npm - @panguard-ai/core - Versions diffs - 0.1.0 - Mend

@panguard-ai/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (233) hide show

package/dist/adapters/adapter-registry.d.ts +150 -0
package/dist/adapters/adapter-registry.d.ts.map +1 -0
package/dist/adapters/adapter-registry.js +271 -0
package/dist/adapters/adapter-registry.js.map +1 -0
package/dist/adapters/base-adapter.d.ts +101 -0
package/dist/adapters/base-adapter.d.ts.map +1 -0
package/dist/adapters/base-adapter.js +160 -0
package/dist/adapters/base-adapter.js.map +1 -0
package/dist/adapters/defender-adapter.d.ts +90 -0
package/dist/adapters/defender-adapter.d.ts.map +1 -0
package/dist/adapters/defender-adapter.js +227 -0
package/dist/adapters/defender-adapter.js.map +1 -0
package/dist/adapters/index.d.ts +22 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +23 -0
package/dist/adapters/index.js.map +1 -0
package/dist/adapters/syslog-adapter.d.ts +207 -0
package/dist/adapters/syslog-adapter.d.ts.map +1 -0
package/dist/adapters/syslog-adapter.js +432 -0
package/dist/adapters/syslog-adapter.js.map +1 -0
package/dist/adapters/types.d.ts +135 -0
package/dist/adapters/types.d.ts.map +1 -0
package/dist/adapters/types.js +13 -0
package/dist/adapters/types.js.map +1 -0
package/dist/adapters/wazuh-adapter.d.ts +120 -0
package/dist/adapters/wazuh-adapter.d.ts.map +1 -0
package/dist/adapters/wazuh-adapter.js +266 -0
package/dist/adapters/wazuh-adapter.js.map +1 -0
package/dist/ai/claude-provider.d.ts +66 -0
package/dist/ai/claude-provider.d.ts.map +1 -0
package/dist/ai/claude-provider.js +166 -0
package/dist/ai/claude-provider.js.map +1 -0
package/dist/ai/funnel-router.d.ts +75 -0
package/dist/ai/funnel-router.d.ts.map +1 -0
package/dist/ai/funnel-router.js +173 -0
package/dist/ai/funnel-router.js.map +1 -0
package/dist/ai/index.d.ts +77 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +95 -0
package/dist/ai/index.js.map +1 -0
package/dist/ai/ollama-provider.d.ts +73 -0
package/dist/ai/ollama-provider.d.ts.map +1 -0
package/dist/ai/ollama-provider.js +200 -0
package/dist/ai/ollama-provider.js.map +1 -0
package/dist/ai/openai-provider.d.ts +70 -0
package/dist/ai/openai-provider.d.ts.map +1 -0
package/dist/ai/openai-provider.js +175 -0
package/dist/ai/openai-provider.js.map +1 -0
package/dist/ai/prompts/event-classifier.d.ts +25 -0
package/dist/ai/prompts/event-classifier.d.ts.map +1 -0
package/dist/ai/prompts/event-classifier.js +94 -0
package/dist/ai/prompts/event-classifier.js.map +1 -0
package/dist/ai/prompts/index.d.ts +13 -0
package/dist/ai/prompts/index.d.ts.map +1 -0
package/dist/ai/prompts/index.js +13 -0
package/dist/ai/prompts/index.js.map +1 -0
package/dist/ai/prompts/report-generator.d.ts +25 -0
package/dist/ai/prompts/report-generator.d.ts.map +1 -0
package/dist/ai/prompts/report-generator.js +131 -0
package/dist/ai/prompts/report-generator.js.map +1 -0
package/dist/ai/prompts/threat-analyzer.d.ts +26 -0
package/dist/ai/prompts/threat-analyzer.d.ts.map +1 -0
package/dist/ai/prompts/threat-analyzer.js +75 -0
package/dist/ai/prompts/threat-analyzer.js.map +1 -0
package/dist/ai/provider-base.d.ts +100 -0
package/dist/ai/provider-base.d.ts.map +1 -0
package/dist/ai/provider-base.js +166 -0
package/dist/ai/provider-base.js.map +1 -0
package/dist/ai/response-parser.d.ts +36 -0
package/dist/ai/response-parser.d.ts.map +1 -0
package/dist/ai/response-parser.js +195 -0
package/dist/ai/response-parser.js.map +1 -0
package/dist/ai/token-tracker.d.ts +72 -0
package/dist/ai/token-tracker.d.ts.map +1 -0
package/dist/ai/token-tracker.js +145 -0
package/dist/ai/token-tracker.js.map +1 -0
package/dist/ai/types.d.ts +138 -0
package/dist/ai/types.d.ts.map +1 -0
package/dist/ai/types.js +12 -0
package/dist/ai/types.js.map +1 -0
package/dist/cli/index.d.ts +146 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +515 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/prompts.d.ts +58 -0
package/dist/cli/prompts.d.ts.map +1 -0
package/dist/cli/prompts.js +327 -0
package/dist/cli/prompts.js.map +1 -0
package/dist/cli/wizard.d.ts +58 -0
package/dist/cli/wizard.d.ts.map +1 -0
package/dist/cli/wizard.js +200 -0
package/dist/cli/wizard.js.map +1 -0
package/dist/discovery/firewall-checker.d.ts +28 -0
package/dist/discovery/firewall-checker.d.ts.map +1 -0
package/dist/discovery/firewall-checker.js +379 -0
package/dist/discovery/firewall-checker.js.map +1 -0
package/dist/discovery/index.d.ts +23 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +29 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/network-scanner.d.ts +60 -0
package/dist/discovery/network-scanner.d.ts.map +1 -0
package/dist/discovery/network-scanner.js +640 -0
package/dist/discovery/network-scanner.js.map +1 -0
package/dist/discovery/os-detector.d.ts +24 -0
package/dist/discovery/os-detector.d.ts.map +1 -0
package/dist/discovery/os-detector.js +253 -0
package/dist/discovery/os-detector.js.map +1 -0
package/dist/discovery/osquery-provider.d.ts +127 -0
package/dist/discovery/osquery-provider.d.ts.map +1 -0
package/dist/discovery/osquery-provider.js +214 -0
package/dist/discovery/osquery-provider.js.map +1 -0
package/dist/discovery/risk-scorer.d.ts +66 -0
package/dist/discovery/risk-scorer.d.ts.map +1 -0
package/dist/discovery/risk-scorer.js +294 -0
package/dist/discovery/risk-scorer.js.map +1 -0
package/dist/discovery/security-tools.d.ts +31 -0
package/dist/discovery/security-tools.d.ts.map +1 -0
package/dist/discovery/security-tools.js +346 -0
package/dist/discovery/security-tools.js.map +1 -0
package/dist/discovery/service-detector.d.ts +28 -0
package/dist/discovery/service-detector.d.ts.map +1 -0
package/dist/discovery/service-detector.js +300 -0
package/dist/discovery/service-detector.js.map +1 -0
package/dist/discovery/types.d.ts +502 -0
package/dist/discovery/types.d.ts.map +1 -0
package/dist/discovery/types.js +12 -0
package/dist/discovery/types.js.map +1 -0
package/dist/discovery/user-auditor.d.ts +28 -0
package/dist/discovery/user-auditor.d.ts.map +1 -0
package/dist/discovery/user-auditor.js +385 -0
package/dist/discovery/user-auditor.js.map +1 -0
package/dist/i18n/config.d.ts +45 -0
package/dist/i18n/config.d.ts.map +1 -0
package/dist/i18n/config.js +135 -0
package/dist/i18n/config.js.map +1 -0
package/dist/i18n/index.d.ts +8 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +8 -0
package/dist/i18n/index.js.map +1 -0
package/dist/index.d.ts +31 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/monitor/event-normalizer.d.ts +102 -0
package/dist/monitor/event-normalizer.d.ts.map +1 -0
package/dist/monitor/event-normalizer.js +195 -0
package/dist/monitor/event-normalizer.js.map +1 -0
package/dist/monitor/file-monitor.d.ts +90 -0
package/dist/monitor/file-monitor.d.ts.map +1 -0
package/dist/monitor/file-monitor.js +222 -0
package/dist/monitor/file-monitor.js.map +1 -0
package/dist/monitor/index.d.ts +147 -0
package/dist/monitor/index.d.ts.map +1 -0
package/dist/monitor/index.js +293 -0
package/dist/monitor/index.js.map +1 -0
package/dist/monitor/log-monitor.d.ts +102 -0
package/dist/monitor/log-monitor.d.ts.map +1 -0
package/dist/monitor/log-monitor.js +245 -0
package/dist/monitor/log-monitor.js.map +1 -0
package/dist/monitor/network-monitor.d.ts +103 -0
package/dist/monitor/network-monitor.d.ts.map +1 -0
package/dist/monitor/network-monitor.js +336 -0
package/dist/monitor/network-monitor.js.map +1 -0
package/dist/monitor/process-monitor.d.ts +108 -0
package/dist/monitor/process-monitor.d.ts.map +1 -0
package/dist/monitor/process-monitor.js +245 -0
package/dist/monitor/process-monitor.js.map +1 -0
package/dist/monitor/threat-intel-feeds.d.ts +141 -0
package/dist/monitor/threat-intel-feeds.d.ts.map +1 -0
package/dist/monitor/threat-intel-feeds.js +430 -0
package/dist/monitor/threat-intel-feeds.js.map +1 -0
package/dist/monitor/threat-intel.d.ts +83 -0
package/dist/monitor/threat-intel.d.ts.map +1 -0
package/dist/monitor/threat-intel.js +215 -0
package/dist/monitor/threat-intel.js.map +1 -0
package/dist/monitor/types.d.ts +65 -0
package/dist/monitor/types.d.ts.map +1 -0
package/dist/monitor/types.js +20 -0
package/dist/monitor/types.js.map +1 -0
package/dist/rules/index.d.ts +115 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +244 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/rule-loader.d.ts +54 -0
package/dist/rules/rule-loader.d.ts.map +1 -0
package/dist/rules/rule-loader.js +167 -0
package/dist/rules/rule-loader.js.map +1 -0
package/dist/rules/sigma-matcher.d.ts +40 -0
package/dist/rules/sigma-matcher.d.ts.map +1 -0
package/dist/rules/sigma-matcher.js +447 -0
package/dist/rules/sigma-matcher.js.map +1 -0
package/dist/rules/sigma-parser.d.ts +36 -0
package/dist/rules/sigma-parser.d.ts.map +1 -0
package/dist/rules/sigma-parser.js +180 -0
package/dist/rules/sigma-parser.js.map +1 -0
package/dist/rules/types.d.ts +112 -0
package/dist/rules/types.d.ts.map +1 -0
package/dist/rules/types.js +11 -0
package/dist/rules/types.js.map +1 -0
package/dist/rules/yara-scanner.d.ts +103 -0
package/dist/rules/yara-scanner.d.ts.map +1 -0
package/dist/rules/yara-scanner.js +421 -0
package/dist/rules/yara-scanner.js.map +1 -0
package/dist/scoring/achievements.d.ts +76 -0
package/dist/scoring/achievements.d.ts.map +1 -0
package/dist/scoring/achievements.js +211 -0
package/dist/scoring/achievements.js.map +1 -0
package/dist/scoring/index.d.ts +3 -0
package/dist/scoring/index.d.ts.map +1 -0
package/dist/scoring/index.js +3 -0
package/dist/scoring/index.js.map +1 -0
package/dist/scoring/security-score.d.ts +60 -0
package/dist/scoring/security-score.d.ts.map +1 -0
package/dist/scoring/security-score.js +211 -0
package/dist/scoring/security-score.js.map +1 -0
package/dist/types.d.ts +71 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +8 -0
package/dist/types.js.map +1 -0
package/dist/utils/index.d.ts +10 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +9 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +38 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +71 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/validation.d.ts +35 -0
package/dist/utils/validation.d.ts.map +1 -0
package/dist/utils/validation.js +56 -0
package/dist/utils/validation.js.map +1 -0
package/package.json +60 -0

package/dist/monitor/log-monitor.js ADDED Viewed

@@ -0,0 +1,245 @@
+/**
+ * System log monitoring via native OS log streams
+ * 透過原生作業系統日誌串流進行系統日誌監控
+ *
+ * Supports macOS (log stream), Linux (tail -F), and Windows (wevtutil).
+ * 支援 macOS (log stream)、Linux (tail -F) 和 Windows (wevtutil)。
+ *
+ * @module @panguard-ai/core/monitor/log-monitor
+ */
+import { EventEmitter } from 'node:events';
+import { spawn } from 'node:child_process';
+import { platform } from 'node:os';
+import { createInterface } from 'node:readline';
+import { createLogger } from '../utils/index.js';
+import { normalizeLogEvent } from './event-normalizer.js';
+const logger = createLogger('log-monitor');
+/**
+ * LogMonitor - monitors system logs in real-time using OS-native tools
+ * LogMonitor - 使用作業系統原生工具即時監控系統日誌
+ *
+ * Events emitted:
+ * - 'event': SecurityEvent - when a log line is captured / 當擷取到日誌行時
+ * - 'error': Error - when the monitoring process encounters an error / 當監控程序遇到錯誤時
+ *
+ * @example
+ * ```typescript
+ * const monitor = new LogMonitor();
+ * monitor.on('event', (event) => console.log(event));
+ * monitor.start();
+ * ```
+ */
+export class LogMonitor extends EventEmitter {
+    /** Whether the monitor is currently running / 監控器是否正在執行 */
+    running = false;
+    /** Child process for log streaming / 用於日誌串流的子程序 */
+    childProcess;
+    /** Monitor configuration / 監控配置 */
+    config;
+    /**
+     * Create a new LogMonitor instance
+     * 建立新的 LogMonitor 實例
+     *
+     * @param config - Optional configuration / 可選配置
+     */
+    constructor(config) {
+        super();
+        this.config = config ?? {};
+    }
+    /**
+     * Start monitoring system logs
+     * 開始監控系統日誌
+     *
+     * Spawns the appropriate OS-level log monitoring process:
+     * 產生適當的作業系統級日誌監控程序：
+     * - macOS: `log stream --style json --predicate 'eventType == logEvent'`
+     * - Linux: `tail -F /var/log/auth.log /var/log/syslog`
+     * - Windows: `wevtutil qe Security /f:text /rd:true /c:1`
+     */
+    start() {
+        if (this.running) {
+            logger.warn('LogMonitor is already running');
+            return;
+        }
+        const os = platform();
+        logger.info(`Starting log monitor on platform: ${os}`);
+        try {
+            if (os === 'darwin') {
+                this.startMacOS();
+            }
+            else if (os === 'linux') {
+                this.startLinux();
+            }
+            else if (os === 'win32') {
+                this.startWindows();
+            }
+            else {
+                logger.error(`Unsupported platform: ${os}`);
+                this.emit('error', new Error(`Unsupported platform: ${os}`));
+                return;
+            }
+            this.running = true;
+            logger.info('LogMonitor started successfully');
+        }
+        catch (err) {
+            logger.error('Failed to start LogMonitor', { error: String(err) });
+            this.emit('error', err instanceof Error ? err : new Error(String(err)));
+        }
+    }
+    /**
+     * Stop monitoring system logs and clean up child processes
+     * 停止監控系統日誌並清理子程序
+     */
+    stop() {
+        if (!this.running) {
+            logger.warn('LogMonitor is not running');
+            return;
+        }
+        if (this.childProcess) {
+            this.childProcess.removeAllListeners();
+            if (this.childProcess.stdout) {
+                this.childProcess.stdout.removeAllListeners();
+            }
+            if (this.childProcess.stderr) {
+                this.childProcess.stderr.removeAllListeners();
+            }
+            this.childProcess.kill('SIGTERM');
+            // Force kill after 3 seconds if still alive
+            // 如果仍在執行，3 秒後強制終止
+            const forceKillTimeout = setTimeout(() => {
+                if (this.childProcess && !this.childProcess.killed) {
+                    this.childProcess.kill('SIGKILL');
+                }
+            }, 3000);
+            this.childProcess.once('exit', () => {
+                clearTimeout(forceKillTimeout);
+            });
+            this.childProcess = undefined;
+        }
+        this.running = false;
+        logger.info('LogMonitor stopped');
+    }
+    /**
+     * Check if the monitor is currently running
+     * 檢查監控器是否正在執行
+     *
+     * @returns True if running / 如果正在執行則為 true
+     */
+    isRunning() {
+        return this.running;
+    }
+    /**
+     * Start macOS log stream monitoring
+     * 啟動 macOS 日誌串流監控
+     */
+    startMacOS() {
+        this.childProcess = spawn('log', [
+            'stream',
+            '--style',
+            'json',
+            '--predicate',
+            'eventType == logEvent',
+        ]);
+        this.attachProcessHandlers('macOS-log-stream');
+        this.parseOutputStream((line) => {
+            // macOS log stream JSON output: try to parse each line
+            // macOS 日誌串流 JSON 輸出：嘗試解析每一行
+            try {
+                const parsed = JSON.parse(line);
+                const message = typeof parsed['eventMessage'] === 'string' ? parsed['eventMessage'] : line;
+                const source = typeof parsed['senderImagePath'] === 'string' ? parsed['senderImagePath'] : 'macOS';
+                const timestamp = typeof parsed['timestamp'] === 'string' ? new Date(parsed['timestamp']) : new Date();
+                const event = normalizeLogEvent({ message, source, timestamp });
+                this.emit('event', event);
+            }
+            catch {
+                // Non-JSON line (e.g., header line), treat as plain text
+                // 非 JSON 行（例如標頭行），視為純文字處理
+                if (line.trim().length > 0 && !line.startsWith('Filtering')) {
+                    const event = normalizeLogEvent({
+                        message: line,
+                        source: 'macOS-log-stream',
+                    });
+                    this.emit('event', event);
+                }
+            }
+        });
+    }
+    /**
+     * Start Linux log tail monitoring
+     * 啟動 Linux 日誌尾部監控
+     */
+    startLinux() {
+        const logPaths = this.config.logPaths ?? ['/var/log/auth.log', '/var/log/syslog'];
+        this.childProcess = spawn('tail', ['-F', ...logPaths]);
+        this.attachProcessHandlers('linux-tail');
+        this.parseOutputStream((line) => {
+            if (line.trim().length > 0) {
+                const event = normalizeLogEvent({
+                    message: line,
+                    source: 'syslog',
+                });
+                this.emit('event', event);
+            }
+        });
+    }
+    /**
+     * Start Windows event log monitoring
+     * 啟動 Windows 事件日誌監控
+     */
+    startWindows() {
+        this.childProcess = spawn('wevtutil', ['qe', 'Security', '/f:text', '/rd:true', '/c:1']);
+        this.attachProcessHandlers('windows-wevtutil');
+        this.parseOutputStream((line) => {
+            if (line.trim().length > 0) {
+                const event = normalizeLogEvent({
+                    message: line,
+                    source: 'windows-event',
+                });
+                this.emit('event', event);
+            }
+        });
+    }
+    /**
+     * Attach error and exit handlers to the child process
+     * 將錯誤和退出處理器附加到子程序
+     *
+     * @param label - Label for logging / 用於日誌記錄的標籤
+     */
+    attachProcessHandlers(label) {
+        if (!this.childProcess)
+            return;
+        this.childProcess.on('error', (err) => {
+            logger.error(`${label} process error: ${err.message}`);
+            this.running = false;
+            this.emit('error', err);
+        });
+        this.childProcess.on('exit', (code, signal) => {
+            logger.info(`${label} process exited`, { code, signal });
+            if (this.running) {
+                // Unexpected exit / 意外退出
+                this.running = false;
+                this.emit('error', new Error(`${label} process exited unexpectedly (code: ${code}, signal: ${signal})`));
+            }
+        });
+    }
+    /**
+     * Parse stdout from the child process line by line
+     * 逐行解析子程序的標準輸出
+     *
+     * @param handler - Callback for each line / 每行的回呼函式
+     */
+    parseOutputStream(handler) {
+        if (!this.childProcess?.stdout)
+            return;
+        const rl = createInterface({
+            input: this.childProcess.stdout,
+            crlfDelay: Infinity,
+        });
+        rl.on('line', handler);
+        rl.on('error', (err) => {
+            logger.error(`Readline error: ${err.message}`);
+        });
+    }
+}
+//# sourceMappingURL=log-monitor.js.map

package/dist/monitor/log-monitor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"log-monitor.js","sourceRoot":"","sources":["../../src/monitor/log-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE1D,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;AAW3C;;;;;;;;;;;;;;GAcG;AACH,MAAM,OAAO,UAAW,SAAQ,YAAY;IAC1C,2DAA2D;IACnD,OAAO,GAAG,KAAK,CAAC;IACxB,mDAAmD;IAC3C,YAAY,CAAgB;IACpC,mCAAmC;IAC3B,MAAM,CAAmB;IAEjC;;;;;OAKG;IACH,YAAY,MAAyB;QACnC,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,CAAC,CAAC;QAEvD,IAAI,CAAC;YACH,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;gBACpB,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,CAAC;iBAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;gBAC1B,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,CAAC;iBAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;gBAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAC;gBAC5C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,KAAK,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAC,CAAC;gBAC7D,OAAO;YACT,CAAC;YAED,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YACzC,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,CAAC;YAEvC,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBAC7B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAChD,CAAC;YACD,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBAC7B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAChD,CAAC;YAED,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAElC,4CAA4C;YAC5C,kBAAkB;YAClB,MAAM,gBAAgB,GAAG,UAAU,CAAC,GAAG,EAAE;gBACvC,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;oBACnD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC,EAAE,IAAI,CAAC,CAAC;YAET,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE;gBAClC,YAAY,CAAC,gBAAgB,CAAC,CAAC;YACjC,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QAChC,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACpC,CAAC;IAED;;;;;OAKG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;OAGG;IACK,UAAU;QAChB,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,KAAK,EAAE;YAC/B,QAAQ;YACR,SAAS;YACT,MAAM;YACN,aAAa;YACb,uBAAuB;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;QAC/C,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAY,EAAE,EAAE;YACtC,uDAAuD;YACvD,6BAA6B;YAC7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;gBAC3D,MAAM,OAAO,GAAG,OAAO,MAAM,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC3F,MAAM,MAAM,GACV,OAAO,MAAM,CAAC,iBAAiB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBACtF,MAAM,SAAS,GACb,OAAO,MAAM,CAAC,WAAW,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;gBAEvF,MAAM,KAAK,GAAG,iBAAiB,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;gBAChE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,yDAAyD;gBACzD,0BAA0B;gBAC1B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC5D,MAAM,KAAK,GAAG,iBAAiB,CAAC;wBAC9B,OAAO,EAAE,IAAI;wBACb,MAAM,EAAE,kBAAkB;qBAC3B,CAAC,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,UAAU;QAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAC;QAElF,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC;QAEvD,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACzC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAY,EAAE,EAAE;YACtC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,KAAK,GAAG,iBAAiB,CAAC;oBAC9B,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,QAAQ;iBACjB,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,YAAY;QAClB,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QAEzF,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;QAC/C,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAY,EAAE,EAAE;YACtC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,KAAK,GAAG,iBAAiB,CAAC;oBAC9B,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,eAAe;iBACxB,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACK,qBAAqB,CAAC,KAAa;QACzC,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO;QAE/B,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC3C,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,mBAAmB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACvD,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;YACrB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAmB,EAAE,MAAqB,EAAE,EAAE;YAC1E,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YACzD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,yBAAyB;gBACzB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;gBACrB,IAAI,CAAC,IAAI,CACP,OAAO,EACP,IAAI,KAAK,CAAC,GAAG,KAAK,uCAAuC,IAAI,aAAa,MAAM,GAAG,CAAC,CACrF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACK,iBAAiB,CAAC,OAA+B;QACvD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM;YAAE,OAAO;QAEvC,MAAM,EAAE,GAAG,eAAe,CAAC;YACzB,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,MAAM;YAC/B,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QAEH,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAEvB,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC5B,MAAM,CAAC,KAAK,CAAC,mBAAmB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/monitor/network-monitor.d.ts ADDED Viewed

@@ -0,0 +1,103 @@
+/**
+ * Network connection monitoring via polling
+ * 透過輪詢進行網路連線監控
+ *
+ * Periodically polls active network connections and emits events
+ * for newly established or closed connections.
+ * 定期輪詢活躍網路連線，並為新建立或關閉的連線發出事件。
+ *
+ * @module @panguard-ai/core/monitor/network-monitor
+ */
+import { EventEmitter } from 'node:events';
+import type { ActiveConnection } from '../discovery/types.js';
+/**
+ * NetworkMonitor - monitors active network connections by polling OS tools
+ * NetworkMonitor - 透過輪詢作業系統工具監控活躍網路連線
+ *
+ * Events emitted:
+ * - 'new_connection': SecurityEvent - when a new connection is detected / 當偵測到新連線時
+ * - 'closed_connection': SecurityEvent - when a connection is closed / 當連線關閉時
+ * - 'error': Error - when polling encounters an error / 當輪詢遇到錯誤時
+ *
+ * @example
+ * ```typescript
+ * const monitor = new NetworkMonitor(30000);
+ * monitor.on('new_connection', (event) => console.log('New:', event));
+ * monitor.on('closed_connection', (event) => console.log('Closed:', event));
+ * monitor.start();
+ * ```
+ */
+export declare class NetworkMonitor extends EventEmitter {
+    /** Whether the monitor is currently running / 監控器是否正在執行 */
+    private running;
+    /** Polling timer / 輪詢計時器 */
+    private timer?;
+    /** Previous connection snapshot for diff detection / 用於差異偵測的先前連線快照 */
+    private previousConnections;
+    /** Polling interval in milliseconds / 輪詢間隔（毫秒） */
+    private pollInterval;
+    /**
+     * Create a new NetworkMonitor instance
+     * 建立新的 NetworkMonitor 實例
+     *
+     * @param pollInterval - Polling interval in ms (default 30000) / 輪詢間隔毫秒數（預設 30000）
+     */
+    constructor(pollInterval?: number);
+    /**
+     * Start polling for network connections
+     * 開始輪詢網路連線
+     */
+    start(): void;
+    /**
+     * Stop polling and clean up
+     * 停止輪詢並清理
+     */
+    stop(): void;
+    /**
+     * Check if the monitor is currently running
+     * 檢查監控器是否正在執行
+     *
+     * @returns True if running / 如果正在執行則為 true
+     */
+    isRunning(): boolean;
+    /**
+     * Poll current connections and emit events for changes
+     * 輪詢目前連線並為變更發出事件
+     */
+    private pollConnections;
+    /**
+     * Get current active network connections from the OS
+     * 從作業系統取得目前活躍的網路連線
+     *
+     * Uses platform-specific tools:
+     * 使用平台特定工具：
+     * - macOS: `lsof -i -P -n`
+     * - Linux: `ss -tnp`
+     * - Windows: `netstat -an`
+     *
+     * @returns Array of active connections / 活躍連線陣列
+     */
+    getCurrentConnections(): Promise<ActiveConnection[]>;
+    /**
+     * Parse macOS lsof output into ActiveConnection array
+     * 將 macOS lsof 輸出解析為 ActiveConnection 陣列
+     *
+     * @returns Parsed connections / 解析後的連線
+     */
+    private parseLsof;
+    /**
+     * Parse Linux ss output into ActiveConnection array
+     * 將 Linux ss 輸出解析為 ActiveConnection 陣列
+     *
+     * @returns Parsed connections / 解析後的連線
+     */
+    private parseSs;
+    /**
+     * Parse Windows netstat output into ActiveConnection array
+     * 將 Windows netstat 輸出解析為 ActiveConnection 陣列
+     *
+     * @returns Parsed connections / 解析後的連線
+     */
+    private parseNetstat;
+}
+//# sourceMappingURL=network-monitor.d.ts.map

package/dist/monitor/network-monitor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"network-monitor.d.ts","sourceRoot":"","sources":["../../src/monitor/network-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAO3C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAgB9D;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,cAAe,SAAQ,YAAY;IAC9C,2DAA2D;IAC3D,OAAO,CAAC,OAAO,CAAS;IACxB,4BAA4B;IAC5B,OAAO,CAAC,KAAK,CAAC,CAAiC;IAC/C,sEAAsE;IACtE,OAAO,CAAC,mBAAmB,CAA4C;IACvE,kDAAkD;IAClD,OAAO,CAAC,YAAY,CAAS;IAE7B;;;;;OAKG;gBACS,YAAY,SAAQ;IAKhC;;;OAGG;IACH,KAAK,IAAI,IAAI;IAiBb;;;OAGG;IACH,IAAI,IAAI,IAAI;IAgBZ;;;;;OAKG;IACH,SAAS,IAAI,OAAO;IAIpB;;;OAGG;YACW,eAAe;IA+C7B;;;;;;;;;;;OAWG;IACG,qBAAqB,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAoB1D;;;;;OAKG;YACW,SAAS;IAyDvB;;;;;OAKG;YACW,OAAO;IAmDrB;;;;;OAKG;YACW,YAAY;CAsC3B"}