@pan-sec/notebooklm-mcp 1.4.0 → 1.6.0

package/dist/compliance/data-inventory.js

@@ -0,0 +1,335 @@
+/**
+ * Data Inventory
+ *
+ * Maintains a registry of all personal data stored by the application.
+ * Supports GDPR Article 30 (Records of Processing Activities).
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import crypto from "crypto";
+import path from "path";
+import fs from "fs";
+import { getConfig } from "../config.js";
+import { mkdirSecure, writeFileSecure } from "../utils/file-permissions.js";
+import { getDataClassifier } from "./data-classification.js";
+import { getComplianceLogger } from "./compliance-logger.js";
+import { DataClassification, } from "./types.js";
+/**
+ * Generate a UUID v4
+ */
+function generateUUID() {
+    return crypto.randomUUID();
+}
+/**
+ * Data Inventory class
+ */
+export class DataInventory {
+    static instance;
+    inventoryFile;
+    entries = new Map();
+    loaded = false;
+    constructor() {
+        const config = getConfig();
+        this.inventoryFile = path.join(config.configDir, "data-inventory.json");
+    }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!DataInventory.instance) {
+            DataInventory.instance = new DataInventory();
+        }
+        return DataInventory.instance;
+    }
+    /**
+     * Load inventory from storage
+     */
+    async load() {
+        if (this.loaded)
+            return;
+        try {
+            if (fs.existsSync(this.inventoryFile)) {
+                const content = fs.readFileSync(this.inventoryFile, "utf-8");
+                const data = JSON.parse(content);
+                if (data.entries && Array.isArray(data.entries)) {
+                    for (const entry of data.entries) {
+                        this.entries.set(entry.id, entry);
+                    }
+                }
+            }
+        }
+        catch {
+            // Start fresh if file is corrupted
+            this.entries = new Map();
+        }
+        // Auto-discover data on first load
+        await this.autoDiscover();
+        this.loaded = true;
+    }
+    /**
+     * Save inventory to storage
+     */
+    async save() {
+        const dir = path.dirname(this.inventoryFile);
+        mkdirSecure(dir);
+        const data = {
+            version: "1.0.0",
+            generated_at: new Date().toISOString(),
+            entries: Array.from(this.entries.values()),
+        };
+        writeFileSecure(this.inventoryFile, JSON.stringify(data, null, 2));
+    }
+    /**
+     * Auto-discover data based on known data types and locations
+     */
+    async autoDiscover() {
+        const config = getConfig();
+        const classifier = getDataClassifier();
+        // Known data locations
+        const dataLocations = [
+            { dataType: "notebook_library", location: path.join(config.configDir, "library.json") },
+            { dataType: "user_settings", location: path.join(config.configDir, "settings.json") },
+            { dataType: "consent_records", location: path.join(config.configDir, "consent.json") },
+            { dataType: "browser_cookies", location: path.join(config.dataDir, "browser_state") },
+            { dataType: "session_state", location: path.join(config.dataDir, "sessions") },
+            { dataType: "audit_logs", location: path.join(config.dataDir, "audit") },
+            { dataType: "compliance_events", location: path.join(config.dataDir, "compliance") },
+            { dataType: "encryption_keys", location: path.join(config.dataDir, "pq-keys.enc") },
+            { dataType: "mcp_auth_token", location: path.join(config.configDir, "auth-token.hash") },
+        ];
+        for (const { dataType, location } of dataLocations) {
+            // Check if we already have an entry for this data type
+            const existingEntry = Array.from(this.entries.values()).find(e => e.data_type === dataType);
+            if (!existingEntry) {
+                const entry = classifier.buildInventoryEntry(dataType, location);
+                if (entry) {
+                    this.entries.set(entry.id, entry);
+                }
+            }
+        }
+    }
+    /**
+     * Register a new data type in the inventory
+     */
+    async register(dataType, storageLocation, options = {}) {
+        await this.load();
+        const classifier = getDataClassifier();
+        const baseEntry = classifier.buildInventoryEntry(dataType, storageLocation);
+        const entry = {
+            id: generateUUID(),
+            data_type: dataType,
+            description: options.description || baseEntry?.description || `Data of type: ${dataType}`,
+            classification: options.classification || baseEntry?.classification || DataClassification.INTERNAL,
+            data_categories: options.dataCategories || baseEntry?.data_categories || [],
+            storage_location: storageLocation,
+            encrypted: options.encrypted ?? baseEntry?.encrypted ?? false,
+            retention_policy: baseEntry?.retention_policy || "30_days",
+            retention_days: options.retentionDays || baseEntry?.retention_days || 30,
+            legal_basis: options.legalBasis || baseEntry?.legal_basis || "legitimate_interest",
+            processing_purposes: baseEntry?.processing_purposes || ["service_provision"],
+            who_can_access: ["owner"],
+            exportable: options.exportable ?? baseEntry?.exportable ?? true,
+            erasable: options.erasable ?? baseEntry?.erasable ?? true,
+            last_updated: new Date().toISOString(),
+        };
+        this.entries.set(entry.id, entry);
+        await this.save();
+        // Log the registration
+        const logger = getComplianceLogger();
+        await logger.log("data_processing", "data_type_registered", { type: "system" }, "success", {
+            resource: { type: dataType },
+            details: { storage_location: storageLocation },
+        });
+        return entry;
+    }
+    /**
+     * Update an existing entry
+     */
+    async update(entryId, updates) {
+        await this.load();
+        const entry = this.entries.get(entryId);
+        if (!entry)
+            return null;
+        const updatedEntry = {
+            ...entry,
+            ...updates,
+            last_updated: new Date().toISOString(),
+        };
+        this.entries.set(entryId, updatedEntry);
+        await this.save();
+        return updatedEntry;
+    }
+    /**
+     * Remove an entry from the inventory
+     */
+    async remove(entryId) {
+        await this.load();
+        if (!this.entries.has(entryId)) {
+            return false;
+        }
+        this.entries.delete(entryId);
+        await this.save();
+        return true;
+    }
+    /**
+     * Get all inventory entries
+     */
+    async getAll() {
+        await this.load();
+        return Array.from(this.entries.values());
+    }
+    /**
+     * Get entry by ID
+     */
+    async getById(entryId) {
+        await this.load();
+        return this.entries.get(entryId) || null;
+    }
+    /**
+     * Get entries by data type
+     */
+    async getByDataType(dataType) {
+        await this.load();
+        return Array.from(this.entries.values()).filter(e => e.data_type === dataType);
+    }
+    /**
+     * Get entries by classification
+     */
+    async getByClassification(classification) {
+        await this.load();
+        return Array.from(this.entries.values()).filter(e => e.classification === classification);
+    }
+    /**
+     * Get entries by data category
+     */
+    async getByCategory(category) {
+        await this.load();
+        return Array.from(this.entries.values()).filter(e => e.data_categories.includes(category));
+    }
+    /**
+     * Get exportable data entries (for GDPR data portability)
+     */
+    async getExportable() {
+        await this.load();
+        return Array.from(this.entries.values()).filter(e => e.exportable);
+    }
+    /**
+     * Get erasable data entries (for GDPR right to erasure)
+     */
+    async getErasable() {
+        await this.load();
+        return Array.from(this.entries.values()).filter(e => e.erasable);
+    }
+    /**
+     * Get personal data entries (for DSAR)
+     */
+    async getPersonalData() {
+        await this.load();
+        return Array.from(this.entries.values()).filter(e => e.data_categories.includes("personal_data") ||
+            e.data_categories.includes("sensitive_data"));
+    }
+    /**
+     * Generate GDPR Article 30 Records of Processing Activities
+     */
+    async generateROPA() {
+        await this.load();
+        const entries = Array.from(this.entries.values());
+        // Collect all unique purposes
+        const purposes = [...new Set(entries.flatMap(e => e.processing_purposes))];
+        // Collect all retention periods
+        const retentionPeriods = entries.map(e => ({
+            data_type: e.data_type,
+            period: typeof e.retention_days === "number"
+                ? `${e.retention_days} days`
+                : e.retention_days,
+        }));
+        return {
+            controller: "Pantheon Security (local processing)",
+            purposes,
+            categories_of_data_subjects: ["Users of NotebookLM MCP Server"],
+            categories_of_personal_data: [
+                ...new Set(entries.flatMap(e => e.data_categories)),
+            ],
+            recipients: ["None - all data is processed locally"],
+            transfers_to_third_countries: ["None"],
+            retention_periods: retentionPeriods,
+            security_measures: [
+                "Post-quantum encryption (ML-KEM-768 + ChaCha20-Poly1305)",
+                "Certificate pinning for external connections",
+                "Memory scrubbing for sensitive data",
+                "Tamper-evident audit logging",
+                "Secure file permissions",
+            ],
+        };
+    }
+    /**
+     * Get inventory summary
+     */
+    async getSummary() {
+        await this.load();
+        const entries = Array.from(this.entries.values());
+        const byClassification = {
+            [DataClassification.PUBLIC]: 0,
+            [DataClassification.INTERNAL]: 0,
+            [DataClassification.CONFIDENTIAL]: 0,
+            [DataClassification.RESTRICTED]: 0,
+            [DataClassification.REGULATED]: 0,
+        };
+        for (const entry of entries) {
+            byClassification[entry.classification]++;
+        }
+        return {
+            total_entries: entries.length,
+            by_classification: byClassification,
+            exportable_count: entries.filter(e => e.exportable).length,
+            erasable_count: entries.filter(e => e.erasable).length,
+            personal_data_count: entries.filter(e => e.data_categories.includes("personal_data")).length,
+            encrypted_count: entries.filter(e => e.encrypted).length,
+        };
+    }
+    /**
+     * Export inventory for compliance reporting
+     */
+    async export() {
+        await this.load();
+        const data = {
+            export_date: new Date().toISOString(),
+            version: "1.0.0",
+            summary: await this.getSummary(),
+            ropa: await this.generateROPA(),
+            entries: Array.from(this.entries.values()),
+        };
+        return JSON.stringify(data, null, 2);
+    }
+}
+// ============================================
+// SINGLETON ACCESS
+// ============================================
+/**
+ * Get the data inventory instance
+ */
+export function getDataInventory() {
+    return DataInventory.getInstance();
+}
+// ============================================
+// CONVENIENCE EXPORTS
+// ============================================
+/**
+ * Get all data inventory entries
+ */
+export async function getAllDataInventory() {
+    return getDataInventory().getAll();
+}
+/**
+ * Get exportable data entries
+ */
+export async function getExportableData() {
+    return getDataInventory().getExportable();
+}
+/**
+ * Get erasable data entries
+ */
+export async function getErasableData() {
+    return getDataInventory().getErasable();
+}
+//# sourceMappingURL=data-inventory.js.map

package/dist/compliance/data-inventory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-inventory.js","sourceRoot":"","sources":["../../src/compliance/data-inventory.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EACL,kBAAkB,GAInB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,SAAS,YAAY;IACnB,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,aAAa;IAChB,MAAM,CAAC,QAAQ,CAAgB;IAC/B,aAAa,CAAS;IACtB,OAAO,GAAoC,IAAI,GAAG,EAAE,CAAC;IACrD,MAAM,GAAY,KAAK,CAAC;IAEhC;QACE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;YAC5B,aAAa,CAAC,QAAQ,GAAG,IAAI,aAAa,EAAE,CAAC;QAC/C,CAAC;QACD,OAAO,aAAa,CAAC,QAAQ,CAAC;IAChC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QAExB,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;gBAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACjC,IAAI,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAChD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;wBACjC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;oBACpC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;YACnC,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;QAC3B,CAAC;QAED,mCAAmC;QACnC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAE1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC7C,WAAW,CAAC,GAAG,CAAC,CAAC;QAEjB,MAAM,IAAI,GAAG;YACX,OAAO,EAAE,OAAO;YAChB,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;SAC3C,CAAC;QAEF,eAAe,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY;QACxB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QAEvC,uBAAuB;QACvB,MAAM,aAAa,GAA6C;YAC9D,EAAE,QAAQ,EAAE,kBAAkB,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE;YACvF,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE;YACrF,EAAE,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE;YACtF,EAAE,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,EAAE;YACrF,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE;YAC9E,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE;YACxE,EAAE,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE;YACpF,EAAE,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,EAAE;YACnF,EAAE,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,iBAAiB,CAAC,EAAE;SACzF,CAAC;QAEF,KAAK,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,aAAa,EAAE,CAAC;YACnD,uDAAuD;YACvD,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAC1D,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,CAC9B,CAAC;YAEF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,MAAM,KAAK,GAAG,UAAU,CAAC,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBACjE,IAAI,KAAK,EAAE,CAAC;oBACV,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,QAAQ,CACnB,QAAgB,EAChB,eAAuB,EACvB,UASI,EAAE;QAEN,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACvC,MAAM,SAAS,GAAG,UAAU,CAAC,mBAAmB,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAE5E,MAAM,KAAK,GAAuB;YAChC,EAAE,EAAE,YAAY,EAAE;YAClB,SAAS,EAAE,QAAQ;YACnB,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,SAAS,EAAE,WAAW,IAAI,iBAAiB,QAAQ,EAAE;YACzF,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,SAAS,EAAE,cAAc,IAAI,kBAAkB,CAAC,QAAQ;YAClG,eAAe,EAAE,OAAO,CAAC,cAAc,IAAI,SAAS,EAAE,eAAe,IAAI,EAAE;YAC3E,gBAAgB,EAAE,eAAe;YACjC,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,SAAS,EAAE,SAAS,IAAI,KAAK;YAC7D,gBAAgB,EAAE,SAAS,EAAE,gBAAgB,IAAI,SAAS;YAC1D,cAAc,EAAE,OAAO,CAAC,aAAa,IAAI,SAAS,EAAE,cAAc,IAAI,EAAE;YACxE,WAAW,EAAE,OAAO,CAAC,UAAU,IAAI,SAAS,EAAE,WAAW,IAAI,qBAAqB;YAClF,mBAAmB,EAAE,SAAS,EAAE,mBAAmB,IAAI,CAAC,mBAAmB,CAAC;YAC5E,cAAc,EAAE,CAAC,OAAO,CAAC;YACzB,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,SAAS,EAAE,UAAU,IAAI,IAAI;YAC/D,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,SAAS,EAAE,QAAQ,IAAI,IAAI;YACzD,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAClC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,uBAAuB;QACvB,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,GAAG,CACd,iBAAiB,EACjB,sBAAsB,EACtB,EAAE,IAAI,EAAE,QAAQ,EAAE,EAClB,SAAS,EACT;YACE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC5B,OAAO,EAAE,EAAE,gBAAgB,EAAE,eAAe,EAAE;SAC/C,CACF,CAAC;QAEF,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CACjB,OAAe,EACf,OAA8D;QAE9D,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,YAAY,GAAuB;YACvC,GAAG,KAAK;YACR,GAAG,OAAO;YACV,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,OAAe;QACjC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM;QACjB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAe;QAClC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CAAC,QAAgB;QACzC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC;IACjF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAAC,cAAkC;QACjE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,cAAc,CAAC,CAAC;IAC5F,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CAAC,QAAsB;QAC/C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAClD,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACrC,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa;QACxB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,WAAW;QACtB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,eAAe;QAC1B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAClD,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,eAAe,CAAC;YAC3C,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAC7C,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY;QAUvB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAElD,8BAA8B;QAC9B,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAE3E,gCAAgC;QAChC,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACzC,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,MAAM,EAAE,OAAO,CAAC,CAAC,cAAc,KAAK,QAAQ;gBAC1C,CAAC,CAAC,GAAG,CAAC,CAAC,cAAc,OAAO;gBAC5B,CAAC,CAAC,CAAC,CAAC,cAAc;SACrB,CAAC,CAAC,CAAC;QAEJ,OAAO;YACL,UAAU,EAAE,sCAAsC;YAClD,QAAQ;YACR,2BAA2B,EAAE,CAAC,gCAAgC,CAAC;YAC/D,2BAA2B,EAAE;gBAC3B,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;aACpD;YACD,UAAU,EAAE,CAAC,sCAAsC,CAAC;YACpD,4BAA4B,EAAE,CAAC,MAAM,CAAC;YACtC,iBAAiB,EAAE,gBAAgB;YACnC,iBAAiB,EAAE;gBACjB,0DAA0D;gBAC1D,8CAA8C;gBAC9C,qCAAqC;gBACrC,8BAA8B;gBAC9B,yBAAyB;aAC1B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU;QAQrB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAElD,MAAM,gBAAgB,GAAuC;YAC3D,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,CAAC,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;YACpC,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;YAClC,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;SAClC,CAAC;QAEF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,gBAAgB,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;QAC3C,CAAC;QAED,OAAO;YACL,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,iBAAiB,EAAE,gBAAgB;YACnC,gBAAgB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM;YAC1D,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM;YACtD,mBAAmB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACtC,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,eAAe,CAAC,CAC5C,CAAC,MAAM;YACR,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM;SACzD,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM;QACjB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,IAAI,GAAG;YACX,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,MAAM,IAAI,CAAC,UAAU,EAAE;YAChC,IAAI,EAAE,MAAM,IAAI,CAAC,YAAY,EAAE;YAC/B,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;SAC3C,CAAC;QAEF,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACvC,CAAC;CACF;AAED,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,aAAa,CAAC,WAAW,EAAE,CAAC;AACrC,CAAC;AAED,+CAA+C;AAC/C,sBAAsB;AACtB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,OAAO,gBAAgB,EAAE,CAAC,MAAM,EAAE,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,OAAO,gBAAgB,EAAE,CAAC,aAAa,EAAE,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,OAAO,gBAAgB,EAAE,CAAC,WAAW,EAAE,CAAC;AAC1C,CAAC"}

package/dist/compliance/dsar-handler.d.ts

@@ -0,0 +1,123 @@
+/**
+ * Data Subject Access Request (DSAR) Handler
+ *
+ * Handles Data Subject Access Requests as required by GDPR Article 15.
+ * Provides users with information about their personal data processing.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import type { DSARResponse } from "./types.js";
+/**
+ * DSAR request record
+ */
+interface DSARRequest {
+    request_id: string;
+    submitted_at: string;
+    type: "access" | "portability" | "erasure" | "rectification" | "restriction" | "objection";
+    status: "pending" | "processing" | "completed" | "rejected";
+    completed_at?: string;
+    response?: DSARResponse;
+    notes?: string;
+}
+/**
+ * DSAR Handler class
+ */
+export declare class DSARHandler {
+    private static instance;
+    private requestsFile;
+    private requests;
+    private loaded;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(): DSARHandler;
+    /**
+     * Load requests from storage
+     */
+    private load;
+    /**
+     * Save requests to storage
+     */
+    private save;
+    /**
+     * Submit a new DSAR
+     */
+    submitRequest(type?: DSARRequest["type"]): Promise<DSARRequest>;
+    /**
+     * Process a DSAR and generate response
+     */
+    processRequest(requestId: string): Promise<DSARResponse | null>;
+    /**
+     * Generate DSAR response
+     */
+    private generateResponse;
+    /**
+     * Get a sample of actual data for DSAR (without sensitive content)
+     */
+    private getDataSample;
+    /**
+     * Format retention period for human readability
+     */
+    private formatRetention;
+    /**
+     * Get request by ID
+     */
+    getRequest(requestId: string): Promise<DSARRequest | null>;
+    /**
+     * Get all requests
+     */
+    getAllRequests(): Promise<DSARRequest[]>;
+    /**
+     * Get pending requests
+     */
+    getPendingRequests(): Promise<DSARRequest[]>;
+    /**
+     * Submit and process a DSAR immediately (for automated systems)
+     */
+    submitAndProcess(type?: DSARRequest["type"]): Promise<DSARResponse>;
+    /**
+     * Get summary response (without full personal data)
+     */
+    getSummaryResponse(): Promise<{
+        data_categories: string[];
+        processing_purposes: string[];
+        legal_bases: string[];
+        available_rights: string[];
+        data_recipients: string[];
+        exportable_data_types: string[];
+        erasable_data_types: string[];
+    }>;
+    /**
+     * Get DSAR statistics
+     */
+    getStatistics(): Promise<{
+        total_requests: number;
+        pending_requests: number;
+        completed_requests: number;
+        by_type: Record<string, number>;
+        average_processing_time_hours?: number;
+    }>;
+}
+/**
+ * Get the DSAR handler instance
+ */
+export declare function getDSARHandler(): DSARHandler;
+/**
+ * Submit a new DSAR
+ */
+export declare function submitDSAR(type?: DSARRequest["type"]): Promise<DSARRequest>;
+/**
+ * Process a DSAR
+ */
+export declare function processDSAR(requestId: string): Promise<DSARResponse | null>;
+/**
+ * Submit and process a DSAR immediately
+ */
+export declare function handleDSAR(type?: DSARRequest["type"]): Promise<DSARResponse>;
+/**
+ * Get DSAR summary response
+ */
+export declare function getDSARSummary(): Promise<ReturnType<DSARHandler["getSummaryResponse"]>>;
+export {};
+//# sourceMappingURL=dsar-handler.d.ts.map

package/dist/compliance/dsar-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dsar-handler.d.ts","sourceRoot":"","sources":["../../src/compliance/dsar-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AASH,OAAO,KAAK,EAAE,YAAY,EAAsB,MAAM,YAAY,CAAC;AASnE;;GAEG;AACH,UAAU,WAAW;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,eAAe,GAAG,aAAa,GAAG,WAAW,CAAC;IAC3F,MAAM,EAAE,SAAS,GAAG,YAAY,GAAG,WAAW,GAAG,UAAU,CAAC;IAC5D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAc;IACrC,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAqB;IACrC,OAAO,CAAC,MAAM,CAAkB;IAEhC,OAAO;IAKP;;OAEG;WACW,WAAW,IAAI,WAAW;IAOxC;;OAEG;YACW,IAAI;IAgBlB;;OAEG;YACW,IAAI;IAalB;;OAEG;IACU,aAAa,CACxB,IAAI,GAAE,WAAW,CAAC,MAAM,CAAY,GACnC,OAAO,CAAC,WAAW,CAAC;IA6BvB;;OAEG;IACU,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAqC5E;;OAEG;YACW,gBAAgB;IA0D9B;;OAEG;YACW,aAAa;IAgE3B;;OAEG;IACH,OAAO,CAAC,eAAe;IAkBvB;;OAEG;IACU,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAKvE;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAKrD;;OAEG;IACU,kBAAkB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAKzD;;OAEG;IACU,gBAAgB,CAC3B,IAAI,GAAE,WAAW,CAAC,MAAM,CAAY,GACnC,OAAO,CAAC,YAAY,CAAC;IAWxB;;OAEG;IACU,kBAAkB,IAAI,OAAO,CAAC;QACzC,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;QAChC,mBAAmB,EAAE,MAAM,EAAE,CAAC;KAC/B,CAAC;IAsBF;;OAEG;IACU,aAAa,IAAI,OAAO,CAAC;QACpC,cAAc,EAAE,MAAM,CAAC;QACvB,gBAAgB,EAAE,MAAM,CAAC;QACzB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAChC,6BAA6B,CAAC,EAAE,MAAM,CAAC;KACxC,CAAC;CA4BH;AAMD;;GAEG;AACH,wBAAgB,cAAc,IAAI,WAAW,CAE5C;AAMD;;GAEG;AACH,wBAAsB,UAAU,CAC9B,IAAI,GAAE,WAAW,CAAC,MAAM,CAAY,GACnC,OAAO,CAAC,WAAW,CAAC,CAEtB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAEjF;AAED;;GAEG;AACH,wBAAsB,UAAU,CAC9B,IAAI,GAAE,WAAW,CAAC,MAAM,CAAY,GACnC,OAAO,CAAC,YAAY,CAAC,CAEvB;AAED;;GAEG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAE7F"}