npm - @panguard-ai/core - Versions diffs - 0.1.0 - Mend

@panguard-ai/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (233) hide show

package/dist/adapters/adapter-registry.d.ts +150 -0
package/dist/adapters/adapter-registry.d.ts.map +1 -0
package/dist/adapters/adapter-registry.js +271 -0
package/dist/adapters/adapter-registry.js.map +1 -0
package/dist/adapters/base-adapter.d.ts +101 -0
package/dist/adapters/base-adapter.d.ts.map +1 -0
package/dist/adapters/base-adapter.js +160 -0
package/dist/adapters/base-adapter.js.map +1 -0
package/dist/adapters/defender-adapter.d.ts +90 -0
package/dist/adapters/defender-adapter.d.ts.map +1 -0
package/dist/adapters/defender-adapter.js +227 -0
package/dist/adapters/defender-adapter.js.map +1 -0
package/dist/adapters/index.d.ts +22 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +23 -0
package/dist/adapters/index.js.map +1 -0
package/dist/adapters/syslog-adapter.d.ts +207 -0
package/dist/adapters/syslog-adapter.d.ts.map +1 -0
package/dist/adapters/syslog-adapter.js +432 -0
package/dist/adapters/syslog-adapter.js.map +1 -0
package/dist/adapters/types.d.ts +135 -0
package/dist/adapters/types.d.ts.map +1 -0
package/dist/adapters/types.js +13 -0
package/dist/adapters/types.js.map +1 -0
package/dist/adapters/wazuh-adapter.d.ts +120 -0
package/dist/adapters/wazuh-adapter.d.ts.map +1 -0
package/dist/adapters/wazuh-adapter.js +266 -0
package/dist/adapters/wazuh-adapter.js.map +1 -0
package/dist/ai/claude-provider.d.ts +66 -0
package/dist/ai/claude-provider.d.ts.map +1 -0
package/dist/ai/claude-provider.js +166 -0
package/dist/ai/claude-provider.js.map +1 -0
package/dist/ai/funnel-router.d.ts +75 -0
package/dist/ai/funnel-router.d.ts.map +1 -0
package/dist/ai/funnel-router.js +173 -0
package/dist/ai/funnel-router.js.map +1 -0
package/dist/ai/index.d.ts +77 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +95 -0
package/dist/ai/index.js.map +1 -0
package/dist/ai/ollama-provider.d.ts +73 -0
package/dist/ai/ollama-provider.d.ts.map +1 -0
package/dist/ai/ollama-provider.js +200 -0
package/dist/ai/ollama-provider.js.map +1 -0
package/dist/ai/openai-provider.d.ts +70 -0
package/dist/ai/openai-provider.d.ts.map +1 -0
package/dist/ai/openai-provider.js +175 -0
package/dist/ai/openai-provider.js.map +1 -0
package/dist/ai/prompts/event-classifier.d.ts +25 -0
package/dist/ai/prompts/event-classifier.d.ts.map +1 -0
package/dist/ai/prompts/event-classifier.js +94 -0
package/dist/ai/prompts/event-classifier.js.map +1 -0
package/dist/ai/prompts/index.d.ts +13 -0
package/dist/ai/prompts/index.d.ts.map +1 -0
package/dist/ai/prompts/index.js +13 -0
package/dist/ai/prompts/index.js.map +1 -0
package/dist/ai/prompts/report-generator.d.ts +25 -0
package/dist/ai/prompts/report-generator.d.ts.map +1 -0
package/dist/ai/prompts/report-generator.js +131 -0
package/dist/ai/prompts/report-generator.js.map +1 -0
package/dist/ai/prompts/threat-analyzer.d.ts +26 -0
package/dist/ai/prompts/threat-analyzer.d.ts.map +1 -0
package/dist/ai/prompts/threat-analyzer.js +75 -0
package/dist/ai/prompts/threat-analyzer.js.map +1 -0
package/dist/ai/provider-base.d.ts +100 -0
package/dist/ai/provider-base.d.ts.map +1 -0
package/dist/ai/provider-base.js +166 -0
package/dist/ai/provider-base.js.map +1 -0
package/dist/ai/response-parser.d.ts +36 -0
package/dist/ai/response-parser.d.ts.map +1 -0
package/dist/ai/response-parser.js +195 -0
package/dist/ai/response-parser.js.map +1 -0
package/dist/ai/token-tracker.d.ts +72 -0
package/dist/ai/token-tracker.d.ts.map +1 -0
package/dist/ai/token-tracker.js +145 -0
package/dist/ai/token-tracker.js.map +1 -0
package/dist/ai/types.d.ts +138 -0
package/dist/ai/types.d.ts.map +1 -0
package/dist/ai/types.js +12 -0
package/dist/ai/types.js.map +1 -0
package/dist/cli/index.d.ts +146 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +515 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/prompts.d.ts +58 -0
package/dist/cli/prompts.d.ts.map +1 -0
package/dist/cli/prompts.js +327 -0
package/dist/cli/prompts.js.map +1 -0
package/dist/cli/wizard.d.ts +58 -0
package/dist/cli/wizard.d.ts.map +1 -0
package/dist/cli/wizard.js +200 -0
package/dist/cli/wizard.js.map +1 -0
package/dist/discovery/firewall-checker.d.ts +28 -0
package/dist/discovery/firewall-checker.d.ts.map +1 -0
package/dist/discovery/firewall-checker.js +379 -0
package/dist/discovery/firewall-checker.js.map +1 -0
package/dist/discovery/index.d.ts +23 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +29 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/network-scanner.d.ts +60 -0
package/dist/discovery/network-scanner.d.ts.map +1 -0
package/dist/discovery/network-scanner.js +640 -0
package/dist/discovery/network-scanner.js.map +1 -0
package/dist/discovery/os-detector.d.ts +24 -0
package/dist/discovery/os-detector.d.ts.map +1 -0
package/dist/discovery/os-detector.js +253 -0
package/dist/discovery/os-detector.js.map +1 -0
package/dist/discovery/osquery-provider.d.ts +127 -0
package/dist/discovery/osquery-provider.d.ts.map +1 -0
package/dist/discovery/osquery-provider.js +214 -0
package/dist/discovery/osquery-provider.js.map +1 -0
package/dist/discovery/risk-scorer.d.ts +66 -0
package/dist/discovery/risk-scorer.d.ts.map +1 -0
package/dist/discovery/risk-scorer.js +294 -0
package/dist/discovery/risk-scorer.js.map +1 -0
package/dist/discovery/security-tools.d.ts +31 -0
package/dist/discovery/security-tools.d.ts.map +1 -0
package/dist/discovery/security-tools.js +346 -0
package/dist/discovery/security-tools.js.map +1 -0
package/dist/discovery/service-detector.d.ts +28 -0
package/dist/discovery/service-detector.d.ts.map +1 -0
package/dist/discovery/service-detector.js +300 -0
package/dist/discovery/service-detector.js.map +1 -0
package/dist/discovery/types.d.ts +502 -0
package/dist/discovery/types.d.ts.map +1 -0
package/dist/discovery/types.js +12 -0
package/dist/discovery/types.js.map +1 -0
package/dist/discovery/user-auditor.d.ts +28 -0
package/dist/discovery/user-auditor.d.ts.map +1 -0
package/dist/discovery/user-auditor.js +385 -0
package/dist/discovery/user-auditor.js.map +1 -0
package/dist/i18n/config.d.ts +45 -0
package/dist/i18n/config.d.ts.map +1 -0
package/dist/i18n/config.js +135 -0
package/dist/i18n/config.js.map +1 -0
package/dist/i18n/index.d.ts +8 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +8 -0
package/dist/i18n/index.js.map +1 -0
package/dist/index.d.ts +31 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/monitor/event-normalizer.d.ts +102 -0
package/dist/monitor/event-normalizer.d.ts.map +1 -0
package/dist/monitor/event-normalizer.js +195 -0
package/dist/monitor/event-normalizer.js.map +1 -0
package/dist/monitor/file-monitor.d.ts +90 -0
package/dist/monitor/file-monitor.d.ts.map +1 -0
package/dist/monitor/file-monitor.js +222 -0
package/dist/monitor/file-monitor.js.map +1 -0
package/dist/monitor/index.d.ts +147 -0
package/dist/monitor/index.d.ts.map +1 -0
package/dist/monitor/index.js +293 -0
package/dist/monitor/index.js.map +1 -0
package/dist/monitor/log-monitor.d.ts +102 -0
package/dist/monitor/log-monitor.d.ts.map +1 -0
package/dist/monitor/log-monitor.js +245 -0
package/dist/monitor/log-monitor.js.map +1 -0
package/dist/monitor/network-monitor.d.ts +103 -0
package/dist/monitor/network-monitor.d.ts.map +1 -0
package/dist/monitor/network-monitor.js +336 -0
package/dist/monitor/network-monitor.js.map +1 -0
package/dist/monitor/process-monitor.d.ts +108 -0
package/dist/monitor/process-monitor.d.ts.map +1 -0
package/dist/monitor/process-monitor.js +245 -0
package/dist/monitor/process-monitor.js.map +1 -0
package/dist/monitor/threat-intel-feeds.d.ts +141 -0
package/dist/monitor/threat-intel-feeds.d.ts.map +1 -0
package/dist/monitor/threat-intel-feeds.js +430 -0
package/dist/monitor/threat-intel-feeds.js.map +1 -0
package/dist/monitor/threat-intel.d.ts +83 -0
package/dist/monitor/threat-intel.d.ts.map +1 -0
package/dist/monitor/threat-intel.js +215 -0
package/dist/monitor/threat-intel.js.map +1 -0
package/dist/monitor/types.d.ts +65 -0
package/dist/monitor/types.d.ts.map +1 -0
package/dist/monitor/types.js +20 -0
package/dist/monitor/types.js.map +1 -0
package/dist/rules/index.d.ts +115 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +244 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/rule-loader.d.ts +54 -0
package/dist/rules/rule-loader.d.ts.map +1 -0
package/dist/rules/rule-loader.js +167 -0
package/dist/rules/rule-loader.js.map +1 -0
package/dist/rules/sigma-matcher.d.ts +40 -0
package/dist/rules/sigma-matcher.d.ts.map +1 -0
package/dist/rules/sigma-matcher.js +447 -0
package/dist/rules/sigma-matcher.js.map +1 -0
package/dist/rules/sigma-parser.d.ts +36 -0
package/dist/rules/sigma-parser.d.ts.map +1 -0
package/dist/rules/sigma-parser.js +180 -0
package/dist/rules/sigma-parser.js.map +1 -0
package/dist/rules/types.d.ts +112 -0
package/dist/rules/types.d.ts.map +1 -0
package/dist/rules/types.js +11 -0
package/dist/rules/types.js.map +1 -0
package/dist/rules/yara-scanner.d.ts +103 -0
package/dist/rules/yara-scanner.d.ts.map +1 -0
package/dist/rules/yara-scanner.js +421 -0
package/dist/rules/yara-scanner.js.map +1 -0
package/dist/scoring/achievements.d.ts +76 -0
package/dist/scoring/achievements.d.ts.map +1 -0
package/dist/scoring/achievements.js +211 -0
package/dist/scoring/achievements.js.map +1 -0
package/dist/scoring/index.d.ts +3 -0
package/dist/scoring/index.d.ts.map +1 -0
package/dist/scoring/index.js +3 -0
package/dist/scoring/index.js.map +1 -0
package/dist/scoring/security-score.d.ts +60 -0
package/dist/scoring/security-score.d.ts.map +1 -0
package/dist/scoring/security-score.js +211 -0
package/dist/scoring/security-score.js.map +1 -0
package/dist/types.d.ts +71 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +8 -0
package/dist/types.js.map +1 -0
package/dist/utils/index.d.ts +10 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +9 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +38 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +71 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/validation.d.ts +35 -0
package/dist/utils/validation.d.ts.map +1 -0
package/dist/utils/validation.js +56 -0
package/dist/utils/validation.js.map +1 -0
package/package.json +60 -0

package/dist/ai/prompts/event-classifier.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"event-classifier.js","sourceRoot":"","sources":["../../../src/ai/prompts/event-classifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH;;;;GAIG;AACH,MAAM,aAAa,GAAG;IACpB,gBAAgB;IAChB,sBAAsB;IACtB,gBAAgB;IAChB,WAAW;IACX,aAAa;IACb,sBAAsB;IACtB,iBAAiB;IACjB,mBAAmB;IACnB,WAAW;IACX,kBAAkB;IAClB,YAAY;IACZ,qBAAqB;IACrB,cAAc;IACd,QAAQ;CACA,CAAC;AAEX;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,wBAAwB,CAAC,KAAoB,EAAE,IAAc;IAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAC9B;QACE,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,SAAS,EAAE,KAAK,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS;QAC5F,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,EACD,IAAI,EACJ,CAAC,CACF,CAAC;IAEF,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO;;;EAGT,SAAS;;;EAGT,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;;;;mBAWP,CAAC;IAClB,CAAC;IAED,OAAO;;;EAGP,SAAS;;;EAGT,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;;;;sCAWY,CAAC;AACvC,CAAC"}

package/dist/ai/prompts/index.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * AI prompt templates barrel export
+ * AI 提示詞範本統一匯出
+ *
+ * Re-exports all prompt template functions for use by LLM providers.
+ * 重新匯出所有提示詞範本函式供 LLM 供應商使用。
+ *
+ * @module @panguard-ai/core/ai/prompts
+ */
+export { getEventClassifierPrompt } from './event-classifier.js';
+export { getThreatAnalysisPrompt } from './threat-analyzer.js';
+export { getReportPrompt } from './report-generator.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/ai/prompts/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/ai/prompts/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/ai/prompts/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * AI prompt templates barrel export
+ * AI 提示詞範本統一匯出
+ *
+ * Re-exports all prompt template functions for use by LLM providers.
+ * 重新匯出所有提示詞範本函式供 LLM 供應商使用。
+ *
+ * @module @panguard-ai/core/ai/prompts
+ */
+export { getEventClassifierPrompt } from './event-classifier.js';
+export { getThreatAnalysisPrompt } from './threat-analyzer.js';
+export { getReportPrompt } from './report-generator.js';
+//# sourceMappingURL=index.js.map

package/dist/ai/prompts/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/ai/prompts/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/ai/prompts/report-generator.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Report generation prompt templates
+ * 報告產生提示詞範本
+ *
+ * Generates prompts for summarizing multiple security events
+ * into structured security reports.
+ * 產生將多個安全事件摘要為結構化安全報告的提示詞。
+ *
+ * @module @panguard-ai/core/ai/prompts/report-generator
+ */
+import type { Language, SecurityEvent } from '../../types.js';
+/**
+ * Generate a report summarization prompt for multiple security events
+ * 為多個安全事件產生報告摘要提示詞
+ *
+ * If the number of events exceeds MAX_EVENTS_IN_PROMPT, only the most
+ * severe events are included with a statistical summary of the rest.
+ * 若事件數量超過 MAX_EVENTS_IN_PROMPT，僅包含最嚴重的事件，並附上其餘事件的統計摘要。
+ *
+ * @param events - Array of security events to summarize / 要摘要的安全事件陣列
+ * @param lang - Output language / 輸出語言
+ * @returns Formatted prompt string / 格式化的提示詞字串
+ */
+export declare function getReportPrompt(events: SecurityEvent[], lang: Language): string;
+//# sourceMappingURL=report-generator.d.ts.map

package/dist/ai/prompts/report-generator.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"report-generator.d.ts","sourceRoot":"","sources":["../../../src/ai/prompts/report-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAmD9D;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,GAAG,MAAM,CAqE/E"}

package/dist/ai/prompts/report-generator.js ADDED Viewed

@@ -0,0 +1,131 @@
+/**
+ * Report generation prompt templates
+ * 報告產生提示詞範本
+ *
+ * Generates prompts for summarizing multiple security events
+ * into structured security reports.
+ * 產生將多個安全事件摘要為結構化安全報告的提示詞。
+ *
+ * @module @panguard-ai/core/ai/prompts/report-generator
+ */
+/**
+ * Maximum number of events to include in the prompt to avoid token limits
+ * 提示詞中包含的最大事件數量，以避免超出 Token 限制
+ * @internal
+ */
+const MAX_EVENTS_IN_PROMPT = 50;
+/**
+ * Serialize a security event for inclusion in the prompt
+ * 序列化安全事件以包含在提示詞中
+ *
+ * @param event - Security event to serialize / 要序列化的安全事件
+ * @returns Compact string representation / 精簡的字串表示
+ * @internal
+ */
+function serializeEvent(event) {
+    const ts = event.timestamp instanceof Date ? event.timestamp.toISOString() : String(event.timestamp);
+    return `[${ts}] [${event.severity.toUpperCase()}] [${event.source}] ${event.host}: ${event.description}`;
+}
+/**
+ * Generate a severity distribution summary
+ * 產生嚴重等級分布摘要
+ *
+ * @param events - Array of security events / 安全事件陣列
+ * @returns Distribution string / 分布字串
+ * @internal
+ */
+function getSeverityDistribution(events) {
+    const counts = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0,
+        info: 0,
+    };
+    for (const event of events) {
+        const key = event.severity.toLowerCase();
+        if (key in counts) {
+            counts[key] = (counts[key] ?? 0) + 1;
+        }
+    }
+    return Object.entries(counts)
+        .filter(([, count]) => count > 0)
+        .map(([level, count]) => `${level}: ${count}`)
+        .join(', ');
+}
+/**
+ * Generate a report summarization prompt for multiple security events
+ * 為多個安全事件產生報告摘要提示詞
+ *
+ * If the number of events exceeds MAX_EVENTS_IN_PROMPT, only the most
+ * severe events are included with a statistical summary of the rest.
+ * 若事件數量超過 MAX_EVENTS_IN_PROMPT，僅包含最嚴重的事件，並附上其餘事件的統計摘要。
+ *
+ * @param events - Array of security events to summarize / 要摘要的安全事件陣列
+ * @param lang - Output language / 輸出語言
+ * @returns Formatted prompt string / 格式化的提示詞字串
+ */
+export function getReportPrompt(events, lang) {
+    const total = events.length;
+    const distribution = getSeverityDistribution(events);
+    // Sort by severity (critical first) and take top N
+    // 按嚴重等級排序（critical 優先）並取前 N 個
+    const severityOrder = {
+        critical: 0,
+        high: 1,
+        medium: 2,
+        low: 3,
+        info: 4,
+    };
+    const sorted = [...events].sort((a, b) => {
+        const aOrder = severityOrder[a.severity] ?? 5;
+        const bOrder = severityOrder[b.severity] ?? 5;
+        return aOrder - bOrder;
+    });
+    const included = sorted.slice(0, MAX_EVENTS_IN_PROMPT);
+    const eventLines = included.map(serializeEvent).join('\n');
+    const truncationNote = total > MAX_EVENTS_IN_PROMPT
+        ? lang === 'zh-TW'
+            ? `\n(注意：共有 ${total} 個事件，以下僅顯示最嚴重的 ${MAX_EVENTS_IN_PROMPT} 個)\n`
+            : `\n(Note: ${total} total events, showing the ${MAX_EVENTS_IN_PROMPT} most severe below)\n`
+        : '';
+    if (lang === 'zh-TW') {
+        return `你是一位專業的資安報告撰寫者。請根據以下安全事件產生一份結構化的安全摘要報告。
+事件統計：
+- 總事件數量：${total}
+- 嚴重等級分布：${distribution}
+${truncationNote}
+安全事件清單：
+${eventLines}
+請產生一份結構化的安全摘要報告，包含以下章節：
+1. 總體概述：整體安全狀態的簡要描述
+2. 關鍵發現：列出最重要的安全發現（最多 5 項）
+3. 威脅趨勢：觀察到的威脅模式或趨勢
+4. 建議措施：具體的改善建議（最多 5 項）
+5. 風險評級：整體風險等級（低/中/高/極高）及理由
+請使用繁體中文撰寫，語氣專業簡潔。直接回傳報告文字內容。`;
+    }
+    return `You are a professional cybersecurity report writer. Generate a structured security summary report based on the following security events.
+Event Statistics:
+- Total events: ${total}
+- Severity distribution: ${distribution}
+${truncationNote}
+Security Events:
+${eventLines}
+Generate a structured security summary report with the following sections:
+1. Executive Summary: Brief description of the overall security posture
+2. Key Findings: List the most important security findings (up to 5)
+3. Threat Trends: Observed threat patterns or trends
+4. Recommendations: Specific improvement recommendations (up to 5)
+5. Risk Rating: Overall risk level (Low/Medium/High/Critical) with justification
+Write in a professional and concise tone. Return the report text directly.`;
+}
+//# sourceMappingURL=report-generator.js.map

package/dist/ai/prompts/report-generator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"report-generator.js","sourceRoot":"","sources":["../../../src/ai/prompts/report-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH;;;;GAIG;AACH,MAAM,oBAAoB,GAAG,EAAE,CAAC;AAEhC;;;;;;;GAOG;AACH,SAAS,cAAc,CAAC,KAAoB;IAC1C,MAAM,EAAE,GACN,KAAK,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC5F,OAAO,IAAI,EAAE,MAAM,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,KAAK,CAAC,MAAM,KAAK,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,WAAW,EAAE,CAAC;AAC3G,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,MAAuB;IACtD,MAAM,MAAM,GAA2B;QACrC,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,IAAI,EAAE,CAAC;KACR,CAAC;IACF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACzC,IAAI,GAAG,IAAI,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;SAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,KAAK,KAAK,EAAE,CAAC;SAC7C,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAAC,MAAuB,EAAE,IAAc;IACrE,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;IAC5B,MAAM,YAAY,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAErD,mDAAmD;IACnD,8BAA8B;IAC9B,MAAM,aAAa,GAA2B;QAC5C,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,IAAI,EAAE,CAAC;KACR,CAAC;IAEF,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACvC,MAAM,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9C,OAAO,MAAM,GAAG,MAAM,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE3D,MAAM,cAAc,GAClB,KAAK,GAAG,oBAAoB;QAC1B,CAAC,CAAC,IAAI,KAAK,OAAO;YAChB,CAAC,CAAC,YAAY,KAAK,kBAAkB,oBAAoB,OAAO;YAChE,CAAC,CAAC,YAAY,KAAK,8BAA8B,oBAAoB,uBAAuB;QAC9F,CAAC,CAAC,EAAE,CAAC;IAET,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO;;;UAGD,KAAK;WACJ,YAAY;EACrB,cAAc;;EAEd,UAAU;;;;;;;;;;6BAUiB,CAAC;IAC5B,CAAC;IAED,OAAO;;;kBAGS,KAAK;2BACI,YAAY;EACrC,cAAc;;EAEd,UAAU;;;;;;;;;;2EAU+D,CAAC;AAC5E,CAAC"}

package/dist/ai/prompts/threat-analyzer.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Threat analysis prompt templates
+ * 威脅分析提示詞範本
+ *
+ * Generates prompts for AI-powered security threat analysis.
+ * Supports bilingual output (English and Traditional Chinese).
+ * 產生 AI 驅動的安全威脅分析提示詞。支援雙語輸出（英文和繁體中文）。
+ *
+ * @module @panguard-ai/core/ai/prompts/threat-analyzer
+ */
+import type { Language } from '../../types.js';
+/**
+ * Generate a threat analysis prompt
+ * 產生威脅分析提示詞
+ *
+ * Creates a prompt that instructs the LLM to analyze a security threat
+ * and return structured JSON with summary, severity, confidence, and recommendations.
+ * 建立一個提示詞，指示 LLM 分析安全威脅並回傳包含摘要、嚴重等級、信心分數和建議的結構化 JSON。
+ *
+ * @param prompt - The primary analysis prompt or question / 主要分析提示詞或問題
+ * @param context - Optional additional context (logs, environment info) / 可選的額外上下文（日誌、環境資訊）
+ * @param lang - Output language / 輸出語言
+ * @returns Formatted prompt string / 格式化的提示詞字串
+ */
+export declare function getThreatAnalysisPrompt(prompt: string, context: string | undefined, lang: Language): string;
+//# sourceMappingURL=threat-analyzer.d.ts.map

package/dist/ai/prompts/threat-analyzer.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"threat-analyzer.d.ts","sourceRoot":"","sources":["../../../src/ai/prompts/threat-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE/C;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,IAAI,EAAE,QAAQ,GACb,MAAM,CAoDR"}

package/dist/ai/prompts/threat-analyzer.js ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * Threat analysis prompt templates
+ * 威脅分析提示詞範本
+ *
+ * Generates prompts for AI-powered security threat analysis.
+ * Supports bilingual output (English and Traditional Chinese).
+ * 產生 AI 驅動的安全威脅分析提示詞。支援雙語輸出（英文和繁體中文）。
+ *
+ * @module @panguard-ai/core/ai/prompts/threat-analyzer
+ */
+/**
+ * Generate a threat analysis prompt
+ * 產生威脅分析提示詞
+ *
+ * Creates a prompt that instructs the LLM to analyze a security threat
+ * and return structured JSON with summary, severity, confidence, and recommendations.
+ * 建立一個提示詞，指示 LLM 分析安全威脅並回傳包含摘要、嚴重等級、信心分數和建議的結構化 JSON。
+ *
+ * @param prompt - The primary analysis prompt or question / 主要分析提示詞或問題
+ * @param context - Optional additional context (logs, environment info) / 可選的額外上下文（日誌、環境資訊）
+ * @param lang - Output language / 輸出語言
+ * @returns Formatted prompt string / 格式化的提示詞字串
+ */
+export function getThreatAnalysisPrompt(prompt, context, lang) {
+    const contextSection = context
+        ? lang === 'zh-TW'
+            ? `\n額外上下文資訊：\n${context}\n`
+            : `\nAdditional Context:\n${context}\n`
+        : '';
+    if (lang === 'zh-TW') {
+        return `你是一位專業的資安威脅分析師。請分析以下安全相關資訊並提供專業評估。
+分析需求：
+${prompt}
+${contextSection}
+請以 JSON 格式回應，包含以下欄位：
+{
+  "summary": "威脅分析摘要，清楚描述發現的問題和潛在影響",
+  "severity": "嚴重等級：info、low、medium、high 或 critical",
+  "confidence": "信心分數，0 到 1 之間的數字",
+  "recommendations": ["建議措施 1", "建議措施 2", "建議措施 3"]
+}
+評估標準：
+- info：一般資訊性事件，無安全疑慮
+- low：輕微安全疑慮，可列入觀察
+- medium：中等威脅，建議進一步調查
+- high：嚴重威脅，需要立即處理
+- critical：極度嚴重，系統可能已遭入侵
+只回傳 JSON，不要包含其他文字。`;
+    }
+    return `You are a professional cybersecurity threat analyst. Analyze the following security information and provide a professional assessment.
+Analysis Request:
+${prompt}
+${contextSection}
+Respond in JSON format with the following fields:
+{
+  "summary": "threat analysis summary, clearly describing findings and potential impact",
+  "severity": "severity level: info, low, medium, high, or critical",
+  "confidence": "confidence score, a number between 0 and 1",
+  "recommendations": ["recommendation 1", "recommendation 2", "recommendation 3"]
+}
+Assessment Criteria:
+- info: General informational event, no security concern
+- low: Minor security concern, can be monitored
+- medium: Moderate threat, further investigation recommended
+- high: Serious threat, immediate action required
+- critical: Extremely severe, system may already be compromised
+Return only JSON, no additional text.`;
+}
+//# sourceMappingURL=threat-analyzer.js.map

package/dist/ai/prompts/threat-analyzer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"threat-analyzer.js","sourceRoot":"","sources":["../../../src/ai/prompts/threat-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAAc,EACd,OAA2B,EAC3B,IAAc;IAEd,MAAM,cAAc,GAAG,OAAO;QAC5B,CAAC,CAAC,IAAI,KAAK,OAAO;YAChB,CAAC,CAAC,eAAe,OAAO,IAAI;YAC5B,CAAC,CAAC,0BAA0B,OAAO,IAAI;QACzC,CAAC,CAAC,EAAE,CAAC;IAEP,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,OAAO;;;EAGT,MAAM;EACN,cAAc;;;;;;;;;;;;;;;;mBAgBG,CAAC;IAClB,CAAC;IAED,OAAO;;;EAGP,MAAM;EACN,cAAc;;;;;;;;;;;;;;;;sCAgBsB,CAAC;AACvC,CAAC"}

package/dist/ai/provider-base.d.ts ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * Abstract base class for LLM providers
+ * LLM 供應商抽象基礎類別
+ *
+ * Implements shared logic for all LLM providers including prompt
+ * construction, response parsing, and token tracking.
+ * 實作所有 LLM 供應商的共用邏輯，包括提示詞建構、回應解析和 Token 追蹤。
+ *
+ * @module @panguard-ai/core/ai/provider-base
+ */
+import type { SecurityEvent } from '../types.js';
+import type { LLMConfig, LLMProvider, LLMProviderType, AnalysisResult, ThreatClassification, TokenUsage } from './types.js';
+import { TokenTracker } from './token-tracker.js';
+/**
+ * Abstract base class that all LLM providers extend
+ * 所有 LLM 供應商繼承的抽象基礎類別
+ *
+ * Subclasses must implement `sendRequest()` and `isAvailable()`.
+ * The base class handles prompt construction, response parsing,
+ * error wrapping, and token tracking.
+ * 子類別必須實作 `sendRequest()` 和 `isAvailable()`。
+ * 基礎類別處理提示詞建構、回應解析、錯誤包裝和 Token 追蹤。
+ */
+export declare abstract class LLMProviderBase implements LLMProvider {
+    /** The provider type identifier / 供應商類型識別碼 */
+    readonly providerType: LLMProviderType;
+    /** The model name being used / 使用的模型名稱 */
+    readonly model: string;
+    /** Provider configuration / 供應商配置 */
+    protected readonly config: Required<Pick<LLMConfig, 'provider' | 'model' | 'lang' | 'temperature' | 'maxTokens' | 'timeout'>> & Pick<LLMConfig, 'endpoint' | 'apiKey'>;
+    /** Token usage tracker / Token 使用追蹤器 */
+    protected readonly tokenTracker: TokenTracker;
+    /** Module logger / 模組日誌記錄器 */
+    protected readonly logger: import("../index.js").Logger;
+    /**
+     * Create a new LLM provider base instance
+     * 建立新的 LLM 供應商基礎實例
+     *
+     * @param config - LLM configuration / LLM 配置
+     */
+    constructor(config: LLMConfig);
+    /**
+     * Send a raw prompt to the LLM and return the response text
+     * 向 LLM 發送原始提示詞並回傳回應文字
+     *
+     * Must be implemented by each provider subclass.
+     * 必須由每個供應商子類別實作。
+     *
+     * @param prompt - The prompt to send / 要發送的提示詞
+     * @returns Raw response text from the LLM / LLM 的原始回應文字
+     */
+    protected abstract sendRequest(prompt: string): Promise<string>;
+    /**
+     * Check if the provider is available and properly configured
+     * 檢查供應商是否可用且配置正確
+     *
+     * Must be implemented by each provider subclass.
+     * 必須由每個供應商子類別實作。
+     *
+     * @returns True if provider is ready / 供應商就緒時回傳 true
+     */
+    abstract isAvailable(): Promise<boolean>;
+    /**
+     * Analyze a security prompt with optional context
+     * 分析安全提示詞，可附帶上下文
+     *
+     * Constructs a threat analysis prompt, sends it to the LLM,
+     * and parses the response into an AnalysisResult.
+     * 建構威脅分析提示詞，發送至 LLM，並將回應解析為 AnalysisResult。
+     *
+     * @param prompt - The analysis prompt / 分析提示詞
+     * @param context - Optional additional context / 可選的額外上下文
+     * @returns Analysis result / 分析結果
+     */
+    analyze(prompt: string, context?: string): Promise<AnalysisResult>;
+    /**
+     * Classify a security event using MITRE ATT&CK framework
+     * 使用 MITRE ATT&CK 框架分類安全事件
+     *
+     * @param event - The security event to classify / 要分類的安全事件
+     * @returns Threat classification / 威脅分類
+     */
+    classify(event: SecurityEvent): Promise<ThreatClassification>;
+    /**
+     * Summarize multiple security events into a report
+     * 將多個安全事件摘要為報告
+     *
+     * @param events - Array of security events / 安全事件陣列
+     * @returns Summary text / 摘要文字
+     */
+    summarize(events: SecurityEvent[]): Promise<string>;
+    /**
+     * Get cumulative token usage statistics
+     * 取得累計 Token 使用統計
+     *
+     * @returns Token usage data / Token 使用資料
+     */
+    getTokenUsage(): TokenUsage;
+}
+//# sourceMappingURL=provider-base.d.ts.map

package/dist/ai/provider-base.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"provider-base.d.ts","sourceRoot":"","sources":["../../src/ai/provider-base.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,KAAK,EACV,SAAS,EACT,WAAW,EACX,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,UAAU,EACX,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAOlD;;;;;;;;;GASG;AACH,8BAAsB,eAAgB,YAAW,WAAW;IAC1D,8CAA8C;IAC9C,SAAgB,YAAY,EAAE,eAAe,CAAC;IAC9C,0CAA0C;IAC1C,SAAgB,KAAK,EAAE,MAAM,CAAC;IAE9B,qCAAqC;IACrC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CACjC,IAAI,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO,GAAG,MAAM,GAAG,aAAa,GAAG,WAAW,GAAG,SAAS,CAAC,CACzF,GACC,IAAI,CAAC,SAAS,EAAE,UAAU,GAAG,QAAQ,CAAC,CAAC;IAEzC,wCAAwC;IACxC,SAAS,CAAC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IAE9C,8BAA8B;IAC9B,SAAS,CAAC,QAAQ,CAAC,MAAM,+BAAC;IAE1B;;;;;OAKG;gBACS,MAAM,EAAE,SAAS;IAiB7B;;;;;;;;;OASG;IACH,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAE/D;;;;;;;;OAQG;IACH,QAAQ,CAAC,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAExC;;;;;;;;;;;OAWG;IACG,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAwBxE;;;;;;OAMG;IACG,QAAQ,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,oBAAoB,CAAC;IA8BnE;;;;;;OAMG;IACG,SAAS,CAAC,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAgCzD;;;;;OAKG;IACH,aAAa,IAAI,UAAU;CAG5B"}

package/dist/ai/provider-base.js ADDED Viewed

@@ -0,0 +1,166 @@
+/**
+ * Abstract base class for LLM providers
+ * LLM 供應商抽象基礎類別
+ *
+ * Implements shared logic for all LLM providers including prompt
+ * construction, response parsing, and token tracking.
+ * 實作所有 LLM 供應商的共用邏輯，包括提示詞建構、回應解析和 Token 追蹤。
+ *
+ * @module @panguard-ai/core/ai/provider-base
+ */
+import { TokenTracker } from './token-tracker.js';
+import { parseAnalysisResponse, parseClassificationResponse } from './response-parser.js';
+import { getEventClassifierPrompt } from './prompts/event-classifier.js';
+import { getThreatAnalysisPrompt } from './prompts/threat-analyzer.js';
+import { getReportPrompt } from './prompts/report-generator.js';
+import { createLogger } from '../utils/logger.js';
+/**
+ * Abstract base class that all LLM providers extend
+ * 所有 LLM 供應商繼承的抽象基礎類別
+ *
+ * Subclasses must implement `sendRequest()` and `isAvailable()`.
+ * The base class handles prompt construction, response parsing,
+ * error wrapping, and token tracking.
+ * 子類別必須實作 `sendRequest()` 和 `isAvailable()`。
+ * 基礎類別處理提示詞建構、回應解析、錯誤包裝和 Token 追蹤。
+ */
+export class LLMProviderBase {
+    /** The provider type identifier / 供應商類型識別碼 */
+    providerType;
+    /** The model name being used / 使用的模型名稱 */
+    model;
+    /** Provider configuration / 供應商配置 */
+    config;
+    /** Token usage tracker / Token 使用追蹤器 */
+    tokenTracker;
+    /** Module logger / 模組日誌記錄器 */
+    logger;
+    /**
+     * Create a new LLM provider base instance
+     * 建立新的 LLM 供應商基礎實例
+     *
+     * @param config - LLM configuration / LLM 配置
+     */
+    constructor(config) {
+        this.providerType = config.provider;
+        this.model = config.model;
+        this.config = {
+            provider: config.provider,
+            model: config.model,
+            lang: config.lang,
+            temperature: config.temperature ?? 0.3,
+            maxTokens: config.maxTokens ?? 2048,
+            timeout: config.timeout ?? 30_000,
+            endpoint: config.endpoint,
+            apiKey: config.apiKey,
+        };
+        this.tokenTracker = new TokenTracker(config.provider, config.model);
+        this.logger = createLogger(`ai:${config.provider}`);
+    }
+    /**
+     * Analyze a security prompt with optional context
+     * 分析安全提示詞，可附帶上下文
+     *
+     * Constructs a threat analysis prompt, sends it to the LLM,
+     * and parses the response into an AnalysisResult.
+     * 建構威脅分析提示詞，發送至 LLM，並將回應解析為 AnalysisResult。
+     *
+     * @param prompt - The analysis prompt / 分析提示詞
+     * @param context - Optional additional context / 可選的額外上下文
+     * @returns Analysis result / 分析結果
+     */
+    async analyze(prompt, context) {
+        this.logger.info('Starting threat analysis', { promptLength: prompt.length });
+        try {
+            const fullPrompt = getThreatAnalysisPrompt(prompt, context, this.config.lang);
+            const raw = await this.sendRequest(fullPrompt);
+            const result = parseAnalysisResponse(raw);
+            this.logger.info('Threat analysis completed', {
+                severity: result.severity,
+                confidence: result.confidence,
+            });
+            return result;
+        }
+        catch (error) {
+            this.logger.error('Threat analysis failed', {
+                error: error instanceof Error ? error.message : String(error),
+            });
+            throw new Error(`Analysis failed (${this.providerType}/${this.model}): ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    /**
+     * Classify a security event using MITRE ATT&CK framework
+     * 使用 MITRE ATT&CK 框架分類安全事件
+     *
+     * @param event - The security event to classify / 要分類的安全事件
+     * @returns Threat classification / 威脅分類
+     */
+    async classify(event) {
+        this.logger.info('Classifying security event', {
+            eventId: event.id,
+            source: event.source,
+        });
+        try {
+            const prompt = getEventClassifierPrompt(event, this.config.lang);
+            const raw = await this.sendRequest(prompt);
+            const result = parseClassificationResponse(raw);
+            this.logger.info('Event classification completed', {
+                eventId: event.id,
+                category: result.category,
+                technique: result.technique,
+                severity: result.severity,
+            });
+            return result;
+        }
+        catch (error) {
+            this.logger.error('Event classification failed', {
+                eventId: event.id,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            throw new Error(`Classification failed (${this.providerType}/${this.model}): ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    /**
+     * Summarize multiple security events into a report
+     * 將多個安全事件摘要為報告
+     *
+     * @param events - Array of security events / 安全事件陣列
+     * @returns Summary text / 摘要文字
+     */
+    async summarize(events) {
+        this.logger.info('Generating security summary', {
+            eventCount: events.length,
+        });
+        if (events.length === 0) {
+            return this.config.lang === 'zh-TW'
+                ? '沒有安全事件需要摘要。'
+                : 'No security events to summarize.';
+        }
+        try {
+            const prompt = getReportPrompt(events, this.config.lang);
+            const summary = await this.sendRequest(prompt);
+            this.logger.info('Security summary generated', {
+                eventCount: events.length,
+                summaryLength: summary.length,
+            });
+            return summary;
+        }
+        catch (error) {
+            this.logger.error('Summary generation failed', {
+                eventCount: events.length,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            throw new Error(`Summarization failed (${this.providerType}/${this.model}): ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    /**
+     * Get cumulative token usage statistics
+     * 取得累計 Token 使用統計
+     *
+     * @returns Token usage data / Token 使用資料
+     */
+    getTokenUsage() {
+        return this.tokenTracker.getUsage();
+    }
+}
+//# sourceMappingURL=provider-base.js.map

package/dist/ai/provider-base.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"provider-base.js","sourceRoot":"","sources":["../../src/ai/provider-base.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAWH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD;;;;;;;;;GASG;AACH,MAAM,OAAgB,eAAe;IACnC,8CAA8C;IAC9B,YAAY,CAAkB;IAC9C,0CAA0C;IAC1B,KAAK,CAAS;IAE9B,qCAAqC;IAClB,MAAM,CAGgB;IAEzC,wCAAwC;IACrB,YAAY,CAAe;IAE9C,8BAA8B;IACX,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,YAAY,MAAiB;QAC3B,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC;QACpC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG;YACZ,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,GAAG;YACtC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI;YACnC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,MAAM;YACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QACpE,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IACtD,CAAC;IAyBD;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,OAAO,CAAC,MAAc,EAAE,OAAgB;QAC5C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAE9E,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,uBAAuB,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC9E,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC;YAE1C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE;gBAC5C,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;gBAC1C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CACb,oBAAoB,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,KAAK,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAClH,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAoB;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;YAC7C,OAAO,EAAE,KAAK,CAAC,EAAE;YACjB,MAAM,EAAE,KAAK,CAAC,MAAM;SACrB,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,wBAAwB,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACjE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,MAAM,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC;YAEhD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE;gBACjD,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC1B,CAAC,CAAC;YAEH,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;gBAC/C,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CACb,0BAA0B,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,KAAK,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACxH,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,SAAS,CAAC,MAAuB;QACrC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;YAC9C,UAAU,EAAE,MAAM,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO;gBACjC,CAAC,CAAC,aAAa;gBACf,CAAC,CAAC,kCAAkC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAE/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;gBAC7C,UAAU,EAAE,MAAM,CAAC,MAAM;gBACzB,aAAa,EAAE,OAAO,CAAC,MAAM;aAC9B,CAAC,CAAC;YAEH,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;gBAC7C,UAAU,EAAE,MAAM,CAAC,MAAM;gBACzB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CACb,yBAAyB,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,KAAK,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvH,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;IACtC,CAAC;CACF"}

package/dist/ai/response-parser.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * LLM response parsing utilities
+ * LLM 回應解析工具
+ *
+ * Parses raw LLM text responses into structured data objects.
+ * Supports JSON extraction from markdown code blocks and plain text fallback.
+ * 將原始 LLM 文字回應解析為結構化資料物件。
+ * 支援從 Markdown 程式碼區塊提取 JSON 以及純文字回退。
+ *
+ * @module @panguard-ai/core/ai/response-parser
+ */
+import type { AnalysisResult, ThreatClassification } from './types.js';
+/**
+ * Parse a raw LLM response into an AnalysisResult
+ * 將原始 LLM 回應解析為 AnalysisResult
+ *
+ * Attempts JSON parsing first, then falls back to treating the entire
+ * response as a text summary.
+ * 首先嘗試 JSON 解析，然後回退到將整個回應視為文字摘要。
+ *
+ * @param raw - Raw LLM response text / 原始 LLM 回應文字
+ * @returns Parsed analysis result / 解析的分析結果
+ */
+export declare function parseAnalysisResponse(raw: string): AnalysisResult;
+/**
+ * Parse a raw LLM response into a ThreatClassification
+ * 將原始 LLM 回應解析為 ThreatClassification
+ *
+ * Attempts JSON parsing first, then falls back to a generic classification.
+ * 首先嘗試 JSON 解析，然後回退到通用分類。
+ *
+ * @param raw - Raw LLM response text / 原始 LLM 回應文字
+ * @returns Parsed threat classification / 解析的威脅分類
+ */
+export declare function parseClassificationResponse(raw: string): ThreatClassification;
+//# sourceMappingURL=response-parser.d.ts.map

package/dist/ai/response-parser.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"response-parser.d.ts","sourceRoot":"","sources":["../../src/ai/response-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAmHvE;;;;;;;;;;GAUG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAkCjE;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,GAAG,EAAE,MAAM,GAAG,oBAAoB,CA6B7E"}