@panguard-ai/panguard 1.4.15 → 1.4.17

package/dist/cli/commands/serve-tc.js

@@ -1,287 +0,0 @@
-/**
- * Threat Cloud route handlers for panguard serve.
- * Uses centralized Zod schemas from @panguard-ai/core for input validation.
- */
-import { sendJson, readRequestBody, requireTCWriteAuth, requireTCAdminAuth, requireJsonContentType, checkTCRateLimit, } from './serve-types.js';
-import { tryValidateInput, ClientIdSchema, ISODateSchema, PaginationLimitSchema, ReputationSchema, ThreatDataSchema, RulePublishSchema, ATRProposalSchema, ATRFeedbackSchema, SkillThreatSchema, SkillWhitelistItemSchema, } from '@panguard-ai/core';
-/** Threat Cloud rate-limited endpoint paths */
-const TC_RATE_LIMITED_PATHS = new Set([
-    '/api/threats',
-    '/api/rules',
-    '/api/stats',
-    '/api/atr-proposals',
-    '/api/atr-feedback',
-    '/api/skill-threats',
-    '/api/atr-rules',
-    '/api/feeds/ip-blocklist',
-    '/api/feeds/domain-blocklist',
-]);
-/**
- * Parse JSON body and validate against a Zod schema.
- * Sends 400 response on failure and returns null.
- */
-async function parseAndValidate(req, res, schema) {
-    const body = await readRequestBody(req);
-    let raw;
-    try {
-        raw = JSON.parse(body);
-    }
-    catch {
-        sendJson(res, 400, { ok: false, error: 'Invalid JSON body' });
-        return null;
-    }
-    const result = tryValidateInput(schema, raw);
-    if (!result.ok) {
-        sendJson(res, 400, { ok: false, error: result.error });
-        return null;
-    }
-    return result.data;
-}
-/**
- * Extract and validate the x-panguard-client-id header.
- * Returns the client ID string or null if invalid/missing.
- */
-function extractClientId(req) {
-    const raw = req.headers['x-panguard-client-id'];
-    if (typeof raw !== 'string')
-        return null;
-    const result = ClientIdSchema.safeParse(raw);
-    return result.success ? result.data : null;
-}
-/**
- * Parse URL search params with standard helpers.
- */
-function parseUrl(url, host) {
-    return new URL(url, `http://${host ?? 'localhost'}`);
-}
-/**
- * Handle Threat Cloud API routes (/api/threats, /api/rules, /api/stats, etc.).
- * Returns true if the route was handled, false otherwise.
- */
-export async function handleTCRoutes(req, res, url, pathname, ctx) {
-    const { threatDb, llmReviewer, db } = ctx;
-    // Only handle TC paths when threatDb is available and path is a TC endpoint
-    if (!threatDb || !pathname.startsWith('/api/'))
-        return false;
-    // Rate limiting for known TC endpoints
-    if (TC_RATE_LIMITED_PATHS.has(pathname)) {
-        const clientIP = req.socket.remoteAddress ?? 'unknown';
-        if (!checkTCRateLimit(clientIP)) {
-            sendJson(res, 429, { ok: false, error: 'Rate limit exceeded. Try again later.' });
-            return true;
-        }
-    }
-    // POST /api/threats - Upload anonymized threat data
-    if (pathname === '/api/threats' && req.method === 'POST') {
-        if (!requireTCWriteAuth(req, res))
-            return true;
-        if (!requireJsonContentType(req, res))
-            return true;
-        const data = await parseAndValidate(req, res, ThreatDataSchema);
-        if (!data)
-            return true;
-        // Anonymize IP (zero last octet)
-        const mutableData = { ...data };
-        const ip = data.attackSourceIP;
-        if (ip.includes('.')) {
-            const parts = ip.split('.');
-            if (parts.length === 4) {
-                parts[3] = '0';
-                mutableData['attackSourceIP'] = parts.join('.');
-            }
-        }
-        threatDb.insertThreat(mutableData);
-        sendJson(res, 201, { ok: true, data: { message: 'Threat data received' } });
-        return true;
-    }
-    // GET /api/rules - Fetch rules (optional ?since= filter, paginated)
-    if (pathname === '/api/rules' && req.method === 'GET') {
-        const urlObj = parseUrl(url, req.headers.host);
-        const rawSince = urlObj.searchParams.get('since');
-        if (rawSince) {
-            const sinceResult = ISODateSchema.safeParse(rawSince);
-            if (!sinceResult.success) {
-                sendJson(res, 400, { ok: false, error: 'Invalid since parameter: must be ISO 8601' });
-                return true;
-            }
-        }
-        const limit = PaginationLimitSchema.parse(urlObj.searchParams.get('limit') ?? '1000');
-        const rules = rawSince ? threatDb.getRulesSince(rawSince) : threatDb.getAllRules(limit);
-        sendJson(res, 200, { ok: true, data: rules });
-        return true;
-    }
-    // POST /api/rules - Publish a new community rule
-    if (pathname === '/api/rules' && req.method === 'POST') {
-        if (!requireTCWriteAuth(req, res))
-            return true;
-        if (!requireJsonContentType(req, res))
-            return true;
-        const rule = await parseAndValidate(req, res, RulePublishSchema);
-        if (!rule)
-            return true;
-        const ruleData = {
-            ...rule,
-            publishedAt: rule.publishedAt || new Date().toISOString(),
-        };
-        threatDb.upsertRule(ruleData);
-        sendJson(res, 201, { ok: true, data: { message: 'Rule published', ruleId: rule.ruleId } });
-        return true;
-    }
-    // GET /api/stats - Threat statistics
-    if (pathname === '/api/stats' && req.method === 'GET') {
-        const stats = threatDb.getStats();
-        sendJson(res, 200, { ok: true, data: stats });
-        return true;
-    }
-    // POST /api/atr-proposals - Submit ATR rule proposal
-    if (pathname === '/api/atr-proposals' && req.method === 'POST') {
-        if (!requireTCWriteAuth(req, res))
-            return true;
-        if (!requireJsonContentType(req, res))
-            return true;
-        const proposal = await parseAndValidate(req, res, ATRProposalSchema);
-        if (!proposal)
-            return true;
-        const clientId = extractClientId(req);
-        const proposalData = { ...proposal, clientId };
-        const pHash = proposal.patternHash;
-        // Check if this pattern already has a proposal - if so, increment confirmation
-        const existing = threatDb
-            .getATRProposals()
-            .find((p) => p['pattern_hash'] === pHash);
-        if (existing) {
-            threatDb.confirmATRProposal(pHash);
-            sendJson(res, 200, {
-                ok: true,
-                data: { message: 'Confirmation recorded', patternHash: pHash },
-            });
-        }
-        else {
-            threatDb.insertATRProposal(proposalData);
-            // Fire-and-forget LLM review on first submission
-            if (llmReviewer?.isAvailable()) {
-                void llmReviewer.reviewProposal(pHash, proposal.ruleContent).catch((err) => {
-                    console.error(`LLM review error for ${pHash}:`, err);
-                });
-            }
-            sendJson(res, 201, {
-                ok: true,
-                data: { message: 'Proposal submitted', patternHash: pHash },
-            });
-        }
-        return true;
-    }
-    // GET /api/atr-proposals - List proposals (admin-only)
-    if (pathname === '/api/atr-proposals' && req.method === 'GET') {
-        if (!requireTCAdminAuth(req, res, db))
-            return true;
-        const urlObj = parseUrl(url, req.headers.host);
-        const status = urlObj.searchParams.get('status') ?? undefined;
-        const proposals = threatDb.getATRProposals(status);
-        sendJson(res, 200, { ok: true, data: proposals });
-        return true;
-    }
-    // POST /api/atr-feedback - Report ATR rule match feedback
-    if (pathname === '/api/atr-feedback' && req.method === 'POST') {
-        if (!requireTCWriteAuth(req, res))
-            return true;
-        if (!requireJsonContentType(req, res))
-            return true;
-        const feedback = await parseAndValidate(req, res, ATRFeedbackSchema);
-        if (!feedback)
-            return true;
-        const cid = extractClientId(req);
-        threatDb.insertATRFeedback(feedback.ruleId, feedback.isTruePositive, cid);
-        sendJson(res, 201, { ok: true, data: { message: 'Feedback recorded' } });
-        return true;
-    }
-    // POST /api/skill-threats - Submit skill audit result
-    if (pathname === '/api/skill-threats' && req.method === 'POST') {
-        if (!requireTCWriteAuth(req, res))
-            return true;
-        if (!requireJsonContentType(req, res))
-            return true;
-        const submission = await parseAndValidate(req, res, SkillThreatSchema);
-        if (!submission)
-            return true;
-        const cid = extractClientId(req);
-        const submissionData = { ...submission, clientId: cid };
-        threatDb.insertSkillThreat(submissionData);
-        sendJson(res, 201, { ok: true, data: { message: 'Skill threat recorded' } });
-        return true;
-    }
-    // GET /api/skill-threats - List skill threats (admin-only)
-    if (pathname === '/api/skill-threats' && req.method === 'GET') {
-        if (!requireTCAdminAuth(req, res, db))
-            return true;
-        const urlObj = parseUrl(url, req.headers.host);
-        const limit = PaginationLimitSchema.parse(urlObj.searchParams.get('limit') ?? '50');
-        const threats = threatDb.getSkillThreats(Math.min(limit, 500));
-        sendJson(res, 200, { ok: true, data: threats });
-        return true;
-    }
-    // GET /api/atr-rules - Fetch confirmed ATR rules (for Guard sync)
-    if (pathname === '/api/atr-rules' && req.method === 'GET') {
-        const urlObj = parseUrl(url, req.headers.host);
-        const since = urlObj.searchParams.get('since') ?? undefined;
-        const rules = threatDb.getConfirmedATRRules(since);
-        sendJson(res, 200, { ok: true, data: rules });
-        return true;
-    }
-    // GET /api/feeds/ip-blocklist - IP blocklist feed (plain text)
-    if (pathname === '/api/feeds/ip-blocklist' && req.method === 'GET') {
-        const urlObj = parseUrl(url, req.headers.host);
-        const minReputation = ReputationSchema.parse(urlObj.searchParams.get('minReputation') ?? '70');
-        const ips = threatDb.getIPBlocklist(minReputation);
-        res.setHeader('Content-Type', 'text/plain');
-        res.writeHead(200);
-        res.end(ips.join('\n'));
-        return true;
-    }
-    // GET /api/feeds/domain-blocklist - Domain blocklist feed (plain text)
-    if (pathname === '/api/feeds/domain-blocklist' && req.method === 'GET') {
-        const urlObj = parseUrl(url, req.headers.host);
-        const minReputation = ReputationSchema.parse(urlObj.searchParams.get('minReputation') ?? '70');
-        const domains = threatDb.getDomainBlocklist(minReputation);
-        res.setHeader('Content-Type', 'text/plain');
-        res.writeHead(200);
-        res.end(domains.join('\n'));
-        return true;
-    }
-    // POST /api/skill-whitelist - Report safe skill (audit passed)
-    if (pathname === '/api/skill-whitelist' && req.method === 'POST') {
-        if (!requireTCWriteAuth(req, res))
-            return true;
-        if (!requireJsonContentType(req, res))
-            return true;
-        const body = await readRequestBody(req);
-        let raw;
-        try {
-            raw = JSON.parse(body);
-        }
-        catch {
-            sendJson(res, 400, { ok: false, error: 'Invalid JSON body' });
-            return true;
-        }
-        const data = raw;
-        const skills = 'skills' in data && Array.isArray(data['skills']) ? data['skills'] : [data];
-        let count = 0;
-        for (const skill of skills) {
-            const result = SkillWhitelistItemSchema.safeParse(skill);
-            if (!result.success)
-                continue;
-            threatDb.reportSafeSkill(result.data.skillName, result.data.fingerprintHash);
-            count++;
-        }
-        sendJson(res, 201, { ok: true, data: { message: `${count} skill(s) reported`, count } });
-        return true;
-    }
-    // GET /api/skill-whitelist - Fetch community whitelist
-    if (pathname === '/api/skill-whitelist' && req.method === 'GET') {
-        const whitelist = threatDb.getSkillWhitelist();
-        sendJson(res, 200, { ok: true, data: whitelist });
-        return true;
-    }
-    return false;
-}
-//# sourceMappingURL=serve-tc.js.map

package/dist/cli/commands/serve-tc.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"serve-tc.js","sourceRoot":"","sources":["../../../src/cli/commands/serve-tc.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EACL,QAAQ,EACR,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,sBAAsB,EACtB,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,mBAAmB,CAAC;AAG3B,+CAA+C;AAC/C,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,cAAc;IACd,YAAY;IACZ,YAAY;IACZ,oBAAoB;IACpB,mBAAmB;IACnB,oBAAoB;IACpB,gBAAgB;IAChB,yBAAyB;IACzB,6BAA6B;CAC9B,CAAC,CAAC;AAEH;;;GAGG;AACH,KAAK,UAAU,gBAAgB,CAC7B,GAAoB,EACpB,GAAmB,EACnB,MAAsB;IAEtB,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,GAAY,CAAC;IACjB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC9D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,GAAoB;IAC3C,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAChD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7C,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,GAAW,EAAE,IAAwB;IACrD,OAAO,IAAI,GAAG,CAAC,GAAG,EAAE,UAAU,IAAI,IAAI,WAAW,EAAE,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAoB,EACpB,GAAmB,EACnB,GAAW,EACX,QAAgB,EAChB,GAAiB;IAEjB,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC;IAE1C,4EAA4E;IAC5E,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAE7D,uCAAuC;IACvC,IAAI,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;QACvD,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC,CAAC;YAClF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,IAAI,QAAQ,KAAK,cAAc,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACzD,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAChE,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,iCAAiC;QACjC,MAAM,WAAW,GAA4B,EAAE,GAAG,IAAI,EAAE,CAAC;QACzD,MAAM,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC;QAC/B,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;gBACf,WAAW,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QACD,QAAQ,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QACnC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,EAAE,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oEAAoE;IACpE,IAAI,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACtD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACtD,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAC,CAAC;gBACtF,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,CAAC;QACtF,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACxF,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iDAAiD;IACjD,IAAI,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACvD,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,MAAM,QAAQ,GAA4B;YACxC,GAAG,IAAI;YACP,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SAC1D,CAAC;QACF,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC9B,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3F,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qCAAqC;IACrC,IAAI,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAClC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qDAAqD;IACrD,IAAI,QAAQ,KAAK,oBAAoB,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE3B,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACtC,MAAM,YAAY,GAA4B,EAAE,GAAG,QAAQ,EAAE,QAAQ,EAAE,CAAC;QACxE,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,CAAC;QAEnC,+EAA+E;QAC/E,MAAM,QAAQ,GAAG,QAAQ;aACtB,eAAe,EAAE;aACjB,IAAI,CAAC,CAAC,CAA0B,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,CAAC;QACrE,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;YACnC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;gBACjB,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,EAAE,OAAO,EAAE,uBAAuB,EAAE,WAAW,EAAE,KAAK,EAAE;aAC/D,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;YACzC,iDAAiD;YACjD,IAAI,WAAW,EAAE,WAAW,EAAE,EAAE,CAAC;gBAC/B,KAAK,WAAW,CAAC,cAAc,CAAC,KAAK,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;oBAClF,OAAO,CAAC,KAAK,CAAC,wBAAwB,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC;gBACvD,CAAC,CAAC,CAAC;YACL,CAAC;YACD,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;gBACjB,EAAE,EAAE,IAAI;gBACR,IAAI,EAAE,EAAE,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,KAAK,EAAE;aAC5D,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IACvD,IAAI,QAAQ,KAAK,oBAAoB,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC9D,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;QAC9D,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QACnD,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0DAA0D;IAC1D,IAAI,QAAQ,KAAK,mBAAmB,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC9D,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE3B,MAAM,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACjC,QAAQ,CAAC,iBAAiB,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QAC1E,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE,EAAE,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sDAAsD;IACtD,IAAI,QAAQ,KAAK,oBAAoB,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/D,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAC;QACvE,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAE7B,MAAM,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,cAAc,GAA4B,EAAE,GAAG,UAAU,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;QACjF,QAAQ,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;QAC3C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,uBAAuB,EAAE,EAAE,CAAC,CAAC;QAC7E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2DAA2D;IAC3D,IAAI,QAAQ,KAAK,oBAAoB,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC9D,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC;QACpF,MAAM,OAAO,GAAG,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/D,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kEAAkE;IAClE,IAAI,QAAQ,KAAK,gBAAgB,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;QAC5D,MAAM,KAAK,GAAG,QAAQ,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QACnD,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+DAA+D;IAC/D,IAAI,QAAQ,KAAK,yBAAyB,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACnE,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,CAAC;QAC/F,MAAM,GAAG,GAAG,QAAQ,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QACnD,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAC5C,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uEAAuE;IACvE,IAAI,QAAQ,KAAK,6BAA6B,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACvE,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,CAAC;QAC/F,MAAM,OAAO,GAAG,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAC3D,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAC5C,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+DAA+D;IAC/D,IAAI,QAAQ,KAAK,sBAAsB,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACjE,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAC/C,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,GAA8B,CAAC;QAC5C,MAAM,MAAM,GACV,QAAQ,IAAI,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,QAAQ,CAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAE7F,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,wBAAwB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YACzD,IAAI,CAAC,MAAM,CAAC,OAAO;gBAAE,SAAS;YAC9B,QAAQ,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC7E,KAAK,EAAE,CAAC;QACV,CAAC;QACD,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,KAAK,oBAAoB,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACzF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IACvD,IAAI,QAAQ,KAAK,sBAAsB,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAChE,MAAM,SAAS,GAAG,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QAC/C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/cli/commands/serve-types.d.ts

@@ -1,38 +0,0 @@
-/**
- * Shared types, helpers and middleware for serve sub-modules.
- */
-import type { IncomingMessage, ServerResponse } from 'node:http';
-import type { AuthDB } from '@panguard-ai/panguard-auth';
-import type { ManagerProxy } from '@panguard-ai/panguard-auth';
-import type { createAuthHandlers } from '@panguard-ai/panguard-auth';
-export type ThreatCloudDBInstance = any;
-export type LLMReviewerInstance = any;
-/** Context passed to every route handler module */
-export interface RouteContext {
-    readonly handlers: ReturnType<typeof createAuthHandlers>;
-    readonly db: AuthDB;
-    readonly adminDir: string | undefined;
-    readonly managerProxy: ManagerProxy;
-    readonly threatDb: ThreatCloudDBInstance;
-    readonly llmReviewer: LLMReviewerInstance;
-}
-export declare function sendJson(res: ServerResponse, status: number, data: unknown): void;
-/** Read request body with 1MB size limit */
-export declare function readRequestBody(req: IncomingMessage): Promise<string>;
-/** Timing-safe string comparison to prevent side-channel attacks */
-export declare function timingSafeCompare(a: string, b: string): boolean;
-/**
- * Require TC_API_KEY auth for write endpoints.
- * In production: BLOCK if TC_API_KEY not set (refuse unauthenticated writes).
- * In dev: allow passthrough with warning.
- */
-export declare function requireTCWriteAuth(req: IncomingMessage, res: ServerResponse): boolean;
-/**
- * Require admin session auth for admin-only GET endpoints.
- * Verifies the Bearer token is a valid session with admin role.
- */
-export declare function requireTCAdminAuth(req: IncomingMessage, res: ServerResponse, db: AuthDB): boolean;
-/** Validate Content-Type is application/json for POST requests */
-export declare function requireJsonContentType(req: IncomingMessage, res: ServerResponse): boolean;
-export declare function checkTCRateLimit(ip: string): boolean;
-//# sourceMappingURL=serve-types.d.ts.map

package/dist/cli/commands/serve-types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"serve-types.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/serve-types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAEzD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAIrE,MAAM,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAExC,MAAM,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEtC,mDAAmD;AACnD,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;IACzD,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;IACtC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC;IACzC,QAAQ,CAAC,WAAW,EAAE,mBAAmB,CAAC;CAC3C;AAID,wBAAgB,QAAQ,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI,CAGjF;AAID,4CAA4C;AAC5C,wBAAgB,eAAe,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAkBrE;AAID,oEAAoE;AACpE,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAW/D;AAID;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAmBrF;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAWjG;AAED,kEAAkE;AAClE,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAOzF;AAOD,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CASpD"}

package/dist/cli/commands/serve-types.js

@@ -1,108 +0,0 @@
-/**
- * Shared types, helpers and middleware for serve sub-modules.
- */
-import { authenticateRequest, requireAdmin } from '@panguard-ai/panguard-auth';
-// ── JSON Response ──────────────────────────────────────────────
-export function sendJson(res, status, data) {
-    res.writeHead(status, { 'Content-Type': 'application/json' });
-    res.end(JSON.stringify(data));
-}
-// ── Request Body Reader ────────────────────────────────────────
-/** Read request body with 1MB size limit */
-export function readRequestBody(req) {
-    return new Promise((resolve, reject) => {
-        const chunks = [];
-        let size = 0;
-        const MAX_BODY = 1_048_576; // 1MB
-        req.on('data', (chunk) => {
-            size += chunk.length;
-            if (size > MAX_BODY) {
-                req.destroy();
-                reject(new Error('Request body too large'));
-                return;
-            }
-            chunks.push(chunk);
-        });
-        req.on('end', () => resolve(Buffer.concat(chunks).toString('utf-8')));
-        req.on('error', reject);
-    });
-}
-// ── Timing-safe Comparison ─────────────────────────────────────
-/** Timing-safe string comparison to prevent side-channel attacks */
-export function timingSafeCompare(a, b) {
-    // eslint-disable-next-line @typescript-eslint/no-require-imports
-    const { timingSafeEqual } = require('node:crypto');
-    const ab = Buffer.from(a);
-    const bb = Buffer.from(b);
-    if (ab.length !== bb.length) {
-        // Compare against self to maintain constant time
-        timingSafeEqual(ab, ab);
-        return false;
-    }
-    return timingSafeEqual(ab, bb);
-}
-// ── Threat Cloud Auth Helpers ──────────────────────────────────
-/**
- * Require TC_API_KEY auth for write endpoints.
- * In production: BLOCK if TC_API_KEY not set (refuse unauthenticated writes).
- * In dev: allow passthrough with warning.
- */
-export function requireTCWriteAuth(req, res) {
-    const tcApiKey = process.env['TC_API_KEY'];
-    if (!tcApiKey) {
-        if (process.env['NODE_ENV'] === 'production') {
-            sendJson(res, 503, {
-                ok: false,
-                error: 'Threat Cloud write API not configured (TC_API_KEY missing)',
-            });
-            return false;
-        }
-        return true; // dev passthrough
-    }
-    const authHeader = req.headers.authorization ?? '';
-    const token = authHeader.replace('Bearer ', '');
-    if (!timingSafeCompare(token, tcApiKey)) {
-        sendJson(res, 401, { ok: false, error: 'Invalid API key' });
-        return false;
-    }
-    return true;
-}
-/**
- * Require admin session auth for admin-only GET endpoints.
- * Verifies the Bearer token is a valid session with admin role.
- */
-export function requireTCAdminAuth(req, res, db) {
-    const user = authenticateRequest(req, db);
-    if (!user) {
-        sendJson(res, 401, { ok: false, error: 'Authentication required' });
-        return false;
-    }
-    if (!requireAdmin(user)) {
-        sendJson(res, 403, { ok: false, error: 'Admin access required' });
-        return false;
-    }
-    return true;
-}
-/** Validate Content-Type is application/json for POST requests */
-export function requireJsonContentType(req, res) {
-    const ct = req.headers['content-type'] ?? '';
-    if (!ct.includes('application/json')) {
-        sendJson(res, 400, { ok: false, error: 'Content-Type must be application/json' });
-        return false;
-    }
-    return true;
-}
-// ── Rate Limiter ───────────────────────────────────────────────
-/** Per-IP rate limiter for Threat Cloud endpoints (120 req/min) */
-const tcRateLimits = new Map();
-export function checkTCRateLimit(ip) {
-    const now = Date.now();
-    const entry = tcRateLimits.get(ip);
-    if (!entry || now > entry.resetAt) {
-        tcRateLimits.set(ip, { count: 1, resetAt: now + 60_000 });
-        return true;
-    }
-    entry.count++;
-    return entry.count <= 120;
-}
-//# sourceMappingURL=serve-types.js.map

package/dist/cli/commands/serve-types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"serve-types.js","sourceRoot":"","sources":["../../../src/cli/commands/serve-types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAoB/E,kEAAkE;AAElE,MAAM,UAAU,QAAQ,CAAC,GAAmB,EAAE,MAAc,EAAE,IAAa;IACzE,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC9D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,kEAAkE;AAElE,4CAA4C;AAC5C,MAAM,UAAU,eAAe,CAAC,GAAoB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,MAAM;QAElC,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,IAAI,IAAI,KAAK,CAAC,MAAM,CAAC;YACrB,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;gBACpB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;gBAC5C,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACtE,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,kEAAkE;AAElE,oEAAoE;AACpE,MAAM,UAAU,iBAAiB,CAAC,CAAS,EAAE,CAAS;IACpD,iEAAiE;IACjE,MAAM,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,aAAa,CAAiC,CAAC;IACnF,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM,EAAE,CAAC;QAC5B,iDAAiD;QACjD,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,kEAAkE;AAElE;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAoB,EAAE,GAAmB;IAC1E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;YAC7C,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE;gBACjB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,4DAA4D;aACpE,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC,CAAC,kBAAkB;IACjC,CAAC;IACD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;IACnD,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAChD,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,CAAC;QACxC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAU;IACtF,MAAM,IAAI,GAAG,mBAAmB,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;QACpE,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,sBAAsB,CAAC,GAAoB,EAAE,GAAmB;IAC9E,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IAC7C,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACrC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC,CAAC;QAClF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,kEAAkE;AAElE,mEAAmE;AACnE,MAAM,YAAY,GAAG,IAAI,GAAG,EAA8C,CAAC;AAE3E,MAAM,UAAU,gBAAgB,CAAC,EAAU;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACnC,IAAI,CAAC,KAAK,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;QAClC,YAAY,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,EAAE,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC,KAAK,IAAI,GAAG,CAAC;AAC5B,CAAC"}

package/dist/cli/commands/serve.d.ts

@@ -1,14 +0,0 @@
-/**
- * panguard serve - Unified HTTP server gateway
- *
- * Serves auth API, admin API, admin dashboard UI, and health check.
- * Route handling is delegated to focused sub-modules:
- *   serve-core.ts  -- middleware, health, static files, rule seeding
- *   serve-auth.ts  -- auth, waitlist, usage routes
- *   serve-admin.ts -- admin dashboard + manager proxy routes
- *   serve-tc.ts    -- Threat Cloud API routes
- *   serve-types.ts -- shared types and utilities
- */
-import { Command } from 'commander';
-export declare function serveCommand(): Command;
-//# sourceMappingURL=serve.d.ts.map

package/dist/cli/commands/serve.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"serve.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/serve.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA2CpC,wBAAgB,YAAY,IAAI,OAAO,CA+XtC"}