@pan-sec/notebooklm-mcp 1.4.0 → 1.7.0

package/dist/compliance/dsar-handler.js

@@ -0,0 +1,371 @@
+/**
+ * Data Subject Access Request (DSAR) Handler
+ *
+ * Handles Data Subject Access Requests as required by GDPR Article 15.
+ * Provides users with information about their personal data processing.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import crypto from "crypto";
+import path from "path";
+import fs from "fs";
+import { getConfig } from "../config.js";
+import { mkdirSecure, writeFileSecure } from "../utils/file-permissions.js";
+import { getComplianceLogger } from "./compliance-logger.js";
+import { getDataInventory } from "./data-inventory.js";
+/**
+ * Generate a UUID v4
+ */
+function generateUUID() {
+    return crypto.randomUUID();
+}
+/**
+ * DSAR Handler class
+ */
+export class DSARHandler {
+    static instance;
+    requestsFile;
+    requests = [];
+    loaded = false;
+    constructor() {
+        const config = getConfig();
+        this.requestsFile = path.join(config.dataDir, "compliance", "dsar-requests.json");
+    }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!DSARHandler.instance) {
+            DSARHandler.instance = new DSARHandler();
+        }
+        return DSARHandler.instance;
+    }
+    /**
+     * Load requests from storage
+     */
+    async load() {
+        if (this.loaded)
+            return;
+        try {
+            if (fs.existsSync(this.requestsFile)) {
+                const content = fs.readFileSync(this.requestsFile, "utf-8");
+                const data = JSON.parse(content);
+                this.requests = data.requests || [];
+            }
+        }
+        catch {
+            this.requests = [];
+        }
+        this.loaded = true;
+    }
+    /**
+     * Save requests to storage
+     */
+    async save() {
+        const dir = path.dirname(this.requestsFile);
+        mkdirSecure(dir);
+        const data = {
+            version: "1.0.0",
+            last_updated: new Date().toISOString(),
+            requests: this.requests,
+        };
+        writeFileSecure(this.requestsFile, JSON.stringify(data, null, 2));
+    }
+    /**
+     * Submit a new DSAR
+     */
+    async submitRequest(type = "access") {
+        await this.load();
+        const request = {
+            request_id: generateUUID(),
+            submitted_at: new Date().toISOString(),
+            type,
+            status: "pending",
+        };
+        this.requests.push(request);
+        await this.save();
+        // Log the request
+        const logger = getComplianceLogger();
+        await logger.logDataAccess("request", { type: "user" }, "dsar", true, {
+            request_id: request.request_id,
+            request_type: type,
+        });
+        return request;
+    }
+    /**
+     * Process a DSAR and generate response
+     */
+    async processRequest(requestId) {
+        await this.load();
+        const request = this.requests.find(r => r.request_id === requestId);
+        if (!request) {
+            return null;
+        }
+        request.status = "processing";
+        await this.save();
+        // Generate response based on request type
+        const response = await this.generateResponse(request);
+        // Update request
+        request.status = "completed";
+        request.completed_at = new Date().toISOString();
+        request.response = response;
+        await this.save();
+        // Log completion
+        const logger = getComplianceLogger();
+        await logger.logDataAccess("view", { type: "user" }, "dsar_response", true, {
+            request_id: requestId,
+            request_type: request.type,
+            data_categories: response.personal_data.length,
+        });
+        return response;
+    }
+    /**
+     * Generate DSAR response
+     */
+    async generateResponse(request) {
+        const inventory = getDataInventory();
+        // Get personal data from inventory
+        const personalDataEntries = await inventory.getPersonalData();
+        const allEntries = await inventory.getAll();
+        // Build personal data section
+        const personalData = [];
+        for (const entry of personalDataEntries) {
+            personalData.push({
+                category: entry.data_type,
+                data: await this.getDataSample(entry),
+                source: "User interaction with NotebookLM MCP Server",
+                retention_period: this.formatRetention(entry.retention_days),
+            });
+        }
+        // Get processing purposes from all entries
+        const processingPurposes = [
+            ...new Set(allEntries.flatMap(e => e.processing_purposes)),
+        ];
+        // Get legal bases
+        const legalBases = [...new Set(allEntries.map(e => e.legal_basis))];
+        // Available rights
+        const availableRights = [
+            "Right of access (GDPR Article 15)",
+            "Right to rectification (GDPR Article 16)",
+            "Right to erasure (GDPR Article 17)",
+            "Right to restriction (GDPR Article 18)",
+            "Right to data portability (GDPR Article 20)",
+            "Right to object (GDPR Article 21)",
+        ];
+        const response = {
+            request_id: request.request_id,
+            submitted_at: request.submitted_at,
+            completed_at: new Date().toISOString(),
+            subject_verified: true, // Local-only, so user is inherently verified
+            personal_data: personalData,
+            processing_purposes: processingPurposes,
+            legal_bases: legalBases,
+            data_recipients: ["None - all data is processed locally"],
+            available_rights: availableRights,
+            format: "json",
+            encrypted: false,
+        };
+        return response;
+    }
+    /**
+     * Get a sample of actual data for DSAR (without sensitive content)
+     */
+    async getDataSample(entry) {
+        // For sensitive data types, just return metadata
+        if (entry.data_categories.includes("credentials") ||
+            entry.data_categories.includes("sensitive_data")) {
+            return {
+                type: entry.data_type,
+                classification: entry.classification,
+                note: "Sensitive data not included in DSAR export for security reasons",
+                exportable: entry.exportable,
+            };
+        }
+        // For other types, try to get actual data
+        try {
+            if (fs.existsSync(entry.storage_location)) {
+                const stats = fs.statSync(entry.storage_location);
+                if (stats.isFile()) {
+                    // For small files, include content summary
+                    if (stats.size < 10000) {
+                        const content = fs.readFileSync(entry.storage_location, "utf-8");
+                        try {
+                            const data = JSON.parse(content);
+                            return {
+                                type: entry.data_type,
+                                record_count: Array.isArray(data) ? data.length : 1,
+                                last_modified: stats.mtime.toISOString(),
+                            };
+                        }
+                        catch {
+                            return {
+                                type: entry.data_type,
+                                size_bytes: stats.size,
+                                last_modified: stats.mtime.toISOString(),
+                            };
+                        }
+                    }
+                    else {
+                        return {
+                            type: entry.data_type,
+                            size_bytes: stats.size,
+                            last_modified: stats.mtime.toISOString(),
+                        };
+                    }
+                }
+                else if (stats.isDirectory()) {
+                    const files = fs.readdirSync(entry.storage_location);
+                    return {
+                        type: entry.data_type,
+                        file_count: files.length,
+                        last_modified: stats.mtime.toISOString(),
+                    };
+                }
+            }
+        }
+        catch {
+            // Data might not be accessible
+        }
+        return {
+            type: entry.data_type,
+            classification: entry.classification,
+            note: "Data location not accessible",
+        };
+    }
+    /**
+     * Format retention period for human readability
+     */
+    formatRetention(days) {
+        if (days === "indefinite") {
+            return "Retained until user deletion";
+        }
+        if (days >= 365) {
+            const years = Math.round(days / 365);
+            return `${years} year${years > 1 ? "s" : ""}`;
+        }
+        if (days >= 30) {
+            const months = Math.round(days / 30);
+            return `${months} month${months > 1 ? "s" : ""}`;
+        }
+        return `${days} day${days > 1 ? "s" : ""}`;
+    }
+    /**
+     * Get request by ID
+     */
+    async getRequest(requestId) {
+        await this.load();
+        return this.requests.find(r => r.request_id === requestId) || null;
+    }
+    /**
+     * Get all requests
+     */
+    async getAllRequests() {
+        await this.load();
+        return [...this.requests];
+    }
+    /**
+     * Get pending requests
+     */
+    async getPendingRequests() {
+        await this.load();
+        return this.requests.filter(r => r.status === "pending" || r.status === "processing");
+    }
+    /**
+     * Submit and process a DSAR immediately (for automated systems)
+     */
+    async submitAndProcess(type = "access") {
+        const request = await this.submitRequest(type);
+        const response = await this.processRequest(request.request_id);
+        if (!response) {
+            throw new Error("Failed to process DSAR request");
+        }
+        return response;
+    }
+    /**
+     * Get summary response (without full personal data)
+     */
+    async getSummaryResponse() {
+        const inventory = getDataInventory();
+        const entries = await inventory.getAll();
+        return {
+            data_categories: [...new Set(entries.flatMap(e => e.data_categories))],
+            processing_purposes: [...new Set(entries.flatMap(e => e.processing_purposes))],
+            legal_bases: [...new Set(entries.map(e => e.legal_basis))],
+            available_rights: [
+                "Access (Article 15)",
+                "Rectification (Article 16)",
+                "Erasure (Article 17)",
+                "Restriction (Article 18)",
+                "Portability (Article 20)",
+                "Objection (Article 21)",
+            ],
+            data_recipients: ["None - local processing only"],
+            exportable_data_types: entries.filter(e => e.exportable).map(e => e.data_type),
+            erasable_data_types: entries.filter(e => e.erasable).map(e => e.data_type),
+        };
+    }
+    /**
+     * Get DSAR statistics
+     */
+    async getStatistics() {
+        await this.load();
+        const byType = {};
+        let totalProcessingTime = 0;
+        let processedCount = 0;
+        for (const request of this.requests) {
+            byType[request.type] = (byType[request.type] || 0) + 1;
+            if (request.completed_at && request.submitted_at) {
+                const submitted = new Date(request.submitted_at);
+                const completed = new Date(request.completed_at);
+                totalProcessingTime += (completed.getTime() - submitted.getTime()) / (1000 * 60 * 60);
+                processedCount++;
+            }
+        }
+        return {
+            total_requests: this.requests.length,
+            pending_requests: this.requests.filter(r => r.status === "pending" || r.status === "processing").length,
+            completed_requests: this.requests.filter(r => r.status === "completed").length,
+            by_type: byType,
+            average_processing_time_hours: processedCount > 0
+                ? Math.round((totalProcessingTime / processedCount) * 100) / 100
+                : undefined,
+        };
+    }
+}
+// ============================================
+// SINGLETON ACCESS
+// ============================================
+/**
+ * Get the DSAR handler instance
+ */
+export function getDSARHandler() {
+    return DSARHandler.getInstance();
+}
+// ============================================
+// CONVENIENCE EXPORTS
+// ============================================
+/**
+ * Submit a new DSAR
+ */
+export async function submitDSAR(type = "access") {
+    return getDSARHandler().submitRequest(type);
+}
+/**
+ * Process a DSAR
+ */
+export async function processDSAR(requestId) {
+    return getDSARHandler().processRequest(requestId);
+}
+/**
+ * Submit and process a DSAR immediately
+ */
+export async function handleDSAR(type = "access") {
+    return getDSARHandler().submitAndProcess(type);
+}
+/**
+ * Get DSAR summary response
+ */
+export async function getDSARSummary() {
+    return getDSARHandler().getSummaryResponse();
+}
+//# sourceMappingURL=dsar-handler.js.map

package/dist/compliance/dsar-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dsar-handler.js","sourceRoot":"","sources":["../../src/compliance/dsar-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD;;GAEG;AACH,SAAS,YAAY;IACnB,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;AAC7B,CAAC;AAeD;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,MAAM,CAAC,QAAQ,CAAc;IAC7B,YAAY,CAAS;IACrB,QAAQ,GAAkB,EAAE,CAAC;IAC7B,MAAM,GAAY,KAAK,CAAC;IAEhC;QACE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,EAAE,oBAAoB,CAAC,CAAC;IACpF,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,WAAW,CAAC,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QAExB,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBACrC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;gBAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACjC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;YACtC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACrB,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5C,WAAW,CAAC,GAAG,CAAC,CAAC;QAEjB,MAAM,IAAI,GAAG;YACX,OAAO,EAAE,OAAO;YAChB,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtC,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC;QAEF,eAAe,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CACxB,OAA4B,QAAQ;QAEpC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,OAAO,GAAgB;YAC3B,UAAU,EAAE,YAAY,EAAE;YAC1B,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtC,IAAI;YACJ,MAAM,EAAE,SAAS;SAClB,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,kBAAkB;QAClB,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,aAAa,CACxB,SAAS,EACT,EAAE,IAAI,EAAE,MAAM,EAAE,EAChB,MAAM,EACN,IAAI,EACJ;YACE,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,IAAI;SACnB,CACF,CAAC;QAEF,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc,CAAC,SAAiB;QAC3C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC;QACpE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC;QAC9B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,0CAA0C;QAC1C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAEtD,iBAAiB;QACjB,OAAO,CAAC,MAAM,GAAG,WAAW,CAAC;QAC7B,OAAO,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC5B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,iBAAiB;QACjB,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,aAAa,CACxB,MAAM,EACN,EAAE,IAAI,EAAE,MAAM,EAAE,EAChB,eAAe,EACf,IAAI,EACJ;YACE,UAAU,EAAE,SAAS;YACrB,YAAY,EAAE,OAAO,CAAC,IAAI;YAC1B,eAAe,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM;SAC/C,CACF,CAAC;QAEF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAAC,OAAoB;QACjD,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;QAErC,mCAAmC;QACnC,MAAM,mBAAmB,GAAG,MAAM,SAAS,CAAC,eAAe,EAAE,CAAC;QAC9D,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,CAAC;QAE5C,8BAA8B;QAC9B,MAAM,YAAY,GAAkC,EAAE,CAAC;QAEvD,KAAK,MAAM,KAAK,IAAI,mBAAmB,EAAE,CAAC;YACxC,YAAY,CAAC,IAAI,CAAC;gBAChB,QAAQ,EAAE,KAAK,CAAC,SAAS;gBACzB,IAAI,EAAE,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;gBACrC,MAAM,EAAE,6CAA6C;gBACrD,gBAAgB,EAAE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,cAAc,CAAC;aAC7D,CAAC,CAAC;QACL,CAAC;QAED,2CAA2C;QAC3C,MAAM,kBAAkB,GAAG;YACzB,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC;SAC3D,CAAC;QAEF,kBAAkB;QAClB,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;QAEpE,mBAAmB;QACnB,MAAM,eAAe,GAAG;YACtB,mCAAmC;YACnC,0CAA0C;YAC1C,oCAAoC;YACpC,wCAAwC;YACxC,6CAA6C;YAC7C,mCAAmC;SACpC,CAAC;QAEF,MAAM,QAAQ,GAAiB;YAC7B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtC,gBAAgB,EAAE,IAAI,EAAE,6CAA6C;YAErE,aAAa,EAAE,YAAY;YAE3B,mBAAmB,EAAE,kBAAkB;YACvC,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,CAAC,sCAAsC,CAAC;YAEzD,gBAAgB,EAAE,eAAe;YAEjC,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,KAAK;SACjB,CAAC;QAEF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,KAAyB;QACnD,iDAAiD;QACjD,IACE,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,aAAa,CAAC;YAC7C,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAChD,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,KAAK,CAAC,SAAS;gBACrB,cAAc,EAAE,KAAK,CAAC,cAAc;gBACpC,IAAI,EAAE,iEAAiE;gBACvE,UAAU,EAAE,KAAK,CAAC,UAAU;aAC7B,CAAC;QACJ,CAAC;QAED,0CAA0C;QAC1C,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;gBAElD,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;oBACnB,2CAA2C;oBAC3C,IAAI,KAAK,CAAC,IAAI,GAAG,KAAK,EAAE,CAAC;wBACvB,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;wBACjE,IAAI,CAAC;4BACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;4BACjC,OAAO;gCACL,IAAI,EAAE,KAAK,CAAC,SAAS;gCACrB,YAAY,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gCACnD,aAAa,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE;6BACzC,CAAC;wBACJ,CAAC;wBAAC,MAAM,CAAC;4BACP,OAAO;gCACL,IAAI,EAAE,KAAK,CAAC,SAAS;gCACrB,UAAU,EAAE,KAAK,CAAC,IAAI;gCACtB,aAAa,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE;6BACzC,CAAC;wBACJ,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,OAAO;4BACL,IAAI,EAAE,KAAK,CAAC,SAAS;4BACrB,UAAU,EAAE,KAAK,CAAC,IAAI;4BACtB,aAAa,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE;yBACzC,CAAC;oBACJ,CAAC;gBACH,CAAC;qBAAM,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;oBAC/B,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;oBACrD,OAAO;wBACL,IAAI,EAAE,KAAK,CAAC,SAAS;wBACrB,UAAU,EAAE,KAAK,CAAC,MAAM;wBACxB,aAAa,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE;qBACzC,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;QAED,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,SAAS;YACrB,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,IAAI,EAAE,8BAA8B;SACrC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,IAA2B;QACjD,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;YAC1B,OAAO,8BAA8B,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;YACrC,OAAO,GAAG,KAAK,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAChD,CAAC;QAED,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC;YACrC,OAAO,GAAG,MAAM,SAAS,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACnD,CAAC;QAED,OAAO,GAAG,IAAI,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CAAC,SAAiB;QACvC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,IAAI,CAAC;IACrE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc;QACzB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,kBAAkB;QAC7B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC;IACxF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB,CAC3B,OAA4B,QAAQ;QAEpC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE/D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,kBAAkB;QAS7B,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,CAAC;QAEzC,OAAO;YACL,eAAe,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC;YACtE,mBAAmB,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC;YAC9E,WAAW,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;YAC1D,gBAAgB,EAAE;gBAChB,qBAAqB;gBACrB,4BAA4B;gBAC5B,sBAAsB;gBACtB,0BAA0B;gBAC1B,0BAA0B;gBAC1B,wBAAwB;aACzB;YACD,eAAe,EAAE,CAAC,8BAA8B,CAAC;YACjD,qBAAqB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,mBAAmB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3E,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa;QAOxB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAElB,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,IAAI,mBAAmB,GAAG,CAAC,CAAC;QAC5B,IAAI,cAAc,GAAG,CAAC,CAAC;QAEvB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAEvD,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBACjD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;gBACjD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;gBACjD,mBAAmB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;gBACtF,cAAc,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;QAED,OAAO;YACL,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;YACpC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC,MAAM;YACvG,kBAAkB,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,MAAM;YAC9E,OAAO,EAAE,MAAM;YACf,6BAA6B,EAAE,cAAc,GAAG,CAAC;gBAC/C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,mBAAmB,GAAG,cAAc,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG;gBAChE,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;CACF;AAED,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,WAAW,CAAC,WAAW,EAAE,CAAC;AACnC,CAAC;AAED,+CAA+C;AAC/C,sBAAsB;AACtB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAA4B,QAAQ;IAEpC,OAAO,cAAc,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,SAAiB;IACjD,OAAO,cAAc,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAA4B,QAAQ;IAEpC,OAAO,cAAc,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,OAAO,cAAc,EAAE,CAAC,kBAAkB,EAAE,CAAC;AAC/C,CAAC"}

package/dist/compliance/evidence-collector.d.ts

@@ -0,0 +1,187 @@
+/**
+ * Evidence Collector
+ *
+ * Collects and packages evidence for compliance audits.
+ * Creates audit-ready evidence packages with integrity verification.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+/**
+ * Evidence types
+ */
+export type EvidenceType = "audit_logs" | "consent_records" | "data_inventory" | "dsar_records" | "incident_records" | "change_records" | "policy_documents" | "compliance_reports" | "configuration" | "integrity_proofs";
+/**
+ * Evidence item
+ */
+export interface EvidenceItem {
+    id: string;
+    type: EvidenceType;
+    title: string;
+    description: string;
+    collected_at: string;
+    source: string;
+    checksum: string;
+    size_bytes: number;
+    data: unknown;
+}
+/**
+ * Evidence package
+ */
+export interface EvidencePackage {
+    package_id: string;
+    created_at: string;
+    created_by: string;
+    purpose: string;
+    period: {
+        from: string;
+        to: string;
+    };
+    regulations: string[];
+    items: EvidenceItem[];
+    manifest: {
+        total_items: number;
+        total_size_bytes: number;
+        types_included: EvidenceType[];
+        package_checksum: string;
+    };
+    chain_of_custody: Array<{
+        timestamp: string;
+        action: string;
+        actor: string;
+        details?: string;
+    }>;
+}
+/**
+ * Collection options
+ */
+export interface CollectionOptions {
+    from?: Date;
+    to?: Date;
+    types?: EvidenceType[];
+    regulations?: string[];
+    purpose?: string;
+    includeRawData?: boolean;
+}
+/**
+ * Evidence Collector class
+ */
+export declare class EvidenceCollector {
+    private static instance;
+    private evidenceDir;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(): EvidenceCollector;
+    /**
+     * Collect evidence package
+     */
+    collectEvidence(options?: CollectionOptions): Promise<EvidencePackage>;
+    /**
+     * Get default evidence types
+     */
+    private getDefaultTypes;
+    /**
+     * Collect specific evidence type
+     */
+    private collectEvidenceType;
+    /**
+     * Collect audit logs
+     */
+    private collectAuditLogs;
+    /**
+     * Collect consent records
+     */
+    private collectConsentRecords;
+    /**
+     * Collect data inventory
+     */
+    private collectDataInventory;
+    /**
+     * Collect DSAR records
+     */
+    private collectDSARRecords;
+    /**
+     * Collect incident records
+     */
+    private collectIncidentRecords;
+    /**
+     * Collect change records
+     */
+    private collectChangeRecords;
+    /**
+     * Collect policy documents
+     */
+    private collectPolicyDocuments;
+    /**
+     * Collect compliance reports
+     */
+    private collectComplianceReports;
+    /**
+     * Collect configuration evidence
+     */
+    private collectConfiguration;
+    /**
+     * Collect integrity proofs
+     */
+    private collectIntegrityProofs;
+    /**
+     * Save evidence package to disk
+     */
+    savePackage(evidencePackage: EvidencePackage, outputDir?: string): Promise<string>;
+    /**
+     * Load evidence package from disk
+     */
+    loadPackage(packageId: string): Promise<EvidencePackage | null>;
+    /**
+     * Verify evidence package integrity
+     */
+    verifyPackageIntegrity(evidencePackage: EvidencePackage): {
+        valid: boolean;
+        errors: string[];
+    };
+    /**
+     * List saved evidence packages
+     */
+    listPackages(): Array<{
+        package_id: string;
+        created_at: string;
+        purpose: string;
+        item_count: number;
+    }>;
+    /**
+     * Create evidence package for specific regulation
+     */
+    collectRegulationEvidence(regulation: "GDPR" | "SOC2" | "CSSF", options?: Omit<CollectionOptions, "regulations" | "types">): Promise<EvidencePackage>;
+}
+/**
+ * Get the evidence collector instance
+ */
+export declare function getEvidenceCollector(): EvidenceCollector;
+/**
+ * Collect evidence package
+ */
+export declare function collectEvidence(options?: CollectionOptions): Promise<EvidencePackage>;
+/**
+ * Collect and save evidence package
+ */
+export declare function collectAndSaveEvidence(options?: CollectionOptions): Promise<{
+    package: EvidencePackage;
+    filePath: string;
+}>;
+/**
+ * Collect regulation-specific evidence
+ */
+export declare function collectRegulationEvidence(regulation: "GDPR" | "SOC2" | "CSSF", options?: Omit<CollectionOptions, "regulations" | "types">): Promise<EvidencePackage>;
+/**
+ * Verify evidence package integrity
+ */
+export declare function verifyEvidence(evidencePackage: EvidencePackage): {
+    valid: boolean;
+    errors: string[];
+};
+/**
+ * List saved evidence packages
+ */
+export declare function listEvidencePackages(): ReturnType<EvidenceCollector["listPackages"]>;
+//# sourceMappingURL=evidence-collector.d.ts.map

package/dist/compliance/evidence-collector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence-collector.d.ts","sourceRoot":"","sources":["../../src/compliance/evidence-collector.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAkBH;;GAEG;AACH,MAAM,MAAM,YAAY,GACpB,YAAY,GACZ,iBAAiB,GACjB,gBAAgB,GAChB,cAAc,GACd,kBAAkB,GAClB,gBAAgB,GAChB,kBAAkB,GAClB,oBAAoB,GACpB,eAAe,GACf,kBAAkB,CAAC;AAEvB;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,OAAO,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,EAAE,EAAE,MAAM,CAAC;KACZ,CAAC;IACF,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,QAAQ,EAAE;QACR,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,EAAE,YAAY,EAAE,CAAC;QAC/B,gBAAgB,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,gBAAgB,EAAE,KAAK,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,CAAC,EAAE,IAAI,CAAC;IACZ,EAAE,CAAC,EAAE,IAAI,CAAC;IACV,KAAK,CAAC,EAAE,YAAY,EAAE,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAoB;IAC3C,OAAO,CAAC,WAAW,CAAS;IAE5B,OAAO;IAMP;;OAEG;WACW,WAAW,IAAI,iBAAiB;IAO9C;;OAEG;IACU,eAAe,CAC1B,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,eAAe,CAAC;IA4D3B;;OAEG;IACH,OAAO,CAAC,eAAe;IAevB;;OAEG;YACW,mBAAmB;IAmCjC;;OAEG;YACW,gBAAgB;IAmC9B;;OAEG;YACW,qBAAqB;IAoCnC;;OAEG;YACW,oBAAoB;IA+BlC;;OAEG;YACW,kBAAkB;IA0ChC;;OAEG;YACW,sBAAsB;IA6CpC;;OAEG;YACW,oBAAoB;IAwClC;;OAEG;YACW,sBAAsB;IAuCpC;;OAEG;YACW,wBAAwB;IAqCtC;;OAEG;YACW,oBAAoB;IAgDlC;;OAEG;YACW,sBAAsB;IA6BpC;;OAEG;IACU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC;IAoBlB;;OAEG;IACU,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAqB5E;;OAEG;IACI,sBAAsB,CAC3B,eAAe,EAAE,eAAe,GAC/B;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE;IA2BvC;;OAEG;IACI,YAAY,IAAI,KAAK,CAAC;QAC3B,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IAkCF;;OAEG;IACU,yBAAyB,CACpC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EACpC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,GAAG,OAAO,CAAM,GAC7D,OAAO,CAAC,eAAe,CAAC;CA2C5B;AAMD;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,iBAAiB,CAExD;AAMD;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,CAAC,EAAE,iBAAiB,GAC1B,OAAO,CAAC,eAAe,CAAC,CAE1B;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,CAAC,EAAE,iBAAiB,GAC1B,OAAO,CAAC;IAAE,OAAO,EAAE,eAAe,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAKzD;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EACpC,OAAO,CAAC,EAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,GAAG,OAAO,CAAC,GACzD,OAAO,CAAC,eAAe,CAAC,CAE1B;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,eAAe,EAAE,eAAe,GAC/B;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAEtC;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,UAAU,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAEpF"}