tractatus/scripts/verify-security-logging.js

#!/usr/bin/env node
/**
 * Security Logging Verification - Enforces inst_046
 * Checks that security event logging is properly configured
 */

const fs = require('fs');
const path = require('path');
const mongoose = require('mongoose');

async function verify() {
  console.log('\n🔒 Security Logging Verification (inst_046)\n');
  console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');

  let allPassed = true;

  // Check 1: Security audit log file or database
  console.log('1. Checking security audit trail...');
  try {
    await mongoose.connect('mongodb://localhost:27017/tractatus_dev', {
      serverSelectionTimeoutMS: 2000
    });

    const AuditLog = mongoose.model('AuditLog');
    const securityCount = await AuditLog.countDocuments({
      service: { $in: ['BoundaryEnforcer', 'AuthMiddleware', 'SecurityMonitor'] }
    });

    if (securityCount > 0) {
      console.log(`   ✅ ${securityCount} security events logged to database`);
    } else {
      console.log('   ⚠️  No security events in database (may be fresh install)');
    }

    mongoose.connection.close();
  } catch (dbErr) {
    console.log(`   ⚠️  Could not connect to audit database: ${dbErr.message}`);
  }

  // Check 2: Security middleware present
  console.log('\n2. Checking security middleware...');
  const middlewarePath = path.join(__dirname, '../src/middleware/auth.middleware.js');
  if (fs.existsSync(middlewarePath)) {
    const content = fs.readFileSync(middlewarePath, 'utf8');
    if (content.includes('security') || content.includes('audit')) {
      console.log('   ✅ Security middleware found');
    } else {
      console.log('   ⚠️  Security middleware may not include audit logging');
    }
  } else {
    console.log('   ❌ Security middleware not found');
    allPassed = false;
  }

  // Check 3: CSP violation detection
  console.log('\n3. Checking CSP compliance tools...');
  const cspCheckPath = path.join(__dirname, '../scripts/check-csp-violations.js');
  if (fs.existsSync(cspCheckPath)) {
    console.log('   ✅ CSP violation checker present');
  } else {
    console.log('   ❌ CSP violation checker missing');
    allPassed = false;
  }

  // Summary
  console.log('\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
  if (allPassed) {
    console.log('✅ Security logging verification PASSED\n');
    process.exit(0);
  } else {
    console.log('❌ Security logging verification FAILED\n');
    console.log('Action required: Ensure all security logging components are in place');
    console.log('See inst_046 for full requirements\n');
    process.exit(1);
  }
}

verify().catch(err => {
  console.error(`\n❌ Verification failed: ${err.message}\n`);
  process.exit(1);
});