@pan-sec/notebooklm-mcp 1.4.0 → 1.7.0

package/dist/compliance/alert-manager.js

@@ -0,0 +1,420 @@
+/**
+ * Alert Manager
+ *
+ * Sends alerts for security and compliance events.
+ * Supports multiple channels: console, file, webhook, email.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import crypto from "crypto";
+import path from "path";
+import https from "https";
+import { getConfig } from "../config.js";
+import { mkdirSecure, appendFileSecure } from "../utils/file-permissions.js";
+/**
+ * Generate a UUID v4
+ */
+function generateUUID() {
+    return crypto.randomUUID();
+}
+/**
+ * Get alert configuration from environment
+ */
+function getAlertConfig() {
+    return {
+        enabled: process.env.NLMCP_ALERTS_ENABLED !== "false",
+        channels: {
+            console: true,
+            file: process.env.NLMCP_ALERTS_FILE ? {
+                path: process.env.NLMCP_ALERTS_FILE,
+                format: "json",
+            } : undefined,
+            webhook: process.env.NLMCP_ALERTS_WEBHOOK_URL ? {
+                url: process.env.NLMCP_ALERTS_WEBHOOK_URL,
+                headers: process.env.NLMCP_ALERTS_WEBHOOK_HEADERS
+                    ? JSON.parse(process.env.NLMCP_ALERTS_WEBHOOK_HEADERS)
+                    : undefined,
+            } : undefined,
+        },
+        min_severity: process.env.NLMCP_ALERTS_MIN_SEVERITY || "warning",
+        cooldown_seconds: parseInt(process.env.NLMCP_ALERTS_COOLDOWN || "300", 10),
+        max_alerts_per_hour: parseInt(process.env.NLMCP_ALERTS_MAX_PER_HOUR || "60", 10),
+    };
+}
+/**
+ * Severity level ordering
+ */
+const SEVERITY_LEVELS = {
+    info: 0,
+    warning: 1,
+    error: 2,
+    critical: 3,
+};
+/**
+ * Alert Manager class
+ */
+export class AlertManager {
+    static instance;
+    config;
+    alertHistory = new Map(); // key -> last alert timestamp
+    hourlyAlerts = [];
+    alertsDir;
+    constructor() {
+        this.config = getAlertConfig();
+        const config = getConfig();
+        this.alertsDir = path.join(config.dataDir, "alerts");
+        if (this.config.enabled && this.config.channels.file) {
+            mkdirSecure(this.alertsDir);
+        }
+    }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!AlertManager.instance) {
+            AlertManager.instance = new AlertManager();
+        }
+        return AlertManager.instance;
+    }
+    /**
+     * Check if alert should be sent based on severity
+     */
+    meetsMinimumSeverity(severity) {
+        return SEVERITY_LEVELS[severity] >= SEVERITY_LEVELS[this.config.min_severity];
+    }
+    /**
+     * Check if alert is within cooldown period
+     */
+    isInCooldown(key) {
+        const lastAlert = this.alertHistory.get(key);
+        if (!lastAlert)
+            return false;
+        const elapsed = (Date.now() - lastAlert) / 1000;
+        return elapsed < this.config.cooldown_seconds;
+    }
+    /**
+     * Check if hourly limit is exceeded
+     */
+    isHourlyLimitExceeded() {
+        const oneHourAgo = Date.now() - 60 * 60 * 1000;
+        this.hourlyAlerts = this.hourlyAlerts.filter(a => a.timestamp > oneHourAgo);
+        return this.hourlyAlerts.length >= this.config.max_alerts_per_hour;
+    }
+    /**
+     * Record that an alert was sent
+     */
+    recordAlert(key) {
+        this.alertHistory.set(key, Date.now());
+        this.hourlyAlerts.push({ timestamp: Date.now() });
+    }
+    /**
+     * Generate a unique key for deduplication
+     */
+    generateKey(severity, title, source) {
+        return `${severity}:${title}:${source}`;
+    }
+    /**
+     * Send an alert
+     */
+    async sendAlert(severity, title, message, source, details) {
+        if (!this.config.enabled) {
+            return null;
+        }
+        // Check severity
+        if (!this.meetsMinimumSeverity(severity)) {
+            return null;
+        }
+        // Check cooldown
+        const key = this.generateKey(severity, title, source);
+        if (this.isInCooldown(key)) {
+            return null;
+        }
+        // Check hourly limit
+        if (this.isHourlyLimitExceeded()) {
+            // Log that we're rate limiting, but only once per hour
+            if (!this.isInCooldown("rate_limit_warning")) {
+                console.warn("[AlertManager] Hourly alert limit exceeded, suppressing alerts");
+                this.recordAlert("rate_limit_warning");
+            }
+            return null;
+        }
+        // Create alert
+        const alert = {
+            id: generateUUID(),
+            timestamp: new Date().toISOString(),
+            severity,
+            title,
+            message,
+            source,
+            details,
+            sent_to: [],
+        };
+        // Send to all configured channels
+        const results = await Promise.allSettled([
+            this.sendToConsole(alert),
+            this.sendToFile(alert),
+            this.sendToWebhook(alert),
+        ]);
+        // Record sent channels
+        if (results[0].status === "fulfilled" && results[0].value) {
+            alert.sent_to.push("console");
+        }
+        if (results[1].status === "fulfilled" && results[1].value) {
+            alert.sent_to.push("file");
+        }
+        if (results[2].status === "fulfilled" && results[2].value) {
+            alert.sent_to.push("webhook");
+        }
+        // Record this alert
+        this.recordAlert(key);
+        return alert;
+    }
+    /**
+     * Send alert to console
+     */
+    async sendToConsole(alert) {
+        if (!this.config.channels.console) {
+            return false;
+        }
+        const icon = this.getSeverityIcon(alert.severity);
+        const timestamp = new Date(alert.timestamp).toLocaleTimeString();
+        console.log(`${icon} [${timestamp}] ${alert.title}`);
+        console.log(`   ${alert.message}`);
+        if (alert.details) {
+            console.log(`   Details: ${JSON.stringify(alert.details)}`);
+        }
+        return true;
+    }
+    /**
+     * Send alert to file
+     */
+    async sendToFile(alert) {
+        if (!this.config.channels.file) {
+            return false;
+        }
+        try {
+            const filePath = this.config.channels.file.path || path.join(this.alertsDir, `alerts-${new Date().toISOString().split("T")[0]}.jsonl`);
+            const line = this.config.channels.file.format === "json"
+                ? JSON.stringify(alert) + "\n"
+                : `${alert.timestamp} [${alert.severity.toUpperCase()}] ${alert.title}: ${alert.message}\n`;
+            appendFileSecure(filePath, line);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Send alert to webhook
+     */
+    async sendToWebhook(alert) {
+        if (!this.config.channels.webhook?.url) {
+            return false;
+        }
+        try {
+            const url = new URL(this.config.channels.webhook.url);
+            // Format message for common webhook services
+            const body = this.formatWebhookBody(alert);
+            return new Promise((resolve) => {
+                const req = https.request({
+                    hostname: url.hostname,
+                    port: url.port || 443,
+                    path: url.pathname + url.search,
+                    method: "POST",
+                    headers: {
+                        "Content-Type": "application/json",
+                        ...this.config.channels.webhook?.headers,
+                    },
+                    timeout: 10000,
+                }, (res) => {
+                    resolve(res.statusCode !== undefined && res.statusCode >= 200 && res.statusCode < 300);
+                });
+                req.on("error", () => resolve(false));
+                req.on("timeout", () => {
+                    req.destroy();
+                    resolve(false);
+                });
+                req.write(JSON.stringify(body));
+                req.end();
+            });
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Format webhook body for common services (Slack, Teams, generic)
+     */
+    formatWebhookBody(alert) {
+        const url = this.config.channels.webhook?.url || "";
+        // Slack format
+        if (url.includes("slack.com")) {
+            return {
+                text: `${this.getSeverityIcon(alert.severity)} *${alert.title}*`,
+                attachments: [
+                    {
+                        color: this.getSeverityColor(alert.severity),
+                        text: alert.message,
+                        fields: alert.details
+                            ? Object.entries(alert.details).map(([k, v]) => ({
+                                title: k,
+                                value: String(v),
+                                short: true,
+                            }))
+                            : [],
+                        footer: `Source: ${alert.source}`,
+                        ts: Math.floor(new Date(alert.timestamp).getTime() / 1000),
+                    },
+                ],
+            };
+        }
+        // Microsoft Teams format
+        if (url.includes("office.com") || url.includes("microsoft.com")) {
+            return {
+                "@type": "MessageCard",
+                "@context": "http://schema.org/extensions",
+                themeColor: this.getSeverityColor(alert.severity).replace("#", ""),
+                summary: alert.title,
+                sections: [
+                    {
+                        activityTitle: `${this.getSeverityIcon(alert.severity)} ${alert.title}`,
+                        activitySubtitle: alert.source,
+                        facts: alert.details
+                            ? Object.entries(alert.details).map(([k, v]) => ({
+                                name: k,
+                                value: String(v),
+                            }))
+                            : [],
+                        text: alert.message,
+                    },
+                ],
+            };
+        }
+        // Generic format
+        return {
+            alert_id: alert.id,
+            severity: alert.severity,
+            title: alert.title,
+            message: alert.message,
+            source: alert.source,
+            timestamp: alert.timestamp,
+            details: alert.details,
+        };
+    }
+    /**
+     * Get severity icon
+     */
+    getSeverityIcon(severity) {
+        switch (severity) {
+            case "critical":
+                return "🚨";
+            case "error":
+                return "❌";
+            case "warning":
+                return "⚠️";
+            case "info":
+                return "ℹ️";
+        }
+    }
+    /**
+     * Get severity color (for webhooks)
+     */
+    getSeverityColor(severity) {
+        switch (severity) {
+            case "critical":
+                return "#FF0000";
+            case "error":
+                return "#FF6600";
+            case "warning":
+                return "#FFCC00";
+            case "info":
+                return "#0066FF";
+        }
+    }
+    // ============================================
+    // CONVENIENCE METHODS
+    // ============================================
+    /**
+     * Send a critical alert
+     */
+    async critical(title, message, source, details) {
+        return this.sendAlert("critical", title, message, source, details);
+    }
+    /**
+     * Send an error alert
+     */
+    async error(title, message, source, details) {
+        return this.sendAlert("error", title, message, source, details);
+    }
+    /**
+     * Send a warning alert
+     */
+    async warning(title, message, source, details) {
+        return this.sendAlert("warning", title, message, source, details);
+    }
+    /**
+     * Send an info alert
+     */
+    async info(title, message, source, details) {
+        return this.sendAlert("info", title, message, source, details);
+    }
+    /**
+     * Get alert statistics
+     */
+    getStats() {
+        const channels = [];
+        if (this.config.channels.console)
+            channels.push("console");
+        if (this.config.channels.file)
+            channels.push("file");
+        if (this.config.channels.webhook)
+            channels.push("webhook");
+        const oneHourAgo = Date.now() - 60 * 60 * 1000;
+        const alertsThisHour = this.hourlyAlerts.filter(a => a.timestamp > oneHourAgo).length;
+        return {
+            enabled: this.config.enabled,
+            min_severity: this.config.min_severity,
+            cooldown_seconds: this.config.cooldown_seconds,
+            max_alerts_per_hour: this.config.max_alerts_per_hour,
+            alerts_this_hour: alertsThisHour,
+            channels,
+        };
+    }
+    /**
+     * Update configuration at runtime
+     */
+    updateConfig(updates) {
+        this.config = { ...this.config, ...updates };
+    }
+}
+// ============================================
+// SINGLETON ACCESS
+// ============================================
+/**
+ * Get the alert manager instance
+ */
+export function getAlertManager() {
+    return AlertManager.getInstance();
+}
+// ============================================
+// CONVENIENCE EXPORTS
+// ============================================
+/**
+ * Send an alert
+ */
+export async function sendAlert(severity, title, message, source, details) {
+    return getAlertManager().sendAlert(severity, title, message, source, details);
+}
+/**
+ * Send a critical alert
+ */
+export async function alertCritical(title, message, source, details) {
+    return getAlertManager().critical(title, message, source, details);
+}
+/**
+ * Send a warning alert
+ */
+export async function alertWarning(title, message, source, details) {
+    return getAlertManager().warning(title, message, source, details);
+}
+//# sourceMappingURL=alert-manager.js.map

package/dist/compliance/alert-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"alert-manager.js","sourceRoot":"","sources":["../../src/compliance/alert-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAG7E;;GAEG;AACH,SAAS,YAAY;IACnB,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,SAAS,cAAc;IACrB,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,OAAO;QACrD,QAAQ,EAAE;YACR,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC;gBACpC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;gBACnC,MAAM,EAAE,MAAM;aACf,CAAC,CAAC,CAAC,SAAS;YACb,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC,CAAC;gBAC9C,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;gBACzC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,4BAA4B;oBAC/C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;oBACtD,CAAC,CAAC,SAAS;aACd,CAAC,CAAC,CAAC,SAAS;SACd;QACD,YAAY,EAAG,OAAO,CAAC,GAAG,CAAC,yBAA2C,IAAI,SAAS;QACnF,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,KAAK,EAAE,EAAE,CAAC;QAC1E,mBAAmB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,IAAI,EAAE,EAAE,CAAC;KACjF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,eAAe,GAAkC;IACrD,IAAI,EAAE,CAAC;IACP,OAAO,EAAE,CAAC;IACV,KAAK,EAAE,CAAC;IACR,QAAQ,EAAE,CAAC;CACZ,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,YAAY;IACf,MAAM,CAAC,QAAQ,CAAe;IAC9B,MAAM,CAAc;IACpB,YAAY,GAAwB,IAAI,GAAG,EAAE,CAAC,CAAC,8BAA8B;IAC7E,YAAY,GAA4B,EAAE,CAAC;IAC3C,SAAS,CAAS;IAE1B;QACE,IAAI,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAErD,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACrD,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC3B,YAAY,CAAC,QAAQ,GAAG,IAAI,YAAY,EAAE,CAAC;QAC7C,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,QAAuB;QAClD,OAAO,eAAe,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAChF,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,GAAW;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QAE7B,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC;QAChD,OAAO,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;IAChD,CAAC;IAED;;OAEG;IACK,qBAAqB;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC/C,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,UAAU,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;IACrE,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,GAAW;QAC7B,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,QAAuB,EAAE,KAAa,EAAE,MAAc;QACxE,OAAO,GAAG,QAAQ,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,SAAS,CACpB,QAAuB,EACvB,KAAa,EACb,OAAe,EACf,MAAc,EACd,OAAiC;QAEjC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iBAAiB;QACjB,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iBAAiB;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAI,CAAC,qBAAqB,EAAE,EAAE,CAAC;YACjC,uDAAuD;YACvD,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC7C,OAAO,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;gBAC/E,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC;YACzC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,eAAe;QACf,MAAM,KAAK,GAAU;YACnB,EAAE,EAAE,YAAY,EAAE;YAClB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,QAAQ;YACR,KAAK;YACL,OAAO;YACP,MAAM;YACN,OAAO;YACP,OAAO,EAAE,EAAE;SACZ,CAAC;QAEF,kCAAkC;QAClC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC;YACvC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;YACzB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YACtB,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;SAC1B,CAAC,CAAC;QAEH,uBAAuB;QACvB,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;YAC1D,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;YAC1D,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;YAC1D,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAEtB,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,KAAY;QACtC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,kBAAkB,EAAE,CAAC;QAEjE,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,KAAK,SAAS,KAAK,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACnC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,KAAY;QACnC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAC1D,IAAI,CAAC,SAAS,EACd,UAAU,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CACzD,CAAC;YAEF,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM;gBACtD,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI;gBAC9B,CAAC,CAAC,GAAG,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,OAAO,IAAI,CAAC;YAE9F,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,KAAY;QACtC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAEtD,6CAA6C;YAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAE3C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC7B,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CACvB;oBACE,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,GAAG;oBACrB,IAAI,EAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM;oBAC/B,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;wBAClC,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO;qBACzC;oBACD,OAAO,EAAE,KAAK;iBACf,EACD,CAAC,GAAG,EAAE,EAAE;oBACN,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,SAAS,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC;gBACzF,CAAC,CACF,CAAC;gBAEF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;gBACtC,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;oBACrB,GAAG,CAAC,OAAO,EAAE,CAAC;oBACd,OAAO,CAAC,KAAK,CAAC,CAAC;gBACjB,CAAC,CAAC,CAAC;gBAEH,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBAChC,GAAG,CAAC,GAAG,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,KAAY;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;QAEpD,eAAe;QACf,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,IAAI,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,KAAK,CAAC,KAAK,GAAG;gBAChE,WAAW,EAAE;oBACX;wBACE,KAAK,EAAE,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC;wBAC5C,IAAI,EAAE,KAAK,CAAC,OAAO;wBACnB,MAAM,EAAE,KAAK,CAAC,OAAO;4BACnB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gCAC7C,KAAK,EAAE,CAAC;gCACR,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;gCAChB,KAAK,EAAE,IAAI;6BACZ,CAAC,CAAC;4BACL,CAAC,CAAC,EAAE;wBACN,MAAM,EAAE,WAAW,KAAK,CAAC,MAAM,EAAE;wBACjC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;qBAC3D;iBACF;aACF,CAAC;QACJ,CAAC;QAED,yBAAyB;QACzB,IAAI,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YAChE,OAAO;gBACL,OAAO,EAAE,aAAa;gBACtB,UAAU,EAAE,8BAA8B;gBAC1C,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;gBAClE,OAAO,EAAE,KAAK,CAAC,KAAK;gBACpB,QAAQ,EAAE;oBACR;wBACE,aAAa,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE;wBACvE,gBAAgB,EAAE,KAAK,CAAC,MAAM;wBAC9B,KAAK,EAAE,KAAK,CAAC,OAAO;4BAClB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gCAC7C,IAAI,EAAE,CAAC;gCACP,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;6BACjB,CAAC,CAAC;4BACL,CAAC,CAAC,EAAE;wBACN,IAAI,EAAE,KAAK,CAAC,OAAO;qBACpB;iBACF;aACF,CAAC;QACJ,CAAC;QAED,iBAAiB;QACjB,OAAO;YACL,QAAQ,EAAE,KAAK,CAAC,EAAE;YAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,QAAuB;QAC7C,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,UAAU;gBACb,OAAO,IAAI,CAAC;YACd,KAAK,OAAO;gBACV,OAAO,GAAG,CAAC;YACb,KAAK,SAAS;gBACZ,OAAO,IAAI,CAAC;YACd,KAAK,MAAM;gBACT,OAAO,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,QAAuB;QAC9C,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,UAAU;gBACb,OAAO,SAAS,CAAC;YACnB,KAAK,OAAO;gBACV,OAAO,SAAS,CAAC;YACnB,KAAK,SAAS;gBACZ,OAAO,SAAS,CAAC;YACnB,KAAK,MAAM;gBACT,OAAO,SAAS,CAAC;QACrB,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,sBAAsB;IACtB,+CAA+C;IAE/C;;OAEG;IACI,KAAK,CAAC,QAAQ,CACnB,KAAa,EACb,OAAe,EACf,MAAc,EACd,OAAiC;QAEjC,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,KAAK,CAChB,KAAa,EACb,OAAe,EACf,MAAc,EACd,OAAiC;QAEjC,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAClB,KAAa,EACb,OAAe,EACf,MAAc,EACd,OAAiC;QAEjC,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,IAAI,CACf,KAAa,EACb,OAAe,EACf,MAAc,EACd,OAAiC;QAEjC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACI,QAAQ;QAQb,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI;YAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrD,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE3D,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC/C,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,UAAU,CAAC,CAAC,MAAM,CAAC;QAEtF,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;YACtC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB;YAC9C,mBAAmB,EAAE,IAAI,CAAC,MAAM,CAAC,mBAAmB;YACpD,gBAAgB,EAAE,cAAc;YAChC,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,YAAY,CAAC,OAA6B;QAC/C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,OAAO,EAAE,CAAC;IAC/C,CAAC;CACF;AAED,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,YAAY,CAAC,WAAW,EAAE,CAAC;AACpC,CAAC;AAED,+CAA+C;AAC/C,sBAAsB;AACtB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAuB,EACvB,KAAa,EACb,OAAe,EACf,MAAc,EACd,OAAiC;IAEjC,OAAO,eAAe,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAChF,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,OAAe,EACf,MAAc,EACd,OAAiC;IAEjC,OAAO,eAAe,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,KAAa,EACb,OAAe,EACf,MAAc,EACd,OAAiC;IAEjC,OAAO,eAAe,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AACpE,CAAC"}

package/dist/compliance/breach-detection.d.ts

@@ -0,0 +1,134 @@
+/**
+ * Breach Detection
+ *
+ * Detects potential security breaches and policy violations.
+ * Implements detection rules with configurable thresholds and actions.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import type { BreachRule, BreachAction, IncidentSeverity } from "./types.js";
+/**
+ * Breach detection result
+ */
+interface BreachDetection {
+    id: string;
+    detected_at: string;
+    rule: BreachRule;
+    event_count: number;
+    window_start: string;
+    window_end: string;
+    actions_taken: BreachAction[];
+    incident_id?: string;
+    blocked: boolean;
+}
+/**
+ * Breach Detector class
+ */
+export declare class BreachDetector {
+    private static instance;
+    private rulesFile;
+    private rules;
+    private eventTrackers;
+    private detections;
+    private loaded;
+    private enabled;
+    private blockedPatterns;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(): BreachDetector;
+    /**
+     * Load rules from storage
+     */
+    private load;
+    /**
+     * Save custom rules to storage
+     */
+    private save;
+    /**
+     * Check an event against all rules
+     */
+    checkEvent(eventPattern: string, details?: Record<string, unknown>): Promise<BreachDetection | null>;
+    /**
+     * Check if event pattern matches rule pattern
+     */
+    private matchesPattern;
+    /**
+     * Handle a detected breach
+     */
+    private handleBreach;
+    /**
+     * Action: Log the breach
+     */
+    private actionLog;
+    /**
+     * Action: Send alert
+     */
+    private actionAlert;
+    /**
+     * Action: Block the pattern
+     */
+    private actionBlock;
+    /**
+     * Action: Notify admin
+     */
+    private actionNotifyAdmin;
+    /**
+     * Action: Create incident
+     */
+    private actionCreateIncident;
+    /**
+     * Check if a pattern is blocked
+     */
+    isBlocked(pattern: string): boolean;
+    /**
+     * Unblock a pattern
+     */
+    unblock(pattern: string): boolean;
+    /**
+     * Get all rules
+     */
+    getRules(): Promise<BreachRule[]>;
+    /**
+     * Add a custom rule
+     */
+    addRule(rule: Omit<BreachRule, "id">): Promise<BreachRule>;
+    /**
+     * Remove a rule
+     */
+    removeRule(ruleId: string): Promise<boolean>;
+    /**
+     * Get recent detections
+     */
+    getRecentDetections(limit?: number): BreachDetection[];
+    /**
+     * Get detection statistics
+     */
+    getStats(): {
+        enabled: boolean;
+        rules_count: number;
+        blocked_patterns: number;
+        detections_count: number;
+        by_severity: Record<IncidentSeverity, number>;
+        by_rule: Record<string, number>;
+    };
+}
+/**
+ * Get the breach detector instance
+ */
+export declare function getBreachDetector(): BreachDetector;
+/**
+ * Check an event for breach detection
+ */
+export declare function checkForBreach(eventPattern: string, details?: Record<string, unknown>): Promise<BreachDetection | null>;
+/**
+ * Check if a pattern is blocked
+ */
+export declare function isPatternBlocked(pattern: string): boolean;
+/**
+ * Get breach detection rules
+ */
+export declare function getBreachRules(): Promise<BreachRule[]>;
+export {};
+//# sourceMappingURL=breach-detection.d.ts.map

package/dist/compliance/breach-detection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"breach-detection.d.ts","sourceRoot":"","sources":["../../src/compliance/breach-detection.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AASH,OAAO,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAkH7E;;GAEG;AACH,UAAU,eAAe;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,UAAU,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAiB;IACxC,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,KAAK,CAAsC;IACnD,OAAO,CAAC,aAAa,CAAwC;IAC7D,OAAO,CAAC,UAAU,CAAyB;IAC3C,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,OAAO,CAAU;IACzB,OAAO,CAAC,eAAe,CAA0B;IAEjD,OAAO;IAMP;;OAEG;WACW,WAAW,IAAI,cAAc;IAO3C;;OAEG;YACW,IAAI;IA0BlB;;OAEG;YACW,IAAI;IAkBlB;;OAEG;IACU,UAAU,CACrB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IA4ClC;;OAEG;IACH,OAAO,CAAC,cAAc;IAetB;;OAEG;YACW,YAAY;IAgD1B;;OAEG;YACW,SAAS;IAkBvB;;OAEG;YACW,WAAW;IA2BzB;;OAEG;YACW,WAAW;IAKzB;;OAEG;YACW,iBAAiB;IAe/B;;OAEG;YACW,oBAAoB;IAwBlC;;OAEG;IACI,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAI1C;;OAEG;IACI,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAIxC;;OAEG;IACU,QAAQ,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAK9C;;OAEG;IACU,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IAcvE;;OAEG;IACU,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAkBzD;;OAEG;IACI,mBAAmB,CAAC,KAAK,GAAE,MAAY,GAAG,eAAe,EAAE;IAIlE;;OAEG;IACI,QAAQ,IAAI;QACjB,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,MAAM,CAAC;QACzB,gBAAgB,EAAE,MAAM,CAAC;QACzB,WAAW,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;QAC9C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACjC;CAwBF;AAMD;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,CAElD;AAMD;;GAEG;AACH,wBAAsB,cAAc,CAClC,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAEjC;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAEzD;AAED;;GAEG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAE5D"}