@thotischner/observability-mcp 3.0.0 → 3.1.0

package/dist/auth/password-policy.test.js

@@ -0,0 +1,111 @@
+import { test } from "node:test";
+import assert from "node:assert/strict";
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+import { validatePassword, passwordPolicyFromEnv, passwordPolicyDisabledFromEnv, DEFAULT_PASSWORD_POLICY, COMMON_PASSWORD_DENYLIST, } from "./password-policy.js";
+test("a strong password passes the default policy", () => {
+    const r = validatePassword("Tr0ub4dour&3xtra");
+    assert.equal(r.ok, true);
+    assert.deepEqual(r.errors, []);
+});
+test("too-short password is rejected with a length error", () => {
+    const r = validatePassword("Ab1!xy");
+    assert.equal(r.ok, false);
+    assert.ok(r.errors.some((e) => e.includes("at least 12")));
+});
+test("insufficient character classes is rejected", () => {
+    // 16 lowercase letters — long enough, but only one class.
+    const r = validatePassword("abcdefghijklmnop");
+    assert.equal(r.ok, false);
+    assert.ok(r.errors.some((e) => e.includes("at least 3 of")));
+});
+test("two classes still fails the default min of three", () => {
+    const r = validatePassword("abcdefghijkl1234"); // lower + digit only
+    assert.equal(r.ok, false);
+    assert.ok(r.errors.some((e) => e.includes("at least 3 of")));
+});
+test("exactly three classes passes", () => {
+    const r = validatePassword("abcdefghABCD1234"); // lower+upper+digit = 3
+    assert.equal(r.ok, true);
+});
+test("common-password denylist is enforced case-insensitively", () => {
+    // Permissive length/classes so ONLY the denylist can reject — the
+    // denylist matches the whole password exactly (case-insensitively).
+    const permissive = { minLength: 1, maxLength: 1024, minClasses: 1, denylistEnabled: true };
+    const r = validatePassword("PaSsWoRd123", permissive);
+    assert.equal(r.ok, false);
+    assert.ok(r.errors.some((e) => e.includes("denylist")));
+});
+test("denylist entries themselves are all rejected when long enough is waived", () => {
+    // Sanity: the canonical app-specific entries are present.
+    assert.ok(COMMON_PASSWORD_DENYLIST.has("observability-mcp"));
+    assert.ok(COMMON_PASSWORD_DENYLIST.has("prometheus"));
+});
+test("password containing the username is rejected", () => {
+    const r = validatePassword("alice-Secret-99x", DEFAULT_PASSWORD_POLICY, "alice");
+    assert.equal(r.ok, false);
+    assert.ok(r.errors.some((e) => e.includes("username")));
+});
+test("short usernames (<3 chars) do not trigger the username check", () => {
+    // "al" is too short to meaningfully match; password is otherwise strong.
+    const r = validatePassword("alXyZ12345678!", DEFAULT_PASSWORD_POLICY, "al");
+    assert.equal(r.ok, true);
+});
+test("code-point length counts multibyte characters as one", () => {
+    // 11 emoji = 11 code points < 12 → too short despite a large byte length.
+    const eleven = "😀".repeat(11);
+    assert.equal(validatePassword(eleven).ok, false);
+    // 12 of them clears length; emoji count as the "symbol" class only → 1 class.
+    const twelve = "😀".repeat(12);
+    const r = validatePassword(twelve);
+    assert.equal(r.ok, false); // fails on classes, not length
+    assert.ok(r.errors.some((e) => e.includes("at least 3 of")));
+    assert.ok(!r.errors.some((e) => e.includes("at least 12")));
+});
+test("over-long password is rejected (scrypt DoS guard)", () => {
+    const r = validatePassword("Aa1!".repeat(300)); // 1200 chars > 1024
+    assert.equal(r.ok, false);
+    assert.ok(r.errors.some((e) => e.includes("at most")));
+});
+test("disabling the denylist lets a denylisted password through", () => {
+    const permissive = { minLength: 1, maxLength: 1024, minClasses: 1, denylistEnabled: false };
+    // 'password123' is on the denylist; with it disabled only length/classes
+    // apply, which this permissive policy waives.
+    assert.equal(validatePassword("password123", permissive).ok, true);
+});
+test("passwordPolicyFromEnv parses overrides and ignores bad input", () => {
+    const p = passwordPolicyFromEnv({
+        OMCP_PASSWORD_MIN_LENGTH: "16",
+        OMCP_PASSWORD_MIN_CLASSES: "bad",
+        OMCP_PASSWORD_DENYLIST_DISABLED: "true",
+    });
+    assert.equal(p.minLength, 16);
+    assert.equal(p.minClasses, DEFAULT_PASSWORD_POLICY.minClasses); // bad → default
+    assert.equal(p.denylistEnabled, false);
+});
+test("passwordPolicyDisabledFromEnv recognises truthy values", () => {
+    assert.equal(passwordPolicyDisabledFromEnv({ OMCP_PASSWORD_POLICY_DISABLED: "1" }), true);
+    assert.equal(passwordPolicyDisabledFromEnv({ OMCP_PASSWORD_POLICY_DISABLED: "false" }), false);
+    assert.equal(passwordPolicyDisabledFromEnv({}), false);
+});
+test("CLI hash-password.mjs stays in sync with the canonical policy", () => {
+    // The CLI deliberately duplicates the policy to stay dependency-free
+    // (same precedent as the scrypt params). This guard fails loudly if the
+    // two drift: every canonical denylist entry + the defaults must appear
+    // verbatim in the script. (__dirname → mcp-server/src/auth)
+    const here = dirname(fileURLToPath(import.meta.url));
+    const cliPath = join(here, "..", "..", "..", "scripts", "hash-password.mjs");
+    const cli = readFileSync(cliPath, "utf8");
+    for (const entry of COMMON_PASSWORD_DENYLIST) {
+        assert.ok(cli.includes(`"${entry}"`), `CLI denylist is missing "${entry}"`);
+    }
+    assert.ok(cli.includes(`"OMCP_PASSWORD_MIN_LENGTH", ${DEFAULT_PASSWORD_POLICY.minLength}`), "CLI minLength default drifted");
+    assert.ok(cli.includes(`"OMCP_PASSWORD_MIN_CLASSES", ${DEFAULT_PASSWORD_POLICY.minClasses}`), "CLI minClasses default drifted");
+    assert.ok(cli.includes(`PW_MAX_LENGTH = ${DEFAULT_PASSWORD_POLICY.maxLength}`), "CLI maxLength default drifted");
+});
+test("multiple violations are all reported", () => {
+    const r = validatePassword("admin"); // short, 1 class, on denylist
+    assert.equal(r.ok, false);
+    assert.ok(r.errors.length >= 2);
+});

package/dist/auth/policy/batch-dry-run.js

@@ -63,14 +63,29 @@ export async function evaluateBatch(engine, req, validResources, validActions, l
         dropped.push({ kind: "cap", value: `actions=${actions.length}`, reason: `truncated to ${limits.maxActions} (cap)` });
         actions.length = limits.maxActions;
     }
+    // Reject keys that could mutate Object.prototype if injected from
+    // user input — `__proto__`, `constructor`, `prototype`. CodeQL
+    // js/prototype-polluting-assignment + js/remote-property-injection.
+    const DANGEROUS = new Set(["__proto__", "constructor", "prototype"]);
+    const isSafeKey = (k) => !DANGEROUS.has(k);
+    // Plain object so JSON round-trip + deep-equal in tests keeps
+    // working; the DANGEROUS guard below is the actual protection.
     const matrix = {};
     let allowCount = 0;
     let denyCount = 0;
     for (const s of subjects) {
+        if (!isSafeKey(s.key)) {
+            dropped.push({ kind: "subject", value: s.key, reason: "reserved key name" });
+            continue;
+        }
         matrix[s.key] = {};
         for (const r of resources) {
+            if (!isSafeKey(String(r)))
+                continue;
             matrix[s.key][r] = {};
             for (const a of actions) {
+                if (!isSafeKey(String(a)))
+                    continue;
                 const verdict = await Promise.resolve(engine.evaluate(s.roles, r, a, s.tenant ? { tenant: s.tenant } : undefined));
                 matrix[s.key][r][a] = {
                     allowed: verdict.allowed,

package/dist/auth/revocation.d.ts

@@ -0,0 +1,93 @@
+/**
+ * Session/JWT revocation blocklist for the management plane.
+ *
+ * OMCP sessions are stateless signed cookies (see ./session.ts) — there is
+ * no server-side session table to delete from, so a logout or a
+ * compromised-credential incident can't, on its own, invalidate an
+ * outstanding cookie before its `exp`. This blocklist closes that gap: a
+ * small append-only JSONL file of revocations that every request consults
+ * (in buildSessionAttacher) before a session payload is trusted.
+ *
+ * Two revocation shapes:
+ *   - session: drop one specific session by its `sid`.
+ *   - subject: drop every session for a `sub` issued at or before the
+ *     revocation timestamp ("force re-login"). A fresh login afterwards
+ *     mints a new session with a later `iat`, which is NOT caught — so
+ *     subject-revoke is a logout-everywhere, not a permanent ban.
+ *
+ * Backend is an on-disk JSONL file (one entry per line, mode 0600). When
+ * no path is configured the store is in-memory only (lost on restart);
+ * set OMCP_AUTH_REVOCATION_FILE so revocations survive a restart.
+ *
+ * Multi-replica caveat: the file is read once at startup and the writing
+ * replica updates its own in-memory index immediately, but there is no
+ * live cross-replica propagation — a revocation issued on replica A is
+ * not seen by replica B until B restarts. A shared-store backend (Redis,
+ * mirroring the SCIM / transport stores) is the planned path to
+ * fleet-wide live propagation; see docs/access-control.md.
+ */
+export type RevocationKind = "session" | "subject";
+export interface RevocationEntry {
+    kind: RevocationKind;
+    /** sid for kind "session"; sub for kind "subject". */
+    value: string;
+    /** Revocation time, seconds since epoch. */
+    revokedAt: number;
+    /** Optional free-text reason (truncated by the caller). */
+    reason?: string;
+    /** Optional actor who issued the revocation (admin sub). */
+    by?: string;
+}
+export interface RevocationStoreConfig {
+    /** JSONL file path. Omitted → in-memory only. */
+    path?: string;
+    /** Clock injection for tests. Returns seconds since epoch. */
+    now?: () => number;
+}
+/** The minimal session shape isRevoked needs to make a decision. */
+export interface RevocableSession {
+    sub: string;
+    iat: number;
+    sid?: string;
+}
+export declare class RevocationStore {
+    /** Revoked individual session ids. */
+    private readonly sids;
+    /** sub → latest subject-revocation cutoff (seconds since epoch). */
+    private readonly subjectCutoffs;
+    /** Full ordered history, kept so list() can mirror the file. */
+    private readonly entries;
+    private readonly path?;
+    private readonly now;
+    /** Serialises appends so two concurrent revokes can't interleave a line. */
+    private writeChain;
+    private constructor();
+    /** Build a store, loading any existing on-disk blocklist. */
+    static create(cfg?: RevocationStoreConfig): Promise<RevocationStore>;
+    /** True when this store persists to disk. */
+    get persistent(): boolean;
+    get filePath(): string | undefined;
+    /** Number of revocation entries currently held. */
+    get size(): number;
+    private load;
+    /** Apply an entry to the in-memory indices + history (no write). */
+    private index;
+    private persist;
+    /** Revoke one session by its sid. Idempotent. */
+    revokeSession(sid: string, opts?: {
+        reason?: string;
+        by?: string;
+    }): Promise<RevocationEntry>;
+    /** Revoke every session for a subject issued at or before now. */
+    revokeSubject(sub: string, opts?: {
+        reason?: string;
+        by?: string;
+    }): Promise<RevocationEntry>;
+    /**
+     * Decide whether a session is revoked. Pure + synchronous so it can run
+     * on the hot path of every request without an await.
+     */
+    isRevoked(session: RevocableSession): boolean;
+    /** Snapshot of all entries, newest last (file order). */
+    list(): RevocationEntry[];
+}

package/dist/auth/revocation.js

@@ -0,0 +1,193 @@
+/**
+ * Session/JWT revocation blocklist for the management plane.
+ *
+ * OMCP sessions are stateless signed cookies (see ./session.ts) — there is
+ * no server-side session table to delete from, so a logout or a
+ * compromised-credential incident can't, on its own, invalidate an
+ * outstanding cookie before its `exp`. This blocklist closes that gap: a
+ * small append-only JSONL file of revocations that every request consults
+ * (in buildSessionAttacher) before a session payload is trusted.
+ *
+ * Two revocation shapes:
+ *   - session: drop one specific session by its `sid`.
+ *   - subject: drop every session for a `sub` issued at or before the
+ *     revocation timestamp ("force re-login"). A fresh login afterwards
+ *     mints a new session with a later `iat`, which is NOT caught — so
+ *     subject-revoke is a logout-everywhere, not a permanent ban.
+ *
+ * Backend is an on-disk JSONL file (one entry per line, mode 0600). When
+ * no path is configured the store is in-memory only (lost on restart);
+ * set OMCP_AUTH_REVOCATION_FILE so revocations survive a restart.
+ *
+ * Multi-replica caveat: the file is read once at startup and the writing
+ * replica updates its own in-memory index immediately, but there is no
+ * live cross-replica propagation — a revocation issued on replica A is
+ * not seen by replica B until B restarts. A shared-store backend (Redis,
+ * mirroring the SCIM / transport stores) is the planned path to
+ * fleet-wide live propagation; see docs/access-control.md.
+ */
+import { appendFile, mkdir, readFile, writeFile } from "node:fs/promises";
+import { dirname } from "node:path";
+function defaultNow() {
+    return Math.floor(Date.now() / 1000);
+}
+export class RevocationStore {
+    /** Revoked individual session ids. */
+    sids = new Set();
+    /** sub → latest subject-revocation cutoff (seconds since epoch). */
+    subjectCutoffs = new Map();
+    /** Full ordered history, kept so list() can mirror the file. */
+    entries = [];
+    path;
+    now;
+    /** Serialises appends so two concurrent revokes can't interleave a line. */
+    writeChain = Promise.resolve();
+    constructor(cfg) {
+        this.path = cfg.path;
+        this.now = cfg.now ?? defaultNow;
+    }
+    /** Build a store, loading any existing on-disk blocklist. */
+    static async create(cfg = {}) {
+        const store = new RevocationStore(cfg);
+        await store.load();
+        return store;
+    }
+    /** True when this store persists to disk. */
+    get persistent() {
+        return !!this.path;
+    }
+    get filePath() {
+        return this.path;
+    }
+    /** Number of revocation entries currently held. */
+    get size() {
+        return this.entries.length;
+    }
+    async load() {
+        if (!this.path)
+            return;
+        let raw;
+        try {
+            raw = await readFile(this.path, "utf8");
+        }
+        catch (err) {
+            // ENOENT is expected on first boot — nothing to load.
+            if (err.code === "ENOENT")
+                return;
+            throw err;
+        }
+        for (const line of raw.split("\n")) {
+            const trimmed = line.trim();
+            if (!trimmed)
+                continue;
+            let parsed;
+            try {
+                parsed = JSON.parse(trimmed);
+            }
+            catch {
+                // A torn / hand-edited line shouldn't take the whole store down.
+                continue;
+            }
+            const entry = coerceEntry(parsed);
+            if (entry)
+                this.index(entry);
+        }
+    }
+    /** Apply an entry to the in-memory indices + history (no write). */
+    index(entry) {
+        this.entries.push(entry);
+        if (entry.kind === "session") {
+            this.sids.add(entry.value);
+        }
+        else {
+            const prev = this.subjectCutoffs.get(entry.value);
+            // Keep the latest cutoff so re-revoking a subject only widens the window.
+            if (prev === undefined || entry.revokedAt > prev) {
+                this.subjectCutoffs.set(entry.value, entry.revokedAt);
+            }
+        }
+    }
+    async persist(entry) {
+        if (!this.path)
+            return;
+        const path = this.path;
+        const line = JSON.stringify(entry) + "\n";
+        // Chain appends; ensure the parent dir + 0600 mode on the first write.
+        this.writeChain = this.writeChain.then(async () => {
+            try {
+                await appendFile(path, line, { mode: 0o600 });
+            }
+            catch (err) {
+                if (err.code === "ENOENT") {
+                    await mkdir(dirname(path), { recursive: true });
+                    await writeFile(path, line, { mode: 0o600 });
+                    return;
+                }
+                throw err;
+            }
+        });
+        await this.writeChain;
+    }
+    /** Revoke one session by its sid. Idempotent. */
+    async revokeSession(sid, opts = {}) {
+        const entry = {
+            kind: "session",
+            value: sid,
+            revokedAt: this.now(),
+            ...(opts.reason ? { reason: opts.reason } : {}),
+            ...(opts.by ? { by: opts.by } : {}),
+        };
+        this.index(entry);
+        await this.persist(entry);
+        return entry;
+    }
+    /** Revoke every session for a subject issued at or before now. */
+    async revokeSubject(sub, opts = {}) {
+        const entry = {
+            kind: "subject",
+            value: sub,
+            revokedAt: this.now(),
+            ...(opts.reason ? { reason: opts.reason } : {}),
+            ...(opts.by ? { by: opts.by } : {}),
+        };
+        this.index(entry);
+        await this.persist(entry);
+        return entry;
+    }
+    /**
+     * Decide whether a session is revoked. Pure + synchronous so it can run
+     * on the hot path of every request without an await.
+     */
+    isRevoked(session) {
+        if (session.sid && this.sids.has(session.sid))
+            return true;
+        const cutoff = this.subjectCutoffs.get(session.sub);
+        // `<=` so a session issued in the same second as the revocation is
+        // also caught — the operator's intent is "kill what exists now".
+        if (cutoff !== undefined && session.iat <= cutoff)
+            return true;
+        return false;
+    }
+    /** Snapshot of all entries, newest last (file order). */
+    list() {
+        return this.entries.map((e) => ({ ...e }));
+    }
+}
+/** Validate + normalise an untrusted parsed JSON line into an entry. */
+function coerceEntry(v) {
+    if (!v || typeof v !== "object")
+        return null;
+    const o = v;
+    if (o.kind !== "session" && o.kind !== "subject")
+        return null;
+    if (typeof o.value !== "string" || !o.value)
+        return null;
+    if (typeof o.revokedAt !== "number" || !Number.isFinite(o.revokedAt))
+        return null;
+    const entry = { kind: o.kind, value: o.value, revokedAt: o.revokedAt };
+    if (typeof o.reason === "string")
+        entry.reason = o.reason;
+    if (typeof o.by === "string")
+        entry.by = o.by;
+    return entry;
+}

package/dist/auth/revocation.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/auth/revocation.test.js

@@ -0,0 +1,136 @@
+import { test } from "node:test";
+import assert from "node:assert/strict";
+import { mkdtempSync, readFileSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { RevocationStore } from "./revocation.js";
+function tmpFile(name = "revocations.jsonl") {
+    const dir = mkdtempSync(join(tmpdir(), "omcp-revoke-"));
+    return join(dir, name);
+}
+test("memory store revokes a single session by sid", async () => {
+    const store = await RevocationStore.create();
+    assert.equal(store.persistent, false);
+    assert.equal(store.isRevoked({ sub: "alice", iat: 1000, sid: "s1" }), false);
+    await store.revokeSession("s1");
+    assert.equal(store.isRevoked({ sub: "alice", iat: 1000, sid: "s1" }), true);
+    // A different session of the same subject is untouched.
+    assert.equal(store.isRevoked({ sub: "alice", iat: 1000, sid: "s2" }), false);
+});
+test("session without a sid is never caught by a session-kind revocation", async () => {
+    const store = await RevocationStore.create();
+    await store.revokeSession("s1");
+    assert.equal(store.isRevoked({ sub: "alice", iat: 1000 }), false);
+});
+test("subject revocation catches sessions issued at or before the cutoff", async () => {
+    let clock = 5000;
+    const store = await RevocationStore.create({ now: () => clock });
+    await store.revokeSubject("bob");
+    // Issued before the cutoff → revoked.
+    assert.equal(store.isRevoked({ sub: "bob", iat: 4999, sid: "old" }), true);
+    // Issued in the same second → revoked (intent: kill what exists now).
+    assert.equal(store.isRevoked({ sub: "bob", iat: 5000, sid: "same" }), true);
+    // Issued after the cutoff (fresh login) → valid again.
+    assert.equal(store.isRevoked({ sub: "bob", iat: 5001, sid: "new" }), false);
+    // A different subject is unaffected.
+    assert.equal(store.isRevoked({ sub: "carol", iat: 1, sid: "x" }), false);
+});
+test("re-revoking a subject only widens the cutoff window", async () => {
+    let clock = 100;
+    const store = await RevocationStore.create({ now: () => clock });
+    await store.revokeSubject("dave"); // cutoff 100
+    clock = 200;
+    await store.revokeSubject("dave"); // cutoff 200
+    assert.equal(store.isRevoked({ sub: "dave", iat: 150, sid: "mid" }), true);
+    assert.equal(store.isRevoked({ sub: "dave", iat: 201, sid: "after" }), false);
+});
+test("entries persist to disk and reload into a fresh store", async () => {
+    const path = tmpFile();
+    const store = await RevocationStore.create({ path, now: () => 7000 });
+    await store.revokeSession("sid-a", { reason: "stolen laptop", by: "admin" });
+    await store.revokeSubject("eve", { reason: "offboarded" });
+    assert.equal(store.size, 2);
+    const reloaded = await RevocationStore.create({ path });
+    assert.equal(reloaded.size, 2);
+    assert.equal(reloaded.isRevoked({ sub: "x", iat: 1, sid: "sid-a" }), true);
+    assert.equal(reloaded.isRevoked({ sub: "eve", iat: 6999, sid: "z" }), true);
+    assert.equal(reloaded.isRevoked({ sub: "eve", iat: 7001, sid: "z" }), false);
+});
+test("persisted file is JSONL and carries the metadata", async () => {
+    const path = tmpFile();
+    const store = await RevocationStore.create({ path, now: () => 42 });
+    await store.revokeSession("sid-meta", { reason: "test", by: "root" });
+    const lines = readFileSync(path, "utf8").trim().split("\n");
+    assert.equal(lines.length, 1);
+    const entry = JSON.parse(lines[0]);
+    assert.deepEqual(entry, {
+        kind: "session",
+        value: "sid-meta",
+        revokedAt: 42,
+        reason: "test",
+        by: "root",
+    });
+});
+test("malformed and partial lines are skipped on load", async () => {
+    const path = tmpFile();
+    writeFileSync(path, [
+        JSON.stringify({ kind: "session", value: "good", revokedAt: 1 }),
+        "not json at all",
+        JSON.stringify({ kind: "bogus", value: "x", revokedAt: 1 }), // bad kind
+        JSON.stringify({ kind: "subject", value: "", revokedAt: 1 }), // empty value
+        JSON.stringify({ kind: "subject", value: "u", revokedAt: "nope" }), // bad ts
+        "", // blank
+        JSON.stringify({ kind: "subject", value: "frank", revokedAt: 500 }),
+    ].join("\n"));
+    const store = await RevocationStore.create({ path });
+    // Only the two well-formed entries survived.
+    assert.equal(store.size, 2);
+    assert.equal(store.isRevoked({ sub: "x", iat: 1, sid: "good" }), true);
+    assert.equal(store.isRevoked({ sub: "frank", iat: 400, sid: "y" }), true);
+});
+test("missing file is treated as an empty blocklist", async () => {
+    const path = join(mkdtempSync(join(tmpdir(), "omcp-revoke-")), "does-not-exist.jsonl");
+    const store = await RevocationStore.create({ path });
+    assert.equal(store.size, 0);
+    assert.equal(store.isRevoked({ sub: "a", iat: 1, sid: "s" }), false);
+    // First write creates the file.
+    await store.revokeSession("s");
+    assert.equal(readFileSync(path, "utf8").trim().split("\n").length, 1);
+});
+test("file under a non-existent directory is created on first write", async () => {
+    const dir = mkdtempSync(join(tmpdir(), "omcp-revoke-"));
+    const path = join(dir, "nested", "deep", "revocations.jsonl");
+    const store = await RevocationStore.create({ path });
+    await store.revokeSession("s");
+    assert.equal(readFileSync(path, "utf8").trim().split("\n").length, 1);
+});
+test("list() returns a defensive copy in file order", async () => {
+    const store = await RevocationStore.create({ now: () => 9 });
+    await store.revokeSession("a");
+    await store.revokeSubject("b");
+    const list = store.list();
+    assert.equal(list.length, 2);
+    assert.equal(list[0].kind, "session");
+    assert.equal(list[1].kind, "subject");
+    // Mutating the returned array/objects must not corrupt the store.
+    list[0].value = "tampered";
+    list.push({ kind: "session", value: "ghost", revokedAt: 0 });
+    assert.equal(store.list().length, 2);
+    assert.equal(store.list()[0].value, "a");
+});
+test("concurrent revokes all land on disk without interleaving", async () => {
+    const path = tmpFile();
+    const store = await RevocationStore.create({ path, now: () => 1 });
+    await Promise.all(Array.from({ length: 20 }, (_, i) => store.revokeSession(`s${i}`)));
+    const lines = readFileSync(path, "utf8").trim().split("\n");
+    assert.equal(lines.length, 20);
+    // Every line is independently parseable (no torn writes).
+    for (const line of lines) {
+        assert.doesNotThrow(() => JSON.parse(line));
+    }
+});
+test("reason/by are omitted from the entry when not supplied", async () => {
+    const store = await RevocationStore.create({ now: () => 3 });
+    const entry = await store.revokeSession("s");
+    assert.deepEqual(entry, { kind: "session", value: "s", revokedAt: 3 });
+});

package/dist/auth/session.d.ts

@@ -25,6 +25,13 @@ export interface SessionPayload {
     tenant?: string;
     /** Optional list of role identifiers — used by later phases for RBAC. */
     roles?: string[];
+    /** Per-session random identifier. Minted at issue time. Lets the
+     *  revocation blocklist (see ./revocation.ts) drop a single session
+     *  without rotating the signing secret. Optional for backward compat:
+     *  cookies issued before this field existed still verify and simply
+     *  can't be revoked individually (a subject-wide revocation still
+     *  catches them via `iat`). */
+    sid?: string;
     /** Issued-at, seconds since epoch. */
     iat: number;
     /** Hard expiry, seconds since epoch. */

package/dist/auth/session.js

@@ -37,6 +37,10 @@ export function issueSession(identity, cfg, now = Math.floor(Date.now() / 1000))
         email: identity.email,
         tenant: identity.tenant,
         roles: identity.roles,
+        // 16 random bytes ≈ 128 bits — collision-free across any realistic
+        // session population, and enough entropy that a sid can't be guessed
+        // to forge a revocation target for another user's session.
+        sid: randomBytes(16).toString("base64url"),
         iat: now,
         exp: now + ttl,
     };
@@ -93,6 +97,8 @@ function isSessionPayload(v) {
         return false;
     if (o.roles !== undefined && !(Array.isArray(o.roles) && o.roles.every((r) => typeof r === "string")))
         return false;
+    if (o.sid !== undefined && typeof o.sid !== "string")
+        return false;
     if (o.email !== undefined && typeof o.email !== "string")
         return false;
     if (o.tenant !== undefined && typeof o.tenant !== "string")

package/dist/auth/session.test.js

@@ -1,5 +1,6 @@
 import { test } from "node:test";
 import assert from "node:assert/strict";
+import { createHmac } from "node:crypto";
 import { issueSession, verifySession, setCookieHeader, clearCookieHeader, readCookie, generateSecret, DEFAULT_COOKIE_NAME, } from "./session.js";
 const secret = "a".repeat(48);
 test("issueSession + verifySession — round-trips identity", () => {
@@ -12,6 +13,26 @@ test("issueSession + verifySession — round-trips identity", () => {
     assert.equal(verified.sub, "alice");
     assert.deepEqual(verified.roles, ["operator"]);
 });
+test("issueSession mints a unique sid that round-trips through verify", () => {
+    const now = 1_700_000_000;
+    const a = issueSession({ sub: "alice", name: "Alice" }, { secret }, now);
+    const b = issueSession({ sub: "alice", name: "Alice" }, { secret }, now);
+    assert.ok(a.payload.sid, "expected a sid");
+    assert.notEqual(a.payload.sid, b.payload.sid, "each session gets its own sid");
+    const verified = verifySession(a.cookie, { secret }, now + 1);
+    assert.ok(verified);
+    assert.equal(verified.sid, a.payload.sid);
+});
+test("verifySession — a legacy cookie without a sid still verifies", () => {
+    const now = 1_700_000_000;
+    // Hand-craft a payload lacking sid (pre-Q17 shape) and sign it.
+    const payload = { sub: "alice", name: "Alice", iat: now, exp: now + 3600 };
+    const payloadStr = Buffer.from(JSON.stringify(payload)).toString("base64url");
+    const sig = createHmac("sha256", secret).update(payloadStr).digest("base64url");
+    const verified = verifySession(`${payloadStr}.${sig}`, { secret }, now + 1);
+    assert.ok(verified, "legacy cookie should still verify");
+    assert.equal(verified.sid, undefined);
+});
 test("issueSession + verifySession — round-trips email when present", () => {
     const now = 1_700_000_000;
     const { cookie } = issueSession({ sub: "alice", name: "Alice", email: "alice@example.test", roles: ["operator"] }, { secret }, now);

package/dist/connectors/interface.d.ts

@@ -1,4 +1,4 @@
-import type { SignalType, ConnectorHealth, ServiceInfo, MetricInfo, MetricQuery, MetricResult, LogQuery, LogResult, TraceQuery, TraceResult, SourceConfig, MetricDefinition, Resource, Edge, TopologySnapshot, TopologyChangeListener } from "../types.js";
+import type { SignalType, ConnectorHealth, ServiceInfo, MetricInfo, MetricQuery, MetricResult, LogQuery, LogResult, LogAggregateQuery, LogAggregateResult, TraceQuery, TraceResult, SourceConfig, MetricDefinition, Resource, Edge, TopologySnapshot, TopologyChangeListener } from "../types.js";
 export interface ObservabilityConnector {
     readonly name: string;
     readonly type: string;
@@ -14,6 +14,10 @@ export interface ObservabilityConnector {
     listAvailableMetrics?(service: string): Promise<MetricInfo[]>;
     queryMetrics?(params: MetricQuery): Promise<MetricResult>;
     queryLogs?(params: LogQuery): Promise<LogResult>;
+    /** Optional server-side log aggregation (count/sum/topk). Backends that
+     *  can push aggregation down (Loki → LogQL metric queries) implement it;
+     *  the query_logs tool routes here when an `aggregate` arg is present. */
+    queryLogAggregate?(params: LogAggregateQuery): Promise<LogAggregateResult>;
     /** Optional traces capability — Tempo / Jaeger / OTLP backends
      *  implement this. The MCP `query_traces` tool fans out to every
      *  connector that has it. */