@pan-sec/notebooklm-mcp 1.4.0 → 1.7.0

package/README.md

@@ -4,13 +4,16 @@
 
 **Zero-hallucination answers from NotebookLM — now with enterprise-grade security**
 
+[![npm](https://img.shields.io/npm/v/@pan-sec/notebooklm-mcp?color=blue)](https://www.npmjs.com/package/@pan-sec/notebooklm-mcp)
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.x-blue.svg)](https://www.typescriptlang.org/)
 [![MCP](https://img.shields.io/badge/MCP-2025-green.svg)](https://modelcontextprotocol.io/)
+[![Platform](https://img.shields.io/badge/Platform-Linux%20%7C%20macOS%20%7C%20Windows-lightgrey.svg)](#cross-platform-support)
 [![Security](https://img.shields.io/badge/Security-14%20Layers-red.svg)](./SECURITY.md)
 [![Post-Quantum](https://img.shields.io/badge/Encryption-Post--Quantum-purple.svg)](./SECURITY.md#post-quantum-encryption)
+[![Compliance](https://img.shields.io/badge/Compliance-GDPR%20%7C%20SOC2%20%7C%20CSSF-blue.svg)](./docs/COMPLIANCE-SPEC.md)
 [![Tests](https://img.shields.io/badge/Tests-111%20Passing-brightgreen.svg)](./tests/)
 
-[Security Features](#security-features) • [Installation](#installation) • [Quick Start](#quick-start) • [Why This Fork?](#why-this-fork) • [Documentation](./SECURITY.md)
+[Security Features](#security-features) • [Compliance](#enterprise-compliance-v160) • [Installation](#installation) • [Quick Start](#quick-start) • [Why This Fork?](#why-this-fork) • [Documentation](./SECURITY.md)
 
 </div>
 
@@ -46,6 +49,7 @@ This fork adds **14 security hardening layers** to protect that data.
 | 🚦 | **Rate Limiting** | Per-session request throttling |
 | 🙈 | **Log Sanitization** | Credentials masked in all output |
 | 🐍 | **MEDUSA Integration** | Automated security scanning |
+| 🖥️ | **Cross-Platform** | Native support for Linux, macOS, Windows |
 
 ### Post-Quantum Ready
 
@@ -60,13 +64,62 @@ ML-KEM-768 (Kyber) + ChaCha20-Poly1305
 
 Even if one algorithm is broken, the other remains secure.
 
+### Cross-Platform Support
+
+Full native support for all major operating systems:
+
+| Platform | File Permissions | Data Directory |
+|----------|-----------------|----------------|
+| **Linux** | Unix chmod (0o600/0o700) | `~/.local/share/notebooklm-mcp/` |
+| **macOS** | Unix chmod (0o600/0o700) | `~/Library/Application Support/notebooklm-mcp/` |
+| **Windows** | ACLs via icacls (current user only) | `%LOCALAPPDATA%\notebooklm-mcp\` |
+
+All sensitive files (encryption keys, auth tokens, audit logs) are automatically protected with owner-only permissions on every platform.
+
+### Enterprise Compliance (v1.6.0+)
+
+Full compliance support for regulated industries:
+
+| Regulation | Features |
+|------------|----------|
+| **GDPR** | Consent management, DSAR handling, right to erasure, data portability |
+| **SOC2 Type II** | Hash-chained audit logs, incident response, availability monitoring |
+| **CSSF** | 7-year retention, SIEM integration, policy documentation |
+
+#### Compliance Tools (16 MCP tools)
+```
+compliance_dashboard    - Real-time compliance status
+compliance_report       - Generate audit reports (JSON/CSV/HTML)
+compliance_evidence     - Collect evidence packages
+grant_consent          - Record user consent
+submit_dsar            - Handle data subject requests
+request_erasure        - Right to be forgotten
+export_user_data       - Data portability export
+create_incident        - Security incident management
+...and 8 more
+```
+
+#### Compliance Dashboard Example
+```
+═══════════════════════════════════════════════════════════════
+  COMPLIANCE DASHBOARD - NotebookLM MCP Server
+═══════════════════════════════════════════════════════════════
+  Generated: 2025-12-18T10:00:00.000Z
+  Overall Score: 95/100
+
+  GDPR:  [COMPLIANT]     SOC2:  [COMPLIANT]     CSSF:  [COMPLIANT]
+═══════════════════════════════════════════════════════════════
+```
+
+See [COMPLIANCE-SPEC.md](./docs/COMPLIANCE-SPEC.md) for full documentation.
+
 ---
 
 ## Installation
 
 ### Claude Code
 ```bash
-claude mcp add notebooklm npx notebooklm-mcp-secure@latest
+claude mcp add notebooklm -- npx @pan-sec/notebooklm-mcp@latest
 ```
 
 ### With Authentication (Recommended)
@@ -74,12 +127,12 @@ claude mcp add notebooklm npx notebooklm-mcp-secure@latest
 claude mcp add notebooklm \
   --env NLMCP_AUTH_ENABLED=true \
   --env NLMCP_AUTH_TOKEN=$(openssl rand -base64 32) \
-  npx notebooklm-mcp-secure@latest
+  -- npx @pan-sec/notebooklm-mcp@latest
 ```
 
 ### Codex
 ```bash
-codex mcp add notebooklm -- npx notebooklm-mcp-secure@latest
+codex mcp add notebooklm -- npx @pan-sec/notebooklm-mcp@latest
 ```
 
 <details>
@@ -91,7 +144,7 @@ Add to `~/.cursor/mcp.json`:
   "mcpServers": {
     "notebooklm": {
       "command": "npx",
-      "args": ["-y", "notebooklm-mcp-secure@latest"],
+      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
       "env": {
         "NLMCP_AUTH_ENABLED": "true",
         "NLMCP_AUTH_TOKEN": "your-secure-token"
@@ -110,7 +163,7 @@ Add to `~/.cursor/mcp.json`:
   "mcpServers": {
     "notebooklm": {
       "command": "npx",
-      "args": ["notebooklm-mcp-secure@latest"],
+      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
       "env": {
         "NLMCP_AUTH_ENABLED": "true",
         "NLMCP_AUTH_TOKEN": "your-secure-token"
@@ -201,7 +254,7 @@ Or integrate in CI/CD:
 
 ```yaml
 - name: Security Scan
-  run: npx notebooklm-mcp-secure && npm run security-scan
+  run: npx @pan-sec/notebooklm-mcp && npm run security-scan
 ```
 
 ---
@@ -250,6 +303,7 @@ All original functionality from [PleasePrompto/notebooklm-mcp](https://github.co
 | Zero-hallucination Q&A | ✅ | ✅ |
 | Library management | ✅ | ✅ |
 | Multi-client support | ✅ | ✅ |
+| **Cross-platform (Linux/macOS/Windows)** | ⚠️ | ✅ |
 | **Post-quantum encryption** | ❌ | ✅ |
 | **Secrets scanning** | ❌ | ✅ |
 | **Certificate pinning** | ❌ | ✅ |

package/SECURITY.md

@@ -2,8 +2,9 @@
 
 This is a security-hardened fork of [PleasePrompto/notebooklm-mcp](https://github.com/PleasePrompto/notebooklm-mcp), maintained by [Pantheon Security](https://pantheonsecurity.io).
 
-**Version**: 1.4.0-secure
+**Version**: 1.5.1
 **Security Features**: 14 hardening layers
+**Platforms**: Linux, macOS, Windows
 
 ## Security Features Overview
 
@@ -21,10 +22,43 @@ This is a security-hardened fork of [PleasePrompto/notebooklm-mcp](https://githu
 | **Certificate Pinning** | ✅ | Google TLS MITM protection |
 | **Memory Scrubbing** | ✅ | Zero sensitive data after use |
 | **MEDUSA Integration** | ✅ | Automated security scanning |
+| **Cross-Platform Permissions** | ✅ | Secure file permissions on all OSes |
 
 ---
 
-## Post-Quantum Encryption (NEW)
+## Cross-Platform Support
+
+Full native support for Linux, macOS, and Windows with proper secure file permissions on each platform.
+
+### Platform-Specific Security
+
+| Platform | File Permissions | Implementation |
+|----------|-----------------|----------------|
+| **Linux** | Unix chmod | `0o600` (files), `0o700` (directories) |
+| **macOS** | Unix chmod | `0o600` (files), `0o700` (directories) |
+| **Windows** | ACLs via icacls | Current user only (Full Control) |
+
+### Data Directories
+
+| Platform | Path |
+|----------|------|
+| Linux | `~/.local/share/notebooklm-mcp/` |
+| macOS | `~/Library/Application Support/notebooklm-mcp/` |
+| Windows | `%LOCALAPPDATA%\notebooklm-mcp\` |
+
+### Protected Files
+
+All sensitive files are automatically protected with owner-only permissions:
+- Encryption keys (`pq-keys.enc`)
+- Authentication tokens (`auth-token.hash`)
+- Audit logs (`audit/*.jsonl`)
+- Browser session state (`browser_state/`)
+- Notebook library (`library.json`)
+- Settings (`settings.json`)
+
+---
+
+## Post-Quantum Encryption
 
 ### Why Post-Quantum?
 
@@ -88,7 +122,7 @@ When you upgrade, existing unencrypted files are automatically:
 
 ---
 
-## Secrets Scanning (NEW)
+## Secrets Scanning
 
 Real-time detection of credentials in logs and responses using patterns from TruffleHog and GitLeaks.
 
@@ -124,7 +158,7 @@ NLMCP_SECRETS_IGNORE=pattern1,pattern2  # Ignore specific patterns
 
 ---
 
-## Certificate Pinning (NEW)
+## Certificate Pinning
 
 Protects HTTPS connections to Google by validating server certificate chains against known-good SPKI hashes.
 
@@ -159,7 +193,7 @@ NLMCP_CERT_REPORT_ONLY=false     # Log but don't block (default: false)
 
 ---
 
-## Memory Scrubbing (NEW)
+## Memory Scrubbing
 
 Sensitive data is securely wiped from memory after use to prevent:
 - Memory dump attacks
@@ -197,7 +231,7 @@ await withSecureCredential(apiKey, async (cred) => {
 
 ---
 
-## MEDUSA Integration (NEW)
+## MEDUSA Integration
 
 Automated security scanning using [MEDUSA](https://github.com/Pantheon-Security/medusa) - Multi-Language Security Scanner with 46+ analyzers.
 

package/dist/auth/mcp-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mcp-auth.d.ts","sourceRoot":"","sources":["../../src/auth/mcp-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AASH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yEAAyE;IACzE,OAAO,EAAE,OAAO,CAAC;IACjB,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,uCAAuC;IACvC,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAyBD;;;;GAIG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,cAAc,CAAgD;IACtE,OAAO,CAAC,WAAW,CAAkB;gBAEzB,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC;IAI3C;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IA+DjC;;OAEG;IACH,aAAa,IAAI,MAAM;IAIvB;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAIhC;;OAEG;YACW,aAAa;IAa3B;;OAEG;IACH,SAAS,IAAI,OAAO;IAIpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAgBnB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAyB3B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAI3B;;;;;;OAMG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,QAAQ,GAAE,MAAkB,GAAG,OAAO,CAAC,OAAO,CAAC;IAmD9F;;OAEG;IACH,SAAS,IAAI;QACX,OAAO,EAAE,OAAO,CAAC;QACjB,QAAQ,EAAE,OAAO,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;KACvB;IASD;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;CAUrC;AAOD;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,gBAAgB,CAKtD;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;IAAE,aAAa,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAiBrD"}
+{"version":3,"file":"mcp-auth.d.ts","sourceRoot":"","sources":["../../src/auth/mcp-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAcH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yEAAyE;IACzE,OAAO,EAAE,OAAO,CAAC;IACjB,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,uCAAuC;IACvC,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAyBD;;;;GAIG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,cAAc,CAAgD;IACtE,OAAO,CAAC,WAAW,CAAkB;gBAEzB,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC;IAI3C;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IA+DjC;;OAEG;IACH,aAAa,IAAI,MAAM;IAIvB;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAIhC;;OAEG;YACW,aAAa;IAa3B;;OAEG;IACH,SAAS,IAAI,OAAO;IAIpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAgBnB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAyB3B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAI3B;;;;;;OAMG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,QAAQ,GAAE,MAAkB,GAAG,OAAO,CAAC,OAAO,CAAC;IAmD9F;;OAEG;IACH,SAAS,IAAI;QACX,OAAO,EAAE,OAAO,CAAC;QACjB,QAAQ,EAAE,OAAO,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;KACvB;IASD;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;CAUrC;AAOD;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,gBAAgB,CAKtD;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;IAAE,aAAa,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAiBrD"}

package/dist/auth/mcp-auth.js

@@ -15,6 +15,7 @@ import path from "path";
 import { CONFIG } from "../config.js";
 import { log } from "../utils/logger.js";
 import { audit } from "../utils/audit-logger.js";
+import { mkdirSecure, writeFileSecure, PERMISSION_MODES, } from "../utils/file-permissions.js";
 /**
  * Get MCP auth configuration from environment
  */
@@ -119,12 +120,8 @@ export class MCPAuthenticator {
         if (!this.tokenHash)
             return;
         const dir = path.dirname(this.config.tokenFile);
-        if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
-        }
-        fs.writeFileSync(this.config.tokenFile, this.tokenHash, {
-            mode: 0o600, // Owner read/write only
-        });
+        mkdirSecure(dir, PERMISSION_MODES.OWNER_FULL);
+        writeFileSecure(this.config.tokenFile, this.tokenHash, PERMISSION_MODES.OWNER_READ_WRITE);
     }
     /**
      * Check if authentication is enabled

package/dist/auth/mcp-auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"mcp-auth.js","sourceRoot":"","sources":["../../src/auth/mcp-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAC;AA2BjD;;GAEG;AACH,SAAS,aAAa;IACpB,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,MAAM;QAClD,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB;QACnC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;YAC1C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,iBAAiB,CAAC;QAChD,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,GAAG,EAAE,EAAE,CAAC;QACzE,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,QAAQ,EAAE,EAAE,CAAC,EAAE,QAAQ;KACzF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,gBAAgB;IACnB,MAAM,CAAgB;IACtB,SAAS,GAAkB,IAAI,CAAC;IAChC,cAAc,GAAsC,IAAI,GAAG,EAAE,CAAC;IAC9D,WAAW,GAAY,KAAK,CAAC;IAErC,YAAY,MAA+B;QACzC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,aAAa,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YAC9C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QAElD,qCAAqC;QACrC,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnD,GAAG,CAAC,OAAO,CAAC,2CAA2C,CAAC,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,mCAAmC;QACnC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;gBACvE,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC,CAAC,qBAAqB;oBAChD,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC;oBACzB,GAAG,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;oBAC/C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;oBACxB,OAAO;gBACT,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,OAAO,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACtC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAE3B,GAAG,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC;QACtD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QAC9E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,eAAe,QAAQ,KAAK,CAAC,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QAC9E,GAAG,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QAC9E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEb,MAAM,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,EAAE;YACxC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,KAAa;QACrB,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO;QAE5B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE;YACtD,IAAI,EAAE,KAAK,EAAE,wBAAwB;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,QAAgB;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,CAAC,WAAW,GAAG,CAAC,IAAI,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACjE,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,QAAgB;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI;YACnD,KAAK,EAAE,CAAC;YACR,WAAW,EAAE,CAAC;YACd,WAAW,EAAE,CAAC;SACf,CAAC;QAEF,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,OAAO,CAAC,WAAW,GAAG,GAAG,CAAC;QAE1B,IAAI,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACnD,OAAO,CAAC,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YAC1D,GAAG,CAAC,OAAO,CAAC,aAAa,QAAQ,mBAAmB,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC;YAE7F,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE,SAAS,EAAE;gBACxC,SAAS,EAAE,QAAQ;gBACnB,eAAe,EAAE,OAAO,CAAC,KAAK;gBAC9B,aAAa,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE;aAC3D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,QAAgB;QAC1C,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,aAAa,CAAC,KAAyB,EAAE,WAAmB,SAAS;QACzE,0CAA0C;QAC1C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,gBAAgB;QAChB,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,GAAG,CAAC,OAAO,CAAC,2CAA2C,QAAQ,EAAE,CAAC,CAAC;YACnE,MAAM,KAAK,CAAC,QAAQ,CAAC,6BAA6B,EAAE,SAAS,EAAE;gBAC7D,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,iBAAiB;QACjB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,OAAO,CAAC,8CAA8C,QAAQ,GAAG,CAAC,CAAC;YACvE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,EAAE;gBACrC,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,UAAU;aACnB,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAG,YAAY,KAAK,IAAI,CAAC,SAAS,CAAC;QAE9C,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,EAAE;gBACrC,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,OAAO,CAAC,0CAA0C,QAAQ,GAAG,CAAC,CAAC;YACnE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,EAAE;gBACrC,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,eAAe;aACxB,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,SAAS;QAKP,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,QAAQ,EAAE,IAAI,CAAC,SAAS,KAAK,IAAI;YACjC,aAAa,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;iBACpD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,MAAM;SAClD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACtC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAE3B,GAAG,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QAC5C,MAAM,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;QAExC,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAED;;GAEG;AACH,IAAI,mBAAmB,GAA4B,IAAI,CAAC;AAExD;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,mBAAmB,GAAG,IAAI,gBAAgB,EAAE,CAAC;IAC/C,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,KAAyB,EACzB,QAAiB;IAEjB,MAAM,IAAI,GAAG,mBAAmB,EAAE,CAAC;IAEnC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QACtB,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACjC,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAExD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,aAAa,EAAE,KAAK;YACpB,KAAK,EAAE,qEAAqE;SAC7E,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;AACjC,CAAC"}
+{"version":3,"file":"mcp-auth.js","sourceRoot":"","sources":["../../src/auth/mcp-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,MAAM,0BAA0B,CAAC;AACjD,OAAO,EACL,WAAW,EACX,eAAe,EACf,gBAAgB,GACjB,MAAM,8BAA8B,CAAC;AA2BtC;;GAEG;AACH,SAAS,aAAa;IACpB,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,MAAM;QAClD,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB;QACnC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;YAC1C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,iBAAiB,CAAC;QAChD,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,GAAG,EAAE,EAAE,CAAC;QACzE,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,QAAQ,EAAE,EAAE,CAAC,EAAE,QAAQ;KACzF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,gBAAgB;IACnB,MAAM,CAAgB;IACtB,SAAS,GAAkB,IAAI,CAAC;IAChC,cAAc,GAAsC,IAAI,GAAG,EAAE,CAAC;IAC9D,WAAW,GAAY,KAAK,CAAC;IAErC,YAAY,MAA+B;QACzC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,aAAa,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YAC9C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QAElD,qCAAqC;QACrC,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnD,GAAG,CAAC,OAAO,CAAC,2CAA2C,CAAC,CAAC;YACzD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,mCAAmC;QACnC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;gBACvE,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC,CAAC,qBAAqB;oBAChD,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC;oBACzB,GAAG,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;oBAC/C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;oBACxB,OAAO;gBACT,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,OAAO,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACtC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAE3B,GAAG,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC;QACtD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QAC9E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,eAAe,QAAQ,KAAK,CAAC,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QAC9E,GAAG,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QAC9E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC7E,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEb,MAAM,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,EAAE;YACxC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,KAAa;QACrB,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO;QAE5B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAChD,WAAW,CAAC,GAAG,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAE9C,eAAe,CACb,IAAI,CAAC,MAAM,CAAC,SAAS,EACrB,IAAI,CAAC,SAAS,EACd,gBAAgB,CAAC,gBAAgB,CAClC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,QAAgB;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,CAAC,WAAW,GAAG,CAAC,IAAI,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACjE,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,QAAgB;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI;YACnD,KAAK,EAAE,CAAC;YACR,WAAW,EAAE,CAAC;YACd,WAAW,EAAE,CAAC;SACf,CAAC;QAEF,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,OAAO,CAAC,WAAW,GAAG,GAAG,CAAC;QAE1B,IAAI,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACnD,OAAO,CAAC,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;YAC1D,GAAG,CAAC,OAAO,CAAC,aAAa,QAAQ,mBAAmB,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC;YAE7F,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE,SAAS,EAAE;gBACxC,SAAS,EAAE,QAAQ;gBACnB,eAAe,EAAE,OAAO,CAAC,KAAK;gBAC9B,aAAa,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE;aAC3D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,QAAgB;QAC1C,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,aAAa,CAAC,KAAyB,EAAE,WAAmB,SAAS;QACzE,0CAA0C;QAC1C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,gBAAgB;QAChB,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,GAAG,CAAC,OAAO,CAAC,2CAA2C,QAAQ,EAAE,CAAC,CAAC;YACnE,MAAM,KAAK,CAAC,QAAQ,CAAC,6BAA6B,EAAE,SAAS,EAAE;gBAC7D,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,iBAAiB;QACjB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,OAAO,CAAC,8CAA8C,QAAQ,GAAG,CAAC,CAAC;YACvE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,EAAE;gBACrC,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,UAAU;aACnB,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAG,YAAY,KAAK,IAAI,CAAC,SAAS,CAAC;QAE9C,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,EAAE;gBACrC,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,OAAO,CAAC,0CAA0C,QAAQ,GAAG,CAAC,CAAC;YACnE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,EAAE;gBACrC,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,eAAe;aACxB,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,SAAS;QAKP,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,QAAQ,EAAE,IAAI,CAAC,SAAS,KAAK,IAAI;YACjC,aAAa,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;iBACpD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,MAAM;SAClD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACtC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAE3B,GAAG,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QAC5C,MAAM,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;QAExC,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAED;;GAEG;AACH,IAAI,mBAAmB,GAA4B,IAAI,CAAC;AAExD;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,mBAAmB,GAAG,IAAI,gBAAgB,EAAE,CAAC;IAC/C,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,KAAyB,EACzB,QAAiB;IAEjB,MAAM,IAAI,GAAG,mBAAmB,EAAE,CAAC;IAEnC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QACtB,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACjC,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAExD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,aAAa,EAAE,KAAK;YACpB,KAAK,EAAE,qEAAqE;SAC7E,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;AACjC,CAAC"}

package/dist/compliance/alert-manager.d.ts

@@ -0,0 +1,120 @@
+/**
+ * Alert Manager
+ *
+ * Sends alerts for security and compliance events.
+ * Supports multiple channels: console, file, webhook, email.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import type { Alert, AlertConfig, AlertSeverity } from "./types.js";
+/**
+ * Alert Manager class
+ */
+export declare class AlertManager {
+    private static instance;
+    private config;
+    private alertHistory;
+    private hourlyAlerts;
+    private alertsDir;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(): AlertManager;
+    /**
+     * Check if alert should be sent based on severity
+     */
+    private meetsMinimumSeverity;
+    /**
+     * Check if alert is within cooldown period
+     */
+    private isInCooldown;
+    /**
+     * Check if hourly limit is exceeded
+     */
+    private isHourlyLimitExceeded;
+    /**
+     * Record that an alert was sent
+     */
+    private recordAlert;
+    /**
+     * Generate a unique key for deduplication
+     */
+    private generateKey;
+    /**
+     * Send an alert
+     */
+    sendAlert(severity: AlertSeverity, title: string, message: string, source: string, details?: Record<string, unknown>): Promise<Alert | null>;
+    /**
+     * Send alert to console
+     */
+    private sendToConsole;
+    /**
+     * Send alert to file
+     */
+    private sendToFile;
+    /**
+     * Send alert to webhook
+     */
+    private sendToWebhook;
+    /**
+     * Format webhook body for common services (Slack, Teams, generic)
+     */
+    private formatWebhookBody;
+    /**
+     * Get severity icon
+     */
+    private getSeverityIcon;
+    /**
+     * Get severity color (for webhooks)
+     */
+    private getSeverityColor;
+    /**
+     * Send a critical alert
+     */
+    critical(title: string, message: string, source: string, details?: Record<string, unknown>): Promise<Alert | null>;
+    /**
+     * Send an error alert
+     */
+    error(title: string, message: string, source: string, details?: Record<string, unknown>): Promise<Alert | null>;
+    /**
+     * Send a warning alert
+     */
+    warning(title: string, message: string, source: string, details?: Record<string, unknown>): Promise<Alert | null>;
+    /**
+     * Send an info alert
+     */
+    info(title: string, message: string, source: string, details?: Record<string, unknown>): Promise<Alert | null>;
+    /**
+     * Get alert statistics
+     */
+    getStats(): {
+        enabled: boolean;
+        min_severity: AlertSeverity;
+        cooldown_seconds: number;
+        max_alerts_per_hour: number;
+        alerts_this_hour: number;
+        channels: string[];
+    };
+    /**
+     * Update configuration at runtime
+     */
+    updateConfig(updates: Partial<AlertConfig>): void;
+}
+/**
+ * Get the alert manager instance
+ */
+export declare function getAlertManager(): AlertManager;
+/**
+ * Send an alert
+ */
+export declare function sendAlert(severity: AlertSeverity, title: string, message: string, source: string, details?: Record<string, unknown>): Promise<Alert | null>;
+/**
+ * Send a critical alert
+ */
+export declare function alertCritical(title: string, message: string, source: string, details?: Record<string, unknown>): Promise<Alert | null>;
+/**
+ * Send a warning alert
+ */
+export declare function alertWarning(title: string, message: string, source: string, details?: Record<string, unknown>): Promise<Alert | null>;
+//# sourceMappingURL=alert-manager.d.ts.map

package/dist/compliance/alert-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"alert-manager.d.ts","sourceRoot":"","sources":["../../src/compliance/alert-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,OAAO,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AA4CpE;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAe;IACtC,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,YAAY,CAA+B;IACnD,OAAO,CAAC,SAAS,CAAS;IAE1B,OAAO;IAUP;;OAEG;WACW,WAAW,IAAI,YAAY;IAOzC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAI5B;;OAEG;IACH,OAAO,CAAC,YAAY;IAQpB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAM7B;;OAEG;IACH,OAAO,CAAC,WAAW;IAKnB;;OAEG;IACH,OAAO,CAAC,WAAW;IAInB;;OAEG;IACU,SAAS,CACpB,QAAQ,EAAE,aAAa,EACvB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IA8DxB;;OAEG;YACW,aAAa;IAiB3B;;OAEG;YACW,UAAU;IAsBxB;;OAEG;YACW,aAAa;IA2C3B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA4DzB;;OAEG;IACH,OAAO,CAAC,eAAe;IAavB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAiBxB;;OAEG;IACU,QAAQ,CACnB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAIxB;;OAEG;IACU,KAAK,CAChB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAIxB;;OAEG;IACU,OAAO,CAClB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAIxB;;OAEG;IACU,IAAI,CACf,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAIxB;;OAEG;IACI,QAAQ,IAAI;QACjB,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,EAAE,aAAa,CAAC;QAC5B,gBAAgB,EAAE,MAAM,CAAC;QACzB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,gBAAgB,EAAE,MAAM,CAAC;QACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB;IAmBD;;OAEG;IACI,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,IAAI;CAGzD;AAMD;;GAEG;AACH,wBAAgB,eAAe,IAAI,YAAY,CAE9C;AAMD;;GAEG;AACH,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,aAAa,EACvB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAEvB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAEvB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAEvB"}