@panguard-ai/core 0.1.0

package/dist/adapters/adapter-registry.d.ts

@@ -0,0 +1,150 @@
+/**
+ * Security adapter registry for auto-detection and management
+ * 安全對接器註冊表，用於自動偵測和管理
+ *
+ * Provides centralized management of security tool adapters, including
+ * manual registration, auto-detection from discovery results, and
+ * unified alert collection across all registered adapters.
+ * 提供安全工具對接器的集中管理，包括手動註冊、從偵察結果自動偵測，
+ * 以及跨所有已註冊對接器的統一告警收集。
+ *
+ * @module @panguard-ai/core/adapters/adapter-registry
+ */
+import type { SecurityEvent } from '../types.js';
+import type { DiscoveryResult } from '../discovery/types.js';
+import type { SecurityAdapter } from './types.js';
+/**
+ * Centralized registry for security tool adapters
+ * 安全工具對接器的集中註冊表
+ *
+ * The AdapterRegistry manages the lifecycle of security adapters:
+ * - Manual registration of custom adapters
+ * - Auto-detection of available adapters based on environment discovery
+ * - Unified alert collection from all registered adapters
+ * - Conversion of all alerts to the standardized SecurityEvent format
+ *
+ * AdapterRegistry 管理安全對接器的生命週期：
+ * - 手動註冊自訂對接器
+ * - 基於環境偵察的可用對接器自動偵測
+ * - 從所有已註冊對接器統一收集告警
+ * - 將所有告警轉換為標準化的 SecurityEvent 格式
+ *
+ * @example
+ * ```typescript
+ * const registry = new AdapterRegistry();
+ *
+ * // Auto-detect adapters from discovery results / 從偵察結果自動偵測對接器
+ * await registry.autoDetect(discoveryResult);
+ *
+ * // Or register manually / 或手動註冊
+ * registry.register(new WazuhAdapter({ enabled: true, endpoint: 'https://wazuh:55000' }));
+ *
+ * // Collect alerts from all adapters / 從所有對接器收集告警
+ * const events = await registry.collectAlerts(new Date(Date.now() - 3600000));
+ * ```
+ */
+export declare class AdapterRegistry {
+    /**
+     * Map of registered adapters keyed by adapter name
+     * 以對接器名稱為鍵的已註冊對接器映射
+     */
+    private adapters;
+    /**
+     * Create a new AdapterRegistry instance
+     * 建立新的 AdapterRegistry 實例
+     */
+    constructor();
+    /**
+     * Register an adapter manually
+     * 手動註冊對接器
+     *
+     * Adds the adapter to the registry. If an adapter with the same name
+     * is already registered, it will be replaced.
+     * 將對接器新增到註冊表。若已有同名對接器，則會被取代。
+     *
+     * @param adapter - Security adapter to register / 要註冊的安全對接器
+     */
+    register(adapter: SecurityAdapter): void;
+    /**
+     * Remove a registered adapter by name
+     * 依名稱移除已註冊的對接器
+     *
+     * @param name - Adapter name to remove / 要移除的對接器名稱
+     * @returns True if the adapter was removed / 若對接器已移除則回傳 true
+     */
+    unregister(name: string): boolean;
+    /**
+     * Auto-detect and register available security adapters
+     * 自動偵測並註冊可用的安全對接器
+     *
+     * Creates adapter instances based on detected security tools from
+     * the discovery result. Each adapter is checked for availability
+     * before being registered.
+     *
+     * Default adapters checked:
+     * - Windows Defender (on Windows systems)
+     * - Wazuh (if detected in discovery results)
+     * - Syslog Receiver (always available as a generic receiver)
+     *
+     * 根據偵察結果中偵測到的安全工具建立對接器實例。
+     * 每個對接器在註冊前都會檢查可用性。
+     *
+     * 檢查的預設對接器：
+     * - Windows Defender（在 Windows 系統上）
+     * - Wazuh（若在偵察結果中偵測到）
+     * - Syslog 接收器（作為通用接收器始終可用）
+     *
+     * @param discoveryResult - Optional discovery result for context-aware detection / 可選的偵察結果，用於上下文感知偵測
+     */
+    autoDetect(discoveryResult?: DiscoveryResult): Promise<void>;
+    /**
+     * Get a registered adapter by name
+     * 依名稱取得已註冊的對接器
+     *
+     * @param name - Adapter name / 對接器名稱
+     * @returns The adapter instance, or undefined if not found / 對接器實例，若找不到則為 undefined
+     */
+    getAdapter(name: string): SecurityAdapter | undefined;
+    /**
+     * Get all registered (available) adapters
+     * 取得所有已註冊（可用）的對接器
+     *
+     * @returns Array of registered security adapters / 已註冊的安全對接器陣列
+     */
+    getAvailableAdapters(): SecurityAdapter[];
+    /**
+     * Get the names of all registered adapters
+     * 取得所有已註冊對接器的名稱
+     *
+     * @returns Array of adapter names / 對接器名稱陣列
+     */
+    getAdapterNames(): string[];
+    /**
+     * Get the number of registered adapters
+     * 取得已註冊對接器的數量
+     *
+     * @returns Number of registered adapters / 已註冊對接器的數量
+     */
+    get size(): number;
+    /**
+     * Collect alerts from all registered adapters and convert to SecurityEvents
+     * 從所有已註冊對接器收集告警並轉換為 SecurityEvent
+     *
+     * Iterates over all registered adapters, retrieves their alerts,
+     * converts them to the standardized SecurityEvent format, and
+     * returns a merged array. Errors from individual adapters are
+     * logged and do not prevent collection from other adapters.
+     * 遍歷所有已註冊對接器，取得其告警，轉換為標準化的 SecurityEvent 格式，
+     * 並回傳合併的陣列。個別對接器的錯誤會被記錄，不會阻止從其他對接器收集。
+     *
+     * @param since - Optional cutoff date for all adapters / 所有對接器的可選截止日期
+     * @returns Merged array of SecurityEvents from all adapters / 來自所有對接器的合併 SecurityEvent 陣列
+     */
+    collectAlerts(since?: Date): Promise<SecurityEvent[]>;
+    /**
+     * Clear all registered adapters
+     * 清除所有已註冊的對接器
+     */
+    clear(): void;
+}
+//# sourceMappingURL=adapter-registry.d.ts.map

package/dist/adapters/adapter-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapter-registry.d.ts","sourceRoot":"","sources":["../../src/adapters/adapter-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAOlD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,qBAAa,eAAe;IAC1B;;;OAGG;IACH,OAAO,CAAC,QAAQ,CAA2C;IAE3D;;;OAGG;;IAKH;;;;;;;;;OASG;IACH,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI;IAWxC;;;;;;OAMG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAUjC;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACG,UAAU,CAAC,eAAe,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAkElE;;;;;;OAMG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAIrD;;;;;OAKG;IACH,oBAAoB,IAAI,eAAe,EAAE;IAIzC;;;;;OAKG;IACH,eAAe,IAAI,MAAM,EAAE;IAI3B;;;;;OAKG;IACH,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED;;;;;;;;;;;;;OAaG;IACG,aAAa,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IA6C3D;;;OAGG;IACH,KAAK,IAAI,IAAI;CAKd"}

package/dist/adapters/adapter-registry.js

@@ -0,0 +1,271 @@
+/**
+ * Security adapter registry for auto-detection and management
+ * 安全對接器註冊表，用於自動偵測和管理
+ *
+ * Provides centralized management of security tool adapters, including
+ * manual registration, auto-detection from discovery results, and
+ * unified alert collection across all registered adapters.
+ * 提供安全工具對接器的集中管理，包括手動註冊、從偵察結果自動偵測，
+ * 以及跨所有已註冊對接器的統一告警收集。
+ *
+ * @module @panguard-ai/core/adapters/adapter-registry
+ */
+import { createLogger } from '../utils/logger.js';
+import { DefenderAdapter } from './defender-adapter.js';
+import { WazuhAdapter } from './wazuh-adapter.js';
+import { SyslogAdapter } from './syslog-adapter.js';
+const logger = createLogger('adapter-registry');
+/**
+ * Centralized registry for security tool adapters
+ * 安全工具對接器的集中註冊表
+ *
+ * The AdapterRegistry manages the lifecycle of security adapters:
+ * - Manual registration of custom adapters
+ * - Auto-detection of available adapters based on environment discovery
+ * - Unified alert collection from all registered adapters
+ * - Conversion of all alerts to the standardized SecurityEvent format
+ *
+ * AdapterRegistry 管理安全對接器的生命週期：
+ * - 手動註冊自訂對接器
+ * - 基於環境偵察的可用對接器自動偵測
+ * - 從所有已註冊對接器統一收集告警
+ * - 將所有告警轉換為標準化的 SecurityEvent 格式
+ *
+ * @example
+ * ```typescript
+ * const registry = new AdapterRegistry();
+ *
+ * // Auto-detect adapters from discovery results / 從偵察結果自動偵測對接器
+ * await registry.autoDetect(discoveryResult);
+ *
+ * // Or register manually / 或手動註冊
+ * registry.register(new WazuhAdapter({ enabled: true, endpoint: 'https://wazuh:55000' }));
+ *
+ * // Collect alerts from all adapters / 從所有對接器收集告警
+ * const events = await registry.collectAlerts(new Date(Date.now() - 3600000));
+ * ```
+ */
+export class AdapterRegistry {
+    /**
+     * Map of registered adapters keyed by adapter name
+     * 以對接器名稱為鍵的已註冊對接器映射
+     */
+    adapters = new Map();
+    /**
+     * Create a new AdapterRegistry instance
+     * 建立新的 AdapterRegistry 實例
+     */
+    constructor() {
+        logger.info('AdapterRegistry initialized');
+    }
+    /**
+     * Register an adapter manually
+     * 手動註冊對接器
+     *
+     * Adds the adapter to the registry. If an adapter with the same name
+     * is already registered, it will be replaced.
+     * 將對接器新增到註冊表。若已有同名對接器，則會被取代。
+     *
+     * @param adapter - Security adapter to register / 要註冊的安全對接器
+     */
+    register(adapter) {
+        const existing = this.adapters.has(adapter.name);
+        this.adapters.set(adapter.name, adapter);
+        if (existing) {
+            logger.info(`Replaced existing adapter: ${adapter.name}`, { type: adapter.type });
+        }
+        else {
+            logger.info(`Registered adapter: ${adapter.name}`, { type: adapter.type });
+        }
+    }
+    /**
+     * Remove a registered adapter by name
+     * 依名稱移除已註冊的對接器
+     *
+     * @param name - Adapter name to remove / 要移除的對接器名稱
+     * @returns True if the adapter was removed / 若對接器已移除則回傳 true
+     */
+    unregister(name) {
+        const removed = this.adapters.delete(name);
+        if (removed) {
+            logger.info(`Unregistered adapter: ${name}`);
+        }
+        else {
+            logger.warn(`Adapter not found for removal: ${name}`);
+        }
+        return removed;
+    }
+    /**
+     * Auto-detect and register available security adapters
+     * 自動偵測並註冊可用的安全對接器
+     *
+     * Creates adapter instances based on detected security tools from
+     * the discovery result. Each adapter is checked for availability
+     * before being registered.
+     *
+     * Default adapters checked:
+     * - Windows Defender (on Windows systems)
+     * - Wazuh (if detected in discovery results)
+     * - Syslog Receiver (always available as a generic receiver)
+     *
+     * 根據偵察結果中偵測到的安全工具建立對接器實例。
+     * 每個對接器在註冊前都會檢查可用性。
+     *
+     * 檢查的預設對接器：
+     * - Windows Defender（在 Windows 系統上）
+     * - Wazuh（若在偵察結果中偵測到）
+     * - Syslog 接收器（作為通用接收器始終可用）
+     *
+     * @param discoveryResult - Optional discovery result for context-aware detection / 可選的偵察結果，用於上下文感知偵測
+     */
+    async autoDetect(discoveryResult) {
+        logger.info('Starting adapter auto-detection');
+        const candidates = [];
+        // Always try Windows Defender / 總是嘗試 Windows Defender
+        candidates.push(new DefenderAdapter({ enabled: true }));
+        // Check discovery results for known security tools
+        // 檢查偵察結果中的已知安全工具
+        if (discoveryResult) {
+            const tools = discoveryResult.security.existingTools;
+            // Look for Wazuh in detected tools / 在偵測到的工具中尋找 Wazuh
+            const wazuhTool = tools.find((tool) => tool.name.toLowerCase().includes('wazuh') || tool.vendor.toLowerCase().includes('wazuh'));
+            if (wazuhTool) {
+                logger.info('Wazuh detected in discovery results, adding adapter');
+                candidates.push(new WazuhAdapter({ enabled: true }));
+            }
+            // Look for SIEM tools that might expose syslog
+            // 尋找可能暴露 syslog 的 SIEM 工具
+            const syslogCapable = tools.some((tool) => tool.type === 'siem' ||
+                tool.type === 'ids' ||
+                tool.name.toLowerCase().includes('syslog') ||
+                tool.name.toLowerCase().includes('rsyslog') ||
+                tool.name.toLowerCase().includes('syslog-ng'));
+            if (syslogCapable) {
+                logger.info('Syslog-capable tool detected, adding syslog adapter');
+                candidates.push(new SyslogAdapter({ enabled: true }));
+            }
+        }
+        // Check availability for each candidate and register if available
+        // 檢查每個候選者的可用性，若可用則註冊
+        let registered = 0;
+        for (const candidate of candidates) {
+            try {
+                const available = await candidate.isAvailable();
+                if (available) {
+                    this.register(candidate);
+                    registered++;
+                }
+                else {
+                    logger.debug(`Adapter not available: ${candidate.name}`);
+                }
+            }
+            catch (err) {
+                logger.warn(`Error checking adapter availability: ${candidate.name}`, {
+                    error: err instanceof Error ? err.message : String(err),
+                });
+            }
+        }
+        logger.info(`Auto-detection complete: ${registered} adapters registered`, {
+            candidates: candidates.length,
+            registered,
+        });
+    }
+    /**
+     * Get a registered adapter by name
+     * 依名稱取得已註冊的對接器
+     *
+     * @param name - Adapter name / 對接器名稱
+     * @returns The adapter instance, or undefined if not found / 對接器實例，若找不到則為 undefined
+     */
+    getAdapter(name) {
+        return this.adapters.get(name);
+    }
+    /**
+     * Get all registered (available) adapters
+     * 取得所有已註冊（可用）的對接器
+     *
+     * @returns Array of registered security adapters / 已註冊的安全對接器陣列
+     */
+    getAvailableAdapters() {
+        return Array.from(this.adapters.values());
+    }
+    /**
+     * Get the names of all registered adapters
+     * 取得所有已註冊對接器的名稱
+     *
+     * @returns Array of adapter names / 對接器名稱陣列
+     */
+    getAdapterNames() {
+        return Array.from(this.adapters.keys());
+    }
+    /**
+     * Get the number of registered adapters
+     * 取得已註冊對接器的數量
+     *
+     * @returns Number of registered adapters / 已註冊對接器的數量
+     */
+    get size() {
+        return this.adapters.size;
+    }
+    /**
+     * Collect alerts from all registered adapters and convert to SecurityEvents
+     * 從所有已註冊對接器收集告警並轉換為 SecurityEvent
+     *
+     * Iterates over all registered adapters, retrieves their alerts,
+     * converts them to the standardized SecurityEvent format, and
+     * returns a merged array. Errors from individual adapters are
+     * logged and do not prevent collection from other adapters.
+     * 遍歷所有已註冊對接器，取得其告警，轉換為標準化的 SecurityEvent 格式，
+     * 並回傳合併的陣列。個別對接器的錯誤會被記錄，不會阻止從其他對接器收集。
+     *
+     * @param since - Optional cutoff date for all adapters / 所有對接器的可選截止日期
+     * @returns Merged array of SecurityEvents from all adapters / 來自所有對接器的合併 SecurityEvent 陣列
+     */
+    async collectAlerts(since) {
+        const allEvents = [];
+        const adapterNames = this.getAdapterNames();
+        if (adapterNames.length === 0) {
+            logger.debug('No adapters registered, no alerts to collect');
+            return allEvents;
+        }
+        logger.info(`Collecting alerts from ${adapterNames.length} adapters`, {
+            adapters: adapterNames,
+            since: since?.toISOString(),
+        });
+        // Collect from all adapters in parallel for efficiency
+        // 為了效率，同時從所有對接器收集
+        const results = await Promise.allSettled(Array.from(this.adapters.entries()).map(async ([name, adapter]) => {
+            try {
+                const alerts = await adapter.getAlerts(since);
+                const events = adapter.toSecurityEvents(alerts);
+                logger.debug(`Collected ${events.length} events from ${name}`);
+                return events;
+            }
+            catch (err) {
+                logger.error(`Failed to collect alerts from ${name}`, {
+                    error: err instanceof Error ? err.message : String(err),
+                });
+                return [];
+            }
+        }));
+        for (const result of results) {
+            if (result.status === 'fulfilled') {
+                allEvents.push(...result.value);
+            }
+            // Rejected promises are already handled in the catch above
+            // 被拒絕的 Promise 已在上面的 catch 中處理
+        }
+        logger.info(`Collected ${allEvents.length} total events from all adapters`);
+        return allEvents;
+    }
+    /**
+     * Clear all registered adapters
+     * 清除所有已註冊的對接器
+     */
+    clear() {
+        const count = this.adapters.size;
+        this.adapters.clear();
+        logger.info(`Cleared ${count} adapters from registry`);
+    }
+}
+//# sourceMappingURL=adapter-registry.js.map

package/dist/adapters/adapter-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapter-registry.js","sourceRoot":"","sources":["../../src/adapters/adapter-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAIlD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,MAAM,MAAM,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,OAAO,eAAe;IAC1B;;;OAGG;IACK,QAAQ,GAAiC,IAAI,GAAG,EAAE,CAAC;IAE3D;;;OAGG;IACH;QACE,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;;;;;OASG;IACH,QAAQ,CAAC,OAAwB;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAEzC,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,8BAA8B,OAAO,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACpF,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,uBAAuB,OAAO,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,UAAU,CAAC,IAAY;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,kCAAkC,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,KAAK,CAAC,UAAU,CAAC,eAAiC;QAChD,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QAE/C,MAAM,UAAU,GAAsB,EAAE,CAAC;QAEzC,sDAAsD;QACtD,UAAU,CAAC,IAAI,CAAC,IAAI,eAAe,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAExD,mDAAmD;QACnD,iBAAiB;QACjB,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,KAAK,GAAG,eAAe,CAAC,QAAQ,CAAC,aAAa,CAAC;YAErD,sDAAsD;YACtD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAC1B,CAAC,IAAI,EAAE,EAAE,CACP,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAC3F,CAAC;YAEF,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;gBACnE,UAAU,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YACvD,CAAC;YAED,+CAA+C;YAC/C,0BAA0B;YAC1B,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,CAC9B,CAAC,IAAI,EAAE,EAAE,CACP,IAAI,CAAC,IAAI,KAAK,MAAM;gBACpB,IAAI,CAAC,IAAI,KAAK,KAAK;gBACnB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC1C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC3C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,CAChD,CAAC;YAEF,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;gBACnE,UAAU,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAED,kEAAkE;QAClE,qBAAqB;QACrB,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,WAAW,EAAE,CAAC;gBAChD,IAAI,SAAS,EAAE,CAAC;oBACd,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;oBACzB,UAAU,EAAE,CAAC;gBACf,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,KAAK,CAAC,0BAA0B,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,IAAI,CAAC,wCAAwC,SAAS,CAAC,IAAI,EAAE,EAAE;oBACpE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,4BAA4B,UAAU,sBAAsB,EAAE;YACxE,UAAU,EAAE,UAAU,CAAC,MAAM;YAC7B,UAAU;SACX,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,UAAU,CAAC,IAAY;QACrB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACH,oBAAoB;QAClB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;OAKG;IACH,eAAe;QACb,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED;;;;;OAKG;IACH,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,aAAa,CAAC,KAAY;QAC9B,MAAM,SAAS,GAAoB,EAAE,CAAC;QACtC,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAE5C,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC7D,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,0BAA0B,YAAY,CAAC,MAAM,WAAW,EAAE;YACpE,QAAQ,EAAE,YAAY;YACtB,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE;SAC5B,CAAC,CAAC;QAEH,uDAAuD;QACvD,kBAAkB;QAClB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CACtC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE;YAChE,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAC9C,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;gBAEhD,MAAM,CAAC,KAAK,CAAC,aAAa,MAAM,CAAC,MAAM,gBAAgB,IAAI,EAAE,CAAC,CAAC;gBAC/D,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CAAC,iCAAiC,IAAI,EAAE,EAAE;oBACpD,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;gBACH,OAAO,EAAqB,CAAC;YAC/B,CAAC;QACH,CAAC,CAAC,CACH,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gBAClC,SAAS,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YAClC,CAAC;YACD,2DAA2D;YAC3D,+BAA+B;QACjC,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,aAAa,SAAS,CAAC,MAAM,iCAAiC,CAAC,CAAC;QAC5E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACjC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC,WAAW,KAAK,yBAAyB,CAAC,CAAC;IACzD,CAAC;CACF"}

package/dist/adapters/base-adapter.d.ts

@@ -0,0 +1,101 @@
+/**
+ * Abstract base class for security tool adapters
+ * 安全工具對接器抽象基底類別
+ *
+ * Provides shared functionality for all adapters including configuration
+ * management, logging, and standard alert-to-SecurityEvent conversion.
+ * 為所有對接器提供共用功能，包括配置管理、日誌記錄和標準
+ * 告警到 SecurityEvent 的轉換。
+ *
+ * @module @panguard-ai/core/adapters/base-adapter
+ */
+import type { Logger } from '../utils/logger.js';
+import type { SecurityEvent, Severity, EventSource } from '../types.js';
+import type { AdapterConfig, AdapterAlert, SecurityAdapter } from './types.js';
+/**
+ * Map a severity string to the standard Severity type
+ * 將嚴重等級字串映射為標準 Severity 型別
+ *
+ * Handles common severity labels from various security tools and normalizes
+ * them into the five-level Severity scale used throughout Panguard.
+ * 處理來自各種安全工具的常見嚴重等級標籤，並將其正規化為
+ * Panguard 中使用的五級 Severity 量表。
+ *
+ * @param severity - Raw severity string from the adapter / 來自對接器的原始嚴重等級字串
+ * @returns Normalized Severity value / 正規化的 Severity 值
+ */
+export declare function mapSeverity(severity: string): Severity;
+/**
+ * Map an adapter source string to the standard EventSource type
+ * 將對接器來源字串映射為標準 EventSource 型別
+ *
+ * @param source - Raw source string from the adapter / 來自對接器的原始來源字串
+ * @returns Normalized EventSource value / 正規化的 EventSource 值
+ */
+export declare function mapEventSource(source: string): EventSource;
+/**
+ * Abstract base adapter providing shared implementation for security adapters
+ * 提供安全對接器共用實作的抽象基底對接器
+ *
+ * Subclasses must implement:
+ * - `isAvailable()`: Check if the underlying tool is reachable
+ * - `getAlerts(since?)`: Retrieve alerts from the underlying tool
+ *
+ * 子類別必須實作：
+ * - `isAvailable()`：檢查底層工具是否可連線
+ * - `getAlerts(since?)`：從底層工具取得告警
+ */
+export declare abstract class BaseAdapter implements SecurityAdapter {
+    /**
+     * Human-readable adapter name
+     * 人類可讀的對接器名稱
+     */
+    abstract readonly name: string;
+    /**
+     * Adapter type identifier
+     * 對接器類型識別碼
+     */
+    abstract readonly type: string;
+    /**
+     * Logger instance scoped to this adapter
+     * 範圍限定於此對接器的日誌記錄器實例
+     */
+    protected readonly logger: Logger;
+    /**
+     * Adapter configuration
+     * 對接器配置
+     */
+    protected readonly config: AdapterConfig;
+    /**
+     * Create a new BaseAdapter instance
+     * 建立新的 BaseAdapter 實例
+     *
+     * @param moduleName - Logger module name / 日誌記錄器模組名稱
+     * @param config - Adapter configuration / 對接器配置
+     */
+    constructor(moduleName: string, config: AdapterConfig);
+    /**
+     * Check if the underlying security tool is available
+     * 檢查底層安全工具是否可用
+     */
+    abstract isAvailable(): Promise<boolean>;
+    /**
+     * Retrieve alerts from the security tool
+     * 從安全工具取得告警
+     */
+    abstract getAlerts(since?: Date): Promise<AdapterAlert[]>;
+    /**
+     * Convert adapter alerts to standardized SecurityEvent format
+     * 將對接器告警轉換為標準化的 SecurityEvent 格式
+     *
+     * Uses shared mapping logic for severity and event source normalization.
+     * The host field defaults to the current system hostname.
+     * 使用共用映射邏輯進行嚴重等級和事件來源正規化。
+     * host 欄位預設為目前系統主機名稱。
+     *
+     * @param alerts - Array of adapter alerts to convert / 要轉換的對接器告警陣列
+     * @returns Array of SecurityEvent instances / SecurityEvent 實例陣列
+     */
+    toSecurityEvents(alerts: AdapterAlert[]): SecurityEvent[];
+}
+//# sourceMappingURL=base-adapter.d.ts.map

package/dist/adapters/base-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/base-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE/E;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,CAuCtD;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,CA4B1D;AAED;;;;;;;;;;;GAWG;AACH,8BAAsB,WAAY,YAAW,eAAe;IAC1D;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAE/B;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAElC;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAEzC;;;;;;OAMG;gBACS,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa;IAKrD;;;OAGG;IACH,QAAQ,CAAC,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAEzD;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,MAAM,EAAE,YAAY,EAAE,GAAG,aAAa,EAAE;CAkB1D"}