@pan-sec/notebooklm-mcp 1.4.0 → 1.6.0

package/dist/compliance/compliance-logger.js

@@ -0,0 +1,425 @@
+/**
+ * Compliance Logger
+ *
+ * Structured logging for compliance events, separate from operational audit logs.
+ * Implements hash-chaining for tamper detection and supports 7-year retention (CSSF).
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import crypto from "crypto";
+import path from "path";
+import fs from "fs";
+import { mkdirSecure, appendFileSecure } from "../utils/file-permissions.js";
+import { getConfig } from "../config.js";
+/**
+ * Generate a UUID v4
+ */
+function generateUUID() {
+    return crypto.randomUUID();
+}
+/**
+ * Compute SHA-256 hash
+ */
+function computeHash(data) {
+    return crypto.createHash("sha256").update(data).digest("hex");
+}
+/**
+ * Mask IP address (zero last octet for privacy)
+ */
+function maskIP(ip) {
+    if (!ip)
+        return "";
+    // IPv4
+    if (ip.includes(".")) {
+        const parts = ip.split(".");
+        if (parts.length === 4) {
+            parts[3] = "0";
+            return parts.join(".");
+        }
+    }
+    // IPv6 - mask last segment
+    if (ip.includes(":")) {
+        const parts = ip.split(":");
+        if (parts.length > 0) {
+            parts[parts.length - 1] = "0";
+            return parts.join(":");
+        }
+    }
+    return ip;
+}
+/**
+ * Compliance Logger class
+ */
+export class ComplianceLogger {
+    static instance;
+    complianceDir;
+    enabled;
+    retentionYears;
+    lastHash = "0".repeat(64); // Genesis hash
+    constructor() {
+        const config = getConfig();
+        const envEnabled = process.env.NLMCP_COMPLIANCE_ENABLED;
+        this.enabled = envEnabled !== undefined
+            ? envEnabled.toLowerCase() === "true"
+            : true; // Enabled by default
+        this.complianceDir = process.env.NLMCP_COMPLIANCE_DIR ||
+            path.join(config.dataDir, "compliance");
+        this.retentionYears = parseInt(process.env.NLMCP_COMPLIANCE_RETENTION_YEARS || "7", 10);
+        if (this.enabled) {
+            this.ensureComplianceDir();
+            this.loadLastHash();
+        }
+    }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!ComplianceLogger.instance) {
+            ComplianceLogger.instance = new ComplianceLogger();
+        }
+        return ComplianceLogger.instance;
+    }
+    /**
+     * Ensure compliance directory exists
+     */
+    ensureComplianceDir() {
+        mkdirSecure(this.complianceDir);
+    }
+    /**
+     * Get the current log file path (monthly rotation)
+     */
+    getLogFilePath() {
+        const now = new Date();
+        const year = now.getFullYear();
+        const month = String(now.getMonth() + 1).padStart(2, "0");
+        return path.join(this.complianceDir, `events-${year}-${month}.jsonl`);
+    }
+    /**
+     * Load the last hash from the current log file
+     */
+    loadLastHash() {
+        try {
+            const logPath = this.getLogFilePath();
+            if (fs.existsSync(logPath)) {
+                const content = fs.readFileSync(logPath, "utf-8");
+                const lines = content.trim().split("\n").filter(line => line);
+                if (lines.length > 0) {
+                    const lastLine = lines[lines.length - 1];
+                    const lastEvent = JSON.parse(lastLine);
+                    this.lastHash = lastEvent.hash;
+                }
+            }
+        }
+        catch {
+            // If we can't read the hash, start fresh
+            this.lastHash = "0".repeat(64);
+        }
+    }
+    /**
+     * Create a compliance event
+     */
+    createEvent(category, eventType, actor, outcome, options = {}) {
+        const timestamp = new Date().toISOString();
+        const event = {
+            id: generateUUID(),
+            timestamp,
+            category,
+            event_type: eventType,
+            actor: {
+                type: actor.type || "system",
+                id: actor.id,
+                ip: actor.ip ? maskIP(actor.ip) : undefined,
+            },
+            resource: options.resource,
+            details: options.details,
+            legal_basis: options.legalBasis,
+            data_categories: options.dataCategories,
+            retention_days: options.retentionDays || this.retentionYears * 365,
+            outcome,
+            failure_reason: options.failureReason,
+            hash: "", // Will be computed
+            previous_hash: this.lastHash,
+        };
+        // Compute hash (exclude hash field itself)
+        const hashInput = JSON.stringify({
+            ...event,
+            hash: undefined,
+        });
+        event.hash = computeHash(hashInput);
+        this.lastHash = event.hash;
+        return event;
+    }
+    /**
+     * Write event to log file
+     */
+    async writeEvent(event) {
+        if (!this.enabled)
+            return;
+        const logPath = this.getLogFilePath();
+        const line = JSON.stringify(event) + "\n";
+        appendFileSecure(logPath, line);
+    }
+    /**
+     * Log a compliance event
+     */
+    async log(category, eventType, actor, outcome, options = {}) {
+        const event = this.createEvent(category, eventType, actor, outcome, options);
+        await this.writeEvent(event);
+        return event;
+    }
+    // ============================================
+    // CONVENIENCE METHODS
+    // ============================================
+    /**
+     * Log consent event
+     */
+    async logConsent(action, actor, purposes, success, details) {
+        return this.log("consent", `consent_${action}`, actor, success ? "success" : "failure", {
+            details: { ...details, purposes },
+            legalBasis: "consent",
+        });
+    }
+    /**
+     * Log data access event
+     */
+    async logDataAccess(action, actor, dataType, success, details) {
+        return this.log("data_access", `data_${action}`, actor, success ? "success" : "failure", {
+            resource: { type: dataType },
+            details,
+        });
+    }
+    /**
+     * Log data export event (GDPR Article 20)
+     */
+    async logDataExport(actor, dataTypes, success, details) {
+        return this.log("data_export", "data_portability_export", actor, success ? "success" : "failure", {
+            details: { ...details, data_types: dataTypes },
+            legalBasis: "consent",
+        });
+    }
+    /**
+     * Log data deletion event (GDPR Article 17)
+     */
+    async logDataDeletion(actor, dataType, itemCount, success, details) {
+        return this.log("data_deletion", "erasure_completed", actor, success ? "success" : "failure", {
+            resource: { type: dataType },
+            details: { ...details, items_deleted: itemCount },
+        });
+    }
+    /**
+     * Log security incident
+     */
+    async logSecurityIncident(incidentType, severity, details) {
+        return this.log("security_incident", incidentType, { type: "system" }, "success", {
+            details: { ...details, severity },
+        });
+    }
+    /**
+     * Log policy change
+     */
+    async logPolicyChange(setting, oldValue, newValue, changedBy) {
+        return this.log("policy_change", "configuration_changed", { type: changedBy }, "success", {
+            resource: { type: "configuration", id: setting },
+            details: { old_value: oldValue, new_value: newValue },
+        });
+    }
+    /**
+     * Log access control event
+     */
+    async logAccessControl(action, actor, success, details) {
+        return this.log("access_control", action, actor, success ? "success" : "failure", { details });
+    }
+    /**
+     * Log retention event
+     */
+    async logRetention(action, dataType, itemCount, details) {
+        return this.log("retention", `retention_${action}`, { type: "system" }, "success", {
+            resource: { type: dataType },
+            details: { ...details, items_affected: itemCount },
+        });
+    }
+    /**
+     * Log breach notification
+     */
+    async logBreach(breachType, severity, notificationSent, details) {
+        return this.log("breach", breachType, { type: "system" }, "success", {
+            details: {
+                ...details,
+                severity,
+                notification_sent: notificationSent,
+            },
+        });
+    }
+    // ============================================
+    // RETRIEVAL METHODS
+    // ============================================
+    /**
+     * Get events by category
+     */
+    async getEvents(category, from, to, limit = 100) {
+        if (!this.enabled)
+            return [];
+        const events = [];
+        const files = this.getLogFiles();
+        for (const file of files) {
+            try {
+                const content = fs.readFileSync(file, "utf-8");
+                const lines = content.trim().split("\n").filter(line => line);
+                for (const line of lines) {
+                    const event = JSON.parse(line);
+                    // Filter by category
+                    if (category && event.category !== category)
+                        continue;
+                    // Filter by date range
+                    const eventDate = new Date(event.timestamp);
+                    if (from && eventDate < from)
+                        continue;
+                    if (to && eventDate > to)
+                        continue;
+                    events.push(event);
+                    if (events.length >= limit)
+                        break;
+                }
+                if (events.length >= limit)
+                    break;
+            }
+            catch {
+                // Skip corrupted files
+            }
+        }
+        return events;
+    }
+    /**
+     * Get log files sorted by date (newest first)
+     */
+    getLogFiles() {
+        if (!fs.existsSync(this.complianceDir))
+            return [];
+        const files = fs.readdirSync(this.complianceDir)
+            .filter(f => f.startsWith("events-") && f.endsWith(".jsonl"))
+            .map(f => path.join(this.complianceDir, f))
+            .sort()
+            .reverse();
+        return files;
+    }
+    /**
+     * Verify hash chain integrity
+     */
+    async verifyIntegrity() {
+        if (!this.enabled) {
+            return { valid: true, totalEvents: 0, validEvents: 0 };
+        }
+        let totalEvents = 0;
+        let validEvents = 0;
+        let expectedHash = "0".repeat(64);
+        let lastValidEventId;
+        let firstInvalidEventId;
+        const files = this.getLogFiles().reverse(); // Oldest first
+        for (const file of files) {
+            try {
+                const content = fs.readFileSync(file, "utf-8");
+                const lines = content.trim().split("\n").filter(line => line);
+                for (const line of lines) {
+                    totalEvents++;
+                    const event = JSON.parse(line);
+                    // Verify previous hash link
+                    if (event.previous_hash !== expectedHash) {
+                        if (!firstInvalidEventId) {
+                            firstInvalidEventId = event.id;
+                        }
+                        continue;
+                    }
+                    // Verify event hash
+                    const hashInput = JSON.stringify({
+                        ...event,
+                        hash: undefined,
+                    });
+                    const computedHash = computeHash(hashInput);
+                    if (computedHash !== event.hash) {
+                        if (!firstInvalidEventId) {
+                            firstInvalidEventId = event.id;
+                        }
+                        continue;
+                    }
+                    validEvents++;
+                    lastValidEventId = event.id;
+                    expectedHash = event.hash;
+                }
+            }
+            catch {
+                // Skip corrupted files
+            }
+        }
+        return {
+            valid: validEvents === totalEvents,
+            lastValidEvent: lastValidEventId,
+            firstInvalidEvent: firstInvalidEventId,
+            totalEvents,
+            validEvents,
+        };
+    }
+    /**
+     * Get compliance log statistics
+     */
+    async getStats() {
+        const stats = {
+            enabled: this.enabled,
+            retentionYears: this.retentionYears,
+            complianceDir: this.complianceDir,
+            logFileCount: 0,
+            totalEvents: 0,
+            eventsByCategory: {
+                consent: 0,
+                data_access: 0,
+                data_export: 0,
+                data_deletion: 0,
+                data_processing: 0,
+                security_incident: 0,
+                policy_change: 0,
+                access_control: 0,
+                retention: 0,
+                breach: 0,
+            },
+        };
+        if (!this.enabled)
+            return stats;
+        const files = this.getLogFiles();
+        stats.logFileCount = files.length;
+        for (const file of files) {
+            try {
+                const content = fs.readFileSync(file, "utf-8");
+                const lines = content.trim().split("\n").filter(line => line);
+                for (const line of lines) {
+                    stats.totalEvents++;
+                    const event = JSON.parse(line);
+                    if (event.category in stats.eventsByCategory) {
+                        stats.eventsByCategory[event.category]++;
+                    }
+                }
+            }
+            catch {
+                // Skip corrupted files
+            }
+        }
+        return stats;
+    }
+}
+// ============================================
+// SINGLETON ACCESS
+// ============================================
+/**
+ * Get the compliance logger instance
+ */
+export function getComplianceLogger() {
+    return ComplianceLogger.getInstance();
+}
+// ============================================
+// CONVENIENCE EXPORTS
+// ============================================
+/**
+ * Log a compliance event (convenience function)
+ */
+export async function logComplianceEvent(category, eventType, actor, outcome, options) {
+    return getComplianceLogger().log(category, eventType, actor, outcome, options);
+}
+//# sourceMappingURL=compliance-logger.js.map

package/dist/compliance/compliance-logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-logger.js","sourceRoot":"","sources":["../../src/compliance/compliance-logger.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAC7E,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAUzC;;GAEG;AACH,SAAS,YAAY;IACnB,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,SAAS,MAAM,CAAC,EAAU;IACxB,IAAI,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC;IAEnB,OAAO;IACP,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;YACf,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,gBAAgB;IACnB,MAAM,CAAC,QAAQ,CAAmB;IAClC,aAAa,CAAS;IACtB,OAAO,CAAU;IACjB,cAAc,CAAS;IACvB,QAAQ,GAAW,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe;IAE1D;QACE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;QAExD,IAAI,CAAC,OAAO,GAAG,UAAU,KAAK,SAAS;YACrC,CAAC,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,MAAM;YACrC,CAAC,CAAC,IAAI,CAAC,CAAC,qBAAqB;QAE/B,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;YACnD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAE1C,IAAI,CAAC,cAAc,GAAG,QAAQ,CAC5B,OAAO,CAAC,GAAG,CAAC,gCAAgC,IAAI,GAAG,EACnD,EAAE,CACH,CAAC;QAEF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC3B,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC;YAC/B,gBAAgB,CAAC,QAAQ,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,gBAAgB,CAAC,QAAQ,CAAC;IACnC,CAAC;IAED;;OAEG;IACK,mBAAmB;QACzB,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,UAAU,IAAI,IAAI,KAAK,QAAQ,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACK,YAAY;QAClB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACtC,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBAClD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;gBAC9D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oBACzC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAoB,CAAC;oBAC1D,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC;gBACjC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;YACzC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW,CACjB,QAAiC,EACjC,SAAiB,EACjB,KAA+B,EAC/B,OAA0C,EAC1C,UAOI,EAAE;QAEN,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAE3C,MAAM,KAAK,GAAoB;YAC7B,EAAE,EAAE,YAAY,EAAE;YAClB,SAAS;YACT,QAAQ;YACR,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE;gBACL,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,QAAQ;gBAC5B,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;aAC5C;YACD,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,WAAW,EAAE,OAAO,CAAC,UAAU;YAC/B,eAAe,EAAE,OAAO,CAAC,cAAc;YACvC,cAAc,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC,cAAc,GAAG,GAAG;YAClE,OAAO;YACP,cAAc,EAAE,OAAO,CAAC,aAAa;YACrC,IAAI,EAAE,EAAE,EAAE,mBAAmB;YAC7B,aAAa,EAAE,IAAI,CAAC,QAAQ;SAC7B,CAAC;QAEF,2CAA2C;QAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;YAC/B,GAAG,KAAK;YACR,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC;QAE3B,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,KAAsB;QAC7C,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAE1B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;QAC1C,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,GAAG,CACd,QAAiC,EACjC,SAAiB,EACjB,KAA+B,EAC/B,OAA0C,EAC1C,UAOI,EAAE;QAEN,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC7E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+CAA+C;IAC/C,sBAAsB;IACtB,+CAA+C;IAE/C;;OAEG;IACI,KAAK,CAAC,UAAU,CACrB,MAAyC,EACzC,KAA+B,EAC/B,QAAkB,EAClB,OAAgB,EAChB,OAAiC;QAEjC,OAAO,IAAI,CAAC,GAAG,CACb,SAAS,EACT,WAAW,MAAM,EAAE,EACnB,KAAK,EACL,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,EAC/B;YACE,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,QAAQ,EAAE;YACjC,UAAU,EAAE,SAAS;SACtB,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CACxB,MAAgD,EAChD,KAA+B,EAC/B,QAAgB,EAChB,OAAgB,EAChB,OAAiC;QAEjC,OAAO,IAAI,CAAC,GAAG,CACb,aAAa,EACb,QAAQ,MAAM,EAAE,EAChB,KAAK,EACL,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,EAC/B;YACE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC5B,OAAO;SACR,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CACxB,KAA+B,EAC/B,SAAmB,EACnB,OAAgB,EAChB,OAAiC;QAEjC,OAAO,IAAI,CAAC,GAAG,CACb,aAAa,EACb,yBAAyB,EACzB,KAAK,EACL,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,EAC/B;YACE,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE;YAC9C,UAAU,EAAE,SAAS;SACtB,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,eAAe,CAC1B,KAA+B,EAC/B,QAAgB,EAChB,SAAiB,EACjB,OAAgB,EAChB,OAAiC;QAEjC,OAAO,IAAI,CAAC,GAAG,CACb,eAAe,EACf,mBAAmB,EACnB,KAAK,EACL,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,EAC/B;YACE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC5B,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE;SAClD,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAC9B,YAAoB,EACpB,QAAgD,EAChD,OAAgC;QAEhC,OAAO,IAAI,CAAC,GAAG,CACb,mBAAmB,EACnB,YAAY,EACZ,EAAE,IAAI,EAAE,QAAQ,EAAE,EAClB,SAAS,EACT;YACE,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,QAAQ,EAAE;SAClC,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,eAAe,CAC1B,OAAe,EACf,QAAiB,EACjB,QAAiB,EACjB,SAAsC;QAEtC,OAAO,IAAI,CAAC,GAAG,CACb,eAAe,EACf,uBAAuB,EACvB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,SAAS,EACT;YACE,QAAQ,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,EAAE,EAAE,OAAO,EAAE;YAChD,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE;SACtD,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB,CAC3B,MAAyD,EACzD,KAA+B,EAC/B,OAAgB,EAChB,OAAiC;QAEjC,OAAO,IAAI,CAAC,GAAG,CACb,gBAAgB,EAChB,MAAM,EACN,KAAK,EACL,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,EAC/B,EAAE,OAAO,EAAE,CACZ,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY,CACvB,MAAwC,EACxC,QAAgB,EAChB,SAAiB,EACjB,OAAiC;QAEjC,OAAO,IAAI,CAAC,GAAG,CACb,WAAW,EACX,aAAa,MAAM,EAAE,EACrB,EAAE,IAAI,EAAE,QAAQ,EAAE,EAClB,SAAS,EACT;YACE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC5B,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE;SACnD,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,SAAS,CACpB,UAAkB,EAClB,QAAgD,EAChD,gBAAyB,EACzB,OAAgC;QAEhC,OAAO,IAAI,CAAC,GAAG,CACb,QAAQ,EACR,UAAU,EACV,EAAE,IAAI,EAAE,QAAQ,EAAE,EAClB,SAAS,EACT;YACE,OAAO,EAAE;gBACP,GAAG,OAAO;gBACV,QAAQ;gBACR,iBAAiB,EAAE,gBAAgB;aACpC;SACF,CACF,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,oBAAoB;IACpB,+CAA+C;IAE/C;;OAEG;IACI,KAAK,CAAC,SAAS,CACpB,QAAkC,EAClC,IAAW,EACX,EAAS,EACT,QAAgB,GAAG;QAEnB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QAE7B,MAAM,MAAM,GAAsB,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;gBAE9D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;oBAElD,qBAAqB;oBACrB,IAAI,QAAQ,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ;wBAAE,SAAS;oBAEtD,uBAAuB;oBACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;oBAC5C,IAAI,IAAI,IAAI,SAAS,GAAG,IAAI;wBAAE,SAAS;oBACvC,IAAI,EAAE,IAAI,SAAS,GAAG,EAAE;wBAAE,SAAS;oBAEnC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAEnB,IAAI,MAAM,CAAC,MAAM,IAAI,KAAK;wBAAE,MAAM;gBACpC,CAAC;gBAED,IAAI,MAAM,CAAC,MAAM,IAAI,KAAK;oBAAE,MAAM;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC;YAAE,OAAO,EAAE,CAAC;QAElD,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC;aAC7C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;aAC5D,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;aAC1C,IAAI,EAAE;aACN,OAAO,EAAE,CAAC;QAEb,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,eAAe;QAO1B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC;QACzD,CAAC;QAED,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,gBAAoC,CAAC;QACzC,IAAI,mBAAuC,CAAC;QAE5C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,eAAe;QAE3D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;gBAE9D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,WAAW,EAAE,CAAC;oBACd,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;oBAElD,4BAA4B;oBAC5B,IAAI,KAAK,CAAC,aAAa,KAAK,YAAY,EAAE,CAAC;wBACzC,IAAI,CAAC,mBAAmB,EAAE,CAAC;4BACzB,mBAAmB,GAAG,KAAK,CAAC,EAAE,CAAC;wBACjC,CAAC;wBACD,SAAS;oBACX,CAAC;oBAED,oBAAoB;oBACpB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;wBAC/B,GAAG,KAAK;wBACR,IAAI,EAAE,SAAS;qBAChB,CAAC,CAAC;oBACH,MAAM,YAAY,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;oBAE5C,IAAI,YAAY,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC;wBAChC,IAAI,CAAC,mBAAmB,EAAE,CAAC;4BACzB,mBAAmB,GAAG,KAAK,CAAC,EAAE,CAAC;wBACjC,CAAC;wBACD,SAAS;oBACX,CAAC;oBAED,WAAW,EAAE,CAAC;oBACd,gBAAgB,GAAG,KAAK,CAAC,EAAE,CAAC;oBAC5B,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;gBAC5B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,WAAW,KAAK,WAAW;YAClC,cAAc,EAAE,gBAAgB;YAChC,iBAAiB,EAAE,mBAAmB;YACtC,WAAW;YACX,WAAW;SACZ,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,QAAQ;QAQnB,MAAM,KAAK,GAOP;YACF,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,YAAY,EAAE,CAAC;YACf,WAAW,EAAE,CAAC;YACd,gBAAgB,EAAE;gBAChB,OAAO,EAAE,CAAC;gBACV,WAAW,EAAE,CAAC;gBACd,WAAW,EAAE,CAAC;gBACd,aAAa,EAAE,CAAC;gBAChB,eAAe,EAAE,CAAC;gBAClB,iBAAiB,EAAE,CAAC;gBACpB,aAAa,EAAE,CAAC;gBAChB,cAAc,EAAE,CAAC;gBACjB,SAAS,EAAE,CAAC;gBACZ,MAAM,EAAE,CAAC;aACV;SACF,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAEhC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,KAAK,CAAC,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC;QAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;gBAE9D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,KAAK,CAAC,WAAW,EAAE,CAAC;oBACpB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;oBAClD,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;wBAC7C,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC3C,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,gBAAgB,CAAC,WAAW,EAAE,CAAC;AACxC,CAAC;AAED,+CAA+C;AAC/C,sBAAsB;AACtB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,QAAiC,EACjC,SAAiB,EACjB,KAA+B,EAC/B,OAA0C,EAC1C,OAOC;IAED,OAAO,mBAAmB,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACjF,CAAC"}

package/dist/compliance/compliance-tools.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Compliance MCP Tools
+ *
+ * Exposes compliance features as MCP tools for Claude integration.
+ * Provides structured access to compliance dashboard, reports, and evidence.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import type { Tool, TextContent } from "@modelcontextprotocol/sdk/types.js";
+/**
+ * Tool definitions for compliance features
+ */
+export declare function getComplianceTools(): Tool[];
+/**
+ * Handle compliance tool calls
+ */
+export declare function handleComplianceToolCall(toolName: string, args: Record<string, unknown>): Promise<TextContent[]>;
+//# sourceMappingURL=compliance-tools.d.ts.map

package/dist/compliance/compliance-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-tools.d.ts","sourceRoot":"","sources":["../../src/compliance/compliance-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AAc5E;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,EAAE,CAuU3C;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,OAAO,CAAC,WAAW,EAAE,CAAC,CAkExB"}