/** * Security Module Index * * Central export point for all security-related functionality in ZCLAW. * * Modules: * - crypto-utils: AES-256-GCM encryption, key derivation, hashing * - secure-storage: OS keychain integration with encrypted localStorage fallback * - api-key-storage: Secure API key management * - encrypted-chat-storage: Encrypted chat history persistence * - security-audit: Security event logging and reporting * - security-utils: Input validation, XSS prevention, rate limiting */ import { createLogger } from './logger'; const log = createLogger('Security'); // Re-export crypto utilities export { // Core encryption encrypt, decrypt, encryptObject, decryptObject, deriveKey, generateMasterKey, generateSalt, // Hashing hashSha256, hashSha512, // Utilities arrayToBase64, base64ToArray, constantTimeEqual, generateRandomString, secureWipe, clearKeyCache, isCryptoAvailable, isValidEncryptedData, } from './crypto-utils'; export type { EncryptedData } from './crypto-utils'; // Re-export secure storage export { secureStorage, isSecureStorageAvailable, storeDeviceKeys, getDeviceKeys, deleteDeviceKeys, hasDeviceKeys, getDeviceKeysCreatedAt, } from './secure-storage'; export type { Ed25519KeyPair } from './secure-storage'; // Re-export API key storage export { // Types type ApiKeyType, type ApiKeyMetadata, // Core functions storeApiKey, getApiKey, deleteApiKey, listApiKeyMetadata, updateApiKeyMetadata, hasApiKey, validateStoredApiKey, rotateApiKey, // Utility functions validateApiKeyFormat, exportApiKeyConfig, isUsingKeychain, generateTestApiKey, } from './api-key-storage'; // Re-export encrypted chat storage export { initializeEncryptedChatStorage, saveConversations, loadConversations, clearAllChatData, exportEncryptedBackup, importEncryptedBackup, isEncryptedStorageActive, getStorageStats, rotateEncryptionKey, } from './encrypted-chat-storage'; // Re-export security audit export { // Core logging logSecurityEvent, logAuthEvent, logKeyEvent, logDataEvent, logSecurityViolation, logDecryptionFailure, logIntegrityFailure, logPermissionEvent, logSessionEvent, logSuspiciousActivity, logRateLimitEvent, // Query functions getSecurityEvents, getSecurityEventsByType, getSecurityEventsBySeverity, getSecurityEventsByTimeRange, getRecentCriticalEvents, getSecurityEventsBySession, // Report generation generateSecurityAuditReport, // Maintenance clearSecurityAuditLog, exportSecurityEvents, importSecurityEvents, verifyAuditLogIntegrity, // Session management getCurrentSessionId, setCurrentSessionId, setAuditEnabled, isAuditEnabledState, initializeSecurityAudit, shutdownSecurityAudit, } from './security-audit'; export type { SecurityEventType, SecurityEventSeverity, SecurityEvent, SecurityAuditReport, } from './security-audit'; // Re-export security utilities export { // HTML sanitization escapeHtml, unescapeHtml, sanitizeHtml, // URL validation validateUrl, isSafeRedirectUrl, // Path validation validatePath, // Input validation isValidEmail, isValidUsername, validatePasswordStrength, sanitizeFilename, sanitizeJson, // Rate limiting isRateLimited, resetRateLimit, getRemainingAttempts, // CSP helpers generateCspNonce, buildCspHeader, DEFAULT_CSP_DIRECTIVES, // Security checks checkSecurityHeaders, // Random generation generateSecureToken, generateSecureId, } from './security-utils'; // ============================================================================ // Security Initialization // ============================================================================ /** * Initialize all security modules * Call this during application startup */ export async function initializeSecurity(sessionId?: string): Promise { // Initialize security audit first const { initializeSecurityAudit } = await import('./security-audit'); initializeSecurityAudit(sessionId); // Initialize encrypted chat storage const { initializeEncryptedChatStorage } = await import('./encrypted-chat-storage'); await initializeEncryptedChatStorage(); log.debug('All security modules initialized'); } /** * Shutdown all security modules * Call this during application shutdown */ export async function shutdownSecurity(): Promise { const { shutdownSecurityAudit } = await import('./security-audit'); shutdownSecurityAudit(); const { clearKeyCache } = await import('./crypto-utils'); clearKeyCache(); log.debug('All security modules shut down'); } /** * Get a comprehensive security status report */ export async function getSecurityStatus(): Promise<{ auditEnabled: boolean; keychainAvailable: boolean; chatStorageInitialized: boolean; storedApiKeys: number; recentEvents: number; criticalEvents: number; }> { const { isAuditEnabledState, getSecurityEventsBySeverity } = await import('./security-audit'); const { isSecureStorageAvailable } = await import('./secure-storage'); const { isEncryptedStorageActive: isChatStorageInitialized } = await import('./encrypted-chat-storage'); const { listApiKeyMetadata } = await import('./api-key-storage'); const criticalEvents = getSecurityEventsBySeverity('critical').length; const errorEvents = getSecurityEventsBySeverity('error').length; return { auditEnabled: isAuditEnabledState(), keychainAvailable: await isSecureStorageAvailable(), chatStorageInitialized: await isChatStorageInitialized(), storedApiKeys: (await listApiKeyMetadata()).length, recentEvents: criticalEvents + errorEvents, criticalEvents, }; }