string; enabled: boolean; config: Record<string, any>; }, { type: "saml" | "oauth2" | "oidc" | "ldap"; name: string; enabled: boolean; config: Record<string, any>; }>, "many">; sessionTimeout: z.ZodNumber; mfaRequired: z.ZodBoolean; passwordPolicy: z.ZodObject<{ minLength: z.ZodNumber; requireUppercase: z.ZodBoolean; requireLowercase: z.ZodBoolean; requireNumbers: z.ZodBoolean; requireSpecialChars: z.ZodBoolean; maxAge: z.ZodNumber; historyCount: z.ZodNumber; }, "strip", z.ZodTypeAny, { minLength: number; requireUppercase: boolean; requireLowercase: boolean; requireNumbers: boolean; requireSpecialChars: boolean; maxAge: number; historyCount: number; }, { minLength: number; requireUppercase: boolean; requireLowercase: boolean; requireNumbers: boolean; requireSpecialChars: boolean; maxAge: number; historyCount: number; }>; apiKeyRotationDays: z.ZodNumber; }, "strip", z.ZodTypeAny, { providers: { type: "saml" | "oauth2" | "oidc" | "ldap"; name: string; enabled: boolean; config: Record<string, any>; }[]; sessionTimeout: number; mfaRequired: boolean; passwordPolicy: { minLength: number; requireUppercase: boolean; requireLowercase: boolean; requireNumbers: boolean; requireSpecialChars: boolean; maxAge: number; historyCount: number; }; apiKeyRotationDays: number; }, { providers: { type: "saml" | "oauth2" | "oidc" | "ldap"; name: string; enabled: boolean; config: Record<string, any>; }[]; sessionTimeout: number; mfaRequired: boolean; passwordPolicy: { minLength: number; requireUppercase: boolean; requireLowercase: boolean; requireNumbers: boolean; requireSpecialChars: boolean; maxAge: number; historyCount: number; }; apiKeyRotationDays: number; }>; compliance: z.ZodObject<{ frameworks: z.ZodArray<z.ZodEnum<["SOC2", "HIPAA", "GDPR", "PCI_DSS", "ISO27001", "NIST"]>, "many">; autoAssessment: z.ZodBoolean; reportingSchedule: z.ZodEnum<["daily", "weekly", "monthly"]>; evidenceRetentionDays: z.ZodNumber; }, "strip", z.ZodTypeAny, { frameworks: ("SOC2" | "HIPAA" | "GDPR" | "PCI_DSS" | "ISO27001" | "NIST")[]; autoAssessment: boolean; reportingSchedule: "daily" | "weekly" | "monthly"; evidenceRetentionDays: number; }, { frameworks: ("SOC2" | "HIPAA" | "GDPR" | "PCI_DSS" | "ISO27001" | "NIST")[]; autoAssessment: boolean; reportingSchedule: "daily" | "weekly" | "monthly"; evidenceRetentionDays: number; }>; scanning: z.ZodObject<{ enabledScanners: z.ZodArray<z.ZodEnum<["SAST", "DAST", "SCA", "Container", "IaC", "Secret"]>, "many">; scheduledScans: z.ZodBoolean; scanOnCommit: z.ZodBoolean; severityThreshold: z.ZodEnum<["critical", "high", "medium", "low"]>; }, "strip", z.ZodTypeAny, { enabledScanners: ("SAST" | "DAST" | "SCA" | "Container" | "IaC" | "Secret")[]; scheduledScans: boolean; scanOnCommit: boolean; severityThreshold: "high" | "critical" | "medium" | "low"; }, { enabledScanners: ("SAST" | "DAST" | "SCA" | "Container" | "IaC" | "Secret")[]; scheduledScans: boolean; scanOnCommit: boolean; severityThreshold: "high" | "critical" | "medium" | "low"; }>; audit: z.ZodObject<{ enabled: z.ZodBoolean; blockchain: z.ZodOptional<z.ZodObject<{ type: z.ZodEnum<["hyperledger", "ethereum", "private"]>; networkUrl: z.ZodString; channelName: z.ZodOptional<z.ZodString>; contractAddress: z.ZodOptional<z.ZodString>; credentials: z.ZodOptional<z.ZodAny>; confirmations: z.ZodOptional<z.ZodNumber>; }, "strip", z.ZodTypeAny, { type: "hyperledger" | "ethereum" | "private"; networkUrl: string; channelName?: string | undefined; contractAddress?: string | undefined; credentials?: any; confirmations?: number | undefined; }, { type: "hyperledger" | "ethereum" | "private"; networkUrl: string; channelName?: string | undefined; contractAddress?: string | undefined; credentials?: any; confirmations?: number | undefined; }>>; retentionDays: z.ZodNumber; realTimeStreaming: z.ZodBoolean; encryptionEnabled: z.ZodBoolean; }, "strip", z.ZodTypeAny, { enabled: boolean; retentionDays: number; realTimeStreaming: boolean; encryptionEnabled: boolean; blockchain?: { type: "hyperledger" | "ethereum" | "private"; networkUrl: string; channelName?: string | undefined; contractAddress?: string | undefined; credentials?: any; confirmations?: number | undefined; } | undefined; }, { enabled: boolean; retentionDays: number; realTimeStreaming: boolean; encryptionEnabled: boolean; blockchain?: { type: "hyperledger" | "ethereum" | "private"; networkUrl: string; channelName?: string | undefined; contractAddress?: string | undefined; credentials?: any; confirmations?: number | undefined; } | undefined; }>; }, "strip", z.ZodTypeAny, { zeroTrust: { enabled: boolean; mtlsMode: "strict" | "permissive" | "disabled"; certificateRotationDays: number; serviceMesh?: "istio" | "linkerd" | undefined; }; iam: { providers: { type: "saml" | "oauth2" | "oidc" | "ldap"; name: string; enabled: boolean; config: Record<string, any>; }[]; sessionTimeout: number; mfaRequired: boolean; passwordPolicy: { minLength: number; requireUppercase: boolean; requireLowercase: boolean; requireNumbers: boolean; requireSpecialChars: boolean; maxAge: number; historyCount: number; }; apiKeyRotationDays: number; }; compliance: { frameworks: ("SOC2" | "HIPAA" | "GDPR" | "PCI_DSS" | "ISO27001" | "NIST")[]; autoAssessment: boolean; reportingSchedule: "daily" | "weekly" | "monthly"; evidenceRetentionDays: number; }; scanning: { enabledScanners: ("SAST" | "DAST" | "SCA" | "Container" | "IaC" | "Secret")[]; scheduledScans: boolean; scanOnCommit: boolean; severityThreshold: "high" | "critical" | "medium" | "low"; }; audit: { enabled: boolean; retentionDays: number; realTimeStreaming: boolean; encryptionEnabled: boolean; blockchain?: { type: "hyperledger" | "ethereum" | "private"; networkUrl: string; channelName?: string | undefined; contractAddress?: string | undefined; credentials?: any; confirmations?: number | undefined; } | undefined; }; }, { zeroTrust: { enabled: boolean; mtlsMode: "strict" | "permissive" | "disabled"; certificateRotationDays: number; serviceMesh?: "istio" | "linkerd" | undefined; }; iam: { providers: { type: "saml" | "oauth2" | "oidc" | "ldap"; name: string; enabled: boolean; config: Record<string, any>; }[]; sessionTimeout: number; mfaRequired: boolean; passwordPolicy: { minLength: number; requireUppercase: boolean; requireLowercase: boolean; requireNumbers: boolean; requireSpecialChars: boolean; maxAge: number; historyCount: number; }; apiKeyRotationDays: number; }; compliance: { frameworks: ("SOC2" | "HIPAA" | "GDPR" | "PCI_DSS" | "ISO27001" | "NIST")[]; autoAssessment: boolean; reportingSchedule: "daily" | "weekly" | "monthly"; evidenceRetentionDays: number; }; scanning: { enabledScanners: ("SAST" | "DAST" | "SCA" | "Container" | "IaC" | "Secret")[]; scheduledScans: boolean; scanOnCommit: boolean; severityThreshold: "high" | "critical" | "medium" | "low"; }; audit: { enabled: boolean; retentionDays: number; realTimeStreaming: boolean; encryptionEnabled: boolean; blockchain?: { type: "hyperledger" | "ethereum" | "private"; networkUrl: string; channelName?: string | undefined; contractAddress?: string | undefined; credentials?: any; confirmations?: number | undefined; } | undefined; }; }>; export type * from './security.types'; //# sourceMappingURL=security.types.d.ts.map