@pan-sec/notebooklm-mcp 1.4.0 → 1.7.0

package/dist/compliance/change-log.js

@@ -0,0 +1,275 @@
+/**
+ * Change Log
+ *
+ * Tracks all configuration changes for SOC2 compliance.
+ * Provides audit trail for system modifications.
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import crypto from "crypto";
+import path from "path";
+import fs from "fs";
+import { getConfig } from "../config.js";
+import { mkdirSecure, appendFileSecure } from "../utils/file-permissions.js";
+import { getComplianceLogger } from "./compliance-logger.js";
+/**
+ * Generate a UUID v4
+ */
+function generateUUID() {
+    return crypto.randomUUID();
+}
+/**
+ * Change Log class
+ */
+export class ChangeLog {
+    static instance;
+    logDir;
+    currentLogFile = "";
+    constructor() {
+        const config = getConfig();
+        this.logDir = path.join(config.dataDir, "compliance", "changes");
+        mkdirSecure(this.logDir);
+        this.initializeLogFile();
+    }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!ChangeLog.instance) {
+            ChangeLog.instance = new ChangeLog();
+        }
+        return ChangeLog.instance;
+    }
+    /**
+     * Initialize log file for current month
+     */
+    initializeLogFile() {
+        const now = new Date();
+        const year = now.getFullYear();
+        const month = String(now.getMonth() + 1).padStart(2, "0");
+        this.currentLogFile = path.join(this.logDir, `changes-${year}-${month}.jsonl`);
+    }
+    /**
+     * Record a configuration change
+     */
+    async recordChange(component, setting, oldValue, newValue, options = {}) {
+        // Ensure log file is current
+        this.initializeLogFile();
+        const record = {
+            id: generateUUID(),
+            timestamp: new Date().toISOString(),
+            component,
+            setting,
+            old_value: this.sanitizeValue(oldValue),
+            new_value: this.sanitizeValue(newValue),
+            changed_by: options.changedBy || "system",
+            method: options.method || "api",
+            requires_approval: options.requiresApproval || false,
+            approved_by: options.approvedBy,
+            approved_at: options.approvedBy ? new Date().toISOString() : undefined,
+            impact: options.impact || "low",
+            affected_compliance: options.affectedCompliance || [],
+        };
+        // Write to log file
+        const line = JSON.stringify(record) + "\n";
+        appendFileSecure(this.currentLogFile, line);
+        // Also log to compliance logger
+        const logger = getComplianceLogger();
+        await logger.logPolicyChange(setting, oldValue, newValue, record.changed_by);
+        return record;
+    }
+    /**
+     * Sanitize value for logging (remove sensitive data)
+     */
+    sanitizeValue(value) {
+        if (value === null || value === undefined) {
+            return value;
+        }
+        if (typeof value === "string") {
+            // Check for sensitive patterns
+            if (/password|secret|token|key|credential|auth/i.test(value) ||
+                value.length > 100) {
+                return "[REDACTED]";
+            }
+            return value;
+        }
+        if (typeof value === "object") {
+            return "[object]";
+        }
+        return value;
+    }
+    /**
+     * Get changes by component
+     */
+    async getChangesByComponent(component, limit = 100) {
+        const changes = await this.getAllChanges(limit * 10);
+        return changes
+            .filter(c => c.component === component)
+            .slice(0, limit);
+    }
+    /**
+     * Get changes by setting
+     */
+    async getChangesBySetting(setting, limit = 100) {
+        const changes = await this.getAllChanges(limit * 10);
+        return changes
+            .filter(c => c.setting === setting)
+            .slice(0, limit);
+    }
+    /**
+     * Get changes within date range
+     */
+    async getChangesInRange(from, to, limit = 1000) {
+        const changes = await this.getAllChanges(limit * 2);
+        return changes
+            .filter(c => {
+            const date = new Date(c.timestamp);
+            return date >= from && date <= to;
+        })
+            .slice(0, limit);
+    }
+    /**
+     * Get all changes (most recent first)
+     */
+    async getAllChanges(limit = 100) {
+        const changes = [];
+        try {
+            if (!fs.existsSync(this.logDir)) {
+                return changes;
+            }
+            const files = fs.readdirSync(this.logDir)
+                .filter(f => f.startsWith("changes-") && f.endsWith(".jsonl"))
+                .sort()
+                .reverse();
+            for (const file of files) {
+                const filePath = path.join(this.logDir, file);
+                const content = fs.readFileSync(filePath, "utf-8");
+                const lines = content.trim().split("\n").filter(l => l);
+                for (const line of lines.reverse()) {
+                    try {
+                        const record = JSON.parse(line);
+                        changes.push(record);
+                        if (changes.length >= limit)
+                            break;
+                    }
+                    catch {
+                        // Skip malformed lines
+                    }
+                }
+                if (changes.length >= limit)
+                    break;
+            }
+        }
+        catch {
+            // Return what we have
+        }
+        return changes;
+    }
+    /**
+     * Get high-impact changes
+     */
+    async getHighImpactChanges(limit = 100) {
+        const changes = await this.getAllChanges(limit * 5);
+        return changes
+            .filter(c => c.impact === "high")
+            .slice(0, limit);
+    }
+    /**
+     * Get changes affecting compliance
+     */
+    async getComplianceAffectingChanges(regulation, limit = 100) {
+        const changes = await this.getAllChanges(limit * 5);
+        return changes
+            .filter(c => {
+            if (c.affected_compliance.length === 0)
+                return false;
+            if (regulation) {
+                return c.affected_compliance.includes(regulation);
+            }
+            return true;
+        })
+            .slice(0, limit);
+    }
+    /**
+     * Get change statistics
+     */
+    async getStatistics(from, to) {
+        const allChanges = await this.getAllChanges(10000);
+        let changes = allChanges;
+        if (from) {
+            changes = changes.filter(c => new Date(c.timestamp) >= from);
+        }
+        if (to) {
+            changes = changes.filter(c => new Date(c.timestamp) <= to);
+        }
+        const byComponent = {};
+        const byImpact = {};
+        const byMethod = {};
+        let requiringApproval = 0;
+        let complianceAffecting = 0;
+        for (const change of changes) {
+            byComponent[change.component] = (byComponent[change.component] || 0) + 1;
+            byImpact[change.impact] = (byImpact[change.impact] || 0) + 1;
+            byMethod[change.method] = (byMethod[change.method] || 0) + 1;
+            if (change.requires_approval)
+                requiringApproval++;
+            if (change.affected_compliance.length > 0)
+                complianceAffecting++;
+        }
+        return {
+            total_changes: changes.length,
+            by_component: byComponent,
+            by_impact: byImpact,
+            by_method: byMethod,
+            requiring_approval: requiringApproval,
+            compliance_affecting: complianceAffecting,
+        };
+    }
+    /**
+     * Export changes for audit
+     */
+    async exportForAudit(from, to) {
+        const changes = await this.getChangesInRange(from, to, 10000);
+        return {
+            period: {
+                from: from.toISOString(),
+                to: to.toISOString(),
+            },
+            total_changes: changes.length,
+            high_impact_changes: changes.filter(c => c.impact === "high").length,
+            compliance_affecting_changes: changes.filter(c => c.affected_compliance.length > 0).length,
+            changes,
+        };
+    }
+}
+// ============================================
+// SINGLETON ACCESS
+// ============================================
+/**
+ * Get the change log instance
+ */
+export function getChangeLog() {
+    return ChangeLog.getInstance();
+}
+// ============================================
+// CONVENIENCE EXPORTS
+// ============================================
+/**
+ * Record a configuration change
+ */
+export async function recordConfigChange(component, setting, oldValue, newValue, options) {
+    return getChangeLog().recordChange(component, setting, oldValue, newValue, options);
+}
+/**
+ * Get recent configuration changes
+ */
+export async function getRecentChanges(limit = 100) {
+    return getChangeLog().getAllChanges(limit);
+}
+/**
+ * Get change statistics
+ */
+export async function getChangeStatistics(from, to) {
+    return getChangeLog().getStatistics(from, to);
+}
+//# sourceMappingURL=change-log.js.map

package/dist/compliance/change-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-log.js","sourceRoot":"","sources":["../../src/compliance/change-log.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAG7D;;GAEG;AACH,SAAS,YAAY;IACnB,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,SAAS;IACZ,MAAM,CAAC,QAAQ,CAAY;IAC3B,MAAM,CAAS;IACf,cAAc,GAAW,EAAE,CAAC;IAEpC;QACE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QACjE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzB,IAAI,CAAC,iBAAiB,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW;QACvB,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,SAAS,CAAC,QAAQ,GAAG,IAAI,SAAS,EAAE,CAAC;QACvC,CAAC;QACD,OAAO,SAAS,CAAC,QAAQ,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,iBAAiB;QACvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC1D,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,IAAI,IAAI,KAAK,QAAQ,CAAC,CAAC;IACjF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY,CACvB,SAAiB,EACjB,OAAe,EACf,QAAiB,EACjB,QAAiB,EACjB,UAOI,EAAE;QAEN,6BAA6B;QAC7B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,MAAM,MAAM,GAAiB;YAC3B,EAAE,EAAE,YAAY,EAAE;YAClB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS;YACT,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;YACvC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;YACvC,UAAU,EAAE,OAAO,CAAC,SAAS,IAAI,QAAQ;YACzC,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;YAC/B,iBAAiB,EAAE,OAAO,CAAC,gBAAgB,IAAI,KAAK;YACpD,WAAW,EAAE,OAAO,CAAC,UAAU;YAC/B,WAAW,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;YACtE,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;YAC/B,mBAAmB,EAAE,OAAO,CAAC,kBAAkB,IAAI,EAAE;SACtD,CAAC;QAEF,oBAAoB;QACpB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QAC3C,gBAAgB,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAE5C,gCAAgC;QAChC,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,eAAe,CAC1B,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,MAAM,CAAC,UAAU,CAClB,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAAc;QAClC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,+BAA+B;YAC/B,IACE,4CAA4C,CAAC,IAAI,CAAC,KAAK,CAAC;gBACxD,KAAK,CAAC,MAAM,GAAG,GAAG,EAClB,CAAC;gBACD,OAAO,YAAY,CAAC;YACtB,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,qBAAqB,CAChC,SAAiB,EACjB,QAAgB,GAAG;QAEnB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;QACrD,OAAO,OAAO;aACX,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC;aACtC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAC9B,OAAe,EACf,QAAgB,GAAG;QAEnB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;QACrD,OAAO,OAAO;aACX,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC;aAClC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,iBAAiB,CAC5B,IAAU,EACV,EAAQ,EACR,QAAgB,IAAI;QAEpB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACpD,OAAO,OAAO;aACX,MAAM,CAAC,CAAC,CAAC,EAAE;YACV,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YACnC,OAAO,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC;QACpC,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CAAC,QAAgB,GAAG;QAC5C,MAAM,OAAO,GAAmB,EAAE,CAAC;QAEnC,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;iBACtC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;iBAC7D,IAAI,EAAE;iBACN,OAAO,EAAE,CAAC;YAEb,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBAC9C,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACnD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAExD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;oBACnC,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;wBAChD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBACrB,IAAI,OAAO,CAAC,MAAM,IAAI,KAAK;4BAAE,MAAM;oBACrC,CAAC;oBAAC,MAAM,CAAC;wBACP,uBAAuB;oBACzB,CAAC;gBACH,CAAC;gBAED,IAAI,OAAO,CAAC,MAAM,IAAI,KAAK;oBAAE,MAAM;YACrC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,oBAAoB,CAAC,QAAgB,GAAG;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACpD,OAAO,OAAO;aACX,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC;aAChC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,6BAA6B,CACxC,UAAmB,EACnB,QAAgB,GAAG;QAEnB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACpD,OAAO,OAAO;aACX,MAAM,CAAC,CAAC,CAAC,EAAE;YACV,IAAI,CAAC,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YACrD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,CAAC,CAAC,mBAAmB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACpD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CACxB,IAAW,EACX,EAAS;QAST,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAEnD,IAAI,OAAO,GAAG,UAAU,CAAC;QACzB,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,WAAW,GAA2B,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAC5C,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAC1B,IAAI,mBAAmB,GAAG,CAAC,CAAC;QAE5B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACzE,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAC7D,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAE7D,IAAI,MAAM,CAAC,iBAAiB;gBAAE,iBAAiB,EAAE,CAAC;YAClD,IAAI,MAAM,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC;gBAAE,mBAAmB,EAAE,CAAC;QACnE,CAAC;QAED,OAAO;YACL,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,YAAY,EAAE,WAAW;YACzB,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,QAAQ;YACnB,kBAAkB,EAAE,iBAAiB;YACrC,oBAAoB,EAAE,mBAAmB;SAC1C,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc,CACzB,IAAU,EACV,EAAQ;QAQR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QAE9D,OAAO;YACL,MAAM,EAAE;gBACN,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE;gBACxB,EAAE,EAAE,EAAE,CAAC,WAAW,EAAE;aACrB;YACD,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,mBAAmB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM;YACpE,4BAA4B,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM;YAC1F,OAAO;SACR,CAAC;IACJ,CAAC;CACF;AAED,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,SAAS,CAAC,WAAW,EAAE,CAAC;AACjC,CAAC;AAED,+CAA+C;AAC/C,sBAAsB;AACtB,+CAA+C;AAE/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,SAAiB,EACjB,OAAe,EACf,QAAiB,EACjB,QAAiB,EACjB,OAOC;IAED,OAAO,YAAY,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;AACtF,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,QAAgB,GAAG;IACxD,OAAO,YAAY,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,IAAW,EACX,EAAS;IAET,OAAO,YAAY,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC"}

package/dist/compliance/compliance-logger.d.ts

@@ -0,0 +1,136 @@
+/**
+ * Compliance Logger
+ *
+ * Structured logging for compliance events, separate from operational audit logs.
+ * Implements hash-chaining for tamper detection and supports 7-year retention (CSSF).
+ *
+ * Added by Pantheon Security for enterprise compliance support.
+ */
+import type { ComplianceEvent, ComplianceEventCategory, ComplianceActor, ComplianceResource, LegalBasis, DataCategory } from "./types.js";
+/**
+ * Compliance Logger class
+ */
+export declare class ComplianceLogger {
+    private static instance;
+    private complianceDir;
+    private enabled;
+    private retentionYears;
+    private lastHash;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(): ComplianceLogger;
+    /**
+     * Ensure compliance directory exists
+     */
+    private ensureComplianceDir;
+    /**
+     * Get the current log file path (monthly rotation)
+     */
+    private getLogFilePath;
+    /**
+     * Load the last hash from the current log file
+     */
+    private loadLastHash;
+    /**
+     * Create a compliance event
+     */
+    private createEvent;
+    /**
+     * Write event to log file
+     */
+    private writeEvent;
+    /**
+     * Log a compliance event
+     */
+    log(category: ComplianceEventCategory, eventType: string, actor: Partial<ComplianceActor>, outcome: "success" | "failure" | "pending", options?: {
+        resource?: ComplianceResource;
+        details?: Record<string, unknown>;
+        legalBasis?: LegalBasis;
+        dataCategories?: DataCategory[];
+        retentionDays?: number;
+        failureReason?: string;
+    }): Promise<ComplianceEvent>;
+    /**
+     * Log consent event
+     */
+    logConsent(action: "granted" | "revoked" | "updated", actor: Partial<ComplianceActor>, purposes: string[], success: boolean, details?: Record<string, unknown>): Promise<ComplianceEvent>;
+    /**
+     * Log data access event
+     */
+    logDataAccess(action: "view" | "export" | "delete" | "request", actor: Partial<ComplianceActor>, dataType: string, success: boolean, details?: Record<string, unknown>): Promise<ComplianceEvent>;
+    /**
+     * Log data export event (GDPR Article 20)
+     */
+    logDataExport(actor: Partial<ComplianceActor>, dataTypes: string[], success: boolean, details?: Record<string, unknown>): Promise<ComplianceEvent>;
+    /**
+     * Log data deletion event (GDPR Article 17)
+     */
+    logDataDeletion(actor: Partial<ComplianceActor>, dataType: string, itemCount: number, success: boolean, details?: Record<string, unknown>): Promise<ComplianceEvent>;
+    /**
+     * Log security incident
+     */
+    logSecurityIncident(incidentType: string, severity: "low" | "medium" | "high" | "critical", details: Record<string, unknown>): Promise<ComplianceEvent>;
+    /**
+     * Log policy change
+     */
+    logPolicyChange(setting: string, oldValue: unknown, newValue: unknown, changedBy: "user" | "system" | "admin"): Promise<ComplianceEvent>;
+    /**
+     * Log access control event
+     */
+    logAccessControl(action: "login" | "logout" | "auth_failed" | "locked_out", actor: Partial<ComplianceActor>, success: boolean, details?: Record<string, unknown>): Promise<ComplianceEvent>;
+    /**
+     * Log retention event
+     */
+    logRetention(action: "cleanup" | "archive" | "delete", dataType: string, itemCount: number, details?: Record<string, unknown>): Promise<ComplianceEvent>;
+    /**
+     * Log breach notification
+     */
+    logBreach(breachType: string, severity: "low" | "medium" | "high" | "critical", notificationSent: boolean, details: Record<string, unknown>): Promise<ComplianceEvent>;
+    /**
+     * Get events by category
+     */
+    getEvents(category?: ComplianceEventCategory, from?: Date, to?: Date, limit?: number): Promise<ComplianceEvent[]>;
+    /**
+     * Get log files sorted by date (newest first)
+     */
+    private getLogFiles;
+    /**
+     * Verify hash chain integrity
+     */
+    verifyIntegrity(): Promise<{
+        valid: boolean;
+        lastValidEvent?: string;
+        firstInvalidEvent?: string;
+        totalEvents: number;
+        validEvents: number;
+    }>;
+    /**
+     * Get compliance log statistics
+     */
+    getStats(): Promise<{
+        enabled: boolean;
+        retentionYears: number;
+        complianceDir: string;
+        logFileCount: number;
+        totalEvents: number;
+        eventsByCategory: Record<ComplianceEventCategory, number>;
+    }>;
+}
+/**
+ * Get the compliance logger instance
+ */
+export declare function getComplianceLogger(): ComplianceLogger;
+/**
+ * Log a compliance event (convenience function)
+ */
+export declare function logComplianceEvent(category: ComplianceEventCategory, eventType: string, actor: Partial<ComplianceActor>, outcome: "success" | "failure" | "pending", options?: {
+    resource?: ComplianceResource;
+    details?: Record<string, unknown>;
+    legalBasis?: LegalBasis;
+    dataCategories?: DataCategory[];
+    retentionDays?: number;
+    failureReason?: string;
+}): Promise<ComplianceEvent>;
+//# sourceMappingURL=compliance-logger.d.ts.map

package/dist/compliance/compliance-logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-logger.d.ts","sourceRoot":"","sources":["../../src/compliance/compliance-logger.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,OAAO,KAAK,EACV,eAAe,EACf,uBAAuB,EACvB,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,YAAY,EACb,MAAM,YAAY,CAAC;AA2CpB;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAmB;IAC1C,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,OAAO,CAAU;IACzB,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,QAAQ,CAA0B;IAE1C,OAAO;IAsBP;;OAEG;WACW,WAAW,IAAI,gBAAgB;IAO7C;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAI3B;;OAEG;IACH,OAAO,CAAC,cAAc;IAOtB;;OAEG;IACH,OAAO,CAAC,YAAY;IAkBpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAgDnB;;OAEG;YACW,UAAU;IAQxB;;OAEG;IACU,GAAG,CACd,QAAQ,EAAE,uBAAuB,EACjC,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,EAC/B,OAAO,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,EAC1C,OAAO,GAAE;QACP,QAAQ,CAAC,EAAE,kBAAkB,CAAC;QAC9B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAClC,UAAU,CAAC,EAAE,UAAU,CAAC;QACxB,cAAc,CAAC,EAAE,YAAY,EAAE,CAAC;QAChC,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,aAAa,CAAC,EAAE,MAAM,CAAC;KACnB,GACL,OAAO,CAAC,eAAe,CAAC;IAU3B;;OAEG;IACU,UAAU,CACrB,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,EACzC,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,EAC/B,QAAQ,EAAE,MAAM,EAAE,EAClB,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,eAAe,CAAC;IAa3B;;OAEG;IACU,aAAa,CACxB,MAAM,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,EAChD,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,EAC/B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,eAAe,CAAC;IAa3B;;OAEG;IACU,aAAa,CACxB,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,EAC/B,SAAS,EAAE,MAAM,EAAE,EACnB,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,eAAe,CAAC;IAa3B;;OAEG;IACU,eAAe,CAC1B,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,EAC/B,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,eAAe,CAAC;IAa3B;;OAEG;IACU,mBAAmB,CAC9B,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,EAChD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,eAAe,CAAC;IAY3B;;OAEG;IACU,eAAe,CAC1B,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,OAAO,EACjB,QAAQ,EAAE,OAAO,EACjB,SAAS,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,GACrC,OAAO,CAAC,eAAe,CAAC;IAa3B;;OAEG;IACU,gBAAgB,CAC3B,MAAM,EAAE,OAAO,GAAG,QAAQ,GAAG,aAAa,GAAG,YAAY,EACzD,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,EAC/B,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,eAAe,CAAC;IAU3B;;OAEG;IACU,YAAY,CACvB,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,QAAQ,EACxC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,eAAe,CAAC;IAa3B;;OAEG;IACU,SAAS,CACpB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,EAChD,gBAAgB,EAAE,OAAO,EACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,eAAe,CAAC;IAoB3B;;OAEG;IACU,SAAS,CACpB,QAAQ,CAAC,EAAE,uBAAuB,EAClC,IAAI,CAAC,EAAE,IAAI,EACX,EAAE,CAAC,EAAE,IAAI,EACT,KAAK,GAAE,MAAY,GAClB,OAAO,CAAC,eAAe,EAAE,CAAC;IAoC7B;;OAEG;IACH,OAAO,CAAC,WAAW;IAYnB;;OAEG;IACU,eAAe,IAAI,OAAO,CAAC;QACtC,KAAK,EAAE,OAAO,CAAC;QACf,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IA8DF;;OAEG;IACU,QAAQ,IAAI,OAAO,CAAC;QAC/B,OAAO,EAAE,OAAO,CAAC;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;KAC3D,CAAC;CAoDH;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,gBAAgB,CAEtD;AAMD;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,uBAAuB,EACjC,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,EAC/B,OAAO,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,EAC1C,OAAO,CAAC,EAAE;IACR,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,cAAc,CAAC,EAAE,YAAY,EAAE,CAAC;IAChC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GACA,OAAO,CAAC,eAAe,CAAC,CAE1B"}