@panguard-ai/panguard 1.5.4 → 1.5.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/auth-guard.d.ts +58 -2
- package/dist/cli/auth-guard.d.ts.map +1 -1
- package/dist/cli/auth-guard.js +96 -2
- package/dist/cli/auth-guard.js.map +1 -1
- package/dist/cli/commands/audit.d.ts.map +1 -1
- package/dist/cli/commands/audit.js +45 -6
- package/dist/cli/commands/audit.js.map +1 -1
- package/dist/cli/commands/doctor.d.ts.map +1 -1
- package/dist/cli/commands/doctor.js +25 -31
- package/dist/cli/commands/doctor.js.map +1 -1
- package/dist/cli/commands/login.d.ts +19 -3
- package/dist/cli/commands/login.d.ts.map +1 -1
- package/dist/cli/commands/login.js +181 -9
- package/dist/cli/commands/login.js.map +1 -1
- package/dist/cli/commands/logout.d.ts +13 -3
- package/dist/cli/commands/logout.d.ts.map +1 -1
- package/dist/cli/commands/logout.js +63 -8
- package/dist/cli/commands/logout.js.map +1 -1
- package/dist/cli/commands/report.d.ts +27 -2
- package/dist/cli/commands/report.d.ts.map +1 -1
- package/dist/cli/commands/report.js +698 -45
- package/dist/cli/commands/report.js.map +1 -1
- package/dist/cli/commands/scan.d.ts.map +1 -1
- package/dist/cli/commands/scan.js +21 -1
- package/dist/cli/commands/scan.js.map +1 -1
- package/dist/cli/commands/sensor.d.ts +17 -0
- package/dist/cli/commands/sensor.d.ts.map +1 -0
- package/dist/cli/commands/sensor.js +183 -0
- package/dist/cli/commands/sensor.js.map +1 -0
- package/dist/cli/commands/setup.d.ts.map +1 -1
- package/dist/cli/commands/setup.js +8 -5
- package/dist/cli/commands/setup.js.map +1 -1
- package/dist/cli/commands/status.js +22 -5
- package/dist/cli/commands/status.js.map +1 -1
- package/dist/cli/commands/trap.d.ts +6 -2
- package/dist/cli/commands/trap.d.ts.map +1 -1
- package/dist/cli/commands/trap.js +71 -46
- package/dist/cli/commands/trap.js.map +1 -1
- package/dist/cli/commands/up.d.ts.map +1 -1
- package/dist/cli/commands/up.js +53 -2
- package/dist/cli/commands/up.js.map +1 -1
- package/dist/cli/commands/whoami.d.ts +30 -2
- package/dist/cli/commands/whoami.d.ts.map +1 -1
- package/dist/cli/commands/whoami.js +109 -16
- package/dist/cli/commands/whoami.js.map +1 -1
- package/dist/cli/device-flow.d.ts +72 -0
- package/dist/cli/device-flow.d.ts.map +1 -0
- package/dist/cli/device-flow.js +126 -0
- package/dist/cli/device-flow.js.map +1 -0
- package/dist/cli/index.js +17 -5
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/interactive/actions/misc.d.ts.map +1 -1
- package/dist/cli/interactive/actions/misc.js +56 -14
- package/dist/cli/interactive/actions/misc.js.map +1 -1
- package/dist/cli/interactive/menu-defs.d.ts.map +1 -1
- package/dist/cli/interactive/menu-defs.js +8 -8
- package/dist/cli/interactive/menu-defs.js.map +1 -1
- package/dist/cli/interactive.d.ts.map +1 -1
- package/dist/cli/interactive.js +6 -1
- package/dist/cli/interactive.js.map +1 -1
- package/dist/cli/telemetry.d.ts +17 -0
- package/dist/cli/telemetry.d.ts.map +1 -1
- package/dist/cli/telemetry.js +33 -0
- package/dist/cli/telemetry.js.map +1 -1
- package/dist/cli/workspace-sync.d.ts +108 -0
- package/dist/cli/workspace-sync.d.ts.map +1 -0
- package/dist/cli/workspace-sync.js +199 -0
- package/dist/cli/workspace-sync.js.map +1 -0
- package/package.json +17 -12
|
@@ -29,10 +29,10 @@ export const MENU_DEFS = [
|
|
|
29
29
|
key: 'report',
|
|
30
30
|
icon: '\u25A0',
|
|
31
31
|
number: 2,
|
|
32
|
-
en: 'Compliance Report
|
|
33
|
-
zh: '\u5408\u898F\u5831\u544A
|
|
34
|
-
enDesc: '
|
|
35
|
-
zhDesc: '
|
|
32
|
+
en: 'Compliance Report',
|
|
33
|
+
zh: '\u5408\u898F\u5831\u544A',
|
|
34
|
+
enDesc: 'EU AI Act, NIST AI RMF, ISO/IEC 42001, OWASP, Colorado AI Act — 6 frameworks',
|
|
35
|
+
zhDesc: 'EU AI Act\u3001NIST AI RMF\u3001ISO/IEC 42001\u3001OWASP\u3001Colorado AI Act \u2014 6 \u5927\u6846\u67B6',
|
|
36
36
|
tierBadge: '',
|
|
37
37
|
featureKey: 'report',
|
|
38
38
|
},
|
|
@@ -51,10 +51,10 @@ export const MENU_DEFS = [
|
|
|
51
51
|
key: 'trap',
|
|
52
52
|
icon: '\u00B7',
|
|
53
53
|
number: 4,
|
|
54
|
-
en: 'Honeypot System
|
|
55
|
-
zh: '\u871C\u7F50\u7CFB\u7D71
|
|
56
|
-
enDesc: '
|
|
57
|
-
zhDesc: '\u8A98\u990C\u670D\u52D9\
|
|
54
|
+
en: 'Honeypot System',
|
|
55
|
+
zh: '\u871C\u7F50\u7CFB\u7D71',
|
|
56
|
+
enDesc: 'SSH/HTTP/FTP/Redis decoy services + attacker profiler + Threat Cloud upload',
|
|
57
|
+
zhDesc: 'SSH/HTTP/FTP/Redis \u8A98\u990C\u670D\u52D9 + \u653B\u64CA\u8005\u5206\u6790 + Threat Cloud \u4E0A\u50B3',
|
|
58
58
|
tierBadge: '',
|
|
59
59
|
featureKey: 'trap',
|
|
60
60
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"menu-defs.js","sourceRoot":"","sources":["../../../src/cli/interactive/menu-defs.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAcH,MAAM,CAAC,MAAM,SAAS,GAAc;IAClC;QACE,GAAG,EAAE,OAAO;QACZ,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,cAAc;QAClB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,yCAAyC;QACjD,MAAM,EAAE,sFAAsF;QAC9F,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,OAAO;KACpB;IACD;QACE,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,eAAe;QACnB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,wCAAwC;QAChD,MAAM,EACJ,4FAA4F;QAC9F,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,MAAM;KACnB;IACD;QACE,GAAG,EAAE,QAAQ;QACb,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,
|
|
1
|
+
{"version":3,"file":"menu-defs.js","sourceRoot":"","sources":["../../../src/cli/interactive/menu-defs.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAcH,MAAM,CAAC,MAAM,SAAS,GAAc;IAClC;QACE,GAAG,EAAE,OAAO;QACZ,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,cAAc;QAClB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,yCAAyC;QACjD,MAAM,EAAE,sFAAsF;QAC9F,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,OAAO;KACpB;IACD;QACE,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,eAAe;QACnB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,wCAAwC;QAChD,MAAM,EACJ,4FAA4F;QAC9F,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,MAAM;KACnB;IACD;QACE,GAAG,EAAE,QAAQ;QACb,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,mBAAmB;QACvB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,8EAA8E;QACtF,MAAM,EACJ,2GAA2G;QAC7G,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,QAAQ;KACrB;IACD;QACE,GAAG,EAAE,OAAO;QACZ,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,cAAc;QAClB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,gDAAgD;QACxD,MAAM,EAAE,8DAA8D;QACtE,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,OAAO;KACpB;IACD;QACE,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,iBAAiB;QACrB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,6EAA6E;QACrF,MAAM,EACJ,0GAA0G;QAC5G,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,MAAM;KACnB;IACD;QACE,GAAG,EAAE,QAAQ;QACb,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,eAAe;QACnB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,gDAAgD;QACxD,MAAM,EAAE,gFAAgF;QACxF,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,QAAQ;KACrB;IACD;QACE,GAAG,EAAE,cAAc;QACnB,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,cAAc;QAClB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,qCAAqC;QAC7C,MAAM,EAAE,sDAAsD;QAC9D,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,cAAc;KAC3B;IACD;QACE,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,WAAW;QACf,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,kCAAkC;QAC1C,MAAM,EAAE,8DAA8D;QACtE,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,MAAM;KACnB;IACD;QACE,GAAG,EAAE,OAAO;QACZ,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,CAAC;QACT,EAAE,EAAE,eAAe;QACnB,EAAE,EAAE,0BAA0B;QAC9B,MAAM,EAAE,2CAA2C;QACnD,MAAM,EAAE,wEAAwE;QAChF,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,OAAO;KACpB;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interactive.d.ts","sourceRoot":"","sources":["../../src/cli/interactive.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA+BH,wBAAsB,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"interactive.d.ts","sourceRoot":"","sources":["../../src/cli/interactive.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA+BH,wBAAsB,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAyHnE"}
|
package/dist/cli/interactive.js
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* @module @panguard-ai/panguard/cli/interactive
|
|
8
8
|
*/
|
|
9
9
|
import { existsSync } from 'node:fs';
|
|
10
|
-
import { c } from '@panguard-ai/core';
|
|
10
|
+
import { c, setLogLevel } from '@panguard-ai/core';
|
|
11
11
|
import { waitForMainInput, cleanupTerminal } from './menu.js';
|
|
12
12
|
import { checkFeatureAccess, showUpgradePrompt } from './auth-guard.js';
|
|
13
13
|
import { formatError } from './ux-helpers.js';
|
|
@@ -25,6 +25,11 @@ import { actionReport, actionTrap, actionChat, actionThreat, actionHardening, ac
|
|
|
25
25
|
// ---------------------------------------------------------------------------
|
|
26
26
|
export async function startInteractive(lang) {
|
|
27
27
|
setLang(lang === 'en' ? 'en' : lang === 'zh-TW' ? 'zh-TW' : detectLang());
|
|
28
|
+
// Silence structured info/debug logs in interactive mode — the menu owns the
|
|
29
|
+
// screen and JSON log lines (e.g., "Detected N platform(s)" from
|
|
30
|
+
// panguard-mcp:platform-detector) break the UX. Action handlers re-enable
|
|
31
|
+
// logging if they explicitly need it.
|
|
32
|
+
setLogLevel('silent');
|
|
28
33
|
const exit = () => {
|
|
29
34
|
cleanupTerminal();
|
|
30
35
|
const msg = getLang() === 'zh-TW' ? '\u611F\u8B1D\u4F7F\u7528 Panguard AI\uFF01' : 'Goodbye!';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interactive.js","sourceRoot":"","sources":["../../src/cli/interactive.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,CAAC,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"interactive.js","sourceRoot":"","sources":["../../src/cli/interactive.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,CAAC,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAC9F,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEnF,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EACL,YAAY,EACZ,UAAU,EACV,UAAU,EACV,YAAY,EACZ,eAAe,EACf,YAAY,EACZ,YAAY,GACb,MAAM,+BAA+B,CAAC;AAEvC,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAa;IAClD,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;IAE1E,6EAA6E;IAC7E,iEAAiE;IACjE,0EAA0E;IAC1E,sCAAsC;IACtC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAEtB,MAAM,IAAI,GAAG,GAAG,EAAE;QAChB,eAAe,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,OAAO,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,4CAA4C,CAAC,CAAC,CAAC,UAAU,CAAC;QAC9F,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC3B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAE5B,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IAEzB,uBAAuB;IACvB,MAAM,aAAa,GAAG,MAAM,eAAe,EAAE,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CACT,OAAO,EAAE,KAAK,OAAO;YACnB,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,+DAA+D;YACtF,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,gCAAgC,CAC1D,CAAC;QACF,OAAO,CAAC,GAAG,CACT,OAAO,EAAE,KAAK,OAAO;YACnB,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,qHAAqH;YAC3I,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,kEAAkE,CAC3F,CAAC;QACF,OAAO,CAAC,GAAG,CACT,OAAO,EAAE,KAAK,OAAO;YACnB,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,+GAA+G;YACrI,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,qEAAqE,CAC9F,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;SAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CACT,OAAO,EAAE,KAAK,OAAO;YACnB,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,8DAA8D,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,gEAAgE;YACtM,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,uCAAuC,CAC/I,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,YAAY;IACZ,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,WAAW,GAAG,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,GAAG,CAAC;QAC/C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAElC,MAAM,KAAK,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAEvC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;YACnB,KAAK,MAAM;gBACT,IAAI,EAAE,CAAC;gBACP,OAAO;YAET,KAAK,MAAM;gBACT,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;gBACpB,SAAS;YAEX,KAAK,aAAa;gBAChB,OAAO,CAAC,OAAO,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBAChD,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;gBACpB,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzB,SAAS;YAEX,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACnC,IAAI,CAAC,GAAG;oBAAE,SAAS;gBAEnB,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;oBACxC,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;oBAC7C,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC7C,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;oBACzB,SAAS;gBACX,CAAC;gBAED,OAAO,CAAC,KAAK,EAAE,CAAC;gBAChB,IAAI,CAAC;oBACH,MAAM,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC1B,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAChB,OAAO,CAAC,GAAG,CACT,WAAW,CACT,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAChD,GAAG,OAAO,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,IAAI,GAAG,CAAC,GAAG,EAAE,EAClE,OAAO,EAAE,KAAK,OAAO;wBACnB,CAAC,CAAC,kDAAkD;wBACpD,CAAC,CAAC,qBAAqB,CAC1B,CACF,CAAC;gBACJ,CAAC;gBAED,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC7C,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzB,SAAS;YACX,CAAC;YAED,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACtC,IAAI,CAAC,IAAI;oBAAE,SAAS;gBAEpB,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;gBAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,CAAC,GAAG,CACT,CAAC,CAAC,GAAG,CACH,OAAO,EAAE,KAAK,OAAO;wBACnB,CAAC,CAAC,8FAA8F;wBAChG,CAAC,CAAC,wDAAwD,CAC7D,CACF,CAAC;oBACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAClB,CAAC;gBACD,SAAS;YACX,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,KAAK,UAAU,eAAe,CAAC,IAAY;IACzC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IAEvB,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,QAAQ;YACX,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;YACzB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,OAAO,CAAC;QACb,KAAK,QAAQ;YACX,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;YAChF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,QAAQ;YACX,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;YACzB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,SAAS;YACZ,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,WAAW;YACd,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;YAC5B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,QAAQ;YACX,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;gBAC3D,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC;YACxB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,GAAG,CACT,WAAW,CACT,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAChD,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,sCAAsC,CAAC,CAAC,CAAC,qBAAqB,EACjF,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,cAAc,CACzD,CACF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,QAAQ;YACX,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;YAC7D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,OAAO;YACV,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;YACxB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,OAAO;YACV,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC;YAC3B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC7C,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,MAAM;YACT,QAAQ,CAAC,IAAI,CAAC,CAAC;YACf,OAAO,IAAI,CAAC;QAEd;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,uCAAuC;AACvC,8EAA8E;AAE9E,KAAK,UAAU,QAAQ,CAAC,GAAW;IACjC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IAEvB,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO;YACV,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;YACvB,MAAM;QACR,KAAK,MAAM;YACT,MAAM,UAAU,CACd,IAAI,EACJ,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,EACvB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CACxB,CAAC;YACF,MAAM;QACR,KAAK,QAAQ;YACX,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;YACzB,MAAM;QACR,KAAK,OAAO;YACV,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;YACxB,MAAM;QACR,KAAK,MAAM;YACT,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;YACvB,MAAM;QACR,KAAK,QAAQ;YACX,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;YACvB,MAAM;QACR,KAAK,cAAc;YACjB,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;YACzB,MAAM;QACR,KAAK,MAAM;YACT,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;YACvB,MAAM;QACR,KAAK,OAAO;YACV,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;YACxB,MAAM;IACV,CAAC;AACH,CAAC"}
|
package/dist/cli/telemetry.d.ts
CHANGED
|
@@ -25,4 +25,21 @@ export interface TelemetryEvent {
|
|
|
25
25
|
* Fire-and-forget — never blocks the caller, never throws.
|
|
26
26
|
*/
|
|
27
27
|
export declare function reportTelemetry(enabled: boolean, event: TelemetryEvent): Promise<void>;
|
|
28
|
+
export interface ScanCloudEvent {
|
|
29
|
+
/** 'remote' for `pga scan --target`, 'local' for `pga scan` system audit. */
|
|
30
|
+
readonly mode: 'remote' | 'local';
|
|
31
|
+
readonly findingsCount: number;
|
|
32
|
+
/** Risk classification from runScan/runRemoteScan ('LOW'|'MEDIUM'|'HIGH'|'CRITICAL'). */
|
|
33
|
+
readonly riskLevel: string;
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Push the scan to TC via ThreatCloudClient.reportScanEvent. This is the
|
|
37
|
+
* channel that makes `pga scan` an actual sensor — it lands the event in
|
|
38
|
+
* the same Threat Cloud aggregation as `pga audit skill`, so adoption +
|
|
39
|
+
* coverage stats are unified across audit and scan flows.
|
|
40
|
+
*
|
|
41
|
+
* Fire-and-forget. Gated by the same telemetry consent as reportTelemetry.
|
|
42
|
+
* Importing ThreatCloudClient lazily so non-cloud paths never pay the cost.
|
|
43
|
+
*/
|
|
44
|
+
export declare function reportScanToCloud(enabled: boolean, event: ScanCloudEvent): Promise<void>;
|
|
28
45
|
//# sourceMappingURL=telemetry.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../../src/cli/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;;;GAIG;AACH,wBAAsB,uBAAuB,IAAI,OAAO,CAAC,MAAM,CAAC,CAY/D;AAED,oDAAoD;AACpD,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAsC5F"}
|
|
1
|
+
{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../../src/cli/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;;;GAIG;AACH,wBAAsB,uBAAuB,IAAI,OAAO,CAAC,MAAM,CAAC,CAY/D;AAED,oDAAoD;AACpD,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAsC5F;AAED,MAAM,WAAW,cAAc;IAC7B,6EAA6E;IAC7E,QAAQ,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC;IAClC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,yFAAyF;IACzF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAwB9F"}
|
package/dist/cli/telemetry.js
CHANGED
|
@@ -69,4 +69,37 @@ export async function reportTelemetry(enabled, event) {
|
|
|
69
69
|
// Best effort — never block scan for telemetry
|
|
70
70
|
}
|
|
71
71
|
}
|
|
72
|
+
/**
|
|
73
|
+
* Push the scan to TC via ThreatCloudClient.reportScanEvent. This is the
|
|
74
|
+
* channel that makes `pga scan` an actual sensor — it lands the event in
|
|
75
|
+
* the same Threat Cloud aggregation as `pga audit skill`, so adoption +
|
|
76
|
+
* coverage stats are unified across audit and scan flows.
|
|
77
|
+
*
|
|
78
|
+
* Fire-and-forget. Gated by the same telemetry consent as reportTelemetry.
|
|
79
|
+
* Importing ThreatCloudClient lazily so non-cloud paths never pay the cost.
|
|
80
|
+
*/
|
|
81
|
+
export async function reportScanToCloud(enabled, event) {
|
|
82
|
+
if (!enabled)
|
|
83
|
+
return;
|
|
84
|
+
try {
|
|
85
|
+
const { ThreatCloudClient } = await import('@panguard-ai/panguard-guard');
|
|
86
|
+
const pathMod = await import('node:path');
|
|
87
|
+
const dataDir = pathMod.join(process.env['HOME'] ?? process.env['USERPROFILE'] ?? '.', '.panguard-guard');
|
|
88
|
+
const tc = await ThreatCloudClient.create(TC_ENDPOINT, dataDir);
|
|
89
|
+
const isCritical = event.riskLevel === 'CRITICAL';
|
|
90
|
+
const isHigh = event.riskLevel === 'HIGH';
|
|
91
|
+
const isClean = event.findingsCount === 0;
|
|
92
|
+
void tc.reportScanEvent({
|
|
93
|
+
source: 'cli-user',
|
|
94
|
+
skillsScanned: 1,
|
|
95
|
+
findingsCount: event.findingsCount,
|
|
96
|
+
confirmedMalicious: isCritical ? 1 : 0,
|
|
97
|
+
highlySuspicious: isHigh ? 1 : 0,
|
|
98
|
+
cleanCount: isClean ? 1 : 0,
|
|
99
|
+
});
|
|
100
|
+
}
|
|
101
|
+
catch {
|
|
102
|
+
// Best effort — never block scan
|
|
103
|
+
}
|
|
104
|
+
}
|
|
72
105
|
//# sourceMappingURL=telemetry.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../../src/cli/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,GAAG,wBAAwB,CAAC;AAE7C;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC3C,IAAI,CAAC;QACH,0EAA0E;QAC1E,MAAM,GAAG,GAAG,2BAA2B,CAAC;QACxC,MAAM,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,CAE7B,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC,MAAM,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,gBAAgB;IAC9B,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;AAC/C,CAAC;AAUD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAgB,EAAE,KAAqB;IAC3E,IAAI,CAAC,OAAO;QAAE,OAAO;IAErB,4CAA4C;IAC5C,0DAA0D;IAC1D,yDAAyD;IACzD,MAAM,OAAO,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KAC7B,CAAC;IAEF,IAAI,CAAC;QACH,2DAA2D;QAC3D,KAAK,KAAK,CAAC,GAAG,WAAW,YAAY,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,OAAO,KAAK,CAAC,KAAK,EAAE;gBAChC,MAAM,EAAE,UAAU;gBAClB,QAAQ,EAAE,OAAO;aAClB,CAAC;YACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAEnB,uDAAuD;QACvD,KAAK,KAAK,CAAC,GAAG,WAAW,gBAAgB,EAAE;YACzC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,+CAA+C;IACjD,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../../src/cli/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,GAAG,wBAAwB,CAAC;AAE7C;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC3C,IAAI,CAAC;QACH,0EAA0E;QAC1E,MAAM,GAAG,GAAG,2BAA2B,CAAC;QACxC,MAAM,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,CAE7B,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC,MAAM,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,gBAAgB;IAC9B,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;AAC/C,CAAC;AAUD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAgB,EAAE,KAAqB;IAC3E,IAAI,CAAC,OAAO;QAAE,OAAO;IAErB,4CAA4C;IAC5C,0DAA0D;IAC1D,yDAAyD;IACzD,MAAM,OAAO,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KAC7B,CAAC;IAEF,IAAI,CAAC;QACH,2DAA2D;QAC3D,KAAK,KAAK,CAAC,GAAG,WAAW,YAAY,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,OAAO,KAAK,CAAC,KAAK,EAAE;gBAChC,MAAM,EAAE,UAAU;gBAClB,QAAQ,EAAE,OAAO;aAClB,CAAC;YACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAEnB,uDAAuD;QACvD,KAAK,KAAK,CAAC,GAAG,WAAW,gBAAgB,EAAE;YACzC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,+CAA+C;IACjD,CAAC;AACH,CAAC;AAUD;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAAgB,EAAE,KAAqB;IAC7E,IAAI,CAAC,OAAO;QAAE,OAAO;IACrB,IAAI,CAAC;QACH,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;QAC1E,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAC1B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,GAAG,EACxD,iBAAiB,CAClB,CAAC;QACF,MAAM,EAAE,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,KAAK,CAAC,SAAS,KAAK,UAAU,CAAC;QAClD,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,KAAK,MAAM,CAAC;QAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,aAAa,KAAK,CAAC,CAAC;QAC1C,KAAK,EAAE,CAAC,eAAe,CAAC;YACtB,MAAM,EAAE,UAAU;YAClB,aAAa,EAAE,CAAC;YAChB,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,kBAAkB,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACtC,gBAAgB,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAChC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC5B,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,iCAAiC;IACnC,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* workspace-sync.ts — push scan events to app.panguard.ai when authenticated
|
|
3
|
+
*
|
|
4
|
+
* Flow:
|
|
5
|
+
* 1. `pga audit` / `pga scan` finish a scan locally (offline-first)
|
|
6
|
+
* 2. If ~/.panguard/auth.json exists (user has run `pga login`), this module
|
|
7
|
+
* POSTs the findings to app.panguard.ai/api/v2/events so they appear in
|
|
8
|
+
* the customer dashboard timeline.
|
|
9
|
+
* 3. Anonymous / Community users are unaffected — they continue to use the
|
|
10
|
+
* existing TC telemetry path (tc.panguard.ai) via panguard-guard's
|
|
11
|
+
* ThreatCloudClient.
|
|
12
|
+
*
|
|
13
|
+
* Privacy:
|
|
14
|
+
* - Raw adversarial payloads are NEVER uploaded. Only: rule_id, severity,
|
|
15
|
+
* target (path/URL), target_hash (sha256 of content), and a 1-line summary
|
|
16
|
+
* produced by the CLI.
|
|
17
|
+
* - Endpoint identification: a stable hash of machine-id + logged-in user.
|
|
18
|
+
* Not the hostname itself, not the user's email.
|
|
19
|
+
*
|
|
20
|
+
* Failure mode:
|
|
21
|
+
* - Network / HTTP failure is logged via `log.debug` and swallowed.
|
|
22
|
+
* - 401 (token revoked/expired) prints ONE warning then deletes auth.json
|
|
23
|
+
* so subsequent commands don't keep hitting the broken path.
|
|
24
|
+
* - The main scan result printed to stdout is never altered by sync result.
|
|
25
|
+
*/
|
|
26
|
+
interface AuthInfo {
|
|
27
|
+
api_key: string;
|
|
28
|
+
workspace_id: string;
|
|
29
|
+
workspace_slug: string;
|
|
30
|
+
workspace_name: string;
|
|
31
|
+
tier: string;
|
|
32
|
+
user_email: string;
|
|
33
|
+
/**
|
|
34
|
+
* UUID of the matching TC org. Optional — only set if the workspace was
|
|
35
|
+
* provisioned with a linked TC org (see Supabase migration
|
|
36
|
+
* 20260422000006_tc_org_link.sql). Used by getTcCorrelationHeaders() so
|
|
37
|
+
* existing anonymous TC telemetry can be post-hoc correlated back to this
|
|
38
|
+
* workspace without breaking Community-tier anonymous behaviour.
|
|
39
|
+
*/
|
|
40
|
+
tc_org_id?: string;
|
|
41
|
+
}
|
|
42
|
+
export declare function authJsonPath(): string;
|
|
43
|
+
export declare function tryLoadAuth(): AuthInfo | null;
|
|
44
|
+
/**
|
|
45
|
+
* Headers to pass on any CLI → tc.panguard.ai request when the user is
|
|
46
|
+
* authenticated to a paid workspace. Harmless when TC doesn't know about
|
|
47
|
+
* workspaces yet (TC ignores unknown headers); enables retroactive
|
|
48
|
+
* correlation once TC gains workspace-aware endpoints.
|
|
49
|
+
*
|
|
50
|
+
* Returns an empty object if the user is anonymous (Community tier) so
|
|
51
|
+
* Community behaviour is byte-identical to pre-Phase-2 code.
|
|
52
|
+
*/
|
|
53
|
+
export declare function getTcCorrelationHeaders(): Record<string, string>;
|
|
54
|
+
export type EventType = 'scan.rule_match' | 'scan.completed' | 'guard.blocked' | 'guard.flagged' | 'trap.triggered' | 'respond.action';
|
|
55
|
+
export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info';
|
|
56
|
+
export interface WorkspaceEvent {
|
|
57
|
+
event_type: EventType;
|
|
58
|
+
severity: Severity;
|
|
59
|
+
rule_id?: string;
|
|
60
|
+
target: string;
|
|
61
|
+
target_hash?: string;
|
|
62
|
+
payload_summary: string;
|
|
63
|
+
occurred_at?: string;
|
|
64
|
+
metadata?: Record<string, unknown>;
|
|
65
|
+
}
|
|
66
|
+
export interface EndpointInfo {
|
|
67
|
+
machine_id: string;
|
|
68
|
+
hostname?: string;
|
|
69
|
+
os_type?: string;
|
|
70
|
+
panguard_version?: string;
|
|
71
|
+
}
|
|
72
|
+
export declare function getEndpointInfo(panguardVersion: string | undefined, userEmail: string): EndpointInfo;
|
|
73
|
+
interface SyncResult {
|
|
74
|
+
ingested: number;
|
|
75
|
+
skipped: string;
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Push a batch of events to app.panguard.ai under the current workspace.
|
|
79
|
+
* Returns the number ingested. Non-throwing: any error is logged and the
|
|
80
|
+
* function returns `{ ingested: 0, skipped: <reason> }`.
|
|
81
|
+
*/
|
|
82
|
+
export declare function syncEvents(events: WorkspaceEvent[], opts?: {
|
|
83
|
+
appUrl?: string;
|
|
84
|
+
panguardVersion?: string;
|
|
85
|
+
/** Print a one-line success/failure summary to stdout. Default false. */
|
|
86
|
+
verbose?: boolean;
|
|
87
|
+
}): Promise<SyncResult>;
|
|
88
|
+
export interface AuditFindingLike {
|
|
89
|
+
ruleId?: string;
|
|
90
|
+
severity?: string;
|
|
91
|
+
title?: string;
|
|
92
|
+
description?: string;
|
|
93
|
+
[key: string]: unknown;
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Build a WorkspaceEvent[] from an audit report's findings + a scan summary row.
|
|
97
|
+
* This is the shared shape emitted by both `pga audit` and `pga scan`.
|
|
98
|
+
*/
|
|
99
|
+
export declare function buildEventsFromAuditReport(args: {
|
|
100
|
+
target: string;
|
|
101
|
+
targetHash?: string;
|
|
102
|
+
riskLevel: string;
|
|
103
|
+
riskScore: number;
|
|
104
|
+
findings: AuditFindingLike[];
|
|
105
|
+
skillName?: string;
|
|
106
|
+
}): WorkspaceEvent[];
|
|
107
|
+
export {};
|
|
108
|
+
//# sourceMappingURL=workspace-sync.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"workspace-sync.d.ts","sourceRoot":"","sources":["../../src/cli/workspace-sync.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAcH,UAAU,QAAQ;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED,wBAAgB,WAAW,IAAI,QAAQ,GAAG,IAAI,CAS7C;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAUhE;AAID,MAAM,MAAM,SAAS,GACjB,iBAAiB,GACjB,gBAAgB,GAChB,eAAe,GACf,eAAe,GACf,gBAAgB,GAChB,gBAAgB,CAAC;AAErB,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvE,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAMD,wBAAgB,eAAe,CAC7B,eAAe,EAAE,MAAM,GAAG,SAAS,EACnC,SAAS,EAAE,MAAM,GAChB,YAAY,CAed;AAID,UAAU,UAAU;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,wBAAsB,UAAU,CAC9B,MAAM,EAAE,cAAc,EAAE,EACxB,IAAI,CAAC,EAAE;IACL,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,yEAAyE;IACzE,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GACA,OAAO,CAAC,UAAU,CAAC,CA2ErB;AAID,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAWD;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE;IAC/C,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,cAAc,EAAE,CAoCnB"}
|
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* workspace-sync.ts — push scan events to app.panguard.ai when authenticated
|
|
3
|
+
*
|
|
4
|
+
* Flow:
|
|
5
|
+
* 1. `pga audit` / `pga scan` finish a scan locally (offline-first)
|
|
6
|
+
* 2. If ~/.panguard/auth.json exists (user has run `pga login`), this module
|
|
7
|
+
* POSTs the findings to app.panguard.ai/api/v2/events so they appear in
|
|
8
|
+
* the customer dashboard timeline.
|
|
9
|
+
* 3. Anonymous / Community users are unaffected — they continue to use the
|
|
10
|
+
* existing TC telemetry path (tc.panguard.ai) via panguard-guard's
|
|
11
|
+
* ThreatCloudClient.
|
|
12
|
+
*
|
|
13
|
+
* Privacy:
|
|
14
|
+
* - Raw adversarial payloads are NEVER uploaded. Only: rule_id, severity,
|
|
15
|
+
* target (path/URL), target_hash (sha256 of content), and a 1-line summary
|
|
16
|
+
* produced by the CLI.
|
|
17
|
+
* - Endpoint identification: a stable hash of machine-id + logged-in user.
|
|
18
|
+
* Not the hostname itself, not the user's email.
|
|
19
|
+
*
|
|
20
|
+
* Failure mode:
|
|
21
|
+
* - Network / HTTP failure is logged via `log.debug` and swallowed.
|
|
22
|
+
* - 401 (token revoked/expired) prints ONE warning then deletes auth.json
|
|
23
|
+
* so subsequent commands don't keep hitting the broken path.
|
|
24
|
+
* - The main scan result printed to stdout is never altered by sync result.
|
|
25
|
+
*/
|
|
26
|
+
import { createHash } from 'node:crypto';
|
|
27
|
+
import { readFileSync, unlinkSync } from 'node:fs';
|
|
28
|
+
import { homedir, hostname, platform } from 'node:os';
|
|
29
|
+
import { join } from 'node:path';
|
|
30
|
+
import { c, symbols } from '@panguard-ai/core';
|
|
31
|
+
const DEFAULT_APP_URL = 'https://app.panguard.ai';
|
|
32
|
+
const AUTH_JSON_RELATIVE = '.panguard/auth.json';
|
|
33
|
+
const TIMEOUT_MS = 5000;
|
|
34
|
+
export function authJsonPath() {
|
|
35
|
+
return join(homedir(), AUTH_JSON_RELATIVE);
|
|
36
|
+
}
|
|
37
|
+
export function tryLoadAuth() {
|
|
38
|
+
try {
|
|
39
|
+
const raw = readFileSync(authJsonPath(), 'utf-8');
|
|
40
|
+
const parsed = JSON.parse(raw);
|
|
41
|
+
if (!parsed.api_key || !parsed.workspace_id)
|
|
42
|
+
return null;
|
|
43
|
+
return parsed;
|
|
44
|
+
}
|
|
45
|
+
catch {
|
|
46
|
+
return null;
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Headers to pass on any CLI → tc.panguard.ai request when the user is
|
|
51
|
+
* authenticated to a paid workspace. Harmless when TC doesn't know about
|
|
52
|
+
* workspaces yet (TC ignores unknown headers); enables retroactive
|
|
53
|
+
* correlation once TC gains workspace-aware endpoints.
|
|
54
|
+
*
|
|
55
|
+
* Returns an empty object if the user is anonymous (Community tier) so
|
|
56
|
+
* Community behaviour is byte-identical to pre-Phase-2 code.
|
|
57
|
+
*/
|
|
58
|
+
export function getTcCorrelationHeaders() {
|
|
59
|
+
const auth = tryLoadAuth();
|
|
60
|
+
if (!auth)
|
|
61
|
+
return {};
|
|
62
|
+
const headers = {
|
|
63
|
+
'X-Panguard-Workspace-Id': auth.workspace_id,
|
|
64
|
+
};
|
|
65
|
+
if (auth.tc_org_id) {
|
|
66
|
+
headers['X-Panguard-Tc-Org-Id'] = auth.tc_org_id;
|
|
67
|
+
}
|
|
68
|
+
return headers;
|
|
69
|
+
}
|
|
70
|
+
// ─── Stable endpoint id (not PII) ──────────────────────────────────────────
|
|
71
|
+
let cachedMachineId = null;
|
|
72
|
+
export function getEndpointInfo(panguardVersion, userEmail) {
|
|
73
|
+
if (!cachedMachineId) {
|
|
74
|
+
// Combine OS hostname + userEmail (from auth) + node arch → sha256.
|
|
75
|
+
// Server never sees the raw values, and the hash is stable across runs of
|
|
76
|
+
// the same user on the same machine, giving the dashboard a useful
|
|
77
|
+
// "endpoint" without leaking hostname or email to the database.
|
|
78
|
+
const seed = `${hostname()}::${userEmail}::${process.arch}`;
|
|
79
|
+
cachedMachineId = 'm_' + createHash('sha256').update(seed).digest('hex').slice(0, 48);
|
|
80
|
+
}
|
|
81
|
+
return {
|
|
82
|
+
machine_id: cachedMachineId,
|
|
83
|
+
hostname: hostname(),
|
|
84
|
+
os_type: platform(),
|
|
85
|
+
...(panguardVersion ? { panguard_version: panguardVersion } : {}),
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Push a batch of events to app.panguard.ai under the current workspace.
|
|
90
|
+
* Returns the number ingested. Non-throwing: any error is logged and the
|
|
91
|
+
* function returns `{ ingested: 0, skipped: <reason> }`.
|
|
92
|
+
*/
|
|
93
|
+
export async function syncEvents(events, opts) {
|
|
94
|
+
if (events.length === 0) {
|
|
95
|
+
return { ingested: 0, skipped: 'empty' };
|
|
96
|
+
}
|
|
97
|
+
const auth = tryLoadAuth();
|
|
98
|
+
if (!auth) {
|
|
99
|
+
// Not authenticated — not an error, just means Community mode.
|
|
100
|
+
return { ingested: 0, skipped: 'anonymous' };
|
|
101
|
+
}
|
|
102
|
+
const appUrl = (opts?.appUrl ?? process.env['PANGUARD_APP_URL'] ?? DEFAULT_APP_URL).replace(/\/$/, '');
|
|
103
|
+
const endpoint = getEndpointInfo(opts?.panguardVersion, auth.user_email);
|
|
104
|
+
const body = { events, endpoint };
|
|
105
|
+
try {
|
|
106
|
+
const res = await fetch(`${appUrl}/api/v2/events`, {
|
|
107
|
+
method: 'POST',
|
|
108
|
+
headers: {
|
|
109
|
+
'Content-Type': 'application/json',
|
|
110
|
+
Authorization: `Bearer ${auth.api_key}`,
|
|
111
|
+
'User-Agent': `panguard-cli/${opts?.panguardVersion ?? 'unknown'}`,
|
|
112
|
+
},
|
|
113
|
+
body: JSON.stringify(body),
|
|
114
|
+
signal: AbortSignal.timeout(TIMEOUT_MS),
|
|
115
|
+
});
|
|
116
|
+
if (res.status === 401) {
|
|
117
|
+
// Token revoked or expired — clear auth.json so future commands go
|
|
118
|
+
// anonymous instead of repeatedly failing.
|
|
119
|
+
try {
|
|
120
|
+
unlinkSync(authJsonPath());
|
|
121
|
+
}
|
|
122
|
+
catch {
|
|
123
|
+
// fine
|
|
124
|
+
}
|
|
125
|
+
if (opts?.verbose) {
|
|
126
|
+
console.log(` ${c.caution(symbols.warn)} ${c.dim('Session expired. Run')} ${c.sage('pga login')} ${c.dim('to reconnect.')}`);
|
|
127
|
+
}
|
|
128
|
+
return { ingested: 0, skipped: 'auth_revoked' };
|
|
129
|
+
}
|
|
130
|
+
if (!res.ok) {
|
|
131
|
+
if (opts?.verbose) {
|
|
132
|
+
console.log(` ${c.caution(symbols.warn)} ${c.dim(`Dashboard sync failed (HTTP ${res.status}) — results are local only.`)}`);
|
|
133
|
+
}
|
|
134
|
+
return { ingested: 0, skipped: `http_${res.status}` };
|
|
135
|
+
}
|
|
136
|
+
const parsed = (await res.json().catch(() => ({})));
|
|
137
|
+
const ingested = typeof parsed.ingested === 'number' ? parsed.ingested : events.length;
|
|
138
|
+
if (opts?.verbose) {
|
|
139
|
+
console.log(` ${c.safe(symbols.pass)} ${c.dim(`${ingested} event${ingested === 1 ? '' : 's'} synced to`)} ${c.sage(auth.workspace_name)}`);
|
|
140
|
+
}
|
|
141
|
+
return { ingested, skipped: '' };
|
|
142
|
+
}
|
|
143
|
+
catch (err) {
|
|
144
|
+
// Network / timeout / malformed response. Swallow — offline-first principle.
|
|
145
|
+
if (opts?.verbose) {
|
|
146
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
147
|
+
console.log(` ${c.dim(`Dashboard sync skipped (${msg.slice(0, 60)}) — results are local only.`)}`);
|
|
148
|
+
}
|
|
149
|
+
return { ingested: 0, skipped: 'network_error' };
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
/** Convert a normalized severity string (from audit/scan reports) to the allowed enum. */
|
|
153
|
+
function normalizeSeverity(s) {
|
|
154
|
+
const lower = (s ?? '').toLowerCase();
|
|
155
|
+
if (lower === 'critical' || lower === 'high' || lower === 'medium' || lower === 'low') {
|
|
156
|
+
return lower;
|
|
157
|
+
}
|
|
158
|
+
return 'info';
|
|
159
|
+
}
|
|
160
|
+
/**
|
|
161
|
+
* Build a WorkspaceEvent[] from an audit report's findings + a scan summary row.
|
|
162
|
+
* This is the shared shape emitted by both `pga audit` and `pga scan`.
|
|
163
|
+
*/
|
|
164
|
+
export function buildEventsFromAuditReport(args) {
|
|
165
|
+
const out = [];
|
|
166
|
+
// One event per rule match — this is the unit of compliance evidence.
|
|
167
|
+
for (const f of args.findings) {
|
|
168
|
+
if (!f.ruleId)
|
|
169
|
+
continue;
|
|
170
|
+
out.push({
|
|
171
|
+
event_type: 'scan.rule_match',
|
|
172
|
+
severity: normalizeSeverity(typeof f.severity === 'string' ? f.severity : undefined),
|
|
173
|
+
rule_id: f.ruleId,
|
|
174
|
+
target: args.target,
|
|
175
|
+
...(args.targetHash ? { target_hash: args.targetHash } : {}),
|
|
176
|
+
payload_summary: (typeof f.title === 'string' ? f.title : `${f.ruleId} match`).slice(0, 200),
|
|
177
|
+
metadata: {
|
|
178
|
+
skill_name: args.skillName ?? undefined,
|
|
179
|
+
},
|
|
180
|
+
});
|
|
181
|
+
}
|
|
182
|
+
// One summary event per scan run (lets the dashboard show "scans/day" even
|
|
183
|
+
// when findings are zero).
|
|
184
|
+
out.push({
|
|
185
|
+
event_type: 'scan.completed',
|
|
186
|
+
severity: 'info',
|
|
187
|
+
target: args.target,
|
|
188
|
+
...(args.targetHash ? { target_hash: args.targetHash } : {}),
|
|
189
|
+
payload_summary: `Scan completed — risk=${args.riskLevel}, score=${args.riskScore}, findings=${args.findings.length}`,
|
|
190
|
+
metadata: {
|
|
191
|
+
risk_level: args.riskLevel,
|
|
192
|
+
risk_score: args.riskScore,
|
|
193
|
+
findings_count: args.findings.length,
|
|
194
|
+
skill_name: args.skillName ?? undefined,
|
|
195
|
+
},
|
|
196
|
+
});
|
|
197
|
+
return out;
|
|
198
|
+
}
|
|
199
|
+
//# sourceMappingURL=workspace-sync.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"workspace-sync.js","sourceRoot":"","sources":["../../src/cli/workspace-sync.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,eAAe,GAAG,yBAAyB,CAAC;AAClD,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;AACjD,MAAM,UAAU,GAAG,IAAI,CAAC;AAqBxB,MAAM,UAAU,YAAY;IAC1B,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,EAAE,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAsB,CAAC;QACpD,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QACzD,OAAO,MAAkB,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,IAAI,GAAG,WAAW,EAAE,CAAC;IAC3B,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,MAAM,OAAO,GAA2B;QACtC,yBAAyB,EAAE,IAAI,CAAC,YAAY;KAC7C,CAAC;IACF,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;IACnD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAgCD,8EAA8E;AAE9E,IAAI,eAAe,GAAkB,IAAI,CAAC;AAE1C,MAAM,UAAU,eAAe,CAC7B,eAAmC,EACnC,SAAiB;IAEjB,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,oEAAoE;QACpE,0EAA0E;QAC1E,mEAAmE;QACnE,gEAAgE;QAChE,MAAM,IAAI,GAAG,GAAG,QAAQ,EAAE,KAAK,SAAS,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5D,eAAe,GAAG,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACxF,CAAC;IACD,OAAO;QACL,UAAU,EAAE,eAAe;QAC3B,QAAQ,EAAE,QAAQ,EAAE;QACpB,OAAO,EAAE,QAAQ,EAAE;QACnB,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClE,CAAC;AACJ,CAAC;AASD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,MAAwB,EACxB,IAKC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;IAC3C,CAAC;IAED,MAAM,IAAI,GAAG,WAAW,EAAE,CAAC;IAC3B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,+DAA+D;QAC/D,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,IAAI,EAAE,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,eAAe,CAAC,CAAC,OAAO,CACzF,KAAK,EACL,EAAE,CACH,CAAC;IACF,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,EAAE,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAEzE,MAAM,IAAI,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,gBAAgB,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,OAAO,EAAE;gBACvC,YAAY,EAAE,gBAAgB,IAAI,EAAE,eAAe,IAAI,SAAS,EAAE;aACnE;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;YAC1B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC;SACxC,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,mEAAmE;YACnE,2CAA2C;YAC3C,IAAI,CAAC;gBACH,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO;YACT,CAAC;YACD,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CACjH,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;QAClD,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,+BAA+B,GAAG,CAAC,MAAM,6BAA6B,CAAC,EAAE,CAChH,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;QACxD,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA0B,CAAC;QAC7E,MAAM,QAAQ,GAAG,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;QAEvF,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,QAAQ,SAAS,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAC/H,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACnC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,6EAA6E;QAC7E,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;YAClB,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,CAAC,GAAG,CAAC,2BAA2B,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,6BAA6B,CAAC,EAAE,CACvF,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;IACnD,CAAC;AACH,CAAC;AAYD,0FAA0F;AAC1F,SAAS,iBAAiB,CAAC,CAAqB;IAC9C,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACtC,IAAI,KAAK,KAAK,UAAU,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;QACtF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAO1C;IACC,MAAM,GAAG,GAAqB,EAAE,CAAC;IAEjC,sEAAsE;IACtE,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,CAAC,CAAC,MAAM;YAAE,SAAS;QACxB,GAAG,CAAC,IAAI,CAAC;YACP,UAAU,EAAE,iBAAiB;YAC7B,QAAQ,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,OAAO,EAAE,CAAC,CAAC,MAAM;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5D,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC5F,QAAQ,EAAE;gBACR,UAAU,EAAE,IAAI,CAAC,SAAS,IAAI,SAAS;aACxC;SACF,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,2BAA2B;IAC3B,GAAG,CAAC,IAAI,CAAC;QACP,UAAU,EAAE,gBAAgB;QAC5B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,eAAe,EAAE,yBAAyB,IAAI,CAAC,SAAS,WAAW,IAAI,CAAC,SAAS,cAAc,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE;QACrH,QAAQ,EAAE;YACR,UAAU,EAAE,IAAI,CAAC,SAAS;YAC1B,UAAU,EAAE,IAAI,CAAC,SAAS;YAC1B,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;YACpC,UAAU,EAAE,IAAI,CAAC,SAAS,IAAI,SAAS;SACxC;KACF,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@panguard-ai/panguard",
|
|
3
|
-
"version": "1.5.
|
|
3
|
+
"version": "1.5.6",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -37,23 +37,28 @@
|
|
|
37
37
|
],
|
|
38
38
|
"dependencies": {
|
|
39
39
|
"commander": "^12.0.0",
|
|
40
|
+
"js-yaml": "^4.1.0",
|
|
41
|
+
"pdfkit": "^0.15.0",
|
|
40
42
|
"zod": "^3.24.0",
|
|
41
|
-
"@panguard-ai/
|
|
42
|
-
"@panguard-ai/
|
|
43
|
-
"@panguard-ai/
|
|
44
|
-
"@panguard-ai/
|
|
45
|
-
"@panguard-ai/panguard-
|
|
46
|
-
"@panguard-ai/panguard-
|
|
47
|
-
"@panguard-ai/panguard-
|
|
48
|
-
"@panguard-ai/
|
|
49
|
-
"@panguard-ai/
|
|
43
|
+
"@panguard-ai/core": "1.5.6",
|
|
44
|
+
"@panguard-ai/panguard-chat": "1.5.6",
|
|
45
|
+
"@panguard-ai/security-hardening": "1.5.6",
|
|
46
|
+
"@panguard-ai/panguard-guard": "1.5.6",
|
|
47
|
+
"@panguard-ai/panguard-skill-auditor": "1.5.6",
|
|
48
|
+
"@panguard-ai/panguard-mcp": "1.5.6",
|
|
49
|
+
"@panguard-ai/panguard-scan": "1.5.6",
|
|
50
|
+
"@panguard-ai/atr": "1.5.6",
|
|
51
|
+
"@panguard-ai/scan-core": "1.5.6"
|
|
50
52
|
},
|
|
51
53
|
"optionalDependencies": {
|
|
52
|
-
"
|
|
53
|
-
"@panguard-ai/threat-cloud": "1.
|
|
54
|
+
"agent-threat-rules": "^2.1.1",
|
|
55
|
+
"@panguard-ai/threat-cloud": "1.5.6",
|
|
56
|
+
"@panguard-ai/panguard-trap": "1.5.6"
|
|
54
57
|
},
|
|
55
58
|
"devDependencies": {
|
|
59
|
+
"@types/js-yaml": "^4.0.9",
|
|
56
60
|
"@types/node": "^22.14.0",
|
|
61
|
+
"@types/pdfkit": "^0.13.0",
|
|
57
62
|
"typescript": "~5.7.3"
|
|
58
63
|
},
|
|
59
64
|
"scripts": {
|