npm - tlc-claude-code - Versions diffs - 1.2.29 → 1.4.0 - Mend

tlc-claude-code 1.2.29 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (182) hide show

package/dashboard/dist/components/AuditPane.d.ts +30 -0
package/dashboard/dist/components/AuditPane.js +127 -0
package/dashboard/dist/components/AuditPane.test.d.ts +1 -0
package/dashboard/dist/components/AuditPane.test.js +339 -0
package/dashboard/dist/components/CompliancePane.d.ts +39 -0
package/dashboard/dist/components/CompliancePane.js +96 -0
package/dashboard/dist/components/CompliancePane.test.d.ts +1 -0
package/dashboard/dist/components/CompliancePane.test.js +183 -0
package/dashboard/dist/components/SSOPane.d.ts +36 -0
package/dashboard/dist/components/SSOPane.js +71 -0
package/dashboard/dist/components/SSOPane.test.d.ts +1 -0
package/dashboard/dist/components/SSOPane.test.js +155 -0
package/dashboard/dist/components/UsagePane.d.ts +13 -0
package/dashboard/dist/components/UsagePane.js +51 -0
package/dashboard/dist/components/UsagePane.test.d.ts +1 -0
package/dashboard/dist/components/UsagePane.test.js +142 -0
package/dashboard/dist/components/WorkspaceDocsPane.d.ts +19 -0
package/dashboard/dist/components/WorkspaceDocsPane.js +130 -0
package/dashboard/dist/components/WorkspaceDocsPane.test.d.ts +1 -0
package/dashboard/dist/components/WorkspaceDocsPane.test.js +242 -0
package/dashboard/dist/components/WorkspacePane.d.ts +18 -0
package/dashboard/dist/components/WorkspacePane.js +17 -0
package/dashboard/dist/components/WorkspacePane.test.d.ts +1 -0
package/dashboard/dist/components/WorkspacePane.test.js +84 -0
package/dashboard/dist/components/ZeroRetentionPane.d.ts +44 -0
package/dashboard/dist/components/ZeroRetentionPane.js +83 -0
package/dashboard/dist/components/ZeroRetentionPane.test.d.ts +1 -0
package/dashboard/dist/components/ZeroRetentionPane.test.js +160 -0
package/package.json +1 -1
package/server/lib/access-control-doc.js +541 -0
package/server/lib/access-control-doc.test.js +672 -0
package/server/lib/adr-generator.js +423 -0
package/server/lib/adr-generator.test.js +586 -0
package/server/lib/agent-progress-monitor.js +223 -0
package/server/lib/agent-progress-monitor.test.js +202 -0
package/server/lib/architecture-command.js +450 -0
package/server/lib/architecture-command.test.js +754 -0
package/server/lib/ast-analyzer.js +324 -0
package/server/lib/ast-analyzer.test.js +437 -0
package/server/lib/audit-attribution.js +191 -0
package/server/lib/audit-attribution.test.js +359 -0
package/server/lib/audit-classifier.js +202 -0
package/server/lib/audit-classifier.test.js +209 -0
package/server/lib/audit-command.js +275 -0
package/server/lib/audit-command.test.js +325 -0
package/server/lib/audit-exporter.js +380 -0
package/server/lib/audit-exporter.test.js +464 -0
package/server/lib/audit-logger.js +236 -0
package/server/lib/audit-logger.test.js +364 -0
package/server/lib/audit-query.js +257 -0
package/server/lib/audit-query.test.js +352 -0
package/server/lib/audit-storage.js +269 -0
package/server/lib/audit-storage.test.js +272 -0
package/server/lib/auth-system.test.js +4 -1
package/server/lib/boundary-detector.js +427 -0
package/server/lib/boundary-detector.test.js +320 -0
package/server/lib/budget-alerts.js +138 -0
package/server/lib/budget-alerts.test.js +235 -0
package/server/lib/bulk-repo-init.js +342 -0
package/server/lib/bulk-repo-init.test.js +388 -0
package/server/lib/candidates-tracker.js +210 -0
package/server/lib/candidates-tracker.test.js +300 -0
package/server/lib/checkpoint-manager.js +251 -0
package/server/lib/checkpoint-manager.test.js +474 -0
package/server/lib/circular-detector.js +337 -0
package/server/lib/circular-detector.test.js +353 -0
package/server/lib/cohesion-analyzer.js +310 -0
package/server/lib/cohesion-analyzer.test.js +447 -0
package/server/lib/compliance-checklist.js +866 -0
package/server/lib/compliance-checklist.test.js +476 -0
package/server/lib/compliance-command.js +616 -0
package/server/lib/compliance-command.test.js +551 -0
package/server/lib/compliance-reporter.js +692 -0
package/server/lib/compliance-reporter.test.js +707 -0
package/server/lib/contract-testing.js +625 -0
package/server/lib/contract-testing.test.js +342 -0
package/server/lib/conversion-planner.js +469 -0
package/server/lib/conversion-planner.test.js +361 -0
package/server/lib/convert-command.js +351 -0
package/server/lib/convert-command.test.js +608 -0
package/server/lib/coupling-calculator.js +189 -0
package/server/lib/coupling-calculator.test.js +509 -0
package/server/lib/data-flow-doc.js +665 -0
package/server/lib/data-flow-doc.test.js +659 -0
package/server/lib/dependency-graph.js +367 -0
package/server/lib/dependency-graph.test.js +516 -0
package/server/lib/duplication-detector.js +349 -0
package/server/lib/duplication-detector.test.js +401 -0
package/server/lib/ephemeral-storage.js +249 -0
package/server/lib/ephemeral-storage.test.js +254 -0
package/server/lib/evidence-collector.js +627 -0
package/server/lib/evidence-collector.test.js +901 -0
package/server/lib/example-service.js +616 -0
package/server/lib/example-service.test.js +397 -0
package/server/lib/flow-diagram-generator.js +474 -0
package/server/lib/flow-diagram-generator.test.js +446 -0
package/server/lib/idp-manager.js +626 -0
package/server/lib/idp-manager.test.js +587 -0
package/server/lib/impact-scorer.js +184 -0
package/server/lib/impact-scorer.test.js +211 -0
package/server/lib/memory-exclusion.js +326 -0
package/server/lib/memory-exclusion.test.js +241 -0
package/server/lib/mermaid-generator.js +358 -0
package/server/lib/mermaid-generator.test.js +301 -0
package/server/lib/messaging-patterns.js +750 -0
package/server/lib/messaging-patterns.test.js +213 -0
package/server/lib/mfa-handler.js +452 -0
package/server/lib/mfa-handler.test.js +490 -0
package/server/lib/microservice-template.js +386 -0
package/server/lib/microservice-template.test.js +325 -0
package/server/lib/new-project-microservice.js +450 -0
package/server/lib/new-project-microservice.test.js +600 -0
package/server/lib/oauth-flow.js +375 -0
package/server/lib/oauth-flow.test.js +487 -0
package/server/lib/oauth-registry.js +190 -0
package/server/lib/oauth-registry.test.js +306 -0
package/server/lib/readme-generator.js +490 -0
package/server/lib/readme-generator.test.js +493 -0
package/server/lib/refactor-command.js +326 -0
package/server/lib/refactor-command.test.js +528 -0
package/server/lib/refactor-executor.js +254 -0
package/server/lib/refactor-executor.test.js +305 -0
package/server/lib/refactor-observer.js +292 -0
package/server/lib/refactor-observer.test.js +422 -0
package/server/lib/refactor-progress.js +193 -0
package/server/lib/refactor-progress.test.js +251 -0
package/server/lib/refactor-reporter.js +237 -0
package/server/lib/refactor-reporter.test.js +247 -0
package/server/lib/repo-dependency-tracker.js +261 -0
package/server/lib/repo-dependency-tracker.test.js +350 -0
package/server/lib/retention-policy.js +281 -0
package/server/lib/retention-policy.test.js +486 -0
package/server/lib/role-mapper.js +236 -0
package/server/lib/role-mapper.test.js +395 -0
package/server/lib/saml-provider.js +765 -0
package/server/lib/saml-provider.test.js +643 -0
package/server/lib/security-policy-generator.js +682 -0
package/server/lib/security-policy-generator.test.js +544 -0
package/server/lib/semantic-analyzer.js +198 -0
package/server/lib/semantic-analyzer.test.js +474 -0
package/server/lib/sensitive-detector.js +112 -0
package/server/lib/sensitive-detector.test.js +209 -0
package/server/lib/service-interaction-diagram.js +700 -0
package/server/lib/service-interaction-diagram.test.js +638 -0
package/server/lib/service-scaffold.js +486 -0
package/server/lib/service-scaffold.test.js +373 -0
package/server/lib/service-summary.js +553 -0
package/server/lib/service-summary.test.js +619 -0
package/server/lib/session-purge.js +460 -0
package/server/lib/session-purge.test.js +312 -0
package/server/lib/shared-kernel.js +578 -0
package/server/lib/shared-kernel.test.js +255 -0
package/server/lib/sso-command.js +544 -0
package/server/lib/sso-command.test.js +552 -0
package/server/lib/sso-session.js +492 -0
package/server/lib/sso-session.test.js +670 -0
package/server/lib/traefik-config.js +282 -0
package/server/lib/traefik-config.test.js +312 -0
package/server/lib/usage-command.js +218 -0
package/server/lib/usage-command.test.js +391 -0
package/server/lib/usage-formatter.js +192 -0
package/server/lib/usage-formatter.test.js +267 -0
package/server/lib/usage-history.js +122 -0
package/server/lib/usage-history.test.js +206 -0
package/server/lib/workspace-command.js +249 -0
package/server/lib/workspace-command.test.js +264 -0
package/server/lib/workspace-config.js +270 -0
package/server/lib/workspace-config.test.js +312 -0
package/server/lib/workspace-docs-command.js +547 -0
package/server/lib/workspace-docs-command.test.js +692 -0
package/server/lib/workspace-memory.js +451 -0
package/server/lib/workspace-memory.test.js +403 -0
package/server/lib/workspace-scanner.js +452 -0
package/server/lib/workspace-scanner.test.js +677 -0
package/server/lib/workspace-test-runner.js +315 -0
package/server/lib/workspace-test-runner.test.js +294 -0
package/server/lib/zero-retention-command.js +439 -0
package/server/lib/zero-retention-command.test.js +448 -0
package/server/lib/zero-retention.js +322 -0
package/server/lib/zero-retention.test.js +258 -0
package/server/package-lock.json +14 -0
package/server/package.json +1 -0

package/server/lib/sso-session.js ADDED Viewed

@@ -0,0 +1,492 @@
+/**
+ * SSO Session Manager
+ *
+ * Enhanced session management for SSO with IdP integration.
+ * Handles session creation from IdP authentication, token storage,
+ * session timeout, single logout, refresh, and concurrent session limits.
+ */
+const crypto = require('crypto');
+/**
+ * Default session configuration
+ */
+const SESSION_DEFAULTS = {
+  sessionDuration: 86400000, // 24 hours in milliseconds
+  maxConcurrentSessions: 5,
+  tokenRefreshThreshold: 300000, // 5 minutes before token expiry
+};
+/**
+ * Generate a UUID for session IDs
+ * @returns {string} UUID
+ */
+function generateSessionId() {
+  return crypto.randomUUID();
+}
+/**
+ * Creates an SSO Session Manager instance.
+ *
+ * @param {Object} options - Manager configuration
+ * @param {Object} options.idpManager - IdP Manager instance
+ * @param {Object} [options.mfaStore] - MFA Store instance
+ * @param {number} [options.sessionDuration] - Session duration in milliseconds
+ * @param {number} [options.maxConcurrentSessions] - Max concurrent sessions per user
+ * @param {number} [options.tokenRefreshThreshold] - Time before token expiry to trigger refresh
+ * @returns {Object} SSO Session Manager instance
+ */
+function createSsoSessionManager(options = {}) {
+  const {
+    idpManager,
+    mfaStore,
+    sessionDuration = SESSION_DEFAULTS.sessionDuration,
+    maxConcurrentSessions = SESSION_DEFAULTS.maxConcurrentSessions,
+    tokenRefreshThreshold = SESSION_DEFAULTS.tokenRefreshThreshold,
+  } = options;
+  // In-memory session store
+  // Key: session ID, Value: session object
+  const sessions = new Map();
+  // Index by user ID for efficient lookup
+  // Key: user ID, Value: Set of session IDs
+  const userSessions = new Map();
+  // Index by access token for efficient lookup
+  // Key: access token, Value: session ID
+  const tokenIndex = new Map();
+  /**
+   * Create a session from IdP authentication result
+   *
+   * @param {string} provider - Provider name (e.g., 'github', 'google')
+   * @param {Object} authResult - Authentication result from IdP
+   * @param {Object} metadata - Session metadata
+   * @returns {Promise<Object>} Created session
+   */
+  async function createSession(provider, authResult, metadata = {}) {
+    const { profile, tokens = {}, providerType } = authResult;
+    const now = Date.now();
+    // Determine MFA verification status
+    // mfaVerified is true only if user has MFA enabled AND verified with a code
+    let mfaVerified = false;
+    if (mfaStore && metadata.mfaCode) {
+      const mfaStatus = await mfaStore.getMfaStatus(profile.id);
+      if (mfaStatus.enabled) {
+        const mfaResult = await mfaStore.verifyMfa(profile.id, metadata.mfaCode);
+        mfaVerified = mfaResult.valid;
+      }
+    }
+    // If no mfaCode provided or MFA not enabled, mfaVerified stays false
+    // Calculate token expiry
+    let tokenExpiry = null;
+    if (tokens.expiresIn) {
+      tokenExpiry = now + (tokens.expiresIn * 1000);
+    }
+    const session = {
+      id: generateSessionId(),
+      userId: profile.id,
+      provider,
+      providerType: providerType || 'oauth',
+      accessToken: tokens.accessToken || null,
+      refreshToken: tokens.refreshToken || null,
+      tokenExpiry,
+      createdAt: now,
+      expiresAt: now + sessionDuration,
+      lastActivityAt: now,
+      userAgent: metadata.userAgent || null,
+      ipAddress: metadata.ipAddress || null,
+      mfaVerified: mfaVerified === true ? true : false,
+      // Store additional profile data for SAML logout
+      nameId: profile.nameId || null,
+    };
+    // Store session
+    sessions.set(session.id, session);
+    // Update user sessions index
+    if (!userSessions.has(session.userId)) {
+      userSessions.set(session.userId, new Set());
+    }
+    userSessions.get(session.userId).add(session.id);
+    // Update token index
+    if (session.accessToken) {
+      tokenIndex.set(session.accessToken, session.id);
+    }
+    // Enforce session limit
+    await enforceSessionLimitForUser(session.userId);
+    return session;
+  }
+  /**
+   * Enforce concurrent session limit for a user
+   *
+   * @param {string} userId - User ID
+   */
+  async function enforceSessionLimitForUser(userId) {
+    const userSessionIds = userSessions.get(userId);
+    if (!userSessionIds || userSessionIds.size <= maxConcurrentSessions) {
+      return;
+    }
+    // Get all sessions for this user, sorted by creation time (oldest first)
+    const userSessionList = Array.from(userSessionIds)
+      .map(id => sessions.get(id))
+      .filter(s => s !== undefined)
+      .sort((a, b) => a.createdAt - b.createdAt);
+    // Remove oldest sessions to enforce limit
+    const sessionsToRemove = userSessionList.slice(0, userSessionList.length - maxConcurrentSessions);
+    for (const session of sessionsToRemove) {
+      await destroySession(session.id);
+    }
+  }
+  /**
+   * Get a session by ID
+   *
+   * @param {string} sessionId - Session ID
+   * @returns {Promise<Object|null>} Session or null if not found/expired
+   */
+  async function getSession(sessionId) {
+    const session = sessions.get(sessionId);
+    if (!session) {
+      return null;
+    }
+    // Check if session is expired
+    if (Date.now() > session.expiresAt) {
+      return null;
+    }
+    // Update last activity
+    session.lastActivityAt = Date.now();
+    return session;
+  }
+  /**
+   * Get a session by access token
+   *
+   * @param {string} accessToken - Access token
+   * @returns {Promise<Object|null>} Session or null if not found
+   */
+  async function getSessionByToken(accessToken) {
+    const sessionId = tokenIndex.get(accessToken);
+    if (!sessionId) {
+      return null;
+    }
+    return getSession(sessionId);
+  }
+  /**
+   * Refresh a session
+   *
+   * @param {string} sessionId - Session ID
+   * @returns {Promise<Object|null>} Refreshed session or null
+   */
+  async function refreshSession(sessionId) {
+    const session = sessions.get(sessionId);
+    if (!session) {
+      return null;
+    }
+    // Check if session is expired
+    if (Date.now() > session.expiresAt) {
+      return null;
+    }
+    const now = Date.now();
+    // Extend session lifetime
+    session.expiresAt = now + sessionDuration;
+    session.lastActivityAt = now;
+    // Check if IdP tokens need refreshing
+    if (session.tokenExpiry && session.refreshToken) {
+      const timeUntilExpiry = session.tokenExpiry - now;
+      if (timeUntilExpiry <= tokenRefreshThreshold) {
+        await refreshIdpTokens(session);
+      }
+    }
+    return session;
+  }
+  /**
+   * Refresh IdP tokens for a session
+   *
+   * @param {Object} session - Session object
+   */
+  async function refreshIdpTokens(session) {
+    if (!idpManager || !idpManager.oauthRegistry) {
+      return;
+    }
+    const provider = idpManager.oauthRegistry.getProvider(session.provider);
+    if (!provider || !provider.tokenUrl) {
+      return;
+    }
+    try {
+      const response = await fetch(provider.tokenUrl, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+          Accept: 'application/json',
+        },
+        body: new URLSearchParams({
+          grant_type: 'refresh_token',
+          refresh_token: session.refreshToken,
+          client_id: provider.clientId,
+          client_secret: provider.clientSecret,
+        }),
+      });
+      if (response.ok) {
+        const tokenData = await response.json();
+        // Remove old token from index
+        if (session.accessToken) {
+          tokenIndex.delete(session.accessToken);
+        }
+        // Update session with new tokens
+        session.accessToken = tokenData.access_token;
+        if (tokenData.refresh_token) {
+          session.refreshToken = tokenData.refresh_token;
+        }
+        if (tokenData.expires_in) {
+          session.tokenExpiry = Date.now() + (tokenData.expires_in * 1000);
+        }
+        // Update token index
+        tokenIndex.set(session.accessToken, session.id);
+      }
+    } catch (error) {
+      // Token refresh failed, session continues with old tokens
+      console.error('Token refresh failed:', error.message);
+    }
+  }
+  /**
+   * Destroy a session
+   *
+   * @param {string} sessionId - Session ID
+   * @param {Object} [options] - Destroy options
+   * @param {boolean} [options.triggerIdpLogout] - Trigger IdP logout
+   * @returns {Promise<Object>} Result with optional logout URL
+   */
+  async function destroySession(sessionId, options = {}) {
+    const session = sessions.get(sessionId);
+    const result = { success: true };
+    if (!session) {
+      return result;
+    }
+    // Handle IdP logout if requested
+    if (options.triggerIdpLogout && idpManager) {
+      // SAML logout
+      if (session.providerType === 'saml' && idpManager.samlProvider) {
+        const idp = idpManager.samlProvider.getIdP(session.provider);
+        if (idp && idp.sloUrl) {
+          const logoutRequest = idpManager.samlProvider.createLogoutRequest(session.provider, {
+            nameId: session.nameId,
+            sessionIndex: session.id,
+          });
+          result.logoutUrl = logoutRequest.url;
+        }
+      }
+      // OAuth token revocation
+      if (session.providerType !== 'saml' && idpManager.oauthRegistry) {
+        const provider = idpManager.oauthRegistry.getProvider(session.provider);
+        if (provider && provider.revokeUrl && session.accessToken) {
+          try {
+            await fetch(provider.revokeUrl, {
+              method: 'POST',
+              headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+              },
+              body: new URLSearchParams({
+                token: session.accessToken,
+                client_id: provider.clientId,
+                client_secret: provider.clientSecret,
+              }),
+            });
+          } catch (error) {
+            // Token revocation failed, continue with session destruction
+            console.error('Token revocation failed:', error.message);
+          }
+        }
+      }
+    }
+    // Remove from token index
+    if (session.accessToken) {
+      tokenIndex.delete(session.accessToken);
+    }
+    // Remove from user sessions index
+    const userSessionSet = userSessions.get(session.userId);
+    if (userSessionSet) {
+      userSessionSet.delete(sessionId);
+      if (userSessionSet.size === 0) {
+        userSessions.delete(session.userId);
+      }
+    }
+    // Remove session
+    sessions.delete(sessionId);
+    return result;
+  }
+  /**
+   * Get all active sessions for a user
+   *
+   * @param {string} userId - User ID
+   * @returns {Promise<Object[]>} List of active sessions
+   */
+  async function getActiveSessions(userId) {
+    const userSessionIds = userSessions.get(userId);
+    if (!userSessionIds) {
+      return [];
+    }
+    const now = Date.now();
+    const activeSessions = [];
+    for (const sessionId of userSessionIds) {
+      const session = sessions.get(sessionId);
+      if (session && now <= session.expiresAt) {
+        // Return sanitized session data (no tokens in list view)
+        activeSessions.push({
+          id: session.id,
+          userId: session.userId,
+          provider: session.provider,
+          createdAt: session.createdAt,
+          expiresAt: session.expiresAt,
+          lastActivityAt: session.lastActivityAt,
+          userAgent: session.userAgent,
+          ipAddress: session.ipAddress,
+          mfaVerified: session.mfaVerified,
+        });
+      }
+    }
+    return activeSessions;
+  }
+  /**
+   * Cleanup expired sessions
+   *
+   * @returns {Promise<number>} Number of sessions removed
+   */
+  async function cleanupExpiredSessions() {
+    const now = Date.now();
+    let removed = 0;
+    for (const [sessionId, session] of sessions) {
+      if (now > session.expiresAt) {
+        await destroySession(sessionId);
+        removed++;
+      }
+    }
+    return removed;
+  }
+  /**
+   * Destroy all sessions for a user
+   *
+   * @param {string} userId - User ID
+   * @param {Object} [options] - Destroy options
+   * @returns {Promise<number>} Number of sessions destroyed
+   */
+  async function destroyAllUserSessions(userId, options = {}) {
+    const userSessionIds = userSessions.get(userId);
+    if (!userSessionIds) {
+      return 0;
+    }
+    // Copy the set since we'll be modifying it during iteration
+    const sessionIds = Array.from(userSessionIds);
+    let removed = 0;
+    for (const sessionId of sessionIds) {
+      await destroySession(sessionId, options);
+      removed++;
+    }
+    return removed;
+  }
+  /**
+   * Get session statistics
+   *
+   * @returns {Promise<Object>} Session statistics
+   */
+  async function getSessionStats() {
+    const now = Date.now();
+    const byProvider = {};
+    const uniqueUsers = new Set();
+    let totalSessions = 0;
+    for (const session of sessions.values()) {
+      if (now <= session.expiresAt) {
+        totalSessions++;
+        uniqueUsers.add(session.userId);
+        if (!byProvider[session.provider]) {
+          byProvider[session.provider] = 0;
+        }
+        byProvider[session.provider]++;
+      }
+    }
+    return {
+      totalSessions,
+      uniqueUsers: uniqueUsers.size,
+      byProvider,
+    };
+  }
+  return {
+    // Session lifecycle
+    createSession,
+    getSession,
+    getSessionByToken,
+    refreshSession,
+    destroySession,
+    // User session management
+    getActiveSessions,
+    destroyAllUserSessions,
+    // Maintenance
+    cleanupExpiredSessions,
+    // Statistics
+    getSessionStats,
+  };
+}
+module.exports = {
+  createSsoSessionManager,
+  SESSION_DEFAULTS,
+};