/** * Security Manager * Implements MCP Design Guide Section 5.2 principles for zero-trust architecture */ export interface SecurityContext { userId?: string; sessionId: string; permissions: string[]; roleLevel: 'read' | 'write' | 'admin' | 'system'; origin: string; timestamp: number; ipAddress?: string; } export interface ToolSecurityPolicy { toolName: string; requiredPermissions: string[]; minimumRoleLevel: SecurityContext['roleLevel']; requiresHumanApproval: boolean; maxUsagePerHour: number; allowedOrigins: string[]; logLevel: 'none' | 'basic' | 'detailed'; } export interface SecurityEvent { type: 'access_granted' | 'access_denied' | 'suspicious_activity' | 'policy_violation'; toolName: string; context: SecurityContext; timestamp: number; details: Record; riskLevel: 'low' | 'medium' | 'high' | 'critical'; } /** * Implements zero-trust security model for MCP tool access */ export declare class SecurityManager { private static instance; private securityPolicies; private securityEvents; private usageTracker; private pendingApprovals; private constructor(); static getInstance(): SecurityManager; /** * Initialize default security policies for critical tools */ private initializeDefaultPolicies; /** * Add or update a security policy for a tool */ addSecurityPolicy(policy: ToolSecurityPolicy): void; /** * Validate access to a tool based on security context and policies */ validateToolAccess(toolName: string, context: SecurityContext, parameters?: any): Promise<{ allowed: boolean; reason?: string; requiresApproval?: boolean; }>; /** * Request human approval for a tool operation */ requestHumanApproval(toolName: string, context: SecurityContext, parameters: any, justification: string): Promise; /** * Generate security metrics and alerts */ generateSecurityMetrics(): { totalEvents: number; accessDenied: number; suspiciousActivity: number; highRiskEvents: number; topTargetedTools: Array<{ tool: string; count: number; }>; alerts: string[]; }; private hasRequiredRoleLevel; private checkRateLimit; private updateUsageCounter; private detectSuspiciousActivity; private isReadOnlyTool; private sanitizeParameters; private logSecurityEvent; /** * Get comprehensive security status overview */ getSecurityStatus(): Promise; /** * Get security events with filtering */ getSecurityEvents(filters: { timeRange?: string; eventTypes?: string[]; severity?: string; }): SecurityEvent[]; /** * Configure security policy settings */ configureSecurityPolicy(config: { requireApprovalFor?: string[]; roles?: Record; riskThresholds?: Record; logLevel?: string; }): Promise; /** * Process approval request */ processApproval(params: { approvalId: string; decision: 'approve' | 'deny'; reason?: string; }): any; /** * Get pending approval requests (optional method for dashboard) */ getPendingApprovals?(options?: { status?: string; toolName?: string; }): Promise; } /** * Create security context from request information */ export declare function createSecurityContext(userId: string | undefined, sessionId: string, permissions: string[], roleLevel: SecurityContext['roleLevel'], origin?: string, ipAddress?: string): SecurityContext; /** * Decorator for automatic security validation */ export declare function requiresSecurity(requiredPermissions: string[], minimumRoleLevel?: SecurityContext['roleLevel']): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor; //# sourceMappingURL=security-manager.d.ts.map