@panguard-ai/panguard-guard 0.1.0

package/dist/license/index.js

@@ -0,0 +1,145 @@
+/**
+ * License Key Validation and Feature Gating
+ * 授權金鑰驗證與功能閘
+ *
+ * Validates license keys in the format CLAW-TIER-XXXX-XXXX-XXXX,
+ * determines tier (Free/Pro/Enterprise), and gates features accordingly.
+ * 驗證格式為 CLAW-TIER-XXXX-XXXX-XXXX 的授權金鑰，
+ * 判定等級（Free/Pro/Enterprise），並據此控制功能閘。
+ *
+ * @module @panguard-ai/panguard-guard/license
+ */
+import { createLogger } from '@panguard-ai/core';
+import { TIER_FEATURES } from '../types.js';
+const logger = createLogger('panguard-guard:license');
+/** License key format: CLAW-TIER-XXXX-XXXX-XXXX / 授權金鑰格式 */
+const LICENSE_PATTERN = /^CLAW-(FREE|PRO|ENT)-([A-Z0-9]{4})-([A-Z0-9]{4})-([A-Z0-9]{4})$/;
+/** Tier mapping from key prefix / 從金鑰前綴映射等級 */
+const TIER_MAP = {
+    FREE: 'free',
+    PRO: 'pro',
+    ENT: 'enterprise',
+};
+/**
+ * Validate a license key and return license information
+ * 驗證授權金鑰並回傳授權資訊
+ *
+ * Key format: CLAW-{TIER}-{XXXX}-{XXXX}-{XXXX}
+ * - TIER: FREE, PRO, or ENT
+ * - X: Alphanumeric characters
+ * - Last 4 characters contain a checksum
+ *
+ * @param key - The license key to validate / 要驗證的授權金鑰
+ * @returns License information / 授權資訊
+ */
+export function validateLicense(key) {
+    // No key = free tier / 無金鑰 = 免費等級
+    if (!key || key.trim() === '') {
+        logger.info('No license key provided, using Free tier / 未提供授權金鑰，使用免費等級');
+        return {
+            key: '',
+            tier: 'free',
+            isValid: true,
+            features: TIER_FEATURES.free,
+        };
+    }
+    const normalizedKey = key.trim().toUpperCase();
+    const match = normalizedKey.match(LICENSE_PATTERN);
+    if (!match) {
+        logger.warn(`Invalid license key format: ${maskKey(normalizedKey)} / 無效的授權金鑰格式`);
+        return {
+            key: normalizedKey,
+            tier: 'free',
+            isValid: false,
+            features: TIER_FEATURES.free,
+        };
+    }
+    const tierCode = match[1];
+    const segment2 = match[2];
+    const segment3 = match[3];
+    const segment4 = match[4];
+    // Validate checksum: last character of segment4 should equal
+    // sum of all alphanumeric values mod 36 converted to base36
+    // 驗證校驗碼
+    const checksumValid = validateChecksum(tierCode, segment2, segment3, segment4);
+    if (!checksumValid) {
+        logger.warn(`License key checksum failed: ${maskKey(normalizedKey)} / 授權金鑰校驗碼失敗`);
+        return {
+            key: normalizedKey,
+            tier: 'free',
+            isValid: false,
+            features: TIER_FEATURES.free,
+        };
+    }
+    const tier = TIER_MAP[tierCode] ?? 'free';
+    const features = TIER_FEATURES[tier];
+    logger.info(`License validated: ${tier} tier / 授權已驗證: ${tier} 等級`);
+    return {
+        key: normalizedKey,
+        tier,
+        isValid: true,
+        features,
+        maxEndpoints: tier === 'enterprise' ? 1000 : tier === 'pro' ? 10 : 1,
+    };
+}
+/**
+ * Check if a feature is available for the given license
+ * 檢查功能是否適用於給定的授權
+ *
+ * @param license - License information / 授權資訊
+ * @param feature - Feature name to check / 要檢查的功能名稱
+ * @returns True if feature is available / 功能可用時回傳 true
+ */
+export function hasFeature(license, feature) {
+    return license.features.includes(feature);
+}
+/**
+ * Get all features for a tier / 取得等級的所有功能
+ */
+export function getTierFeatures(tier) {
+    return TIER_FEATURES[tier];
+}
+/**
+ * Generate a license key for testing / 產生測試用授權金鑰
+ *
+ * @param tier - The tier to generate for / 要產生的等級
+ * @returns A valid license key / 有效的授權金鑰
+ */
+export function generateTestLicenseKey(tier) {
+    const tierCode = tier === 'enterprise' ? 'ENT' : tier === 'pro' ? 'PRO' : 'FREE';
+    // Generate random segments / 產生隨機段落
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+    const randomChar = () => chars.charAt(Math.floor(Math.random() * chars.length));
+    const seg2 = randomChar() + randomChar() + randomChar() + randomChar();
+    const seg3 = randomChar() + randomChar() + randomChar() + randomChar();
+    // Calculate checksum for segment 4 / 計算段落 4 的校驗碼
+    const seg4base = randomChar() + randomChar() + randomChar();
+    const checkChar = calculateCheckChar(tierCode, seg2, seg3, seg4base);
+    return `CLAW-${tierCode}-${seg2}-${seg3}-${seg4base}${checkChar}`;
+}
+// ---------------------------------------------------------------------------
+// Internal / 內部函數
+// ---------------------------------------------------------------------------
+/** Validate checksum of license key segments / 驗證授權金鑰段落的校驗碼 */
+function validateChecksum(tierCode, seg2, seg3, seg4) {
+    const seg4base = seg4.slice(0, 3);
+    const checkChar = seg4[3];
+    const expected = calculateCheckChar(tierCode, seg2, seg3, seg4base);
+    return checkChar === expected;
+}
+/** Calculate the check character / 計算校驗字元 */
+function calculateCheckChar(tierCode, seg2, seg3, seg4base) {
+    const allChars = tierCode + seg2 + seg3 + seg4base;
+    let sum = 0;
+    for (const ch of allChars) {
+        sum += parseInt(ch, 36);
+    }
+    return (sum % 36).toString(36).toUpperCase();
+}
+/** Mask a license key for logging (show first 8 and last 4 chars) / 遮罩授權金鑰 */
+function maskKey(key) {
+    if (key.length <= 12)
+        return '****';
+    return key.slice(0, 8) + '****' + key.slice(-4);
+}
+//# sourceMappingURL=index.js.map

package/dist/license/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/license/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,MAAM,GAAG,YAAY,CAAC,wBAAwB,CAAC,CAAC;AAEtD,4DAA4D;AAC5D,MAAM,eAAe,GAAG,iEAAiE,CAAC;AAE1F,+CAA+C;AAC/C,MAAM,QAAQ,GAAgC;IAC5C,IAAI,EAAE,MAAM;IACZ,GAAG,EAAE,KAAK;IACV,GAAG,EAAE,YAAY;CAClB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAAC,GAAuB;IACrD,kCAAkC;IAClC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QACzE,OAAO;YACL,GAAG,EAAE,EAAE;YACP,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,aAAa,CAAC,IAAI;SAC7B,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAEnD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,+BAA+B,OAAO,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;QACjF,OAAO;YACL,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,aAAa,CAAC,IAAI;SAC7B,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAE3B,6DAA6D;IAC7D,4DAA4D;IAC5D,QAAQ;IACR,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAE/E,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CAAC,gCAAgC,OAAO,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;QAClF,OAAO;YACL,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,aAAa,CAAC,IAAI;SAC7B,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAgB,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC;IACvD,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,CAAC,IAAI,CAAC,sBAAsB,IAAI,kBAAkB,IAAI,KAAK,CAAC,CAAC;IAEnE,OAAO;QACL,GAAG,EAAE,aAAa;QAClB,IAAI;QACJ,OAAO,EAAE,IAAI;QACb,QAAQ;QACR,YAAY,EAAE,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;KACrE,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,UAAU,CAAC,OAAoB,EAAE,OAAe;IAC9D,OAAO,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAiB;IAC/C,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAiB;IACtD,MAAM,QAAQ,GAAG,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;IAEjF,oCAAoC;IACpC,MAAM,KAAK,GAAG,sCAAsC,CAAC;IACrD,MAAM,UAAU,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IAEhF,MAAM,IAAI,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,CAAC;IACvE,MAAM,IAAI,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,CAAC;IAEvE,iDAAiD;IACjD,MAAM,QAAQ,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,CAAC;IAC5D,MAAM,SAAS,GAAG,kBAAkB,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAErE,OAAO,QAAQ,QAAQ,IAAI,IAAI,IAAI,IAAI,IAAI,QAAQ,GAAG,SAAS,EAAE,CAAC;AACpE,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,+DAA+D;AAC/D,SAAS,gBAAgB,CAAC,QAAgB,EAAE,IAAY,EAAE,IAAY,EAAE,IAAY;IAClF,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACpE,OAAO,SAAS,KAAK,QAAQ,CAAC;AAChC,CAAC;AAED,6CAA6C;AAC7C,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAAY,EACZ,IAAY,EACZ,QAAgB;IAEhB,MAAM,QAAQ,GAAG,QAAQ,GAAG,IAAI,GAAG,IAAI,GAAG,QAAQ,CAAC;IACnD,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC1B,GAAG,IAAI,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,SAAS,OAAO,CAAC,GAAW;IAC1B,IAAI,GAAG,CAAC,MAAM,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IACpC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAClD,CAAC"}

package/dist/memory/baseline.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Baseline Memory - Environment behavior baseline management
+ * 基線記憶 - 環境行為基線管理
+ *
+ * Tracks normal system behavior patterns and detects deviations.
+ * 追蹤正常系統行為模式並偵測偏離。
+ *
+ * @module @panguard-ai/panguard-guard/memory/baseline
+ */
+import type { SecurityEvent } from '@panguard-ai/core';
+import type { EnvironmentBaseline, DeviationResult } from '../types.js';
+/**
+ * Create an empty baseline / 建立空白基線
+ */
+export declare function createEmptyBaseline(): EnvironmentBaseline;
+/**
+ * Check if a security event deviates from the environment baseline
+ * 檢查安全事件是否偏離環境基線
+ *
+ * @param baseline - The current environment baseline / 當前環境基線
+ * @param event - The security event to check / 要檢查的安全事件
+ * @returns DeviationResult indicating whether a deviation was found / 偏離結果
+ */
+export declare function checkDeviation(baseline: EnvironmentBaseline, event: SecurityEvent): DeviationResult;
+/**
+ * Update the baseline with a new event (learning mode)
+ * 使用新事件更新基線（學習模式）
+ *
+ * @param baseline - The current baseline to update / 要更新的當前基線
+ * @param event - The security event to learn from / 要學習的安全事件
+ * @returns Updated baseline / 更新後的基線
+ */
+export declare function updateBaseline(baseline: EnvironmentBaseline, event: SecurityEvent): EnvironmentBaseline;
+//# sourceMappingURL=baseline.d.ts.map

package/dist/memory/baseline.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"baseline.d.ts","sourceRoot":"","sources":["../../src/memory/baseline.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,KAAK,EACV,mBAAmB,EACnB,eAAe,EAIhB,MAAM,aAAa,CAAC;AAIrB;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,mBAAmB,CAYzD;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,mBAAmB,EAC7B,KAAK,EAAE,aAAa,GACnB,eAAe,CA8DjB;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,mBAAmB,EAC7B,KAAK,EAAE,aAAa,GACnB,mBAAmB,CA2DrB"}

package/dist/memory/baseline.js

@@ -0,0 +1,224 @@
+/**
+ * Baseline Memory - Environment behavior baseline management
+ * 基線記憶 - 環境行為基線管理
+ *
+ * Tracks normal system behavior patterns and detects deviations.
+ * 追蹤正常系統行為模式並偵測偏離。
+ *
+ * @module @panguard-ai/panguard-guard/memory/baseline
+ */
+import { createLogger } from '@panguard-ai/core';
+const logger = createLogger('panguard-guard:baseline');
+/**
+ * Create an empty baseline / 建立空白基線
+ */
+export function createEmptyBaseline() {
+    return {
+        normalProcesses: [],
+        normalConnections: [],
+        normalLoginPatterns: [],
+        normalServicePorts: [],
+        learningStarted: new Date().toISOString(),
+        learningComplete: false,
+        confidenceLevel: 0,
+        lastUpdated: new Date().toISOString(),
+        eventCount: 0,
+    };
+}
+/**
+ * Check if a security event deviates from the environment baseline
+ * 檢查安全事件是否偏離環境基線
+ *
+ * @param baseline - The current environment baseline / 當前環境基線
+ * @param event - The security event to check / 要檢查的安全事件
+ * @returns DeviationResult indicating whether a deviation was found / 偏離結果
+ */
+export function checkDeviation(baseline, event) {
+    // Check for new process / 檢查新程序
+    if (event.source === 'process') {
+        const processName = extractProcessName(event);
+        if (processName) {
+            const known = baseline.normalProcesses.some((p) => p.name === processName);
+            if (!known) {
+                return {
+                    isDeviation: true,
+                    deviationType: 'new_process',
+                    confidence: 70,
+                    description: `New process detected: ${processName} (not in baseline) / ` +
+                        `偵測到新程序: ${processName} (不在基線中)`,
+                };
+            }
+        }
+    }
+    // Check for new network destination / 檢查新網路目的地
+    if (event.source === 'network') {
+        const remoteAddr = extractRemoteAddress(event);
+        if (remoteAddr) {
+            const known = baseline.normalConnections.some((c) => c.remoteAddress === remoteAddr);
+            if (!known) {
+                return {
+                    isDeviation: true,
+                    deviationType: 'new_network_dest',
+                    confidence: 65,
+                    description: `New network destination: ${remoteAddr} (not in baseline) / ` +
+                        `偵測到新網路目的地: ${remoteAddr} (不在基線中)`,
+                };
+            }
+        }
+    }
+    // Check for new user login pattern / 檢查新使用者登入模式
+    const username = extractUsername(event);
+    if (username) {
+        const known = baseline.normalLoginPatterns.some((l) => l.username === username);
+        if (!known) {
+            return {
+                isDeviation: true,
+                deviationType: 'new_user',
+                confidence: 60,
+                description: `New user activity: ${username} (not in baseline) / ` +
+                    `偵測到新使用者活動: ${username} (不在基線中)`,
+            };
+        }
+    }
+    // No deviation / 無偏離
+    return {
+        isDeviation: false,
+        deviationType: 'none',
+        confidence: 0,
+        description: 'Event within normal baseline parameters / 事件在正常基線參數範圍內',
+    };
+}
+/**
+ * Update the baseline with a new event (learning mode)
+ * 使用新事件更新基線（學習模式）
+ *
+ * @param baseline - The current baseline to update / 要更新的當前基線
+ * @param event - The security event to learn from / 要學習的安全事件
+ * @returns Updated baseline / 更新後的基線
+ */
+export function updateBaseline(baseline, event) {
+    const now = new Date().toISOString();
+    const updated = {
+        ...baseline,
+        lastUpdated: now,
+        eventCount: baseline.eventCount + 1,
+    };
+    // Update process patterns / 更新程序模式
+    if (event.source === 'process') {
+        const processName = extractProcessName(event);
+        if (processName) {
+            updated.normalProcesses = updateProcessPatterns([...baseline.normalProcesses], processName, event.metadata?.['processPath'] ?? undefined, now);
+        }
+    }
+    // Update connection patterns / 更新連線模式
+    if (event.source === 'network') {
+        const remoteAddr = extractRemoteAddress(event);
+        if (remoteAddr) {
+            updated.normalConnections = updateConnectionPatterns([...baseline.normalConnections], remoteAddr, event.metadata?.['remotePort'] ?? 0, event.metadata?.['protocol'] ?? 'tcp', now);
+        }
+    }
+    // Update login patterns / 更新登入模式
+    const username = extractUsername(event);
+    if (username) {
+        const eventDate = event.timestamp instanceof Date ? event.timestamp : new Date(event.timestamp);
+        updated.normalLoginPatterns = updateLoginPatterns([...baseline.normalLoginPatterns], username, event.metadata?.['sourceIP'] ?? undefined, eventDate.getHours(), eventDate.getDay(), now);
+    }
+    // Recalculate confidence / 重新計算信心度
+    updated.confidenceLevel = calculateConfidence(updated);
+    logger.info(`Baseline updated: ${event.source}/${event.category} ` +
+        `(events: ${updated.eventCount}, confidence: ${(updated.confidenceLevel * 100).toFixed(1)}%) / ` +
+        `基線已更新`);
+    return updated;
+}
+// ---------------------------------------------------------------------------
+// Internal helpers / 內部輔助函數
+// ---------------------------------------------------------------------------
+/** Extract process name from event metadata / 從事件 metadata 提取程序名稱 */
+function extractProcessName(event) {
+    return event.metadata?.['processName'] ?? undefined;
+}
+/** Extract remote address from event metadata / 從事件 metadata 提取遠端地址 */
+function extractRemoteAddress(event) {
+    return (event.metadata?.['remoteAddress'] ??
+        event.metadata?.['destinationIP'] ??
+        event.metadata?.['sourceIP'] ??
+        undefined);
+}
+/** Extract username from event metadata / 從事件 metadata 提取使用者名稱 */
+function extractUsername(event) {
+    return (event.metadata?.['user'] ?? event.metadata?.['username'] ?? undefined);
+}
+/** Update process patterns list / 更新程序模式列表 */
+function updateProcessPatterns(patterns, name, path, now) {
+    const existing = patterns.find((p) => p.name === name);
+    if (existing) {
+        existing.frequency += 1;
+        existing.lastSeen = now;
+    }
+    else {
+        patterns.push({
+            name,
+            path,
+            frequency: 1,
+            firstSeen: now,
+            lastSeen: now,
+        });
+    }
+    return patterns;
+}
+/** Update connection patterns list / 更新連線模式列表 */
+function updateConnectionPatterns(patterns, remoteAddress, remotePort, protocol, now) {
+    const existing = patterns.find((c) => c.remoteAddress === remoteAddress && c.remotePort === remotePort);
+    if (existing) {
+        existing.frequency += 1;
+        existing.lastSeen = now;
+    }
+    else {
+        patterns.push({
+            remoteAddress,
+            remotePort,
+            protocol,
+            frequency: 1,
+            firstSeen: now,
+            lastSeen: now,
+        });
+    }
+    return patterns;
+}
+/** Update login patterns list / 更新登入模式列表 */
+function updateLoginPatterns(patterns, username, sourceIP, hourOfDay, dayOfWeek, now) {
+    const existing = patterns.find((l) => l.username === username);
+    if (existing) {
+        existing.frequency += 1;
+        existing.lastSeen = now;
+    }
+    else {
+        patterns.push({
+            username,
+            sourceIP,
+            hourOfDay,
+            dayOfWeek,
+            frequency: 1,
+            firstSeen: now,
+            lastSeen: now,
+        });
+    }
+    return patterns;
+}
+/**
+ * Calculate baseline confidence based on data volume
+ * 根據數據量計算基線信心度
+ *
+ * Confidence grows logarithmically with event count, capping at 0.95
+ * 信心度隨事件數量對數增長，上限為 0.95
+ */
+function calculateConfidence(baseline) {
+    const minEvents = 100;
+    const targetEvents = 10000;
+    if (baseline.eventCount < minEvents) {
+        return (baseline.eventCount / minEvents) * 0.3;
+    }
+    const logProgress = Math.log(baseline.eventCount / minEvents) / Math.log(targetEvents / minEvents);
+    return Math.min(0.95, 0.3 + logProgress * 0.65);
+}
+//# sourceMappingURL=baseline.js.map

package/dist/memory/baseline.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"baseline.js","sourceRoot":"","sources":["../../src/memory/baseline.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAUjD,MAAM,MAAM,GAAG,YAAY,CAAC,yBAAyB,CAAC,CAAC;AAEvD;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO;QACL,eAAe,EAAE,EAAE;QACnB,iBAAiB,EAAE,EAAE;QACrB,mBAAmB,EAAE,EAAE;QACvB,kBAAkB,EAAE,EAAE;QACtB,eAAe,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACzC,gBAAgB,EAAE,KAAK;QACvB,eAAe,EAAE,CAAC;QAClB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,UAAU,EAAE,CAAC;KACd,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,QAA6B,EAC7B,KAAoB;IAEpB,gCAAgC;IAChC,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC9C,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC;YAC3F,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,WAAW,EAAE,IAAI;oBACjB,aAAa,EAAE,aAAa;oBAC5B,UAAU,EAAE,EAAE;oBACd,WAAW,EACT,yBAAyB,WAAW,uBAAuB;wBAC3D,WAAW,WAAW,UAAU;iBACnC,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,KAAK,GAAG,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAC3C,CAAC,CAAoB,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,UAAU,CACzD,CAAC;YACF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,WAAW,EAAE,IAAI;oBACjB,aAAa,EAAE,kBAAkB;oBACjC,UAAU,EAAE,EAAE;oBACd,WAAW,EACT,4BAA4B,UAAU,uBAAuB;wBAC7D,cAAc,UAAU,UAAU;iBACrC,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAe,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;QAC9F,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,aAAa,EAAE,UAAU;gBACzB,UAAU,EAAE,EAAE;gBACd,WAAW,EACT,sBAAsB,QAAQ,uBAAuB;oBACrD,cAAc,QAAQ,UAAU;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,OAAO;QACL,WAAW,EAAE,KAAK;QAClB,aAAa,EAAE,MAAM;QACrB,UAAU,EAAE,CAAC;QACb,WAAW,EAAE,wDAAwD;KACtE,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,QAA6B,EAC7B,KAAoB;IAEpB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,OAAO,GAAwB;QACnC,GAAG,QAAQ;QACX,WAAW,EAAE,GAAG;QAChB,UAAU,EAAE,QAAQ,CAAC,UAAU,GAAG,CAAC;KACpC,CAAC;IAEF,mCAAmC;IACnC,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC9C,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,CAAC,eAAe,GAAG,qBAAqB,CAC7C,CAAC,GAAG,QAAQ,CAAC,eAAe,CAAC,EAC7B,WAAW,EACV,KAAK,CAAC,QAAQ,EAAE,CAAC,aAAa,CAAY,IAAI,SAAS,EACxD,GAAG,CACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,iBAAiB,GAAG,wBAAwB,CAClD,CAAC,GAAG,QAAQ,CAAC,iBAAiB,CAAC,EAC/B,UAAU,EACT,KAAK,CAAC,QAAQ,EAAE,CAAC,YAAY,CAAY,IAAI,CAAC,EAC9C,KAAK,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAY,IAAI,KAAK,EACjD,GAAG,CACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAChG,OAAO,CAAC,mBAAmB,GAAG,mBAAmB,CAC/C,CAAC,GAAG,QAAQ,CAAC,mBAAmB,CAAC,EACjC,QAAQ,EACP,KAAK,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAY,IAAI,SAAS,EACrD,SAAS,CAAC,QAAQ,EAAE,EACpB,SAAS,CAAC,MAAM,EAAE,EAClB,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,OAAO,CAAC,eAAe,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,CAAC,IAAI,CACT,qBAAqB,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,GAAG;QACpD,YAAY,OAAO,CAAC,UAAU,iBAAiB,CAAC,OAAO,CAAC,eAAe,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;QAChG,OAAO,CACV,CAAC;IAEF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,qEAAqE;AACrE,SAAS,kBAAkB,CAAC,KAAoB;IAC9C,OAAQ,KAAK,CAAC,QAAQ,EAAE,CAAC,aAAa,CAAY,IAAI,SAAS,CAAC;AAClE,CAAC;AAED,uEAAuE;AACvE,SAAS,oBAAoB,CAAC,KAAoB;IAChD,OAAO,CACJ,KAAK,CAAC,QAAQ,EAAE,CAAC,eAAe,CAAY;QAC5C,KAAK,CAAC,QAAQ,EAAE,CAAC,eAAe,CAAY;QAC5C,KAAK,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAY;QACxC,SAAS,CACV,CAAC;AACJ,CAAC;AAED,kEAAkE;AAClE,SAAS,eAAe,CAAC,KAAoB;IAC3C,OAAO,CACJ,KAAK,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAY,IAAK,KAAK,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAY,IAAI,SAAS,CAC9F,CAAC;AACJ,CAAC;AAED,8CAA8C;AAC9C,SAAS,qBAAqB,CAC5B,QAA0B,EAC1B,IAAY,EACZ,IAAwB,EACxB,GAAW;IAEX,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACvD,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,SAAS,IAAI,CAAC,CAAC;QACxB,QAAQ,CAAC,QAAQ,GAAG,GAAG,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI;YACJ,IAAI;YACJ,SAAS,EAAE,CAAC;YACZ,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,GAAG;SACd,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,iDAAiD;AACjD,SAAS,wBAAwB,CAC/B,QAA6B,EAC7B,aAAqB,EACrB,UAAkB,EAClB,QAAgB,EAChB,GAAW;IAEX,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,aAAa,IAAI,CAAC,CAAC,UAAU,KAAK,UAAU,CACxE,CAAC;IACF,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,SAAS,IAAI,CAAC,CAAC;QACxB,QAAQ,CAAC,QAAQ,GAAG,GAAG,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC;YACZ,aAAa;YACb,UAAU;YACV,QAAQ;YACR,SAAS,EAAE,CAAC;YACZ,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,GAAG;SACd,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,4CAA4C;AAC5C,SAAS,mBAAmB,CAC1B,QAAwB,EACxB,QAAgB,EAChB,QAA4B,EAC5B,SAAiB,EACjB,SAAiB,EACjB,GAAW;IAEX,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IAC/D,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,SAAS,IAAI,CAAC,CAAC;QACxB,QAAQ,CAAC,QAAQ,GAAG,GAAG,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ;YACR,QAAQ;YACR,SAAS;YACT,SAAS;YACT,SAAS,EAAE,CAAC;YACZ,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,GAAG;SACd,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,QAA6B;IACxD,MAAM,SAAS,GAAG,GAAG,CAAC;IACtB,MAAM,YAAY,GAAG,KAAK,CAAC;IAE3B,IAAI,QAAQ,CAAC,UAAU,GAAG,SAAS,EAAE,CAAC;QACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,GAAG,SAAS,CAAC,GAAG,GAAG,CAAC;IACjD,CAAC;IAED,MAAM,WAAW,GACf,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC;IACjF,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,GAAG,WAAW,GAAG,IAAI,CAAC,CAAC;AAClD,CAAC"}

package/dist/memory/index.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Context Memory Module
+ * Context Memory 模組
+ *
+ * Environment behavior baseline management with learning period support.
+ * Tracks normal system behavior during learning mode and detects
+ * deviations once in protection mode.
+ * 環境行為基線管理，支援學習期。在學習模式中追蹤正常系統行為，
+ * 進入防護模式後偵測偏離。
+ *
+ * @module @panguard-ai/panguard-guard/memory
+ */
+import type { EnvironmentBaseline } from '../types.js';
+export { createEmptyBaseline, checkDeviation, updateBaseline } from './baseline.js';
+export { isLearningComplete, getLearningProgress, getRemainingDays, switchToProtectionMode, getBaselineSummary, } from './learning.js';
+/**
+ * Load baseline from a JSON file, or create empty if not found
+ * 從 JSON 檔案載入基線，找不到則建立空白基線
+ *
+ * @param filePath - Path to the baseline JSON file / 基線 JSON 檔案路徑
+ * @returns The loaded or newly created baseline / 載入或新建的基線
+ */
+export declare function loadBaseline(filePath: string): EnvironmentBaseline;
+/**
+ * Save baseline to a JSON file
+ * 將基線儲存至 JSON 檔案
+ *
+ * @param filePath - Path to save the baseline / 儲存基線的路徑
+ * @param baseline - The baseline to save / 要儲存的基線
+ */
+export declare function saveBaseline(filePath: string, baseline: EnvironmentBaseline): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/memory/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/memory/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAKvD,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAEpF,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAEvB;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,mBAAmB,CAalE;AAED;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CASlF"}

package/dist/memory/index.js

@@ -0,0 +1,58 @@
+/**
+ * Context Memory Module
+ * Context Memory 模組
+ *
+ * Environment behavior baseline management with learning period support.
+ * Tracks normal system behavior during learning mode and detects
+ * deviations once in protection mode.
+ * 環境行為基線管理，支援學習期。在學習模式中追蹤正常系統行為，
+ * 進入防護模式後偵測偏離。
+ *
+ * @module @panguard-ai/panguard-guard/memory
+ */
+import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { dirname } from 'node:path';
+import { createLogger } from '@panguard-ai/core';
+import { createEmptyBaseline } from './baseline.js';
+const logger = createLogger('panguard-guard:memory');
+export { createEmptyBaseline, checkDeviation, updateBaseline } from './baseline.js';
+export { isLearningComplete, getLearningProgress, getRemainingDays, switchToProtectionMode, getBaselineSummary, } from './learning.js';
+/**
+ * Load baseline from a JSON file, or create empty if not found
+ * 從 JSON 檔案載入基線，找不到則建立空白基線
+ *
+ * @param filePath - Path to the baseline JSON file / 基線 JSON 檔案路徑
+ * @returns The loaded or newly created baseline / 載入或新建的基線
+ */
+export function loadBaseline(filePath) {
+    try {
+        const raw = readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        logger.info(`Baseline loaded from ${filePath} / 已從 ${filePath} 載入基線`);
+        return parsed;
+    }
+    catch {
+        logger.info(`No existing baseline at ${filePath}, creating empty / ` +
+            `${filePath} 無現有基線，建立空白基線`);
+        return createEmptyBaseline();
+    }
+}
+/**
+ * Save baseline to a JSON file
+ * 將基線儲存至 JSON 檔案
+ *
+ * @param filePath - Path to save the baseline / 儲存基線的路徑
+ * @param baseline - The baseline to save / 要儲存的基線
+ */
+export function saveBaseline(filePath, baseline) {
+    try {
+        mkdirSync(dirname(filePath), { recursive: true });
+        writeFileSync(filePath, JSON.stringify(baseline, null, 2), 'utf-8');
+        logger.info(`Baseline saved to ${filePath} / 基線已儲存至 ${filePath}`);
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        logger.error(`Failed to save baseline: ${msg} / 儲存基線失敗: ${msg}`);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/memory/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/memory/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACjE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAEpD,MAAM,MAAM,GAAG,YAAY,CAAC,uBAAuB,CAAC,CAAC;AAErD,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAEpF,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAEvB;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,wBAAwB,QAAQ,SAAS,QAAQ,OAAO,CAAC,CAAC;QACtE,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CACT,2BAA2B,QAAQ,qBAAqB;YACtD,GAAG,QAAQ,eAAe,CAC7B,CAAC;QACF,OAAO,mBAAmB,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,QAA6B;IAC1E,IAAI,CAAC;QACH,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAClD,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACpE,MAAM,CAAC,IAAI,CAAC,qBAAqB,QAAQ,aAAa,QAAQ,EAAE,CAAC,CAAC;IACpE,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,CAAC,KAAK,CAAC,4BAA4B,GAAG,cAAc,GAAG,EAAE,CAAC,CAAC;IACnE,CAAC;AACH,CAAC"}

package/dist/memory/learning.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Learning period management for Context Memory
+ * Context Memory 的學習期管理
+ * @module @panguard-ai/panguard-guard/memory/learning
+ */
+import type { EnvironmentBaseline } from '../types.js';
+/**
+ * Check if the learning period has completed / 檢查學習期是否已完成
+ */
+export declare function isLearningComplete(baseline: EnvironmentBaseline, learningDays: number): boolean;
+/**
+ * Get learning progress as a percentage (0-100) / 取得學習進度百分比
+ */
+export declare function getLearningProgress(baseline: EnvironmentBaseline, learningDays: number): number;
+/**
+ * Get remaining learning days / 取得剩餘學習天數
+ */
+export declare function getRemainingDays(baseline: EnvironmentBaseline, learningDays: number): number;
+/**
+ * Switch baseline to protection mode / 將基線切換到防護模式
+ */
+export declare function switchToProtectionMode(baseline: EnvironmentBaseline): EnvironmentBaseline;
+/**
+ * Get baseline summary for display / 取得基線摘要
+ */
+export declare function getBaselineSummary(baseline: EnvironmentBaseline): {
+    processCount: number;
+    connectionCount: number;
+    loginPatternCount: number;
+    portCount: number;
+    eventCount: number;
+    confidenceLevel: number;
+    learningComplete: boolean;
+};
+//# sourceMappingURL=learning.d.ts.map

package/dist/memory/learning.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"learning.d.ts","sourceRoot":"","sources":["../../src/memory/learning.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAIvD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAK/F;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAK/F;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAK5F;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,mBAAmB,GAAG,mBAAmB,CAMzF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,mBAAmB,GAAG;IACjE,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;CAC3B,CAUA"}

package/dist/memory/learning.js

@@ -0,0 +1,60 @@
+/**
+ * Learning period management for Context Memory
+ * Context Memory 的學習期管理
+ * @module @panguard-ai/panguard-guard/memory/learning
+ */
+import { createLogger } from '@panguard-ai/core';
+const logger = createLogger('panguard-guard:learning');
+/**
+ * Check if the learning period has completed / 檢查學習期是否已完成
+ */
+export function isLearningComplete(baseline, learningDays) {
+    if (baseline.learningComplete)
+        return true;
+    const startTime = new Date(baseline.learningStarted).getTime();
+    const elapsedDays = (Date.now() - startTime) / (1000 * 60 * 60 * 24);
+    return elapsedDays >= learningDays;
+}
+/**
+ * Get learning progress as a percentage (0-100) / 取得學習進度百分比
+ */
+export function getLearningProgress(baseline, learningDays) {
+    if (baseline.learningComplete)
+        return 100;
+    const startTime = new Date(baseline.learningStarted).getTime();
+    const elapsedDays = (Date.now() - startTime) / (1000 * 60 * 60 * 24);
+    return Math.round(Math.min((elapsedDays / learningDays) * 100, 100));
+}
+/**
+ * Get remaining learning days / 取得剩餘學習天數
+ */
+export function getRemainingDays(baseline, learningDays) {
+    if (baseline.learningComplete)
+        return 0;
+    const startTime = new Date(baseline.learningStarted).getTime();
+    const elapsedDays = (Date.now() - startTime) / (1000 * 60 * 60 * 24);
+    return Math.ceil(Math.max(learningDays - elapsedDays, 0));
+}
+/**
+ * Switch baseline to protection mode / 將基線切換到防護模式
+ */
+export function switchToProtectionMode(baseline) {
+    logger.info(`Switching to protection mode. Processes: ${baseline.normalProcesses.length}, ` +
+        `Connections: ${baseline.normalConnections.length}, Login patterns: ${baseline.normalLoginPatterns.length} / 切換至防護模式`);
+    return { ...baseline, learningComplete: true, lastUpdated: new Date().toISOString() };
+}
+/**
+ * Get baseline summary for display / 取得基線摘要
+ */
+export function getBaselineSummary(baseline) {
+    return {
+        processCount: baseline.normalProcesses.length,
+        connectionCount: baseline.normalConnections.length,
+        loginPatternCount: baseline.normalLoginPatterns.length,
+        portCount: baseline.normalServicePorts.length,
+        eventCount: baseline.eventCount,
+        confidenceLevel: baseline.confidenceLevel,
+        learningComplete: baseline.learningComplete,
+    };
+}
+//# sourceMappingURL=learning.js.map

package/dist/memory/learning.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"learning.js","sourceRoot":"","sources":["../../src/memory/learning.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGjD,MAAM,MAAM,GAAG,YAAY,CAAC,yBAAyB,CAAC,CAAC;AAEvD;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA6B,EAAE,YAAoB;IACpF,IAAI,QAAQ,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,EAAE,CAAC;IAC/D,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACrE,OAAO,WAAW,IAAI,YAAY,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAA6B,EAAE,YAAoB;IACrF,IAAI,QAAQ,CAAC,gBAAgB;QAAE,OAAO,GAAG,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,EAAE,CAAC;IAC/D,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,GAAG,YAAY,CAAC,GAAG,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAA6B,EAAE,YAAoB;IAClF,IAAI,QAAQ,CAAC,gBAAgB;QAAE,OAAO,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,EAAE,CAAC;IAC/D,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAA6B;IAClE,MAAM,CAAC,IAAI,CACT,4CAA4C,QAAQ,CAAC,eAAe,CAAC,MAAM,IAAI;QAC7E,gBAAgB,QAAQ,CAAC,iBAAiB,CAAC,MAAM,qBAAqB,QAAQ,CAAC,mBAAmB,CAAC,MAAM,YAAY,CACxH,CAAC;IACF,OAAO,EAAE,GAAG,QAAQ,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;AACxF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA6B;IAS9D,OAAO;QACL,YAAY,EAAE,QAAQ,CAAC,eAAe,CAAC,MAAM;QAC7C,eAAe,EAAE,QAAQ,CAAC,iBAAiB,CAAC,MAAM;QAClD,iBAAiB,EAAE,QAAQ,CAAC,mBAAmB,CAAC,MAAM;QACtD,SAAS,EAAE,QAAQ,CAAC,kBAAkB,CAAC,MAAM;QAC7C,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,eAAe,EAAE,QAAQ,CAAC,eAAe;QACzC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;KAC5C,CAAC;AACJ,CAAC"}