bc-code-intelligence-mcp/dist/security/access-control.d.ts

BC Code Intelligence MCP Server - Complete Specialist Bundle with AI-driven expert consultation, seamless handoffs, and context-preserving workflows

/**
 * Security & Access Control System
 *
 * Enterprise-grade security features including authentication, authorization,
 * rate limiting, input validation, and audit logging for production deployments.
 */
import { EventEmitter } from 'events';
export interface SecurityConfig {
    enable_authentication: boolean;
    enable_rate_limiting: boolean;
    enable_audit_logging: boolean;
    api_key_required: boolean;
    allowed_origins?: string[];
    max_requests_per_minute: number;
    session_timeout_minutes: number;
    enable_content_security: boolean;
    trusted_sources: string[];
    audit_log_retention_days: number;
}
export interface UserContext {
    user_id?: string;
    api_key?: string;
    permissions: string[];
    rate_limit_remaining: number;
    session_expires: number;
    origin?: string;
    ip_address?: string;
}
export interface SecurityEvent {
    event_type: 'auth_success' | 'auth_failure' | 'rate_limit_exceeded' | 'access_denied' | 'suspicious_activity';
    timestamp: number;
    user_context?: Partial<UserContext>;
    details: Record<string, any>;
    severity: 'low' | 'medium' | 'high' | 'critical';
}
export interface RateLimitInfo {
    requests_made: number;
    requests_remaining: number;
    reset_time: number;
    is_limited: boolean;
}
export declare class SecurityManager extends EventEmitter {
    private readonly config;
    private apiKeys;
    private rateLimitBuckets;
    private activeSessions;
    private auditLog;
    private trustedSourceCache;
    constructor(config: SecurityConfig);
    /**
     * Authenticate request and validate permissions
     */
    authenticateRequest(apiKey?: string, requestOrigin?: string, ipAddress?: string, requiredPermissions?: string[]): Promise<{
        success: boolean;
        userContext?: UserContext;
        error?: string;
    }>;
    /**
     * Check rate limits for a user/IP
     */
    checkRateLimit(identifier: string): RateLimitInfo;
    /**
     * Validate content security for layer sources
     */
    validateContentSecurity(sourceUrl: string, sourceType: string, content?: string): Promise<{
        secure: boolean;
        warnings: string[];
        blockedContent?: string[];
    }>;
    /**
     * Add or update API key with permissions
     */
    addApiKey(apiKey: string, permissions: string[]): void;
    /**
     * Remove API key
     */
    removeApiKey(apiKey: string): boolean;
    /**
     * Get security audit log
     */
    getAuditLog(limit?: number): SecurityEvent[];
    /**
     * Get security statistics
     */
    getSecurityStats(): {
        active_api_keys: number;
        rate_limited_users: number;
        audit_events: number;
        suspicious_activities: number;
        successful_authentications: number;
        failed_authentications: number;
    };
    /**
     * Export security configuration (sanitized)
     */
    exportConfig(): Omit<SecurityConfig, 'api_key_required'> & {
        api_keys_configured: number;
    };
    /**
     * Shutdown security manager
     */
    shutdown(): void;
    private hashApiKey;
    private generateUserId;
    private getRemainingRequests;
    private isSourceTrusted;
    private auditSecurityEvent;
    private startPeriodicCleanup;
}
//# sourceMappingURL=access-control.d.ts.map