Pantheon-Security/chrome-mcp-secure

Chrome MCP Secure v2.3.0

Phase 1: Logging & Audit Foundation (Compliance Roadmap)

First phase of our compliance initiative, adding enterprise-grade audit logging for SOC 2, GDPR, and PCI-DSS requirements.

New Compliance Module

| Component | Description |
|-----------|-------------|
| Audit Logger | Structured events with hash-chained integrity |
| CEF Formatter | SIEM integration (Splunk, ArcSight, QRadar) |
| JSON-LD Formatter | Linked Data for compliance tools |
| Log Shipper | Webhook, Syslog, S3/GCS destinations |
| Retention Manager | Rotation, compression, secure deletion |
| Log Verifier | Integrity verification with certificates |

Key Features

• Hash-Chained Audit Trail - Tamper-evident logging
• Compliance Tagging - SOC2, GDPR, PCI-DSS, ISO27001 markers
• SIEM Integration - CEF format for security tools
• Retention Policies - Configurable up to 365+ days
• Secure Deletion - Cryptographic deletion certificates
• Integrity Verification - CLI tool to verify log integrity

New Files (3,000+ lines)

src/compliance/
├── audit-logger.ts      # Core audit logging
├── formats/
│   ├── cef.ts           # Common Event Format
│   └── json-ld.ts       # Linked Data format
├── log-shipper.ts       # External destinations
├── retention-manager.ts # Lifecycle management
├── log-verifier.ts      # Integrity checking
└── index.ts             # Module exports

Environment Variables

# Audit
CHROME_MCP_AUDIT_FORMAT=jsonl|cef|json-ld
CHROME_MCP_AUDIT_HASH_CHAIN=true

# Shipping
CHROME_MCP_LOG_DESTINATION=webhook|syslog|s3
CHROME_MCP_WEBHOOK_URL=https://...
CHROME_MCP_SYSLOG_HOST=localhost

# Retention
CHROME_MCP_LOG_RETENTION_DAYS=365
CHROME_MCP_LOG_ROTATION=daily
CHROME_MCP_SECURE_DELETE=true

What's Next

See COMPLIANCE-ROADMAP.md for upcoming phases:

• Phase 2: GDPR & Privacy (data rights, deletion certificates)
• Phase 3: SOC 2 & Enterprise (key rotation, RBAC)
• Phase 4: Advanced (breach detection, multi-tenancy)

#soc2 #gdpr #compliance #audit-logging #siem