@blacksandscyber/mcp-server-bursar 0.5.0

package/build/shield/client.js

@@ -0,0 +1,656 @@
+"use strict";
+/**
+ * Shield API Client — Broker mode only.
+ *
+ * Every request flows through the Blacksands Broker:
+ *   Step 1: POST {authorizer}/api/agent/auth with { password, serviceId }
+ *           — the Authorizer validates the mTLS client cert (presented by our
+ *           httpsAgent), authenticates the password, and resolves the serviceId
+ *           to a Receiver URL — all in one round trip. Returns a sessionToken
+ *           plus { service: { serviceUrl } }.
+ *   Step 2: All subsequent Shield API calls go to service.serviceUrl (the
+ *           Receiver), which authenticates us and proxies to Shield API.
+ *
+ * The mTLS client certificate and auth password are issued by a human
+ * administrator through Overwatch or SysAdmin (or by the Phase-2 setup-token
+ * bootstrap flow, which is just a thin wrapper around the same issuance).
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ShieldClient = exports.BrokerConnector = void 0;
+const axios_1 = __importDefault(require("axios"));
+const https = __importStar(require("https"));
+const logger_1 = require("../shared/logger");
+const errors_1 = require("../shared/errors");
+const DEFAULT_TIMEOUT = 30_000;
+const DEFAULT_MAX_RETRIES = 3;
+// ── Broker Connector ───────────────────────────────────────────────────
+// Fallback session lifetime when the Authorizer doesn't tell us its lease.
+// Used when talking to a pre-heartbeat-protocol Authorizer.
+const FALLBACK_SESSION_TTL_MS = 15 * 60 * 1000; // 15 min
+// Optional per-handshake lease request. Most clients should leave this unset
+// and let the Authorizer apply its default. Set via the BrokerConnector
+// constructor for tests or workloads that genuinely know their window.
+const DEFAULT_REQUESTED_TTL_SEC = undefined;
+class BrokerConnector {
+    authorizerUrl;
+    serviceId;
+    authPassword;
+    httpsAgent;
+    sessionToken = null;
+    receiverUrl = null;
+    connectedAt = 0;
+    // Server-granted session lease in ms. Populated from the auth response
+    // (`expiresAt` / `leaseSec`); falls back to FALLBACK_SESSION_TTL_MS when
+    // talking to a pre-heartbeat Authorizer that doesn't return them.
+    sessionTtlMs = FALLBACK_SESSION_TTL_MS;
+    heartbeatTimer = null;
+    requestedTtlSec;
+    constructor(authorizerUrl, serviceId, authPassword, httpsAgent, requestedTtlSec = DEFAULT_REQUESTED_TTL_SEC) {
+        this.authorizerUrl = authorizerUrl.replace(/\/+$/, "");
+        this.serviceId = serviceId;
+        this.authPassword = authPassword;
+        this.httpsAgent = httpsAgent;
+        this.requestedTtlSec = requestedTtlSec;
+    }
+    get isConnected() {
+        return !!(this.receiverUrl && (Date.now() - this.connectedAt) < this.sessionTtlMs);
+    }
+    get url() {
+        if (!this.receiverUrl)
+            throw new errors_1.ShieldError("BrokerConnector: not connected — call connect() first");
+        return this.receiverUrl;
+    }
+    async connect() {
+        logger_1.logger.info("BrokerConnector: starting Authorizer handshake", {
+            authorizer: this.authorizerUrl,
+            serviceId: this.serviceId,
+        });
+        // Single-call handshake against the real Authorizer contract:
+        //   POST /api/agent/auth
+        //   mTLS cert is presented by httpsAgent; the Authorizer validates it
+        //   against the Manager, then authenticates the password, then (because
+        //   we passed serviceId) resolves the Receiver URL — all one round trip.
+        //
+        //   Response shape (on success):
+        //     { success: true, authenticated: true,
+        //       sessionToken: "<uuid>",
+        //       identity: { username, certFingerprint, isAgent },
+        //       service:  { serviceId, serviceUrl, serviceType },
+        //       leaseSec, expiresAt }                 // ← new
+        //
+        //   leaseSec/expiresAt are absent on older Authorizers; we fall back to
+        //   FALLBACK_SESSION_TTL_MS in that case.
+        //
+        //   On failure: non-2xx with { error: "<message>" }. axios will throw,
+        //   which we surface as AuthenticationError / ShieldError.
+        let authRes;
+        try {
+            const reqBody = {
+                password: this.authPassword,
+                serviceId: this.serviceId,
+            };
+            if (this.requestedTtlSec)
+                reqBody.requestedTtlSec = this.requestedTtlSec;
+            authRes = await axios_1.default.post(`${this.authorizerUrl}/api/agent/auth`, reqBody, { httpsAgent: this.httpsAgent, timeout: 30_000 });
+        }
+        catch (err) {
+            const status = err?.response?.status;
+            const body = err?.response?.data;
+            const msg = body?.error || body?.message || err?.message || "unknown error";
+            if (status === 401)
+                throw new errors_1.AuthenticationError(`BrokerConnector: ${msg}`);
+            throw new errors_1.ShieldError(`BrokerConnector: Authorizer handshake failed (${status ?? "no response"}): ${msg}`);
+        }
+        const data = authRes.data || {};
+        if (!data.success || !data.authenticated || !data.sessionToken) {
+            throw new errors_1.AuthenticationError(`BrokerConnector: Authorizer rejected handshake: ${data.error || data.message || "no sessionToken returned"}`);
+        }
+        this.sessionToken = data.sessionToken;
+        const serviceUrl = data.service?.serviceUrl;
+        if (!serviceUrl) {
+            throw new errors_1.ShieldError(`BrokerConnector: Authorizer did not resolve a Receiver URL for serviceId="${this.serviceId}"`);
+        }
+        this.receiverUrl = serviceUrl;
+        this.connectedAt = Date.now();
+        // Use the server-granted lease if present, otherwise fall back. We track
+        // the lease in ms locally so isConnected matches the Authorizer's view.
+        if (typeof data.leaseSec === "number" && data.leaseSec > 0) {
+            this.sessionTtlMs = data.leaseSec * 1000;
+        }
+        else {
+            this.sessionTtlMs = FALLBACK_SESSION_TTL_MS;
+        }
+        logger_1.logger.info("BrokerConnector: handshake complete", {
+            sessionToken: this.sessionToken.substring(0, 8) + "...",
+            username: data.identity?.username,
+            receiverUrl: this.receiverUrl,
+            leaseSec: Math.round(this.sessionTtlMs / 1000),
+        });
+        this.startHeartbeat();
+        return this.receiverUrl;
+    }
+    async ensureConnected() {
+        if (!this.isConnected) {
+            logger_1.logger.info("BrokerConnector: session expired or not connected — reconnecting");
+            await this.connect();
+        }
+    }
+    async reconnect() {
+        this.stopHeartbeat();
+        this.sessionToken = null;
+        this.receiverUrl = null;
+        this.connectedAt = 0;
+        return this.connect();
+    }
+    /**
+     * Tear down state and stop the heartbeat. Tests/teardown call this; runtime
+     * normally stays connected for the process lifetime.
+     */
+    close() {
+        this.stopHeartbeat();
+        this.sessionToken = null;
+        this.receiverUrl = null;
+        this.connectedAt = 0;
+    }
+    // ── Heartbeat ─────────────────────────────────────────────────────────
+    //
+    // After a successful handshake, fire a POST /api/agent/heartbeat at
+    // lease/3 cadence. Each tick extends the Authorizer's Redis session by
+    // the original lease, keeping the Receiver-side service-authorization
+    // table fresh. If the heartbeat fails twice in a row we drop the local
+    // session state so the next tool call forces a fresh handshake — better
+    // than letting tool calls hit a 401 we already knew was coming.
+    startHeartbeat() {
+        this.stopHeartbeat();
+        // Pick lease/3 as the cadence; clamp to [10s, 5min] so we don't burn the
+        // network on tiny leases or sleep through long ones.
+        const intervalMs = Math.min(Math.max(Math.floor(this.sessionTtlMs / 3), 10_000), 5 * 60_000);
+        let consecutiveFailures = 0;
+        this.heartbeatTimer = setInterval(async () => {
+            if (!this.sessionToken) {
+                this.stopHeartbeat();
+                return;
+            }
+            try {
+                await axios_1.default.post(`${this.authorizerUrl}/api/agent/heartbeat`, { sessionToken: this.sessionToken }, { httpsAgent: this.httpsAgent, timeout: 10_000 });
+                consecutiveFailures = 0;
+                // Slide our local clock forward so isConnected stays true. We don't
+                // strictly need to read the response's expiresAt; the Authorizer
+                // applies the same lease deterministically.
+                this.connectedAt = Date.now();
+            }
+            catch (err) {
+                const status = err?.response?.status;
+                // 404 = server has no heartbeat endpoint (older Authorizer). Stop
+                // heartbeating quietly; rely on the timer-based reconnect path.
+                if (status === 404) {
+                    logger_1.logger.info("BrokerConnector: Authorizer has no /heartbeat endpoint, falling back to timer-based reconnect");
+                    this.stopHeartbeat();
+                    return;
+                }
+                consecutiveFailures += 1;
+                logger_1.logger.warn("BrokerConnector: heartbeat failed", {
+                    status, error: err?.message, consecutiveFailures,
+                });
+                if (consecutiveFailures >= 2) {
+                    // Two misses in a row — give up, drop state so next tool call
+                    // re-handshakes. The cert+password are still valid; this is just
+                    // belt-and-suspenders against a wedged session.
+                    this.stopHeartbeat();
+                    this.sessionToken = null;
+                    this.receiverUrl = null;
+                    this.connectedAt = 0;
+                }
+            }
+        }, intervalMs);
+        // Don't keep the Node event loop alive just for heartbeats.
+        if (typeof this.heartbeatTimer.unref === "function")
+            this.heartbeatTimer.unref();
+    }
+    stopHeartbeat() {
+        if (this.heartbeatTimer) {
+            clearInterval(this.heartbeatTimer);
+            this.heartbeatTimer = null;
+        }
+    }
+}
+exports.BrokerConnector = BrokerConnector;
+// ── Shield Client ──────────────────────────────────────────────────────
+class ShieldClient {
+    http;
+    maxRetries;
+    broker = null;
+    httpsAgent;
+    options;
+    mode;
+    constructor(options) {
+        if (!options.broker && !options.directUrl) {
+            throw new errors_1.ShieldError("ShieldClient requires either `broker` (stdio mode) or `directUrl` (http-service mode)");
+        }
+        if (options.broker && options.directUrl) {
+            throw new errors_1.ShieldError("ShieldClient: `broker` and `directUrl` are mutually exclusive");
+        }
+        this.options = options;
+        this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;
+        this.mode = options.broker ? "broker" : "direct";
+        this.httpsAgent = new https.Agent({
+            cert: options.clientCert,
+            key: options.clientKey,
+            ...(options.caCert ? { ca: options.caCert } : {}),
+            rejectUnauthorized: true,
+        });
+        if (this.mode === "broker") {
+            this.broker = new BrokerConnector(options.broker.authorizerUrl, options.broker.serviceId, options.broker.authPassword, this.httpsAgent);
+            // Placeholder; replaced after connect() resolves the Receiver URL.
+            this.http = axios_1.default.create({
+                baseURL: "http://placeholder-will-be-replaced",
+                timeout: options.timeout ?? DEFAULT_TIMEOUT,
+                headers: { "Content-Type": "application/json" },
+            });
+            logger_1.logger.info("ShieldClient: broker mode — will connect through Authorizer → Receiver", {
+                authorizer: options.broker.authorizerUrl,
+                serviceId: options.broker.serviceId,
+            });
+        }
+        else {
+            // Direct mode: talk to Shield API with a service mTLS cert.
+            this.http = axios_1.default.create({
+                baseURL: options.directUrl,
+                timeout: options.timeout ?? DEFAULT_TIMEOUT,
+                httpsAgent: this.httpsAgent,
+                headers: { "Content-Type": "application/json" },
+            });
+            logger_1.logger.info("ShieldClient: direct service mode — mTLS to Shield API", { apiUrl: options.directUrl });
+        }
+    }
+    /** Complete the Broker handshake. No-op in direct mode. */
+    async connect() {
+        if (this.mode === "direct")
+            return;
+        const receiverUrl = await this.broker.connect();
+        // Shield API mounts every public route under /v1 (see
+        // overview/shield-api/routes/index.js line 153: `app.use('/v1', v1)`).
+        // The Receiver forwards paths as-is, so the tool calls below (which use
+        // "/mcp/certs", "/orgs", etc. without a /v1 prefix) need the /v1 here,
+        // not sprinkled on every callsite.
+        //
+        // Strip the ?token=... query string the Authorizer appends before
+        // constructing the baseURL — the axios path e.g. "/orgs" would otherwise
+        // be appended after the query string, producing an invalid URL like
+        // "https://host?token=abc/v1/orgs" instead of "https://host/v1/orgs".
+        //
+        // We extract the token separately and pass it as a default axios `params`
+        // entry so every request reaches the Receiver as e.g. GET /v1/orgs?token=...
+        // This lets the Receiver's Lua authenticate via its token→serviceId Redis
+        // lookup, which is populated by the service_authorization Kafka message sent
+        // immediately before the Manager returns the serviceUrl.  Relying solely on
+        // the certificate fingerprint lookup can race — the Kafka consumer on the
+        // Receiver may not have written the Redis key yet when the first request
+        // arrives.  The token path is the primary auth path for this flow.
+        const [receiverBase, receiverQs] = receiverUrl.split("?");
+        const accessToken = receiverQs ? new URLSearchParams(receiverQs).get("token") : null;
+        const baseURL = `${receiverBase.replace(/\/+$/, "")}/v1`;
+        this.http = axios_1.default.create({
+            baseURL,
+            timeout: this.options.timeout ?? DEFAULT_TIMEOUT,
+            headers: { "Content-Type": "application/json" },
+            httpsAgent: this.httpsAgent,
+            ...(accessToken ? { params: { token: accessToken } } : {}),
+        });
+        logger_1.logger.info("ShieldClient: connected via Broker — all API calls routed through Receiver", {
+            receiverUrl,
+            baseURL,
+            hasToken: !!accessToken,
+        });
+    }
+    get authMethod() {
+        return this.mode;
+    }
+    // ── Generic request with retry ──────────────────────────────────────────
+    async request(method, path, data) {
+        if (this.broker)
+            await this.broker.ensureConnected();
+        let lastError = null;
+        for (let attempt = 1; attempt <= this.maxRetries; attempt++) {
+            try {
+                const response = await this.http.request({ method, url: path, data });
+                return response.data;
+            }
+            catch (err) {
+                const status = err.response?.status;
+                // Broker-only: 401/403 from the Receiver requires special handling.
+                //
+                // 403 on attempt 1 is most likely a race condition: the Manager sends
+                // the service_authorization Kafka message and immediately returns the
+                // serviceUrl; the Receiver's Kafka consumer may not have written the
+                // token→serviceId Redis key before our first request arrives.  Wait
+                // 1 s and retry with the same session — the Redis key will be there.
+                //
+                // 401 on attempt 1 means the Receiver actively rejected our cert/token,
+                // which warrants an immediate reconnect (fresh handshake + new token).
+                //
+                // Any failure on attempt 2+ → propagate as AuthenticationError.
+                if (this.broker && attempt === 1) {
+                    if (status === 403) {
+                        logger_1.logger.warn("BrokerConnector: 403 from Receiver on attempt 1 — waiting for session Redis propagation, retrying", { path });
+                        await new Promise(r => setTimeout(r, 1000));
+                        continue; // retry with same session/token
+                    }
+                    if (status === 401) {
+                        logger_1.logger.warn("BrokerConnector: 401 from Receiver — reconnecting", { path });
+                        const newUrl = await this.broker.reconnect();
+                        // Keep the /v1 suffix and token param in sync with connect().
+                        const [newBase, newQs] = newUrl.split("?");
+                        const newToken = newQs ? new URLSearchParams(newQs).get("token") : null;
+                        this.http = axios_1.default.create({
+                            baseURL: `${newBase.replace(/\/+$/, "")}/v1`,
+                            timeout: this.options.timeout ?? DEFAULT_TIMEOUT,
+                            headers: { "Content-Type": "application/json" },
+                            httpsAgent: this.httpsAgent,
+                            ...(newToken ? { params: { token: newToken } } : {}),
+                        });
+                        continue;
+                    }
+                }
+                if (status === 401 || status === 403)
+                    throw new errors_1.AuthenticationError(err.response?.data?.message);
+                if (status === 404)
+                    throw new errors_1.NotFoundError("Resource", path);
+                if (status === 429)
+                    throw new errors_1.RateLimitError(err.response?.headers?.["retry-after"]);
+                if (status && status >= 400 && status < 500)
+                    throw new errors_1.ShieldError(err.response?.data?.message || err.message, status);
+                lastError = err;
+                if (attempt < this.maxRetries) {
+                    const delay = 2 ** attempt * 1000;
+                    logger_1.logger.debug(`Retry ${attempt}/${this.maxRetries} in ${delay}ms`, { path });
+                    await new Promise(r => setTimeout(r, delay));
+                }
+            }
+        }
+        throw lastError || new errors_1.ShieldError("Request failed after retries");
+    }
+    // ── Operation polling ───────────────────────────────────────────────────
+    async pollOperation(operationId, opts = {}) {
+        const interval = opts.interval ?? 2000;
+        const timeout = opts.timeout ?? 120000;
+        const start = Date.now();
+        while (Date.now() - start < timeout) {
+            const op = await this.request("GET", `/operations/${operationId}`);
+            if (op.status === "completed")
+                return op;
+            if (op.status === "failed")
+                throw new errors_1.ShieldError(op.error || "Operation failed", 500, op);
+            await new Promise(r => setTimeout(r, interval));
+        }
+        throw new errors_1.ShieldError(`Operation ${operationId} timed out after ${timeout}ms`);
+    }
+    // ── MCP Client Certificates (read-only surface) ─────────────────────────
+    // Certificate issuance is an administrator-only action performed through
+    // Overwatch or SysAdmin. The Agent can list and revoke, not issue.
+    //
+    // `issueMcpCert` and `mintSetupToken` are deliberately NOT exposed as MCP
+    // tools — they are lower-level primitives used ONLY by the composite
+    // `bursar_install_agent_remotely` orchestration tool. Exposing them as
+    // standalone tools would defeat the "agents can't mint credentials
+    // unscoped" invariant. If you are tempted to wire either of these into a
+    // new `server.tool(...)` registration, stop and read the commit that
+    // removed `bursar_issue_mcp_cert` first.
+    async listMcpCerts() {
+        return this.request("GET", "/mcp/certs");
+    }
+    async revokeMcpCert(clientName) {
+        return this.request("DELETE", `/mcp/certs/${clientName}`);
+    }
+    /**
+     * Issue a full MCP client certificate bundle. Internal use only —
+     * consumed by bursar_install_agent_remotely's SSH and aws-ssm transports,
+     * which need the key material in-process to ship to the target.
+     *
+     * The returned `key_pem` is SENSITIVE: callers MUST treat it as tainted
+     * and MUST NOT persist it. See bursar_install_agent_remotely §FR-1.
+     */
+    async issueMcpCert(clientName, orgId) {
+        return this.request("POST", "/mcp/certs", { clientName, orgId });
+    }
+    /**
+     * Mint a short-lived single-use setup token bound to {clientName, orgId}.
+     * Consumed by bursar_install_agent_remotely's bootstrap-token transport —
+     * the token is handed to the target, which calls POST /mcp/setup-tokens/redeem
+     * to exchange it for a cert bundle. The private key is returned to the
+     * redeemer; the MCP host holding this call never sees it.
+     *
+     * `expiresIn` accepts a number of seconds or a shorthand like "1h"/"30m".
+     *
+     * `role` ('master' | 'consumer') stamps the role on the token row so the
+     * redeem flow propagates it to the issued McpClient.role, and the redeem
+     * response echoes it back so setup.js can write
+     * ~/.blacksands/mcp-certs/.role for boot-time tool filtering. Defaults
+     * to 'master' on the server side.
+     */
+    async mintSetupToken(clientName, orgId, expiresIn = "1h", role) {
+        const body = { clientName, orgId, expiresIn };
+        if (role)
+            body.role = role;
+        return this.request("POST", "/mcp/setup-tokens", body);
+    }
+    /**
+     * Revoke a pending (unconsumed) setup token by ID. Internal rollback
+     * helper for bursar_install_agent_remotely — NOT exposed as a tool.
+     * A 404 from the server means the token was already consumed or
+     * expired; callers should treat that as success for rollback purposes.
+     */
+    async revokeSetupToken(tokenId) {
+        return this.request("DELETE", `/mcp/setup-tokens/${encodeURIComponent(tokenId)}`);
+    }
+    // ── Install-tool support (bursar_install_agent_remotely only) ──────────
+    // These are rollback/verification primitives. Not exposed as tools.
+    /**
+     * Check whether the named MCP client has completed its first broker
+     * handshake since issuance. Polled by the install orchestrator with
+     * exponential backoff until waitForHandshake timeout.
+     */
+    async getHandshakeStatus(clientName) {
+        return this.request("GET", `/mcp/certs/${encodeURIComponent(clientName)}/handshake`);
+    }
+    /**
+     * Acquire the per-clientName advisory lock. Throws on 409 (conflict).
+     */
+    async acquireInstallLock(clientName, opts = {}) {
+        return this.request("POST", `/mcp/certs/${encodeURIComponent(clientName)}/lock`, opts);
+    }
+    /** Release the advisory lock. Owner-match enforced server-side. */
+    async releaseInstallLock(clientName) {
+        return this.request("DELETE", `/mcp/certs/${encodeURIComponent(clientName)}/lock`);
+    }
+    /** Append an audit row for a bursar_install_agent_remotely invocation. */
+    async recordInstallAudit(row) {
+        return this.request("POST", "/audit/agent-installs", row);
+    }
+    // ── Organizations ───────────────────────────────────────────────────────
+    async createOrg(name, plan) {
+        return this.request("POST", "/orgs", { name, plan });
+    }
+    async getOrg(orgId) {
+        return this.request("GET", `/orgs/${orgId}`);
+    }
+    async listOrgs(page = 1, pageSize = 20) {
+        return this.request("GET", `/orgs?page=${page}&pageSize=${pageSize}`);
+    }
+    // ── Applications ────────────────────────────────────────────────────────
+    async createApp(orgId, name, opts) {
+        // Strip undefined so we don't send empty optional fields the validator may reject.
+        const body = { name };
+        for (const [k, v] of Object.entries(opts ?? {})) {
+            if (v !== undefined)
+                body[k] = v;
+        }
+        return this.request("POST", `/orgs/${orgId}/apps`, body);
+    }
+    async getApp(appId) {
+        return this.request("GET", `/apps/${appId}`);
+    }
+    async listApps(orgId) {
+        return this.request("GET", `/orgs/${orgId}/apps`);
+    }
+    // ── Manifests ───────────────────────────────────────────────────────────
+    async submitManifest(manifest, orgId) {
+        return this.request("POST", "/manifests", { manifest, orgId });
+    }
+    async getManifest(manifestId) {
+        return this.request("GET", `/manifests/${manifestId}`);
+    }
+    async provisionManifest(manifestId) {
+        return this.request("POST", `/manifests/${manifestId}/provision`);
+    }
+    // ── Certificates ────────────────────────────────────────────────────────
+    async listCerts(appId) {
+        return this.request("GET", `/apps/${appId}/certs`);
+    }
+    async rotateCert(appId, certId) {
+        return this.request("POST", `/apps/${appId}/certs/${certId}/rotate`);
+    }
+    async revokeCert(appId, certId, reason) {
+        return this.request("POST", `/apps/${appId}/certs/${certId}/revoke`, { reason });
+    }
+    // ── Endpoints ───────────────────────────────────────────────────────────
+    async listEndpoints(appId) {
+        return this.request("GET", `/apps/${appId}/endpoints`);
+    }
+    // ── Policies ────────────────────────────────────────────────────────────
+    async listPolicies(appId) {
+        return this.request("GET", `/apps/${appId}/policies`);
+    }
+    async createPolicy(appId, name, type, rules) {
+        return this.request("POST", `/apps/${appId}/policies`, { name, type, rules });
+    }
+    // ── DNS (application-level allow/block) ─────────────────────────────────
+    async updateDnsRules(appId, rules) {
+        return this.request("POST", `/apps/${appId}/dns`, { rules });
+    }
+    // ── Verification ────────────────────────────────────────────────────────
+    async triggerVerify(appId, 
+    // Required by the API route's validator; the tool defaults it to 'full'.
+    scanType = "full") {
+        return this.request("POST", "/verify", { appId, scanType });
+    }
+    async getLatestPosture(appId) {
+        return this.request("GET", `/verify/${appId}/latest`);
+    }
+    // ── Compliance ──────────────────────────────────────────────────────────
+    async getComplianceReport(appId, framework) {
+        return this.request("GET", `/apps/${appId}/compliance?framework=${framework}`);
+    }
+    async getComplianceControls(framework) {
+        return this.request("GET", `/compliance/controls/${framework}`);
+    }
+    // ── Sessions ────────────────────────────────────────────────────────────
+    async listSessions(appId) {
+        return this.request("GET", `/apps/${appId}/sessions`);
+    }
+    async revokeSession(appId, sessionId) {
+        return this.request("POST", `/apps/${appId}/sessions/${sessionId}/revoke`);
+    }
+    // ── Lockdown ────────────────────────────────────────────────────────────
+    async emergencyLockdown(appId, reason) {
+        return this.request("POST", `/apps/${appId}/lockdown`, { reason });
+    }
+    async liftLockdown(appId) {
+        return this.request("DELETE", `/apps/${appId}/lockdown`);
+    }
+    // ── Receiver read access (public admin surface) ─────────────────────────
+    async getReceiver(receiverUID) {
+        return this.request("GET", `/mcp/receivers/${receiverUID}`);
+    }
+    async listReceivers(filters) {
+        const params = new URLSearchParams();
+        if (filters?.status)
+            params.set("status", filters.status);
+        if (filters?.organizationId)
+            params.set("organizationId", filters.organizationId);
+        const qs = params.toString();
+        return this.request("GET", `/mcp/receivers${qs ? "?" + qs : ""}`);
+    }
+    async initializeReceiver(installerEmail, organizationId, notes) {
+        return this.request("POST", `/mcp/receivers/initialize`, { installerEmail, organizationId, notes });
+    }
+    async getReceiverStatus(receiverUID) {
+        return this.request("GET", `/mcp/receivers/${receiverUID}/status`);
+    }
+    async activateReceiver(receiverUID) {
+        return this.request("POST", `/mcp/receivers/${receiverUID}/activate`);
+    }
+    async resendReceiverEmail(receiverUID) {
+        return this.request("POST", `/mcp/receivers/${receiverUID}/resend-email`);
+    }
+    async cancelReceiverInit(receiverUID) {
+        return this.request("POST", `/mcp/receivers/${receiverUID}/cancel`);
+    }
+    async getReceiverStatistics() {
+        return this.request("GET", `/mcp/receivers/statistics`);
+    }
+    // ── Receiver services (networking-only onboarding surface) ──────────────
+    async onboardReceiverService(receiverUID, svc) {
+        return this.request("POST", `/mcp/receivers/${receiverUID}/services`, svc);
+    }
+    async removeReceiverService(receiverUID, serviceName) {
+        return this.request("DELETE", `/mcp/receivers/${receiverUID}/services/${encodeURIComponent(serviceName)}`);
+    }
+    async listReceiverServices(receiverUID) {
+        return this.request("GET", `/mcp/receivers/${receiverUID}/services`);
+    }
+    // ── Service lifecycle (F4.12) ───────────────────────────────────────────
+    // pause/resume/disable/status for a receiver-proxied service. pause is a
+    // reversible stop (registration kept); disable is a stronger off-state that
+    // an admin must re-enable; remove (above) deletes the registration entirely.
+    async pauseService(receiverUID, serviceName) {
+        return this.request("POST", `/mcp/receivers/${receiverUID}/services/${encodeURIComponent(serviceName)}/pause`);
+    }
+    async resumeService(receiverUID, serviceName) {
+        return this.request("POST", `/mcp/receivers/${receiverUID}/services/${encodeURIComponent(serviceName)}/resume`);
+    }
+    async disableService(receiverUID, serviceName) {
+        return this.request("POST", `/mcp/receivers/${receiverUID}/services/${encodeURIComponent(serviceName)}/disable`);
+    }
+    async getServiceStatus(receiverUID, serviceName) {
+        return this.request("GET", `/mcp/receivers/${receiverUID}/services/${encodeURIComponent(serviceName)}/status`);
+    }
+}
+exports.ShieldClient = ShieldClient;
+//# sourceMappingURL=client.js.map