@pan-sec/notebooklm-mcp 1.4.0 → 1.6.0

package/dist/compliance/policy-docs.d.ts

@@ -0,0 +1,108 @@
+/**
+ * Policy Documentation
+ *
+ * Machine-readable policy documentation for compliance.
+ * Provides structured policies for GDPR, SOC2, and CSSF requirements.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import type { PolicyDocument, PolicyType } from "./types.js";
+/**
+ * Policy Documentation Manager class
+ */
+export declare class PolicyDocManager {
+    private static instance;
+    private policiesFile;
+    private policies;
+    private loaded;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(): PolicyDocManager;
+    /**
+     * Load policies
+     */
+    private load;
+    /**
+     * Save custom policies
+     */
+    private save;
+    /**
+     * Get all policies
+     */
+    getAllPolicies(): Promise<PolicyDocument[]>;
+    /**
+     * Get policy by ID
+     */
+    getPolicy(policyId: string): Promise<PolicyDocument | null>;
+    /**
+     * Get policies by type
+     */
+    getPoliciesByType(type: PolicyType): Promise<PolicyDocument[]>;
+    /**
+     * Get policies by regulation
+     */
+    getPoliciesByRegulation(regulation: string): Promise<PolicyDocument[]>;
+    /**
+     * Get enforced policies
+     */
+    getEnforcedPolicies(): Promise<PolicyDocument[]>;
+    /**
+     * Get policies due for review
+     */
+    getPoliciesDueForReview(): Promise<PolicyDocument[]>;
+    /**
+     * Add or update a custom policy
+     */
+    upsertPolicy(policy: PolicyDocument): Promise<void>;
+    /**
+     * Remove a custom policy
+     */
+    removePolicy(policyId: string): Promise<boolean>;
+    /**
+     * Get policy summary for compliance dashboard
+     */
+    getPolicySummary(): Promise<{
+        total_policies: number;
+        enforced_policies: number;
+        by_type: Record<PolicyType, number>;
+        by_regulation: Record<string, number>;
+        due_for_review: number;
+    }>;
+    /**
+     * Export policies for audit
+     */
+    exportForAudit(): Promise<{
+        exported_at: string;
+        summary: {
+            total_policies: number;
+            enforced_policies: number;
+            by_type: Record<PolicyType, number>;
+            by_regulation: Record<string, number>;
+            due_for_review: number;
+        };
+        policies: PolicyDocument[];
+    }>;
+}
+/**
+ * Get the policy documentation manager instance
+ */
+export declare function getPolicyDocManager(): PolicyDocManager;
+/**
+ * Get all policies
+ */
+export declare function getAllPolicies(): Promise<PolicyDocument[]>;
+/**
+ * Get policy by ID
+ */
+export declare function getPolicy(policyId: string): Promise<PolicyDocument | null>;
+/**
+ * Get policies by regulation
+ */
+export declare function getPoliciesByRegulation(regulation: string): Promise<PolicyDocument[]>;
+/**
+ * Get policy summary
+ */
+export declare function getPolicySummary(): Promise<ReturnType<PolicyDocManager["getPolicySummary"]>>;
+//# sourceMappingURL=policy-docs.d.ts.map

package/dist/compliance/policy-docs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-docs.d.ts","sourceRoot":"","sources":["../../src/compliance/policy-docs.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAkP7D;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAmB;IAC1C,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAA0C;IAC1D,OAAO,CAAC,MAAM,CAAkB;IAEhC,OAAO;IAKP;;OAEG;WACW,WAAW,IAAI,gBAAgB;IAO7C;;OAEG;YACW,IAAI;IA0BlB;;OAEG;YACW,IAAI;IAkBlB;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAKxD;;OAEG;IACU,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAKxE;;OAEG;IACU,iBAAiB,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAK3E;;OAEG;IACU,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAOnF;;OAEG;IACU,mBAAmB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAK7D;;OAEG;IACU,uBAAuB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAUjE;;OAEG;IACU,YAAY,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhE;;OAEG;IACU,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAkB7D;;OAEG;IACU,gBAAgB,IAAI,OAAO,CAAC;QACvC,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACpC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAkCF;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC;QACrC,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE;YACP,cAAc,EAAE,MAAM,CAAC;YACvB,iBAAiB,EAAE,MAAM,CAAC;YAC1B,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YACpC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACtC,cAAc,EAAE,MAAM,CAAC;SACxB,CAAC;QACF,QAAQ,EAAE,cAAc,EAAE,CAAC;KAC5B,CAAC;CAUH;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,gBAAgB,CAEtD;AAMD;;GAEG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC,CAEhE;AAED;;GAEG;AACH,wBAAsB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAEhF;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAE3F;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAElG"}

package/dist/compliance/policy-docs.js

@@ -0,0 +1,464 @@
+/**
+ * Policy Documentation
+ *
+ * Machine-readable policy documentation for compliance.
+ * Provides structured policies for GDPR, SOC2, and CSSF requirements.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import path from "path";
+import fs from "fs";
+import { getConfig } from "../config.js";
+import { mkdirSecure, writeFileSecure } from "../utils/file-permissions.js";
+/**
+ * Default policies
+ */
+const DEFAULT_POLICIES = [
+    {
+        id: "policy_privacy",
+        type: "privacy_policy",
+        version: "1.0.0",
+        effective_date: "2025-01-01",
+        title: "Privacy Policy",
+        description: "Defines how personal data is collected, processed, and protected.",
+        full_text: `
+# Privacy Policy
+
+## 1. Data Controller
+Pantheon Security acts as the data processor. The user is the data controller for their own data.
+
+## 2. Data Collected
+- Browser session data (cookies, local storage)
+- NotebookLM URLs and metadata
+- Query history within sessions
+- Security audit logs
+
+## 3. Purpose of Processing
+- Service provision: Enable NotebookLM access via MCP
+- Session management: Maintain authenticated sessions
+- Security: Audit logging and threat detection
+- Compliance: Regulatory requirements
+
+## 4. Legal Basis
+- Contract: Core service functionality
+- Legitimate Interest: Security logging
+- Legal Obligation: Audit trail retention
+
+## 5. Data Retention
+- Session data: 24 hours
+- Audit logs: 7 years (CSSF requirement)
+- Consent records: 7 years
+
+## 6. Data Subject Rights
+- Access: Request copy of personal data
+- Portability: Export in machine-readable format
+- Erasure: Request deletion of personal data
+- Rectification: Correct inaccurate data
+
+## 7. Security Measures
+- Post-quantum encryption
+- Certificate pinning
+- Memory scrubbing
+- Tamper-evident logging
+    `,
+        regulations: ["GDPR"],
+        data_types: ["personal_data", "session_data", "audit_logs"],
+        enforced: true,
+        enforcement_method: "automatic",
+        last_reviewed: "2025-01-01",
+        next_review: "2026-01-01",
+        approved_by: "Pantheon Security",
+    },
+    {
+        id: "policy_retention",
+        type: "data_retention",
+        version: "1.0.0",
+        effective_date: "2025-01-01",
+        title: "Data Retention Policy",
+        description: "Defines retention periods and disposal procedures for all data types.",
+        full_text: `
+# Data Retention Policy
+
+## 1. Purpose
+Ensure data is retained for appropriate periods and disposed of securely.
+
+## 2. Retention Periods
+
+| Data Type | Retention Period | Reason |
+|-----------|-----------------|--------|
+| Audit logs | 7 years | CSSF Circular 20/750 |
+| Compliance events | 7 years | CSSF Circular 20/750 |
+| Consent records | 7 years | GDPR Article 7 |
+| Session data | 24 hours | Operational necessity |
+| Browser cache | 7 days | Performance |
+| Error logs | 30 days | Troubleshooting |
+
+## 3. Disposal Procedures
+- Audit logs: Archived with integrity verification
+- Session data: Secure deletion (3-pass overwrite)
+- Credentials: Crypto shred (key destruction)
+
+## 4. Exceptions
+- Data involved in legal proceedings: Extended retention
+- Security incidents: Extended retention for investigation
+
+## 5. Review
+This policy is reviewed annually or upon regulatory change.
+    `,
+        regulations: ["GDPR", "CSSF"],
+        data_types: ["audit_logs", "session_data", "credentials"],
+        enforced: true,
+        enforcement_method: "automatic",
+        last_reviewed: "2025-01-01",
+        next_review: "2026-01-01",
+        approved_by: "Pantheon Security",
+    },
+    {
+        id: "policy_access_control",
+        type: "access_control",
+        version: "1.0.0",
+        effective_date: "2025-01-01",
+        title: "Access Control Policy",
+        description: "Defines authentication and authorization requirements.",
+        full_text: `
+# Access Control Policy
+
+## 1. Authentication
+- Token-based MCP authentication (optional, recommended)
+- Rate limiting: 5 failed attempts = 5 minute lockout
+- Session timeout: 8 hours hard limit, 30 minutes inactivity
+
+## 2. Authorization
+- All data is local to the user
+- No multi-user access control required
+- Browser sessions are user-specific
+
+## 3. Password/Token Requirements
+- Minimum 32 bytes of entropy
+- Generated via cryptographically secure random number generator
+
+## 4. Session Management
+- Hard timeout: 8 hours maximum session duration
+- Inactivity timeout: 30 minutes
+- Secure session storage (encrypted)
+
+## 5. Logging
+- All authentication events are logged
+- Failed attempts are tracked for lockout
+- Session lifecycle events recorded
+    `,
+        regulations: ["SOC2"],
+        data_types: ["credentials", "session_data"],
+        enforced: true,
+        enforcement_method: "automatic",
+        last_reviewed: "2025-01-01",
+        next_review: "2026-01-01",
+        approved_by: "Pantheon Security",
+    },
+    {
+        id: "policy_encryption",
+        type: "encryption",
+        version: "1.0.0",
+        effective_date: "2025-01-01",
+        title: "Encryption Policy",
+        description: "Defines encryption standards and key management procedures.",
+        full_text: `
+# Encryption Policy
+
+## 1. Encryption at Rest
+- Algorithm: ML-KEM-768 + ChaCha20-Poly1305 (hybrid post-quantum)
+- Key derivation: HKDF with secure random salt
+- All sensitive data encrypted by default
+
+## 2. Encryption in Transit
+- TLS 1.3 minimum
+- Certificate pinning for Google connections
+- HSTS enforced
+
+## 3. Key Management
+- Keys generated using CSPRNG
+- Keys stored in encrypted format
+- Key rotation: On demand (manual)
+- Key destruction: Secure overwrite (7 passes)
+
+## 4. What's Encrypted
+- Browser cookies and session state
+- Notebook library metadata
+- Audit logs (optional)
+- PQ encryption keys (double encrypted)
+
+## 5. Post-Quantum Readiness
+Hybrid encryption provides protection against:
+- Current classical attacks
+- Future quantum computer attacks
+    `,
+        regulations: ["SOC2", "GDPR"],
+        data_types: ["credentials", "session_data", "notebook_metadata"],
+        enforced: true,
+        enforcement_method: "automatic",
+        last_reviewed: "2025-01-01",
+        next_review: "2026-01-01",
+        approved_by: "Pantheon Security",
+    },
+    {
+        id: "policy_incident_response",
+        type: "incident_response",
+        version: "1.0.0",
+        effective_date: "2025-01-01",
+        title: "Incident Response Policy",
+        description: "Defines procedures for security incident detection and response.",
+        full_text: `
+# Incident Response Policy
+
+## 1. Incident Classification
+- Critical: Data breach, unauthorized access
+- High: Failed encryption, cert pinning violation
+- Medium: Unusual access patterns, mass export
+- Low: Policy violations, configuration errors
+
+## 2. Detection
+- Automated breach detection rules
+- Real-time monitoring of security events
+- Threshold-based alerting
+
+## 3. Response Procedures
+1. Detect: Automated detection via rules
+2. Contain: Block affected patterns/users
+3. Investigate: Root cause analysis
+4. Remediate: Fix underlying issue
+5. Recover: Restore normal operations
+6. Review: Post-incident analysis
+
+## 4. Notification Requirements
+- GDPR: 72 hours for data breaches
+- CSSF: Immediate for significant incidents
+- Internal: Alert on detection
+
+## 5. Documentation
+- All incidents logged with full timeline
+- Actions taken recorded
+- Root cause documented
+- Remediation tracked
+    `,
+        regulations: ["GDPR", "SOC2", "CSSF"],
+        data_types: ["audit_logs", "security_logs"],
+        enforced: true,
+        enforcement_method: "automatic",
+        last_reviewed: "2025-01-01",
+        next_review: "2026-01-01",
+        approved_by: "Pantheon Security",
+    },
+];
+/**
+ * Policy Documentation Manager class
+ */
+export class PolicyDocManager {
+    static instance;
+    policiesFile;
+    policies = new Map();
+    loaded = false;
+    constructor() {
+        const config = getConfig();
+        this.policiesFile = path.join(config.configDir, "policies.json");
+    }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!PolicyDocManager.instance) {
+            PolicyDocManager.instance = new PolicyDocManager();
+        }
+        return PolicyDocManager.instance;
+    }
+    /**
+     * Load policies
+     */
+    async load() {
+        if (this.loaded)
+            return;
+        // Load default policies
+        for (const policy of DEFAULT_POLICIES) {
+            this.policies.set(policy.id, policy);
+        }
+        // Load custom policies
+        try {
+            if (fs.existsSync(this.policiesFile)) {
+                const content = fs.readFileSync(this.policiesFile, "utf-8");
+                const data = JSON.parse(content);
+                if (data.policies && Array.isArray(data.policies)) {
+                    for (const policy of data.policies) {
+                        this.policies.set(policy.id, policy);
+                    }
+                }
+            }
+        }
+        catch {
+            // Use defaults
+        }
+        this.loaded = true;
+    }
+    /**
+     * Save custom policies
+     */
+    async save() {
+        const dir = path.dirname(this.policiesFile);
+        mkdirSecure(dir);
+        // Only save custom policies
+        const customPolicies = Array.from(this.policies.values()).filter(p => !DEFAULT_POLICIES.find(dp => dp.id === p.id));
+        const data = {
+            version: "1.0.0",
+            last_updated: new Date().toISOString(),
+            policies: customPolicies,
+        };
+        writeFileSecure(this.policiesFile, JSON.stringify(data, null, 2));
+    }
+    /**
+     * Get all policies
+     */
+    async getAllPolicies() {
+        await this.load();
+        return Array.from(this.policies.values());
+    }
+    /**
+     * Get policy by ID
+     */
+    async getPolicy(policyId) {
+        await this.load();
+        return this.policies.get(policyId) || null;
+    }
+    /**
+     * Get policies by type
+     */
+    async getPoliciesByType(type) {
+        await this.load();
+        return Array.from(this.policies.values()).filter(p => p.type === type);
+    }
+    /**
+     * Get policies by regulation
+     */
+    async getPoliciesByRegulation(regulation) {
+        await this.load();
+        return Array.from(this.policies.values()).filter(p => p.regulations.includes(regulation));
+    }
+    /**
+     * Get enforced policies
+     */
+    async getEnforcedPolicies() {
+        await this.load();
+        return Array.from(this.policies.values()).filter(p => p.enforced);
+    }
+    /**
+     * Get policies due for review
+     */
+    async getPoliciesDueForReview() {
+        await this.load();
+        const now = new Date();
+        return Array.from(this.policies.values()).filter(p => {
+            const nextReview = new Date(p.next_review);
+            return nextReview <= now;
+        });
+    }
+    /**
+     * Add or update a custom policy
+     */
+    async upsertPolicy(policy) {
+        await this.load();
+        this.policies.set(policy.id, policy);
+        await this.save();
+    }
+    /**
+     * Remove a custom policy
+     */
+    async removePolicy(policyId) {
+        await this.load();
+        // Don't remove default policies
+        if (DEFAULT_POLICIES.find(p => p.id === policyId)) {
+            return false;
+        }
+        if (!this.policies.has(policyId)) {
+            return false;
+        }
+        this.policies.delete(policyId);
+        await this.save();
+        return true;
+    }
+    /**
+     * Get policy summary for compliance dashboard
+     */
+    async getPolicySummary() {
+        await this.load();
+        const policies = Array.from(this.policies.values());
+        const byType = {
+            privacy_policy: 0,
+            data_retention: 0,
+            access_control: 0,
+            encryption: 0,
+            incident_response: 0,
+            acceptable_use: 0,
+        };
+        const byRegulation = {};
+        for (const policy of policies) {
+            byType[policy.type]++;
+            for (const reg of policy.regulations) {
+                byRegulation[reg] = (byRegulation[reg] || 0) + 1;
+            }
+        }
+        const dueForReview = (await this.getPoliciesDueForReview()).length;
+        return {
+            total_policies: policies.length,
+            enforced_policies: policies.filter(p => p.enforced).length,
+            by_type: byType,
+            by_regulation: byRegulation,
+            due_for_review: dueForReview,
+        };
+    }
+    /**
+     * Export policies for audit
+     */
+    async exportForAudit() {
+        const summary = await this.getPolicySummary();
+        const policies = await this.getAllPolicies();
+        return {
+            exported_at: new Date().toISOString(),
+            summary,
+            policies,
+        };
+    }
+}
+// ============================================
+// SINGLETON ACCESS
+// ============================================
+/**
+ * Get the policy documentation manager instance
+ */
+export function getPolicyDocManager() {
+    return PolicyDocManager.getInstance();
+}
+// ============================================
+// CONVENIENCE EXPORTS
+// ============================================
+/**
+ * Get all policies
+ */
+export async function getAllPolicies() {
+    return getPolicyDocManager().getAllPolicies();
+}
+/**
+ * Get policy by ID
+ */
+export async function getPolicy(policyId) {
+    return getPolicyDocManager().getPolicy(policyId);
+}
+/**
+ * Get policies by regulation
+ */
+export async function getPoliciesByRegulation(regulation) {
+    return getPolicyDocManager().getPoliciesByRegulation(regulation);
+}
+/**
+ * Get policy summary
+ */
+export async function getPolicySummary() {
+    return getPolicyDocManager().getPolicySummary();
+}
+//# sourceMappingURL=policy-docs.js.map

package/dist/compliance/policy-docs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-docs.js","sourceRoot":"","sources":["../../src/compliance/policy-docs.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAG5E;;GAEG;AACH,MAAM,gBAAgB,GAAqB;IACzC;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,OAAO;QAChB,cAAc,EAAE,YAAY;QAC5B,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE,mEAAmE;QAChF,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAuCV;QACD,WAAW,EAAE,CAAC,MAAM,CAAC;QACrB,UAAU,EAAE,CAAC,eAAe,EAAE,cAAc,EAAE,YAAY,CAAC;QAC3D,QAAQ,EAAE,IAAI;QACd,kBAAkB,EAAE,WAAW;QAC/B,aAAa,EAAE,YAAY;QAC3B,WAAW,EAAE,YAAY;QACzB,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,OAAO;QAChB,cAAc,EAAE,YAAY;QAC5B,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE,uEAAuE;QACpF,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA4BV;QACD,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;QAC7B,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,aAAa,CAAC;QACzD,QAAQ,EAAE,IAAI;QACd,kBAAkB,EAAE,WAAW;QAC/B,aAAa,EAAE,YAAY;QAC3B,WAAW,EAAE,YAAY;QACzB,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,OAAO;QAChB,cAAc,EAAE,YAAY;QAC5B,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE,wDAAwD;QACrE,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;KA0BV;QACD,WAAW,EAAE,CAAC,MAAM,CAAC;QACrB,UAAU,EAAE,CAAC,aAAa,EAAE,cAAc,CAAC;QAC3C,QAAQ,EAAE,IAAI;QACd,kBAAkB,EAAE,WAAW;QAC/B,aAAa,EAAE,YAAY;QAC3B,WAAW,EAAE,YAAY;QACzB,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,OAAO;QAChB,cAAc,EAAE,YAAY;QAC5B,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE,6DAA6D;QAC1E,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA6BV;QACD,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;QAC7B,UAAU,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,mBAAmB,CAAC;QAChE,QAAQ,EAAE,IAAI;QACd,kBAAkB,EAAE,WAAW;QAC/B,aAAa,EAAE,YAAY;QAC3B,WAAW,EAAE,YAAY;QACzB,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,OAAO;QAChB,cAAc,EAAE,YAAY;QAC5B,KAAK,EAAE,0BAA0B;QACjC,WAAW,EAAE,kEAAkE;QAC/E,SAAS,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAgCV;QACD,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QACrC,UAAU,EAAE,CAAC,YAAY,EAAE,eAAe,CAAC;QAC3C,QAAQ,EAAE,IAAI;QACd,kBAAkB,EAAE,WAAW;QAC/B,aAAa,EAAE,YAAY;QAC3B,WAAW,EAAE,YAAY;QACzB,WAAW,EAAE,mBAAmB;KACjC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,gBAAgB;IACnB,MAAM,CAAC,QAAQ,CAAmB;IAClC,YAAY,CAAS;IACrB,QAAQ,GAAgC,IAAI,GAAG,EAAE,CAAC;IAClD,MAAM,GAAY,KAAK,CAAC;IAEhC;QACE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC;YAC/B,gBAAgB,CAAC,QAAQ,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,gBAAgB,CAAC,QAAQ,CAAC;IACnC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QAExB,wBAAwB;QACxB,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;YACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBACrC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;gBAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACjC,IAAI,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAClD,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACnC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;oBACvC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5C,WAAW,CAAC,GAAG,CAAC,CAAC;QAEjB,4BAA4B;QAC5B,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAC9D,CAAC,CAAC,EAAE,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAClD,CAAC;QAEF,MAAM,IAAI,GAAG;YACX,OAAO,EAAE,OAAO;YAChB,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtC,QAAQ,EAAE,cAAc;SACzB,CAAC;QAEF,eAAe,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc;QACzB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,SAAS,CAAC,QAAgB;QACrC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IAC7C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,iBAAiB,CAAC,IAAgB;QAC7C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACzE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,uBAAuB,CAAC,UAAkB;QACrD,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAC9C,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,CACxC,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB;QAC9B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,uBAAuB;QAClC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAEvB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACnD,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;YAC3C,OAAO,UAAU,IAAI,GAAG,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY,CAAC,MAAsB;QAC9C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACrC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY,CAAC,QAAgB;QACxC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,gCAAgC;QAChC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,EAAE,CAAC;YAClD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC/B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB;QAO3B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAEpD,MAAM,MAAM,GAA+B;YACzC,cAAc,EAAE,CAAC;YACjB,cAAc,EAAE,CAAC;YACjB,cAAc,EAAE,CAAC;YACjB,UAAU,EAAE,CAAC;YACb,iBAAiB,EAAE,CAAC;YACpB,cAAc,EAAE,CAAC;SAClB,CAAC;QAEF,MAAM,YAAY,GAA2B,EAAE,CAAC;QAEhD,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;YAC9B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACrC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,MAAM,IAAI,CAAC,uBAAuB,EAAE,CAAC,CAAC,MAAM,CAAC;QAEnE,OAAO;YACL,cAAc,EAAE,QAAQ,CAAC,MAAM;YAC/B,iBAAiB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM;YAC1D,OAAO,EAAE,MAAM;YACf,aAAa,EAAE,YAAY;YAC3B,cAAc,EAAE,YAAY;SAC7B,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc;QAWzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE7C,OAAO;YACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,OAAO;YACP,QAAQ;SACT,CAAC;IACJ,CAAC;CACF;AAED,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,gBAAgB,CAAC,WAAW,EAAE,CAAC;AACxC,CAAC;AAED,+CAA+C;AAC/C,sBAAsB;AACtB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,OAAO,mBAAmB,EAAE,CAAC,cAAc,EAAE,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,QAAgB;IAC9C,OAAO,mBAAmB,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,UAAkB;IAC9D,OAAO,mBAAmB,EAAE,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,OAAO,mBAAmB,EAAE,CAAC,gBAAgB,EAAE,CAAC;AAClD,CAAC"}

package/dist/compliance/privacy-notice-text.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Privacy Notice Text Content
+ *
+ * Contains the privacy notice content for display to users.
+ * Structured for GDPR compliance (Articles 13/14).
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import type { PrivacyNotice } from "./types.js";
+/**
+ * Current privacy notice version
+ */
+export declare const PRIVACY_NOTICE_VERSION = "1.0.0";
+/**
+ * Full privacy notice content
+ */
+export declare const PRIVACY_NOTICE: PrivacyNotice;
+/**
+ * CLI-formatted privacy notice for terminal display
+ */
+export declare function getPrivacyNoticeCLI(): string;
+/**
+ * Compact privacy notice for JSON responses
+ */
+export declare function getPrivacyNoticeCompact(): {
+    version: string;
+    summary: string;
+    data_collected: string[];
+    purposes: string[];
+    rights: string[];
+    full_notice_url: string;
+};
+/**
+ * Get structured privacy notice for MCP tool response
+ */
+export declare function getPrivacyNoticeStructured(): {
+    version: string;
+    effective_date: string;
+    data_controller: string;
+    data_collected: string[];
+    purposes: string[];
+    legal_basis: string[];
+    retention: string;
+    rights: string[];
+    contact: string;
+};
+/**
+ * Get data processing agreement summary
+ */
+export declare function getProcessingAgreement(): {
+    version: string;
+    processor: string;
+    sub_processors: string[];
+    data_location: string;
+    security_measures: string[];
+    breach_notification: string;
+};
+//# sourceMappingURL=privacy-notice-text.d.ts.map

package/dist/compliance/privacy-notice-text.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"privacy-notice-text.d.ts","sourceRoot":"","sources":["../../src/compliance/privacy-notice-text.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD;;GAEG;AACH,eAAO,MAAM,sBAAsB,UAAU,CAAC;AAE9C;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,aAkE5B,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CAgC5C;AAED;;GAEG;AACH,wBAAgB,uBAAuB,IAAI;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;CACzB,CAUA;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI;IAC5C,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB,CAYA;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;CAC7B,CAiBA"}