@panguard-ai/threat-cloud 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. package/dist/admin-dashboard.d.ts +11 -0
  2. package/dist/admin-dashboard.d.ts.map +1 -0
  3. package/dist/admin-dashboard.js +482 -0
  4. package/dist/admin-dashboard.js.map +1 -0
  5. package/dist/backup.d.ts +40 -0
  6. package/dist/backup.d.ts.map +1 -0
  7. package/dist/backup.js +123 -0
  8. package/dist/backup.js.map +1 -0
  9. package/dist/cli.js +24 -64
  10. package/dist/cli.js.map +1 -1
  11. package/dist/database.d.ts +78 -37
  12. package/dist/database.d.ts.map +1 -1
  13. package/dist/database.js +590 -324
  14. package/dist/database.js.map +1 -1
  15. package/dist/index.d.ts +4 -10
  16. package/dist/index.d.ts.map +1 -1
  17. package/dist/index.js +2 -9
  18. package/dist/index.js.map +1 -1
  19. package/dist/llm-reviewer.d.ts +47 -0
  20. package/dist/llm-reviewer.d.ts.map +1 -0
  21. package/dist/llm-reviewer.js +203 -0
  22. package/dist/llm-reviewer.js.map +1 -0
  23. package/dist/server.d.ts +56 -63
  24. package/dist/server.d.ts.map +1 -1
  25. package/dist/server.js +525 -635
  26. package/dist/server.js.map +1 -1
  27. package/dist/types.d.ts +71 -301
  28. package/dist/types.d.ts.map +1 -1
  29. package/package.json +20 -18
  30. package/LICENSE +0 -21
  31. package/dist/audit-logger.d.ts +0 -46
  32. package/dist/audit-logger.d.ts.map +0 -1
  33. package/dist/audit-logger.js +0 -105
  34. package/dist/audit-logger.js.map +0 -1
  35. package/dist/correlation-engine.d.ts +0 -41
  36. package/dist/correlation-engine.d.ts.map +0 -1
  37. package/dist/correlation-engine.js +0 -313
  38. package/dist/correlation-engine.js.map +0 -1
  39. package/dist/feed-distributor.d.ts +0 -36
  40. package/dist/feed-distributor.d.ts.map +0 -1
  41. package/dist/feed-distributor.js +0 -125
  42. package/dist/feed-distributor.js.map +0 -1
  43. package/dist/ioc-store.d.ts +0 -83
  44. package/dist/ioc-store.d.ts.map +0 -1
  45. package/dist/ioc-store.js +0 -278
  46. package/dist/ioc-store.js.map +0 -1
  47. package/dist/query-handlers.d.ts +0 -40
  48. package/dist/query-handlers.d.ts.map +0 -1
  49. package/dist/query-handlers.js +0 -211
  50. package/dist/query-handlers.js.map +0 -1
  51. package/dist/reputation-engine.d.ts +0 -44
  52. package/dist/reputation-engine.d.ts.map +0 -1
  53. package/dist/reputation-engine.js +0 -169
  54. package/dist/reputation-engine.js.map +0 -1
  55. package/dist/rule-generator.d.ts +0 -47
  56. package/dist/rule-generator.d.ts.map +0 -1
  57. package/dist/rule-generator.js +0 -238
  58. package/dist/rule-generator.js.map +0 -1
  59. package/dist/scheduler.d.ts +0 -52
  60. package/dist/scheduler.d.ts.map +0 -1
  61. package/dist/scheduler.js +0 -143
  62. package/dist/scheduler.js.map +0 -1
  63. package/dist/sighting-store.d.ts +0 -61
  64. package/dist/sighting-store.d.ts.map +0 -1
  65. package/dist/sighting-store.js +0 -191
  66. package/dist/sighting-store.js.map +0 -1
package/dist/sighting-store.js DELETED
@@ -1,191 +0,0 @@
1
- /**
2
- * Sighting Store — IoC observation tracking with learning feedback
3
- * 觀測儲存 — IoC 觀測追蹤與學習回饋
4
- *
5
- * When agents (Guard/Trap) report threats that match existing IoCs,
6
- * sightings are created and feed back into the reputation engine.
7
- * Positive sightings boost confidence; false positives flag for review.
8
- *
9
- * @module @panguard-ai/threat-cloud/sighting-store
10
- */
11
- function rowToRecord(row) {
12
- return {
13
- id: row.id,
14
- iocId: row.ioc_id,
15
- type: row.type,
16
- source: row.source,
17
- confidence: row.confidence,
18
- details: row.details,
19
- actorHash: row.actor_hash,
20
- createdAt: row.created_at,
21
- };
22
- }
23
- /** Confidence adjustment per sighting type */
24
- const CONFIDENCE_DELTA = {
25
- positive: 5,
26
- negative: -10,
27
- false_positive: -25,
28
- };
29
- export class SightingStore {
30
- db;
31
- constructor(db) {
32
- this.db = db;
33
- }
34
- /**
35
- * Record a new sighting for an IoC.
36
- * Updates the IoC's confidence and status based on sighting type.
37
- * 記錄新的觀測,根據觀測類型更新 IoC 信心度和狀態
38
- */
39
- createSighting(input, actorHash = '') {
40
- const sightingConfidence = input.confidence ?? 50;
41
- const result = this.db
42
- .prepare(`INSERT INTO sightings (ioc_id, type, source, confidence, details, actor_hash)
43
- VALUES (?, ?, ?, ?, ?, ?)`)
44
- .run(input.iocId, input.type, input.source, sightingConfidence, input.details ?? '', actorHash);
45
- // Apply feedback to the IoC
46
- this.applyFeedback(input.iocId, input.type, sightingConfidence);
47
- return this.getSightingById(Number(result.lastInsertRowid));
48
- }
49
- /**
50
- * Auto-create a positive sighting when agent data matches an existing IoC.
51
- * Called from threat/trap-intel upload handlers.
52
- * 當 Agent 資料匹配現有 IoC 時自動建立正面觀測
53
- */
54
- recordAgentMatch(iocId, source, actorHash = '') {
55
- return this.createSighting({
56
- iocId,
57
- type: 'positive',
58
- source: `agent:${source}`,
59
- confidence: source === 'trap' ? 70 : 55,
60
- details: `Auto-sighting from ${source} agent match`,
61
- }, actorHash);
62
- }
63
- /**
64
- * Record cross-source correlation: same IoC seen by both Guard and Trap.
65
- * Gives a larger confidence boost than single-source sightings.
66
- * 跨來源關聯:同一 IoC 被 Guard 和 Trap 同時看到時,信心度提升更大
67
- */
68
- recordCrossSourceMatch(iocId, actorHash = '') {
69
- // Check if we already have sightings from both guard and trap
70
- const sources = this.db
71
- .prepare(`SELECT DISTINCT source FROM sightings
72
- WHERE ioc_id = ? AND type = 'positive' AND source LIKE 'agent:%'`)
73
- .all(iocId);
74
- const hasGuard = sources.some((s) => s.source === 'agent:guard');
75
- const hasTrap = sources.some((s) => s.source === 'agent:trap');
76
- if (hasGuard && hasTrap) {
77
- // Already have cross-source — check if we already recorded this
78
- const existing = this.db
79
- .prepare(`SELECT id FROM sightings
80
- WHERE ioc_id = ? AND source = 'cross-source-correlation'
81
- AND created_at > datetime('now', '-1 day')`)
82
- .get(iocId);
83
- if (existing)
84
- return null;
85
- return this.createSighting({
86
- iocId,
87
- type: 'positive',
88
- source: 'cross-source-correlation',
89
- confidence: 85,
90
- details: 'Confirmed by both Guard and Trap agents',
91
- }, actorHash);
92
- }
93
- return null;
94
- }
95
- /**
96
- * Get sightings for an IoC / 取得 IoC 的觀測記錄
97
- */
98
- getSightingsForIoC(iocId, pagination) {
99
- const safePage = Math.max(1, pagination.page);
100
- const safeLimit = Math.min(Math.max(1, pagination.limit), 500);
101
- const offset = (safePage - 1) * safeLimit;
102
- const total = this.db.prepare('SELECT COUNT(*) as count FROM sightings WHERE ioc_id = ?').get(iocId).count;
103
- const rows = this.db
104
- .prepare(`SELECT * FROM sightings WHERE ioc_id = ?
105
- ORDER BY created_at DESC LIMIT ? OFFSET ?`)
106
- .all(iocId, safeLimit, offset);
107
- return {
108
- items: rows.map(rowToRecord),
109
- total,
110
- page: safePage,
111
- limit: safeLimit,
112
- hasMore: offset + safeLimit < total,
113
- };
114
- }
115
- /**
116
- * Get sighting summary for an IoC / 取得 IoC 的觀測摘要
117
- */
118
- getSightingSummary(iocId) {
119
- const row = this.db
120
- .prepare(`SELECT
121
- COUNT(*) as total,
122
- SUM(CASE WHEN type = 'positive' THEN 1 ELSE 0 END) as positive,
123
- SUM(CASE WHEN type = 'negative' THEN 1 ELSE 0 END) as negative,
124
- SUM(CASE WHEN type = 'false_positive' THEN 1 ELSE 0 END) as false_positive,
125
- COUNT(DISTINCT source) as unique_sources,
126
- MAX(created_at) as last_seen
127
- FROM sightings WHERE ioc_id = ?`)
128
- .get(iocId);
129
- return {
130
- total: row.total,
131
- positive: row.positive,
132
- negative: row.negative,
133
- falsePositive: row.false_positive,
134
- uniqueSources: row.unique_sources,
135
- lastSeen: row.last_seen,
136
- };
137
- }
138
- /**
139
- * Get recent sighting count within time window / 取得時間窗口內的近期觀測數量
140
- */
141
- getRecentSightingCount(iocId, windowHours = 24) {
142
- return this.db
143
- .prepare(`SELECT COUNT(*) as count FROM sightings
144
- WHERE ioc_id = ? AND created_at > datetime('now', '-' || ? || ' hours')`)
145
- .get(iocId, windowHours).count;
146
- }
147
- /** Get sighting by ID */
148
- getSightingById(id) {
149
- const row = this.db.prepare('SELECT * FROM sightings WHERE id = ?').get(id);
150
- return row ? rowToRecord(row) : null;
151
- }
152
- /**
153
- * Apply sighting feedback to IoC confidence and status.
154
- * 將觀測回饋套用到 IoC 的信心度和狀態
155
- */
156
- applyFeedback(iocId, type, _sightingConfidence) {
157
- const delta = CONFIDENCE_DELTA[type];
158
- if (type === 'false_positive') {
159
- // Mark IoC as under review and reduce confidence
160
- this.db
161
- .prepare(`UPDATE iocs SET
162
- status = 'under_review',
163
- confidence = MAX(0, MIN(100, confidence + ?)),
164
- updated_at = datetime('now')
165
- WHERE id = ? AND status != 'revoked'`)
166
- .run(delta, iocId);
167
- }
168
- else if (type === 'positive') {
169
- // Boost confidence and update last_seen
170
- this.db
171
- .prepare(`UPDATE iocs SET
172
- confidence = MAX(0, MIN(100, confidence + ?)),
173
- sightings = sightings + 1,
174
- last_seen = datetime('now'),
175
- status = CASE WHEN status = 'expired' THEN 'active' ELSE status END,
176
- updated_at = datetime('now')
177
- WHERE id = ?`)
178
- .run(delta, iocId);
179
- }
180
- else {
181
- // Negative sighting: reduce confidence
182
- this.db
183
- .prepare(`UPDATE iocs SET
184
- confidence = MAX(0, MIN(100, confidence + ?)),
185
- updated_at = datetime('now')
186
- WHERE id = ?`)
187
- .run(delta, iocId);
188
- }
189
- }
190
- }
191
- //# sourceMappingURL=sighting-store.js.map
package/dist/sighting-store.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"sighting-store.js","sourceRoot":"","sources":["../src/sighting-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAuBH,SAAS,WAAW,CAAC,GAAgB;IACnC,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,KAAK,EAAE,GAAG,CAAC,MAAM;QACjB,IAAI,EAAE,GAAG,CAAC,IAAoB;QAC9B,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,SAAS,EAAE,GAAG,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,8CAA8C;AAC9C,MAAM,gBAAgB,GAAiC;IACrD,QAAQ,EAAE,CAAC;IACX,QAAQ,EAAE,CAAC,EAAE;IACb,cAAc,EAAE,CAAC,EAAE;CACpB,CAAC;AAEF,MAAM,OAAO,aAAa;IACK;IAA7B,YAA6B,EAAqB;QAArB,OAAE,GAAF,EAAE,CAAmB;IAAG,CAAC;IAEtD;;;;OAIG;IACH,cAAc,CAAC,KAAoB,EAAE,SAAS,GAAG,EAAE;QACjD,MAAM,kBAAkB,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;QAElD,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CACN;mCAC2B,CAC5B;aACA,GAAG,CACF,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,MAAM,EACZ,kBAAkB,EAClB,KAAK,CAAC,OAAO,IAAI,EAAE,EACnB,SAAS,CACV,CAAC;QAEJ,4BAA4B;QAC5B,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAE,CAAC;IAC/D,CAAC;IAED;;;;OAIG;IACH,gBAAgB,CAAC,KAAa,EAAE,MAAwB,EAAE,SAAS,GAAG,EAAE;QACtE,OAAO,IAAI,CAAC,cAAc,CACxB;YACE,KAAK;YACL,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,SAAS,MAAM,EAAE;YACzB,UAAU,EAAE,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;YACvC,OAAO,EAAE,sBAAsB,MAAM,cAAc;SACpD,EACD,SAAS,CACV,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,sBAAsB,CAAC,KAAa,EAAE,SAAS,GAAG,EAAE;QAClD,8DAA8D;QAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE;aACpB,OAAO,CACN;0EACkE,CACnE;aACA,GAAG,CAAC,KAAK,CAA8B,CAAC;QAE3C,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC;QACjE,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC;QAE/D,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;YACxB,gEAAgE;YAChE,MAAM,QAAQ,GAAG,IAAI,CAAC,EAAE;iBACrB,OAAO,CACN;;sDAE4C,CAC7C;iBACA,GAAG,CAAC,KAAK,CAA+B,CAAC;YAE5C,IAAI,QAAQ;gBAAE,OAAO,IAAI,CAAC;YAE1B,OAAO,IAAI,CAAC,cAAc,CACxB;gBACE,KAAK;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,0BAA0B;gBAClC,UAAU,EAAE,EAAE;gBACd,OAAO,EAAE,yCAAyC;aACnD,EACD,SAAS,CACV,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,kBAAkB,CAChB,KAAa,EACb,UAA4B;QAE5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC;QAE1C,MAAM,KAAK,GACT,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,0DAA0D,CAAC,CAAC,GAAG,CAAC,KAAK,CAGtF,CAAC,KAAK,CAAC;QAER,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;mDAC2C,CAC5C;aACA,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,CAAkB,CAAC;QAElD,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;YAC5B,KAAK;YACL,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,MAAM,GAAG,SAAS,GAAG,KAAK;SACpC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,KAAa;QAQ9B,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CACN;;;;;;;wCAOgC,CACjC;aACA,GAAG,CAAC,KAAK,CAOX,CAAC;QAEF,OAAO;YACL,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,aAAa,EAAE,GAAG,CAAC,cAAc;YACjC,aAAa,EAAE,GAAG,CAAC,cAAc;YACjC,QAAQ,EAAE,GAAG,CAAC,SAAS;SACxB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,KAAa,EAAE,WAAW,GAAG,EAAE;QACpD,OACE,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;mFACyE,CAC1E;aACA,GAAG,CAAC,KAAK,EAAE,WAAW,CAC1B,CAAC,KAAK,CAAC;IACV,CAAC;IAED,yBAAyB;IACjB,eAAe,CAAC,EAAU;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,sCAAsC,CAAC,CAAC,GAAG,CAAC,EAAE,CAE7D,CAAC;QACd,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvC,CAAC;IAED;;;OAGG;IACK,aAAa,CAAC,KAAa,EAAE,IAAkB,EAAE,mBAA2B;QAClF,MAAM,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAErC,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC9B,iDAAiD;YACjD,IAAI,CAAC,EAAE;iBACJ,OAAO,CACN;;;;+CAIqC,CACtC;iBACA,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACvB,CAAC;aAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;YAC/B,wCAAwC;YACxC,IAAI,CAAC,EAAE;iBACJ,OAAO,CACN;;;;;;uBAMa,CACd;iBACA,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,uCAAuC;YACvC,IAAI,CAAC,EAAE;iBACJ,OAAO,CACN;;;uBAGa,CACd;iBACA,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;CACF"}