vibe-coder-mcp
Version:
Production-ready MCP server with complete agent integration, multi-transport support, and comprehensive development automation tools for AI-assisted workflows.
229 lines • 8.1 kB
TypeScript
import { EventEmitter } from 'events';
import { EnhancedError } from '../utils/enhanced-errors.js';
import { Result } from './unified-lifecycle-manager.js';
export type SecurityId = string & {
readonly __brand: 'SecurityId';
};
export type SessionId = string & {
readonly __brand: 'SessionId';
};
export type LockId = string & {
readonly __brand: 'LockId';
};
export type AuditId = string & {
readonly __brand: 'AuditId';
};
export declare function createSecurityId(id: string): SecurityId;
export declare function createSessionId(id: string): SessionId;
export declare function createLockId(id: string): LockId;
export declare function createAuditId(id: string): AuditId;
export type UserRole = 'admin' | 'manager' | 'developer' | 'viewer' | 'guest';
export type Permission = 'task:create' | 'task:read' | 'task:update' | 'task:delete' | 'task:execute' | 'project:create' | 'project:read' | 'project:update' | 'project:delete' | 'agent:manage' | 'agent:assign' | 'agent:monitor' | 'system:admin' | 'system:config' | 'system:audit' | 'file:read' | 'file:write' | 'file:execute';
export type SecurityEventType = 'authentication' | 'authorization' | 'access_attempt' | 'data_access' | 'data_modification' | 'security_violation' | 'system_event' | 'suspicious_activity' | 'compliance_event' | 'error_event';
export type SecurityEventSeverity = 'info' | 'low' | 'medium' | 'high' | 'critical';
export type PathOperation = 'read' | 'write' | 'execute';
export type LockOperation = 'read' | 'write' | 'execute';
export interface UserContext {
userId: string;
sessionId: SessionId;
role: UserRole;
permissions: Permission[];
authenticatedAt: Date;
lastActivity: Date;
metadata: Record<string, unknown>;
}
export interface SecurityValidationResult {
isValid: boolean;
normalizedPath?: string;
sanitizedData?: unknown;
violations: SecurityViolation[];
warnings: string[];
performanceMetrics: {
totalTime: number;
pathValidationTime?: number;
sanitizationTime?: number;
authorizationTime?: number;
};
}
export interface SecurityViolation {
type: 'path_traversal' | 'outside_boundary' | 'invalid_input' | 'unauthorized_access' | 'concurrent_violation' | 'injection_attempt';
severity: SecurityEventSeverity;
field?: string;
originalValue?: unknown;
sanitizedValue?: unknown;
message: string;
timestamp: Date;
}
export interface PathValidationResult {
isValid: boolean;
normalizedPath?: string;
error?: string;
warnings?: string[];
violationType?: 'path_traversal' | 'outside_boundary' | 'invalid_path' | 'dangerous_characters' | 'invalid_extension';
auditInfo: {
originalPath: string;
timestamp: Date;
validationTime: number;
};
}
export interface SanitizationResult<T> {
success: boolean;
sanitizedData?: T;
originalData: T;
violations: SecurityViolation[];
sanitizationTime: number;
}
export interface LockInfo {
id: LockId;
resource: string;
owner: string;
sessionId?: SessionId;
operation: LockOperation;
acquiredAt: Date;
expiresAt: Date;
metadata?: Record<string, unknown>;
}
export interface LockAcquisitionResult {
success: boolean;
lockId?: LockId;
error?: string;
waitTime?: number;
existingLock?: LockInfo;
}
export interface SecurityAuditEvent {
id: AuditId;
type: SecurityEventType;
severity: SecurityEventSeverity;
timestamp: Date;
userId?: string;
sessionId?: SessionId;
resource?: string;
action: string;
result: 'success' | 'failure' | 'blocked';
details: Record<string, unknown>;
ipAddress?: string;
userAgent?: string;
metadata: Record<string, unknown>;
}
export interface UnifiedSecurityEngineConfig {
enabled: boolean;
strictMode: boolean;
performanceThresholdMs: number;
logViolations: boolean;
blockOnCriticalViolations: boolean;
authentication: {
enabled: boolean;
tokenExpiryMinutes: number;
maxSessionsPerUser: number;
requireStrongPasswords: boolean;
enableMFA: boolean;
};
authorization: {
enabled: boolean;
defaultRole: UserRole;
roleHierarchy: Record<UserRole, UserRole[]>;
permissionCache: boolean;
};
pathSecurity: {
enabled: boolean;
allowedReadPaths: string[];
allowedWritePaths: string[];
allowedExtensions: string[];
blockSystemPaths: boolean;
followSymlinks: boolean;
};
dataSanitization: {
enabled: boolean;
strictMode: boolean;
allowHtml: boolean;
allowScripts: boolean;
maxStringLength: number;
sanitizeFileNames: boolean;
};
concurrentAccess: {
enabled: boolean;
maxLockDuration: number;
deadlockDetection: boolean;
lockCleanupInterval: number;
maxLocksPerResource: number;
};
audit: {
enabled: boolean;
logLevel: SecurityEventSeverity;
retentionDays: number;
enableIntegrityChecks: boolean;
compressLogs: boolean;
};
filesystem: {
enabled: boolean;
systemDirectoryBlacklist: string[];
maxFileSize: number;
allowedMimeTypes: string[];
scanForMalware: boolean;
};
}
export interface SecurityStatistics {
totalEvents: number;
eventsByType: Record<SecurityEventType, number>;
eventsBySeverity: Record<SecurityEventSeverity, number>;
violationCount: number;
blockedAttempts: number;
activeUsers: number;
activeSessions: number;
activeLocks: number;
averageResponseTime: number;
securityScore: number;
}
export declare class UnifiedSecurityEngine extends EventEmitter {
private static instance;
private readonly config;
private initialized;
private readonly activeSessions;
private readonly activeLocks;
private readonly auditEvents;
private readonly permissionCache;
private eventCount;
private eventsByType;
private eventsBySeverity;
private violationCount;
private blockedAttempts;
private totalResponseTime;
private lockCleanupTimer;
private auditCleanupTimer;
private metricsTimer;
private constructor();
static getInstance(config?: UnifiedSecurityEngineConfig): UnifiedSecurityEngine;
static resetInstance(): void;
initialize(): Promise<Result<void, EnhancedError>>;
private loadSecurityConfiguration;
private initializeSecurityComponents;
private initializeAuditLogging;
private initializePathSecurity;
private initializeConcurrentAccess;
private startBackgroundProcesses;
authenticateUser(credentials: {
userId: string;
token: string;
metadata?: Record<string, unknown>;
}): Promise<Result<UserContext, EnhancedError>>;
authorizeAction(sessionId: SessionId, permission: Permission, resource?: string): Promise<Result<boolean, EnhancedError>>;
validatePath(inputPath: string, operation: PathOperation): Promise<Result<PathValidationResult, EnhancedError>>;
sanitizeData<T>(data: T): Promise<Result<SanitizationResult<T>, EnhancedError>>;
private sanitizeString;
private sanitizeObject;
acquireLock(resource: string, operation: LockOperation, sessionId?: SessionId, timeoutMs?: number): Promise<Result<LockAcquisitionResult, EnhancedError>>;
releaseLock(lockId: LockId): Promise<Result<void, EnhancedError>>;
logSecurityEvent(event: Omit<SecurityAuditEvent, 'id' | 'timestamp' | 'metadata'>): Promise<Result<AuditId, EnhancedError>>;
private validateCredentials;
private determineUserRole;
private getUserPermissions;
private cleanupStaleLocks;
private cleanupOldAuditEvents;
private trackPerformance;
private collectMetrics;
private calculateSecurityScore;
getStatistics(): SecurityStatistics;
dispose(): void;
}
export declare function createDefaultSecurityConfig(): UnifiedSecurityEngineConfig;
//# sourceMappingURL=unified-security-engine.d.ts.map