@panguard-ai/threat-cloud 0.1.0

package/dist/rule-generator.js

@@ -0,0 +1,238 @@
+/**
+ * Automatic Sigma Rule Generator
+ * 自動 Sigma 規則產生器
+ *
+ * Analyzes enriched threat events, detects recurring patterns,
+ * and generates Sigma detection rules automatically.
+ *
+ * @module @panguard-ai/threat-cloud/rule-generator
+ */
+import { createHash } from 'node:crypto';
+/** MITRE technique → tactic mapping (simplified) */
+const TECHNIQUE_TACTIC_MAP = {
+    T1110: 'credential_access',
+    T1021: 'lateral_movement',
+    T1046: 'discovery',
+    T1059: 'execution',
+    T1486: 'impact',
+    T1190: 'initial_access',
+    T1078: 'defense_evasion',
+    T1071: 'command_and_control',
+    T1048: 'exfiltration',
+    T1569: 'execution',
+    T1053: 'execution',
+    T1543: 'persistence',
+    T1547: 'persistence',
+    T1098: 'persistence',
+    T1027: 'defense_evasion',
+    T1070: 'defense_evasion',
+    T1562: 'defense_evasion',
+    T1018: 'discovery',
+    T1057: 'discovery',
+    T1082: 'discovery',
+    T1560: 'collection',
+};
+/** Severity mapping for pattern analysis */
+const SEVERITY_ORDER = ['critical', 'high', 'medium', 'low'];
+/** Default configuration */
+const DEFAULT_CONFIG = {
+    minOccurrences: 10,
+    analysisWindowHours: 168, // 7 days
+    minDistinctIPs: 3,
+};
+export class RuleGenerator {
+    db;
+    config;
+    constructor(db, config) {
+        this.db = db;
+        this.config = { ...DEFAULT_CONFIG, ...config };
+    }
+    /**
+     * Analyze recent events and generate rules for recurring patterns.
+     * 分析近期事件並為反覆出現的模式產生規則
+     */
+    generateRules() {
+        const startTime = Date.now();
+        const patterns = this.detectPatterns();
+        let rulesGenerated = 0;
+        let rulesUpdated = 0;
+        this.db.transaction(() => {
+            for (const pattern of patterns) {
+                const existing = this.db
+                    .prepare('SELECT pattern_hash FROM generated_patterns WHERE pattern_hash = ?')
+                    .get(pattern.patternHash);
+                if (existing) {
+                    this.updatePattern(pattern);
+                    rulesUpdated++;
+                }
+                else {
+                    this.createRuleFromPattern(pattern);
+                    rulesGenerated++;
+                }
+            }
+        })();
+        return {
+            patternsAnalyzed: patterns.length,
+            rulesGenerated,
+            rulesUpdated,
+            duration: Date.now() - startTime,
+        };
+    }
+    /**
+     * Detect recurring patterns in enriched threat events.
+     * 偵測豐富化威脅事件中的反覆模式
+     */
+    detectPatterns() {
+        const sinceDate = new Date(Date.now() - this.config.analysisWindowHours * 60 * 60 * 1000).toISOString();
+        const rows = this.db
+            .prepare(`SELECT attack_type, mitre_techniques, attack_source_ip, region, severity, timestamp
+         FROM enriched_threats
+         WHERE received_at > ?
+         ORDER BY timestamp ASC`)
+            .all(sinceDate);
+        // Group by (attack_type, sorted mitre_techniques)
+        const grouped = new Map();
+        for (const row of rows) {
+            const techniques = JSON.parse(row.mitre_techniques).sort();
+            const key = `${row.attack_type}|${techniques.join(',')}`;
+            let group = grouped.get(key);
+            if (!group) {
+                group = {
+                    attackType: row.attack_type,
+                    techniques,
+                    ips: new Set(),
+                    regions: new Set(),
+                    severityCounts: {},
+                    occurrences: 0,
+                    firstSeen: row.timestamp,
+                    lastSeen: row.timestamp,
+                };
+                grouped.set(key, group);
+            }
+            group.ips.add(row.attack_source_ip);
+            group.regions.add(row.region);
+            group.severityCounts[row.severity] = (group.severityCounts[row.severity] ?? 0) + 1;
+            group.occurrences++;
+            if (row.timestamp > group.lastSeen)
+                group.lastSeen = row.timestamp;
+        }
+        // Filter by thresholds
+        const patterns = [];
+        for (const group of grouped.values()) {
+            if (group.occurrences >= this.config.minOccurrences &&
+                group.ips.size >= this.config.minDistinctIPs) {
+                const patternHash = createHash('sha256')
+                    .update(group.attackType + group.techniques.join(','))
+                    .digest('hex')
+                    .slice(0, 16);
+                patterns.push({
+                    attackType: group.attackType,
+                    mitreTechniques: group.techniques,
+                    patternHash,
+                    occurrences: group.occurrences,
+                    distinctIPs: group.ips.size,
+                    regions: [...group.regions],
+                    severityCounts: group.severityCounts,
+                    firstSeen: group.firstSeen,
+                    lastSeen: group.lastSeen,
+                });
+            }
+        }
+        return patterns;
+    }
+    /**
+     * Get all generated patterns.
+     * 取得所有已產生的模式
+     */
+    getGeneratedPatterns() {
+        const rows = this.db
+            .prepare(`SELECT pattern_hash, attack_type, mitre_techniques, rule_id, occurrences, distinct_ips
+         FROM generated_patterns
+         ORDER BY occurrences DESC`)
+            .all();
+        return rows.map((r) => ({
+            patternHash: r.pattern_hash,
+            attackType: r.attack_type,
+            mitreTechniques: JSON.parse(r.mitre_techniques),
+            ruleId: r.rule_id,
+            occurrences: r.occurrences,
+            distinctIPs: r.distinct_ips,
+        }));
+    }
+    // -------------------------------------------------------------------------
+    // Private helpers / 私有輔助方法
+    // -------------------------------------------------------------------------
+    /** Create a new rule from a detected pattern */
+    createRuleFromPattern(pattern) {
+        const ruleId = `tc-auto-${pattern.patternHash}`;
+        const severity = this.pickMaxSeverity(pattern.severityCounts);
+        const sigmaYaml = this.generateSigmaYaml(pattern, ruleId, severity);
+        // Insert into rules table
+        this.db
+            .prepare(`INSERT INTO rules (rule_id, rule_content, published_at, source)
+         VALUES (?, ?, datetime('now'), 'threat-cloud-auto')
+         ON CONFLICT(rule_id) DO UPDATE SET
+           rule_content = excluded.rule_content,
+           published_at = excluded.published_at,
+           updated_at = datetime('now')`)
+            .run(ruleId, sigmaYaml);
+        // Insert into generated_patterns table
+        this.db
+            .prepare(`INSERT INTO generated_patterns
+          (pattern_hash, attack_type, mitre_techniques, rule_id, occurrences, distinct_ips, first_seen, last_seen)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?)`)
+            .run(pattern.patternHash, pattern.attackType, JSON.stringify(pattern.mitreTechniques), ruleId, pattern.occurrences, pattern.distinctIPs, pattern.firstSeen, pattern.lastSeen);
+    }
+    /** Update an existing pattern's statistics */
+    updatePattern(pattern) {
+        this.db
+            .prepare(`UPDATE generated_patterns SET
+           occurrences = ?,
+           distinct_ips = ?,
+           last_seen = ?,
+           updated_at = datetime('now')
+         WHERE pattern_hash = ?`)
+            .run(pattern.occurrences, pattern.distinctIPs, pattern.lastSeen, pattern.patternHash);
+        // Also update the rule content
+        const ruleId = `tc-auto-${pattern.patternHash}`;
+        const severity = this.pickMaxSeverity(pattern.severityCounts);
+        const sigmaYaml = this.generateSigmaYaml(pattern, ruleId, severity);
+        this.db
+            .prepare(`UPDATE rules SET rule_content = ?, published_at = datetime('now'), updated_at = datetime('now')
+         WHERE rule_id = ?`)
+            .run(sigmaYaml, ruleId);
+    }
+    /** Generate Sigma YAML rule content */
+    generateSigmaYaml(pattern, ruleId, severity) {
+        const tags = pattern.mitreTechniques.map((t) => {
+            const tactic = TECHNIQUE_TACTIC_MAP[t] ?? 'unknown';
+            return `  - attack.${tactic}\n  - attack.${t.toLowerCase()}`;
+        });
+        const regionList = pattern.regions.join(', ');
+        return [
+            `title: "Threat Cloud Auto: ${pattern.attackType} via ${pattern.mitreTechniques.join(', ')}"`,
+            `id: ${ruleId}`,
+            `status: experimental`,
+            `author: Panguard Threat Cloud (auto-generated)`,
+            `description: |`,
+            `  Pattern observed ${pattern.occurrences} times from ${pattern.distinctIPs} distinct IPs across ${regionList}.`,
+            `date: ${new Date().toISOString().slice(0, 10)}`,
+            `detection:`,
+            `  selection:`,
+            `    EventType: ${pattern.attackType}`,
+            `  condition: selection`,
+            `level: ${severity}`,
+            `tags:`,
+            ...tags,
+        ].join('\n');
+    }
+    /** Pick highest severity from counts */
+    pickMaxSeverity(severityCounts) {
+        for (const s of SEVERITY_ORDER) {
+            if (severityCounts[s] && severityCounts[s] > 0)
+                return s;
+        }
+        return 'medium';
+    }
+}
+//# sourceMappingURL=rule-generator.js.map

package/dist/rule-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule-generator.js","sourceRoot":"","sources":["../src/rule-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAIzC,oDAAoD;AACpD,MAAM,oBAAoB,GAA2B;IACnD,KAAK,EAAE,mBAAmB;IAC1B,KAAK,EAAE,kBAAkB;IACzB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,gBAAgB;IACvB,KAAK,EAAE,iBAAiB;IACxB,KAAK,EAAE,qBAAqB;IAC5B,KAAK,EAAE,cAAc;IACrB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,aAAa;IACpB,KAAK,EAAE,aAAa;IACpB,KAAK,EAAE,aAAa;IACpB,KAAK,EAAE,iBAAiB;IACxB,KAAK,EAAE,iBAAiB;IACxB,KAAK,EAAE,iBAAiB;IACxB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,WAAW;IAClB,KAAK,EAAE,YAAY;CACpB,CAAC;AAEF,4CAA4C;AAC5C,MAAM,cAAc,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAU,CAAC;AAEtE,4BAA4B;AAC5B,MAAM,cAAc,GAAwB;IAC1C,cAAc,EAAE,EAAE;IAClB,mBAAmB,EAAE,GAAG,EAAE,SAAS;IACnC,cAAc,EAAE,CAAC;CAClB,CAAC;AAEF,MAAM,OAAO,aAAa;IAIL;IAHF,MAAM,CAAsB;IAE7C,YACmB,EAAqB,EACtC,MAAqC;QADpB,OAAE,GAAF,EAAE,CAAmB;QAGtC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;IACjD,CAAC;IAED;;;OAGG;IACH,aAAa;QACX,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACvC,IAAI,cAAc,GAAG,CAAC,CAAC;QACvB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;YACvB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,EAAE;qBACrB,OAAO,CAAC,oEAAoE,CAAC;qBAC7E,GAAG,CAAC,OAAO,CAAC,WAAW,CAAyC,CAAC;gBAEpE,IAAI,QAAQ,EAAE,CAAC;oBACb,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;oBAC5B,YAAY,EAAE,CAAC;gBACjB,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;oBACpC,cAAc,EAAE,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,OAAO;YACL,gBAAgB,EAAE,QAAQ,CAAC,MAAM;YACjC,cAAc;YACd,YAAY;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,cAAc;QACZ,MAAM,SAAS,GAAG,IAAI,IAAI,CACxB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAC9D,CAAC,WAAW,EAAE,CAAC;QAEhB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;;gCAGwB,CACzB;aACA,GAAG,CAAC,SAAS,CAOd,CAAC;QAEH,kDAAkD;QAClD,MAAM,OAAO,GAAG,IAAI,GAAG,EAYpB,CAAC;QAEJ,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,UAAU,GAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAc,CAAC,IAAI,EAAE,CAAC;YACzE,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,WAAW,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAEzD,IAAI,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,KAAK,GAAG;oBACN,UAAU,EAAE,GAAG,CAAC,WAAW;oBAC3B,UAAU;oBACV,GAAG,EAAE,IAAI,GAAG,EAAU;oBACtB,OAAO,EAAE,IAAI,GAAG,EAAU;oBAC1B,cAAc,EAAE,EAAE;oBAClB,WAAW,EAAE,CAAC;oBACd,SAAS,EAAE,GAAG,CAAC,SAAS;oBACxB,QAAQ,EAAE,GAAG,CAAC,SAAS;iBACxB,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC1B,CAAC;YAED,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YACpC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9B,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACnF,KAAK,CAAC,WAAW,EAAE,CAAC;YACpB,IAAI,GAAG,CAAC,SAAS,GAAG,KAAK,CAAC,QAAQ;gBAAE,KAAK,CAAC,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC;QACrE,CAAC;QAED,uBAAuB;QACvB,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACrC,IACE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc;gBAC/C,KAAK,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAC5C,CAAC;gBACD,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;qBACrC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;qBACrD,MAAM,CAAC,KAAK,CAAC;qBACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAEhB,QAAQ,CAAC,IAAI,CAAC;oBACZ,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,eAAe,EAAE,KAAK,CAAC,UAAU;oBACjC,WAAW;oBACX,WAAW,EAAE,KAAK,CAAC,WAAW;oBAC9B,WAAW,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI;oBAC3B,OAAO,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC;oBAC3B,cAAc,EAAE,KAAK,CAAC,cAAc;oBACpC,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,oBAAoB;QAQlB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;mCAE2B,CAC5B;aACA,GAAG,EAOJ,CAAC;QAEH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACtB,WAAW,EAAE,CAAC,CAAC,YAAY;YAC3B,UAAU,EAAE,CAAC,CAAC,WAAW;YACzB,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAa;YAC3D,MAAM,EAAE,CAAC,CAAC,OAAO;YACjB,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,WAAW,EAAE,CAAC,CAAC,YAAY;SAC5B,CAAC,CAAC,CAAC;IACN,CAAC;IAED,4EAA4E;IAC5E,2BAA2B;IAC3B,4EAA4E;IAE5E,gDAAgD;IACxC,qBAAqB,CAAC,OAAwB;QACpD,MAAM,MAAM,GAAG,WAAW,OAAO,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEpE,0BAA0B;QAC1B,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;;;;wCAKgC,CACjC;aACA,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAE1B,uCAAuC;QACvC,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;yCAEiC,CAClC;aACA,GAAG,CACF,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,UAAU,EAClB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,EACvC,MAAM,EACN,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,QAAQ,CACjB,CAAC;IACN,CAAC;IAED,8CAA8C;IACtC,aAAa,CAAC,OAAwB;QAC5C,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;;;;gCAKwB,CACzB;aACA,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;QAExF,+BAA+B;QAC/B,MAAM,MAAM,GAAG,WAAW,OAAO,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEpE,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;2BACmB,CACpB;aACA,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,uCAAuC;IAC/B,iBAAiB,CAAC,OAAwB,EAAE,MAAc,EAAE,QAAgB;QAClF,MAAM,IAAI,GAAG,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7C,MAAM,MAAM,GAAG,oBAAoB,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;YACpD,OAAO,cAAc,MAAM,gBAAgB,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO;YACL,8BAA8B,OAAO,CAAC,UAAU,QAAQ,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YAC7F,OAAO,MAAM,EAAE;YACf,sBAAsB;YACtB,gDAAgD;YAChD,gBAAgB;YAChB,sBAAsB,OAAO,CAAC,WAAW,eAAe,OAAO,CAAC,WAAW,wBAAwB,UAAU,GAAG;YAChH,SAAS,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;YAChD,YAAY;YACZ,cAAc;YACd,kBAAkB,OAAO,CAAC,UAAU,EAAE;YACtC,wBAAwB;YACxB,UAAU,QAAQ,EAAE;YACpB,OAAO;YACP,GAAG,IAAI;SACR,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,wCAAwC;IAChC,eAAe,CAAC,cAAsC;QAC5D,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;YAC/B,IAAI,cAAc,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/scheduler.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Background Scheduler
+ * 背景排程器
+ *
+ * Manages periodic tasks: reputation recalculation, correlation scanning,
+ * rule generation, and data lifecycle cleanup.
+ *
+ * @module @panguard-ai/threat-cloud/scheduler
+ */
+import type Database from 'better-sqlite3';
+import type { SchedulerConfig } from './types.js';
+export declare class Scheduler {
+    private readonly db;
+    private readonly config;
+    private readonly reputation;
+    private readonly correlation;
+    private readonly ruleGen;
+    private readonly iocStore;
+    private timers;
+    private running;
+    constructor(db: Database.Database, config?: Partial<SchedulerConfig>);
+    /** Start all scheduled tasks / 啟動所有排程任務 */
+    start(): void;
+    /** Stop all scheduled tasks / 停止所有排程任務 */
+    stop(): void;
+    /** Check if scheduler is running */
+    isRunning(): boolean;
+    /** Run correlation scan manually */
+    runCorrelation(): {
+        newCampaigns: number;
+        eventsCorrelated: number;
+    };
+    /** Run reputation recalculation manually */
+    runReputation(): {
+        updated: number;
+    };
+    /** Run rule generation manually */
+    runRuleGeneration(): {
+        rulesGenerated: number;
+        rulesUpdated: number;
+    };
+    /** Run data lifecycle cleanup */
+    runLifecycle(): {
+        expired: number;
+        purged: number;
+        vacuumed: boolean;
+        auditPurged: number;
+    };
+    /** Run database backup / 執行資料庫備份 */
+    runBackup(backupDir: string, maxBackups?: number): string | null;
+}
+//# sourceMappingURL=scheduler.d.ts.map

package/dist/scheduler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scheduler.d.ts","sourceRoot":"","sources":["../src/scheduler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAK3C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAYlD,qBAAa,SAAS;IAUlB,OAAO,CAAC,QAAQ,CAAC,EAAE;IATrB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAmB;IAC9C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAoB;IAChD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgB;IACxC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAW;IACpC,OAAO,CAAC,MAAM,CAA6C;IAC3D,OAAO,CAAC,OAAO,CAAS;gBAGL,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACtC,MAAM,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC;IASnC,2CAA2C;IAC3C,KAAK,IAAI,IAAI;IAoBb,0CAA0C;IAC1C,IAAI,IAAI,IAAI;IAQZ,oCAAoC;IACpC,SAAS,IAAI,OAAO;IAIpB,oCAAoC;IACpC,cAAc,IAAI;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE;IAKpE,4CAA4C;IAC5C,aAAa,IAAI;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE;IAKpC,mCAAmC;IACnC,iBAAiB,IAAI;QAAE,cAAc,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE;IAKrE,iCAAiC;IACjC,YAAY,IAAI;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAwC3F,oCAAoC;IACpC,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,SAAK,GAAG,MAAM,GAAG,IAAI;CA4B7D"}

package/dist/scheduler.js

@@ -0,0 +1,143 @@
+/**
+ * Background Scheduler
+ * 背景排程器
+ *
+ * Manages periodic tasks: reputation recalculation, correlation scanning,
+ * rule generation, and data lifecycle cleanup.
+ *
+ * @module @panguard-ai/threat-cloud/scheduler
+ */
+import { existsSync, mkdirSync, readdirSync, unlinkSync } from 'node:fs';
+import { join } from 'node:path';
+import { ReputationEngine } from './reputation-engine.js';
+import { CorrelationEngine } from './correlation-engine.js';
+import { RuleGenerator } from './rule-generator.js';
+import { IoCStore } from './ioc-store.js';
+/** Default scheduler configuration */
+const DEFAULT_CONFIG = {
+    reputationIntervalMs: 60 * 60 * 1000, // 1 hour
+    correlationIntervalMs: 5 * 60 * 1000, // 5 minutes
+    ruleGenerationIntervalMs: 6 * 60 * 60 * 1000, // 6 hours
+    threatRetentionDays: 90,
+    iocRetentionDays: 365,
+    aggregationIntervalMs: 24 * 60 * 60 * 1000, // 24 hours
+};
+export class Scheduler {
+    db;
+    config;
+    reputation;
+    correlation;
+    ruleGen;
+    iocStore;
+    timers = [];
+    running = false;
+    constructor(db, config) {
+        this.db = db;
+        this.config = { ...DEFAULT_CONFIG, ...config };
+        this.reputation = new ReputationEngine(db);
+        this.correlation = new CorrelationEngine(db);
+        this.ruleGen = new RuleGenerator(db);
+        this.iocStore = new IoCStore(db);
+    }
+    /** Start all scheduled tasks / 啟動所有排程任務 */
+    start() {
+        if (this.running)
+            return;
+        this.running = true;
+        // Run correlation immediately, then on interval
+        this.runCorrelation();
+        this.timers.push(setInterval(() => this.runCorrelation(), this.config.correlationIntervalMs));
+        // Reputation recalculation
+        this.timers.push(setInterval(() => this.runReputation(), this.config.reputationIntervalMs));
+        // Rule generation
+        this.timers.push(setInterval(() => this.runRuleGeneration(), this.config.ruleGenerationIntervalMs));
+        // Data lifecycle cleanup
+        this.timers.push(setInterval(() => this.runLifecycle(), this.config.aggregationIntervalMs));
+    }
+    /** Stop all scheduled tasks / 停止所有排程任務 */
+    stop() {
+        this.running = false;
+        for (const timer of this.timers) {
+            clearInterval(timer);
+        }
+        this.timers = [];
+    }
+    /** Check if scheduler is running */
+    isRunning() {
+        return this.running;
+    }
+    /** Run correlation scan manually */
+    runCorrelation() {
+        const result = this.correlation.scanForCampaigns();
+        return { newCampaigns: result.newCampaigns, eventsCorrelated: result.eventsCorrelated };
+    }
+    /** Run reputation recalculation manually */
+    runReputation() {
+        const result = this.reputation.recalculateAll();
+        return { updated: result.updated };
+    }
+    /** Run rule generation manually */
+    runRuleGeneration() {
+        const result = this.ruleGen.generateRules();
+        return { rulesGenerated: result.rulesGenerated, rulesUpdated: result.rulesUpdated };
+    }
+    /** Run data lifecycle cleanup */
+    runLifecycle() {
+        const expireCutoff = new Date(Date.now() - this.config.iocRetentionDays * 24 * 60 * 60 * 1000).toISOString();
+        const purgeCutoff = new Date(Date.now() - (this.config.iocRetentionDays + 30) * 24 * 60 * 60 * 1000).toISOString();
+        const expired = this.iocStore.expireStaleIoCs(expireCutoff);
+        const purged = this.iocStore.purgeExpiredIoCs(purgeCutoff);
+        // Purge old enriched threats
+        const threatCutoff = new Date(Date.now() - this.config.threatRetentionDays * 24 * 60 * 60 * 1000).toISOString();
+        this.db
+            .prepare('DELETE FROM enriched_threats WHERE received_at < ? AND campaign_id IS NULL')
+            .run(threatCutoff);
+        // Purge old audit log entries (180 days retention)
+        const auditCutoff = new Date(Date.now() - 180 * 24 * 60 * 60 * 1000).toISOString();
+        const auditResult = this.db
+            .prepare('DELETE FROM audit_log WHERE created_at < ?')
+            .run(auditCutoff);
+        const auditPurged = auditResult.changes;
+        // WAL checkpoint
+        let vacuumed = false;
+        try {
+            this.db.pragma('wal_checkpoint(PASSIVE)');
+            vacuumed = true;
+        }
+        catch {
+            /* ignore checkpoint errors */
+        }
+        return { expired, purged, vacuumed, auditPurged };
+    }
+    /** Run database backup / 執行資料庫備份 */
+    runBackup(backupDir, maxBackups = 30) {
+        try {
+            if (!existsSync(backupDir)) {
+                mkdirSync(backupDir, { recursive: true });
+            }
+            const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+            const dest = join(backupDir, `threat-cloud-${timestamp}.db`);
+            this.db.exec(`VACUUM INTO '${dest.replace(/'/g, "''")}'`);
+            // Rotate: remove oldest backups beyond maxBackups
+            const backups = readdirSync(backupDir)
+                .filter((f) => f.startsWith('threat-cloud-') && f.endsWith('.db'))
+                .sort();
+            while (backups.length > maxBackups) {
+                const oldest = backups.shift();
+                if (oldest) {
+                    try {
+                        unlinkSync(join(backupDir, oldest));
+                    }
+                    catch {
+                        /* best effort */
+                    }
+                }
+            }
+            return dest;
+        }
+        catch {
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=scheduler.js.map

package/dist/scheduler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scheduler.js","sourceRoot":"","sources":["../src/scheduler.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACzE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAG1C,sCAAsC;AACtC,MAAM,cAAc,GAAoB;IACtC,oBAAoB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;IAC/C,qBAAqB,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;IAClD,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,UAAU;IACxD,mBAAmB,EAAE,EAAE;IACvB,gBAAgB,EAAE,GAAG;IACrB,qBAAqB,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;CACxD,CAAC;AAEF,MAAM,OAAO,SAAS;IAUD;IATF,MAAM,CAAkB;IACxB,UAAU,CAAmB;IAC7B,WAAW,CAAoB;IAC/B,OAAO,CAAgB;IACvB,QAAQ,CAAW;IAC5B,MAAM,GAA0C,EAAE,CAAC;IACnD,OAAO,GAAG,KAAK,CAAC;IAExB,YACmB,EAAqB,EACtC,MAAiC;QADhB,OAAE,GAAF,EAAE,CAAmB;QAGtC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;QAC/C,IAAI,CAAC,UAAU,GAAG,IAAI,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,IAAI,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,aAAa,CAAC,EAAE,CAAC,CAAC;QACrC,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC;IAED,2CAA2C;IAC3C,KAAK;QACH,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,gDAAgD;QAChD,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAE9F,2BAA2B;QAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;QAE5F,kBAAkB;QAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAClF,CAAC;QAEF,yBAAyB;QACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAC9F,CAAC;IAED,0CAA0C;IAC1C,IAAI;QACF,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,aAAa,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;IACnB,CAAC;IAED,oCAAoC;IACpC,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,oCAAoC;IACpC,cAAc;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;QACnD,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,CAAC;IAC1F,CAAC;IAED,4CAA4C;IAC5C,aAAa;QACX,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QAChD,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;IACrC,CAAC;IAED,mCAAmC;IACnC,iBAAiB;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC;IACtF,CAAC;IAED,iCAAiC;IACjC,YAAY;QACV,MAAM,YAAY,GAAG,IAAI,IAAI,CAC3B,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAChE,CAAC,WAAW,EAAE,CAAC;QAEhB,MAAM,WAAW,GAAG,IAAI,IAAI,CAC1B,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CACvE,CAAC,WAAW,EAAE,CAAC;QAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAE3D,6BAA6B;QAC7B,MAAM,YAAY,GAAG,IAAI,IAAI,CAC3B,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CACnE,CAAC,WAAW,EAAE,CAAC;QAEhB,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,4EAA4E,CAAC;aACrF,GAAG,CAAC,YAAY,CAAC,CAAC;QAErB,mDAAmD;QACnD,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACnF,MAAM,WAAW,GAAG,IAAI,CAAC,EAAE;aACxB,OAAO,CAAC,4CAA4C,CAAC;aACrD,GAAG,CAAC,WAAW,CAAC,CAAC;QACpB,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC;QAExC,iBAAiB;QACjB,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC;YAC1C,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,8BAA8B;QAChC,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;IACpD,CAAC;IAED,oCAAoC;IACpC,SAAS,CAAC,SAAiB,EAAE,UAAU,GAAG,EAAE;QAC1C,IAAI,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3B,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5C,CAAC;YACD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACjE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,gBAAgB,SAAS,KAAK,CAAC,CAAC;YAC7D,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAE1D,kDAAkD;YAClD,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC;iBACnC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;iBACjE,IAAI,EAAE,CAAC;YACV,OAAO,OAAO,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;gBAC/B,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,CAAC;wBACH,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;oBACtC,CAAC;oBAAC,MAAM,CAAC;wBACP,iBAAiB;oBACnB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/server.d.ts

@@ -0,0 +1,99 @@
+/**
+ * Threat Cloud HTTP API Server
+ * 威脅雲 HTTP API 伺服器
+ *
+ * Endpoints:
+ * - POST /api/threats      Upload anonymized threat data
+ * - POST /api/trap-intel   Upload trap intelligence data
+ * - GET  /api/rules        Fetch rules (optional ?since= filter)
+ * - POST /api/rules        Publish a new community rule
+ * - GET  /api/stats        Get threat statistics
+ * - GET  /api/iocs         Search/list IoCs
+ * - GET  /api/iocs/:value  Lookup single IoC
+ * - GET  /health           Health check
+ *
+ * @module @panguard-ai/threat-cloud/server
+ */
+import { ThreatCloudDB } from './database.js';
+import { IoCStore } from './ioc-store.js';
+import { Scheduler } from './scheduler.js';
+import type { ServerConfig } from './types.js';
+/**
+ * Threat Cloud API Server
+ * 威脅雲 API 伺服器
+ */
+export declare class ThreatCloudServer {
+    private server;
+    private readonly db;
+    private readonly iocStore;
+    private readonly correlation;
+    private readonly queryHandlers;
+    private readonly feedDistributor;
+    private readonly sightingStore;
+    private readonly auditLogger;
+    private readonly scheduler;
+    private readonly config;
+    private rateLimits;
+    /** Pre-hashed API keys for constant-time comparison */
+    private readonly hashedApiKeys;
+    constructor(config: ServerConfig);
+    /** Start the server / 啟動伺服器 */
+    start(): Promise<void>;
+    /** Stop the server gracefully / 優雅停止伺服器 */
+    stop(): Promise<void>;
+    /** Expose DB for testing / 暴露 DB 供測試使用 */
+    getDB(): ThreatCloudDB;
+    /** Expose IoC store for testing / 暴露 IoCStore 供測試使用 */
+    getIoCStore(): IoCStore;
+    /** Expose scheduler for backup management / 暴露排程器供備份管理 */
+    getScheduler(): Scheduler;
+    private handleRequest;
+    private handlePostThreat;
+    private handlePostTrapIntel;
+    private handleSearchIoCs;
+    private handleLookupIoC;
+    /** GET /api/rules?since=<ISO timestamp> */
+    private handleGetRules;
+    /** POST /api/rules */
+    private handlePostRule;
+    /** GET /api/stats (enhanced) */
+    private handleGetStats;
+    private handleListCampaigns;
+    private handleCampaignStats;
+    private handleGetCampaign;
+    private handleTimeSeries;
+    private handleGeoDistribution;
+    private handleTrends;
+    private handleMitreHeatmap;
+    private handleIPBlocklist;
+    private handleDomainBlocklist;
+    private handleIoCFeed;
+    private handleAgentUpdate;
+    private handlePostSighting;
+    private handleGetSightings;
+    private handleGetAuditLog;
+    /**
+     * Anonymize IP by zeroing last two octets (/16 for IPv4).
+     * GDPR-compliant: /16 masking prevents re-identification.
+     * 匿名化 IP（IPv4 遮蔽最後兩個八位元組，符合 GDPR）
+     */
+    private anonymizeIP;
+    /**
+     * Verify API key using constant-time comparison to prevent timing attacks.
+     * 使用常數時間比較驗證 API key 以防止計時攻擊
+     */
+    private verifyApiKey;
+    /** Rate limit check (supports per-IP and per-key) / 速率限制檢查 */
+    private checkRateLimit;
+    /** Validate IPv4 or IPv6 format / 驗證 IP 格式 */
+    private isValidIP;
+    /** Validate ISO timestamp with reasonable bounds / 驗證 ISO 時間戳格式 */
+    private isValidTimestamp;
+    /** Sanitize string input: truncate and strip control characters / 清理字串輸入 */
+    private sanitizeString;
+    /** Read request body with size limit / 讀取請求主體 */
+    private readBody;
+    /** Send JSON response / 發送 JSON 回應 */
+    private sendJson;
+}
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAM1C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,YAAY,EAQb,MAAM,YAAY,CAAC;AAQpB;;;GAGG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAgD;IAC9D,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAgB;IACnC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAW;IACpC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAoB;IAChD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;IAC9C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;IAC9C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAe;IACtC,OAAO,CAAC,UAAU,CAA0C;IAC5D,uDAAuD;IACvD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAW;gBAE7B,MAAM,EAAE,YAAY;IAehC,+BAA+B;IACzB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAoB5B,2CAA2C;IACrC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqB3B,0CAA0C;IAC1C,KAAK,IAAI,aAAa;IAItB,uDAAuD;IACvD,WAAW,IAAI,QAAQ;IAIvB,0DAA0D;IAC1D,YAAY,IAAI,SAAS;YAIX,aAAa;YAwOb,gBAAgB;YAyFhB,mBAAmB;IA2FjC,OAAO,CAAC,gBAAgB;IA0BxB,OAAO,CAAC,eAAe;IAgBvB,2CAA2C;IAC3C,OAAO,CAAC,cAAc;IAOtB,sBAAsB;YACR,cAAc;IAmD5B,gCAAgC;IAChC,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,mBAAmB;IAY3B,OAAO,CAAC,mBAAmB;IAK3B,OAAO,CAAC,iBAAiB;IAczB,OAAO,CAAC,gBAAgB;IAiBxB,OAAO,CAAC,qBAAqB;IAM7B,OAAO,CAAC,YAAY;IAOpB,OAAO,CAAC,kBAAkB;IAU1B,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,qBAAqB;IAS7B,OAAO,CAAC,aAAa;IAUrB,OAAO,CAAC,iBAAiB;YAcX,kBAAkB;IA4ChC,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,iBAAiB;IAmBzB;;;;OAIG;IACH,OAAO,CAAC,WAAW;IAqBnB;;;OAGG;IACH,OAAO,CAAC,YAAY;IAUpB,8DAA8D;IAC9D,OAAO,CAAC,cAAc;IAkBtB,8CAA8C;IAC9C,OAAO,CAAC,SAAS;IAcjB,mEAAmE;IACnE,OAAO,CAAC,gBAAgB;IASxB,4EAA4E;IAC5E,OAAO,CAAC,cAAc;IAKtB,iDAAiD;IACjD,OAAO,CAAC,QAAQ;IAoBhB,sCAAsC;IACtC,OAAO,CAAC,QAAQ;CAIjB"}