@panguard-ai/core 0.1.0

package/dist/monitor/file-monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-monitor.js","sourceRoot":"","sources":["../../src/monitor/file-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAG3D,MAAM,MAAM,GAAG,YAAY,CAAC,cAAc,CAAC,CAAC;AAE5C;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,WAAY,SAAQ,YAAY;IAC3C,2DAA2D;IACnD,OAAO,GAAG,KAAK,CAAC;IACxB,4BAA4B;IACpB,KAAK,CAAkC;IAC/C,2CAA2C;IACnC,UAAU,GAAgC,IAAI,GAAG,EAAE,CAAC;IAC5D,8BAA8B;IACtB,UAAU,CAAW;IAC7B,kDAAkD;IAC1C,YAAY,CAAS;IAE7B;;;;;;OAMG;IACH,YAAY,UAAoB,EAAE,YAAY,GAAG,KAAK;QACpD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,MAAM,CAAC,IAAI,CACT,iCAAiC,IAAI,CAAC,UAAU,CAAC,MAAM,0BAA0B,IAAI,CAAC,YAAY,KAAK,CACxG,CAAC;QAEF,8CAA8C;QAC9C,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;QAEvB,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;YAC5B,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;QACzB,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACzB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;IAED;;;;;OAKG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,WAAW,CAAC,QAAgB;QAChC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC;IAED;;;;;OAKG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,UAAU;QACtB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;QAEvC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACvC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE3B,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;gBACrD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;gBAErC,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAErD,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,mDAAmD;oBACnD,mBAAmB;oBACnB,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE;wBAC5B,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,WAAW;wBACjB,WAAW,EAAE,GAAG;wBAChB,IAAI,EAAE,QAAQ,CAAC,IAAI;qBACpB,CAAC,CAAC;oBAEH,sDAAsD;oBACtD,6BAA6B;oBAC7B,IACE,IAAI,CAAC,UAAU,CAAC,IAAI;wBACpB,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,EACrE,CAAC;wBACD,mDAAmD;wBACnD,yEAAyE;oBAC3E,CAAC;oBAED,gEAAgE;oBAChE,+BAA+B;oBAC/B,4DAA4D;oBAC5D,sBAAsB;gBACxB,CAAC;qBAAM,IAAI,cAAc,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBAC/C,kCAAkC;oBAClC,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC;oBAEpC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE;wBAC5B,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,WAAW;wBACjB,WAAW,EAAE,GAAG;wBAChB,IAAI,EAAE,QAAQ,CAAC,IAAI;qBACpB,CAAC,CAAC;oBAEH,MAAM,KAAK,GAAG,kBAAkB,CAAC;wBAC/B,IAAI,EAAE,QAAQ;wBACd,MAAM,EAAE,UAAU;wBAClB,OAAO;wBACP,OAAO,EAAE,WAAW;qBACrB,CAAC,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;oBAEjC,MAAM,CAAC,IAAI,CAAC,kBAAkB,QAAQ,EAAE,EAAE;wBACxC,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;wBACjC,OAAO,EAAE,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;qBACtC,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,2CAA2C;oBAC3C,iBAAiB;oBACjB,cAAc,CAAC,WAAW,GAAG,GAAG,CAAC;gBACnC,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,KAAK,GAAG,GAA4B,CAAC;gBAE3C,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC5B,8BAA8B;oBAC9B,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACrD,IAAI,cAAc,EAAE,CAAC;wBACnB,8CAA8C;wBAC9C,iBAAiB;wBACjB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;wBAEjC,MAAM,KAAK,GAAG,kBAAkB,CAAC;4BAC/B,IAAI,EAAE,QAAQ;4BACd,MAAM,EAAE,SAAS;4BACjB,OAAO,EAAE,cAAc,CAAC,IAAI;yBAC7B,CAAC,CAAC;wBACH,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;wBAEjC,MAAM,CAAC,IAAI,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;oBAC3C,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,KAAK,CAAC,yBAAyB,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAC1E,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC1E,CAAC;YACH,CAAC;QACH,CAAC;QAED,0EAA0E;QAC1E,8BAA8B;QAC9B,KAAK,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBAEpC,MAAM,KAAK,GAAG,kBAAkB,CAAC;oBAC/B,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,MAAM,CAAC,IAAI;iBACrB,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;CACF"}

package/dist/monitor/index.d.ts

@@ -0,0 +1,147 @@
+/**
+ * System Monitoring Engine
+ * 系統監控引擎
+ *
+ * Real-time monitoring of system events including log monitoring,
+ * network connections, process activity, and file integrity.
+ * Aggregates all sub-monitors into a single MonitorEngine with
+ * unified event emission and threat intelligence correlation.
+ * 即時監控系統事件，包括日誌監控、網路連線、程序活動和檔案完整性。
+ * 將所有子監控器彙整到單一 MonitorEngine，具備統一事件發送和威脅情報關聯。
+ *
+ * @module @panguard-ai/core/monitor
+ */
+import { EventEmitter } from 'node:events';
+import type { MonitorConfig, MonitorStatus } from './types.js';
+/** Monitor engine version / 監控引擎版本 */
+export declare const MONITOR_VERSION = "0.1.0";
+/**
+ * MonitorEngine - unified system monitoring engine
+ * MonitorEngine - 統一系統監控引擎
+ *
+ * Orchestrates all sub-monitors (log, network, process, file) and provides
+ * a single event stream with integrated threat intelligence correlation.
+ * 統籌所有子監控器（日誌、網路、程序、檔案），提供整合威脅情報關聯的
+ * 單一事件串流。
+ *
+ * Events emitted:
+ * - 'event': SecurityEvent - for all normalized security events / 所有正規化的安全事件
+ * - 'threat': { event: SecurityEvent, threat: ThreatIntelEntry } - when a threat match is found / 當找到威脅比對時
+ * - 'error': Error - when a sub-monitor encounters an error / 當子監控器遇到錯誤時
+ *
+ * @example
+ * ```typescript
+ * const engine = new MonitorEngine({
+ *   logMonitor: true,
+ *   networkMonitor: true,
+ *   processMonitor: true,
+ *   fileMonitor: false,
+ *   networkPollInterval: 30000,
+ *   processPollInterval: 15000,
+ * });
+ *
+ * engine.on('event', (event) => console.log('Event:', event));
+ * engine.on('threat', ({ event, threat }) => console.log('THREAT:', threat));
+ *
+ * engine.start();
+ * // ... later ...
+ * engine.stop();
+ * ```
+ */
+export declare class MonitorEngine extends EventEmitter {
+    /** Log monitor instance / 日誌監控器實例 */
+    private logMonitor?;
+    /** Network monitor instance / 網路監控器實例 */
+    private networkMonitor?;
+    /** Process monitor instance / 程序監控器實例 */
+    private processMonitor?;
+    /** File monitor instance / 檔案監控器實例 */
+    private fileMonitor?;
+    /** Current engine status / 目前引擎狀態 */
+    private status;
+    /** Resolved configuration / 解析後的配置 */
+    private config;
+    /**
+     * Create a new MonitorEngine instance
+     * 建立新的 MonitorEngine 實例
+     *
+     * @param config - Partial monitor configuration (merged with defaults) / 部分監控配置（與預設值合併）
+     */
+    constructor(config?: Partial<MonitorConfig>);
+    /**
+     * Start all enabled monitors
+     * 啟動所有已啟用的監控器
+     *
+     * Initializes and starts each sub-monitor based on configuration,
+     * wires up event forwarding, and applies threat intelligence checks
+     * to all incoming events.
+     * 根據配置初始化並啟動每個子監控器，連接事件轉發，並對所有
+     * 傳入事件套用威脅情報檢查。
+     */
+    start(): void;
+    /**
+     * Stop all running monitors and clean up resources
+     * 停止所有執行中的監控器並清理資源
+     */
+    stop(): void;
+    /**
+     * Get the current engine status
+     * 取得目前引擎狀態
+     *
+     * @returns Current monitor status / 目前監控狀態
+     */
+    getStatus(): MonitorStatus;
+    /**
+     * Get the current configuration
+     * 取得目前配置
+     *
+     * @returns Current monitor configuration / 目前監控配置
+     */
+    getConfig(): Readonly<MonitorConfig>;
+    /**
+     * Process an incoming event: emit it and check against threat intelligence
+     * 處理傳入事件：發送事件並對照威脅情報檢查
+     *
+     * @param event - Security event to process / 要處理的安全事件
+     */
+    private processEvent;
+    /**
+     * Forward errors from sub-monitors
+     * 從子監控器轉發錯誤
+     *
+     * @param source - Sub-monitor name / 子監控器名稱
+     * @param err - Error instance / 錯誤實例
+     */
+    private handleSubMonitorError;
+    /**
+     * Initialize and start the log monitor
+     * 初始化並啟動日誌監控器
+     */
+    private startLogMonitor;
+    /**
+     * Initialize and start the network monitor
+     * 初始化並啟動網路監控器
+     */
+    private startNetworkMonitor;
+    /**
+     * Initialize and start the process monitor
+     * 初始化並啟動程序監控器
+     */
+    private startProcessMonitor;
+    /**
+     * Initialize and start the file monitor
+     * 初始化並啟動檔案監控器
+     */
+    private startFileMonitor;
+}
+export { LogMonitor } from './log-monitor.js';
+export { NetworkMonitor } from './network-monitor.js';
+export { ProcessMonitor } from './process-monitor.js';
+export type { ProcessListEntry } from './process-monitor.js';
+export { FileMonitor } from './file-monitor.js';
+export { checkThreatIntel, isPrivateIP, addThreatIntelEntry, getThreatIntelEntries, setFeedManager, getFeedManager, } from './threat-intel.js';
+export { normalizeLogEvent, normalizeNetworkEvent, normalizeProcessEvent, normalizeFileEvent, } from './event-normalizer.js';
+export { ThreatIntelFeedManager, type IoC, type FeedSource, type FeedUpdateResult, type FeedManagerConfig, } from './threat-intel-feeds.js';
+export type { MonitorConfig, MonitorStatus, ThreatIntelEntry, FileHashRecord } from './types.js';
+export { DEFAULT_MONITOR_CONFIG } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/monitor/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/monitor/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAI3C,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAU/D,sCAAsC;AACtC,eAAO,MAAM,eAAe,UAAU,CAAC;AAEvC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,qBAAa,aAAc,SAAQ,YAAY;IAC7C,qCAAqC;IACrC,OAAO,CAAC,UAAU,CAAC,CAAa;IAChC,yCAAyC;IACzC,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,yCAAyC;IACzC,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,sCAAsC;IACtC,OAAO,CAAC,WAAW,CAAC,CAAc;IAClC,qCAAqC;IACrC,OAAO,CAAC,MAAM,CAA4B;IAC1C,sCAAsC;IACtC,OAAO,CAAC,MAAM,CAAgB;IAE9B;;;;;OAKG;gBACS,MAAM,GAAE,OAAO,CAAC,aAAa,CAAM;IAK/C;;;;;;;;;OASG;IACH,KAAK,IAAI,IAAI;IAuCb;;;OAGG;IACH,IAAI,IAAI,IAAI;IAoCZ;;;;;OAKG;IACH,SAAS,IAAI,aAAa;IAI1B;;;;;OAKG;IACH,SAAS,IAAI,QAAQ,CAAC,aAAa,CAAC;IAIpC;;;;;OAKG;IACH,OAAO,CAAC,YAAY;IAmBpB;;;;;;OAMG;IACH,OAAO,CAAC,qBAAqB;IAK7B;;;OAGG;IACH,OAAO,CAAC,eAAe;IAevB;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAmB3B;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAmB3B;;;OAGG;IACH,OAAO,CAAC,gBAAgB;CAuBzB;AAGD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACd,cAAc,GACf,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,sBAAsB,EACtB,KAAK,GAAG,EACR,KAAK,UAAU,EACf,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,GACvB,MAAM,yBAAyB,CAAC;AAGjC,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AACjG,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC"}

package/dist/monitor/index.js

@@ -0,0 +1,293 @@
+/**
+ * System Monitoring Engine
+ * 系統監控引擎
+ *
+ * Real-time monitoring of system events including log monitoring,
+ * network connections, process activity, and file integrity.
+ * Aggregates all sub-monitors into a single MonitorEngine with
+ * unified event emission and threat intelligence correlation.
+ * 即時監控系統事件，包括日誌監控、網路連線、程序活動和檔案完整性。
+ * 將所有子監控器彙整到單一 MonitorEngine，具備統一事件發送和威脅情報關聯。
+ *
+ * @module @panguard-ai/core/monitor
+ */
+import { EventEmitter } from 'node:events';
+import { createLogger } from '../utils/index.js';
+import { DEFAULT_MONITOR_CONFIG } from './types.js';
+import { LogMonitor } from './log-monitor.js';
+import { NetworkMonitor } from './network-monitor.js';
+import { ProcessMonitor } from './process-monitor.js';
+import { FileMonitor } from './file-monitor.js';
+import { checkThreatIntel } from './threat-intel.js';
+const logger = createLogger('monitor-engine');
+/** Monitor engine version / 監控引擎版本 */
+export const MONITOR_VERSION = '0.1.0';
+/**
+ * MonitorEngine - unified system monitoring engine
+ * MonitorEngine - 統一系統監控引擎
+ *
+ * Orchestrates all sub-monitors (log, network, process, file) and provides
+ * a single event stream with integrated threat intelligence correlation.
+ * 統籌所有子監控器（日誌、網路、程序、檔案），提供整合威脅情報關聯的
+ * 單一事件串流。
+ *
+ * Events emitted:
+ * - 'event': SecurityEvent - for all normalized security events / 所有正規化的安全事件
+ * - 'threat': { event: SecurityEvent, threat: ThreatIntelEntry } - when a threat match is found / 當找到威脅比對時
+ * - 'error': Error - when a sub-monitor encounters an error / 當子監控器遇到錯誤時
+ *
+ * @example
+ * ```typescript
+ * const engine = new MonitorEngine({
+ *   logMonitor: true,
+ *   networkMonitor: true,
+ *   processMonitor: true,
+ *   fileMonitor: false,
+ *   networkPollInterval: 30000,
+ *   processPollInterval: 15000,
+ * });
+ *
+ * engine.on('event', (event) => console.log('Event:', event));
+ * engine.on('threat', ({ event, threat }) => console.log('THREAT:', threat));
+ *
+ * engine.start();
+ * // ... later ...
+ * engine.stop();
+ * ```
+ */
+export class MonitorEngine extends EventEmitter {
+    /** Log monitor instance / 日誌監控器實例 */
+    logMonitor;
+    /** Network monitor instance / 網路監控器實例 */
+    networkMonitor;
+    /** Process monitor instance / 程序監控器實例 */
+    processMonitor;
+    /** File monitor instance / 檔案監控器實例 */
+    fileMonitor;
+    /** Current engine status / 目前引擎狀態 */
+    status = 'stopped';
+    /** Resolved configuration / 解析後的配置 */
+    config;
+    /**
+     * Create a new MonitorEngine instance
+     * 建立新的 MonitorEngine 實例
+     *
+     * @param config - Partial monitor configuration (merged with defaults) / 部分監控配置（與預設值合併）
+     */
+    constructor(config = {}) {
+        super();
+        this.config = { ...DEFAULT_MONITOR_CONFIG, ...config };
+    }
+    /**
+     * Start all enabled monitors
+     * 啟動所有已啟用的監控器
+     *
+     * Initializes and starts each sub-monitor based on configuration,
+     * wires up event forwarding, and applies threat intelligence checks
+     * to all incoming events.
+     * 根據配置初始化並啟動每個子監控器，連接事件轉發，並對所有
+     * 傳入事件套用威脅情報檢查。
+     */
+    start() {
+        if (this.status === 'running') {
+            logger.warn('MonitorEngine is already running');
+            return;
+        }
+        logger.info('Starting MonitorEngine', {
+            logMonitor: this.config.logMonitor,
+            networkMonitor: this.config.networkMonitor,
+            processMonitor: this.config.processMonitor,
+            fileMonitor: this.config.fileMonitor,
+        });
+        try {
+            if (this.config.logMonitor) {
+                this.startLogMonitor();
+            }
+            if (this.config.networkMonitor) {
+                this.startNetworkMonitor();
+            }
+            if (this.config.processMonitor) {
+                this.startProcessMonitor();
+            }
+            if (this.config.fileMonitor && this.config.watchPaths && this.config.watchPaths.length > 0) {
+                this.startFileMonitor();
+            }
+            this.status = 'running';
+            logger.info('MonitorEngine started successfully');
+        }
+        catch (err) {
+            this.status = 'error';
+            logger.error('Failed to start MonitorEngine', { error: String(err) });
+            this.emit('error', err instanceof Error ? err : new Error(String(err)));
+        }
+    }
+    /**
+     * Stop all running monitors and clean up resources
+     * 停止所有執行中的監控器並清理資源
+     */
+    stop() {
+        if (this.status === 'stopped') {
+            logger.warn('MonitorEngine is already stopped');
+            return;
+        }
+        logger.info('Stopping MonitorEngine');
+        if (this.logMonitor) {
+            this.logMonitor.removeAllListeners();
+            this.logMonitor.stop();
+            this.logMonitor = undefined;
+        }
+        if (this.networkMonitor) {
+            this.networkMonitor.removeAllListeners();
+            this.networkMonitor.stop();
+            this.networkMonitor = undefined;
+        }
+        if (this.processMonitor) {
+            this.processMonitor.removeAllListeners();
+            this.processMonitor.stop();
+            this.processMonitor = undefined;
+        }
+        if (this.fileMonitor) {
+            this.fileMonitor.removeAllListeners();
+            this.fileMonitor.stop();
+            this.fileMonitor = undefined;
+        }
+        this.status = 'stopped';
+        logger.info('MonitorEngine stopped');
+    }
+    /**
+     * Get the current engine status
+     * 取得目前引擎狀態
+     *
+     * @returns Current monitor status / 目前監控狀態
+     */
+    getStatus() {
+        return this.status;
+    }
+    /**
+     * Get the current configuration
+     * 取得目前配置
+     *
+     * @returns Current monitor configuration / 目前監控配置
+     */
+    getConfig() {
+        return this.config;
+    }
+    /**
+     * Process an incoming event: emit it and check against threat intelligence
+     * 處理傳入事件：發送事件並對照威脅情報檢查
+     *
+     * @param event - Security event to process / 要處理的安全事件
+     */
+    processEvent(event) {
+        // Emit the raw event / 發送原始事件
+        this.emit('event', event);
+        // Check for threat intelligence matches on network events
+        // 對網路事件檢查威脅情報比對
+        if (event.source === 'network' && event.metadata['remoteAddr']) {
+            const remoteAddr = String(event.metadata['remoteAddr']);
+            const threat = checkThreatIntel(remoteAddr);
+            if (threat) {
+                logger.warn(`Threat intelligence match: ${remoteAddr}`, {
+                    type: threat.type,
+                    source: threat.source,
+                });
+                this.emit('threat', { event, threat });
+            }
+        }
+    }
+    /**
+     * Forward errors from sub-monitors
+     * 從子監控器轉發錯誤
+     *
+     * @param source - Sub-monitor name / 子監控器名稱
+     * @param err - Error instance / 錯誤實例
+     */
+    handleSubMonitorError(source, err) {
+        logger.error(`Error from ${source}`, { error: err.message });
+        this.emit('error', err);
+    }
+    /**
+     * Initialize and start the log monitor
+     * 初始化並啟動日誌監控器
+     */
+    startLogMonitor() {
+        this.logMonitor = new LogMonitor();
+        this.logMonitor.on('event', (event) => {
+            this.processEvent(event);
+        });
+        this.logMonitor.on('error', (err) => {
+            this.handleSubMonitorError('LogMonitor', err);
+        });
+        this.logMonitor.start();
+        logger.info('LogMonitor sub-module started');
+    }
+    /**
+     * Initialize and start the network monitor
+     * 初始化並啟動網路監控器
+     */
+    startNetworkMonitor() {
+        this.networkMonitor = new NetworkMonitor(this.config.networkPollInterval);
+        this.networkMonitor.on('new_connection', (event) => {
+            this.processEvent(event);
+        });
+        this.networkMonitor.on('closed_connection', (event) => {
+            this.processEvent(event);
+        });
+        this.networkMonitor.on('error', (err) => {
+            this.handleSubMonitorError('NetworkMonitor', err);
+        });
+        this.networkMonitor.start();
+        logger.info('NetworkMonitor sub-module started');
+    }
+    /**
+     * Initialize and start the process monitor
+     * 初始化並啟動程序監控器
+     */
+    startProcessMonitor() {
+        this.processMonitor = new ProcessMonitor(this.config.processPollInterval);
+        this.processMonitor.on('process_started', (event) => {
+            this.processEvent(event);
+        });
+        this.processMonitor.on('process_stopped', (event) => {
+            this.processEvent(event);
+        });
+        this.processMonitor.on('error', (err) => {
+            this.handleSubMonitorError('ProcessMonitor', err);
+        });
+        this.processMonitor.start();
+        logger.info('ProcessMonitor sub-module started');
+    }
+    /**
+     * Initialize and start the file monitor
+     * 初始化並啟動檔案監控器
+     */
+    startFileMonitor() {
+        const watchPaths = this.config.watchPaths ?? [];
+        this.fileMonitor = new FileMonitor(watchPaths);
+        this.fileMonitor.on('file_changed', (event) => {
+            this.processEvent(event);
+        });
+        this.fileMonitor.on('file_created', (event) => {
+            this.processEvent(event);
+        });
+        this.fileMonitor.on('file_deleted', (event) => {
+            this.processEvent(event);
+        });
+        this.fileMonitor.on('error', (err) => {
+            this.handleSubMonitorError('FileMonitor', err);
+        });
+        this.fileMonitor.start();
+        logger.info('FileMonitor sub-module started');
+    }
+}
+// Re-export sub-modules / 重新匯出子模組
+export { LogMonitor } from './log-monitor.js';
+export { NetworkMonitor } from './network-monitor.js';
+export { ProcessMonitor } from './process-monitor.js';
+export { FileMonitor } from './file-monitor.js';
+export { checkThreatIntel, isPrivateIP, addThreatIntelEntry, getThreatIntelEntries, setFeedManager, getFeedManager, } from './threat-intel.js';
+export { normalizeLogEvent, normalizeNetworkEvent, normalizeProcessEvent, normalizeFileEvent, } from './event-normalizer.js';
+// Re-export threat intel feeds / 重新匯出威脅情報饋送
+export { ThreatIntelFeedManager, } from './threat-intel-feeds.js';
+export { DEFAULT_MONITOR_CONFIG } from './types.js';
+//# sourceMappingURL=index.js.map

package/dist/monitor/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/monitor/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGjD,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAErD,MAAM,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;AAE9C,sCAAsC;AACtC,MAAM,CAAC,MAAM,eAAe,GAAG,OAAO,CAAC;AAEvC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,MAAM,OAAO,aAAc,SAAQ,YAAY;IAC7C,qCAAqC;IAC7B,UAAU,CAAc;IAChC,yCAAyC;IACjC,cAAc,CAAkB;IACxC,yCAAyC;IACjC,cAAc,CAAkB;IACxC,sCAAsC;IAC9B,WAAW,CAAe;IAClC,qCAAqC;IAC7B,MAAM,GAAkB,SAAS,CAAC;IAC1C,sCAAsC;IAC9B,MAAM,CAAgB;IAE9B;;;;;OAKG;IACH,YAAY,SAAiC,EAAE;QAC7C,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,sBAAsB,EAAE,GAAG,MAAM,EAAE,CAAC;IACzD,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;YACpC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU;YAClC,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;YAC1C,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;YAC1C,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC3B,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;gBAC/B,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7B,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;gBAC/B,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7B,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3F,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,CAAC;YAED,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAEtC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,CAAC;YACrC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC9B,CAAC;QAED,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,IAAI,CAAC,cAAc,CAAC,kBAAkB,EAAE,CAAC;YACzC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;QAClC,CAAC;QAED,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,IAAI,CAAC,cAAc,CAAC,kBAAkB,EAAE,CAAC;YACzC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;QAClC,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,IAAI,CAAC,WAAW,CAAC,kBAAkB,EAAE,CAAC;YACtC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACxB,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC/B,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACK,YAAY,CAAC,KAAoB;QACvC,8BAA8B;QAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE1B,0DAA0D;QAC1D,gBAAgB;QAChB,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/D,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;YACxD,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;YAC5C,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,8BAA8B,UAAU,EAAE,EAAE;oBACtD,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;iBACtB,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,qBAAqB,CAAC,MAAc,EAAE,GAAU;QACtD,MAAM,CAAC,KAAK,CAAC,cAAc,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACK,eAAe;QACrB,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;QAEnC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAoB,EAAE,EAAE;YACnD,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YACzC,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC/C,CAAC;IAED;;;OAGG;IACK,mBAAmB;QACzB,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAE1E,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,KAAoB,EAAE,EAAE;YAChE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,KAAoB,EAAE,EAAE;YACnE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC7C,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED;;;OAGG;IACK,mBAAmB;QACzB,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAE1E,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,iBAAiB,EAAE,CAAC,KAAoB,EAAE,EAAE;YACjE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,iBAAiB,EAAE,CAAC,KAAoB,EAAE,EAAE;YACjE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC7C,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED;;;OAGG;IACK,gBAAgB;QACtB,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC,UAAU,CAAC,CAAC;QAE/C,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,cAAc,EAAE,CAAC,KAAoB,EAAE,EAAE;YAC3D,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,cAAc,EAAE,CAAC,KAAoB,EAAE,EAAE;YAC3D,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,cAAc,EAAE,CAAC,KAAoB,EAAE,EAAE;YAC3D,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC1C,IAAI,CAAC,qBAAqB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAChD,CAAC;CACF;AAED,kCAAkC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACd,cAAc,GACf,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAE/B,4CAA4C;AAC5C,OAAO,EACL,sBAAsB,GAKvB,MAAM,yBAAyB,CAAC;AAIjC,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC"}

package/dist/monitor/log-monitor.d.ts

@@ -0,0 +1,102 @@
+/**
+ * System log monitoring via native OS log streams
+ * 透過原生作業系統日誌串流進行系統日誌監控
+ *
+ * Supports macOS (log stream), Linux (tail -F), and Windows (wevtutil).
+ * 支援 macOS (log stream)、Linux (tail -F) 和 Windows (wevtutil)。
+ *
+ * @module @panguard-ai/core/monitor/log-monitor
+ */
+import { EventEmitter } from 'node:events';
+/**
+ * Log monitor configuration
+ * 日誌監控配置
+ */
+interface LogMonitorConfig {
+    /** Custom log paths to monitor (Linux only) / 自訂要監控的日誌路徑（僅 Linux） */
+    logPaths?: string[];
+}
+/**
+ * LogMonitor - monitors system logs in real-time using OS-native tools
+ * LogMonitor - 使用作業系統原生工具即時監控系統日誌
+ *
+ * Events emitted:
+ * - 'event': SecurityEvent - when a log line is captured / 當擷取到日誌行時
+ * - 'error': Error - when the monitoring process encounters an error / 當監控程序遇到錯誤時
+ *
+ * @example
+ * ```typescript
+ * const monitor = new LogMonitor();
+ * monitor.on('event', (event) => console.log(event));
+ * monitor.start();
+ * ```
+ */
+export declare class LogMonitor extends EventEmitter {
+    /** Whether the monitor is currently running / 監控器是否正在執行 */
+    private running;
+    /** Child process for log streaming / 用於日誌串流的子程序 */
+    private childProcess?;
+    /** Monitor configuration / 監控配置 */
+    private config;
+    /**
+     * Create a new LogMonitor instance
+     * 建立新的 LogMonitor 實例
+     *
+     * @param config - Optional configuration / 可選配置
+     */
+    constructor(config?: LogMonitorConfig);
+    /**
+     * Start monitoring system logs
+     * 開始監控系統日誌
+     *
+     * Spawns the appropriate OS-level log monitoring process:
+     * 產生適當的作業系統級日誌監控程序：
+     * - macOS: `log stream --style json --predicate 'eventType == logEvent'`
+     * - Linux: `tail -F /var/log/auth.log /var/log/syslog`
+     * - Windows: `wevtutil qe Security /f:text /rd:true /c:1`
+     */
+    start(): void;
+    /**
+     * Stop monitoring system logs and clean up child processes
+     * 停止監控系統日誌並清理子程序
+     */
+    stop(): void;
+    /**
+     * Check if the monitor is currently running
+     * 檢查監控器是否正在執行
+     *
+     * @returns True if running / 如果正在執行則為 true
+     */
+    isRunning(): boolean;
+    /**
+     * Start macOS log stream monitoring
+     * 啟動 macOS 日誌串流監控
+     */
+    private startMacOS;
+    /**
+     * Start Linux log tail monitoring
+     * 啟動 Linux 日誌尾部監控
+     */
+    private startLinux;
+    /**
+     * Start Windows event log monitoring
+     * 啟動 Windows 事件日誌監控
+     */
+    private startWindows;
+    /**
+     * Attach error and exit handlers to the child process
+     * 將錯誤和退出處理器附加到子程序
+     *
+     * @param label - Label for logging / 用於日誌記錄的標籤
+     */
+    private attachProcessHandlers;
+    /**
+     * Parse stdout from the child process line by line
+     * 逐行解析子程序的標準輸出
+     *
+     * @param handler - Callback for each line / 每行的回呼函式
+     */
+    private parseOutputStream;
+}
+export {};
+//# sourceMappingURL=log-monitor.d.ts.map

package/dist/monitor/log-monitor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"log-monitor.d.ts","sourceRoot":"","sources":["../../src/monitor/log-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAU3C;;;GAGG;AACH,UAAU,gBAAgB;IACxB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,UAAW,SAAQ,YAAY;IAC1C,2DAA2D;IAC3D,OAAO,CAAC,OAAO,CAAS;IACxB,mDAAmD;IACnD,OAAO,CAAC,YAAY,CAAC,CAAe;IACpC,mCAAmC;IACnC,OAAO,CAAC,MAAM,CAAmB;IAEjC;;;;;OAKG;gBACS,MAAM,CAAC,EAAE,gBAAgB;IAKrC;;;;;;;;;OASG;IACH,KAAK,IAAI,IAAI;IA8Bb;;;OAGG;IACH,IAAI,IAAI,IAAI;IAqCZ;;;;;OAKG;IACH,SAAS,IAAI,OAAO;IAIpB;;;OAGG;IACH,OAAO,CAAC,UAAU;IAqClB;;;OAGG;IACH,OAAO,CAAC,UAAU;IAiBlB;;;OAGG;IACH,OAAO,CAAC,YAAY;IAepB;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAsB7B;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;CAc1B"}