firewalla-mcp-server

Version:

Model Context Protocol (MCP) server for Firewalla MSP API - Provides real-time network monitoring, security analysis, and firewall management through 28 specialized tools compatible with any MCP client

github.com/amittell/firewalla-mcp-server

amittell/firewalla-mcp-server

108 lines • 3.39 kB

TypeScript

/** * Security policy configuration for Firewalla MCP Server */ export interface SecurityPolicy { /** Enable RBAC enforcement */ enableRBAC: boolean; /** Enable audit logging */ enableAuditLogging: boolean; /** Enable input sanitization */ enableInputSanitization: boolean; /** Enable rate limiting */ enableRateLimit: boolean; /** Enable origin validation */ enableOriginValidation: boolean; /** Default box ID for convenience tools */ defaultBoxId?: string; /** Require explicit box ID (no defaults) */ requireExplicitBoxId: boolean; /** Maximum risk score for operations */ maxRiskScore: number; /** Enable security warnings for broad-scope operations */ enableScopeWarnings: boolean; /** Rate limit configuration */ rateLimits: { default: number; sensitive: number; admin: number; }; /** IP and domain validation settings */ validation: { /** Validate IP addresses */ validateIPs: boolean; /** Validate domain names */ validateDomains: boolean; /** Block private IP ranges in certain contexts */ blockPrivateIPs: boolean; /** Block localhost/loopback addresses */ blockLoopback: boolean; }; } export declare class SecurityManager { private static readonly ALLOWED_ORIGINS; private static readonly RATE_LIMITS; private requestCounts; private cleanupInterval; private securityPolicy; constructor(policy?: Partial<SecurityPolicy>); destroy(): void; validateInput(input: unknown): boolean; sanitizeString(input: string): string; checkRateLimit(clientId: string, operation?: string): boolean; private cleanupRateLimits; validateOrigin(origin?: string): boolean; hashSensitiveData(data: string): string; maskSensitiveData(data: string, showChars?: number): string; validateEnvironmentVars(): { valid: boolean; errors: string[]; warnings: string[]; }; createSecureHeaders(): Record<string, string>; logSecurityEvent(event: string, details: Record<string, unknown>): void; private sanitizeLogData; /** * Get current security policy */ getSecurityPolicy(): SecurityPolicy; /** * Update security policy */ updateSecurityPolicy(updates: Partial<SecurityPolicy>): void; /** * Validate IP address format and check against security policy */ validateIPAddress(ip: string): { valid: boolean; error?: string; warning?: string; }; /** * Validate domain name format and check against security policy */ validateDomainName(domain: string): { valid: boolean; error?: string; warning?: string; }; /** * Check if an operation is allowed based on security policy and risk score */ isOperationAllowed(riskScore: number): { allowed: boolean; reason?: string; }; /** * Generate security warning for broad-scope operations */ generateScopeWarning(scope: string, operation: string): string | null; /** * Get default box ID for convenience tools */ getDefaultBoxId(): string | undefined; /** * Check if explicit box ID is required */ requiresExplicitBoxId(): boolean; } //# sourceMappingURL=security.d.ts.map