@panguard-ai/core 0.1.0

package/dist/adapters/types.d.ts

@@ -0,0 +1,135 @@
+/**
+ * Security tool adapter type definitions
+ * 資安工具對接器型別定義
+ *
+ * Defines all interfaces used by security tool adapters for
+ * integrating with external security systems (Defender, Wazuh, Syslog, etc.).
+ * 定義資安工具對接器所使用的所有介面，用於與外部安全系統整合
+ * （Defender、Wazuh、Syslog 等）。
+ *
+ * @module @panguard-ai/core/adapters/types
+ */
+import type { SecurityEvent } from '../types.js';
+/**
+ * Configuration for a security adapter
+ * 安全對接器配置
+ */
+export interface AdapterConfig {
+    /**
+     * Whether this adapter is enabled
+     * 此對接器是否已啟用
+     */
+    enabled: boolean;
+    /**
+     * API endpoint URL (for REST-based adapters)
+     * API 端點 URL（用於基於 REST 的對接器）
+     */
+    endpoint?: string;
+    /**
+     * API key for authentication
+     * 用於認證的 API 金鑰
+     */
+    apiKey?: string;
+    /**
+     * Username for basic authentication
+     * 用於基本認證的使用者名稱
+     */
+    username?: string;
+    /**
+     * Password for basic authentication
+     * 用於基本認證的密碼
+     */
+    password?: string;
+    /**
+     * Polling interval in milliseconds for periodic alert collection
+     * 定期收集告警的輪詢間隔（毫秒）
+     */
+    pollInterval?: number;
+}
+/**
+ * Normalized alert from an external security tool
+ * 來自外部安全工具的正規化告警
+ */
+export interface AdapterAlert {
+    /**
+     * Unique alert identifier
+     * 唯一告警識別碼
+     */
+    id: string;
+    /**
+     * Alert timestamp (ISO 8601 string)
+     * 告警時間戳（ISO 8601 字串）
+     */
+    timestamp: string;
+    /**
+     * Severity level as string (mapped to Severity type in SecurityEvent)
+     * 嚴重等級字串（在 SecurityEvent 中映射為 Severity 型別）
+     */
+    severity: string;
+    /**
+     * Alert title / summary
+     * 告警標題/摘要
+     */
+    title: string;
+    /**
+     * Alert description with full details
+     * 告警描述及完整詳情
+     */
+    description: string;
+    /**
+     * Source system name (e.g. 'defender', 'wazuh', 'syslog')
+     * 來源系統名稱（例如 'defender'、'wazuh'、'syslog'）
+     */
+    source: string;
+    /**
+     * Raw alert data from the original source
+     * 來自原始來源的原始告警資料
+     */
+    raw?: unknown;
+}
+/**
+ * Common interface for all security tool adapters
+ * 所有安全工具對接器的通用介面
+ *
+ * Each adapter wraps a specific security tool or data source and provides
+ * a uniform way to check availability, retrieve alerts, and convert them
+ * to the standardized SecurityEvent format.
+ * 每個對接器包裝一個特定的安全工具或資料來源，提供統一的方式來
+ * 檢查可用性、取得告警，並將其轉換為標準化的 SecurityEvent 格式。
+ */
+export interface SecurityAdapter {
+    /**
+     * Human-readable adapter name (e.g. 'Windows Defender')
+     * 人類可讀的對接器名稱（例如 'Windows Defender'）
+     */
+    readonly name: string;
+    /**
+     * Adapter type identifier (e.g. 'antivirus', 'siem', 'syslog')
+     * 對接器類型識別碼（例如 'antivirus'、'siem'、'syslog'）
+     */
+    readonly type: string;
+    /**
+     * Check if the underlying security tool is available and reachable
+     * 檢查底層安全工具是否可用且可連線
+     *
+     * @returns True if available, false otherwise / 可用則回傳 true，否則 false
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * Retrieve alerts from the security tool
+     * 從安全工具取得告警
+     *
+     * @param since - Optional cutoff date; only return alerts after this time / 可選截止日期，僅回傳此時間之後的告警
+     * @returns Array of normalized adapter alerts / 正規化對接器告警陣列
+     */
+    getAlerts(since?: Date): Promise<AdapterAlert[]>;
+    /**
+     * Convert adapter alerts to standardized SecurityEvent format
+     * 將對接器告警轉換為標準化的 SecurityEvent 格式
+     *
+     * @param alerts - Array of adapter alerts to convert / 要轉換的對接器告警陣列
+     * @returns Array of SecurityEvent instances / SecurityEvent 實例陣列
+     */
+    toSecurityEvents(alerts: AdapterAlert[]): SecurityEvent[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/adapters/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAEjD;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;;OAGG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;;OAGG;IACH,EAAE,EAAE,MAAM,CAAC;IAEX;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;;;OAKG;IACH,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAEhC;;;;;;OAMG;IACH,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAEjD;;;;;;OAMG;IACH,gBAAgB,CAAC,MAAM,EAAE,YAAY,EAAE,GAAG,aAAa,EAAE,CAAC;CAC3D"}

package/dist/adapters/types.js

@@ -0,0 +1,13 @@
+/**
+ * Security tool adapter type definitions
+ * 資安工具對接器型別定義
+ *
+ * Defines all interfaces used by security tool adapters for
+ * integrating with external security systems (Defender, Wazuh, Syslog, etc.).
+ * 定義資安工具對接器所使用的所有介面，用於與外部安全系統整合
+ * （Defender、Wazuh、Syslog 等）。
+ *
+ * @module @panguard-ai/core/adapters/types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/adapters/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}

package/dist/adapters/wazuh-adapter.d.ts

@@ -0,0 +1,120 @@
+/**
+ * Wazuh REST API adapter
+ * Wazuh REST API 對接器
+ *
+ * Integrates with Wazuh SIEM/XDR platform via its REST API for
+ * alert retrieval and security event correlation.
+ * Handles authentication, connection failures, and alert normalization.
+ * 透過 REST API 與 Wazuh SIEM/XDR 平台整合，進行告警取得和安全事件關聯。
+ * 處理認證、連線失敗和告警正規化。
+ *
+ * @module @panguard-ai/core/adapters/wazuh-adapter
+ */
+import type { AdapterConfig, AdapterAlert } from './types.js';
+import { BaseAdapter } from './base-adapter.js';
+/**
+ * Wazuh REST API security adapter
+ * Wazuh REST API 安全對接器
+ *
+ * Connects to a Wazuh manager instance via its REST API to:
+ * - Authenticate using basic credentials or API key
+ * - Retrieve security alerts with optional time filtering
+ * - Convert Wazuh alerts to the standardized SecurityEvent format
+ *
+ * 連接到 Wazuh 管理器實例的 REST API 以：
+ * - 使用基本憑證或 API 金鑰進行認證
+ * - 取得安全告警（可選時間過濾）
+ * - 將 Wazuh 告警轉換為標準化的 SecurityEvent 格式
+ *
+ * @example
+ * ```typescript
+ * const adapter = new WazuhAdapter({
+ *   enabled: true,
+ *   endpoint: 'https://wazuh-manager:55000',
+ *   username: 'wazuh-wui',
+ *   password: 'wazuh-wui',
+ * });
+ *
+ * if (await adapter.isAvailable()) {
+ *   const alerts = await adapter.getAlerts(new Date(Date.now() - 3600000));
+ *   const events = adapter.toSecurityEvents(alerts);
+ * }
+ * ```
+ */
+export declare class WazuhAdapter extends BaseAdapter {
+    /** @inheritdoc */
+    readonly name = "Wazuh";
+    /** @inheritdoc */
+    readonly type = "siem";
+    /**
+     * Cached JWT token from Wazuh authentication
+     * 從 Wazuh 認證快取的 JWT 令牌
+     */
+    private authToken;
+    /**
+     * Token expiration timestamp
+     * 令牌到期時間戳
+     */
+    private tokenExpiry;
+    /**
+     * Create a new WazuhAdapter instance
+     * 建立新的 WazuhAdapter 實例
+     *
+     * @param config - Adapter configuration (merged with defaults) / 對接器配置（與預設值合併）
+     */
+    constructor(config?: Partial<AdapterConfig>);
+    /**
+     * Get the configured Wazuh API endpoint
+     * 取得已配置的 Wazuh API 端點
+     *
+     * @returns Endpoint URL without trailing slash / 不含末尾斜線的端點 URL
+     */
+    private get endpoint();
+    /**
+     * Authenticate with the Wazuh API and obtain a JWT token
+     * 與 Wazuh API 認證並取得 JWT 令牌
+     *
+     * Uses basic authentication (username:password) to obtain a bearer token
+     * from the /security/user/authenticate endpoint.
+     * 使用基本認證（使用者名稱:密碼）從 /security/user/authenticate 端點取得 bearer 令牌。
+     *
+     * @returns JWT token string / JWT 令牌字串
+     * @throws Error if authentication fails / 認證失敗時拋出錯誤
+     */
+    private authenticate;
+    /**
+     * Make an authenticated request to the Wazuh API
+     * 向 Wazuh API 發送已認證的請求
+     *
+     * @param path - API path (appended to endpoint) / API 路徑（附加到端點）
+     * @param params - Optional URL search parameters / 可選的 URL 搜尋參數
+     * @returns Parsed JSON response / 解析後的 JSON 回應
+     */
+    private apiRequest;
+    /**
+     * Check if the Wazuh API is available and reachable
+     * 檢查 Wazuh API 是否可用且可連線
+     *
+     * Attempts to authenticate with the configured endpoint.
+     * Returns false if authentication fails or endpoint is unreachable.
+     * 嘗試與已配置的端點進行認證。
+     * 若認證失敗或端點不可連線，則回傳 false。
+     *
+     * @returns True if Wazuh is available / 若 Wazuh 可用則回傳 true
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * Retrieve alerts from the Wazuh API
+     * 從 Wazuh API 取得告警
+     *
+     * Fetches up to 500 alerts from the /alerts endpoint, optionally
+     * filtered by timestamp. Handles connection errors gracefully.
+     * 從 /alerts 端點取得最多 500 筆告警，可選依時間戳過濾。
+     * 優雅地處理連線錯誤。
+     *
+     * @param since - Optional cutoff date; only return alerts after this time / 可選截止日期，僅回傳此時間之後的告警
+     * @returns Array of normalized adapter alerts / 正規化對接器告警陣列
+     */
+    getAlerts(since?: Date): Promise<AdapterAlert[]>;
+}
+//# sourceMappingURL=wazuh-adapter.d.ts.map

package/dist/adapters/wazuh-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wazuh-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/wazuh-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAsFhD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,qBAAa,YAAa,SAAQ,WAAW;IAC3C,kBAAkB;IAClB,QAAQ,CAAC,IAAI,WAAW;IAExB,kBAAkB;IAClB,QAAQ,CAAC,IAAI,UAAU;IAEvB;;;OAGG;IACH,OAAO,CAAC,SAAS,CAAuB;IAExC;;;OAGG;IACH,OAAO,CAAC,WAAW,CAAa;IAEhC;;;;;OAKG;gBACS,MAAM,GAAE,OAAO,CAAC,aAAa,CAAM;IAK/C;;;;;OAKG;IACH,OAAO,KAAK,QAAQ,GAEnB;IAED;;;;;;;;;;OAUG;YACW,YAAY;IA2C1B;;;;;;;OAOG;YACW,UAAU;IA2BxB;;;;;;;;;;OAUG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAarC;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;CAqDvD"}

package/dist/adapters/wazuh-adapter.js

@@ -0,0 +1,266 @@
+/**
+ * Wazuh REST API adapter
+ * Wazuh REST API 對接器
+ *
+ * Integrates with Wazuh SIEM/XDR platform via its REST API for
+ * alert retrieval and security event correlation.
+ * Handles authentication, connection failures, and alert normalization.
+ * 透過 REST API 與 Wazuh SIEM/XDR 平台整合，進行告警取得和安全事件關聯。
+ * 處理認證、連線失敗和告警正規化。
+ *
+ * @module @panguard-ai/core/adapters/wazuh-adapter
+ */
+import { randomUUID } from 'node:crypto';
+import { BaseAdapter } from './base-adapter.js';
+/**
+ * Default configuration for the Wazuh adapter
+ * Wazuh 對接器的預設配置
+ */
+const DEFAULT_WAZUH_CONFIG = {
+    enabled: true,
+    endpoint: process.env['WAZUH_API_URL'] ?? 'https://localhost:55000',
+    username: process.env['WAZUH_API_USER'] ?? '',
+    password: process.env['WAZUH_API_PASS'] ?? '',
+    pollInterval: 30000,
+};
+/**
+ * Map Wazuh rule level (0-15) to severity string
+ * 將 Wazuh 規則等級 (0-15) 映射為嚴重等級字串
+ *
+ * Wazuh levels: 0-3 info, 4-7 low, 8-11 medium, 12-14 high, 15 critical
+ * Wazuh 等級：0-3 資訊，4-7 低，8-11 中，12-14 高，15 重大
+ *
+ * @param level - Wazuh rule level / Wazuh 規則等級
+ * @returns Severity string / 嚴重等級字串
+ */
+function mapWazuhLevel(level) {
+    if (level >= 15)
+        return 'critical';
+    if (level >= 12)
+        return 'high';
+    if (level >= 8)
+        return 'medium';
+    if (level >= 4)
+        return 'low';
+    return 'info';
+}
+/**
+ * Wazuh REST API security adapter
+ * Wazuh REST API 安全對接器
+ *
+ * Connects to a Wazuh manager instance via its REST API to:
+ * - Authenticate using basic credentials or API key
+ * - Retrieve security alerts with optional time filtering
+ * - Convert Wazuh alerts to the standardized SecurityEvent format
+ *
+ * 連接到 Wazuh 管理器實例的 REST API 以：
+ * - 使用基本憑證或 API 金鑰進行認證
+ * - 取得安全告警（可選時間過濾）
+ * - 將 Wazuh 告警轉換為標準化的 SecurityEvent 格式
+ *
+ * @example
+ * ```typescript
+ * const adapter = new WazuhAdapter({
+ *   enabled: true,
+ *   endpoint: 'https://wazuh-manager:55000',
+ *   username: 'wazuh-wui',
+ *   password: 'wazuh-wui',
+ * });
+ *
+ * if (await adapter.isAvailable()) {
+ *   const alerts = await adapter.getAlerts(new Date(Date.now() - 3600000));
+ *   const events = adapter.toSecurityEvents(alerts);
+ * }
+ * ```
+ */
+export class WazuhAdapter extends BaseAdapter {
+    /** @inheritdoc */
+    name = 'Wazuh';
+    /** @inheritdoc */
+    type = 'siem';
+    /**
+     * Cached JWT token from Wazuh authentication
+     * 從 Wazuh 認證快取的 JWT 令牌
+     */
+    authToken = null;
+    /**
+     * Token expiration timestamp
+     * 令牌到期時間戳
+     */
+    tokenExpiry = 0;
+    /**
+     * Create a new WazuhAdapter instance
+     * 建立新的 WazuhAdapter 實例
+     *
+     * @param config - Adapter configuration (merged with defaults) / 對接器配置（與預設值合併）
+     */
+    constructor(config = {}) {
+        const merged = { ...DEFAULT_WAZUH_CONFIG, ...config };
+        super('adapter-wazuh', merged);
+    }
+    /**
+     * Get the configured Wazuh API endpoint
+     * 取得已配置的 Wazuh API 端點
+     *
+     * @returns Endpoint URL without trailing slash / 不含末尾斜線的端點 URL
+     */
+    get endpoint() {
+        return (this.config.endpoint ?? DEFAULT_WAZUH_CONFIG.endpoint).replace(/\/+$/, '');
+    }
+    /**
+     * Authenticate with the Wazuh API and obtain a JWT token
+     * 與 Wazuh API 認證並取得 JWT 令牌
+     *
+     * Uses basic authentication (username:password) to obtain a bearer token
+     * from the /security/user/authenticate endpoint.
+     * 使用基本認證（使用者名稱:密碼）從 /security/user/authenticate 端點取得 bearer 令牌。
+     *
+     * @returns JWT token string / JWT 令牌字串
+     * @throws Error if authentication fails / 認證失敗時拋出錯誤
+     */
+    async authenticate() {
+        // Return cached token if still valid (with 60s buffer)
+        // 若快取令牌仍有效（含 60 秒緩衝），則回傳快取令牌
+        if (this.authToken && Date.now() < this.tokenExpiry - 60000) {
+            return this.authToken;
+        }
+        const username = this.config.username ?? '';
+        const password = this.config.password ?? '';
+        const credentials = Buffer.from(`${username}:${password}`).toString('base64');
+        const url = `${this.endpoint}/security/user/authenticate`;
+        this.logger.debug('Authenticating with Wazuh API', { url });
+        const response = await fetch(url, {
+            method: 'POST',
+            headers: {
+                Authorization: `Basic ${credentials}`,
+                'Content-Type': 'application/json',
+            },
+        });
+        if (!response.ok) {
+            throw new Error(`Wazuh authentication failed: ${response.status} ${response.statusText}`);
+        }
+        const body = (await response.json());
+        const token = body.data?.token;
+        if (!token) {
+            throw new Error('Wazuh authentication response did not contain a token');
+        }
+        this.authToken = token;
+        // Wazuh tokens typically expire in 900s (15 min)
+        // Wazuh 令牌通常在 900 秒（15 分鐘）後到期
+        this.tokenExpiry = Date.now() + 900000;
+        this.logger.info('Successfully authenticated with Wazuh API');
+        return token;
+    }
+    /**
+     * Make an authenticated request to the Wazuh API
+     * 向 Wazuh API 發送已認證的請求
+     *
+     * @param path - API path (appended to endpoint) / API 路徑（附加到端點）
+     * @param params - Optional URL search parameters / 可選的 URL 搜尋參數
+     * @returns Parsed JSON response / 解析後的 JSON 回應
+     */
+    async apiRequest(path, params) {
+        const token = await this.authenticate();
+        const url = new URL(`${this.endpoint}${path}`);
+        if (params) {
+            for (const [key, value] of Object.entries(params)) {
+                url.searchParams.set(key, value);
+            }
+        }
+        const response = await fetch(url.toString(), {
+            method: 'GET',
+            headers: {
+                Authorization: `Bearer ${token}`,
+                'Content-Type': 'application/json',
+            },
+        });
+        if (!response.ok) {
+            throw new Error(`Wazuh API request failed: ${response.status} ${response.statusText} for ${path}`);
+        }
+        return (await response.json());
+    }
+    /**
+     * Check if the Wazuh API is available and reachable
+     * 檢查 Wazuh API 是否可用且可連線
+     *
+     * Attempts to authenticate with the configured endpoint.
+     * Returns false if authentication fails or endpoint is unreachable.
+     * 嘗試與已配置的端點進行認證。
+     * 若認證失敗或端點不可連線，則回傳 false。
+     *
+     * @returns True if Wazuh is available / 若 Wazuh 可用則回傳 true
+     */
+    async isAvailable() {
+        try {
+            await this.authenticate();
+            return true;
+        }
+        catch (err) {
+            this.logger.warn('Wazuh API is not available', {
+                endpoint: this.endpoint,
+                error: err instanceof Error ? err.message : String(err),
+            });
+            return false;
+        }
+    }
+    /**
+     * Retrieve alerts from the Wazuh API
+     * 從 Wazuh API 取得告警
+     *
+     * Fetches up to 500 alerts from the /alerts endpoint, optionally
+     * filtered by timestamp. Handles connection errors gracefully.
+     * 從 /alerts 端點取得最多 500 筆告警，可選依時間戳過濾。
+     * 優雅地處理連線錯誤。
+     *
+     * @param since - Optional cutoff date; only return alerts after this time / 可選截止日期，僅回傳此時間之後的告警
+     * @returns Array of normalized adapter alerts / 正規化對接器告警陣列
+     */
+    async getAlerts(since) {
+        try {
+            const params = {
+                offset: '0',
+                limit: '500',
+            };
+            if (since) {
+                // Wazuh API query filter format: timestamp>ISO_DATE
+                // Wazuh API 查詢過濾格式：timestamp>ISO_DATE
+                params['q'] = `timestamp>${since.toISOString()}`;
+            }
+            const response = await this.apiRequest('/alerts', params);
+            const items = response.data?.affected_items ?? [];
+            if (items.length === 0) {
+                this.logger.debug('No alerts returned from Wazuh');
+                return [];
+            }
+            const alerts = items.map((item) => ({
+                id: item.id ?? item.rule?.id ?? randomUUID(),
+                timestamp: item.timestamp ?? new Date().toISOString(),
+                severity: mapWazuhLevel(item.rule?.level ?? 0),
+                title: item.rule?.description ?? 'Wazuh Alert',
+                description: [
+                    item.rule?.description ?? '',
+                    item.full_log ? `Log: ${item.full_log}` : '',
+                    item.agent?.name ? `Agent: ${item.agent.name}` : '',
+                    item.rule?.groups?.length ? `Groups: ${item.rule.groups.join(', ')}` : '',
+                ]
+                    .filter(Boolean)
+                    .join(' | '),
+                source: 'wazuh',
+                raw: item,
+            }));
+            this.logger.info(`Retrieved ${alerts.length} alerts from Wazuh`, {
+                total: response.data?.total_affected_items ?? alerts.length,
+                returned: alerts.length,
+            });
+            return alerts;
+        }
+        catch (err) {
+            this.logger.warn('Failed to retrieve alerts from Wazuh', {
+                endpoint: this.endpoint,
+                error: err instanceof Error ? err.message : String(err),
+            });
+            return [];
+        }
+    }
+}
+//# sourceMappingURL=wazuh-adapter.js.map

package/dist/adapters/wazuh-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wazuh-adapter.js","sourceRoot":"","sources":["../../src/adapters/wazuh-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;GAGG;AACH,MAAM,oBAAoB,GAAkB;IAC1C,OAAO,EAAE,IAAI;IACb,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,yBAAyB;IACnE,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE;IAC7C,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE;IAC7C,YAAY,EAAE,KAAK;CACpB,CAAC;AAwDF;;;;;;;;;GASG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,UAAU,CAAC;IACnC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IAC/B,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IAChC,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,OAAO,YAAa,SAAQ,WAAW;IAC3C,kBAAkB;IACT,IAAI,GAAG,OAAO,CAAC;IAExB,kBAAkB;IACT,IAAI,GAAG,MAAM,CAAC;IAEvB;;;OAGG;IACK,SAAS,GAAkB,IAAI,CAAC;IAExC;;;OAGG;IACK,WAAW,GAAW,CAAC,CAAC;IAEhC;;;;;OAKG;IACH,YAAY,SAAiC,EAAE;QAC7C,MAAM,MAAM,GAAkB,EAAE,GAAG,oBAAoB,EAAE,GAAG,MAAM,EAAE,CAAC;QACrE,KAAK,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACH,IAAY,QAAQ;QAClB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,oBAAoB,CAAC,QAAS,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACtF,CAAC;IAED;;;;;;;;;;OAUG;IACK,KAAK,CAAC,YAAY;QACxB,uDAAuD;QACvD,6BAA6B;QAC7B,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,WAAW,GAAG,KAAK,EAAE,CAAC;YAC5D,OAAO,IAAI,CAAC,SAAS,CAAC;QACxB,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE9E,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,6BAA6B,CAAC;QAE1D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAE5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,SAAS,WAAW,EAAE;gBACrC,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkC,CAAC;QACtE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;QAE/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;QACvB,iDAAiD;QACjD,8BAA8B;QAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC;QAEvC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,UAAU,CAAI,IAAY,EAAE,MAA+B;QACvE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAExC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,CAAC,CAAC;QAC/C,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YAC3C,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,6BAA6B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,QAAQ,IAAI,EAAE,CAClF,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAM,CAAC;IACtC,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;gBAC7C,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,SAAS,CAAC,KAAY;QAC1B,IAAI,CAAC;YACH,MAAM,MAAM,GAA2B;gBACrC,MAAM,EAAE,GAAG;gBACX,KAAK,EAAE,KAAK;aACb,CAAC;YAEF,IAAI,KAAK,EAAE,CAAC;gBACV,oDAAoD;gBACpD,sCAAsC;gBACtC,MAAM,CAAC,GAAG,CAAC,GAAG,aAAa,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACnD,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAmB,SAAS,EAAE,MAAM,CAAC,CAAC;YAE5E,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,cAAc,IAAI,EAAE,CAAC;YAElD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACnD,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,MAAM,GAAmB,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAClD,EAAE,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,UAAU,EAAE;gBAC5C,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrD,QAAQ,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,CAAC,CAAC;gBAC9C,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,WAAW,IAAI,aAAa;gBAC9C,WAAW,EAAE;oBACX,IAAI,CAAC,IAAI,EAAE,WAAW,IAAI,EAAE;oBAC5B,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE;oBAC5C,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE;oBACnD,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;iBAC1E;qBACE,MAAM,CAAC,OAAO,CAAC;qBACf,IAAI,CAAC,KAAK,CAAC;gBACd,MAAM,EAAE,OAAO;gBACf,GAAG,EAAE,IAAI;aACV,CAAC,CAAC,CAAC;YAEJ,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,MAAM,oBAAoB,EAAE;gBAC/D,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,oBAAoB,IAAI,MAAM,CAAC,MAAM;gBAC3D,QAAQ,EAAE,MAAM,CAAC,MAAM;aACxB,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE;gBACvD,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF"}

package/dist/ai/claude-provider.d.ts

@@ -0,0 +1,66 @@
+/**
+ * Claude (Anthropic) LLM provider implementation
+ * Claude (Anthropic) LLM 供應商實作
+ *
+ * Uses the @anthropic-ai/sdk package via dynamic import to avoid
+ * hard dependencies. Users must install the SDK separately.
+ * 透過動態匯入使用 @anthropic-ai/sdk 套件以避免硬性相依。
+ * 使用者必須另外安裝 SDK。
+ *
+ * @module @panguard-ai/core/ai/claude-provider
+ */
+import type { LLMConfig } from './types.js';
+import { LLMProviderBase } from './provider-base.js';
+/**
+ * Claude (Anthropic) LLM provider
+ * Claude (Anthropic) LLM 供應商
+ *
+ * Requires the @anthropic-ai/sdk package to be installed separately.
+ * The SDK is loaded via dynamic import() on first use.
+ * 需要另外安裝 @anthropic-ai/sdk 套件。
+ * SDK 在首次使用時透過動態 import() 載入。
+ */
+export declare class ClaudeProvider extends LLMProviderBase {
+    /**
+     * Cached Anthropic client instance / 快取的 Anthropic 客戶端實例
+     * @internal
+     */
+    private client;
+    /**
+     * Create a new ClaudeProvider instance
+     * 建立新的 ClaudeProvider 實例
+     *
+     * @param config - LLM configuration (apiKey required) / LLM 配置（需要 apiKey）
+     */
+    constructor(config: LLMConfig);
+    /**
+     * Lazily initialize the Anthropic SDK client via dynamic import
+     * 透過動態匯入延遲初始化 Anthropic SDK 客戶端
+     *
+     * @returns Initialized Anthropic client / 初始化的 Anthropic 客戶端
+     * @throws Error if the SDK is not installed or API key is missing
+     *         如果 SDK 未安裝或 API 金鑰遺失則拋出錯誤
+     * @internal
+     */
+    private getClient;
+    /**
+     * Check if the Claude API is available and the API key is valid
+     * 檢查 Claude API 是否可用且 API 金鑰有效
+     *
+     * Attempts to create a minimal message to verify connectivity.
+     * 嘗試建立最小訊息以驗證連接性。
+     *
+     * @returns True if Claude API is reachable / Claude API 可連接時回傳 true
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * Send a prompt to the Claude API via the Anthropic SDK
+     * 透過 Anthropic SDK 向 Claude API 發送提示詞
+     *
+     * @param prompt - The prompt to send / 要發送的提示詞
+     * @returns Raw response text / 原始回應文字
+     * @throws Error if the API call fails / API 呼叫失敗時拋出錯誤
+     */
+    protected sendRequest(prompt: string): Promise<string>;
+}
+//# sourceMappingURL=claude-provider.d.ts.map

package/dist/ai/claude-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-provider.d.ts","sourceRoot":"","sources":["../../src/ai/claude-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAmCrD;;;;;;;;GAQG;AACH,qBAAa,cAAe,SAAQ,eAAe;IACjD;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAgC;IAE9C;;;;;OAKG;gBACS,MAAM,EAAE,SAAS;IAK7B;;;;;;;;OAQG;YACW,SAAS;IAqCvB;;;;;;;;OAQG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IA4BrC;;;;;;;OAOG;cACa,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAuD7D"}