@thotischner/observability-mcp 3.0.1 → 3.1.1

package/dist/connectors/loki.test.js

@@ -1,7 +1,177 @@
 import { describe, it } from "node:test";
 import assert from "node:assert/strict";
-import { LokiConnector } from "./loki.js";
+import { LokiConnector, logqlLabelFilters, levelFromStatus, escapeLogQLValue, buildAggregateLogQL, parseDurationSeconds, defaultBucketSeconds, } from "./loki.js";
 const proto = LokiConnector.prototype;
+function jsonRes(obj) {
+    return { ok: true, status: 200, statusText: "OK", json: async () => obj, text: async () => "" };
+}
+describe("Q-LOG1: logqlLabelFilters", () => {
+    it("returns empty string for undefined / empty", () => {
+        assert.equal(logqlLabelFilters(undefined), "");
+        assert.equal(logqlLabelFilters({}), "");
+    });
+    it("compiles a single filter", () => {
+        assert.equal(logqlLabelFilters({ method: "GET" }), ' | method="GET"');
+    });
+    it("compiles multiple filters, keys sorted for determinism", () => {
+        assert.equal(logqlLabelFilters({ status: "200", method: "GET", url: "/" }), ' | method="GET" | status="200" | url="/"');
+    });
+    it("escapes double quotes and backslashes in values", () => {
+        assert.equal(logqlLabelFilters({ path: 'a"b\\c' }), ' | path="a\\"b\\\\c"');
+    });
+});
+describe("Q-LOG1: levelFromStatus", () => {
+    it("maps 5xx → error", () => {
+        assert.equal(levelFromStatus(500), "error");
+        assert.equal(levelFromStatus("503"), "error");
+        assert.equal(levelFromStatus(599), "error");
+    });
+    it("maps 4xx → warn", () => {
+        assert.equal(levelFromStatus(404), "warn");
+        assert.equal(levelFromStatus("400"), "warn");
+    });
+    it("returns undefined for 2xx/3xx and non-numeric", () => {
+        assert.equal(levelFromStatus(200), undefined);
+        assert.equal(levelFromStatus(301), undefined);
+        assert.equal(levelFromStatus("abc"), undefined);
+        assert.equal(levelFromStatus(undefined), undefined);
+    });
+});
+describe("Q-LOG1: escapeLogQLValue", () => {
+    it("escapes backslash then quote", () => {
+        assert.equal(escapeLogQLValue('he said "hi"\\'), 'he said \\"hi\\"\\\\');
+    });
+    it("escapes control chars (newline/return/tab) into LogQL escape sequences", () => {
+        assert.equal(escapeLogQLValue("a\nb\rc\td"), "a\\nb\\rc\\td");
+    });
+});
+describe("Q-LOG1: queryLogs LogQL assembly", () => {
+    async function captureQuery(params) {
+        const conn = new LokiConnector();
+        await conn.connect({ name: "loki", type: "loki", url: "http://loki:3100", enabled: true });
+        let captured = "";
+        const orig = globalThis.fetch;
+        globalThis.fetch = (async (url) => {
+            const u = String(url);
+            if (u.includes("/label/") && u.includes("/values"))
+                return jsonRes({ data: ["payment"] });
+            if (u.includes("/query_range")) {
+                captured = decodeURIComponent((u.match(/query=([^&]+)/) || [])[1] || "");
+                return jsonRes({ data: { result: [] } });
+            }
+            return jsonRes({ data: [] });
+        });
+        try {
+            await conn.queryLogs({ service: "payment", duration: "5m", ...params });
+        }
+        finally {
+            globalThis.fetch = orig;
+        }
+        return captured;
+    }
+    it("AND's label filters after | json, with level and line filter", async () => {
+        const q = await captureQuery({ level: "error", labels: { method: "GET", status: "200" }, query: "timeout" });
+        assert.equal(q, '{service_name="payment"} | json | level="error" | method="GET" | status="200" |~ `timeout`');
+    });
+    it("works with labels only (no level/query)", async () => {
+        const q = await captureQuery({ labels: { environment: "prod" } });
+        assert.equal(q, '{service_name="payment"} | json | environment="prod"');
+    });
+    it("plain query (no labels) is unchanged from prior behaviour", async () => {
+        const q = await captureQuery({});
+        assert.equal(q, '{service_name="payment"} | json');
+    });
+});
+describe("Q-LOG2: parseDurationSeconds / defaultBucketSeconds", () => {
+    it("parses m/h/d", () => {
+        assert.equal(parseDurationSeconds("5m"), 300);
+        assert.equal(parseDurationSeconds("2h"), 7200);
+        assert.equal(parseDurationSeconds("1d"), 86400);
+        assert.equal(parseDurationSeconds("bad"), null);
+    });
+    it("buckets to ~60 points, floored at 60s", () => {
+        assert.equal(defaultBucketSeconds(3600), 60); // 1h → 60s
+        assert.equal(defaultBucketSeconds(86400), 1440); // 24h → 1440s
+        assert.equal(defaultBucketSeconds(60), 60); // tiny window floors at 60s
+    });
+});
+describe("Q-LOG2: buildAggregateLogQL", () => {
+    const PIPE = '{service_name="app"} | json | method="GET"';
+    it("count_over_time with by → sum by + range mode + step", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "count_over_time", by: ["url"], step: "15m" }, "1h");
+        assert.equal(r.mode, "range");
+        assert.equal(r.step, "900s");
+        assert.equal(r.logql, `sum by (url) (count_over_time(${PIPE} [900s]))`);
+    });
+    it("count_over_time without by → bare count_over_time, default step", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "count_over_time" }, "1h");
+        assert.equal(r.mode, "range");
+        assert.equal(r.step, "60s");
+        assert.equal(r.logql, `count_over_time(${PIPE} [60s])`);
+    });
+    it("sum → instant total per group over the whole window", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "sum", by: ["status"] }, "1h");
+        assert.equal(r.mode, "instant");
+        assert.equal(r.logql, `sum by (status) (count_over_time(${PIPE} [3600s]))`);
+    });
+    it("topk → instant topk(k, sum by) with default k=10", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "topk", by: ["url"] }, "1h");
+        assert.equal(r.mode, "instant");
+        assert.equal(r.logql, `topk(10, sum by (url) (count_over_time(${PIPE} [3600s])))`);
+    });
+    it("topk honours explicit k", () => {
+        const r = buildAggregateLogQL(PIPE, { op: "topk", by: ["url"], k: 3 }, "30m");
+        assert.equal(r.logql, `topk(3, sum by (url) (count_over_time(${PIPE} [1800s])))`);
+    });
+});
+describe("Q-LOG2: queryLogAggregate", () => {
+    async function run(agg) {
+        const conn = new LokiConnector();
+        await conn.connect({ name: "loki", type: "loki", url: "http://loki:3100", enabled: true });
+        let capturedUrl = "";
+        const orig = globalThis.fetch;
+        globalThis.fetch = (async (url) => {
+            const u = String(url);
+            if (u.includes("/label/") && u.includes("/values"))
+                return jsonRes({ data: ["app"] });
+            if (u.includes("/query_range")) {
+                capturedUrl = u;
+                return jsonRes({ data: { resultType: "matrix", result: [
+                            { metric: { url: "/" }, values: [[1000, "3"], [1060, "5"]] },
+                        ] } });
+            }
+            if (u.includes("/query")) {
+                capturedUrl = u;
+                return jsonRes({ data: { resultType: "vector", result: [
+                            { metric: { url: "/a" }, value: [2000, "7"] },
+                            { metric: { url: "/b" }, value: [2000, "12"] },
+                        ] } });
+            }
+            return jsonRes({ data: [] });
+        });
+        try {
+            return await conn.queryLogAggregate({ service: "app", duration: "1h", ...agg });
+        }
+        finally {
+            globalThis.fetch = orig;
+        }
+    }
+    it("topk → instant vector parsed + sorted desc, note set", async () => {
+        const res = await run({ op: "topk", by: ["url"], k: 2 });
+        assert.equal(res.mode, "instant");
+        assert.equal(res.op, "topk");
+        assert.deepEqual(res.by, ["url"]);
+        assert.deepEqual(res.series.map((s) => [s.labels.url, s.value]), [["/b", 12], ["/a", 7]]);
+        assert.match(res.note, /limit/);
+    });
+    it("count_over_time → range matrix parsed into points", async () => {
+        const res = await run({ op: "count_over_time", by: ["url"], step: "1m" });
+        assert.equal(res.mode, "range");
+        assert.equal(res.step, "60s");
+        assert.equal(res.series.length, 1);
+        assert.deepEqual(res.series[0].points, [{ t: 1000000, value: 3 }, { t: 1060000, value: 5 }]);
+    });
+});
 describe("LokiConnector", () => {
     describe("parseLine", () => {
         it("parses valid JSON", () => {

package/dist/index.js

@@ -19,6 +19,10 @@ import { buildSessionAttacher, buildRequireSession, } from "./auth/middleware.js
 import { buildRequirePermissionFromEngine, hasPermission, listGrantedPermissions, DEFAULT_POLICY, } from "./auth/rbac.js";
 import { resolveOidcConfig, buildOidcRuntime } from "./auth/oidc/runtime.js";
 import { registerOidcRoutes } from "./auth/oidc/endpoints.js";
+import { RevocationStore } from "./auth/revocation.js";
+import { AccountLockout, lockoutConfigFromEnv, lockoutDisabledFromEnv, } from "./auth/lockout.js";
+import { resolveSessionStore } from "./transport/sessionStore.js";
+import { generateNonce, enforcedCsp, reportOnlyCsp, reportingEndpointsHeader, reportToHeader, summariseViolation, cspStrictReportFromEnv, CSP_NONCE_PLACEHOLDER, } from "./security/csp.js";
 import { createScimStore } from "./scim/store.js";
 import { registerScimRoutes } from "./scim/routes.js";
 import { BuiltinPolicyEngine } from "./auth/policy/engine.js";
@@ -433,6 +437,10 @@ async function main() {
                 .string()
                 .optional()
                 .describe("Optional. Filter expression matched against the log message; regular expressions are supported. Omit to return all entries in the window."),
+            labels: z
+                .record(z.string(), z.string())
+                .optional()
+                .describe("Optional. Exact-match filters on backend-extracted log fields (e.g. {\"method\":\"GET\",\"status\":\"200\",\"url\":\"/\",\"environment\":\"prod\"}). All AND'd together and compiled to LogQL label filters applied after `| json`, so structured JSON fields become first-class selectors — far more reliable than regex on the raw message. Combine with `aggregate` to filter then group. Backends without label extraction ignore it."),
             duration: z
                 .string()
                 .optional()
@@ -441,12 +449,34 @@ async function main() {
                 .enum(["error", "warn", "info", "debug"])
                 .optional()
                 .describe("Optional. Return only entries at this severity. Default: all levels."),
+            aggregate: z
+                .object({
+                op: z
+                    .enum(["count_over_time", "sum", "topk"])
+                    .describe("count_over_time = time series of counts per `step` bucket; sum = single total per group over the window; topk = the top `k` groups by total."),
+                by: z
+                    .array(z.string())
+                    .optional()
+                    .describe("Label names to group by, e.g. [\"url\"] or [\"status\"]. Required for topk."),
+                k: z
+                    .number()
+                    .int()
+                    .positive()
+                    .optional()
+                    .describe("For topk: how many top groups to return (1-1000)."),
+                step: z
+                    .string()
+                    .optional()
+                    .describe("For count_over_time: bucket width as <number><unit> m|h|d (e.g. '15m'). Default auto-derived from duration."),
+            })
+                .optional()
+                .describe("Optional. Server-side aggregation pushed down to LogQL metric queries — returns grouped counts, not raw rows, so you get a number instead of a haystack (and never hit `limit`). Honours `labels`/`query` filters. Example: {\"op\":\"topk\",\"by\":[\"url\"],\"k\":10} for the busiest paths; {\"op\":\"count_over_time\",\"step\":\"15m\"} for a request-count time series."),
             limit: z
                 .number()
                 .int()
                 .positive()
                 .optional()
-                .describe("Optional. Maximum number of log entries to return (most recent first). Default: 100."),
+                .describe("Optional. Maximum number of log entries to return (most recent first). Default: 100. Ignored when `aggregate` is set."),
             bypass_redaction: z
                 .boolean()
                 .optional()
@@ -723,7 +753,19 @@ async function main() {
     else if (requestedAuthMode !== "anonymous") {
         authMisconfig(`unknown OMCP_AUTH=${requestedAuthMode}`);
     }
-    const authRuntime = { mode: authMode, session: sessionCfg, secretEphemeral, oidc: oidcRuntime };
+    // Session revocation blocklist (Q17). Only meaningful when sessions
+    // exist (basic / oidc); anonymous mode leaves it undefined so the
+    // middleware check is a pure no-op. OMCP_AUTH_REVOCATION_FILE persists
+    // the blocklist across restarts and shares it across replicas when it
+    // points at shared storage; unset = in-memory only.
+    let revocationStore;
+    if (authMode !== "anonymous") {
+        revocationStore = await RevocationStore.create({
+            path: process.env.OMCP_AUTH_REVOCATION_FILE?.trim() || undefined,
+        });
+        console.log(`[auth] session revocation blocklist active — backend=${revocationStore.persistent ? `file (${revocationStore.filePath})` : "memory"}, ${revocationStore.size} existing entr${revocationStore.size === 1 ? "y" : "ies"}`);
+    }
+    const authRuntime = { mode: authMode, session: sessionCfg, secretEphemeral, oidc: oidcRuntime, revocation: revocationStore };
     // --- HTTP server ---
     const app = express();
     // Trust-proxy: when set, Express will read req.ip / req.secure from
@@ -757,13 +799,38 @@ async function main() {
     // without the wildcard the body silently arrives empty and every
     // SCIM POST/PATCH 400s. The wildcard also future-proofs other
     // structured-suffix JSON content types.
-    app.use(express.json({ limit: "1mb", type: ["application/json", "application/*+json"] }));
+    // application/csp-report is the legacy media type browsers use for CSP
+    // violation reports (the modern Reporting API uses application/reports+json,
+    // already covered by the wildcard). Without it the report body arrives empty.
+    app.use(express.json({ limit: "1mb", type: ["application/json", "application/*+json", "application/csp-report"] }));
+    // Q20 — resolve the opt-in strict Report-Only CSP toggle once at boot.
+    // Default off: with ~200 inline handlers the report-only policy would
+    // emit a [Report Only] console message per handler on every page load.
+    const cspStrictReport = cspStrictReportFromEnv();
+    if (cspStrictReport) {
+        console.log("[csp] strict report-only policy ON (OMCP_CSP_STRICT_REPORT) — inline-handler violations will be reported to /api/csp-violations");
+    }
     // Security headers
     app.use((req, res, next) => {
         res.setHeader("X-Content-Type-Options", "nosniff");
         res.setHeader("X-Frame-Options", "DENY");
         res.setHeader("X-XSS-Protection", "1; mode=block");
         res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
+        // Q20 — Content-Security-Policy. A per-request nonce is minted and
+        // stashed on res.locals so the UI handler can stamp it into the two
+        // inline <script> blocks. The enforced policy keeps the UI working
+        // (script-src 'unsafe-inline' for the ~200 inline handlers) and is
+        // always on; the strict report-only policy is opt-in (it surfaces the
+        // inline-handler debt but is console-noisy). Both report to
+        // /api/csp-violations.
+        const nonce = generateNonce();
+        res.locals.cspNonce = nonce;
+        res.setHeader("Content-Security-Policy", enforcedCsp());
+        if (cspStrictReport) {
+            res.setHeader("Content-Security-Policy-Report-Only", reportOnlyCsp(nonce));
+        }
+        res.setHeader("Reporting-Endpoints", reportingEndpointsHeader());
+        res.setHeader("Report-To", reportToHeader());
         // Dynamic API responses must never be served from the browser/proxy
         // cache: after a mutation (e.g. installing a connector) the UI
         // re-fetches these GETs immediately, and a heuristically-cached stale
@@ -814,6 +881,11 @@ async function main() {
     const csrfCfg = {
         bypassBearer: csrfBypassFromEnv(),
         secureCookie: (r) => r.secure || r.headers["x-forwarded-proto"] === "https",
+        // CSP violation reports are unauthenticated browser POSTs that by
+        // construction carry no cookie + no custom header — exempt them from
+        // CSRF. The endpoint only records a sanitised summary, so accepting it
+        // cross-site is harmless.
+        skip: (r) => r.method === "POST" && (r.path === "/api/csp-violations" || r.originalUrl.split("?")[0] === "/api/csp-violations"),
     };
     app.use(buildCsrfIssuer(csrfCfg));
     app.use("/api", buildCsrfEnforcer(csrfCfg));
@@ -944,6 +1016,36 @@ async function main() {
             .catch((err) => console.warn("AuditLog flushSinks failed:", err));
     });
     const audit = (resource, action) => buildAuditMiddleware({ audit: mgmtAudit, resource, action });
+    // Q20 — CSP violation report sink. Unauthenticated browser POST (exempt
+    // from CSRF via csrfCfg.skip), tightly rate-limited so a misbehaving or
+    // hostile client can't flood the audit log, and only a sanitised summary
+    // (directive / blocked-uri / document-uri) is recorded. Always 204 so the
+    // browser never retries. The report-only strict policy is what drives most
+    // of these today (the inline-handler debt) — they roll into mgmtAudit so an
+    // operator can watch the migration surface shrink.
+    const cspReportRateLimit = rateLimit({
+        windowMs: 60_000,
+        max: 60,
+        standardHeaders: true,
+        legacyHeaders: false,
+        message: { error: "rate limited" },
+    });
+    app.post("/api/csp-violations", cspReportRateLimit, (req, res) => {
+        const summary = summariseViolation(req.body);
+        if (summary) {
+            void mgmtAudit.record({
+                actor: { sub: "browser:csp" },
+                tenant: "default",
+                resource: "settings",
+                action: "read",
+                method: "POST",
+                path: "/api/csp-violations",
+                status: 204,
+                target: `${summary.directive} blocked ${summary.blockedUri}`.slice(0, 256),
+            }).catch(() => { });
+        }
+        res.status(204).end();
+    });
     // Plugin lifecycle hook registry — populated by the loader at boot
     // (one entry per manifest `hooks[]` entry) and mutable at runtime
     // when a connector is installed via /api/connectors/install. Each
@@ -1106,7 +1208,29 @@ async function main() {
             res.end(await selfRegistry.metrics());
         });
     }
-    // Serve Web UI
+    // Serve Web UI. The index page is served dynamically so the per-request
+    // CSP nonce can be stamped into its inline <script> blocks (the rest of
+    // ui/ stays on express.static). Read once at boot; if the file is
+    // missing we fall through to static, which 404s like before.
+    let uiHtmlTemplate = null;
+    try {
+        uiHtmlTemplate = readFileSync(join(__dirname, "ui", "index.html"), "utf8");
+    }
+    catch {
+        uiHtmlTemplate = null;
+    }
+    if (uiHtmlTemplate) {
+        const template = uiHtmlTemplate;
+        const serveIndex = (_req, res) => {
+            const nonce = res.locals.cspNonce ?? "";
+            res.setHeader("Content-Type", "text/html; charset=utf-8");
+            // Index is identity/nonce-specific — never let a proxy cache it.
+            res.setHeader("Cache-Control", "no-store");
+            res.send(template.split(CSP_NONCE_PLACEHOLDER).join(nonce));
+        };
+        app.get("/", serveIndex);
+        app.get("/index.html", serveIndex);
+    }
     app.use(express.static(join(__dirname, "ui")));
     // --- API endpoints for Web UI ---
     // List sources with health status — tenant-scoped.
@@ -1286,6 +1410,10 @@ async function main() {
             },
             permissions: listGrantedPermissions(sess.roles, policyEngineToMap(policyEngine)),
             exp: sess.exp,
+            // The current session's revocation id. Surfaced so an admin can
+            // copy it into POST /api/auth/revocations to kill a specific
+            // session. Absent for legacy cookies issued before sid existed.
+            sid: sess.sid,
             // When the user signed in via OIDC, surface the IdP issuer
             // URL so the UI can render an appropriate badge or link to
             // an IdP-side profile page. Empty / absent in basic mode.
@@ -1810,6 +1938,19 @@ async function main() {
             catch { /* ignore — first login will pick it up */ }
         }
     }
+    // Q18 — per-username failed-login lockout with progressive backoff.
+    // Complements the per-IP loginRateLimit above: that bounds a noisy
+    // single source, this bounds a slow / distributed grind on one
+    // account. Backed by the shared SessionStore so a Redis deployment
+    // locks consistently across replicas (and self-cleans via TTL).
+    // Basic mode only — OIDC delegates auth (and lockout) to the IdP.
+    let lockout;
+    if (authRuntime.mode === "basic" && !lockoutDisabledFromEnv()) {
+        const lockoutStore = await resolveSessionStore();
+        const lockoutCfg = lockoutConfigFromEnv();
+        lockout = new AccountLockout(lockoutStore, lockoutCfg);
+        console.log(`[auth] account lockout active — ${lockoutCfg.maxFailures} failures / ${lockoutCfg.windowSeconds}s → lock ${lockoutCfg.baseLockSeconds}s (×2 up to ${lockoutCfg.maxLockSeconds}s), backend=${lockoutStore.backend}`);
+    }
     app.post("/api/auth/login", loginRateLimit, async (req, res) => {
         if (authRuntime.mode !== "basic" || !sessionCfg || !usersStore) {
             res.status(503).json({ error: "auth mode does not accept logins" });
@@ -1823,11 +1964,57 @@ async function main() {
             res.status(400).json({ error: "username and password are required" });
             return;
         }
+        // Gate on the lock BEFORE the (expensive) scrypt verify so a locked
+        // account can't be used to burn CPU. A locked account is a 429 with
+        // Retry-After, never a credential oracle — the response is identical
+        // whether or not the username exists.
+        if (lockout) {
+            const status = await lockout.check(username);
+            if (status.locked) {
+                res.setHeader("Retry-After", String(status.retryAfterSeconds ?? 0));
+                res.status(429).json({
+                    error: "account temporarily locked due to repeated failed logins",
+                    retryAfterSeconds: status.retryAfterSeconds,
+                });
+                void mgmtAudit.record({
+                    actor: { sub: username },
+                    tenant: "default",
+                    resource: "users",
+                    action: "write",
+                    method: "POST",
+                    path: "/api/auth/login",
+                    status: 429,
+                }).catch(() => { });
+                return;
+            }
+        }
         const user = authenticate(username, password, usersStore);
         if (!user) {
+            if (lockout) {
+                const after = await lockout.recordFailure(username);
+                if (after.locked) {
+                    res.setHeader("Retry-After", String(after.retryAfterSeconds ?? 0));
+                    res.status(429).json({
+                        error: "account temporarily locked due to repeated failed logins",
+                        retryAfterSeconds: after.retryAfterSeconds,
+                    });
+                    void mgmtAudit.record({
+                        actor: { sub: username },
+                        tenant: "default",
+                        resource: "users",
+                        action: "write",
+                        method: "POST",
+                        path: "/api/auth/login",
+                        status: 429,
+                    }).catch(() => { });
+                    return;
+                }
+            }
             res.status(401).json({ error: "invalid credentials" });
             return;
         }
+        if (lockout)
+            await lockout.recordSuccess(user.username);
         const { cookie } = issueSession({ sub: user.username, name: user.name, roles: user.roles, tenant: user.tenant }, sessionCfg);
         const secure = req.secure || (req.headers["x-forwarded-proto"] === "https");
         res.setHeader("Set-Cookie", setCookieHeader(cookie, sessionCfg, { secure }));
@@ -1855,6 +2042,34 @@ async function main() {
         registerOidcRoutes(app, { sessionCfg, oidc: oidcRuntime });
         console.log("[auth] OIDC endpoints registered: /api/auth/oidc/{login,callback,logout}");
     }
+    // Q17 — session revocation blocklist. Admin-gated (same role tier as
+    // user/role management). A revoked-but-unexpired cookie is rejected by
+    // buildSessionAttacher on the next request. Revoke a single session by
+    // `sid` (read it from /api/me or the audit log) or every current
+    // session for a `sub` ("log this user out everywhere"). The blocklist
+    // is the stateful complement to the otherwise-stateless cookie.
+    app.post("/api/auth/revocations", need("users", "delete"), audit("users", "write"), async (req, res) => {
+        if (!revocationStore) {
+            res.status(503).json({ error: "revocation requires an auth mode (basic|oidc)" });
+            return;
+        }
+        const body = (req.body || {});
+        const sid = typeof body.sid === "string" && body.sid.trim() ? body.sid.trim() : undefined;
+        const sub = typeof body.sub === "string" && body.sub.trim() ? body.sub.trim() : undefined;
+        const reason = typeof body.reason === "string" ? body.reason.slice(0, 500) : undefined;
+        if ((sid ? 1 : 0) + (sub ? 1 : 0) !== 1) {
+            res.status(400).json({ error: "exactly one of `sid` or `sub` is required" });
+            return;
+        }
+        const by = req.session?.sub;
+        const entry = sid
+            ? await revocationStore.revokeSession(sid, { reason, by })
+            : await revocationStore.revokeSubject(sub, { reason, by });
+        res.status(201).json({ ok: true, revocation: entry });
+    });
+    app.get("/api/auth/revocations", need("users", "delete"), (_req, res) => {
+        res.json({ revocations: revocationStore ? revocationStore.list() : [] });
+    });
     // Phase F21 / Q6: SCIM 2.0 — opt-in. OMCP_SCIM_TOKEN gates access.
     // The store backend is chosen by createScimStore from
     // OMCP_SCIM_BACKEND (file | redis). file (default) → OMCP_SCIM_STORE
@@ -2618,6 +2833,31 @@ async function main() {
             tools: filteredTools,
         });
     });
+    // Q21 — per-service anomaly-score sparklines for the Health tab. Reads
+    // the in-process ring of the anomaly-history sink (last hour), tenant-
+    // scoped. MUST be registered before "/api/health/:service" so the
+    // literal path isn't captured as a service name. `enabled` is true once
+    // any score exists; the UI falls back to its client-side trend otherwise.
+    app.get("/api/health/anomaly-sparklines", (req, res) => {
+        const sess = req.session;
+        const callerTenant = sess?.tenant || "default";
+        // Anonymous (single-tenant) mode: no tenant filter, see everything.
+        const tenant = sess ? callerTenant : undefined;
+        const records = anomalyHistory.recent({ tenant });
+        const series = {};
+        for (const r of records) {
+            const t = Date.parse(r.ts);
+            if (!Number.isFinite(t))
+                continue;
+            (series[r.service] ??= []).push({ t, score: r.score });
+        }
+        res.json({
+            enabled: records.length > 0,
+            remoteWrite: anomalyHistory.isEnabled(),
+            windowMs: anomalyHistory.windowMs,
+            series,
+        });
+    });
     // Health endpoint for UI dashboard
     app.get("/api/health/:service", async (req, res) => {
         try {

package/dist/openapi.js

@@ -394,6 +394,45 @@ export function buildOpenApiSpec(version) {
                     responses: { "204": { description: "Cookie cleared." } },
                 },
             },
+            "/api/auth/revocations": {
+                get: {
+                    tags: ["auth"],
+                    summary: "List session revocations (admin).",
+                    description: "Returns the current revocation blocklist. Admin-gated (users:delete). Empty in anonymous mode.",
+                    responses: {
+                        "200": { description: "Array of revocation entries." },
+                        "401": { description: "Authentication required." },
+                        "403": { description: "Caller lacks the admin permission." },
+                    },
+                },
+                post: {
+                    tags: ["auth"],
+                    summary: "Revoke a session or all of a subject's sessions (admin).",
+                    description: "Adds an entry to the on-disk blocklist. Provide exactly one of `sid` (revoke one session — copy it from /api/me) or `sub` (log a user out everywhere — revokes every session issued so far; a fresh login afterwards is unaffected). The next request bearing a revoked cookie is treated as logged out.",
+                    requestBody: {
+                        required: true,
+                        content: {
+                            "application/json": {
+                                schema: {
+                                    type: "object",
+                                    properties: {
+                                        sid: { type: "string", description: "Session id to revoke (from /api/me)." },
+                                        sub: { type: "string", description: "Subject whose current sessions to revoke." },
+                                        reason: { type: "string", description: "Optional free-text reason (truncated to 500 chars)." },
+                                    },
+                                },
+                            },
+                        },
+                    },
+                    responses: {
+                        "201": { description: "Revocation recorded; the entry is returned." },
+                        "400": { description: "Neither or both of sid/sub supplied." },
+                        "401": { description: "Authentication required." },
+                        "403": { description: "Caller lacks the admin permission." },
+                        "503": { description: "Server is in anonymous mode (no sessions to revoke)." },
+                    },
+                },
+            },
             "/api/auth/oidc/login": {
                 get: {
                     tags: ["auth"],

package/dist/openapi.test.js

@@ -19,6 +19,7 @@ test("openapi — every user-visible /api path is documented", () => {
         "/api/me",
         "/api/auth/login",
         "/api/auth/logout",
+        "/api/auth/revocations",
         "/api/auth/oidc/login",
         "/api/auth/oidc/callback",
         "/api/auth/oidc/logout",

package/dist/security/csp.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Content-Security-Policy for the management-plane Web UI.
+ *
+ * Two policies ship together, by design:
+ *
+ *  - **Enforced** (`Content-Security-Policy`): a real, non-breaking policy.
+ *    It locks down everything the UI doesn't need — no remote scripts
+ *    (`script-src 'self'`), no plugins (`object-src 'none'`), no `<base>`
+ *    hijack (`base-uri 'self'`), no framing (`frame-ancestors 'none'`),
+ *    and same-origin-only XHR via `connect-src 'self'`. It keeps
+ *    `'unsafe-inline'` for `script-src` because the single-file UI uses
+ *    ~200 inline event-handler attributes (`onclick=`, …) that a nonce
+ *    cannot cover — a nonce in `script-src` would *disable* `'unsafe-inline'`
+ *    in CSP3 and break every button. So the enforced policy is a genuine
+ *    improvement over no CSP without regressing the UI.
+ *
+ *  - **Report-Only** (`Content-Security-Policy-Report-Only`): the strict
+ *    target policy — `script-src 'self' 'nonce-…'`, no `'unsafe-inline'`.
+ *    The two legitimate inline `<script>` blocks carry the per-request
+ *    nonce, so this policy flags ONLY the inline event-handler debt. It
+ *    blocks nothing; it just reports, giving an actionable migration list
+ *    (move the handlers to addEventListener) before a future slice can
+ *    promote the strict policy to enforced.
+ *
+ *    It is **opt-in** (`OMCP_CSP_STRICT_REPORT=true`): with ~200 inline
+ *    handlers it would otherwise emit a `[Report Only]` console message
+ *    per handler on every page load — noise an operator with devtools
+ *    open shouldn't eat by default. Enable it when you're actively
+ *    working the migration. The enforced policy + reporting endpoint are
+ *    always on regardless.
+ *
+ * Both policies report to `/api/csp-violations` via the modern Reporting
+ * API (`Reporting-Endpoints` + `report-to`) and the legacy `report-uri`.
+ */
+/** Placeholder substituted with the per-request nonce when serving the UI HTML. */
+export declare const CSP_NONCE_PLACEHOLDER = "__CSP_NONCE__";
+/** The named reporting group used in the Report-To / Reporting-Endpoints headers. */
+export declare const CSP_REPORT_GROUP = "omcp-csp";
+/** Where violation reports are POSTed. */
+export declare const CSP_REPORT_PATH = "/api/csp-violations";
+/** Fresh base64 nonce (128 bits). */
+export declare function generateNonce(): string;
+/** The enforced policy — non-breaking, keeps the UI working. */
+export declare function enforcedCsp(): string;
+/** The strict target policy, run in report-only mode against the nonce. */
+export declare function reportOnlyCsp(nonce: string): string;
+/** Whether the strict Report-Only policy is enabled. Default off — see
+ *  the module header for why (console noise from ~200 inline handlers). */
+export declare function cspStrictReportFromEnv(env?: NodeJS.ProcessEnv): boolean;
+/** Value for the modern `Reporting-Endpoints` header. */
+export declare function reportingEndpointsHeader(): string;
+/** Value for the legacy `Report-To` header (Reporting API v0). */
+export declare function reportToHeader(): string;
+/**
+ * Normalise a posted CSP violation (either the legacy
+ * `application/csp-report` `{ "csp-report": {...} }` envelope or a modern
+ * Reporting-API `application/reports+json` array element) into a compact,
+ * log-safe summary. Returns null when the body isn't a recognisable report.
+ */
+export declare function summariseViolation(body: unknown): {
+    directive: string;
+    blockedUri: string;
+    documentUri: string;
+} | null;