iso27001-mcp 0.8.0 → 0.8.1

package/README.md

@@ -1,6 +1,6 @@
 # iso27001-mcp
 
-[![Socket Badge](https://badge.socket.dev/npm/package/iso27001-mcp/0.7.9)](https://socket.dev/npm/package/iso27001-mcp/overview/0.7.9)
+[![Socket Badge](https://badge.socket.dev/npm/package/iso27001-mcp/0.8.1)](https://socket.dev/npm/package/iso27001-mcp/overview/0.8.1)
 [![npm version](https://img.shields.io/npm/v/iso27001-mcp.svg)](https://npmjs.com/package/iso27001-mcp)
 [![Live Demo](https://img.shields.io/badge/demo-live-blue)](https://sushegaad.github.io/MCP-Server-for-ISO27001/)
 
@@ -31,6 +31,20 @@ Claude ──MCP──► iso27001-mcp ──► encrypted SQLite (isms.db)
 - [Configuration](#configuration)
 - [Connecting to Claude](#connecting-to-claude)
 - [Tools Reference](#tools-reference)
+  - [Group 1 — Control Registry](#group-1--control-registry-minimum-role-viewer)
+  - [Group 2 — Gap Analysis](#group-2--gap-analysis-reads-viewer-writes-analyst)
+  - [Group 3 — Risk Management](#group-3--risk-management-reads-viewer-writes-analyst)
+  - [Group 4 — Policy Management](#group-4--policy-management-reads-viewer-create-analyst-update-admin)
+  - [Group 5 — Statement of Applicability](#group-5--statement-of-applicability-minimum-role-analyst)
+  - [Group 6 — Audit Management](#group-6--audit-management-reads-viewer-writes-admin)
+  - [Group 7 — Evidence Tracking](#group-7--evidence-tracking-reads-viewer-writes-analyst)
+  - [Group 8 — Server Info](#group-8--server-info-minimum-role-viewer)
+  - [Group 9 — Admin & Key Management](#group-9--admin--key-management-minimum-role-admin)
+  - [Group 10 — Organisation Profile](#group-10--organisation-profile-minimum-role-admin-for-writes-viewer-for-reads)
+  - [Group 11 — Procedure Management](#group-11--procedure-management-reads-viewer-createexport-analyst-update-admin)
+  - [Group 12 — Management Review](#group-12--management-review-reads-viewer-writes-admin--clause-93)
+  - [Group 13 — Improvement Plan](#group-13--improvement-plan-reads-viewer-writes-analyst--clause-101)
+  - [Group 14 — Evidence Templates](#group-14--evidence-templates-reads-viewer-generate-analyst)
 - [MCP Resources](#mcp-resources)
 - [Architecture](#architecture)
 - [Modes](#modes)
@@ -90,7 +104,7 @@ iso27001-mcp keygen --label "Me" --role admin
 
 The raw key (`iso27001_...`) is printed **once** and never stored in plaintext. Copy it immediately.
 
-> Three roles are available: `viewer` (25 read-only tools), `analyst` (40 tools), `admin` (all 50 tools). Use `admin` for your personal key.
+> Three roles are available: `viewer` (31 read-only tools), `analyst` (49 tools), `admin` (all 63 tools). Use `admin` for your personal key.
 
 ### Step 4 — Add to Claude Desktop
 
@@ -121,7 +135,7 @@ Add the following block, substituting your values from Steps 2 and 3:
 
 ### Step 5 — Restart Claude Desktop and verify
 
-Fully quit and reopen Claude Desktop. You should see 50 tools in the MCP tools panel (hammer icon). Then ask Claude:
+Fully quit and reopen Claude Desktop. You should see 63 tools in the MCP tools panel (hammer icon). Then ask Claude:
 
 > *"Use get_server_info to check the server is running."*
 
@@ -287,7 +301,7 @@ Full variable reference:
 | `HMAC_SECRET` | ✅ | — | 32-byte hex secret for HMAC-signing API keys |
 | `DB_ENCRYPTION_KEY` | ✅ | — | 32-byte hex key for AES-256 SQLite encryption |
 | `DB_PATH` | | `./isms.db` | Path to the encrypted database file |
-| `AUDIT_LOG_PATH` | | `./audit.log` | Path for the append-only JSON-L audit log |
+| `AUDIT_LOG_PATH` | | `./audit.jsonl` | Path for the append-only JSON-L audit log (`.jsonl` or `.log` only) |
 | `RATE_LIMIT_RPM` | | `500` | Tool calls per minute per API key |
 | `SESSION_TTL_HOURS` | | `4` | SSE session TTL (hosted/team modes) |
 | `SSE_PORT` | | `3000` | Port for the SSE server (hosted/team modes) |
@@ -307,10 +321,10 @@ The server requires an API key on every tool call. Generate one for yourself:
 # Viewer — read-only access to 25 tools
 iso27001-mcp keygen --label "Alice" --role viewer
 
-# Analyst — read + write for gap/risk/policy/procedure/evidence tools (40 tools)
+# Analyst — read + write for gap/risk/policy/procedure/evidence tools (49 tools)
 iso27001-mcp keygen --label "Bob" --role analyst --expires 90d
 
-# Admin — all 50 tools including audit log and key management
+# Admin — all 63 tools including audit log and key management
 iso27001-mcp keygen --label "CISO" --role admin --expires 1y
 ```
 
@@ -375,7 +389,7 @@ export DB_PATH=$HOME/.iso27001/isms.db
 
 ## Tools Reference
 
-The server exposes **50 tools** across 11 groups. All tools require a valid API key. The minimum role required is noted per group; `✅` marks required parameters, `—` marks optional ones.
+The server exposes **63 tools** across 14 groups. All tools require a valid API key. The minimum role required is noted per group; `✅` marks required parameters, `—` marks optional ones.
 
 ---
 
@@ -913,6 +927,147 @@ Export a procedure as Markdown or JSON.
 
 ---
 
+### Group 12 — Management Review *(reads: viewer+, writes: admin)* — Clause 9.3
+
+#### `create_management_review`
+Schedule a management review meeting.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `title` | ✅ | string | Review title |
+| `review_date` | ✅ | string | `YYYY-MM-DD` |
+| `chair` | ✅ | string | Review chair / CISO name |
+| `attendees` | — | array | List of attendee names |
+| `agenda` | — | string | Meeting agenda |
+
+#### `record_review_input`
+Record an input item to a management review (e.g. audit results, risk summary, performance metrics).
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `review_id` | ✅ | string (UUID) | |
+| `input_type` | ✅ | enum | `audit_results` \| `risk_summary` \| `objective_performance` \| `nonconformities` \| `previous_actions` \| `changes` \| `resources` \| `stakeholder_feedback` \| `other` |
+| `summary` | ✅ | string | |
+| `detail` | — | string | Supporting detail |
+
+#### `record_review_output`
+Record a decision or action item from a management review.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `review_id` | ✅ | string (UUID) | |
+| `output_type` | ✅ | enum | `improvement_opportunity` \| `resource_decision` \| `policy_change` \| `objective_change` \| `other` |
+| `description` | ✅ | string | |
+| `owner` | — | string | |
+| `due_date` | — | string | `YYYY-MM-DD` |
+
+#### `complete_management_review`
+Mark a management review as complete and record the outcome.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `review_id` | ✅ | string (UUID) | |
+| `outcome_summary` | ✅ | string | |
+
+#### `get_management_review`
+Fetch a management review with all inputs, outputs, and status.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `review_id` | ✅ | string (UUID) | |
+
+#### `list_management_reviews`
+List management reviews with optional status filter.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `status` | — | enum | `scheduled` \| `in_progress` \| `completed` |
+| `limit` | — | integer | Default: `20`, max `100` |
+| `offset` | — | integer | Default: `0` |
+
+---
+
+### Group 13 — Improvement Plan *(reads: viewer+, writes: analyst+)* — Clause 10.1
+
+#### `create_improvement_opportunity`
+Register an improvement opportunity, typically identified during a management review or audit.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `title` | ✅ | string | |
+| `description` | ✅ | string | |
+| `source` | ✅ | enum | `audit` \| `management_review` \| `incident` \| `risk_assessment` \| `self_assessment` \| `other` |
+| `priority` | — | enum | `low` \| `medium` \| `high` \| `critical` — default: `medium` |
+| `owner` | — | string | |
+| `due_date` | — | string | `YYYY-MM-DD` |
+| `related_controls` | — | array | Control IDs |
+| `review_id` | — | string (UUID) | Link to a management review output |
+
+#### `update_improvement_opportunity`
+Update the status, owner, or due date of an improvement opportunity.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `opportunity_id` | ✅ | string (UUID) | |
+| `status` | — | enum | `open` \| `in_progress` \| `completed` \| `cancelled` |
+| `owner` | — | string | |
+| `due_date` | — | string | `YYYY-MM-DD` |
+| `resolution_notes` | — | string | Required when closing |
+
+#### `get_improvement_opportunity`
+Fetch a single improvement opportunity by ID.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `opportunity_id` | ✅ | string (UUID) | |
+
+#### `list_improvement_opportunities`
+List improvement opportunities with optional filters.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `status` | — | enum | `open` \| `in_progress` \| `completed` \| `cancelled` |
+| `priority` | — | enum | `low` \| `medium` \| `high` \| `critical` |
+| `source` | — | enum | Any source enum value above |
+| `limit` | — | integer | Default: `50`, max `100` |
+| `offset` | — | integer | Default: `0` |
+
+---
+
+### Group 14 — Evidence Templates *(reads: viewer+, generate: analyst+)*
+
+#### `generate_evidence_document`
+Render a Mustache evidence template and store it. The document is dual-written to both the `evidence` table and the `generated_evidence` table for tracking and version history.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `template_type` | ✅ | enum | `access_review_attestation` \| `bcp_test_report` \| `incident_post_mortem` \| `risk_treatment_sign_off` \| `supplier_security_questionnaire` \| `training_acknowledgement` |
+| `title` | ✅ | string | Document title |
+| `generated_by` | ✅ | string | Author or system that generated the document |
+| `organisation_name` | — | string | Auto-injected from org profile if set |
+| `control_id` | — | string | Link to a specific control (default: `general`) |
+| `vars` | — | object | Additional Mustache template variables |
+
+#### `get_evidence_document`
+Fetch a generated evidence document by ID, including rendered content and clause/control mappings.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `document_id` | ✅ | string (UUID) | |
+
+#### `list_evidence_documents`
+List generated evidence documents with optional filters.
+
+| Parameter | Req | Type | Values / Notes |
+|-----------|-----|------|----------------|
+| `template_type` | — | enum | Filter to a specific template type |
+| `generated_by` | — | string | Filter by author |
+| `control_id` | — | string | Filter by linked control |
+| `limit` | — | integer | Default: `20`, max `100` |
+| `offset` | — | integer | Default: `0` |
+
+---
+
 ## MCP Resources
 
 In addition to tools, the server exposes ISMS artefacts as browseable **MCP Resources** under the `iso27001://` URI scheme. Claude can reference these directly without a tool call — ideal for inline document review, cross-referencing controls, and long-context analysis.
@@ -967,34 +1122,37 @@ Resources are read-only. Write operations always go through tools (which enforce
 │                     Claude (LLM)                        │
 └──────────┬───────────────────────────────┬──────────────┘
            │  MCP Tools (read/write)        │  MCP Resources (read-only)
-           │  50 tools, RBAC enforced       │  12 iso27001:// URIs
+           │  63 tools, RBAC enforced       │  12 iso27001:// URIs
 ┌──────────▼───────────────────────────────▼──────────────┐
 │                   iso27001-mcp server                   │
 │                                                         │
 │  ┌─────────────────────────────────────────────────┐    │
-│  │             9-Step Security Pipeline            │    │
+│  │             7-Step Security Pipeline            │    │
 │  │                                                 │    │
-│  │  1. Extract API key (meta or MCP_API_KEY env)   │    │
-│  │  2. validateKey()    HMAC-SHA256, timing-safe   │    │
+│  │  1. Extract credential (_meta.apiKey / env)     │    │
+│  │  2. Auth — session token OR validateKey()       │    │
+│  │     SSE sessions use opaque token (no raw key)  │    │
 │  │  3. checkRateLimit() sliding 60s window (RPM)   │    │
-│  │  4. loadRole()       viewer | analyst | admin   │    │
-│  │  5. assertPermission() RBAC check               │    │
-│  │  6. sanitiseParams() strip injection patterns   │    │
-│  │  7. Domain handler   business logic             │    │
-│  │  8. writeAuditEvent() tamper-evident row_hash   │    │
-│  │  9. Return result or structured McpError        │    │
+│  │  4. assertPermission() RBAC check               │    │
+│  │  5. sanitiseParams() strip injection patterns   │    │
+│  │  6. Domain handler   business logic             │    │
+│  │  7. writeAuditEvent() HMAC chain + row_hash     │    │
 │  └─────────────────────────────────────────────────┘    │
 │                                                         │
 │  ┌─────────────┐  ┌──────────┐  ┌────────────────────┐  │
 │  │  Controls   │  │  Risks   │  │  Policies &        │  │
 │  │  Gap Assess │  │ Register │  │  Procedures        │  │
-│  │  SoA        │  │ Treatmts │  │  (Mustache tmpl)   │  │
+│  │  SoA        │  │ Treatmts │  │  (Mustache+partls) │  │
 │  └─────────────┘  └──────────┘  └────────────────────┘  │
 │  ┌─────────────┐  ┌──────────┐  ┌────────────────────┐  │
-│  │   Audits    │  │ Evidence │  │  Org Profile &     │  │
-│  │  Findings   │  │  Jira/GH │  │  Audit Log         │  │
-│  │  CARs       │  │  Gaps    │  │  (tamper-evident)  │  │
+│  │   Audits    │  │ Evidence │  │  Mgmt Review &     │  │
+│  │  Findings   │  │  Jira/GH │  │  Improvement Plan  │  │
+│  │  CARs       │  │  Tmplts  │  │  (Clauses 9.3/10.1)│  │
 │  └─────────────┘  └──────────┘  └────────────────────┘  │
+│  ┌─────────────────────────────────────────────────┐    │
+│  │  Org Profile · Audit Log (HMAC-SHA256 chain)    │    │
+│  │  Session Token Store · API Key RBAC (63 tools)  │    │
+│  └─────────────────────────────────────────────────┘    │
 │                                                         │
 │  ┌─────────────────────────────────────────────────┐    │
 │  │    AES-256 encrypted SQLite  (isms.db)          │    │
@@ -1006,11 +1164,14 @@ Resources are read-only. Write operations always go through tools (which enforce
 
 ### Database
 
-All data is stored in a single encrypted SQLite file (`isms.db`) using AES-256 via `better-sqlite3-multiple-ciphers`. The schema is managed by three SQL migrations applied automatically on first startup:
+All data is stored in a single encrypted SQLite file (`isms.db`) using AES-256 via `better-sqlite3-multiple-ciphers`. The schema is managed by six SQL migrations applied automatically on first startup:
 
 - `0001_initial.sql` — 17 tables covering every ISMS domain (controls, gap assessments, risks, policies, audits, evidence, API keys, audit log, and more)
 - `0002_fts_index.sql` — FTS5 full-text search index on controls, plus 12 performance indexes
 - `0003_org_profile_procedures.sql` — `organization_profile` singleton table, `procedures` table, and `procedure_versions` history table
+- `0004_management_review_improvement.sql` — `management_reviews`, `review_inputs`, `review_outputs`, and `improvement_opportunities` tables (Clauses 9.3 and 10.1)
+- `0005_evidence_documents.sql` — `generated_evidence` table for Mustache-rendered evidence documents with dual-write to `evidence`
+- `0006_audit_log_hmac.sql` — adds `prev_hash` column to `audit_log` for HMAC chain integrity
 
 ### Seed Data
 
@@ -1023,7 +1184,7 @@ On first startup, `seedAll()` inserts all ISO 27001 reference data and verifies
 
 ### Security Pipeline
 
-Every tool call passes through the same 9-step pipeline before any business logic runs. Audit events are always written — including on authentication failure and RBAC denial — so the log is a complete record of all attempts, not just successful ones.
+Every tool call passes through the same 7-step pipeline before any business logic runs. SSE sessions use an opaque session token so the raw API key is never retained in server memory after the initial `/sse` handshake. Audit events are always written — including on authentication failure and RBAC denial — so the log is a complete record of all attempts, not just successful ones.
 
 ### Business Rules Enforced
 
@@ -1044,9 +1205,9 @@ Three roles with strict hierarchy. A key can only call tools at or below its ass
 
 | Role | Tools available | Typical user |
 |------|----------------|--------------|
-| `viewer` | 25 (all read-only tools) | Auditor, stakeholder |
-| `analyst` | 40 (reads + gap/risk/policy/procedure/evidence writes) | ISMS practitioner, consultant |
-| `admin` | 50 (all tools, including org profile, audit log and key management) | CISO, ISMS owner |
+| `viewer` | 31 (all read-only tools) | Auditor, stakeholder |
+| `analyst` | 49 (reads + gap/risk/policy/procedure/evidence/improvement writes) | ISMS practitioner, consultant |
+| `admin` | 63 (all tools, including org profile, audit management, audit log and key management) | CISO, ISMS owner |
 
 ---
 
@@ -1123,7 +1284,7 @@ npm run typecheck
 # Build dist/
 npm run build
 
-# Run all tests (404 unit + integration tests)
+# Run all tests (470 unit + integration tests)
 npm test
 
 # Watch mode
@@ -1147,12 +1308,13 @@ src/
 ├── server.ts                 McpServer factory — registers tools + resources
 ├── auth/
 │   ├── api-key.ts            Key generation, HMAC validation, expiry, revocation
-│   └── rbac.ts               Permission matrix (50 tools × 3 roles)
+│   ├── rbac.ts               Permission matrix (63 tools × 3 roles)
+│   └── session-store.ts      SSE session token store (opaque token → keyHash + role)
 ├── security/
 │   ├── sanitise.ts           Prompt-injection stripping for free-text fields
 │   ├── rate-limiter.ts       Sliding-window RPM counter per key hash
 │   ├── secrets.ts            Env var validation (fail-fast on startup)
-│   └── validate.ts           Zod schemas for all 50 tool inputs
+│   └── validate.ts           Zod schemas for all 63 tool inputs
 ├── audit/
 │   └── logger.ts             Tamper-evident audit event writer
 ├── db/
@@ -1166,7 +1328,9 @@ src/
 │   ├── version-mapping.json  125 cross-version mappings
 │   ├── clause-requirements.json  41 clause requirements (clauses 4–10)
 │   ├── policy-templates/     12 Mustache .md policy templates
-│   └── procedure-templates/  12 Mustache .md procedure templates
+│   ├── procedure-templates/  12 Mustache .md procedure templates
+│   ├── evidence-templates/   6 Mustache .md evidence document templates
+│   └── partials/             Shared Mustache partials (org_header, revision_block, approver_signature)
 ├── tools/
 │   ├── index.ts              Tool registry and security pipeline
 │   ├── controls.ts           Group 1: Control Registry (7 tools)
@@ -1179,7 +1343,10 @@ src/
 │   ├── server-info.ts        Group 8: Server Info (1 tool)
 │   ├── org-profile.ts        Group 10: Organisation Profile (2 tools) + loadOrgProfileDefaults helper
 │   ├── procedures.ts         Group 11: Procedure Management (5 tools)
-│   └── template-utils.ts     Shared loadTemplate / stripFrontmatter helpers
+│   ├── management-review.ts  Group 12: Management Review — Clause 9.3 (6 tools)
+│   ├── improvement-plan.ts   Group 13: Improvement Plan — Clause 10.1 (4 tools)
+│   ├── evidence-templates.ts Group 14: Evidence Templates (3 tools)
+│   └── template-utils.ts     Shared loadTemplate / stripFrontmatter / loadPartials helpers
 ├── resources/
 │   ├── index.ts              Registers all 12 MCP Resources
 │   ├── resource-auth.ts      Slim auth helper for resource callbacks
@@ -1225,10 +1392,11 @@ The SQLite database (`isms.db`) is encrypted at rest using AES-256 via `better-s
 Every tool call writes a row to `audit_log` with a `row_hash` computed as:
 
 ```
-SHA-256(timestamp | tool | key_hash | outcome)
+HMAC-SHA256(HMAC_SECRET, id | timestamp | tool | key_hash | role |
+            params_json | outcome | error_message | duration_ms | prev_hash)
 ```
 
-Any modification to an audit row after insertion will cause `verifyRowHash()` to fail. The same events are also appended in JSON-L format to `AUDIT_LOG_PATH` for off-database retention and SIEM ingestion.
+The `prev_hash` field chains each row to its predecessor — insertion, deletion, or reordering of rows is detectable via `verifyRowHash()` and `verifyChain()`. The same events are appended in JSON-L format to `AUDIT_LOG_PATH` for off-database retention and SIEM ingestion. The log path is validated on write to reject paths inside system directories (`/etc`, `/proc`, `/sys`, `/dev`).
 
 ### Production Checklist
 

package/dist/index.js

@@ -4947,10 +4947,10 @@ var require_raw_body = __commonJS({
       if (done) {
         return readStream(stream, encoding, length, limit, wrap(done));
       }
-      return new Promise(function executor(resolve, reject) {
+      return new Promise(function executor(resolve2, reject) {
         readStream(stream, encoding, length, limit, function onRead(err, buf) {
           if (err) return reject(err);
-          resolve(buf);
+          resolve2(buf);
         });
       });
     }
@@ -14034,7 +14034,7 @@ var require_mime_types = __commonJS({
   "node_modules/mime-types/index.js"(exports2) {
     "use strict";
     var db = require_mime_db();
-    var extname = require("path").extname;
+    var extname2 = require("path").extname;
     var EXTRACT_TYPE_REGEXP = /^\s*([^;\s]*)(?:;|\s|$)/;
     var TEXT_TYPE_REGEXP = /^text\//i;
     exports2.charset = charset;
@@ -14088,7 +14088,7 @@ var require_mime_types = __commonJS({
       if (!path || typeof path !== "string") {
         return false;
       }
-      var extension2 = extname("x." + path).toLowerCase().substr(1);
+      var extension2 = extname2("x." + path).toLowerCase().substr(1);
       if (!extension2) {
         return false;
       }
@@ -20181,14 +20181,14 @@ var require_view = __commonJS({
     var fs = require("fs");
     var dirname = path.dirname;
     var basename = path.basename;
-    var extname = path.extname;
+    var extname2 = path.extname;
     var join2 = path.join;
-    var resolve = path.resolve;
+    var resolve2 = path.resolve;
     module2.exports = View;
     function View(name, options) {
       var opts = options || {};
       this.defaultEngine = opts.defaultEngine;
-      this.ext = extname(name);
+      this.ext = extname2(name);
       this.name = name;
       this.root = opts.root;
       if (!this.ext && !this.defaultEngine) {
@@ -20217,7 +20217,7 @@ var require_view = __commonJS({
       debug('lookup "%s"', name);
       for (var i = 0; i < roots.length && !path2; i++) {
         var root = roots[i];
-        var loc = resolve(root, name);
+        var loc = resolve2(root, name);
         var dir = dirname(loc);
         var file = basename(loc);
         path2 = this.resolve(dir, file);
@@ -20228,7 +20228,7 @@ var require_view = __commonJS({
       debug('render "%s"', this.path);
       this.engine(this.path, options, callback);
     };
-    View.prototype.resolve = function resolve2(dir, file) {
+    View.prototype.resolve = function resolve3(dir, file) {
       var ext = this.ext;
       var path2 = join2(dir, file);
       var stat = tryStat(path2);
@@ -21299,10 +21299,10 @@ var require_send = __commonJS({
     var statuses = require_statuses();
     var Stream = require("stream");
     var util = require("util");
-    var extname = path.extname;
+    var extname2 = path.extname;
     var join2 = path.join;
     var normalize = path.normalize;
-    var resolve = path.resolve;
+    var resolve2 = path.resolve;
     var sep = path.sep;
     var BYTES_RANGE_REGEXP = /^ *bytes=/;
     var MAX_MAXAGE = 60 * 60 * 24 * 365 * 1e3;
@@ -21339,7 +21339,7 @@ var require_send = __commonJS({
       this._maxage = opts.maxAge || opts.maxage;
       this._maxage = typeof this._maxage === "string" ? ms(this._maxage) : Number(this._maxage);
       this._maxage = !isNaN(this._maxage) ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE) : 0;
-      this._root = opts.root ? resolve(opts.root) : null;
+      this._root = opts.root ? resolve2(opts.root) : null;
       if (!this._root && opts.from) {
         this.from(opts.from);
       }
@@ -21363,7 +21363,7 @@ var require_send = __commonJS({
       return this;
     }, "send.index: pass index as option");
     SendStream.prototype.root = function root(path2) {
-      this._root = resolve(String(path2));
+      this._root = resolve2(String(path2));
       debug("root %s", this._root);
       return this;
     };
@@ -21527,7 +21527,7 @@ var require_send = __commonJS({
           return res;
         }
         parts = normalize(path2).split(sep);
-        path2 = resolve(path2);
+        path2 = resolve2(path2);
       }
       if (containsDotFile(parts)) {
         var access = this._dotfiles;
@@ -21624,7 +21624,7 @@ var require_send = __commonJS({
       var self = this;
       debug('stat "%s"', path2);
       fs.stat(path2, function onstat(err, stat) {
-        if (err && err.code === "ENOENT" && !extname(path2) && path2[path2.length - 1] !== sep) {
+        if (err && err.code === "ENOENT" && !extname2(path2) && path2[path2.length - 1] !== sep) {
           return next(err);
         }
         if (err) return self.onStatError(err);
@@ -22807,7 +22807,7 @@ var require_application = __commonJS({
     var deprecate = require_depd()("express");
     var flatten = require_array_flatten();
     var merge = require_utils_merge();
-    var resolve = require("path").resolve;
+    var resolve2 = require("path").resolve;
     var setPrototypeOf = require_setprototypeof();
     var hasOwnProperty = Object.prototype.hasOwnProperty;
     var slice = Array.prototype.slice;
@@ -22846,7 +22846,7 @@ var require_application = __commonJS({
       this.mountpath = "/";
       this.locals.settings = this.settings;
       this.set("view", View);
-      this.set("views", resolve("views"));
+      this.set("views", resolve2("views"));
       this.set("jsonp callback name", "callback");
       if (env === "production") {
         this.enable("view cache");
@@ -24090,9 +24090,9 @@ var require_response = __commonJS({
     var setCharset = require_utils3().setCharset;
     var cookie = require_cookie();
     var send = require_send();
-    var extname = path.extname;
+    var extname2 = path.extname;
     var mime = send.mime;
-    var resolve = path.resolve;
+    var resolve2 = path.resolve;
     var vary = require_vary();
     var res = Object.create(http.ServerResponse.prototype);
     module2.exports = res;
@@ -24351,7 +24351,7 @@ var require_response = __commonJS({
       }
       opts = Object.create(opts);
       opts.headers = headers;
-      var fullPath = !opts.root ? resolve(path2) : path2;
+      var fullPath = !opts.root ? resolve2(path2) : path2;
       return this.sendFile(fullPath, opts, done);
     };
     res.contentType = res.type = function contentType(type) {
@@ -24382,7 +24382,7 @@ var require_response = __commonJS({
     };
     res.attachment = function attachment(filename) {
       if (filename) {
-        this.type(extname(filename));
+        this.type(extname2(filename));
       }
       this.set("Content-Disposition", contentDisposition(filename));
       return this;
@@ -24617,7 +24617,7 @@ var require_serve_static = __commonJS({
     var encodeUrl = require_encodeurl();
     var escapeHtml = require_escape_html();
     var parseUrl = require_parseurl();
-    var resolve = require("path").resolve;
+    var resolve2 = require("path").resolve;
     var send = require_send();
     var url = require("url");
     module2.exports = serveStatic;
@@ -24637,7 +24637,7 @@ var require_serve_static = __commonJS({
         throw new TypeError("option setHeaders must be function");
       }
       opts.maxage = opts.maxage || opts.maxAge || 0;
-      opts.root = resolve(root);
+      opts.root = resolve2(root);
       var onDirectory = redirect ? createRedirectDirectoryListener() : createNotFoundDirectoryListener();
       return function serveStatic2(req, res, next) {
         if (req.method !== "GET" && req.method !== "HEAD") {
@@ -24797,7 +24797,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "iso27001-mcp",
-      version: "0.8.0",
+      version: "0.8.1",
       description: "Stateful ISO 27001:2022 ISMS management for Claude \u2014 gap analysis, risk register, policies, audits, and evidence tracking via the Model Context Protocol",
       license: "MIT",
       repository: {
@@ -24840,7 +24840,6 @@ var require_package = __commonJS({
         postbuild: "rm -rf dist/seed && mkdir -p dist/seed && cp -r src/seed/policy-templates dist/seed/policy-templates && cp -r src/seed/procedure-templates dist/seed/procedure-templates && cp -r src/seed/evidence-templates dist/seed/evidence-templates && cp -r src/seed/partials dist/seed/partials",
         prepack: "npm run build",
         prepublishOnly: "npm run typecheck && npm test && npm run build",
-        postinstall: `node -e "require('better-sqlite3-multiple-ciphers')" 2>/dev/null || echo "\\n\u26A0\uFE0F  iso27001-mcp: Native SQLite module failed to load. You may need build tools installed.\\n   macOS: xcode-select --install\\n   Ubuntu/Debian: sudo apt-get install build-essential python3\\n   Windows: https://visualstudio.microsoft.com/downloads/ \u2192 Build Tools for Visual Studio \u2192 Desktop development with C++\\n   See: https://github.com/Sushegaad/MCP-Server-for-ISO27001#prerequisites\\n"`,
         typecheck: "tsc --noEmit",
         lint: "eslint src --ext .ts",
         test: "vitest run --coverage",
@@ -25063,15 +25062,15 @@ var validations = {
   /**
    * Ensures a single store instance is not used with multiple express-rate-limit instances
    */
-  unsharedStore(store) {
-    if (usedStores.has(store)) {
-      const maybeUniquePrefix = store?.localKeys ? "" : " (with a unique prefix)";
+  unsharedStore(store2) {
+    if (usedStores.has(store2)) {
+      const maybeUniquePrefix = store2?.localKeys ? "" : " (with a unique prefix)";
       throw new ValidationError(
         "ERR_ERL_STORE_REUSE",
-        `A Store instance must not be shared across multiple rate limiters. Create a new instance of ${store.constructor.name}${maybeUniquePrefix} for each limiter instead.`
+        `A Store instance must not be shared across multiple rate limiters. Create a new instance of ${store2.constructor.name}${maybeUniquePrefix} for each limiter instead.`
       );
     }
-    usedStores.add(store);
+    usedStores.add(store2);
   },
   /**
    * Ensures a given key is incremented only once per request.
@@ -25082,19 +25081,19 @@ var validations = {
    *
    * @returns {void}
    */
-  singleCount(request, store, key) {
+  singleCount(request, store2, key) {
     let storeKeys = singleCountKeys.get(request);
     if (!storeKeys) {
       storeKeys = /* @__PURE__ */ new Map();
       singleCountKeys.set(request, storeKeys);
     }
-    const storeKey = store.localKeys ? store : store.constructor.name;
+    const storeKey = store2.localKeys ? store2 : store2.constructor.name;
     let keys = storeKeys.get(storeKey);
     if (!keys) {
       keys = [];
       storeKeys.set(storeKey, keys);
     }
-    const prefixedKey = `${store.prefix ?? ""}${key}`;
+    const prefixedKey = `${store2.prefix ?? ""}${key}`;
     if (keys.includes(prefixedKey)) {
       throw new ValidationError(
         "ERR_ERL_DOUBLE_COUNT",
@@ -25212,12 +25211,12 @@ var validations = {
    * which would prevent it from working correctly, with the default memory
    * store (or any other store with localKeys.)
    */
-  creationStack(store) {
+  creationStack(store2) {
     const { stack } = new Error(
       "express-rate-limit validation check (set options.validate.creationStack=false to disable)"
     );
     if (stack?.includes("Layer.handle [as handle_request]")) {
-      if (!store.localKeys) {
+      if (!store2.localKeys) {
         throw new ValidationError(
           "ERR_ERL_CREATED_IN_REQUEST_HANDLER",
           "express-rate-limit instance should *usually* be created at app initialization, not when responding to a request."
@@ -25403,10 +25402,10 @@ var MemoryStore = class {
     this.current = /* @__PURE__ */ new Map();
   }
 };
-var isLegacyStore = (store) => (
+var isLegacyStore = (store2) => (
   // Check that `incr` exists but `increment` does not - store authors might want
   // to keep both around for backwards compatibility.
-  typeof store.incr === "function" && typeof store.increment !== "function"
+  typeof store2.incr === "function" && typeof store2.increment !== "function"
 );
 var promisifyStore = (passedStore) => {
   if (!isLegacyStore(passedStore)) {
@@ -25415,12 +25414,12 @@ var promisifyStore = (passedStore) => {
   const legacyStore = passedStore;
   class PromisifiedStore {
     async increment(key) {
-      return new Promise((resolve, reject) => {
+      return new Promise((resolve2, reject) => {
         legacyStore.incr(
           key,
           (error, totalHits, resetTime) => {
             if (error) reject(error);
-            resolve({ totalHits, resetTime });
+            resolve2({ totalHits, resetTime });
           }
         );
       });
@@ -26605,6 +26604,25 @@ function parseExpiresFlag(value) {
   );
 }
 
+// src/auth/session-store.ts
+var import_node_crypto5 = require("crypto");
+var SESSION_TOKEN_PREFIX = "iso27001_sess_";
+var store = /* @__PURE__ */ new Map();
+function createSessionToken(keyHash, role) {
+  const token = `${SESSION_TOKEN_PREFIX}${(0, import_node_crypto5.randomUUID)()}`;
+  store.set(token, { keyHash, role });
+  return token;
+}
+function lookupSessionToken(token) {
+  return store.get(token);
+}
+function removeSessionToken(token) {
+  store.delete(token);
+}
+function isSessionToken(value) {
+  return value.startsWith(SESSION_TOKEN_PREFIX);
+}
+
 // src/transport/sse.ts
 var sessions = /* @__PURE__ */ new Map();
 var ttlMs = parseInt(process.env["SESSION_TTL_HOURS"] ?? "4") * 60 * 60 * 1e3;
@@ -26616,6 +26634,7 @@ setInterval(() => {
         entry.transport.res?.end();
       } catch {
       }
+      removeSessionToken(entry.sessionToken);
       sessions.delete(sessionId);
       console.error(`[iso27001-mcp] Session ${sessionId} expired and removed.`);
     }
@@ -26658,9 +26677,10 @@ function startSseServer(server) {
     const authHeader = req.headers["authorization"];
     const rawKey = (authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null) ?? process.env["MCP_API_KEY"] ?? "";
     let keyHash;
+    let role;
     try {
       keyHash = validateKey(rawKey);
-      loadRole(keyHash);
+      role = loadRole(keyHash);
     } catch (err) {
       const msg = err instanceof McpError ? err.message : "Invalid or missing API key";
       res.status(401).json({
@@ -26670,18 +26690,19 @@ function startSseServer(server) {
       });
       return;
     }
+    const sessionToken = createSessionToken(keyHash, role);
     const sessionId = (0, import_crypto.randomUUID)();
     const transport = new import_sse.SSEServerTransport("/messages", res);
     sessions.set(sessionId, {
       transport,
       createdAt: Date.now(),
       lastActivity: Date.now(),
-      keyHash,
-      rawKey
+      sessionToken
     });
     res.on("close", () => {
+      removeSessionToken(sessionToken);
       sessions.delete(sessionId);
-      console.error(`[iso27001-mcp] SSE connection closed for session ${sessionId}.`);
+      console.error(`[iso27001-mcp] SSE session ${sessionId} closed.`);
     });
     await server.connect(transport);
     res.write("data: " + JSON.stringify({ type: "session", sessionId }) + "\n\n");
@@ -26698,11 +26719,11 @@ function startSseServer(server) {
       return;
     }
     entry.lastActivity = Date.now();
-    if (entry.rawKey && req.body && typeof req.body === "object") {
+    if (req.body && typeof req.body === "object") {
       const body = req.body;
       if (body.params && typeof body.params === "object") {
         const meta = body.params["_meta"] ?? {};
-        meta["apiKey"] = entry.rawKey;
+        meta["apiKey"] = entry.sessionToken;
         body.params["_meta"] = meta;
       }
     }
@@ -26714,7 +26735,7 @@ function startSseServer(server) {
 }
 
 // src/seed/seeder.ts
-var import_node_crypto5 = require("crypto");
+var import_node_crypto6 = require("crypto");
 
 // src/seed/controls-2022.json
 var controls_2022_default = [
@@ -33154,7 +33175,7 @@ var checksums_default = {
 
 // src/seed/seeder.ts
 function sha256(data) {
-  return (0, import_node_crypto5.createHash)("sha256").update(JSON.stringify(data, null, 2)).digest("hex");
+  return (0, import_node_crypto6.createHash)("sha256").update(JSON.stringify(data, null, 2)).digest("hex");
 }
 function verifyChecksums() {
   const checks = [
@@ -33183,7 +33204,7 @@ Seed data may have been modified. Run "npm run generate-checksums" to update che
   console.error("[seeder] Checksum verification passed.");
 }
 function stableId(key) {
-  const h = (0, import_node_crypto5.createHash)("sha256").update(key).digest("hex");
+  const h = (0, import_node_crypto6.createHash)("sha256").update(key).digest("hex");
   return `${h.slice(0, 8)}-${h.slice(8, 12)}-4${h.slice(13, 16)}-${h.slice(16, 20)}-${h.slice(20, 32)}`;
 }
 function seedAll(db) {
@@ -33542,11 +33563,30 @@ function sanitiseParams(params) {
 }
 
 // src/audit/logger.ts
-var import_node_crypto6 = require("crypto");
+var import_node_crypto7 = require("crypto");
 var import_node_fs = require("fs");
+var import_node_path = require("path");
+function resolveAuditLogPath(raw) {
+  const abs = (0, import_node_path.resolve)(raw);
+  const FORBIDDEN_PREFIXES = ["/etc/", "/proc/", "/sys/", "/dev/"];
+  for (const prefix of FORBIDDEN_PREFIXES) {
+    if (abs.startsWith(prefix)) {
+      throw new Error(
+        `[audit] AUDIT_LOG_PATH "${abs}" points to a system directory. Use a writable application directory instead.`
+      );
+    }
+  }
+  const ext = (0, import_node_path.extname)(abs).toLowerCase();
+  if (ext !== "" && ext !== ".jsonl" && ext !== ".log") {
+    throw new Error(
+      `[audit] AUDIT_LOG_PATH "${abs}" has an unexpected extension "${ext}". Only .jsonl or .log files are permitted.`
+    );
+  }
+  return abs;
+}
 function writeAuditEvent(event) {
   const db = getDb();
-  const id = (0, import_node_crypto6.randomUUID)();
+  const id = (0, import_node_crypto7.randomUUID)();
   const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace("T", " ").split(".")[0] + "Z";
   const prevRow = db.prepare(
     "SELECT row_hash FROM audit_log ORDER BY rowid DESC LIMIT 1"
@@ -33565,7 +33605,7 @@ function writeAuditEvent(event) {
     String(event.duration_ms),
     prev_hash ?? "GENESIS"
   ].join("|");
-  const row_hash = (0, import_node_crypto6.createHmac)("sha256", hmacSecret).update(hashInput).digest("hex");
+  const row_hash = (0, import_node_crypto7.createHmac)("sha256", hmacSecret).update(hashInput).digest("hex");
   db.prepare(`
     INSERT INTO audit_log
       (id, timestamp, tool, key_hash, role, params_json,
@@ -33586,7 +33626,7 @@ function writeAuditEvent(event) {
   );
   const full = { id, timestamp, prev_hash, row_hash, ...event };
   try {
-    const logPath = getEnv("AUDIT_LOG_PATH", "./audit.jsonl");
+    const logPath = resolveAuditLogPath(getEnv("AUDIT_LOG_PATH", "./audit.jsonl"));
     (0, import_node_fs.appendFileSync)(logPath, JSON.stringify(full) + "\n", "utf8");
   } catch (err) {
     console.error("[audit] Warning: failed to write to AUDIT_LOG_PATH:", err);
@@ -34310,9 +34350,9 @@ function handleGetServerInfo() {
 }
 
 // src/db/dal.ts
-var import_node_crypto7 = require("crypto");
+var import_node_crypto8 = require("crypto");
 function newId() {
-  return (0, import_node_crypto7.randomUUID)();
+  return (0, import_node_crypto8.randomUUID)();
 }
 function toJson(value) {
   if (value === void 0 || value === null) return null;
@@ -35303,15 +35343,15 @@ var import_mustache = __toESM(require("mustache"));
 
 // src/tools/template-utils.ts
 var import_node_fs2 = require("fs");
-var import_node_path = require("path");
+var import_node_path2 = require("path");
 function loadTemplate(type, dir) {
   const candidates = [
     // dist/tools → dist/seed/<dir>  (compiled CJS bundle)
-    (0, import_node_path.join)(__dirname, `../seed/${dir}`, `${type}.md`),
+    (0, import_node_path2.join)(__dirname, `../seed/${dir}`, `${type}.md`),
     // Running tests directly from source
-    (0, import_node_path.join)(process.cwd(), `src/seed/${dir}`, `${type}.md`),
+    (0, import_node_path2.join)(process.cwd(), `src/seed/${dir}`, `${type}.md`),
     // Running after npm run build
-    (0, import_node_path.join)(process.cwd(), `dist/seed/${dir}`, `${type}.md`)
+    (0, import_node_path2.join)(process.cwd(), `dist/seed/${dir}`, `${type}.md`)
   ];
   for (const candidate of candidates) {
     try {
@@ -35329,9 +35369,9 @@ function loadPartials() {
   const partials = {};
   for (const name of PARTIAL_NAMES) {
     const candidates = [
-      (0, import_node_path.join)(__dirname, `../seed/partials`, `${name}.md`),
-      (0, import_node_path.join)(process.cwd(), `src/seed/partials`, `${name}.md`),
-      (0, import_node_path.join)(process.cwd(), `dist/seed/partials`, `${name}.md`)
+      (0, import_node_path2.join)(__dirname, `../seed/partials`, `${name}.md`),
+      (0, import_node_path2.join)(process.cwd(), `src/seed/partials`, `${name}.md`),
+      (0, import_node_path2.join)(process.cwd(), `dist/seed/partials`, `${name}.md`)
     ];
     for (const candidate of candidates) {
       try {
@@ -37415,16 +37455,25 @@ function registerAllTools(server) {
     const shape = extractShape(schema);
     server.tool(toolName, description, shape, async (args2, extra) => {
       const startMs = Date.now();
-      const rawKey = extra._meta?.apiKey ?? process.env["MCP_API_KEY"] ?? "";
+      const credential = extra._meta?.apiKey ?? process.env["MCP_API_KEY"] ?? "";
       let keyHash = "";
       let role = "unknown";
       let outcome = "error";
       let errorMessage = null;
       let result;
       try {
-        keyHash = validateKey(rawKey);
+        if (isSessionToken(credential)) {
+          const session = lookupSessionToken(credential);
+          if (!session) {
+            throw new McpError({ error_code: "AUTH_INVALID", message: "Session token is invalid or expired" });
+          }
+          keyHash = session.keyHash;
+          role = session.role;
+        } else {
+          keyHash = validateKey(credential);
+          role = loadRole(keyHash);
+        }
         checkRateLimit(keyHash);
-        role = loadRole(keyHash);
         assertPermission(role, toolName);
         const { sanitisedFields } = sanitiseParams(args2);
         result = await handler(args2);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "iso27001-mcp",
-  "version": "0.8.0",
+  "version": "0.8.1",
   "description": "Stateful ISO 27001:2022 ISMS management for Claude — gap analysis, risk register, policies, audits, and evidence tracking via the Model Context Protocol",
   "license": "MIT",
   "repository": {
@@ -43,7 +43,6 @@
     "postbuild": "rm -rf dist/seed && mkdir -p dist/seed && cp -r src/seed/policy-templates dist/seed/policy-templates && cp -r src/seed/procedure-templates dist/seed/procedure-templates && cp -r src/seed/evidence-templates dist/seed/evidence-templates && cp -r src/seed/partials dist/seed/partials",
     "prepack": "npm run build",
     "prepublishOnly": "npm run typecheck && npm test && npm run build",
-    "postinstall": "node -e \"require('better-sqlite3-multiple-ciphers')\" 2>/dev/null || echo \"\\n⚠️  iso27001-mcp: Native SQLite module failed to load. You may need build tools installed.\\n   macOS: xcode-select --install\\n   Ubuntu/Debian: sudo apt-get install build-essential python3\\n   Windows: https://visualstudio.microsoft.com/downloads/ → Build Tools for Visual Studio → Desktop development with C++\\n   See: https://github.com/Sushegaad/MCP-Server-for-ISO27001#prerequisites\\n\"",
     "typecheck": "tsc --noEmit",
     "lint": "eslint src --ext .ts",
     "test": "vitest run --coverage",