@panguard-ai/manager 0.2.0

package/dist/threat-aggregator.js

@@ -0,0 +1,344 @@
+/**
+ * ThreatAggregator - Collects and correlates threats from multiple Guard agents
+ * ThreatAggregator - 從多個 Guard 代理收集並關聯威脅
+ *
+ * Performs cross-agent correlation to detect coordinated attacks:
+ * - Same source IP appearing across different agents
+ * - Same malware hash detected on different endpoints
+ * - Same MITRE ATT&CK technique from same source
+ *
+ * @module @panguard-ai/manager/threat-aggregator
+ */
+import { createLogger } from '@panguard-ai/core';
+import { generateThreatId, extractSourceIP, extractFileHash } from './utils.js';
+const logger = createLogger('panguard-manager:aggregator');
+/**
+ * Aggregates threats from multiple agents and performs cross-agent correlation.
+ *
+ * Uses secondary indexes (IP index, hash index) for O(1) correlation lookups
+ * instead of O(n^2) pairwise comparison.
+ */
+export class ThreatAggregator {
+    threats;
+    correlations;
+    // Secondary indexes for fast correlation / 快速關聯的二級索引
+    ipIndex;
+    hashIndex;
+    categoryIndex;
+    // Configuration / 配置
+    correlationWindowMs;
+    retentionMs;
+    constructor(correlationWindowMs, retentionMs) {
+        this.threats = new Map();
+        this.correlations = [];
+        this.ipIndex = new Map();
+        this.hashIndex = new Map();
+        this.categoryIndex = new Map();
+        this.correlationWindowMs = correlationWindowMs;
+        this.retentionMs = retentionMs;
+    }
+    /**
+     * Ingest a threat report from a Guard agent.
+     * Each threat event is stored as an AggregatedThreat and indexed
+     * for correlation. Cross-agent matches are detected during ingestion.
+     *
+     * @param report - The threat report containing one or more events
+     * @param hostname - The hostname of the reporting agent
+     * @returns Array of newly created AggregatedThreats
+     */
+    ingestReport(report, hostname) {
+        const newThreats = [];
+        for (const threat of report.threats) {
+            const threatId = generateThreatId();
+            const now = new Date().toISOString();
+            const aggregated = {
+                id: threatId,
+                originalThreat: {
+                    event: { ...threat.event, metadata: { ...threat.event.metadata } },
+                    verdict: { ...threat.verdict },
+                },
+                sourceAgentId: report.agentId,
+                sourceHostname: hostname,
+                receivedAt: now,
+                correlatedWith: [],
+            };
+            this.threats.set(threatId, aggregated);
+            // Index for correlation / 索引以供關聯
+            const indexEntry = {
+                threatId,
+                agentId: report.agentId,
+            };
+            this.indexThreat(indexEntry, threat);
+            // Find correlations for this new threat / 為此新威脅尋找關聯
+            const correlatedIds = this.findCorrelations(indexEntry, threat, report.agentId);
+            if (correlatedIds.length > 0) {
+                // Update the new threat with correlation data (immutable)
+                const withCorrelation = {
+                    ...aggregated,
+                    correlatedWith: correlatedIds,
+                };
+                this.threats.set(threatId, withCorrelation);
+                // Update each correlated threat to reference back
+                for (const correlatedId of correlatedIds) {
+                    const existing = this.threats.get(correlatedId);
+                    if (existing) {
+                        const updated = {
+                            ...existing,
+                            correlatedWith: [...existing.correlatedWith, threatId],
+                        };
+                        this.threats.set(correlatedId, updated);
+                    }
+                }
+                newThreats.push(withCorrelation);
+                logger.warn(`Cross-agent correlation detected: threat ${threatId} correlates with ` +
+                    `[${correlatedIds.join(', ')}] / ` +
+                    `跨代理關聯偵測: 威脅 ${threatId} 與 [${correlatedIds.join(', ')}] 相關`);
+            }
+            else {
+                newThreats.push(aggregated);
+            }
+        }
+        return newThreats;
+    }
+    /**
+     * Index a threat for correlation lookups.
+     */
+    indexThreat(entry, threat) {
+        const metadata = threat.event.metadata;
+        // Index by source IP / 依來源 IP 索引
+        const sourceIP = extractSourceIP(metadata);
+        if (sourceIP) {
+            const existing = this.ipIndex.get(sourceIP) ?? [];
+            this.ipIndex.set(sourceIP, [...existing, entry]);
+        }
+        // Index by file hash / 依檔案雜湊索引
+        const fileHash = extractFileHash(metadata);
+        if (fileHash) {
+            const existing = this.hashIndex.get(fileHash) ?? [];
+            this.hashIndex.set(fileHash, [...existing, entry]);
+        }
+        // Index by attack category / 依攻擊類別索引
+        const category = threat.event.category;
+        if (category) {
+            const key = `${category}:${sourceIP ?? 'unknown'}`;
+            const existing = this.categoryIndex.get(key) ?? [];
+            this.categoryIndex.set(key, [...existing, entry]);
+        }
+    }
+    /**
+     * Find existing threats that correlate with a new threat.
+     * Only matches threats from DIFFERENT agents within the correlation window.
+     */
+    findCorrelations(newEntry, threat, agentId) {
+        const correlatedIds = new Set();
+        const metadata = threat.event.metadata;
+        const now = Date.now();
+        // Check IP correlation / 檢查 IP 關聯
+        const sourceIP = extractSourceIP(metadata);
+        if (sourceIP) {
+            const ipEntries = this.ipIndex.get(sourceIP) ?? [];
+            for (const entry of ipEntries) {
+                if (entry.threatId === newEntry.threatId)
+                    continue;
+                if (entry.agentId === agentId)
+                    continue; // Same agent, skip
+                const existing = this.threats.get(entry.threatId);
+                if (!existing)
+                    continue;
+                const elapsed = now - new Date(existing.receivedAt).getTime();
+                if (elapsed > this.correlationWindowMs)
+                    continue;
+                correlatedIds.add(entry.threatId);
+                this.correlations.push({
+                    threatIdA: newEntry.threatId,
+                    threatIdB: entry.threatId,
+                    correlationType: 'same_source_ip',
+                    sharedIndicator: sourceIP,
+                });
+            }
+        }
+        // Check hash correlation / 檢查雜湊關聯
+        const fileHash = extractFileHash(metadata);
+        if (fileHash) {
+            const hashEntries = this.hashIndex.get(fileHash) ?? [];
+            for (const entry of hashEntries) {
+                if (entry.threatId === newEntry.threatId)
+                    continue;
+                if (entry.agentId === agentId)
+                    continue;
+                const existing = this.threats.get(entry.threatId);
+                if (!existing)
+                    continue;
+                const elapsed = now - new Date(existing.receivedAt).getTime();
+                if (elapsed > this.correlationWindowMs)
+                    continue;
+                if (!correlatedIds.has(entry.threatId)) {
+                    correlatedIds.add(entry.threatId);
+                    this.correlations.push({
+                        threatIdA: newEntry.threatId,
+                        threatIdB: entry.threatId,
+                        correlationType: 'same_malware_hash',
+                        sharedIndicator: fileHash,
+                    });
+                }
+            }
+        }
+        // Check attack pattern correlation (same category + same source IP from different agents)
+        // 檢查攻擊模式關聯（相同類別 + 相同來源 IP 來自不同代理）
+        const category = threat.event.category;
+        if (category && sourceIP) {
+            const key = `${category}:${sourceIP}`;
+            const catEntries = this.categoryIndex.get(key) ?? [];
+            for (const entry of catEntries) {
+                if (entry.threatId === newEntry.threatId)
+                    continue;
+                if (entry.agentId === agentId)
+                    continue;
+                const existing = this.threats.get(entry.threatId);
+                if (!existing)
+                    continue;
+                const elapsed = now - new Date(existing.receivedAt).getTime();
+                if (elapsed > this.correlationWindowMs)
+                    continue;
+                if (!correlatedIds.has(entry.threatId)) {
+                    correlatedIds.add(entry.threatId);
+                    this.correlations.push({
+                        threatIdA: newEntry.threatId,
+                        threatIdB: entry.threatId,
+                        correlationType: 'same_attack_pattern',
+                        sharedIndicator: key,
+                    });
+                }
+            }
+        }
+        return Array.from(correlatedIds);
+    }
+    /**
+     * Get all threats received since a given timestamp.
+     *
+     * @param since - Date threshold for filtering
+     * @returns Array of immutable AggregatedThreat copies
+     */
+    getRecentThreats(since) {
+        const sinceMs = since.getTime();
+        return Array.from(this.threats.values())
+            .filter((t) => new Date(t.receivedAt).getTime() >= sinceMs)
+            .map((t) => ({
+            ...t,
+            correlatedWith: [...t.correlatedWith],
+        }));
+    }
+    /**
+     * Get all threats reported by a specific agent.
+     *
+     * @param agentId - The agent's unique identifier
+     * @returns Array of immutable AggregatedThreat copies
+     */
+    getThreatsByAgent(agentId) {
+        return Array.from(this.threats.values())
+            .filter((t) => t.sourceAgentId === agentId)
+            .map((t) => ({
+            ...t,
+            correlatedWith: [...t.correlatedWith],
+        }));
+    }
+    /**
+     * Get all correlation matches.
+     *
+     * @returns Immutable array of correlation match records
+     */
+    getCorrelations() {
+        return this.correlations.map((c) => ({ ...c }));
+    }
+    /**
+     * Generate a summary of the current threat landscape.
+     *
+     * @returns Immutable threat summary object
+     */
+    getSummary() {
+        let criticalCount = 0;
+        let highCount = 0;
+        let suspiciousCount = 0;
+        const uniqueAttackers = new Set();
+        const affectedAgentIds = new Set();
+        const correlatedGroups = new Set();
+        for (const threat of this.threats.values()) {
+            const verdict = threat.originalThreat.verdict;
+            const severity = threat.originalThreat.event.severity;
+            if (severity === 'critical')
+                criticalCount++;
+            if (severity === 'high')
+                highCount++;
+            if (verdict.conclusion === 'suspicious')
+                suspiciousCount++;
+            const sourceIP = extractSourceIP(threat.originalThreat.event.metadata);
+            if (sourceIP) {
+                uniqueAttackers.add(sourceIP);
+            }
+            affectedAgentIds.add(threat.sourceAgentId);
+            // Track correlated groups (use sorted pair as key)
+            for (const correlatedId of threat.correlatedWith) {
+                const groupKey = [threat.id, correlatedId].sort().join(':');
+                correlatedGroups.add(groupKey);
+            }
+        }
+        return {
+            totalThreats: this.threats.size,
+            criticalCount,
+            highCount,
+            suspiciousCount,
+            uniqueAttackers: uniqueAttackers.size,
+            affectedAgents: affectedAgentIds.size,
+            correlatedGroups: correlatedGroups.size,
+        };
+    }
+    /**
+     * Purge threats older than the retention period.
+     * Also cleans up corresponding index entries.
+     *
+     * @returns Number of threats purged
+     */
+    purgeExpired() {
+        const cutoff = Date.now() - this.retentionMs;
+        const toRemove = [];
+        for (const [id, threat] of this.threats.entries()) {
+            if (new Date(threat.receivedAt).getTime() <= cutoff) {
+                toRemove.push(id);
+            }
+        }
+        for (const id of toRemove) {
+            this.threats.delete(id);
+        }
+        // Rebuild indexes after purge if significant portion removed
+        if (toRemove.length > 0) {
+            this.rebuildIndexes();
+        }
+        if (toRemove.length > 0) {
+            logger.info(`Purged ${toRemove.length} expired threats / ` +
+                `清除了 ${toRemove.length} 個過期威脅`);
+        }
+        return toRemove.length;
+    }
+    /**
+     * Rebuild all secondary indexes from the current threat data.
+     */
+    rebuildIndexes() {
+        this.ipIndex.clear();
+        this.hashIndex.clear();
+        this.categoryIndex.clear();
+        for (const [, threat] of this.threats.entries()) {
+            const entry = {
+                threatId: threat.id,
+                agentId: threat.sourceAgentId,
+            };
+            this.indexThreat(entry, threat.originalThreat);
+        }
+    }
+    /**
+     * Get the total number of tracked threats.
+     */
+    get size() {
+        return this.threats.size;
+    }
+}
+//# sourceMappingURL=threat-aggregator.js.map

package/dist/threat-aggregator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-aggregator.js","sourceRoot":"","sources":["../src/threat-aggregator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAShF,MAAM,MAAM,GAAG,YAAY,CAAC,6BAA6B,CAAC,CAAC;AAU3D;;;;;GAKG;AACH,MAAM,OAAO,gBAAgB;IACV,OAAO,CAAgC;IACvC,YAAY,CAAqB;IAElD,qDAAqD;IACpC,OAAO,CAA4B;IACnC,SAAS,CAA4B;IACrC,aAAa,CAA4B;IAE1D,qBAAqB;IACJ,mBAAmB,CAAS;IAC5B,WAAW,CAAS;IAErC,YAAY,mBAA2B,EAAE,WAAmB;QAC1D,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,EAAE,CAAC;QAC3B,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,EAAE,CAAC;QAC/B,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;QAC/C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED;;;;;;;;OAQG;IACH,YAAY,CACV,MAAoB,EACpB,QAAgB;QAEhB,MAAM,UAAU,GAAuB,EAAE,CAAC;QAE1C,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAErC,MAAM,UAAU,GAAqB;gBACnC,EAAE,EAAE,QAAQ;gBACZ,cAAc,EAAE;oBACd,KAAK,EAAE,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE;oBAClE,OAAO,EAAE,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE;iBAC/B;gBACD,aAAa,EAAE,MAAM,CAAC,OAAO;gBAC7B,cAAc,EAAE,QAAQ;gBACxB,UAAU,EAAE,GAAG;gBACf,cAAc,EAAE,EAAE;aACnB,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAEvC,iCAAiC;YACjC,MAAM,UAAU,GAAe;gBAC7B,QAAQ;gBACR,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC;YAEF,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAErC,oDAAoD;YACpD,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CACzC,UAAU,EACV,MAAM,EACN,MAAM,CAAC,OAAO,CACf,CAAC;YAEF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,0DAA0D;gBAC1D,MAAM,eAAe,GAAqB;oBACxC,GAAG,UAAU;oBACb,cAAc,EAAE,aAAa;iBAC9B,CAAC;gBACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;gBAE5C,kDAAkD;gBAClD,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE,CAAC;oBACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBAChD,IAAI,QAAQ,EAAE,CAAC;wBACb,MAAM,OAAO,GAAqB;4BAChC,GAAG,QAAQ;4BACX,cAAc,EAAE,CAAC,GAAG,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC;yBACvD,CAAC;wBACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;oBAC1C,CAAC;gBACH,CAAC;gBAED,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBAEjC,MAAM,CAAC,IAAI,CACT,4CAA4C,QAAQ,mBAAmB;oBACrE,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM;oBAClC,eAAe,QAAQ,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAC/D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,KAAiB,EAAE,MAAmB;QACxD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;QAEvC,iCAAiC;QACjC,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;QACrD,CAAC;QAED,qCAAqC;QACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;QACvC,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,QAAQ,IAAI,QAAQ,IAAI,SAAS,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACnD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,gBAAgB,CACtB,QAAoB,EACpB,MAAmB,EACnB,OAAe;QAEf,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,kCAAkC;QAClC,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnD,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,QAAQ;oBAAE,SAAS;gBACnD,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;oBAAE,SAAS,CAAC,mBAAmB;gBAE5D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAClD,IAAI,CAAC,QAAQ;oBAAE,SAAS;gBAExB,MAAM,OAAO,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;gBAC9D,IAAI,OAAO,GAAG,IAAI,CAAC,mBAAmB;oBAAE,SAAS;gBAEjD,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAClC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;oBACrB,SAAS,EAAE,QAAQ,CAAC,QAAQ;oBAC5B,SAAS,EAAE,KAAK,CAAC,QAAQ;oBACzB,eAAe,EAAE,gBAAgB;oBACjC,eAAe,EAAE,QAAQ;iBAC1B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACvD,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;gBAChC,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,QAAQ;oBAAE,SAAS;gBACnD,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;oBAAE,SAAS;gBAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAClD,IAAI,CAAC,QAAQ;oBAAE,SAAS;gBAExB,MAAM,OAAO,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;gBAC9D,IAAI,OAAO,GAAG,IAAI,CAAC,mBAAmB;oBAAE,SAAS;gBAEjD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACvC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBAClC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;wBACrB,SAAS,EAAE,QAAQ,CAAC,QAAQ;wBAC5B,SAAS,EAAE,KAAK,CAAC,QAAQ;wBACzB,eAAe,EAAE,mBAAmB;wBACpC,eAAe,EAAE,QAAQ;qBAC1B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,0FAA0F;QAC1F,kCAAkC;QAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;QACvC,IAAI,QAAQ,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC;YACtC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACrD,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;gBAC/B,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,QAAQ;oBAAE,SAAS;gBACnD,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;oBAAE,SAAS;gBAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAClD,IAAI,CAAC,QAAQ;oBAAE,SAAS;gBAExB,MAAM,OAAO,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;gBAC9D,IAAI,OAAO,GAAG,IAAI,CAAC,mBAAmB;oBAAE,SAAS;gBAEjD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACvC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBAClC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;wBACrB,SAAS,EAAE,QAAQ,CAAC,QAAQ;wBAC5B,SAAS,EAAE,KAAK,CAAC,QAAQ;wBACzB,eAAe,EAAE,qBAAqB;wBACtC,eAAe,EAAE,GAAG;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACH,gBAAgB,CAAC,KAAW;QAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;aACrC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,IAAI,OAAO,CAAC;aAC1D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,GAAG,CAAC;YACJ,cAAc,EAAE,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC;SACtC,CAAC,CAAC,CAAC;IACR,CAAC;IAED;;;;;OAKG;IACH,iBAAiB,CAAC,OAAe;QAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;aACrC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,OAAO,CAAC;aAC1C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,GAAG,CAAC;YACJ,cAAc,EAAE,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC;SACtC,CAAC,CAAC,CAAC;IACR,CAAC;IAED;;;;OAIG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACH,UAAU;QACR,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAC1C,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC3C,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;QAE3C,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC;YAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC;YAEtD,IAAI,QAAQ,KAAK,UAAU;gBAAE,aAAa,EAAE,CAAC;YAC7C,IAAI,QAAQ,KAAK,MAAM;gBAAE,SAAS,EAAE,CAAC;YACrC,IAAI,OAAO,CAAC,UAAU,KAAK,YAAY;gBAAE,eAAe,EAAE,CAAC;YAE3D,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACvE,IAAI,QAAQ,EAAE,CAAC;gBACb,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAChC,CAAC;YAED,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAE3C,mDAAmD;YACnD,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;gBACjD,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5D,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;YAC/B,aAAa;YACb,SAAS;YACT,eAAe;YACf,eAAe,EAAE,eAAe,CAAC,IAAI;YACrC,cAAc,EAAE,gBAAgB,CAAC,IAAI;YACrC,gBAAgB,EAAE,gBAAgB,CAAC,IAAI;SACxC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,YAAY;QACV,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC;QAC7C,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,KAAK,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YAClD,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,IAAI,MAAM,EAAE,CAAC;gBACpD,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1B,CAAC;QAED,6DAA6D;QAC7D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,cAAc,EAAE,CAAC;QACxB,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CACT,UAAU,QAAQ,CAAC,MAAM,qBAAqB;gBAC5C,OAAO,QAAQ,CAAC,MAAM,QAAQ,CACjC,CAAC;QACJ,CAAC;QAED,OAAO,QAAQ,CAAC,MAAM,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;QAE3B,KAAK,MAAM,CAAC,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YAChD,MAAM,KAAK,GAAe;gBACxB,QAAQ,EAAE,MAAM,CAAC,EAAE;gBACnB,OAAO,EAAE,MAAM,CAAC,aAAa;aAC9B,CAAC;YACF,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;CACF"}

package/dist/types.d.ts

@@ -0,0 +1,141 @@
+/**
+ * Manager type definitions for distributed Guard agent orchestration
+ * Manager 分散式 Guard 代理協調型別定義
+ *
+ * @module @panguard-ai/manager/types
+ */
+import type { SecurityEvent, Severity } from '@panguard-ai/core';
+/** Agent status in the registry / 代理在登錄簿中的狀態 */
+export type AgentStatus = 'online' | 'offline' | 'stale';
+/** Agent platform information / 代理平台資訊 */
+export interface AgentPlatformInfo {
+    readonly os: string;
+    readonly arch: string;
+    readonly ip?: string;
+}
+/** Agent registration record / 代理登錄紀錄 */
+export interface AgentRegistration {
+    readonly agentId: string;
+    readonly hostname: string;
+    readonly platform: AgentPlatformInfo;
+    readonly version: string;
+    readonly registeredAt: string;
+    readonly lastHeartbeat: string;
+    readonly status: AgentStatus;
+}
+/** Incoming registration request from a Guard agent / 來自 Guard 代理的登錄請求 */
+export interface AgentRegistrationRequest {
+    readonly hostname: string;
+    readonly os: string;
+    readonly arch: string;
+    readonly version: string;
+    readonly ip?: string;
+}
+/** Heartbeat data sent by a Guard agent / Guard 代理發送的心跳資料 */
+export interface AgentHeartbeat {
+    readonly agentId: string;
+    readonly timestamp: string;
+    readonly cpuUsage: number;
+    readonly memUsage: number;
+    readonly activeMonitors: number;
+    readonly threatCount: number;
+    readonly eventsProcessed: number;
+    readonly mode: string;
+    readonly uptime: number;
+}
+/** Threat event from a Guard agent / 來自 Guard 代理的威脅事件 */
+export interface ThreatEvent {
+    readonly event: SecurityEvent;
+    readonly verdict: {
+        readonly conclusion: 'benign' | 'suspicious' | 'malicious';
+        readonly confidence: number;
+        readonly action: string;
+    };
+}
+/** Threat report containing one or more threat events / 包含一或多個威脅事件的威脅報告 */
+export interface ThreatReport {
+    readonly agentId: string;
+    readonly threats: readonly ThreatEvent[];
+    readonly reportedAt: string;
+}
+/** Aggregated threat with source attribution and optional correlation / 帶有來源歸屬和可選關聯的聚合威脅 */
+export interface AggregatedThreat {
+    readonly id: string;
+    readonly originalThreat: ThreatEvent;
+    readonly sourceAgentId: string;
+    readonly sourceHostname: string;
+    readonly receivedAt: string;
+    readonly correlatedWith: readonly string[];
+}
+/** Correlation match indicating related threats / 表示相關威脅的關聯比對 */
+export interface CorrelationMatch {
+    readonly threatIdA: string;
+    readonly threatIdB: string;
+    readonly correlationType: 'same_source_ip' | 'same_malware_hash' | 'same_attack_pattern';
+    readonly sharedIndicator: string;
+}
+/** Threat summary for dashboard / 儀表板用威脅摘要 */
+export interface ThreatSummary {
+    readonly totalThreats: number;
+    readonly criticalCount: number;
+    readonly highCount: number;
+    readonly suspiciousCount: number;
+    readonly uniqueAttackers: number;
+    readonly affectedAgents: number;
+    readonly correlatedGroups: number;
+}
+/** Policy rule definition / 策略規則定義 */
+export interface PolicyRule {
+    readonly ruleId: string;
+    readonly type: 'block_ip' | 'alert_threshold' | 'auto_respond' | 'custom';
+    readonly condition: Record<string, unknown>;
+    readonly action: string;
+    readonly severity: Severity;
+    readonly description: string;
+}
+/** Policy update payload / 策略更新內容 */
+export interface PolicyUpdate {
+    readonly policyId: string;
+    readonly version: number;
+    readonly rules: readonly PolicyRule[];
+    readonly updatedAt: string;
+    readonly appliedTo: readonly string[];
+}
+/** Manager server configuration / Manager 伺服器配置 */
+export interface ManagerConfig {
+    readonly port: number;
+    readonly authToken: string;
+    readonly heartbeatIntervalMs: number;
+    readonly heartbeatTimeoutMs: number;
+    readonly maxAgents: number;
+    readonly correlationWindowMs: number;
+    readonly threatRetentionMs: number;
+}
+/** Default manager configuration / 預設 Manager 配置 */
+export declare const DEFAULT_MANAGER_CONFIG: ManagerConfig;
+/** Agent summary for overview display / 代理概覽摘要 */
+export interface AgentOverview {
+    readonly agentId: string;
+    readonly hostname: string;
+    readonly status: AgentStatus;
+    readonly lastHeartbeat: string;
+    readonly threatCount: number;
+}
+/** Full manager overview for dashboard / 儀表板用完整 Manager 概覽 */
+export interface ManagerOverview {
+    readonly totalAgents: number;
+    readonly onlineAgents: number;
+    readonly staleAgents: number;
+    readonly offlineAgents: number;
+    readonly agents: readonly AgentOverview[];
+    readonly threatSummary: ThreatSummary;
+    readonly activePolicyVersion: number;
+    readonly uptimeMs: number;
+}
+/** Policy broadcast result / 策略廣播結果 */
+export interface PolicyBroadcastResult {
+    readonly policyId: string;
+    readonly targetAgents: readonly string[];
+    readonly queuedAt: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAIjE,gDAAgD;AAChD,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,SAAS,GAAG,OAAO,CAAC;AAEzD,0CAA0C;AAC1C,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,yCAAyC;AACzC,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;CAC9B;AAED,0EAA0E;AAC1E,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC;CACtB;AAID,6DAA6D;AAC7D,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAID,yDAAyD;AACzD,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,UAAU,EAAE,QAAQ,GAAG,YAAY,GAAG,WAAW,CAAC;QAC3D,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;QAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;KACzB,CAAC;CACH;AAED,2EAA2E;AAC3E,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,SAAS,WAAW,EAAE,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED,4FAA4F;AAC5F,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,cAAc,EAAE,WAAW,CAAC;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;CAC5C;AAED,iEAAiE;AACjE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,eAAe,EAAE,gBAAgB,GAAG,mBAAmB,GAAG,qBAAqB,CAAC;IACzF,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;CAClC;AAED,8CAA8C;AAC9C,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC;AAID,sCAAsC;AACtC,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,UAAU,GAAG,iBAAiB,GAAG,cAAc,GAAG,QAAQ,CAAC;IAC1E,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,qCAAqC;AACrC,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,SAAS,UAAU,EAAE,CAAC;IACtC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,SAAS,MAAM,EAAE,CAAC;CACvC;AAID,mDAAmD;AACnD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;CACpC;AAED,oDAAoD;AACpD,eAAO,MAAM,sBAAsB,EAAE,aAQpC,CAAC;AAIF,kDAAkD;AAClD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,8DAA8D;AAC9D,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,MAAM,EAAE,SAAS,aAAa,EAAE,CAAC;IAC1C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED,uCAAuC;AACvC,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B"}

package/dist/types.js

@@ -0,0 +1,17 @@
+/**
+ * Manager type definitions for distributed Guard agent orchestration
+ * Manager 分散式 Guard 代理協調型別定義
+ *
+ * @module @panguard-ai/manager/types
+ */
+/** Default manager configuration / 預設 Manager 配置 */
+export const DEFAULT_MANAGER_CONFIG = {
+    port: 8443,
+    authToken: '',
+    heartbeatIntervalMs: 30_000,
+    heartbeatTimeoutMs: 90_000,
+    maxAgents: 500,
+    correlationWindowMs: 300_000, // 5 minutes
+    threatRetentionMs: 86_400_000, // 24 hours
+};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqIH,oDAAoD;AACpD,MAAM,CAAC,MAAM,sBAAsB,GAAkB;IACnD,IAAI,EAAE,IAAI;IACV,SAAS,EAAE,EAAE;IACb,mBAAmB,EAAE,MAAM;IAC3B,kBAAkB,EAAE,MAAM;IAC1B,SAAS,EAAE,GAAG;IACd,mBAAmB,EAAE,OAAO,EAAE,YAAY;IAC1C,iBAAiB,EAAE,UAAU,EAAE,WAAW;CAC3C,CAAC"}

package/dist/utils.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Manager utility functions
+ * Manager 工具函式
+ *
+ * @module @panguard-ai/manager/utils
+ */
+/**
+ * Generate a unique agent ID with a 'ag-' prefix.
+ *
+ * @returns A unique identifier string (e.g., 'ag-a1b2c3d4e5f6')
+ */
+export declare function generateAgentId(): string;
+/**
+ * Generate a unique threat ID with a 'th-' prefix.
+ *
+ * @returns A unique identifier string (e.g., 'th-a1b2c3d4e5f6')
+ */
+export declare function generateThreatId(): string;
+/**
+ * Generate a unique policy ID with a 'pol-' prefix.
+ *
+ * @returns A unique identifier string (e.g., 'pol-a1b2c3d4')
+ */
+export declare function generatePolicyId(): string;
+/**
+ * Generate a secure authentication token.
+ *
+ * @returns A 32-byte hex token string
+ */
+export declare function generateAuthToken(): string;
+/**
+ * Extract source IP from a SecurityEvent's metadata.
+ * Looks for common field names used across different event sources.
+ *
+ * @param metadata - The event metadata record
+ * @returns The source IP string, or undefined if not found
+ */
+export declare function extractSourceIP(metadata: Record<string, unknown>): string | undefined;
+/**
+ * Extract a file hash from a SecurityEvent's metadata.
+ *
+ * @param metadata - The event metadata record
+ * @returns The hash string, or undefined if not found
+ */
+export declare function extractFileHash(metadata: Record<string, unknown>): string | undefined;
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,MAAM,CAExC;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,MAAM,GAAG,SAAS,CAkBpB;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,MAAM,GAAG,SAAS,CAkBpB"}

package/dist/utils.js

@@ -0,0 +1,87 @@
+/**
+ * Manager utility functions
+ * Manager 工具函式
+ *
+ * @module @panguard-ai/manager/utils
+ */
+import { randomBytes } from 'node:crypto';
+/**
+ * Generate a unique agent ID with a 'ag-' prefix.
+ *
+ * @returns A unique identifier string (e.g., 'ag-a1b2c3d4e5f6')
+ */
+export function generateAgentId() {
+    return `ag-${randomBytes(6).toString('hex')}`;
+}
+/**
+ * Generate a unique threat ID with a 'th-' prefix.
+ *
+ * @returns A unique identifier string (e.g., 'th-a1b2c3d4e5f6')
+ */
+export function generateThreatId() {
+    return `th-${randomBytes(6).toString('hex')}`;
+}
+/**
+ * Generate a unique policy ID with a 'pol-' prefix.
+ *
+ * @returns A unique identifier string (e.g., 'pol-a1b2c3d4')
+ */
+export function generatePolicyId() {
+    return `pol-${randomBytes(4).toString('hex')}`;
+}
+/**
+ * Generate a secure authentication token.
+ *
+ * @returns A 32-byte hex token string
+ */
+export function generateAuthToken() {
+    return randomBytes(32).toString('hex');
+}
+/**
+ * Extract source IP from a SecurityEvent's metadata.
+ * Looks for common field names used across different event sources.
+ *
+ * @param metadata - The event metadata record
+ * @returns The source IP string, or undefined if not found
+ */
+export function extractSourceIP(metadata) {
+    const candidates = [
+        'sourceIP',
+        'remoteAddress',
+        'src_ip',
+        'source_ip',
+        'attacker_ip',
+        'client_ip',
+    ];
+    for (const key of candidates) {
+        const value = metadata[key];
+        if (typeof value === 'string' && value.length > 0) {
+            return value;
+        }
+    }
+    return undefined;
+}
+/**
+ * Extract a file hash from a SecurityEvent's metadata.
+ *
+ * @param metadata - The event metadata record
+ * @returns The hash string, or undefined if not found
+ */
+export function extractFileHash(metadata) {
+    const candidates = [
+        'sha256',
+        'sha1',
+        'md5',
+        'fileHash',
+        'hash',
+        'malwareHash',
+    ];
+    for (const key of candidates) {
+        const value = metadata[key];
+        if (typeof value === 'string' && value.length > 0) {
+            return value;
+        }
+    }
+    return undefined;
+}
+//# sourceMappingURL=utils.js.map

package/dist/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;;GAIG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,MAAM,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AAChD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,MAAM,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AAChD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACjD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAiC;IAEjC,MAAM,UAAU,GAAG;QACjB,UAAU;QACV,eAAe;QACf,QAAQ;QACR,WAAW;QACX,aAAa;QACb,WAAW;KACZ,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAiC;IAEjC,MAAM,UAAU,GAAG;QACjB,QAAQ;QACR,MAAM;QACN,KAAK;QACL,UAAU;QACV,MAAM;QACN,aAAa;KACd,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}