/** * Authentication and Authorization Manager for MCP * * Handles authentication, authorization, and access control for LLM interactions */ import { EventEmitter } from 'events'; import { AuthenticationConfig, AuthorizationConfig, AuthenticationMethod, Permission, AccessRule, PolicyCondition } from '../types'; import { AgentIdentityManager } from '../../agent/agent-identity'; /** * Authentication token */ export interface AuthToken { id: string; agentDID: string; sessionId: string; method: AuthenticationMethod; issuedAt: Date; expiresAt: Date; refreshToken?: string; refreshExpiresAt?: Date; metadata?: { ip?: string; userAgent?: string; deviceId?: string; }; } /** * Authentication result */ export interface AuthenticationResult { authenticated: boolean; token?: AuthToken; error?: string; requiresMFA?: boolean; } /** * Authorization result */ export interface AuthorizationResult { authorized: boolean; permissions?: Permission[]; deniedReasons?: string[]; conditions?: PolicyCondition[]; } /** * Session data */ interface Session { id: string; agentDID: string; token: AuthToken; permissions: Permission[]; lastActivity: Date; requestCount: number; } /** * Authentication and Authorization Manager */ export declare class AuthManager extends EventEmitter { private authConfig; private authzConfig; private agentManager?; private sessions; private tokens; private jwtSecret; private sessionTimeouts; private failedAttempts; private blacklist; constructor(authConfig: AuthenticationConfig, authzConfig: AuthorizationConfig, agentManager?: AgentIdentityManager | undefined); /** * Authenticate agent */ authenticate(agentDID: string, credentials: any, method?: AuthenticationMethod): Promise; /** * Authorize request */ authorize(agentDID: string, resource: string, action: string, context?: any): Promise; /** * Validate token */ validateToken(tokenId: string): Promise; /** * Refresh token */ refreshToken(refreshToken: string): Promise; /** * Create session for authenticated agent */ createSession(token: AuthToken): Promise; /** * Get session */ getSession(sessionId: string): Session | null; /** * Authenticate API key */ private authenticateAPIKey; /** * Authenticate JWT */ private authenticateJWT; /** * Authenticate OAuth2 */ private authenticateOAuth2; /** * Authenticate certificate */ private authenticateCertificate; /** * Authenticate delegation credential */ private authenticateDelegation; /** * Check if MFA is required */ private checkMFARequired; /** * Validate MFA code */ private validateMFA; /** * Create authentication token */ private createAuthToken; /** * Get agent permissions */ private getAgentPermissions; /** * Check RBAC permission */ private checkRBACPermission; /** * Check ABAC permission */ private checkABACPermission; /** * Check ACL rules */ private checkACLRules; /** * Match resource pattern */ private matchResource; /** * Evaluate policy conditions */ private evaluateConditions; /** * Setup session timeout */ private setupSessionTimeout; /** * Invalidate session */ private invalidateSession; /** * Start session cleanup timer */ private startSessionCleanup; /** * Add permission for agent */ addAgentPermission(agentDID: string, permission: Permission): void; /** * Remove permission for agent */ removeAgentPermission(agentDID: string, resource: string, action: string): void; /** * Add ACL rule */ addACLRule(rule: AccessRule): void; /** * Remove ACL rule */ removeACLRule(subject: string, resource: string, action: string): void; /** * Get authentication statistics */ getStatistics(): { activeSessions: number; activeTokens: number; failedAttempts: number; blacklistedAgents: number; }; /** * Shutdown auth manager */ shutdown(): void; } export default AuthManager; //# sourceMappingURL=auth-manager.d.ts.map