npm - mcp-image - Versions diffs - 0.1.0 → 0.2.0 - Mend

mcp-image 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/dist/infrastructure/security/SecurityIncidentManager.js ADDED Viewed

@@ -0,0 +1,260 @@
+"use strict";
+/**
+ * Security Incident Manager
+ * Detects, tracks, and reports security anomalies in prompt orchestration
+ * Provides automatic pattern detection and incident management
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityIncidentManager = void 0;
+/**
+ * SecurityIncidentManager provides comprehensive security monitoring
+ * for the prompt orchestration system
+ */
+class SecurityIncidentManager {
+    constructor() {
+        this.sensitiveDataPatterns = [];
+        this.errorPatternTracker = new Map();
+        this.recentIncidents = [];
+        this.currentLogLevel = 'info';
+        this.maxIncidentHistory = 100;
+        this.initializeSensitiveDataPatterns();
+    }
+    /**
+     * Initialize patterns for detecting sensitive data
+     * Used for data protection in logging and incident reporting
+     */
+    initializeSensitiveDataPatterns() {
+        this.sensitiveDataPatterns = [
+            /(?:api[_-]?key|apikey)\s*[:\=]\s*[\'""]?[a-zA-Z0-9\-_]{10,}[\'""]?/gi,
+            /(?:password|pwd|passwd)\s*[:\=]\s*[\'""]?[^\s\'"]{8,}[\'""]?/gi,
+            /(?:token|auth[_-]?token)\s*[:\=]\s*[\'""]?[a-zA-Z0-9\-_\.]{20,}[\'""]?/gi,
+            /(?:secret|client[_-]?secret)\s*[:\=]\s*[\'""]?[a-zA-Z0-9\-_]{16,}[\'""]?/gi,
+            /sk-(?:proj-)?[a-zA-Z0-9\-_]{10,}/gi, // OpenAI-style API keys (broader pattern)
+            /ghp_[a-zA-Z0-9]{36}/gi, // GitHub personal access tokens
+        ];
+    }
+    /**
+     * Detect anomalies in prompt processing context
+     * Analyzes prompts and context for suspicious patterns
+     */
+    detectAnomalies(context) {
+        let anomalyCount = 0;
+        let riskLevel = 'low';
+        const detectedAnomalies = [];
+        // Check for injection patterns
+        const injectionPatterns = [
+            /(?:script|javascript|eval|exec|system|cmd)/gi,
+            /(?:union|select|drop|delete|insert|update|alter)\s+/gi,
+            /(?:<script|<iframe|<object|<embed)/gi,
+            /(?:\.\.\/|\.\.\\|\/etc\/|c:\\)/gi,
+        ];
+        for (const pattern of injectionPatterns) {
+            if (pattern.test(context.prompt)) {
+                anomalyCount++;
+                detectedAnomalies.push('potential_injection');
+                riskLevel = 'high';
+            }
+        }
+        // Check for sensitive data exposure
+        for (const pattern of this.sensitiveDataPatterns) {
+            if (pattern.test(context.prompt)) {
+                anomalyCount++;
+                detectedAnomalies.push('sensitive_data_exposure');
+                riskLevel = riskLevel === 'low' ? 'medium' : 'critical';
+            }
+        }
+        // Check for unusually long prompts (potential DoS)
+        if (context.prompt.length > 10000) {
+            anomalyCount++;
+            detectedAnomalies.push('excessive_prompt_length');
+            riskLevel = riskLevel === 'low' ? 'medium' : riskLevel;
+        }
+        // Check for rapid repeated processing (potential abuse)
+        const recentSimilarIncidents = this.recentIncidents.filter((incident) => incident.timestamp > new Date(Date.now() - 60000).toISOString() && // Last minute
+            incident.details['promptHash'] === this.hashPrompt(context.prompt));
+        if (recentSimilarIncidents.length > 10) {
+            anomalyCount++;
+            detectedAnomalies.push('rapid_repeated_processing');
+            riskLevel = 'high';
+        }
+        return {
+            hasAnomalies: anomalyCount > 0,
+            anomalyCount,
+            riskLevel,
+            description: detectedAnomalies.length > 0
+                ? `Detected anomalies: ${detectedAnomalies.join(', ')}`
+                : 'No anomalies detected',
+        };
+    }
+    /**
+     * Track error patterns and detect consecutive failures
+     * Helps identify systematic issues or potential attacks
+     */
+    trackErrorPattern(errorType) {
+        const currentCount = this.errorPatternTracker.get(errorType) || 0;
+        const newCount = currentCount + 1;
+        this.errorPatternTracker.set(errorType, newCount);
+        // Clear other error patterns if this one is successful
+        if (errorType === 'success') {
+            this.errorPatternTracker.clear();
+            return {
+                consecutiveErrors: 0,
+                errorPattern: 'none',
+                requiresIncident: false,
+            };
+        }
+        const requiresIncident = newCount >= 5; // 5+ consecutive errors trigger incident
+        return {
+            consecutiveErrors: newCount,
+            errorPattern: errorType,
+            requiresIncident,
+        };
+    }
+    /**
+     * Report a security incident
+     * Creates incident record and triggers appropriate responses
+     */
+    reportIncident(incident) {
+        const fullIncident = {
+            id: this.generateIncidentId(),
+            timestamp: new Date().toISOString(),
+            ...incident,
+        };
+        // Add to incident history
+        this.recentIncidents.push(fullIncident);
+        // Maintain incident history limit
+        if (this.recentIncidents.length > this.maxIncidentHistory) {
+            this.recentIncidents.shift();
+        }
+        // Auto-adjust logging based on incident severity
+        this.adjustLogLevel(incident.riskLevel);
+        // Log incident with appropriate level
+        this.logIncident(fullIncident);
+        return fullIncident;
+    }
+    /**
+     * Automatically adjust log level based on incident severity
+     * Higher severity incidents increase logging verbosity
+     */
+    adjustLogLevel(riskLevel) {
+        const levelMap = {
+            low: 'info',
+            medium: 'warn',
+            high: 'error',
+            critical: 'critical',
+        };
+        const newLevel = levelMap[riskLevel];
+        if (this.shouldUpgradeLogLevel(this.currentLogLevel, newLevel)) {
+            this.currentLogLevel = newLevel;
+            console.log(`Security log level adjusted to: ${newLevel} due to ${riskLevel} risk incident`);
+        }
+    }
+    /**
+     * Determine if log level should be upgraded
+     */
+    shouldUpgradeLogLevel(current, proposed) {
+        const levelPriority = {
+            debug: 0,
+            info: 1,
+            warn: 2,
+            error: 3,
+            critical: 4,
+        };
+        return levelPriority[proposed] > levelPriority[current];
+    }
+    /**
+     * Log incident with structured format and data protection
+     */
+    logIncident(incident) {
+        const sanitizedIncident = this.sanitizeIncidentData(incident);
+        switch (incident.riskLevel) {
+            case 'critical':
+                console.error('SECURITY CRITICAL:', sanitizedIncident);
+                break;
+            case 'high':
+                console.error('SECURITY HIGH:', sanitizedIncident);
+                break;
+            case 'medium':
+                console.warn('SECURITY MEDIUM:', sanitizedIncident);
+                break;
+            case 'low':
+                console.info('SECURITY LOW:', sanitizedIncident);
+                break;
+        }
+    }
+    /**
+     * Sanitize incident data to remove sensitive information
+     */
+    sanitizeIncidentData(incident) {
+        const sanitized = JSON.parse(JSON.stringify(incident)); // Deep clone
+        // Sanitize details recursively
+        if (sanitized.details) {
+            this.sanitizeObjectRecursively(sanitized.details);
+        }
+        return sanitized;
+    }
+    /**
+     * Recursively sanitize an object to remove sensitive data
+     */
+    sanitizeObjectRecursively(obj) {
+        for (const [key, value] of Object.entries(obj)) {
+            if (typeof value === 'string') {
+                obj[key] = this.redactSensitiveData(value);
+            }
+            else if (typeof value === 'object' && value !== null && !Array.isArray(value)) {
+                this.sanitizeObjectRecursively(value);
+            }
+        }
+    }
+    /**
+     * Redact sensitive data from text using pattern matching
+     */
+    redactSensitiveData(text) {
+        let sanitized = text;
+        for (const pattern of this.sensitiveDataPatterns) {
+            sanitized = sanitized.replace(pattern, '[REDACTED]');
+        }
+        return sanitized;
+    }
+    /**
+     * Generate unique incident ID
+     */
+    generateIncidentId() {
+        return `inc_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+    }
+    /**
+     * Generate hash for prompt comparison
+     */
+    hashPrompt(prompt) {
+        // Simple hash for prompt comparison (not cryptographic)
+        let hash = 0;
+        for (let i = 0; i < prompt.length; i++) {
+            const char = prompt.charCodeAt(i);
+            hash = (hash << 5) - hash + char;
+            hash = hash & hash; // Convert to 32-bit integer
+        }
+        return hash.toString(36);
+    }
+    /**
+     * Get current security status
+     */
+    getSecurityStatus() {
+        return {
+            currentLogLevel: this.currentLogLevel,
+            recentIncidentCount: this.recentIncidents.filter((incident) => incident.timestamp > new Date(Date.now() - 3600000).toISOString() // Last hour
+            ).length,
+            activeErrorPatterns: Object.fromEntries(this.errorPatternTracker),
+        };
+    }
+    /**
+     * Reset security tracking state
+     * Useful for testing or system reset scenarios
+     */
+    reset() {
+        this.errorPatternTracker.clear();
+        this.recentIncidents.length = 0;
+        this.currentLogLevel = 'info';
+    }
+}
+exports.SecurityIncidentManager = SecurityIncidentManager;
+//# sourceMappingURL=SecurityIncidentManager.js.map

package/dist/infrastructure/security/SecurityIncidentManager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SecurityIncidentManager.js","sourceRoot":"","sources":["../../../src/infrastructure/security/SecurityIncidentManager.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAiEH;;;GAGG;AACH,MAAa,uBAAuB;IAOlC;QAFQ,0BAAqB,GAAa,EAAE,CAAA;QAG1C,IAAI,CAAC,mBAAmB,GAAG,IAAI,GAAG,EAAE,CAAA;QACpC,IAAI,CAAC,eAAe,GAAG,EAAE,CAAA;QACzB,IAAI,CAAC,eAAe,GAAG,MAAM,CAAA;QAC7B,IAAI,CAAC,kBAAkB,GAAG,GAAG,CAAA;QAC7B,IAAI,CAAC,+BAA+B,EAAE,CAAA;IACxC,CAAC;IAED;;;OAGG;IACK,+BAA+B;QACrC,IAAI,CAAC,qBAAqB,GAAG;YAC3B,sEAAsE;YACtE,gEAAgE;YAChE,0EAA0E;YAC1E,4EAA4E;YAC5E,oCAAoC,EAAE,0CAA0C;YAChF,uBAAuB,EAAE,gCAAgC;SAC1D,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,OAA0B;QACxC,IAAI,YAAY,GAAG,CAAC,CAAA;QACpB,IAAI,SAAS,GAAwC,KAAK,CAAA;QAC1D,MAAM,iBAAiB,GAAa,EAAE,CAAA;QAEtC,+BAA+B;QAC/B,MAAM,iBAAiB,GAAG;YACxB,8CAA8C;YAC9C,uDAAuD;YACvD,sCAAsC;YACtC,kCAAkC;SACnC,CAAA;QAED,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,YAAY,EAAE,CAAA;gBACd,iBAAiB,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAA;gBAC7C,SAAS,GAAG,MAAM,CAAA;YACpB,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YACjD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,YAAY,EAAE,CAAA;gBACd,iBAAiB,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;gBACjD,SAAS,GAAG,SAAS,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAA;YACzD,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;YAClC,YAAY,EAAE,CAAA;YACd,iBAAiB,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;YACjD,SAAS,GAAG,SAAS,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;QACxD,CAAC;QAED,wDAAwD;QACxD,MAAM,sBAAsB,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CACxD,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,WAAW,EAAE,IAAI,cAAc;YACjF,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CACrE,CAAA;QAED,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACvC,YAAY,EAAE,CAAA;YACd,iBAAiB,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAA;YACnD,SAAS,GAAG,MAAM,CAAA;QACpB,CAAC;QAED,OAAO;YACL,YAAY,EAAE,YAAY,GAAG,CAAC;YAC9B,YAAY;YACZ,SAAS;YACT,WAAW,EACT,iBAAiB,CAAC,MAAM,GAAG,CAAC;gBAC1B,CAAC,CAAC,uBAAuB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACvD,CAAC,CAAC,uBAAuB;SAC9B,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,iBAAiB,CAAC,SAAiB;QACjC,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QACjE,MAAM,QAAQ,GAAG,YAAY,GAAG,CAAC,CAAA;QACjC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;QAEjD,uDAAuD;QACvD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAA;YAChC,OAAO;gBACL,iBAAiB,EAAE,CAAC;gBACpB,YAAY,EAAE,MAAM;gBACpB,gBAAgB,EAAE,KAAK;aACxB,CAAA;QACH,CAAC;QAED,MAAM,gBAAgB,GAAG,QAAQ,IAAI,CAAC,CAAA,CAAC,yCAAyC;QAEhF,OAAO;YACL,iBAAiB,EAAE,QAAQ;YAC3B,YAAY,EAAE,SAAS;YACvB,gBAAgB;SACjB,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,QAAoD;QACjE,MAAM,YAAY,GAAqB;YACrC,EAAE,EAAE,IAAI,CAAC,kBAAkB,EAAE;YAC7B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,GAAG,QAAQ;SACZ,CAAA;QAED,0BAA0B;QAC1B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAEvC,kCAAkC;QAClC,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC1D,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAA;QAC9B,CAAC;QAED,iDAAiD;QACjD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;QAEvC,sCAAsC;QACtC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAA;QAE9B,OAAO,YAAY,CAAA;IACrB,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,SAAwC;QACrD,MAAM,QAAQ,GAAoD;YAChE,GAAG,EAAE,MAAM;YACX,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,UAAU;SACrB,CAAA;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAA;QAEpC,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC/D,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAA;YAC/B,OAAO,CAAC,GAAG,CAAC,mCAAmC,QAAQ,WAAW,SAAS,gBAAgB,CAAC,CAAA;QAC9F,CAAC;IACH,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,OAAiB,EAAE,QAAkB;QACjE,MAAM,aAAa,GAA6B;YAC9C,KAAK,EAAE,CAAC;YACR,IAAI,EAAE,CAAC;YACP,IAAI,EAAE,CAAC;YACP,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE,CAAC;SACZ,CAAA;QAED,OAAO,aAAa,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;IACzD,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,QAA0B;QAC5C,MAAM,iBAAiB,GAAG,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;QAE7D,QAAQ,QAAQ,CAAC,SAAS,EAAE,CAAC;YAC3B,KAAK,UAAU;gBACb,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,iBAAiB,CAAC,CAAA;gBACtD,MAAK;YACP,KAAK,MAAM;gBACT,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,CAAA;gBAClD,MAAK;YACP,KAAK,QAAQ;gBACX,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,CAAA;gBACnD,MAAK;YACP,KAAK,KAAK;gBACR,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAA;gBAChD,MAAK;QACT,CAAC;IACH,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,QAA0B;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAA,CAAC,aAAa;QAEpE,+BAA+B;QAC/B,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;YACtB,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;QACnD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,GAA4B;QAC5D,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAA;YAC5C,CAAC;iBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChF,IAAI,CAAC,yBAAyB,CAAC,KAAgC,CAAC,CAAA;YAClE,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,IAAY;QACtC,IAAI,SAAS,GAAG,IAAI,CAAA;QAEpB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YACjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;QACtD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAED;;OAEG;IACK,kBAAkB;QACxB,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAA;IACvE,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,MAAc;QAC/B,wDAAwD;QACxD,IAAI,IAAI,GAAG,CAAC,CAAA;QACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;YACjC,IAAI,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAAA;YAChC,IAAI,GAAG,IAAI,GAAG,IAAI,CAAA,CAAC,4BAA4B;QACjD,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAC1B,CAAC;IAED;;OAEG;IACH,iBAAiB;QAKf,OAAO;YACL,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,mBAAmB,EAAE,IAAI,CAAC,eAAe,CAAC,MAAM,CAC9C,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,YAAY;aAC7F,CAAC,MAAM;YACR,mBAAmB,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC;SAClE,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAA;QAChC,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAA;QAC/B,IAAI,CAAC,eAAe,GAAG,MAAM,CAAA;IAC/B,CAAC;CACF;AAvSD,0DAuSC"}

package/dist/infrastructure/security/apiKeyManager.d.ts ADDED Viewed

@@ -0,0 +1,297 @@
+/**
+ * API Key Manager - Secure API key management with rotation and access control
+ * Provides separation, protection, and automated management of API keys
+ * Addresses SECURITY1 test case requirements
+ */
+/**
+ * Secure API key with metadata
+ */
+export interface SecureAPIKey {
+    key: string;
+    expiresAt: number;
+    permissions: string[];
+    usageTracking: UsageTracker;
+    keyId: string;
+}
+/**
+ * API key access logger for security auditing
+ */
+export interface APIKeyAccessLogger {
+    logKeyAccess(access: KeyAccessLog): Promise<void>;
+    getAccessHistory(keyId: string, timeRange: TimeRange): Promise<KeyAccessLog[]>;
+    detectSuspiciousActivity(keyId: string): Promise<SuspiciousActivityAlert[]>;
+}
+/**
+ * Key access log entry
+ */
+export interface KeyAccessLog {
+    service: string;
+    operation: string;
+    timestamp: number;
+    keyId: string;
+    sessionId?: string;
+    userId?: string;
+    clientId?: string;
+    success: boolean;
+    ipAddress?: string;
+    userAgent?: string;
+}
+/**
+ * Time range for queries
+ */
+export interface TimeRange {
+    start: number;
+    end: number;
+}
+/**
+ * Suspicious activity alert
+ */
+export interface SuspiciousActivityAlert {
+    alertId: string;
+    keyId: string;
+    alertType: SuspiciousActivityType;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    description: string;
+    timestamp: number;
+    evidence: Record<string, unknown>;
+    recommendedAction: string;
+}
+/**
+ * Types of suspicious activity
+ */
+export declare enum SuspiciousActivityType {
+    UNUSUAL_ACCESS_PATTERN = "unusual_access_pattern",
+    EXCESSIVE_USAGE = "excessive_usage",
+    UNAUTHORIZED_LOCATION = "unauthorized_location",
+    INVALID_PERMISSIONS = "invalid_permissions",
+    RAPID_SUCCESSION_REQUESTS = "rapid_succession_requests"
+}
+/**
+ * Usage tracker for API key monitoring
+ */
+export interface UsageTracker {
+    trackUsage(operation: string, metadata?: Record<string, unknown>): void;
+    getUsageStats(timeRange: TimeRange): UsageStats;
+    resetStats(): void;
+    isRateLimited(): boolean;
+}
+/**
+ * Usage statistics
+ */
+export interface UsageStats {
+    totalRequests: number;
+    successfulRequests: number;
+    failedRequests: number;
+    averageResponseTime: number;
+    rateLimitHits: number;
+    costEstimate: number;
+}
+/**
+ * Secure key vault for encrypted key storage
+ */
+export interface SecureKeyVault {
+    /**
+     * Store encrypted API key
+     */
+    storeKey(service: string, key: string, permissions: string[], expiresAt: number): Promise<string>;
+    /**
+     * Retrieve decrypted API key information
+     */
+    retrieveKey(service: string): Promise<StoredKeyInfo>;
+    /**
+     * Update existing key with new value
+     */
+    updateKey(service: string, newKey: string, permissions: string[], expiresAt: number): Promise<void>;
+    /**
+     * Remove key from vault
+     */
+    removeKey(service: string): Promise<void>;
+    /**
+     * List all services with stored keys
+     */
+    listServices(): Promise<string[]>;
+    /**
+     * Check if key exists for service
+     */
+    hasKey(service: string): Promise<boolean>;
+    /**
+     * Backup vault contents
+     */
+    createBackup(): Promise<VaultBackup>;
+    /**
+     * Restore vault from backup
+     */
+    restoreFromBackup(backup: VaultBackup): Promise<void>;
+}
+/**
+ * Stored key information
+ */
+export interface StoredKeyInfo {
+    keyId: string;
+    key: string;
+    permissions: string[];
+    createdAt: number;
+    expiresAt: number;
+    lastUsed?: number;
+    usageCount: number;
+}
+/**
+ * Vault backup structure
+ */
+export interface VaultBackup {
+    backupId: string;
+    timestamp: number;
+    encryptedData: string;
+    checksum: string;
+    metadata: Record<string, unknown>;
+}
+/**
+ * Key rotation scheduler
+ */
+export interface KeyRotationScheduler {
+    /**
+     * Schedule automatic key rotation
+     */
+    scheduleRotation(service: string, intervalMs: number): Promise<void>;
+    /**
+     * Cancel scheduled rotation
+     */
+    cancelRotation(service: string): Promise<void>;
+    /**
+     * Get rotation schedule for service
+     */
+    getRotationSchedule(service: string): Promise<RotationSchedule | null>;
+    /**
+     * Manually trigger rotation
+     */
+    triggerRotation(service: string): Promise<KeyRotationResult>;
+    /**
+     * Get all scheduled rotations
+     */
+    getAllSchedules(): Promise<RotationSchedule[]>;
+}
+/**
+ * Rotation schedule configuration
+ */
+export interface RotationSchedule {
+    services: string[];
+    intervalMs: number;
+    nextRotationAt: number;
+    maxRetries: number;
+    notificationEnabled: boolean;
+}
+/**
+ * Key rotation result
+ */
+export interface KeyRotationResult {
+    rotations: ServiceRotationResult[];
+    overallSuccess: boolean;
+    timestamp: number;
+    errors?: string[];
+}
+/**
+ * Individual service rotation result
+ */
+export interface ServiceRotationResult {
+    service: string;
+    success: boolean;
+    newKeyId?: string;
+    rotationTimestamp?: number;
+    error?: string;
+    fallbackPeriodMs?: number;
+}
+/**
+ * Key authorization validation
+ */
+export interface KeyAuthorization {
+    allowed: boolean;
+    reason?: string;
+    permissions: string[];
+    restrictions: AuthorizationRestriction[];
+}
+/**
+ * Authorization restrictions
+ */
+export interface AuthorizationRestriction {
+    type: RestrictionType;
+    value: unknown;
+    description: string;
+}
+/**
+ * Types of authorization restrictions
+ */
+export declare enum RestrictionType {
+    TIME_BASED = "time_based",
+    IP_BASED = "ip_based",
+    RATE_LIMIT = "rate_limit",
+    OPERATION_BASED = "operation_based",
+    USER_BASED = "user_based"
+}
+/**
+ * Unauthorized API access error
+ */
+export declare class UnauthorizedAPIAccessError extends Error {
+    constructor(reason: string);
+}
+/**
+ * API Key Manager implementation
+ */
+export declare class APIKeyManager {
+    private keyVault;
+    private rotationScheduler;
+    private accessLogger;
+    constructor(keyVault: SecureKeyVault, rotationScheduler: KeyRotationScheduler, accessLogger: APIKeyAccessLogger);
+    /**
+     * Get secure API key with authorization validation
+     */
+    getAPIKey(service: string, operation: string, sessionId?: string): Promise<SecureAPIKey>;
+    /**
+     * Rotate API keys according to schedule
+     */
+    rotateAPIKeys(schedule: RotationSchedule): Promise<KeyRotationResult>;
+    /**
+     * Validate key authorization for operation
+     */
+    private validateKeyAuthorization;
+    /**
+     * Generate new key for service
+     */
+    private generateNewKey;
+    /**
+     * Initiate gradual rotation with fallback period
+     */
+    private initiateGradualRotation;
+    /**
+     * Create usage tracker for key
+     */
+    private createUsageTracker;
+    /**
+     * Generate secure random key
+     */
+    private generateSecureKey;
+    /**
+     * Generate unique key identifier
+     */
+    private generateKeyId;
+    /**
+     * Get key rotation status
+     */
+    getRotationStatus(service: string): Promise<{
+        scheduled: boolean;
+        nextRotation?: number;
+        lastRotation?: number;
+    }>;
+    /**
+     * Security audit of key usage
+     */
+    auditKeyUsage(service: string, timeRange: TimeRange): Promise<{
+        totalAccess: number;
+        suspiciousActivity: SuspiciousActivityAlert[];
+        accessHistory: KeyAccessLog[];
+    }>;
+    /**
+     * Emergency key revocation
+     */
+    emergencyRevocation(service: string, reason: string): Promise<void>;
+}
+//# sourceMappingURL=apiKeyManager.d.ts.map

package/dist/infrastructure/security/apiKeyManager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"apiKeyManager.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/apiKeyManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,aAAa,EAAE,YAAY,CAAA;IAC3B,KAAK,EAAE,MAAM,CAAA;CACd;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjD,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAAA;IAC9E,wBAAwB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,EAAE,CAAC,CAAA;CAC5E;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,sBAAsB,CAAA;IACjC,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAA;IAChD,WAAW,EAAE,MAAM,CAAA;IACnB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACjC,iBAAiB,EAAE,MAAM,CAAA;CAC1B;AAED;;GAEG;AACH,oBAAY,sBAAsB;IAChC,sBAAsB,2BAA2B;IACjD,eAAe,oBAAoB;IACnC,qBAAqB,0BAA0B;IAC/C,mBAAmB,wBAAwB;IAC3C,yBAAyB,8BAA8B;CACxD;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAA;IACvE,aAAa,CAAC,SAAS,EAAE,SAAS,GAAG,UAAU,CAAA;IAC/C,UAAU,IAAI,IAAI,CAAA;IAClB,aAAa,IAAI,OAAO,CAAA;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,aAAa,EAAE,MAAM,CAAA;IACrB,kBAAkB,EAAE,MAAM,CAAA;IAC1B,cAAc,EAAE,MAAM,CAAA;IACtB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,aAAa,EAAE,MAAM,CAAA;IACrB,YAAY,EAAE,MAAM,CAAA;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAEjG;;OAEG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAA;IAEpD;;OAEG;IACH,SAAS,CACP,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EAAE,EACrB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC,CAAA;IAEhB;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEzC;;OAEG;IACH,YAAY,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;IAEjC;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAEzC;;OAEG;IACH,YAAY,IAAI,OAAO,CAAC,WAAW,CAAC,CAAA;IAEpC;;OAEG;IACH,iBAAiB,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CACtD;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;IACX,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEpE;;OAEG;IACH,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE9C;;OAEG;IACH,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAA;IAEtE;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAA;IAE5D;;OAEG;IACH,eAAe,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAA;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,cAAc,EAAE,MAAM,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,mBAAmB,EAAE,OAAO,CAAA;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,qBAAqB,EAAE,CAAA;IAClC,cAAc,EAAE,OAAO,CAAA;IACvB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,OAAO,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,YAAY,EAAE,wBAAwB,EAAE,CAAA;CACzC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,eAAe,CAAA;IACrB,KAAK,EAAE,OAAO,CAAA;IACd,WAAW,EAAE,MAAM,CAAA;CACpB;AAED;;GAEG;AACH,oBAAY,eAAe;IACzB,UAAU,eAAe;IACzB,QAAQ,aAAa;IACrB,UAAU,eAAe;IACzB,eAAe,oBAAoB;IACnC,UAAU,eAAe;CAC1B;AAED;;GAEG;AACH,qBAAa,0BAA2B,SAAQ,KAAK;gBACvC,MAAM,EAAE,MAAM;CAI3B;AAED;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAgB;IAChC,OAAO,CAAC,iBAAiB,CAAsB;IAC/C,OAAO,CAAC,YAAY,CAAoB;gBAGtC,QAAQ,EAAE,cAAc,EACxB,iBAAiB,EAAE,oBAAoB,EACvC,YAAY,EAAE,kBAAkB;IAOlC;;OAEG;IACG,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAkC9F;;OAEG;IACG,aAAa,CAAC,QAAQ,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAuC3E;;OAEG;YACW,wBAAwB;IAgCtC;;OAEG;YACW,cAAc;IAkB5B;;OAEG;YACW,uBAAuB;IASrC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqB1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAKzB;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;OAEG;IACG,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAChD,SAAS,EAAE,OAAO,CAAA;QAClB,YAAY,CAAC,EAAE,MAAM,CAAA;QACrB,YAAY,CAAC,EAAE,MAAM,CAAA;KACtB,CAAC;IASF;;OAEG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC;QACT,WAAW,EAAE,MAAM,CAAA;QACnB,kBAAkB,EAAE,uBAAuB,EAAE,CAAA;QAC7C,aAAa,EAAE,YAAY,EAAE,CAAA;KAC9B,CAAC;IAYF;;OAEG;IACG,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAe1E"}