/** * MARIA Memory System - Phase 4: Enterprise Security Manager * * Advanced encryption, _key management, data security, and threat protection * with support for HSM, _key rotation, and zero-trust architecture */ import { EventEmitter } from "node:events"; import { type DLPStatus, type EncryptionStatus, type MonitoringStatus, type ThreatSummary } from "./enterprise-security-manager.support"; export type { DLPStatus, EncryptionStatus, MonitoringStatus, ThreatSummary }; export interface SecurityConfig { encryption: EncryptionConfig; keyManagement: KeyManagementConfig; threatProtection: ThreatProtectionConfig; dataLossPrevention: DLPConfig; monitoring: SecurityMonitoringConfig; } export interface EncryptionConfig { _algorithm: "AES-256-GCM" | "AES-256-CBC" | "ChaCha20-Poly1305"; keySize: 256 | 512; ivSize: 12 | 16; tagSize: 16; defaultClassification: DataClassification; classificationRules: EncryptionRule[]; } export interface EncryptionRule { id: string; condition: DataCondition; encryption: EncryptionMethod; keyRotation: KeyRotationPolicy; } export interface DataCondition { field: string; operator: "equals" | "contains" | "matches" | "in"; _value: unknown; priority: number; } export interface EncryptionMethod { _algorithm: string; keyDerivation: KeyDerivationConfig; additionalData?: string; compressionBefore?: boolean; } export interface KeyDerivationConfig { method: "PBKDF2" | "Argon2" | "scrypt"; iterations?: number; saltSize: number; memoryLimit?: number; parallelism?: number; } export interface KeyRotationPolicy { enabled: boolean; interval: number; gracePeriod: number; autoRotate: boolean; notifyBefore: number; } export interface KeyManagementConfig { provider: "local" | "hsm" | "kms" | "vault"; hsmConfig?: HSMConfig; kmsConfig?: KMSConfig; vaultConfig?: VaultConfig; masterKey: MasterKeyConfig; keyBackup: KeyBackupConfig; } export interface HSMConfig { provider: string; slot: number; pin: string; library: string; keyLabel: string; } export interface KMSConfig { provider: "aws" | "azure" | "gcp"; region: string; keyId: string; credentials: Record; } export interface VaultConfig { url: string; token: string; namespace?: string; mountPath: string; keyName: string; } export interface MasterKeyConfig { derivationMethod: "manual" | "password" | "key_file" | "hsm"; backupShares?: number; requiredShares?: number; escrowEnabled?: boolean; } export interface KeyBackupConfig { enabled: boolean; schedule: string; encryption: boolean; storage: BackupStorage[]; retention: number; } export interface BackupStorage { type: "local" | "s3" | "azure_blob" | "gcs"; config: Record; priority: number; } export interface ThreatProtectionConfig { intrusion: IntrusionDetectionConfig; anomaly: AnomalyDetectionConfig; malware: MalwareProtectionConfig; dataExfiltration: DataExfiltrationConfig; } export interface IntrusionDetectionConfig { enabled: boolean; rules: IntrusionRule[]; alertThreshold: number; blockThreshold: number; quarantineEnabled: boolean; } export interface IntrusionRule { id: string; name: string; pattern: string; severity: SecuritySeverity; action: SecurityAction; conditions: ThreatCondition[]; } export interface AnomalyDetectionConfig { enabled: boolean; models: AnomalyModel[]; sensitivity: number; learningPeriod: number; alertThreshold: number; } export interface AnomalyModel { type: "statistical" | "ml" | "behavioral"; parameters: Record; features: string[]; updateInterval: number; } export interface MalwareProtectionConfig { enabled: boolean; scanners: MalwareScanner[]; quarantineEnabled: boolean; autoClean: boolean; } export interface MalwareScanner { type: "_signature" | "heuristic" | "sandbox"; provider: string; config: Record; priority: number; } export interface DataExfiltrationConfig { enabled: boolean; monitors: ExfiltrationMonitor[]; preventionRules: ExfiltrationRule[]; alertThreshold: number; } export interface ExfiltrationMonitor { type: "network" | "file" | "api" | "clipboard"; thresholds: TrafficThreshold[]; timeWindow: number; } export interface TrafficThreshold { metric: "volume" | "frequency" | "destination"; _value: number; action: SecurityAction; } export interface ExfiltrationRule { id: string; dataTypes: DataClassification[]; destinations: string[]; maxSize: number; requireApproval: boolean; } export interface DLPConfig { enabled: boolean; policies: DLPPolicy[]; contentInspection: ContentInspectionConfig; actionTemplates: DLPActionTemplate[]; } export interface DLPPolicy { id: string; name: string; description: string; dataTypes: DataClassification[]; rules: DLPRule[]; actions: DLPAction[]; exceptions: DLPException[]; enabled: boolean; } export interface DLPRule { id: string; pattern: string; type: "regex" | "keyword" | "fingerprint" | "ml"; confidence: number; context: string[]; } export interface DLPAction { type: "block" | "encrypt" | "redact" | "quarantine" | "alert" | "log"; parameters: Record; condition?: ActionCondition; } export interface ActionCondition { field: string; operator: string; _value: unknown; } export interface DLPException { id: string; condition: DataCondition; justification: string; approvedBy: string; expiryDate?: Date; } export interface DLPActionTemplate { id: string; name: string; actions: DLPAction[]; description: string; } export interface ContentInspectionConfig { enabled: boolean; maxFileSize: number; supportedTypes: string[]; deepInspection: boolean; ocrEnabled: boolean; } export interface SecurityMonitoringConfig { realtime: RealtimeMonitoringConfig; logging: SecurityLoggingConfig; alerting: SecurityAlertingConfig; metrics: SecurityMetricsConfig; } export interface RealtimeMonitoringConfig { enabled: boolean; dashboards: MonitoringDashboard[]; alerts: RealtimeAlert[]; correlationRules: CorrelationRule[]; } export interface MonitoringDashboard { id: string; name: string; widgets: DashboardWidget[]; refreshInterval: number; permissions: string[]; } export interface DashboardWidget { type: "chart" | "table" | "metric" | "alert"; title: string; query: string; config: Record; } export interface RealtimeAlert { id: string; name: string; query: string; threshold: AlertThreshold; channels: AlertChannel[]; cooldown: number; } export interface AlertThreshold { operator: "greater_than" | "less_than" | "equals" | "not_equals"; _value: number; timeWindow: number; } export interface AlertChannel { type: "email" | "slack" | "webhook" | "sms" | "pagerduty"; config: Record; severity: SecuritySeverity[]; } export interface CorrelationRule { id: string; name: string; events: string[]; timeWindow: number; threshold: number; action: SecurityAction; } export interface SecurityLoggingConfig { level: "debug" | "info" | "warn" | "_error" | "critical"; destinations: LogDestination[]; format: "json" | "syslog" | "cef"; retention: number; encryption: boolean; } export interface LogDestination { type: "file" | "syslog" | "elasticsearch" | "splunk" | "datadog"; config: Record; filters: LogFilter[]; } export interface LogFilter { field: string; operator: string; _value: unknown; action: "include" | "exclude"; } export interface SecurityAlertingConfig { enabled: boolean; severityThresholds: Map; escalationPolicies: EscalationPolicy[]; suppressionRules: SuppressionRule[]; } export interface EscalationPolicy { id: string; name: string; levels: EscalationLevel[]; conditions: EscalationCondition[]; } export interface EscalationLevel { order: number; delayMinutes: number; channels: AlertChannel[]; requireAcknowledgment: boolean; } export interface EscalationCondition { severity: SecuritySeverity[]; categories: string[]; sources: string[]; } export interface SuppressionRule { id: string; condition: DataCondition; duration: number; reason: string; } export interface SecurityMetricsConfig { collection: MetricsCollectionConfig; storage: MetricsStorageConfig; dashboards: MetricsDashboard[]; } export interface MetricsCollectionConfig { interval: number; metrics: SecurityMetric[]; tags: MetricsTag[]; } export interface SecurityMetric { name: string; type: "counter" | "gauge" | "histogram" | "summary"; description: string; labels: string[]; } export interface MetricsTag { _key: string; _value: string; condition?: string; } export interface MetricsStorageConfig { provider: "prometheus" | "influxdb" | "cloudwatch" | "datadog"; retention: number; compression: boolean; config: Record; } export interface MetricsDashboard { id: string; name: string; panels: MetricsPanel[]; timeRange: string; } export interface MetricsPanel { title: string; query: string; type: "line" | "bar" | "pie" | "table" | "stat"; config: Record; } export type DataClassification = "public" | "internal" | "confidential" | "restricted" | "top_secret"; export type SecuritySeverity = "low" | "medium" | "high" | "critical"; export type SecurityAction = "log" | "alert" | "block" | "quarantine" | "encrypt" | "redact"; export interface EncryptedData { ciphertext: string; iv: string; _tag: string; _algorithm: string; keyId: string; metadata: EncryptionMetadata; } export interface EncryptionMetadata { classification: DataClassification; encryptedAt: Date; keyVersion: number; compression?: string; _checksum: string; } export interface ThreatEvent { id: string; timestamp: Date; type: ThreatType; severity: SecuritySeverity; source: ThreatSource; target: ThreatTarget; indicators: ThreatIndicator[]; mitigated: boolean; _mitigation?: ThreatMitigation; } export type ThreatType = "intrusion_attempt" | "anomalous_behavior" | "malware_detected" | "data_exfiltration" | "privilege_escalation" | "brute_force" | "ddos" | "injection_attack"; export interface ThreatSource { type: "internal" | "external" | "unknown"; identifier: string; location?: string; reputation?: number; } export interface ThreatTarget { type: "user" | "system" | "data" | "network"; identifier: string; classification?: DataClassification; } export interface ThreatIndicator { type: "ip" | "hash" | "domain" | "pattern" | "behavior"; _value: string; confidence: number; source: string; } export interface ThreatMitigation { action: SecurityAction; timestamp: Date; automated: boolean; effectiveness: number; details?: Record; } export interface ThreatCondition { field: string; operator: string; _value: unknown; weight: number; } export declare class EnterpriseSecurityManager extends EventEmitter { private config; private keyManager; private encryptionEngine; private threatDetector; private dlpEngine; private securityMonitor; private auditLogger; constructor(_config: SecurityConfig); /** * Encrypt data based on classification and policies */ encryptData(data: unknown, classification: DataClassification, context?: Record): Promise; /** * Decrypt data with security checks */ decryptData(encryptedData: EncryptedData, context?: Record): Promise; /** * Detect and analyze threats */ detectThreats(data: unknown, context: Record): Promise; /** * Secure data transfer */ secureTransfer(data: unknown, destination: string, classification: DataClassification, context?: Record): Promise<{ _encrypted: EncryptedData; _signature: string; _transferId: string; }>; /** * Verify secure transfer integrity */ verifyTransfer(encrypted: EncryptedData, signature: string, transferId: string): Promise; /** * Rotate encryption keys */ rotateKeys(keyId?: string): Promise<{ rotated: string[]; failed: string[]; }>; /** * Get security status and metrics */ getSecurityStatus(): Promise<{ overall: SecuritySeverity; threats: ThreatSummary; encryption: EncryptionStatus; dlp: DLPStatus; monitoring: MonitoringStatus; }>; private initializeSecurityPipeline; private getEncryptionRule; private getDefaultEncryptionRule; private evaluateDataCondition; private getFieldValue; private validateEncryptedData; private checkDecryptionPermissions; private verifyDataIntegrity; private processThreat; private autoMitigate; private determineMitigationAction; private blockThreatSource; private quarantineThreatTarget; private emergencyEncrypt; private processDLPViolation; private handleKeyExpiry; private scheduleKeyRotation; private calculateOverallSecurity; private handleSecurityError; private generateTransferId; }