@neurosec/sentry 1.0.17 → 1.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/dist/action-logger.d.ts +40 -0
  2. package/dist/action-logger.d.ts.map +1 -0
  3. package/dist/action-logger.js +252 -0
  4. package/dist/action-logger.js.map +1 -0
  5. package/dist/agent-registry.d.ts +24 -0
  6. package/dist/agent-registry.d.ts.map +1 -0
  7. package/dist/agent-registry.js +176 -0
  8. package/dist/agent-registry.js.map +1 -0
  9. package/dist/anomaly-detector.d.ts +26 -0
  10. package/dist/anomaly-detector.d.ts.map +1 -0
  11. package/dist/anomaly-detector.js +299 -0
  12. package/dist/anomaly-detector.js.map +1 -0
  13. package/dist/api.d.ts +7 -1
  14. package/dist/api.d.ts.map +1 -1
  15. package/dist/api.js +129 -1
  16. package/dist/api.js.map +1 -1
  17. package/dist/discovery.d.ts.map +1 -1
  18. package/dist/discovery.js +97 -23
  19. package/dist/discovery.js.map +1 -1
  20. package/dist/discovery.test.js +109 -18
  21. package/dist/discovery.test.js.map +1 -1
  22. package/dist/index.js +89 -2
  23. package/dist/index.js.map +1 -1
  24. package/dist/types.d.ts +113 -0
  25. package/dist/types.d.ts.map +1 -1
  26. package/dist/types.js.map +1 -1
  27. package/package.json +1 -1
package/dist/action-logger.d.ts ADDED
@@ -0,0 +1,40 @@
1
+ import { AgentAction, AgentActionType, EnforcementDecision, FileAccessEvent, NetworkEvent, TaggedProcess } from './types';
2
+ import { AuditLogger } from './audit';
3
+ export declare class ActionLogger {
4
+ private config;
5
+ private auditLogger;
6
+ private pending;
7
+ private flushTimer;
8
+ private processedCount;
9
+ constructor(auditLogger: AuditLogger, hostId: string);
10
+ start(): void;
11
+ stop(): void;
12
+ logAction(params: {
13
+ pid: number;
14
+ frameworkId: string;
15
+ type: AgentActionType;
16
+ intent: string;
17
+ context: string;
18
+ reasoningTrace?: string[];
19
+ input: string;
20
+ output: string;
21
+ durationMs: number;
22
+ success: boolean;
23
+ errorMessage?: string | null;
24
+ dataClassifications?: string[];
25
+ decision: AgentAction['decision'];
26
+ decisionReason: string;
27
+ }): void;
28
+ logFromDecision(pid: number, frameworkId: string, decision: EnforcementDecision): void;
29
+ logFileAccess(pid: number, frameworkId: string, event: FileAccessEvent, process: TaggedProcess): void;
30
+ logNetworkAccess(pid: number, frameworkId: string, event: NetworkEvent): void;
31
+ getRecentActions(limit?: number): AgentAction[];
32
+ getProcessedCount(): number;
33
+ private flush;
34
+ private detectSensitiveData;
35
+ private computeRiskScore;
36
+ private getRiskFactors;
37
+ private decisionTypeToActionType;
38
+ private classifyPath;
39
+ }
40
+ //# sourceMappingURL=action-logger.d.ts.map
package/dist/action-logger.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"action-logger.d.ts","sourceRoot":"","sources":["../src/action-logger.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,mBAAmB,EAAE,eAAe,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC1H,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAWtC,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,UAAU,CAA+C;IACjE,OAAO,CAAC,cAAc,CAAK;gBAEf,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM;IAgBpD,KAAK,IAAI,IAAI;IAQb,IAAI,IAAI,IAAI;IAUZ,SAAS,CAAC,MAAM,EAAE;QAChB,GAAG,EAAE,MAAM,CAAC;QACZ,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,eAAe,CAAC;QACtB,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC/B,QAAQ,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC;QAClC,cAAc,EAAE,MAAM,CAAC;KACxB,GAAG,IAAI;IAiER,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,mBAAmB,GAAG,IAAI;IAiBtF,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,aAAa,GAAG,IAAI;IAkBrG,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,GAAG,IAAI;IAmB7E,gBAAgB,CAAC,KAAK,SAAM,GAAG,WAAW,EAAE;IAI5C,iBAAiB,IAAI,MAAM;IAM3B,OAAO,CAAC,KAAK;IA4Bb,OAAO,CAAC,mBAAmB;IAK3B,OAAO,CAAC,gBAAgB;IA4BxB,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,wBAAwB;IAWhC,OAAO,CAAC,YAAY;CAoBrB"}
package/dist/action-logger.js ADDED
@@ -0,0 +1,252 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.ActionLogger = void 0;
4
+ const crypto_1 = require("crypto");
5
+ const logger_1 = require("./logger");
6
+ class ActionLogger {
7
+ constructor(auditLogger, hostId) {
8
+ this.pending = [];
9
+ this.flushTimer = null;
10
+ this.processedCount = 0;
11
+ this.auditLogger = auditLogger;
12
+ this.config = {
13
+ hostId,
14
+ batchSize: 50,
15
+ flushIntervalMs: 10000,
16
+ sensitivePatterns: [
17
+ /api[-_]?key/i, /secret/i, /password/i, /token/i, /credential/i,
18
+ /auth[-_]?header/i, /bearer/i, /sk-[a-zA-Z0-9]{20,}/i,
19
+ /-----BEGIN (RSA |EC )?PRIVATE KEY-----/,
20
+ /social_security/i, /ssn/i, /passport/i, /credit_card/i, /cvv/i,
21
+ ],
22
+ maxActionInputLength: 10000,
23
+ };
24
+ }
25
+ start() {
26
+ this.flushTimer = setInterval(() => this.flush(), this.config.flushIntervalMs);
27
+ logger_1.logger.info('Action logger started', {
28
+ batchSize: this.config.batchSize,
29
+ intervalMs: this.config.flushIntervalMs,
30
+ });
31
+ }
32
+ stop() {
33
+ if (this.flushTimer) {
34
+ clearInterval(this.flushTimer);
35
+ this.flushTimer = null;
36
+ }
37
+ this.flush();
38
+ }
39
+ // ── AEGIS: Log agent actions with intent & reasoning context ─────────────
40
+ logAction(params) {
41
+ const sensitiveData = this.detectSensitiveData(params.input, params.output);
42
+ const riskScore = this.computeRiskScore(params.type, sensitiveData, params.intent, params.context);
43
+ const action = {
44
+ id: (0, crypto_1.randomUUID)(),
45
+ pid: params.pid,
46
+ frameworkId: params.frameworkId,
47
+ hostId: this.config.hostId,
48
+ type: params.type,
49
+ timestamp: Date.now(),
50
+ intent: params.intent,
51
+ context: params.context,
52
+ reasoningTrace: params.reasoningTrace ?? [],
53
+ input: params.input.slice(0, this.config.maxActionInputLength),
54
+ output: params.output.slice(0, this.config.maxActionInputLength),
55
+ durationMs: params.durationMs,
56
+ success: params.success,
57
+ errorMessage: params.errorMessage ?? null,
58
+ dataClassifications: params.dataClassifications ?? [],
59
+ sensitiveDataDetected: sensitiveData,
60
+ riskScore,
61
+ riskFactors: this.getRiskFactors(riskScore),
62
+ decision: params.decision,
63
+ decisionReason: params.decisionReason,
64
+ };
65
+ this.pending.push(action);
66
+ this.processedCount++;
67
+ if (this.pending.length >= this.config.batchSize) {
68
+ this.flush();
69
+ }
70
+ // Log high-risk actions immediately to audit log
71
+ if (riskScore >= 7) {
72
+ const auditAction = riskScore >= 8 ? 'deny' : 'allow';
73
+ this.auditLogger.log({
74
+ id: action.id,
75
+ timestamp: action.timestamp,
76
+ type: 'process',
77
+ action: auditAction,
78
+ frameworkId: action.frameworkId,
79
+ frameworkName: null,
80
+ pid: action.pid,
81
+ reason: `High-risk action: ${action.type} (score: ${riskScore})`,
82
+ detail: {
83
+ actionType: action.type,
84
+ intent: action.intent,
85
+ riskScore,
86
+ riskFactors: action.riskFactors,
87
+ sensitiveData: action.sensitiveDataDetected,
88
+ },
89
+ hostname: this.config.hostId,
90
+ });
91
+ }
92
+ }
93
+ // ── AEGIS: Log from enforcement decisions ────────────────────────────────
94
+ logFromDecision(pid, frameworkId, decision) {
95
+ this.logAction({
96
+ pid,
97
+ frameworkId,
98
+ type: this.decisionTypeToActionType(decision.type),
99
+ intent: decision.reason,
100
+ context: JSON.stringify(decision.detail),
101
+ input: '',
102
+ output: '',
103
+ durationMs: 0,
104
+ success: decision.action === 'allow',
105
+ errorMessage: decision.action !== 'allow' ? decision.reason : null,
106
+ decision: decision.action,
107
+ decisionReason: decision.reason,
108
+ });
109
+ }
110
+ logFileAccess(pid, frameworkId, event, process) {
111
+ this.logAction({
112
+ pid,
113
+ frameworkId,
114
+ type: event.operation === 'read' ? 'file_read' : 'file_write',
115
+ intent: `File ${event.operation} on ${event.targetPath}`,
116
+ context: `Process: ${process.command.slice(0, 200)}`,
117
+ input: event.targetPath,
118
+ output: '',
119
+ durationMs: 0,
120
+ success: event.decision === 'allow',
121
+ errorMessage: event.decision !== 'allow' ? 'Access denied by policy' : null,
122
+ dataClassifications: this.classifyPath(event.targetPath),
123
+ decision: event.decision,
124
+ decisionReason: event.decision === 'allow' ? 'Policy allowed' : 'Policy denied',
125
+ });
126
+ }
127
+ logNetworkAccess(pid, frameworkId, event) {
128
+ this.logAction({
129
+ pid,
130
+ frameworkId,
131
+ type: 'network_egress',
132
+ intent: `Network ${event.direction} to ${event.hostname ?? event.destIp}:${event.destPort}`,
133
+ context: `Destination: ${event.destIp}:${event.destPort}`,
134
+ input: `${event.hostname ?? event.destIp}:${event.destPort}`,
135
+ output: '',
136
+ durationMs: 0,
137
+ success: event.decision === 'allow',
138
+ errorMessage: event.decision !== 'allow' ? 'Connection denied by policy' : null,
139
+ decision: event.decision,
140
+ decisionReason: event.decision === 'allow' ? 'Policy allowed' : 'Policy denied',
141
+ });
142
+ }
143
+ // ── Query / stats ────────────────────────────────────────────────────────
144
+ getRecentActions(limit = 100) {
145
+ return this.pending.slice(-limit);
146
+ }
147
+ getProcessedCount() {
148
+ return this.processedCount;
149
+ }
150
+ // ── Internal ─────────────────────────────────────────────────────────────
151
+ flush() {
152
+ if (this.pending.length === 0)
153
+ return;
154
+ const batch = this.pending.splice(0, this.config.batchSize);
155
+ // Write to audit log as summary
156
+ const highRisk = batch.filter(a => a.riskScore >= 6);
157
+ for (const action of highRisk) {
158
+ this.auditLogger.log({
159
+ id: action.id,
160
+ timestamp: action.timestamp,
161
+ type: 'process',
162
+ action: action.decision === 'monitor' ? 'allow' : action.decision,
163
+ frameworkId: action.frameworkId,
164
+ frameworkName: null,
165
+ pid: action.pid,
166
+ reason: `AEGIS action: ${action.type} — ${action.intent}`,
167
+ detail: {
168
+ actionType: action.type,
169
+ riskScore: action.riskScore,
170
+ riskFactors: action.riskFactors,
171
+ sensitiveData: action.sensitiveDataDetected,
172
+ dataClassifications: action.dataClassifications,
173
+ durationMs: action.durationMs,
174
+ },
175
+ hostname: this.config.hostId,
176
+ });
177
+ }
178
+ }
179
+ detectSensitiveData(input, output) {
180
+ const combined = `${input} ${output}`;
181
+ return this.config.sensitivePatterns.some(p => p.test(combined));
182
+ }
183
+ computeRiskScore(type, sensitiveData, intent, context) {
184
+ let score = 0;
185
+ // High-risk action types
186
+ if (['file_delete', 'syscall', 'child_spawn'].includes(type))
187
+ score += 4;
188
+ if (['file_write', 'network_egress', 'skill_invoke', 'api_call'].includes(type))
189
+ score += 2;
190
+ if (['tool_call', 'network_ingress'].includes(type))
191
+ score += 1;
192
+ // Sensitive data increases risk
193
+ if (sensitiveData)
194
+ score += 3;
195
+ // Intent analysis
196
+ const highRiskIntent = /delete|remove|destroy|wipe|overwrite|chmod|chown|sudo|exec/i;
197
+ const moderateRiskIntent = /write|modify|update|deploy|push|publish|expose/i;
198
+ if (highRiskIntent.test(intent))
199
+ score += 3;
200
+ else if (moderateRiskIntent.test(intent))
201
+ score += 1;
202
+ // Context analysis
203
+ if (/production|prod|live/i.test(context))
204
+ score += 1;
205
+ return Math.min(score, 10);
206
+ }
207
+ getRiskFactors(score) {
208
+ const factors = [];
209
+ if (score >= 8)
210
+ factors.push('critical_risk');
211
+ if (score >= 6)
212
+ factors.push('high_risk');
213
+ if (score >= 4)
214
+ factors.push('elevated_risk');
215
+ if (score < 4)
216
+ factors.push('normal');
217
+ return factors;
218
+ }
219
+ decisionTypeToActionType(decisionType) {
220
+ switch (decisionType) {
221
+ case 'file_access': return 'file_read';
222
+ case 'network': return 'network_egress';
223
+ case 'syscall': return 'syscall';
224
+ case 'skill': return 'skill_invoke';
225
+ case 'process': return 'child_spawn';
226
+ default: return 'api_call';
227
+ }
228
+ }
229
+ classifyPath(filePath) {
230
+ const classifications = [];
231
+ if (/\.ssh\/|\.aws\/|\.kube\/|\.gcloud\//i.test(filePath)) {
232
+ classifications.push('infrastructure_credentials');
233
+ }
234
+ if (/\.git\/|\.svn\//i.test(filePath))
235
+ classifications.push('source_code');
236
+ if (/etc\/passwd|etc\/shadow|etc\/sudoers/i.test(filePath)) {
237
+ classifications.push('system_config');
238
+ }
239
+ if (/token|secret|key|credential/i.test(filePath)) {
240
+ classifications.push('secrets');
241
+ }
242
+ if (/\.pem$|\.key$|\.crt$|cert/i.test(filePath)) {
243
+ classifications.push('certificates');
244
+ }
245
+ if (/database|db\/|\.sql$|\.db$/i.test(filePath)) {
246
+ classifications.push('database');
247
+ }
248
+ return classifications;
249
+ }
250
+ }
251
+ exports.ActionLogger = ActionLogger;
252
+ //# sourceMappingURL=action-logger.js.map
package/dist/action-logger.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"action-logger.js","sourceRoot":"","sources":["../src/action-logger.ts"],"names":[],"mappings":";;;AAAA,mCAAoC;AAGpC,qCAAkC;AAUlC,MAAa,YAAY;IAOvB,YAAY,WAAwB,EAAE,MAAc;QAJ5C,YAAO,GAAkB,EAAE,CAAC;QAC5B,eAAU,GAA0C,IAAI,CAAC;QACzD,mBAAc,GAAG,CAAC,CAAC;QAGzB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM;YACN,SAAS,EAAE,EAAE;YACb,eAAe,EAAE,KAAK;YACtB,iBAAiB,EAAE;gBACjB,cAAc,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa;gBAC/D,kBAAkB,EAAE,SAAS,EAAE,sBAAsB;gBACrD,wCAAwC;gBACxC,kBAAkB,EAAE,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM;aAChE;YACD,oBAAoB,EAAE,KAAK;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK;QACH,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAC/E,eAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE;YACnC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAChC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI;QACF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACzB,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IAED,4EAA4E;IAE5E,SAAS,CAAC,MAeT;QACC,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5E,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CACrC,MAAM,CAAC,IAAI,EACX,aAAa,EACb,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,OAAO,CACf,CAAC;QAEF,MAAM,MAAM,GAAgB;YAC1B,EAAE,EAAE,IAAA,mBAAU,GAAE;YAChB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC1B,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,EAAE;YAC3C,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC;YAC9D,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC;YAChE,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,IAAI;YACzC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB,IAAI,EAAE;YACrD,qBAAqB,EAAE,aAAa;YACpC,SAAS;YACT,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC;YAC3C,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,cAAc,EAAE,CAAC;QAEtB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACjD,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,CAAC;QAED,iDAAiD;QACjD,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;YACnB,MAAM,WAAW,GAAoC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;YACvF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC;gBACnB,EAAE,EAAE,MAAM,CAAC,EAAE;gBACb,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,WAAW;gBACnB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,aAAa,EAAE,IAAI;gBACnB,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,MAAM,EAAE,qBAAqB,MAAM,CAAC,IAAI,YAAY,SAAS,GAAG;gBAChE,MAAM,EAAE;oBACN,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,SAAS;oBACT,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,aAAa,EAAE,MAAM,CAAC,qBAAqB;iBAC5C;gBACD,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;aAC7B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,4EAA4E;IAE5E,eAAe,CAAC,GAAW,EAAE,WAAmB,EAAE,QAA6B;QAC7E,IAAI,CAAC,SAAS,CAAC;YACb,GAAG;YACH,WAAW;YACX,IAAI,EAAE,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,IAAI,CAAC;YAClD,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;YACxC,KAAK,EAAE,EAAE;YACT,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,QAAQ,CAAC,MAAM,KAAK,OAAO;YACpC,YAAY,EAAE,QAAQ,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;YAClE,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,cAAc,EAAE,QAAQ,CAAC,MAAM;SAChC,CAAC,CAAC;IACL,CAAC;IAED,aAAa,CAAC,GAAW,EAAE,WAAmB,EAAE,KAAsB,EAAE,OAAsB;QAC5F,IAAI,CAAC,SAAS,CAAC;YACb,GAAG;YACH,WAAW;YACX,IAAI,EAAE,KAAK,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,YAAY;YAC7D,MAAM,EAAE,QAAQ,KAAK,CAAC,SAAS,OAAO,KAAK,CAAC,UAAU,EAAE;YACxD,OAAO,EAAE,YAAY,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACpD,KAAK,EAAE,KAAK,CAAC,UAAU;YACvB,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,CAAC,QAAQ,KAAK,OAAO;YACnC,YAAY,EAAE,KAAK,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,IAAI;YAC3E,mBAAmB,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,UAAU,CAAC;YACxD,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,cAAc,EAAE,KAAK,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,eAAe;SAChF,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,GAAW,EAAE,WAAmB,EAAE,KAAmB;QACpE,IAAI,CAAC,SAAS,CAAC;YACb,GAAG;YACH,WAAW;YACX,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,WAAW,KAAK,CAAC,SAAS,OAAO,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE;YAC3F,OAAO,EAAE,gBAAgB,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE;YACzD,KAAK,EAAE,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE;YAC5D,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,CAAC,QAAQ,KAAK,OAAO;YACnC,YAAY,EAAE,KAAK,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC,CAAC,IAAI;YAC/E,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,cAAc,EAAE,KAAK,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,eAAe;SAChF,CAAC,CAAC;IACL,CAAC;IAED,4EAA4E;IAE5E,gBAAgB,CAAC,KAAK,GAAG,GAAG;QAC1B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IAED,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED,4EAA4E;IAEpE,KAAK;QACX,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5D,gCAAgC;QAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC;QACrD,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC;gBACnB,EAAE,EAAE,MAAM,CAAC,EAAE;gBACb,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAA2C;gBACpG,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,aAAa,EAAE,IAAI;gBACnB,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,MAAM,EAAE,iBAAiB,MAAM,CAAC,IAAI,MAAM,MAAM,CAAC,MAAM,EAAE;gBACzD,MAAM,EAAE;oBACN,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,aAAa,EAAE,MAAM,CAAC,qBAAqB;oBAC3C,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;oBAC/C,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B;gBACD,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;aAC7B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,KAAa,EAAE,MAAc;QACvD,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,MAAM,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnE,CAAC;IAEO,gBAAgB,CACtB,IAAqB,EACrB,aAAsB,EACtB,MAAc,EACd,OAAe;QAEf,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,yBAAyB;QACzB,IAAI,CAAC,aAAa,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,KAAK,IAAI,CAAC,CAAC;QACzE,IAAI,CAAC,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,KAAK,IAAI,CAAC,CAAC;QAC5F,IAAI,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,KAAK,IAAI,CAAC,CAAC;QAEhE,gCAAgC;QAChC,IAAI,aAAa;YAAE,KAAK,IAAI,CAAC,CAAC;QAE9B,kBAAkB;QAClB,MAAM,cAAc,GAAG,6DAA6D,CAAC;QACrF,MAAM,kBAAkB,GAAG,iDAAiD,CAAC;QAC7E,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,KAAK,IAAI,CAAC,CAAC;aACvC,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,KAAK,IAAI,CAAC,CAAC;QAErD,mBAAmB;QACnB,IAAI,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,KAAK,IAAI,CAAC,CAAC;QAEtD,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7B,CAAC;IAEO,cAAc,CAAC,KAAa;QAClC,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,KAAK,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC9C,IAAI,KAAK,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1C,IAAI,KAAK,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC9C,IAAI,KAAK,GAAG,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtC,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,wBAAwB,CAAC,YAAoB;QACnD,QAAQ,YAAY,EAAE,CAAC;YACrB,KAAK,aAAa,CAAC,CAAC,OAAO,WAAW,CAAC;YACvC,KAAK,SAAS,CAAC,CAAC,OAAO,gBAAgB,CAAC;YACxC,KAAK,SAAS,CAAC,CAAC,OAAO,SAAS,CAAC;YACjC,KAAK,OAAO,CAAC,CAAC,OAAO,cAAc,CAAC;YACpC,KAAK,SAAS,CAAC,CAAC,OAAO,aAAa,CAAC;YACrC,OAAO,CAAC,CAAC,OAAO,UAAU,CAAC;QAC7B,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,QAAgB;QACnC,MAAM,eAAe,GAAa,EAAE,CAAC;QACrC,IAAI,sCAAsC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1D,eAAe,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC3E,IAAI,uCAAuC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACxC,CAAC;QACD,IAAI,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClD,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,4BAA4B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChD,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,6BAA6B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;CACF;AA9RD,oCA8RC"}
package/dist/agent-registry.d.ts ADDED
@@ -0,0 +1,24 @@
1
+ import { AgentIdentity, AgentDocumentation, TaggedProcess, DecisionConstraint } from './types';
2
+ export declare class AgentRegistry {
3
+ private state;
4
+ private stateDir;
5
+ private dirty;
6
+ constructor(stateDir: string);
7
+ init(): Promise<void>;
8
+ registerOrUpdate(process: TaggedProcess, hostId: string): AgentIdentity;
9
+ decommission(frameworkId: string, pid: number): void;
10
+ quarantine(frameworkId: string, pid: number, reason: string): void;
11
+ updateDocumentation(frameworkId: string, pid: number, docs: Partial<AgentDocumentation>): void;
12
+ updateIdentity(frameworkId: string, pid: number, updates: Partial<AgentIdentity>): void;
13
+ setConstraint(constraint: DecisionConstraint): void;
14
+ getConstraint(frameworkId: string): DecisionConstraint | undefined;
15
+ getMaxDecisionLevel(frameworkId: string): DecisionConstraint['maxDecisionLevel'];
16
+ getActiveIdentities(): AgentIdentity[];
17
+ getIdentity(frameworkId: string, pid: number): AgentIdentity | undefined;
18
+ getIdentityById(id: string): AgentIdentity | undefined;
19
+ getAllIdentities(): AgentIdentity[];
20
+ getAgentOnAPage(frameworkId: string, pid: number): AgentIdentity | null;
21
+ private loadState;
22
+ flush(): Promise<void>;
23
+ }
24
+ //# sourceMappingURL=agent-registry.d.ts.map
package/dist/agent-registry.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"agent-registry.d.ts","sourceRoot":"","sources":["../src/agent-registry.ts"],"names":[],"mappings":"AACA,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,aAAa,EACb,kBAAkB,EACnB,MAAM,SAAS,CAAC;AAUjB,qBAAa,aAAa;IACxB,OAAO,CAAC,KAAK,CAGX;IACF,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,KAAK,CAAS;gBAEV,QAAQ,EAAE,MAAM;IAItB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ3B,gBAAgB,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,GAAG,aAAa;IAkDvE,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI;IAWpD,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAYlE,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,kBAAkB,CAAC,GAAG,IAAI;IAS9F,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,IAAI;IAWvF,aAAa,CAAC,UAAU,EAAE,kBAAkB,GAAG,IAAI;IAKnD,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,kBAAkB,GAAG,SAAS;IAIlE,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,kBAAkB,CAAC,kBAAkB,CAAC;IAMhF,mBAAmB,IAAI,aAAa,EAAE;IAKtC,WAAW,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAIxE,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAItD,gBAAgB,IAAI,aAAa,EAAE;IAKnC,eAAe,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;YAMzD,SAAS;IAmBjB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAe7B"}
package/dist/agent-registry.js ADDED
@@ -0,0 +1,176 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.AgentRegistry = void 0;
7
+ const crypto_1 = require("crypto");
8
+ const logger_1 = require("./logger");
9
+ const promises_1 = __importDefault(require("fs/promises"));
10
+ const path_1 = __importDefault(require("path"));
11
+ class AgentRegistry {
12
+ constructor(stateDir) {
13
+ this.state = {
14
+ identities: new Map(),
15
+ constraints: new Map(),
16
+ };
17
+ this.dirty = false;
18
+ this.stateDir = path_1.default.join(stateDir, 'agent-registry');
19
+ }
20
+ async init() {
21
+ await promises_1.default.mkdir(this.stateDir, { recursive: true }).catch(() => { });
22
+ await this.loadState();
23
+ logger_1.logger.info('Agent registry initialized', { count: this.state.identities.size });
24
+ }
25
+ // ── Lifecycle: register / update / decommission ──────────────────────────
26
+ registerOrUpdate(process, hostId) {
27
+ const key = `${process.frameworkId}:${process.pid}`;
28
+ const existing = this.state.identities.get(key);
29
+ if (existing) {
30
+ existing.lastSeenAt = Date.now();
31
+ existing.pid = process.pid;
32
+ this.dirty = true;
33
+ return existing;
34
+ }
35
+ const identity = {
36
+ id: (0, crypto_1.randomUUID)(),
37
+ frameworkId: process.frameworkId,
38
+ frameworkName: process.frameworkName,
39
+ pid: process.pid,
40
+ ppid: process.ppid,
41
+ hostId,
42
+ command: process.command,
43
+ owner: '',
44
+ ownerEmail: '',
45
+ purpose: '',
46
+ riskLevel: 'medium',
47
+ status: 'active',
48
+ firstDiscoveredAt: Date.now(),
49
+ lastSeenAt: Date.now(),
50
+ decommissionedAt: null,
51
+ allowedTools: [],
52
+ allowedDataClassifications: [],
53
+ allowedDomains: [],
54
+ maxDecisionScope: 'act_autonomously',
55
+ documentation: {
56
+ description: '',
57
+ businessOwner: '',
58
+ technicalContact: '',
59
+ approvedUseCases: [],
60
+ prohibitedUseCases: [],
61
+ dataAccessRationale: '',
62
+ escalationContact: '',
63
+ reviewDate: '',
64
+ complianceFrameworks: [],
65
+ },
66
+ };
67
+ this.state.identities.set(key, identity);
68
+ this.dirty = true;
69
+ logger_1.logger.info('Agent registered', { framework: process.frameworkId, pid: process.pid });
70
+ return identity;
71
+ }
72
+ decommission(frameworkId, pid) {
73
+ const key = `${frameworkId}:${pid}`;
74
+ const identity = this.state.identities.get(key);
75
+ if (identity) {
76
+ identity.status = 'decommissioned';
77
+ identity.decommissionedAt = Date.now();
78
+ this.dirty = true;
79
+ logger_1.logger.info('Agent decommissioned', { framework: frameworkId, pid });
80
+ }
81
+ }
82
+ quarantine(frameworkId, pid, reason) {
83
+ const key = `${frameworkId}:${pid}`;
84
+ const identity = this.state.identities.get(key);
85
+ if (identity) {
86
+ identity.status = 'quarantined';
87
+ this.dirty = true;
88
+ logger_1.logger.warn('Agent quarantined', { framework: frameworkId, pid, reason });
89
+ }
90
+ }
91
+ // ── Documentation: Agent-on-a-Page ───────────────────────────────────────
92
+ updateDocumentation(frameworkId, pid, docs) {
93
+ const key = `${frameworkId}:${pid}`;
94
+ const identity = this.state.identities.get(key);
95
+ if (identity) {
96
+ Object.assign(identity.documentation, docs);
97
+ this.dirty = true;
98
+ }
99
+ }
100
+ updateIdentity(frameworkId, pid, updates) {
101
+ const key = `${frameworkId}:${pid}`;
102
+ const identity = this.state.identities.get(key);
103
+ if (identity) {
104
+ Object.assign(identity, updates);
105
+ this.dirty = true;
106
+ }
107
+ }
108
+ // ── Constraints: AEGIS least-agency (Zero Trust Domain) ──────────────────
109
+ setConstraint(constraint) {
110
+ this.state.constraints.set(constraint.frameworkId, constraint);
111
+ this.dirty = true;
112
+ }
113
+ getConstraint(frameworkId) {
114
+ return this.state.constraints.get(frameworkId);
115
+ }
116
+ getMaxDecisionLevel(frameworkId) {
117
+ return this.state.constraints.get(frameworkId)?.maxDecisionLevel ?? 'act_autonomously';
118
+ }
119
+ // ── Queries ──────────────────────────────────────────────────────────────
120
+ getActiveIdentities() {
121
+ return [...this.state.identities.values()]
122
+ .filter(i => i.status === 'active' || i.status === 'idle');
123
+ }
124
+ getIdentity(frameworkId, pid) {
125
+ return this.state.identities.get(`${frameworkId}:${pid}`);
126
+ }
127
+ getIdentityById(id) {
128
+ return [...this.state.identities.values()].find(i => i.id === id);
129
+ }
130
+ getAllIdentities() {
131
+ return [...this.state.identities.values()];
132
+ }
133
+ // AEGIS Agent-on-a-Page: return full documentation for governance review
134
+ getAgentOnAPage(frameworkId, pid) {
135
+ return this.getIdentity(frameworkId, pid) ?? null;
136
+ }
137
+ // ── Persistence ──────────────────────────────────────────────────────────
138
+ async loadState() {
139
+ try {
140
+ const data = await promises_1.default.readFile(path_1.default.join(this.stateDir, 'registry.json'), 'utf8');
141
+ const parsed = JSON.parse(data);
142
+ if (parsed.identities) {
143
+ for (const [k, v] of Object.entries(parsed.identities)) {
144
+ this.state.identities.set(k, v);
145
+ }
146
+ }
147
+ if (parsed.constraints) {
148
+ for (const [k, v] of Object.entries(parsed.constraints)) {
149
+ this.state.constraints.set(k, v);
150
+ }
151
+ }
152
+ }
153
+ catch {
154
+ // fresh start
155
+ }
156
+ }
157
+ async flush() {
158
+ if (!this.dirty)
159
+ return;
160
+ try {
161
+ const obj = {
162
+ identities: Object.fromEntries(this.state.identities),
163
+ constraints: Object.fromEntries(this.state.constraints),
164
+ };
165
+ const tmp = path_1.default.join(this.stateDir, `registry.tmp.${Date.now()}`);
166
+ await promises_1.default.writeFile(tmp, JSON.stringify(obj, null, 2), 'utf8');
167
+ await promises_1.default.rename(tmp, path_1.default.join(this.stateDir, 'registry.json'));
168
+ this.dirty = false;
169
+ }
170
+ catch (err) {
171
+ logger_1.logger.error('Failed to flush agent registry', { err: err.message });
172
+ }
173
+ }
174
+ }
175
+ exports.AgentRegistry = AgentRegistry;
176
+ //# sourceMappingURL=agent-registry.js.map
package/dist/agent-registry.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"agent-registry.js","sourceRoot":"","sources":["../src/agent-registry.ts"],"names":[],"mappings":";;;;;;AAAA,mCAAoC;AAOpC,qCAAkC;AAClC,2DAA6B;AAC7B,gDAAwB;AAOxB,MAAa,aAAa;IAQxB,YAAY,QAAgB;QAPpB,UAAK,GAAkB;YAC7B,UAAU,EAAE,IAAI,GAAG,EAAE;YACrB,WAAW,EAAE,IAAI,GAAG,EAAE;SACvB,CAAC;QAEM,UAAK,GAAG,KAAK,CAAC;QAGpB,IAAI,CAAC,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,kBAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACnE,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,eAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,4EAA4E;IAE5E,gBAAgB,CAAC,OAAsB,EAAE,MAAc;QACrD,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEhD,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;YAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,QAAQ,GAAkB;YAC9B,EAAE,EAAE,IAAA,mBAAU,GAAE;YAChB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM;YACN,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;YACd,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,QAAQ;YACnB,MAAM,EAAE,QAAQ;YAChB,iBAAiB,EAAE,IAAI,CAAC,GAAG,EAAE;YAC7B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YACtB,gBAAgB,EAAE,IAAI;YACtB,YAAY,EAAE,EAAE;YAChB,0BAA0B,EAAE,EAAE;YAC9B,cAAc,EAAE,EAAE;YAClB,gBAAgB,EAAE,kBAAkB;YACpC,aAAa,EAAE;gBACb,WAAW,EAAE,EAAE;gBACf,aAAa,EAAE,EAAE;gBACjB,gBAAgB,EAAE,EAAE;gBACpB,gBAAgB,EAAE,EAAE;gBACpB,kBAAkB,EAAE,EAAE;gBACtB,mBAAmB,EAAE,EAAE;gBACvB,iBAAiB,EAAE,EAAE;gBACrB,UAAU,EAAE,EAAE;gBACd,oBAAoB,EAAE,EAAE;aACzB;SACF,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,eAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,WAAW,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACtF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,YAAY,CAAC,WAAmB,EAAE,GAAW;QAC3C,MAAM,GAAG,GAAG,GAAG,WAAW,IAAI,GAAG,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChD,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAC;YACnC,QAAQ,CAAC,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,eAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED,UAAU,CAAC,WAAmB,EAAE,GAAW,EAAE,MAAc;QACzD,MAAM,GAAG,GAAG,GAAG,WAAW,IAAI,GAAG,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChD,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,MAAM,GAAG,aAAa,CAAC;YAChC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,eAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,4EAA4E;IAE5E,mBAAmB,CAAC,WAAmB,EAAE,GAAW,EAAE,IAAiC;QACrF,MAAM,GAAG,GAAG,GAAG,WAAW,IAAI,GAAG,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;YAC5C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,cAAc,CAAC,WAAmB,EAAE,GAAW,EAAE,OAA+B;QAC9E,MAAM,GAAG,GAAG,GAAG,WAAW,IAAI,GAAG,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,4EAA4E;IAE5E,aAAa,CAAC,UAA8B;QAC1C,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAC/D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED,aAAa,CAAC,WAAmB;QAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,mBAAmB,CAAC,WAAmB;QACrC,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,gBAAgB,IAAI,kBAAkB,CAAC;IACzF,CAAC;IAED,4EAA4E;IAE5E,mBAAmB;QACjB,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;aACvC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAC/D,CAAC;IAED,WAAW,CAAC,WAAmB,EAAE,GAAW;QAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,GAAG,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,eAAe,CAAC,EAAU;QACxB,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,gBAAgB;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,yEAAyE;IACzE,eAAe,CAAC,WAAmB,EAAE,GAAW;QAC9C,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC;IACpD,CAAC;IAED,4EAA4E;IAEpE,KAAK,CAAC,SAAS;QACrB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;YAClF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAChC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;gBACtB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;oBACvD,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAkB,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;YACD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;oBACxD,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,EAAE,CAAuB,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QACxB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG;gBACV,UAAU,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;gBACrD,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC;aACxD,CAAC;YACF,MAAM,GAAG,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACnE,MAAM,kBAAE,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YAC9D,MAAM,kBAAE,CAAC,MAAM,CAAC,GAAG,EAAE,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC;YAChE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;CACF;AA1LD,sCA0LC"}
package/dist/anomaly-detector.d.ts ADDED
@@ -0,0 +1,26 @@
1
+ import { AnomalyAlert, AgentAction, TaggedProcess } from './types';
2
+ import { AuditLogger } from './audit';
3
+ export declare class AnomalyDetector {
4
+ private config;
5
+ private auditLogger;
6
+ private baselines;
7
+ private actionBuffer;
8
+ private alerts;
9
+ private checkTimer;
10
+ constructor(auditLogger: AuditLogger, hostId: string);
11
+ start(): void;
12
+ stop(): void;
13
+ ingestAction(action: AgentAction): void;
14
+ private establishBaseline;
15
+ private detectDeviations;
16
+ private checkFrequencyDeviation;
17
+ private createAlert;
18
+ private getRecommendation;
19
+ private runCheck;
20
+ getOpenAlerts(): AnomalyAlert[];
21
+ getAllAlerts(): AnomalyAlert[];
22
+ resolveAlert(alertId: string, resolvedBy: string): boolean;
23
+ acknowledgeAlert(alertId: string): boolean;
24
+ ingestProcesses(processes: TaggedProcess[]): void;
25
+ }
26
+ //# sourceMappingURL=anomaly-detector.d.ts.map
package/dist/anomaly-detector.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"anomaly-detector.d.ts","sourceRoot":"","sources":["../src/anomaly-detector.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAoB,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACrF,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAUtC,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,SAAS,CAA4C;IAC7D,OAAO,CAAC,YAAY,CAAyC;IAC7D,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,UAAU,CAA+C;gBAErD,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM;IAUpD,KAAK,IAAI,IAAI;IAQb,IAAI,IAAI,IAAI;IASZ,YAAY,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAgBvC,OAAO,CAAC,iBAAiB;IAqEzB,OAAO,CAAC,gBAAgB;IAsFxB,OAAO,CAAC,uBAAuB;IAwB/B,OAAO,CAAC,WAAW;IAuCnB,OAAO,CAAC,iBAAiB;IAmBzB,OAAO,CAAC,QAAQ;IA+ChB,aAAa,IAAI,YAAY,EAAE;IAI/B,YAAY,IAAI,YAAY,EAAE;IAI9B,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO;IAW1D,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAS1C,eAAe,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,IAAI;CAUlD"}