mcp-wordpress 2.2.0 → 2.3.0

package/dist/security/AutomatedRemediation.d.ts

@@ -0,0 +1,145 @@
+/**
+ * Automated Security Remediation System
+ * Provides intelligent automated fixes for detected vulnerabilities
+ */
+import { SecurityVulnerability, SecurityScanResult } from "./AISecurityScanner";
+interface RemediationAction {
+    id: string;
+    type: "replace" | "insert" | "delete" | "config" | "file";
+    target: {
+        file?: string | undefined;
+        line?: number | undefined;
+        pattern?: RegExp | undefined;
+        value?: string | undefined;
+    };
+    replacement: {
+        content?: string;
+        config?: Record<string, any>;
+        action?: string;
+    };
+    backup: {
+        enabled: boolean;
+        path?: string;
+    };
+    validation: {
+        test?: string;
+        expected?: any;
+    };
+}
+export interface RemediationResult {
+    vulnerabilityId: string;
+    success: boolean;
+    action: string;
+    details: string;
+    timestamp: Date;
+    backupPath?: string | undefined;
+    validationResult?: boolean | undefined;
+}
+interface RemediationPlan {
+    planId: string;
+    vulnerabilities: SecurityVulnerability[];
+    actions: RemediationAction[];
+    estimatedDuration: number;
+    riskLevel: "low" | "medium" | "high";
+    requiresApproval: boolean;
+}
+/**
+ * Automated Security Remediation Engine
+ */
+export declare class AutomatedRemediation {
+    private remediationHistory;
+    private backupDirectory;
+    /**
+     * Create remediation plan for scan results
+     */
+    createRemediationPlan(scanResult: SecurityScanResult): Promise<RemediationPlan>;
+    /**
+     * Create remediation action for a specific vulnerability
+     */
+    private createRemediationAction;
+    /**
+     * Create SQL injection remediation
+     */
+    private createSQLInjectionRemediation;
+    /**
+     * Create XSS remediation
+     */
+    private createXSSRemediation;
+    /**
+     * Create path traversal remediation
+     */
+    private createPathTraversalRemediation;
+    /**
+     * Create credential exposure remediation
+     */
+    private createCredentialExposureRemediation;
+    /**
+     * Create configuration remediation
+     */
+    private createConfigRemediation;
+    /**
+     * Create information disclosure remediation
+     */
+    private createInfoDisclosureRemediation;
+    /**
+     * Execute remediation plan
+     */
+    executeRemediationPlan(plan: RemediationPlan, options?: {
+        dryRun?: boolean;
+        requireConfirmation?: boolean;
+    }): Promise<RemediationResult[]>;
+    /**
+     * Execute a single remediation action
+     */
+    private executeRemediationAction;
+    /**
+     * Execute replace action
+     */
+    private executeReplaceAction;
+    /**
+     * Execute insert action
+     */
+    private executeInsertAction;
+    /**
+     * Execute delete action
+     */
+    private executeDeleteAction;
+    /**
+     * Execute config action
+     */
+    private executeConfigAction;
+    /**
+     * Execute file action
+     */
+    private executeFileAction;
+    /**
+     * Create backup of file
+     */
+    private createBackup;
+    /**
+     * Ensure backup directory exists
+     */
+    private ensureBackupDirectory;
+    /**
+     * Validate remediation
+     */
+    private validateRemediation;
+    /**
+     * Simulate remediation actions for dry run
+     */
+    private simulateRemediationActions;
+    /**
+     * Get remediation history
+     */
+    getRemediationHistory(): RemediationResult[];
+    /**
+     * Rollback remediation using backup
+     */
+    rollbackRemediation(backupPath: string, targetFile: string): Promise<void>;
+    /**
+     * Clean up old backups
+     */
+    cleanupBackups(maxAge?: number): Promise<void>;
+}
+export {};
+//# sourceMappingURL=AutomatedRemediation.d.ts.map

package/dist/security/AutomatedRemediation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AutomatedRemediation.d.ts","sourceRoot":"","sources":["../../src/security/AutomatedRemediation.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAIhF,UAAU,iBAAiB;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC1D,MAAM,EAAE;QACN,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC1B,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC1B,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC7B,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;KAC5B,CAAC;IACF,WAAW,EAAE;QACX,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,MAAM,EAAE;QACN,OAAO,EAAE,OAAO,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,UAAU,EAAE;QACV,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,GAAG,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,gBAAgB,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;CACxC;AAED,UAAU,eAAe;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,qBAAqB,EAAE,CAAC;IACzC,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAC7B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AA2CD;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,kBAAkB,CAA2B;IACrD,OAAO,CAAC,eAAe,CAAsB;IAE7C;;OAEG;IACG,qBAAqB,CAAC,UAAU,EAAE,kBAAkB,GAAG,OAAO,CAAC,eAAe,CAAC;IAqCrF;;OAEG;YACW,uBAAuB;IA2BrC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAwBrC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAsB5B;;OAEG;IACH,OAAO,CAAC,8BAA8B;IAsBtC;;OAEG;IACH,OAAO,CAAC,mCAAmC;IA4B3C;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAsB/B;;OAEG;IACH,OAAO,CAAC,+BAA+B;IAsBvC;;OAEG;IACG,sBAAsB,CAC1B,IAAI,EAAE,eAAe,EACrB,OAAO,GAAE;QACP,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,mBAAmB,CAAC,EAAE,OAAO,CAAC;KAC1B,GACL,OAAO,CAAC,iBAAiB,EAAE,CAAC;IA2C/B;;OAEG;YACW,wBAAwB;IA+DtC;;OAEG;YACW,oBAAoB;IAelC;;OAEG;YACW,mBAAmB;IAcjC;;OAEG;YACW,mBAAmB;IAwBjC;;OAEG;YACW,mBAAmB;IAcjC;;OAEG;YACW,iBAAiB;IAuB/B;;OAEG;YACW,YAAY;IAW1B;;OAEG;YACW,qBAAqB;IASnC;;OAEG;YACW,mBAAmB;IAsBjC;;OAEG;YACW,0BAA0B;IAgBxC;;OAEG;IACH,qBAAqB,IAAI,iBAAiB,EAAE;IAI5C;;OAEG;IACG,mBAAmB,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUhF;;OAEG;IACG,cAAc,CAAC,MAAM,GAAE,MAAgC,GAAG,OAAO,CAAC,IAAI,CAAC;CAkB9E"}

package/dist/security/AutomatedRemediation.js

@@ -0,0 +1,535 @@
+/**
+ * Automated Security Remediation System
+ * Provides intelligent automated fixes for detected vulnerabilities
+ */
+import * as fs from "fs/promises";
+import * as path from "path";
+import { SecurityUtils } from "./SecurityConfig";
+import { SecurityValidationError } from "./InputValidator";
+/**
+ * Automated remediation patterns for common vulnerabilities
+ */
+const REMEDIATION_PATTERNS = {
+    sqlInjection: {
+        pattern: /(SELECT|INSERT|UPDATE|DELETE).*?[\'\"].*?[\'\"].*?(WHERE|FROM|INTO)/gi,
+        replacement: "// TODO: Replace with parameterized query",
+        confidence: 0.7,
+    },
+    xssSimple: {
+        pattern: /innerHTML\s*=\s*[^;]+;?/gi,
+        replacement: "textContent = $1; // XSS remediation",
+        confidence: 0.8,
+    },
+    pathTraversal: {
+        pattern: /\.\.[\/\\]/g,
+        replacement: "",
+        confidence: 0.9,
+    },
+    credentialExposure: {
+        pattern: /(password|secret|key|token)\s*[:=]\s*['"][^'"]+['"]/gi,
+        replacement: "$1 = process.env.$1?.toUpperCase() || '[REQUIRED]'",
+        confidence: 0.85,
+    },
+    httpToHttps: {
+        pattern: /http:\/\//gi,
+        replacement: "https://",
+        confidence: 0.95,
+    },
+    insecureConfig: {
+        pattern: /(ssl|secure|verify)\s*[:=]\s*false/gi,
+        replacement: "$1: true",
+        confidence: 0.9,
+    },
+};
+/**
+ * Automated Security Remediation Engine
+ */
+export class AutomatedRemediation {
+    remediationHistory = [];
+    backupDirectory = "security-backups";
+    /**
+     * Create remediation plan for scan results
+     */
+    async createRemediationPlan(scanResult) {
+        const planId = SecurityUtils.generateSecureToken(16);
+        const remediableVulns = scanResult.vulnerabilities.filter((v) => v.remediation.automated);
+        console.log(`[Remediation] Creating plan for ${remediableVulns.length} remediable vulnerabilities`);
+        const actions = [];
+        let estimatedDuration = 0;
+        let maxRiskLevel = "low";
+        for (const vulnerability of remediableVulns) {
+            const action = await this.createRemediationAction(vulnerability);
+            if (action) {
+                actions.push(action);
+                estimatedDuration += 30; // 30 seconds per action estimate
+                // Update risk level
+                if (vulnerability.severity === "critical" || vulnerability.severity === "high") {
+                    maxRiskLevel = "high";
+                }
+                else if (vulnerability.severity === "medium" && maxRiskLevel === "low") {
+                    maxRiskLevel = "medium";
+                }
+            }
+        }
+        const requiresApproval = maxRiskLevel === "high" || actions.length > 10;
+        return {
+            planId,
+            vulnerabilities: remediableVulns,
+            actions,
+            estimatedDuration,
+            riskLevel: maxRiskLevel,
+            requiresApproval,
+        };
+    }
+    /**
+     * Create remediation action for a specific vulnerability
+     */
+    async createRemediationAction(vulnerability) {
+        const actionId = SecurityUtils.generateSecureToken(12);
+        switch (vulnerability.type) {
+            case "SQL Injection":
+                return this.createSQLInjectionRemediation(actionId, vulnerability);
+            case "Cross-Site Scripting (XSS)":
+                return this.createXSSRemediation(actionId, vulnerability);
+            case "Path Traversal":
+                return this.createPathTraversalRemediation(actionId, vulnerability);
+            case "Credential Exposure":
+                return this.createCredentialExposureRemediation(actionId, vulnerability);
+            case "Insecure Configuration":
+                return this.createConfigRemediation(actionId, vulnerability);
+            case "Information Disclosure":
+                return this.createInfoDisclosureRemediation(actionId, vulnerability);
+            default:
+                return null;
+        }
+    }
+    /**
+     * Create SQL injection remediation
+     */
+    createSQLInjectionRemediation(actionId, vulnerability) {
+        return {
+            id: actionId,
+            type: "replace",
+            target: {
+                file: vulnerability.location.file,
+                line: vulnerability.location.line,
+                pattern: REMEDIATION_PATTERNS.sqlInjection.pattern,
+            },
+            replacement: {
+                content: "// SECURITY FIX: Replace with parameterized query to prevent SQL injection\n" +
+                    "// Example: db.query('SELECT * FROM users WHERE id = ?', [userId])",
+            },
+            backup: {
+                enabled: true,
+            },
+            validation: {
+                test: 'grep -n "SELECT.*WHERE" $file | wc -l',
+                expected: 0,
+            },
+        };
+    }
+    /**
+     * Create XSS remediation
+     */
+    createXSSRemediation(actionId, vulnerability) {
+        return {
+            id: actionId,
+            type: "replace",
+            target: {
+                file: vulnerability.location.file,
+                line: vulnerability.location.line,
+                pattern: /innerHTML\s*=\s*([^;]+);?/gi,
+            },
+            replacement: {
+                content: "textContent = $1; // XSS remediation: use textContent instead of innerHTML",
+            },
+            backup: {
+                enabled: true,
+            },
+            validation: {
+                test: 'grep -n "innerHTML" $file | wc -l',
+                expected: 0,
+            },
+        };
+    }
+    /**
+     * Create path traversal remediation
+     */
+    createPathTraversalRemediation(actionId, vulnerability) {
+        return {
+            id: actionId,
+            type: "replace",
+            target: {
+                file: vulnerability.location.file,
+                line: vulnerability.location.line,
+                pattern: /\.\.[\/\\]/g,
+            },
+            replacement: {
+                content: "", // Remove path traversal sequences
+            },
+            backup: {
+                enabled: true,
+            },
+            validation: {
+                test: 'grep -n "\\.\\./" $file | wc -l',
+                expected: 0,
+            },
+        };
+    }
+    /**
+     * Create credential exposure remediation
+     */
+    createCredentialExposureRemediation(actionId, vulnerability) {
+        return {
+            id: actionId,
+            type: "replace",
+            target: {
+                file: vulnerability.location.file,
+                line: vulnerability.location.line,
+                pattern: /(password|secret|key|token)\s*[:=]\s*['"][^'"]+['"]/gi,
+            },
+            replacement: {
+                content: "// SECURITY FIX: Credential moved to environment variable\n" +
+                    "// Add to .env: $1=your_actual_value\n" +
+                    "$1: process.env.$1 || (() => { throw new Error('$1 environment variable required'); })()",
+            },
+            backup: {
+                enabled: true,
+            },
+            validation: {
+                test: 'grep -n "password.*=.*[\'\\"]" $file | wc -l',
+                expected: 0,
+            },
+        };
+    }
+    /**
+     * Create configuration remediation
+     */
+    createConfigRemediation(actionId, vulnerability) {
+        return {
+            id: actionId,
+            type: "replace",
+            target: {
+                file: vulnerability.location.file,
+                line: vulnerability.location.line,
+                pattern: /(ssl|secure|verify)\s*[:=]\s*false/gi,
+            },
+            replacement: {
+                content: "$1: true // Security fix: enabled secure configuration",
+            },
+            backup: {
+                enabled: true,
+            },
+            validation: {
+                test: 'grep -n "ssl.*false" $file | wc -l',
+                expected: 0,
+            },
+        };
+    }
+    /**
+     * Create information disclosure remediation
+     */
+    createInfoDisclosureRemediation(actionId, vulnerability) {
+        return {
+            id: actionId,
+            type: "replace",
+            target: {
+                file: vulnerability.location.file,
+                line: vulnerability.location.line,
+                pattern: /(debug|trace|error)\s*[:=]\s*true/gi,
+            },
+            replacement: {
+                content: "$1: process.env.NODE_ENV !== 'production' // Security fix: disable in production",
+            },
+            backup: {
+                enabled: true,
+            },
+            validation: {
+                test: 'grep -n "debug.*true" $file | wc -l',
+                expected: 0,
+            },
+        };
+    }
+    /**
+     * Execute remediation plan
+     */
+    async executeRemediationPlan(plan, options = {}) {
+        console.log(`[Remediation] Executing plan ${plan.planId} with ${plan.actions.length} actions`);
+        if (options.dryRun) {
+            console.log("[Remediation] DRY RUN MODE - No changes will be made");
+            return this.simulateRemediationActions(plan.actions);
+        }
+        const results = [];
+        // Ensure backup directory exists
+        await this.ensureBackupDirectory();
+        for (const action of plan.actions) {
+            try {
+                console.log(`[Remediation] Executing action ${action.id} of type ${action.type}`);
+                const result = await this.executeRemediationAction(action);
+                results.push(result);
+                if (!result.success) {
+                    console.error(`[Remediation] Action ${action.id} failed: ${result.details}`);
+                }
+            }
+            catch (error) {
+                console.error(`[Remediation] Action ${action.id} threw error:`, error);
+                results.push({
+                    vulnerabilityId: action.id,
+                    success: false,
+                    action: action.type,
+                    details: `Error: ${error instanceof Error ? error.message : String(error)}`,
+                    timestamp: new Date(),
+                });
+            }
+        }
+        this.remediationHistory.push(...results);
+        const successCount = results.filter((r) => r.success).length;
+        console.log(`[Remediation] Plan completed: ${successCount}/${results.length} actions successful`);
+        return results;
+    }
+    /**
+     * Execute a single remediation action
+     */
+    async executeRemediationAction(action) {
+        const startTime = Date.now();
+        try {
+            let backupPath;
+            // Create backup if enabled
+            if (action.backup.enabled && action.target.file) {
+                backupPath = await this.createBackup(action.target.file);
+            }
+            // Execute the action based on type
+            switch (action.type) {
+                case "replace":
+                    await this.executeReplaceAction(action);
+                    break;
+                case "insert":
+                    await this.executeInsertAction(action);
+                    break;
+                case "delete":
+                    await this.executeDeleteAction(action);
+                    break;
+                case "config":
+                    await this.executeConfigAction(action);
+                    break;
+                case "file":
+                    await this.executeFileAction(action);
+                    break;
+                default:
+                    throw new Error(`Unknown action type: ${action.type}`);
+            }
+            // Validate the fix if validation is provided
+            let validationResult;
+            if (action.validation && action.target.file) {
+                validationResult = await this.validateRemediation(action);
+            }
+            return {
+                vulnerabilityId: action.id,
+                success: true,
+                action: action.type,
+                details: `Remediation completed successfully in ${Date.now() - startTime}ms`,
+                timestamp: new Date(),
+                backupPath,
+                validationResult,
+            };
+        }
+        catch (error) {
+            return {
+                vulnerabilityId: action.id,
+                success: false,
+                action: action.type,
+                details: `Remediation failed: ${error instanceof Error ? error.message : String(error)}`,
+                timestamp: new Date(),
+            };
+        }
+    }
+    /**
+     * Execute replace action
+     */
+    async executeReplaceAction(action) {
+        if (!action.target.file || !action.target.pattern || !action.replacement.content) {
+            throw new Error("Replace action missing required fields");
+        }
+        const content = await fs.readFile(action.target.file, "utf-8");
+        const updatedContent = content.replace(action.target.pattern, action.replacement.content);
+        if (content === updatedContent) {
+            throw new Error("No changes made - pattern not found");
+        }
+        await fs.writeFile(action.target.file, updatedContent, "utf-8");
+    }
+    /**
+     * Execute insert action
+     */
+    async executeInsertAction(action) {
+        if (!action.target.file || !action.replacement.content) {
+            throw new Error("Insert action missing required fields");
+        }
+        const content = await fs.readFile(action.target.file, "utf-8");
+        const lines = content.split("\n");
+        const insertIndex = action.target.line ? Math.max(0, action.target.line - 1) : lines.length;
+        lines.splice(insertIndex, 0, action.replacement.content);
+        await fs.writeFile(action.target.file, lines.join("\n"), "utf-8");
+    }
+    /**
+     * Execute delete action
+     */
+    async executeDeleteAction(action) {
+        if (!action.target.file) {
+            throw new Error("Delete action missing file");
+        }
+        if (action.target.line) {
+            // Delete specific line
+            const content = await fs.readFile(action.target.file, "utf-8");
+            const lines = content.split("\n");
+            if (action.target.line > 0 && action.target.line <= lines.length) {
+                lines.splice(action.target.line - 1, 1);
+                await fs.writeFile(action.target.file, lines.join("\n"), "utf-8");
+            }
+        }
+        else if (action.target.pattern) {
+            // Delete pattern matches
+            const content = await fs.readFile(action.target.file, "utf-8");
+            const updatedContent = content.replace(action.target.pattern, "");
+            await fs.writeFile(action.target.file, updatedContent, "utf-8");
+        }
+        else {
+            throw new Error("Delete action missing target specification");
+        }
+    }
+    /**
+     * Execute config action
+     */
+    async executeConfigAction(action) {
+        if (!action.target.file || !action.replacement.config) {
+            throw new Error("Config action missing required fields");
+        }
+        const content = await fs.readFile(action.target.file, "utf-8");
+        const config = JSON.parse(content);
+        // Merge configuration changes
+        Object.assign(config, action.replacement.config);
+        await fs.writeFile(action.target.file, JSON.stringify(config, null, 2), "utf-8");
+    }
+    /**
+     * Execute file action
+     */
+    async executeFileAction(action) {
+        if (!action.replacement.action) {
+            throw new Error("File action missing action specification");
+        }
+        switch (action.replacement.action) {
+            case "delete":
+                if (action.target.file) {
+                    await fs.unlink(action.target.file);
+                }
+                break;
+            case "create":
+                if (action.target.file && action.replacement.content) {
+                    await fs.writeFile(action.target.file, action.replacement.content, "utf-8");
+                }
+                break;
+            default:
+                throw new Error(`Unknown file action: ${action.replacement.action}`);
+        }
+    }
+    /**
+     * Create backup of file
+     */
+    async createBackup(filePath) {
+        const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
+        const backupPath = path.join(this.backupDirectory, `${path.basename(filePath)}.${timestamp}.backup`);
+        const content = await fs.readFile(filePath, "utf-8");
+        await fs.writeFile(backupPath, content, "utf-8");
+        console.log(`[Remediation] Created backup: ${backupPath}`);
+        return backupPath;
+    }
+    /**
+     * Ensure backup directory exists
+     */
+    async ensureBackupDirectory() {
+        try {
+            await fs.access(this.backupDirectory);
+        }
+        catch {
+            await fs.mkdir(this.backupDirectory, { recursive: true });
+            console.log(`[Remediation] Created backup directory: ${this.backupDirectory}`);
+        }
+    }
+    /**
+     * Validate remediation
+     */
+    async validateRemediation(action) {
+        if (!action.validation?.test || !action.target.file) {
+            return true; // No validation specified
+        }
+        try {
+            // This is a simplified validation - in practice you'd run the test command
+            const content = await fs.readFile(action.target.file, "utf-8");
+            // Simple pattern-based validation
+            if (action.target.pattern) {
+                const matches = content.match(action.target.pattern);
+                return (matches?.length || 0) === (action.validation.expected || 0);
+            }
+            return true;
+        }
+        catch (error) {
+            console.warn(`[Remediation] Validation failed for action ${action.id}:`, error);
+            return false;
+        }
+    }
+    /**
+     * Simulate remediation actions for dry run
+     */
+    async simulateRemediationActions(actions) {
+        const results = [];
+        for (const action of actions) {
+            results.push({
+                vulnerabilityId: action.id,
+                success: true,
+                action: `${action.type} (simulated)`,
+                details: `Would ${action.type} in ${action.target.file || "configuration"}`,
+                timestamp: new Date(),
+            });
+        }
+        return results;
+    }
+    /**
+     * Get remediation history
+     */
+    getRemediationHistory() {
+        return [...this.remediationHistory];
+    }
+    /**
+     * Rollback remediation using backup
+     */
+    async rollbackRemediation(backupPath, targetFile) {
+        try {
+            const backupContent = await fs.readFile(backupPath, "utf-8");
+            await fs.writeFile(targetFile, backupContent, "utf-8");
+            console.log(`[Remediation] Rolled back ${targetFile} from ${backupPath}`);
+        }
+        catch (error) {
+            throw new SecurityValidationError(`Rollback failed: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    /**
+     * Clean up old backups
+     */
+    async cleanupBackups(maxAge = 7 * 24 * 60 * 60 * 1000) {
+        try {
+            const files = await fs.readdir(this.backupDirectory);
+            const now = Date.now();
+            for (const file of files) {
+                const filePath = path.join(this.backupDirectory, file);
+                const stats = await fs.stat(filePath);
+                if (now - stats.mtime.getTime() > maxAge) {
+                    await fs.unlink(filePath);
+                    console.log(`[Remediation] Cleaned up old backup: ${file}`);
+                }
+            }
+        }
+        catch (error) {
+            console.warn("[Remediation] Backup cleanup failed:", error);
+        }
+    }
+}
+//# sourceMappingURL=AutomatedRemediation.js.map