Security Layer

Domain

Application Security & Sanitization.

Purpose

This directory contains modules dedicated to securing the application against common vulnerabilities and ensuring data safety.

Installation

``bash pnpm add @schafevormfenster/security`

`$3`

For faster development with Vite, use TypeScript sources directly:

`typescript // vite.config.ts - Requires tsconfig "target": "ES2022"+ export default defineConfig({ resolve: { conditions: ['source', 'import', 'default'] } });`

Benefits: Faster HMR, direct debugging, better tree-shaking.

`Responsibilities`

- Input Sanitization: Cleaning inputs to prevent XSS, injection, etc. - Prompt Security: Validating or sanitizing inputs destined for AI models to prevent injection attacks - Security Utilities: Helper functions for encryption, hashing, or verification - Sensitive Data Redaction: Detecting and masking sensitive information in logs and data (moved from@schafevormfenster/logging)

`Boundaries`

- Cross-Cutting Concern: These utilities are used by other layers (Services, API) but do not contain business logic themselves

`Redaction API`

`$3`

Redacts sensitive data from any value while preserving structure.

`typescript import { redactSensitiveData } from "@schafevormfenster/security";

const data = { username: "alice", password: "secret123", apiKey: "abcd1234efgh5678" };

const safe = redactSensitiveData(data, { enabled: true, showPartial: true, partialReveal: 4 }); // Result: { username: "alice", password: "[REDACTED]", apiKey: "abcd*5678" }`

`$3`

Redacts sensitive patterns from strings (emails, JWTs, connection strings, etc.).

`typescript import { redactString } from "@schafevormfenster/security";

const text = "Contact: user@example.com, Token: abc123xyz"; const safe = redactString(text, { enabled: true, showPartial: true, partialReveal: 4 }); // Result: "Contact: u@example.com, Token: abc1xyz"`

`$3`

- isSensitiveKey(key: string): boolean- Check if a key name is sensitive -maskByKey(key: string, value: unknown, config: RedactionConfig): string- Mask based on key semantics -partialMask(value: string, config: RedactionConfig): string- Partial masking helper -SENSITIVE_PATTERNS` - Collection of regex patterns for detecting sensitive data

Security Layer

Domain

Application Security & Sanitization.

Purpose

This directory contains modules dedicated to securing the application against common vulnerabilities and ensuring data safety.

Installation

``bash pnpm add @schafevormfenster/security`

`$3`

For faster development with Vite, use TypeScript sources directly:

`typescript // vite.config.ts - Requires tsconfig "target": "ES2022"+ export default defineConfig({ resolve: { conditions: ['source', 'import', 'default'] } });`

Benefits: Faster HMR, direct debugging, better tree-shaking.

`Responsibilities`

`Boundaries`

- Cross-Cutting Concern: These utilities are used by other layers (Services, API) but do not contain business logic themselves

`Redaction API`

`$3`

Redacts sensitive data from any value while preserving structure.

`typescript import { redactSensitiveData } from "@schafevormfenster/security";

const data = { username: "alice", password: "secret123", apiKey: "abcd1234efgh5678" };

const safe = redactSensitiveData(data, { enabled: true, showPartial: true, partialReveal: 4 }); // Result: { username: "alice", password: "[REDACTED]", apiKey: "abcd*5678" }`

`$3`

Redacts sensitive patterns from strings (emails, JWTs, connection strings, etc.).

`typescript import { redactString } from "@schafevormfenster/security";

`$3`