@dollhousemcp/mcp-server
Version:
DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.
119 lines • 4 kB
TypeScript
/**
* Secure GitHub token management and validation
*/
import { RateLimiter } from '../update/RateLimiter.js';
export interface TokenScopes {
required: string[];
optional?: string[];
}
export interface TokenValidationResult {
isValid: boolean;
scopes?: string[];
rateLimit?: {
remaining: number;
resetTime: Date;
};
rateLimitExceeded?: boolean;
retryAfterMs?: number;
error?: string;
}
/**
* Secure GitHub token manager with validation and protection
*/
export declare class TokenManager {
private static readonly GITHUB_TOKEN_PATTERNS;
private static readonly TOKEN_DIR;
private static readonly TOKEN_FILE;
private static readonly ALGORITHM;
private static readonly KEY_LENGTH;
private static readonly IV_LENGTH;
private static readonly TAG_LENGTH;
private static readonly SALT_LENGTH;
private static readonly ITERATIONS;
private static tokenValidationLimiter;
/**
* Get or create the token validation rate limiter
* Prevents brute force token validation attacks
*/
private static getTokenValidationLimiter;
/**
* Create a rate limiter specifically for token validation
* Conservative limits to prevent abuse while allowing legitimate usage
*/
static createTokenValidationLimiter(): RateLimiter;
/**
* Reset the token validation rate limiter
* Useful for testing or manual intervention
*/
static resetTokenValidationLimiter(): void;
/**
* Validate GitHub token format
*/
static validateTokenFormat(token: string): boolean;
/**
* Get GitHub token from environment with validation
*/
static getGitHubToken(): string | null;
/**
* Redact token for safe logging
*/
static redactToken(token: string): string;
/**
* Get token type from format
*/
static getTokenType(token: string): string;
/**
* Get safe token prefix for logging
*/
static getTokenPrefix(token: string): string;
/**
* Validate token scopes via GitHub API
*/
static validateTokenScopes(token: string, requiredScopes: TokenScopes): Promise<TokenValidationResult>;
/**
* Create safe error message without token exposure
*/
static createSafeErrorMessage(error: string, token?: string): string;
/**
* Get minimum required scopes for different operations
*
* NOTE: The 'marketplace' scope identifier is kept for backward compatibility
* with existing token validations. This is an internal scope name and does not
* affect user-facing functionality. (PR #280)
*/
static getRequiredScopes(operation: 'read' | 'write' | 'marketplace' | 'collection' | 'gist'): TokenScopes;
/**
* Check if token has sufficient permissions for operation
*
* NOTE: The 'marketplace' operation type is kept for backward compatibility.
* This is called internally when accessing collection features. (PR #280)
*/
static ensureTokenPermissions(operation: 'read' | 'write' | 'marketplace' | 'collection' | 'gist'): Promise<TokenValidationResult>;
/**
* Derive encryption key from a passphrase
*/
private static deriveKey;
/**
* Get machine-specific passphrase for encryption
* Uses a combination of machine ID and user info for uniqueness
*/
private static getMachinePassphrase;
/**
* Store GitHub token securely to file
*/
static storeGitHubToken(token: string): Promise<void>;
/**
* Retrieve GitHub token from secure storage
*/
static retrieveGitHubToken(): Promise<string | null>;
/**
* Remove stored GitHub token
*/
static removeStoredToken(): Promise<void>;
/**
* Get GitHub token from environment or secure storage
* Updated to check secure storage if environment variable not set
*/
static getGitHubTokenAsync(): Promise<string | null>;
}
//# sourceMappingURL=tokenManager.d.ts.map