@boundless-oss/atlas
Version:
Atlas - MCP Server for comprehensive startup project management
128 lines • 4.08 kB
TypeScript
/**
* Security Manager
* Implements MCP Design Guide Section 5.2 principles for zero-trust architecture
*/
export interface SecurityContext {
userId?: string;
sessionId: string;
permissions: string[];
roleLevel: 'read' | 'write' | 'admin' | 'system';
origin: string;
timestamp: number;
ipAddress?: string;
}
export interface ToolSecurityPolicy {
toolName: string;
requiredPermissions: string[];
minimumRoleLevel: SecurityContext['roleLevel'];
requiresHumanApproval: boolean;
maxUsagePerHour: number;
allowedOrigins: string[];
logLevel: 'none' | 'basic' | 'detailed';
}
export interface SecurityEvent {
type: 'access_granted' | 'access_denied' | 'suspicious_activity' | 'policy_violation';
toolName: string;
context: SecurityContext;
timestamp: number;
details: Record<string, any>;
riskLevel: 'low' | 'medium' | 'high' | 'critical';
}
/**
* Implements zero-trust security model for MCP tool access
*/
export declare class SecurityManager {
private static instance;
private securityPolicies;
private securityEvents;
private usageTracker;
private pendingApprovals;
private constructor();
static getInstance(): SecurityManager;
/**
* Initialize default security policies for critical tools
*/
private initializeDefaultPolicies;
/**
* Add or update a security policy for a tool
*/
addSecurityPolicy(policy: ToolSecurityPolicy): void;
/**
* Validate access to a tool based on security context and policies
*/
validateToolAccess(toolName: string, context: SecurityContext, parameters?: any): Promise<{
allowed: boolean;
reason?: string;
requiresApproval?: boolean;
}>;
/**
* Request human approval for a tool operation
*/
requestHumanApproval(toolName: string, context: SecurityContext, parameters: any, justification: string): Promise<string>;
/**
* Generate security metrics and alerts
*/
generateSecurityMetrics(): {
totalEvents: number;
accessDenied: number;
suspiciousActivity: number;
highRiskEvents: number;
topTargetedTools: Array<{
tool: string;
count: number;
}>;
alerts: string[];
};
private hasRequiredRoleLevel;
private checkRateLimit;
private updateUsageCounter;
private detectSuspiciousActivity;
private isReadOnlyTool;
private sanitizeParameters;
private logSecurityEvent;
/**
* Get comprehensive security status overview
*/
getSecurityStatus(): Promise<any>;
/**
* Get security events with filtering
*/
getSecurityEvents(filters: {
timeRange?: string;
eventTypes?: string[];
severity?: string;
}): SecurityEvent[];
/**
* Configure security policy settings
*/
configureSecurityPolicy(config: {
requireApprovalFor?: string[];
roles?: Record<string, string[]>;
riskThresholds?: Record<string, number>;
logLevel?: string;
}): Promise<void>;
/**
* Process approval request
*/
processApproval(params: {
approvalId: string;
decision: 'approve' | 'deny';
reason?: string;
}): any;
/**
* Get pending approval requests (optional method for dashboard)
*/
getPendingApprovals?(options?: {
status?: string;
toolName?: string;
}): Promise<any[]>;
}
/**
* Create security context from request information
*/
export declare function createSecurityContext(userId: string | undefined, sessionId: string, permissions: string[], roleLevel: SecurityContext['roleLevel'], origin?: string, ipAddress?: string): SecurityContext;
/**
* Decorator for automatic security validation
*/
export declare function requiresSecurity(requiredPermissions: string[], minimumRoleLevel?: SecurityContext['roleLevel']): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
//# sourceMappingURL=security-manager.d.ts.map