@iota-big3/sdk-security/dist/types/security.types.js

Advanced security features including zero trust, quantum-safe crypto, and ML threat detection

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecurityConfigSchema = exports.AccessRequestSchema = void 0;
const zod_1 = require("zod");
// ===============================
// Zod Schemas for Validation
// ===============================
exports.AccessRequestSchema = zod_1.z.object({
    subject: zod_1.z.union([zod_1.z.string(), zod_1.z.object({
            id: zod_1.z.string(),
            username: zod_1.z.string(),
            roles: zod_1.z.array(zod_1.z.any())
        })]),
    resource: zod_1.z.string(),
    action: zod_1.z.string(),
    context: zod_1.z.record(zod_1.z.any()).optional(),
    attributes: zod_1.z.record(zod_1.z.any()).optional()
});
exports.SecurityConfigSchema = zod_1.z.object({
    zeroTrust: zod_1.z.object({
        enabled: zod_1.z.boolean(),
        serviceMesh: zod_1.z.enum(['istio', 'linkerd']).optional(),
        mtlsMode: zod_1.z.enum(['strict', 'permissive', 'disabled']),
        certificateRotationDays: zod_1.z.number().min(1).max(365)
    }),
    iam: zod_1.z.object({
        providers: zod_1.z.array(zod_1.z.object({
            type: zod_1.z.enum(['saml', 'oauth2', 'oidc', 'ldap']),
            name: zod_1.z.string(),
            config: zod_1.z.record(zod_1.z.any()),
            enabled: zod_1.z.boolean()
        })),
        sessionTimeout: zod_1.z.number().min(300), // 5 minutes minimum;
        mfaRequired: zod_1.z.boolean(),
        passwordPolicy: zod_1.z.object({
            minLength: zod_1.z.number().min(8),
            requireUppercase: zod_1.z.boolean(),
            requireLowercase: zod_1.z.boolean(),
            requireNumbers: zod_1.z.boolean(),
            requireSpecialChars: zod_1.z.boolean(),
            maxAge: zod_1.z.number().min(1),
            historyCount: zod_1.z.number().min(0)
        }),
        apiKeyRotationDays: zod_1.z.number().min(1)
    }),
    compliance: zod_1.z.object({
        frameworks: zod_1.z.array(zod_1.z.enum(['SOC2', 'HIPAA', 'GDPR', 'PCI_DSS', 'ISO27001', 'NIST'])),
        autoAssessment: zod_1.z.boolean(),
        reportingSchedule: zod_1.z.enum(['daily', 'weekly', 'monthly']),
        evidenceRetentionDays: zod_1.z.number().min(365) // Minimum 1 year
    }),
    scanning: zod_1.z.object({
        enabledScanners: zod_1.z.array(zod_1.z.enum(['SAST', 'DAST', 'SCA', 'Container', 'IaC', 'Secret'])),
        scheduledScans: zod_1.z.boolean(),
        scanOnCommit: zod_1.z.boolean(),
        severityThreshold: zod_1.z.enum(['critical', 'high', 'medium', 'low'])
    }),
    audit: zod_1.z.object({
        enabled: zod_1.z.boolean(),
        blockchain: zod_1.z.object({
            type: zod_1.z.enum(['hyperledger', 'ethereum', 'private']),
            networkUrl: zod_1.z.string().url(),
            channelName: zod_1.z.string().optional(),
            contractAddress: zod_1.z.string().optional(),
            credentials: zod_1.z.any().optional(),
            confirmations: zod_1.z.number().min(1).optional()
        }).optional(),
        retentionDays: zod_1.z.number().min(365), // Minimum 1 year;
        realTimeStreaming: zod_1.z.boolean(),
        encryptionEnabled: zod_1.z.boolean()
    })
});