@panguard-ai/panguard 1.4.15 → 1.4.17

package/dist/cli/commands/serve-auth.js

@@ -1,119 +0,0 @@
-/**
- * Auth, waitlist, and usage route handlers for panguard serve.
- */
-/**
- * Handle auth API routes (/api/auth/*, /api/waitlist/*, /api/usage/*).
- * Returns true if the route was handled, false otherwise.
- */
-export async function handleAuthRoutes(req, res, url, pathname, ctx) {
-    const { handlers } = ctx;
-    // ── Auth API routes ──────────────────────────────────────────
-    if (pathname === '/api/auth/register') {
-        await handlers.handleRegister(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/login') {
-        await handlers.handleLogin(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/logout') {
-        handlers.handleLogout(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/me') {
-        handlers.handleMe(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/delete-account') {
-        await handlers.handleDeleteAccount(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/export-data') {
-        handlers.handleExportData(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/totp/setup') {
-        handlers.handleTotpSetup(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/totp/verify') {
-        await handlers.handleTotpVerify(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/totp/disable') {
-        await handlers.handleTotpDisable(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/totp/status') {
-        handlers.handleTotpStatus(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/forgot-password') {
-        await handlers.handleForgotPassword(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/reset-password') {
-        await handlers.handleResetPassword(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/google') {
-        handlers.handleGoogleAuth(req, res);
-        return true;
-    }
-    if (pathname.startsWith('/api/auth/google/callback')) {
-        const urlObj = new URL(url, `http://${req.headers.host ?? 'localhost'}`);
-        const code = urlObj.searchParams.get('code') ?? '';
-        const state = urlObj.searchParams.get('state');
-        await handlers.handleGoogleCallback(req, res, code, state);
-        return true;
-    }
-    if (pathname === '/api/auth/oauth/exchange') {
-        await handlers.handleOAuthExchange(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/cli') {
-        handlers.handleCliAuth(req, res);
-        return true;
-    }
-    if (pathname === '/api/auth/cli/exchange') {
-        await handlers.handleCliExchange(req, res);
-        return true;
-    }
-    // ── Waitlist API routes ──────────────────────────────────────
-    if (pathname === '/api/waitlist/join') {
-        await handlers.handleWaitlistJoin(req, res);
-        return true;
-    }
-    if (pathname.startsWith('/api/waitlist/verify/')) {
-        const token = pathname.split('/api/waitlist/verify/')[1];
-        handlers.handleWaitlistVerify(req, res, token ?? '');
-        return true;
-    }
-    if (pathname === '/api/waitlist/stats') {
-        handlers.handleWaitlistStats(req, res);
-        return true;
-    }
-    if (pathname === '/api/waitlist/list') {
-        handlers.handleWaitlistList(req, res);
-        return true;
-    }
-    // ── Usage / Quota API routes ─────────────────────────────────
-    if (pathname === '/api/usage') {
-        handlers.handleUsageSummary(req, res);
-        return true;
-    }
-    if (pathname === '/api/usage/limits') {
-        handlers.handleUsageLimits(req, res);
-        return true;
-    }
-    if (pathname === '/api/usage/check') {
-        await handlers.handleUsageCheck(req, res);
-        return true;
-    }
-    if (pathname === '/api/usage/record') {
-        await handlers.handleUsageRecord(req, res);
-        return true;
-    }
-    return false;
-}
-//# sourceMappingURL=serve-auth.js.map

package/dist/cli/commands/serve-auth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"serve-auth.js","sourceRoot":"","sources":["../../../src/cli/commands/serve-auth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,GAAoB,EACpB,GAAmB,EACnB,GAAW,EACX,QAAgB,EAChB,GAAiB;IAEjB,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC;IAEzB,gEAAgE;IAEhE,IAAI,QAAQ,KAAK,oBAAoB,EAAE,CAAC;QACtC,MAAM,QAAQ,CAAC,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;QACnC,MAAM,QAAQ,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QACpC,QAAQ,CAAC,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;QAChC,QAAQ,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,0BAA0B,EAAE,CAAC;QAC5C,MAAM,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,uBAAuB,EAAE,CAAC;QACzC,QAAQ,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,sBAAsB,EAAE,CAAC;QACxC,QAAQ,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,uBAAuB,EAAE,CAAC;QACzC,MAAM,QAAQ,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,wBAAwB,EAAE,CAAC;QAC1C,MAAM,QAAQ,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,uBAAuB,EAAE,CAAC;QACzC,QAAQ,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,2BAA2B,EAAE,CAAC;QAC7C,MAAM,QAAQ,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,0BAA0B,EAAE,CAAC;QAC5C,MAAM,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QACpC,QAAQ,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,CAAC,UAAU,CAAC,2BAA2B,CAAC,EAAE,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,QAAQ,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,0BAA0B,EAAE,CAAC;QAC5C,MAAM,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;QACjC,QAAQ,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,wBAAwB,EAAE,CAAC;QAC1C,MAAM,QAAQ,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gEAAgE;IAEhE,IAAI,QAAQ,KAAK,oBAAoB,EAAE,CAAC;QACtC,MAAM,QAAQ,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC;QACzD,QAAQ,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,qBAAqB,EAAE,CAAC;QACvC,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAoB,EAAE,CAAC;QACtC,QAAQ,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gEAAgE;IAEhE,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC9B,QAAQ,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;QACrC,QAAQ,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QACpC,MAAM,QAAQ,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;QACrC,MAAM,QAAQ,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/cli/commands/serve-core.d.ts

@@ -1,25 +0,0 @@
-/**
- * Core middleware, health check, static file serving, and rule seeding
- * for panguard serve.
- */
-import type { IncomingMessage, ServerResponse } from 'node:http';
-import type { ThreatCloudDBInstance } from './serve-types.js';
-/**
- * Apply security headers and CORS to every response.
- * Returns true if the request was fully handled (OPTIONS preflight).
- */
-export declare function applyMiddleware(req: IncomingMessage, res: ServerResponse): boolean;
-/**
- * Handle core routes: /health, /openapi.json, /docs/api, /admin/*.
- * Returns true if the route was handled, false otherwise.
- */
-export declare function handleCoreRoutes(req: IncomingMessage, res: ServerResponse, pathname: string, db: {
-    healthCheck(): void;
-}, threatDb: ThreatCloudDBInstance, adminDir: string | undefined): boolean;
-/**
- * Seed rules from bundled config/ directory into Threat Cloud DB.
- * Reads ATR YAML files.
- * Returns count of rules seeded.
- */
-export declare function seedRulesFromBundled(threatDb: ThreatCloudDBInstance): Promise<number>;
-//# sourceMappingURL=serve-core.d.ts.map

package/dist/cli/commands/serve-core.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"serve-core.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/serve-core.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAMjE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAK9D;;;GAGG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CA8BlF;AAID;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,QAAQ,EAAE,MAAM,EAChB,EAAE,EAAE;IAAE,WAAW,IAAI,IAAI,CAAA;CAAE,EAC3B,QAAQ,EAAE,qBAAqB,EAC/B,QAAQ,EAAE,MAAM,GAAG,SAAS,GAC3B,OAAO,CAgDT;AA2DD;;;;GAIG;AACH,wBAAsB,oBAAoB,CAAC,QAAQ,EAAE,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,CAqF3F"}

package/dist/cli/commands/serve-core.js

@@ -1,215 +0,0 @@
-/**
- * Core middleware, health check, static file serving, and rule seeding
- * for panguard serve.
- */
-import { join, dirname, resolve, relative } from 'node:path';
-import { existsSync, readFileSync, readdirSync, statSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
-import { c } from '@panguard-ai/core';
-import { generateOpenApiSpec, generateSwaggerHtml } from '@panguard-ai/panguard-auth';
-import { sendJson } from './serve-types.js';
-// ── Security Headers & CORS Middleware ─────────────────────────
-/**
- * Apply security headers and CORS to every response.
- * Returns true if the request was fully handled (OPTIONS preflight).
- */
-export function applyMiddleware(req, res) {
-    // Security headers
-    res.setHeader('X-Content-Type-Options', 'nosniff');
-    res.setHeader('X-Frame-Options', 'SAMEORIGIN');
-    res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
-    res.setHeader('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');
-    res.setHeader('X-XSS-Protection', '0');
-    if (process.env['NODE_ENV'] === 'production') {
-        res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
-    }
-    // CORS -- default to same-origin only; set CORS_ALLOWED_ORIGINS to allow cross-origin
-    const corsEnv = process.env['CORS_ALLOWED_ORIGINS'] ?? '';
-    const allowedOrigins = corsEnv ? corsEnv.split(',').map((o) => o.trim()) : [];
-    const origin = req.headers.origin ?? '';
-    if (allowedOrigins.includes('*') && process.env['NODE_ENV'] !== 'production') {
-        res.setHeader('Access-Control-Allow-Origin', origin || '*');
-    }
-    else if (origin && allowedOrigins.includes(origin)) {
-        res.setHeader('Access-Control-Allow-Origin', origin);
-    }
-    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PATCH, DELETE, OPTIONS');
-    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
-    if (req.method === 'OPTIONS') {
-        res.writeHead(204);
-        res.end();
-        return true;
-    }
-    return false;
-}
-// ── Core Routes (health, OpenAPI, static) ──────────────────────
-/**
- * Handle core routes: /health, /openapi.json, /docs/api, /admin/*.
- * Returns true if the route was handled, false otherwise.
- */
-export function handleCoreRoutes(req, res, pathname, db, threatDb, adminDir) {
-    // OpenAPI spec (JSON)
-    if (pathname === '/openapi.json') {
-        const spec = generateOpenApiSpec(process.env['PANGUARD_BASE_URL'] ?? `http://${req.headers.host ?? 'localhost'}`);
-        sendJson(res, 200, spec);
-        return true;
-    }
-    // Swagger UI
-    if (pathname === '/docs/api' || pathname === '/docs/api/') {
-        const specUrl = '/openapi.json';
-        const html = generateSwaggerHtml(specUrl);
-        res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
-        res.end(html);
-        return true;
-    }
-    // Health check (minimal public response -- detailed status behind /api/admin/health)
-    if (pathname === '/health') {
-        try {
-            db.healthCheck();
-            sendJson(res, 200, {
-                ok: true,
-                data: {
-                    status: 'healthy',
-                    uptime: Math.round(process.uptime()),
-                    db: 'connected',
-                    threatCloud: threatDb ? 'connected' : 'unavailable',
-                },
-            });
-        }
-        catch {
-            sendJson(res, 503, {
-                ok: false,
-                data: { status: 'unhealthy', db: 'disconnected' },
-            });
-        }
-        return true;
-    }
-    // Admin static files
-    if (adminDir && pathname.startsWith('/admin')) {
-        serveStaticFile(req, res, adminDir, pathname);
-        return true;
-    }
-    return false;
-}
-// ── Static File Serving ────────────────────────────────────────
-function serveStaticFile(_req, res, adminDir, pathname) {
-    // Map /admin -> /admin/index.html
-    const resolvedAdminDir = resolve(adminDir);
-    let filePath;
-    if (pathname === '/admin' || pathname === '/admin/') {
-        filePath = join(resolvedAdminDir, 'index.html');
-    }
-    else {
-        // Strip /admin prefix and leading slash
-        const relativePath = pathname.slice('/admin'.length).replace(/^\//, '');
-        filePath = join(resolvedAdminDir, relativePath);
-        // If no extension, try .html
-        if (!relativePath.includes('.')) {
-            filePath = join(resolvedAdminDir, relativePath + '.html');
-            if (!existsSync(filePath)) {
-                filePath = join(resolvedAdminDir, relativePath, 'index.html');
-            }
-        }
-    }
-    // Prevent path traversal: resolved path must be within admin directory
-    if (!filePath.startsWith(resolvedAdminDir)) {
-        sendJson(res, 403, { ok: false, error: 'Forbidden' });
-        return;
-    }
-    if (!existsSync(filePath)) {
-        sendJson(res, 404, { ok: false, error: 'Not found' });
-        return;
-    }
-    const ext = filePath.split('.').pop() ?? '';
-    const mimeTypes = {
-        html: 'text/html',
-        css: 'text/css',
-        js: 'application/javascript',
-        json: 'application/json',
-        png: 'image/png',
-        svg: 'image/svg+xml',
-        ico: 'image/x-icon',
-    };
-    const contentType = mimeTypes[ext] ?? 'application/octet-stream';
-    const content = readFileSync(filePath);
-    res.writeHead(200, { 'Content-Type': contentType });
-    res.end(content);
-}
-// ── Rule Seeding ───────────────────────────────────────────────
-/**
- * Seed rules from bundled config/ directory into Threat Cloud DB.
- * Reads ATR YAML files.
- * Returns count of rules seeded.
- */
-export async function seedRulesFromBundled(threatDb) {
-    let seeded = 0;
-    const now = new Date().toISOString();
-    // Resolve config directory (Docker: /app/config, monorepo: ../../config)
-    const configDirs = [
-        join(process.cwd(), 'config'),
-        join(dirname(fileURLToPath(import.meta.url)), '..', '..', '..', '..', '..', 'config'),
-    ];
-    const configDir = configDirs.find((d) => {
-        try {
-            return statSync(d).isDirectory();
-        }
-        catch {
-            return false;
-        }
-    });
-    if (!configDir) {
-        console.log(`  ${c.dim('  No config/ directory found -- skipping rule seeding')}`);
-        console.log(`  ${c.dim(`  Searched: ${configDirs.join(', ')}`)}`);
-        return 0;
-    }
-    console.log(`  ${c.dim(`  Using config directory: ${configDir}`)}`);
-    /** Recursively collect files matching extensions */
-    function collectFiles(dir, extensions) {
-        const results = [];
-        try {
-            for (const entry of readdirSync(dir, { withFileTypes: true })) {
-                const fullPath = join(dir, entry.name);
-                if (entry.isDirectory()) {
-                    results.push(...collectFiles(fullPath, extensions));
-                }
-                else if (extensions.some((ext) => entry.name.endsWith(ext))) {
-                    results.push(fullPath);
-                }
-            }
-        }
-        catch (err) {
-            console.error(`  [WARN] Cannot read directory ${dir}: ${err instanceof Error ? err.message : String(err)}`);
-        }
-        return results;
-    }
-    // ATR rules (.yaml, .yml) from atr package
-    const atrDirs = [
-        join(process.cwd(), 'node_modules', 'agent-threat-rules', 'rules'),
-        join(dirname(fileURLToPath(import.meta.url)), '..', '..', '..', '..', '..', 'packages', 'atr', 'rules'),
-    ];
-    const atrDir = atrDirs.find((d) => {
-        try {
-            return statSync(d).isDirectory();
-        }
-        catch {
-            return false;
-        }
-    });
-    if (atrDir) {
-        try {
-            const atrFiles = collectFiles(atrDir, ['.yaml', '.yml']);
-            for (const file of atrFiles) {
-                const content = readFileSync(file, 'utf-8');
-                const ruleId = `atr:${relative(atrDir, file).replace(/\//g, ':')}`;
-                threatDb.upsertRule({ ruleId, ruleContent: content, publishedAt: now, source: 'atr' });
-                seeded++;
-            }
-            console.log(`  ${c.dim(`  ATR: ${atrFiles.length} files processed`)}`);
-        }
-        catch (err) {
-            console.error(`  [WARN] ATR rule seeding failed: ${err instanceof Error ? err.message : String(err)}`);
-        }
-    }
-    return seeded;
-}
-//# sourceMappingURL=serve-core.js.map

package/dist/cli/commands/serve-core.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"serve-core.js","sourceRoot":"","sources":["../../../src/cli/commands/serve-core.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,CAAC,EAAE,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEtF,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,kEAAkE;AAElE;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,GAAoB,EAAE,GAAmB;IACvE,mBAAmB;IACnB,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAC;IACnD,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;IAC/C,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,iCAAiC,CAAC,CAAC;IACpE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,0CAA0C,CAAC,CAAC;IAChF,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;IACvC,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;QAC7C,GAAG,CAAC,SAAS,CAAC,2BAA2B,EAAE,8CAA8C,CAAC,CAAC;IAC7F,CAAC;IAED,sFAAsF;IACtF,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAC;IAC1D,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9E,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;IACxC,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;QAC7E,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,MAAM,IAAI,GAAG,CAAC,CAAC;IAC9D,CAAC;SAAM,IAAI,MAAM,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACrD,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;IACvD,CAAC;IACD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,mCAAmC,CAAC,CAAC;IACnF,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,6BAA6B,CAAC,CAAC;IAE7E,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC7B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,kEAAkE;AAElE;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAAoB,EACpB,GAAmB,EACnB,QAAgB,EAChB,EAA2B,EAC3B,QAA+B,EAC/B,QAA4B;IAE5B,sBAAsB;IACtB,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,mBAAmB,CAC9B,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,EAAE,CAChF,CAAC;QACF,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,aAAa;IACb,IAAI,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAG,eAAe,CAAC;QAChC,MAAM,IAAI,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC1C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;QACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qFAAqF;IACrF,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,EAAE,CAAC,WAAW,EAAE,CAAC;YACjB,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;gBACjB,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE;oBACJ,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACpC,EAAE,EAAE,WAAW;oBACf,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa;iBACpD;aACF,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;gBACjB,EAAE,EAAE,KAAK;gBACT,IAAI,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE,cAAc,EAAE;aAClD,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qBAAqB;IACrB,IAAI,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9C,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,kEAAkE;AAElE,SAAS,eAAe,CACtB,IAAqB,EACrB,GAAmB,EACnB,QAAgB,EAChB,QAAgB;IAEhB,kCAAkC;IAClC,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,QAAgB,CAAC;IACrB,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QACpD,QAAQ,GAAG,IAAI,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC;IAClD,CAAC;SAAM,CAAC;QACN,wCAAwC;QACxC,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACxE,QAAQ,GAAG,IAAI,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC;QAEhD,6BAA6B;QAC7B,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,QAAQ,GAAG,IAAI,CAAC,gBAAgB,EAAE,YAAY,GAAG,OAAO,CAAC,CAAC;YAC1D,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,QAAQ,GAAG,IAAI,CAAC,gBAAgB,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC3C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IAC5C,MAAM,SAAS,GAA2B;QACxC,IAAI,EAAE,WAAW;QACjB,GAAG,EAAE,UAAU;QACf,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,kBAAkB;QACxB,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,eAAe;QACpB,GAAG,EAAE,cAAc;KACpB,CAAC;IAEF,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,0BAA0B,CAAC;IACjE,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACvC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;IACpD,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACnB,CAAC;AAED,kEAAkE;AAElE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,QAA+B;IACxE,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,yEAAyE;IACzE,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC;QAC7B,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC;KACtF,CAAC;IACF,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;QACtC,IAAI,CAAC;YACH,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,uDAAuD,CAAC,EAAE,CAAC,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,eAAe,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAClE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,6BAA6B,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;IAEpE,oDAAoD;IACpD,SAAS,YAAY,CAAC,GAAW,EAAE,UAAoB;QACrD,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;gBAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;oBACxB,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;gBACtD,CAAC;qBAAM,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;oBAC9D,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,OAAO,CAAC,KAAK,CACX,kCAAkC,GAAG,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC7F,CAAC;QACJ,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,2CAA2C;IAC3C,MAAM,OAAO,GAAG;QACd,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,oBAAoB,EAAE,OAAO,CAAC;QAClE,IAAI,CACF,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvC,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,UAAU,EACV,KAAK,EACL,OAAO,CACR;KACF,CAAC;IACF,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;QAChC,IAAI,CAAC;YACH,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;YACzD,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC5C,MAAM,MAAM,GAAG,OAAO,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;gBACnE,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;gBACvF,MAAM,EAAE,CAAC;YACX,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,UAAU,QAAQ,CAAC,MAAM,kBAAkB,CAAC,EAAE,CAAC,CAAC;QACzE,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,OAAO,CAAC,KAAK,CACX,qCAAqC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACxF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/cli/commands/serve-tc.d.ts

@@ -1,12 +0,0 @@
-/**
- * Threat Cloud route handlers for panguard serve.
- * Uses centralized Zod schemas from @panguard-ai/core for input validation.
- */
-import type { IncomingMessage, ServerResponse } from 'node:http';
-import type { RouteContext } from './serve-types.js';
-/**
- * Handle Threat Cloud API routes (/api/threats, /api/rules, /api/stats, etc.).
- * Returns true if the route was handled, false otherwise.
- */
-export declare function handleTCRoutes(req: IncomingMessage, res: ServerResponse, url: string, pathname: string, ctx: RouteContext): Promise<boolean>;
-//# sourceMappingURL=serve-tc.d.ts.map

package/dist/cli/commands/serve-tc.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"serve-tc.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/serve-tc.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAgFrD;;;GAGG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,YAAY,GAChB,OAAO,CAAC,OAAO,CAAC,CAoOlB"}