@pan-sec/notebooklm-mcp 1.4.0 → 1.7.0

package/dist/compliance/data-classification.js

@@ -0,0 +1,469 @@
+/**
+ * Data Classification System
+ *
+ * Tags all data by sensitivity level for appropriate handling.
+ * Supports GDPR, SOC2, and CSSF compliance requirements.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import { DataClassification, } from "./types.js";
+// ============================================
+// DATA TYPE REGISTRY
+// ============================================
+/**
+ * Pre-defined data classifications for known data types
+ */
+const DATA_CLASSIFICATIONS = {
+    // Authentication & Credentials
+    "auth_token": {
+        classification: DataClassification.RESTRICTED,
+        data_categories: ["credentials"],
+        retention_policy: "session",
+        encryption_required: true,
+        audit_required: true,
+        exportable: false,
+        erasable: true,
+    },
+    "mcp_auth_token": {
+        classification: DataClassification.RESTRICTED,
+        data_categories: ["credentials"],
+        retention_policy: "indefinite",
+        encryption_required: true,
+        audit_required: true,
+        exportable: false,
+        erasable: true,
+    },
+    "encryption_keys": {
+        classification: DataClassification.RESTRICTED,
+        data_categories: ["credentials"],
+        retention_policy: "indefinite",
+        encryption_required: true,
+        audit_required: true,
+        exportable: false,
+        erasable: true,
+    },
+    // Browser & Session Data
+    "browser_cookies": {
+        classification: DataClassification.RESTRICTED,
+        data_categories: ["session_data", "personal_data"],
+        retention_policy: "24_hours",
+        encryption_required: true,
+        audit_required: true,
+        exportable: true,
+        erasable: true,
+    },
+    "browser_local_storage": {
+        classification: DataClassification.CONFIDENTIAL,
+        data_categories: ["session_data"],
+        retention_policy: "24_hours",
+        encryption_required: true,
+        audit_required: false,
+        exportable: true,
+        erasable: true,
+    },
+    "session_state": {
+        classification: DataClassification.CONFIDENTIAL,
+        data_categories: ["session_data"],
+        retention_policy: "8_hours",
+        encryption_required: true,
+        audit_required: true,
+        exportable: true,
+        erasable: true,
+    },
+    // User Data
+    "notebook_library": {
+        classification: DataClassification.CONFIDENTIAL,
+        data_categories: ["notebook_metadata"],
+        retention_policy: "indefinite",
+        encryption_required: true,
+        audit_required: true,
+        exportable: true,
+        erasable: true,
+    },
+    "user_settings": {
+        classification: DataClassification.INTERNAL,
+        data_categories: ["configuration"],
+        retention_policy: "indefinite",
+        encryption_required: false,
+        audit_required: false,
+        exportable: true,
+        erasable: true,
+    },
+    "consent_records": {
+        classification: DataClassification.REGULATED,
+        data_categories: ["personal_data"],
+        retention_policy: "7_years",
+        encryption_required: true,
+        audit_required: true,
+        exportable: true,
+        erasable: false, // Must retain for compliance
+    },
+    // Audit & Compliance Logs
+    "audit_logs": {
+        classification: DataClassification.REGULATED,
+        data_categories: ["audit_logs"],
+        retention_policy: "7_years",
+        encryption_required: true,
+        audit_required: false, // Don't audit the audit logs
+        exportable: true,
+        erasable: false, // Required for compliance
+    },
+    "compliance_events": {
+        classification: DataClassification.REGULATED,
+        data_categories: ["audit_logs"],
+        retention_policy: "7_years",
+        encryption_required: true,
+        audit_required: false,
+        exportable: true,
+        erasable: false, // Required for compliance
+    },
+    "security_logs": {
+        classification: DataClassification.REGULATED,
+        data_categories: ["audit_logs"],
+        retention_policy: "7_years",
+        encryption_required: true,
+        audit_required: false,
+        exportable: true,
+        erasable: false,
+    },
+    // Cache & Temporary Data
+    "browser_cache": {
+        classification: DataClassification.INTERNAL,
+        data_categories: ["session_data"],
+        retention_policy: "7_days",
+        encryption_required: false,
+        audit_required: false,
+        exportable: false,
+        erasable: true,
+    },
+    "error_logs": {
+        classification: DataClassification.INTERNAL,
+        data_categories: ["usage_data"],
+        retention_policy: "30_days",
+        encryption_required: false,
+        audit_required: false,
+        exportable: true,
+        erasable: true,
+    },
+};
+/**
+ * Legal basis for each data type
+ */
+const DATA_LEGAL_BASES = {
+    "auth_token": "contract",
+    "mcp_auth_token": "contract",
+    "encryption_keys": "legal_obligation",
+    "browser_cookies": "contract",
+    "browser_local_storage": "contract",
+    "session_state": "contract",
+    "notebook_library": "contract",
+    "user_settings": "contract",
+    "consent_records": "legal_obligation",
+    "audit_logs": "legal_obligation",
+    "compliance_events": "legal_obligation",
+    "security_logs": "legal_obligation",
+    "browser_cache": "legitimate_interest",
+    "error_logs": "legitimate_interest",
+};
+/**
+ * Processing purposes for each data type
+ */
+const DATA_PURPOSES = {
+    "auth_token": ["service_provision", "session_management"],
+    "mcp_auth_token": ["service_provision", "access_control"],
+    "encryption_keys": ["data_protection"],
+    "browser_cookies": ["service_provision", "session_management"],
+    "browser_local_storage": ["service_provision"],
+    "session_state": ["session_management"],
+    "notebook_library": ["service_provision"],
+    "user_settings": ["service_provision", "personalization"],
+    "consent_records": ["legal_compliance"],
+    "audit_logs": ["security_logging", "legal_compliance"],
+    "compliance_events": ["legal_compliance"],
+    "security_logs": ["security_logging", "legal_compliance"],
+    "browser_cache": ["performance_optimization"],
+    "error_logs": ["error_diagnostics", "service_improvement"],
+};
+// ============================================
+// DATA CLASSIFIER
+// ============================================
+/**
+ * Data Classifier class
+ */
+export class DataClassifier {
+    static instance;
+    customClassifications = new Map();
+    constructor() { }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!DataClassifier.instance) {
+            DataClassifier.instance = new DataClassifier();
+        }
+        return DataClassifier.instance;
+    }
+    /**
+     * Classify a data type
+     */
+    classify(dataType) {
+        // Check custom classifications first
+        if (this.customClassifications.has(dataType)) {
+            return this.customClassifications.get(dataType);
+        }
+        // Check built-in classifications
+        if (dataType in DATA_CLASSIFICATIONS) {
+            return DATA_CLASSIFICATIONS[dataType];
+        }
+        return null;
+    }
+    /**
+     * Get the classification level for a data type
+     */
+    getClassificationLevel(dataType) {
+        const classified = this.classify(dataType);
+        return classified?.classification || DataClassification.INTERNAL;
+    }
+    /**
+     * Check if data requires encryption
+     */
+    requiresEncryption(dataType) {
+        const classified = this.classify(dataType);
+        return classified?.encryption_required ?? false;
+    }
+    /**
+     * Check if data access requires audit logging
+     */
+    requiresAudit(dataType) {
+        const classified = this.classify(dataType);
+        return classified?.audit_required ?? true;
+    }
+    /**
+     * Check if data is exportable (for GDPR data portability)
+     */
+    isExportable(dataType) {
+        const classified = this.classify(dataType);
+        return classified?.exportable ?? false;
+    }
+    /**
+     * Check if data is erasable (for GDPR right to erasure)
+     */
+    isErasable(dataType) {
+        const classified = this.classify(dataType);
+        return classified?.erasable ?? false;
+    }
+    /**
+     * Get legal basis for processing
+     */
+    getLegalBasis(dataType) {
+        return DATA_LEGAL_BASES[dataType] || "legitimate_interest";
+    }
+    /**
+     * Get processing purposes
+     */
+    getProcessingPurposes(dataType) {
+        return DATA_PURPOSES[dataType] || ["service_provision"];
+    }
+    /**
+     * Get retention policy
+     */
+    getRetentionPolicy(dataType) {
+        const classified = this.classify(dataType);
+        return classified?.retention_policy || "30_days";
+    }
+    /**
+     * Register a custom classification
+     */
+    registerClassification(dataType, classification) {
+        this.customClassifications.set(dataType, classification);
+    }
+    /**
+     * Get all known data types
+     */
+    getAllDataTypes() {
+        const builtIn = Object.keys(DATA_CLASSIFICATIONS);
+        const custom = Array.from(this.customClassifications.keys());
+        return [...new Set([...builtIn, ...custom])];
+    }
+    /**
+     * Get data types by classification level
+     */
+    getDataTypesByClassification(level) {
+        return this.getAllDataTypes().filter(dt => {
+            const classified = this.classify(dt);
+            return classified?.classification === level;
+        });
+    }
+    /**
+     * Get data types by category
+     */
+    getDataTypesByCategory(category) {
+        return this.getAllDataTypes().filter(dt => {
+            const classified = this.classify(dt);
+            return classified?.data_categories.includes(category);
+        });
+    }
+    /**
+     * Build a data inventory entry
+     */
+    buildInventoryEntry(dataType, storageLocation) {
+        const classified = this.classify(dataType);
+        if (!classified)
+            return null;
+        const retentionDays = this.parseRetentionDays(classified.retention_policy);
+        return {
+            id: `inv_${dataType}_${Date.now()}`,
+            data_type: dataType,
+            description: this.getDataTypeDescription(dataType),
+            classification: classified.classification,
+            data_categories: classified.data_categories,
+            storage_location: storageLocation,
+            encrypted: classified.encryption_required,
+            retention_policy: classified.retention_policy,
+            retention_days: retentionDays,
+            legal_basis: this.getLegalBasis(dataType),
+            processing_purposes: this.getProcessingPurposes(dataType),
+            who_can_access: ["owner"],
+            exportable: classified.exportable,
+            erasable: classified.erasable,
+            last_updated: new Date().toISOString(),
+        };
+    }
+    /**
+     * Parse retention policy to days
+     */
+    parseRetentionDays(policy) {
+        switch (policy) {
+            case "session":
+                return 1; // Treat as 1 day max
+            case "8_hours":
+                return 1;
+            case "24_hours":
+                return 1;
+            case "7_days":
+                return 7;
+            case "30_days":
+                return 30;
+            case "7_years":
+                return 7 * 365;
+            case "indefinite":
+                return "indefinite";
+            default:
+                // Try to parse "X_days" format
+                const match = policy.match(/^(\d+)_days$/);
+                if (match) {
+                    return parseInt(match[1], 10);
+                }
+                return 30; // Default
+        }
+    }
+    /**
+     * Get human-readable description for data type
+     */
+    getDataTypeDescription(dataType) {
+        const descriptions = {
+            "auth_token": "Session authentication tokens for NotebookLM access",
+            "mcp_auth_token": "MCP server authentication token",
+            "encryption_keys": "Post-quantum encryption key pairs",
+            "browser_cookies": "Browser cookies for NotebookLM session",
+            "browser_local_storage": "Browser local storage data",
+            "session_state": "Current browser session state",
+            "notebook_library": "User's saved notebook collection with URLs and metadata",
+            "user_settings": "User preferences and configuration",
+            "consent_records": "Record of user consent for data processing",
+            "audit_logs": "Security and operational audit trail",
+            "compliance_events": "Regulatory compliance event log",
+            "security_logs": "Security-specific event log",
+            "browser_cache": "Temporary browser cache files",
+            "error_logs": "Application error and diagnostic logs",
+        };
+        return descriptions[dataType] || `Data of type: ${dataType}`;
+    }
+    /**
+     * Validate classification against compliance requirements
+     */
+    validateCompliance(dataType, regulations) {
+        const classified = this.classify(dataType);
+        const issues = [];
+        if (!classified) {
+            issues.push(`Unknown data type: ${dataType}`);
+            return { valid: false, issues };
+        }
+        // GDPR requirements
+        if (regulations.includes("GDPR")) {
+            if (classified.data_categories.includes("personal_data")) {
+                if (!classified.encryption_required) {
+                    issues.push("GDPR: Personal data should be encrypted");
+                }
+                if (!classified.exportable) {
+                    issues.push("GDPR: Personal data should be exportable for data portability");
+                }
+            }
+        }
+        // SOC2 requirements
+        if (regulations.includes("SOC2")) {
+            if (classified.classification === DataClassification.RESTRICTED ||
+                classified.classification === DataClassification.REGULATED) {
+                if (!classified.audit_required && !classified.data_categories.includes("audit_logs")) {
+                    issues.push("SOC2: Sensitive data access should be audited");
+                }
+            }
+        }
+        // CSSF requirements (Luxembourg financial regulator)
+        if (regulations.includes("CSSF")) {
+            if (classified.data_categories.includes("audit_logs")) {
+                const retentionDays = this.parseRetentionDays(classified.retention_policy);
+                if (retentionDays !== "indefinite" && retentionDays < 7 * 365) {
+                    issues.push("CSSF: Audit logs must be retained for at least 7 years");
+                }
+            }
+        }
+        return {
+            valid: issues.length === 0,
+            issues,
+        };
+    }
+}
+// ============================================
+// SINGLETON ACCESS
+// ============================================
+/**
+ * Get the data classifier instance
+ */
+export function getDataClassifier() {
+    return DataClassifier.getInstance();
+}
+// ============================================
+// CONVENIENCE EXPORTS
+// ============================================
+/**
+ * Check if a data type requires encryption
+ */
+export function requiresEncryption(dataType) {
+    return getDataClassifier().requiresEncryption(dataType);
+}
+/**
+ * Check if a data type requires audit logging
+ */
+export function requiresAudit(dataType) {
+    return getDataClassifier().requiresAudit(dataType);
+}
+/**
+ * Get the classification level for a data type
+ */
+export function getClassificationLevel(dataType) {
+    return getDataClassifier().getClassificationLevel(dataType);
+}
+/**
+ * Check if data is exportable for GDPR
+ */
+export function isExportable(dataType) {
+    return getDataClassifier().isExportable(dataType);
+}
+/**
+ * Check if data can be erased for GDPR
+ */
+export function isErasable(dataType) {
+    return getDataClassifier().isErasable(dataType);
+}
+//# sourceMappingURL=data-classification.js.map

package/dist/compliance/data-classification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-classification.js","sourceRoot":"","sources":["../../src/compliance/data-classification.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,kBAAkB,GAKnB,MAAM,YAAY,CAAC;AAEpB,+CAA+C;AAC/C,qBAAqB;AACrB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,oBAAoB,GAAmC;IAC3D,+BAA+B;IAC/B,YAAY,EAAE;QACZ,cAAc,EAAE,kBAAkB,CAAC,UAAU;QAC7C,eAAe,EAAE,CAAC,aAAa,CAAC;QAChC,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,KAAK;QACjB,QAAQ,EAAE,IAAI;KACf;IACD,gBAAgB,EAAE;QAChB,cAAc,EAAE,kBAAkB,CAAC,UAAU;QAC7C,eAAe,EAAE,CAAC,aAAa,CAAC;QAChC,gBAAgB,EAAE,YAAY;QAC9B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,KAAK;QACjB,QAAQ,EAAE,IAAI;KACf;IACD,iBAAiB,EAAE;QACjB,cAAc,EAAE,kBAAkB,CAAC,UAAU;QAC7C,eAAe,EAAE,CAAC,aAAa,CAAC;QAChC,gBAAgB,EAAE,YAAY;QAC9B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,KAAK;QACjB,QAAQ,EAAE,IAAI;KACf;IAED,yBAAyB;IACzB,iBAAiB,EAAE;QACjB,cAAc,EAAE,kBAAkB,CAAC,UAAU;QAC7C,eAAe,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;QAClD,gBAAgB,EAAE,UAAU;QAC5B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,IAAI;KACf;IACD,uBAAuB,EAAE;QACvB,cAAc,EAAE,kBAAkB,CAAC,YAAY;QAC/C,eAAe,EAAE,CAAC,cAAc,CAAC;QACjC,gBAAgB,EAAE,UAAU;QAC5B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,KAAK;QACrB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,IAAI;KACf;IACD,eAAe,EAAE;QACf,cAAc,EAAE,kBAAkB,CAAC,YAAY;QAC/C,eAAe,EAAE,CAAC,cAAc,CAAC;QACjC,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,IAAI;KACf;IAED,YAAY;IACZ,kBAAkB,EAAE;QAClB,cAAc,EAAE,kBAAkB,CAAC,YAAY;QAC/C,eAAe,EAAE,CAAC,mBAAmB,CAAC;QACtC,gBAAgB,EAAE,YAAY;QAC9B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,IAAI;KACf;IACD,eAAe,EAAE;QACf,cAAc,EAAE,kBAAkB,CAAC,QAAQ;QAC3C,eAAe,EAAE,CAAC,eAAe,CAAC;QAClC,gBAAgB,EAAE,YAAY;QAC9B,mBAAmB,EAAE,KAAK;QAC1B,cAAc,EAAE,KAAK;QACrB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,IAAI;KACf;IACD,iBAAiB,EAAE;QACjB,cAAc,EAAE,kBAAkB,CAAC,SAAS;QAC5C,eAAe,EAAE,CAAC,eAAe,CAAC;QAClC,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,KAAK,EAAE,6BAA6B;KAC/C;IAED,0BAA0B;IAC1B,YAAY,EAAE;QACZ,cAAc,EAAE,kBAAkB,CAAC,SAAS;QAC5C,eAAe,EAAE,CAAC,YAAY,CAAC;QAC/B,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,KAAK,EAAE,6BAA6B;QACpD,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,KAAK,EAAE,0BAA0B;KAC5C;IACD,mBAAmB,EAAE;QACnB,cAAc,EAAE,kBAAkB,CAAC,SAAS;QAC5C,eAAe,EAAE,CAAC,YAAY,CAAC;QAC/B,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,KAAK;QACrB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,KAAK,EAAE,0BAA0B;KAC5C;IACD,eAAe,EAAE;QACf,cAAc,EAAE,kBAAkB,CAAC,SAAS;QAC5C,eAAe,EAAE,CAAC,YAAY,CAAC;QAC/B,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,IAAI;QACzB,cAAc,EAAE,KAAK;QACrB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,KAAK;KAChB;IAED,yBAAyB;IACzB,eAAe,EAAE;QACf,cAAc,EAAE,kBAAkB,CAAC,QAAQ;QAC3C,eAAe,EAAE,CAAC,cAAc,CAAC;QACjC,gBAAgB,EAAE,QAAQ;QAC1B,mBAAmB,EAAE,KAAK;QAC1B,cAAc,EAAE,KAAK;QACrB,UAAU,EAAE,KAAK;QACjB,QAAQ,EAAE,IAAI;KACf;IACD,YAAY,EAAE;QACZ,cAAc,EAAE,kBAAkB,CAAC,QAAQ;QAC3C,eAAe,EAAE,CAAC,YAAY,CAAC;QAC/B,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,KAAK;QAC1B,cAAc,EAAE,KAAK;QACrB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,IAAI;KACf;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAA+B;IACnD,YAAY,EAAE,UAAU;IACxB,gBAAgB,EAAE,UAAU;IAC5B,iBAAiB,EAAE,kBAAkB;IACrC,iBAAiB,EAAE,UAAU;IAC7B,uBAAuB,EAAE,UAAU;IACnC,eAAe,EAAE,UAAU;IAC3B,kBAAkB,EAAE,UAAU;IAC9B,eAAe,EAAE,UAAU;IAC3B,iBAAiB,EAAE,kBAAkB;IACrC,YAAY,EAAE,kBAAkB;IAChC,mBAAmB,EAAE,kBAAkB;IACvC,eAAe,EAAE,kBAAkB;IACnC,eAAe,EAAE,qBAAqB;IACtC,YAAY,EAAE,qBAAqB;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAA6B;IAC9C,YAAY,EAAE,CAAC,mBAAmB,EAAE,oBAAoB,CAAC;IACzD,gBAAgB,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;IACzD,iBAAiB,EAAE,CAAC,iBAAiB,CAAC;IACtC,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,oBAAoB,CAAC;IAC9D,uBAAuB,EAAE,CAAC,mBAAmB,CAAC;IAC9C,eAAe,EAAE,CAAC,oBAAoB,CAAC;IACvC,kBAAkB,EAAE,CAAC,mBAAmB,CAAC;IACzC,eAAe,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,CAAC;IACzD,iBAAiB,EAAE,CAAC,kBAAkB,CAAC;IACvC,YAAY,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;IACtD,mBAAmB,EAAE,CAAC,kBAAkB,CAAC;IACzC,eAAe,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;IACzD,eAAe,EAAE,CAAC,0BAA0B,CAAC;IAC7C,YAAY,EAAE,CAAC,mBAAmB,EAAE,qBAAqB,CAAC;CAC3D,CAAC;AAEF,+CAA+C;AAC/C,kBAAkB;AAClB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,OAAO,cAAc;IACjB,MAAM,CAAC,QAAQ,CAAiB;IAChC,qBAAqB,GAAgC,IAAI,GAAG,EAAE,CAAC;IAEvE,gBAAuB,CAAC;IAExB;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;YAC7B,cAAc,CAAC,QAAQ,GAAG,IAAI,cAAc,EAAE,CAAC;QACjD,CAAC;QACD,OAAO,cAAc,CAAC,QAAQ,CAAC;IACjC,CAAC;IAED;;OAEG;IACI,QAAQ,CAAC,QAAgB;QAC9B,qCAAqC;QACrC,IAAI,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;QACnD,CAAC;QAED,iCAAiC;QACjC,IAAI,QAAQ,IAAI,oBAAoB,EAAE,CAAC;YACrC,OAAO,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACI,sBAAsB,CAAC,QAAgB;QAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,UAAU,EAAE,cAAc,IAAI,kBAAkB,CAAC,QAAQ,CAAC;IACnE,CAAC;IAED;;OAEG;IACI,kBAAkB,CAAC,QAAgB;QACxC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,UAAU,EAAE,mBAAmB,IAAI,KAAK,CAAC;IAClD,CAAC;IAED;;OAEG;IACI,aAAa,CAAC,QAAgB;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,UAAU,EAAE,cAAc,IAAI,IAAI,CAAC;IAC5C,CAAC;IAED;;OAEG;IACI,YAAY,CAAC,QAAgB;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,UAAU,EAAE,UAAU,IAAI,KAAK,CAAC;IACzC,CAAC;IAED;;OAEG;IACI,UAAU,CAAC,QAAgB;QAChC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,UAAU,EAAE,QAAQ,IAAI,KAAK,CAAC;IACvC,CAAC;IAED;;OAEG;IACI,aAAa,CAAC,QAAgB;QACnC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,qBAAqB,CAAC;IAC7D,CAAC;IAED;;OAEG;IACI,qBAAqB,CAAC,QAAgB;QAC3C,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC1D,CAAC;IAED;;OAEG;IACI,kBAAkB,CAAC,QAAgB;QACxC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,UAAU,EAAE,gBAAgB,IAAI,SAAS,CAAC;IACnD,CAAC;IAED;;OAEG;IACI,sBAAsB,CAAC,QAAgB,EAAE,cAA8B;QAC5E,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC3D,CAAC;IAED;;OAEG;IACI,eAAe;QACpB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACI,4BAA4B,CAAC,KAAyB;QAC3D,OAAO,IAAI,CAAC,eAAe,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE;YACxC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YACrC,OAAO,UAAU,EAAE,cAAc,KAAK,KAAK,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,sBAAsB,CAAC,QAAsB;QAClD,OAAO,IAAI,CAAC,eAAe,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE;YACxC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YACrC,OAAO,UAAU,EAAE,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,mBAAmB,CACxB,QAAgB,EAChB,eAAuB;QAEvB,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAE7B,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;QAE3E,OAAO;YACL,EAAE,EAAE,OAAO,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE;YACnC,SAAS,EAAE,QAAQ;YACnB,WAAW,EAAE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC;YAClD,cAAc,EAAE,UAAU,CAAC,cAAc;YACzC,eAAe,EAAE,UAAU,CAAC,eAAe;YAC3C,gBAAgB,EAAE,eAAe;YACjC,SAAS,EAAE,UAAU,CAAC,mBAAmB;YACzC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;YAC7C,cAAc,EAAE,aAAa;YAC7B,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;YACzC,mBAAmB,EAAE,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC;YACzD,cAAc,EAAE,CAAC,OAAO,CAAC;YACzB,UAAU,EAAE,UAAU,CAAC,UAAU;YACjC,QAAQ,EAAE,UAAU,CAAC,QAAQ;YAC7B,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,MAAc;QACvC,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,SAAS;gBACZ,OAAO,CAAC,CAAC,CAAC,qBAAqB;YACjC,KAAK,SAAS;gBACZ,OAAO,CAAC,CAAC;YACX,KAAK,UAAU;gBACb,OAAO,CAAC,CAAC;YACX,KAAK,QAAQ;gBACX,OAAO,CAAC,CAAC;YACX,KAAK,SAAS;gBACZ,OAAO,EAAE,CAAC;YACZ,KAAK,SAAS;gBACZ,OAAO,CAAC,GAAG,GAAG,CAAC;YACjB,KAAK,YAAY;gBACf,OAAO,YAAY,CAAC;YACtB;gBACE,+BAA+B;gBAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;gBAC3C,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAChC,CAAC;gBACD,OAAO,EAAE,CAAC,CAAC,UAAU;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,QAAgB;QAC7C,MAAM,YAAY,GAA2B;YAC3C,YAAY,EAAE,qDAAqD;YACnE,gBAAgB,EAAE,iCAAiC;YACnD,iBAAiB,EAAE,mCAAmC;YACtD,iBAAiB,EAAE,wCAAwC;YAC3D,uBAAuB,EAAE,4BAA4B;YACrD,eAAe,EAAE,+BAA+B;YAChD,kBAAkB,EAAE,yDAAyD;YAC7E,eAAe,EAAE,oCAAoC;YACrD,iBAAiB,EAAE,4CAA4C;YAC/D,YAAY,EAAE,sCAAsC;YACpD,mBAAmB,EAAE,iCAAiC;YACtD,eAAe,EAAE,6BAA6B;YAC9C,eAAe,EAAE,+BAA+B;YAChD,YAAY,EAAE,uCAAuC;SACtD,CAAC;QAEF,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,iBAAiB,QAAQ,EAAE,CAAC;IAC/D,CAAC;IAED;;OAEG;IACI,kBAAkB,CACvB,QAAgB,EAChB,WAAyC;QAEzC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,sBAAsB,QAAQ,EAAE,CAAC,CAAC;YAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAClC,CAAC;QAED,oBAAoB;QACpB,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,IAAI,UAAU,CAAC,eAAe,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;gBACzD,IAAI,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC;oBACpC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;gBACzD,CAAC;gBACD,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;oBAC3B,MAAM,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;gBAC/E,CAAC;YACH,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,IACE,UAAU,CAAC,cAAc,KAAK,kBAAkB,CAAC,UAAU;gBAC3D,UAAU,CAAC,cAAc,KAAK,kBAAkB,CAAC,SAAS,EAC1D,CAAC;gBACD,IAAI,CAAC,UAAU,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBACrF,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,IAAI,UAAU,CAAC,eAAe,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBACtD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;gBAC3E,IAAI,aAAa,KAAK,YAAY,IAAI,aAAa,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC;oBAC9D,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM;SACP,CAAC;IACJ,CAAC;CACF;AAED,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,cAAc,CAAC,WAAW,EAAE,CAAC;AACtC,CAAC;AAED,+CAA+C;AAC/C,sBAAsB;AACtB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,OAAO,iBAAiB,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,OAAO,iBAAiB,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;AACrD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAgB;IACrD,OAAO,iBAAiB,EAAE,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO,iBAAiB,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,OAAO,iBAAiB,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;AAClD,CAAC"}

package/dist/compliance/data-erasure.d.ts

@@ -0,0 +1,110 @@
+/**
+ * Data Erasure Tool
+ *
+ * Complete deletion of user data with secure wiping.
+ * Implements GDPR Article 17 (Right to Erasure / Right to be Forgotten).
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import type { ErasureRequest, ErasureScope } from "./types.js";
+/**
+ * Data Erasure Manager class
+ */
+export declare class DataErasureManager {
+    private static instance;
+    private erasureLogFile;
+    private erasureRequests;
+    private loaded;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(): DataErasureManager;
+    /**
+     * Load erasure history from storage
+     */
+    private load;
+    /**
+     * Save erasure history to storage
+     */
+    private save;
+    /**
+     * Create a new erasure request
+     */
+    createRequest(scope?: Partial<ErasureScope>): Promise<ErasureRequest>;
+    /**
+     * Confirm and execute an erasure request
+     */
+    confirmAndExecute(requestId: string): Promise<ErasureRequest | null>;
+    /**
+     * Erase notebook library
+     */
+    private eraseNotebooks;
+    /**
+     * Erase user settings
+     */
+    private eraseSettings;
+    /**
+     * Erase browser data
+     */
+    private eraseBrowserData;
+    /**
+     * Erase audit logs
+     */
+    private eraseAuditLogs;
+    /**
+     * Erase encryption keys (crypto shred)
+     */
+    private eraseEncryptionKeys;
+    /**
+     * Erase consent records
+     */
+    private eraseConsentRecords;
+    /**
+     * Erase privacy acknowledgments
+     */
+    private erasePrivacyAcknowledgments;
+    /**
+     * Get erasure request by ID
+     */
+    getRequest(requestId: string): Promise<ErasureRequest | null>;
+    /**
+     * Get all erasure requests
+     */
+    getAllRequests(): Promise<ErasureRequest[]>;
+    /**
+     * Get pending erasure requests
+     */
+    getPendingRequests(): Promise<ErasureRequest[]>;
+    /**
+     * Cancel a pending erasure request
+     */
+    cancelRequest(requestId: string): Promise<boolean>;
+    /**
+     * Get erasure summary
+     */
+    getSummary(): Promise<{
+        total_requests: number;
+        pending_requests: number;
+        completed_requests: number;
+        total_items_deleted: number;
+        total_bytes_deleted: number;
+    }>;
+}
+/**
+ * Get the data erasure manager instance
+ */
+export declare function getDataErasureManager(): DataErasureManager;
+/**
+ * Create a new erasure request
+ */
+export declare function createErasureRequest(scope?: Partial<ErasureScope>): Promise<ErasureRequest>;
+/**
+ * Confirm and execute an erasure request
+ */
+export declare function executeErasureRequest(requestId: string): Promise<ErasureRequest | null>;
+/**
+ * Get pending erasure requests
+ */
+export declare function getPendingErasureRequests(): Promise<ErasureRequest[]>;
+//# sourceMappingURL=data-erasure.d.ts.map

package/dist/compliance/data-erasure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-erasure.d.ts","sourceRoot":"","sources":["../../src/compliance/data-erasure.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAiB,MAAM,YAAY,CAAC;AA2F9E;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAqB;IAC5C,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,eAAe,CAAwB;IAC/C,OAAO,CAAC,MAAM,CAAkB;IAEhC,OAAO;IAKP;;OAEG;WACW,WAAW,IAAI,kBAAkB;IAO/C;;OAEG;YACW,IAAI;IAgBlB;;OAEG;YACW,IAAI;IAalB;;OAEG;IACU,aAAa,CACxB,KAAK,GAAE,OAAO,CAAC,YAAY,CAAM,GAChC,OAAO,CAAC,cAAc,CAAC;IA8C1B;;OAEG;IACU,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IA2EjF;;OAEG;YACW,cAAc;IA8B5B;;OAEG;YACW,aAAa;IA6B3B;;OAEG;YACW,gBAAgB;IA0C9B;;OAEG;YACW,cAAc;IAwB5B;;OAEG;YACW,mBAAmB;IAgCjC;;OAEG;YACW,mBAAmB;IAKjC;;OAEG;YACW,2BAA2B;IAKzC;;OAEG;IACU,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAK1E;;OAEG;IACU,cAAc,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAKxD;;OAEG;IACU,kBAAkB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAK5D;;OAEG;IACU,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA+B/D;;OAEG;IACU,UAAU,IAAI,OAAO,CAAC;QACjC,cAAc,EAAE,MAAM,CAAC;QACvB,gBAAgB,EAAE,MAAM,CAAC;QACzB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,mBAAmB,EAAE,MAAM,CAAC;QAC5B,mBAAmB,EAAE,MAAM,CAAC;KAC7B,CAAC;CAwBH;AAMD;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,kBAAkB,CAE1D;AAMD;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,GAAE,OAAO,CAAC,YAAY,CAAM,GAChC,OAAO,CAAC,cAAc,CAAC,CAEzB;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAE7F;AAED;;GAEG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC,CAE3E"}