@profullstack/threatcrush 0.1.0

package/src/core/state.ts

@@ -0,0 +1,146 @@
+import Database from 'better-sqlite3';
+import type { ThreatEvent } from '../types/events.js';
+
+let db: Database.Database | null = null;
+
+export function initStateDB(dbPath: string = '/var/lib/threatcrush/state.db'): Database.Database {
+  if (db) return db;
+
+  try {
+    db = new Database(dbPath);
+  } catch {
+    // Fall back to in-memory if we can't write to the path
+    db = new Database(':memory:');
+  }
+
+  db.pragma('journal_mode = WAL');
+
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS events (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      timestamp TEXT NOT NULL,
+      module TEXT NOT NULL,
+      category TEXT NOT NULL,
+      severity TEXT NOT NULL,
+      message TEXT NOT NULL,
+      source_ip TEXT,
+      details TEXT
+    );
+
+    CREATE TABLE IF NOT EXISTS module_state (
+      module TEXT NOT NULL,
+      key TEXT NOT NULL,
+      value TEXT,
+      PRIMARY KEY (module, key)
+    );
+
+    CREATE TABLE IF NOT EXISTS stats (
+      key TEXT PRIMARY KEY,
+      value TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_events_timestamp ON events(timestamp);
+    CREATE INDEX IF NOT EXISTS idx_events_module ON events(module);
+    CREATE INDEX IF NOT EXISTS idx_events_severity ON events(severity);
+    CREATE INDEX IF NOT EXISTS idx_events_source_ip ON events(source_ip);
+  `);
+
+  return db;
+}
+
+export function insertEvent(event: ThreatEvent): number {
+  const database = db || initStateDB();
+  const stmt = database.prepare(`
+    INSERT INTO events (timestamp, module, category, severity, message, source_ip, details)
+    VALUES (?, ?, ?, ?, ?, ?, ?)
+  `);
+  const result = stmt.run(
+    event.timestamp.toISOString(),
+    event.module,
+    event.category,
+    event.severity,
+    event.message,
+    event.source_ip || null,
+    event.details ? JSON.stringify(event.details) : null,
+  );
+  return result.lastInsertRowid as number;
+}
+
+export function getRecentEvents(limit: number = 50): ThreatEvent[] {
+  const database = db || initStateDB();
+  const rows = database.prepare(`
+    SELECT * FROM events ORDER BY timestamp DESC LIMIT ?
+  `).all(limit) as any[];
+  return rows.map(rowToEvent);
+}
+
+export function getEventCount(since?: Date): number {
+  const database = db || initStateDB();
+  if (since) {
+    return (database.prepare(`SELECT COUNT(*) as count FROM events WHERE timestamp >= ?`)
+      .get(since.toISOString()) as any).count;
+  }
+  return (database.prepare(`SELECT COUNT(*) as count FROM events`).get() as any).count;
+}
+
+export function getThreatCount(since?: Date): number {
+  const database = db || initStateDB();
+  const severities = "('medium','high','critical')";
+  if (since) {
+    return (database.prepare(
+      `SELECT COUNT(*) as count FROM events WHERE severity IN ${severities} AND timestamp >= ?`
+    ).get(since.toISOString()) as any).count;
+  }
+  return (database.prepare(
+    `SELECT COUNT(*) as count FROM events WHERE severity IN ${severities}`
+  ).get() as any).count;
+}
+
+export function getTopSources(limit: number = 10): Array<{ ip: string; count: number }> {
+  const database = db || initStateDB();
+  return database.prepare(`
+    SELECT source_ip as ip, COUNT(*) as count FROM events
+    WHERE source_ip IS NOT NULL
+    GROUP BY source_ip ORDER BY count DESC LIMIT ?
+  `).all(limit) as any[];
+}
+
+export function getModuleState(module: string, key: string): unknown {
+  const database = db || initStateDB();
+  const row = database.prepare(`SELECT value FROM module_state WHERE module = ? AND key = ?`)
+    .get(module, key) as any;
+  if (!row) return undefined;
+  try {
+    return JSON.parse(row.value);
+  } catch {
+    return row.value;
+  }
+}
+
+export function setModuleState(module: string, key: string, value: unknown): void {
+  const database = db || initStateDB();
+  database.prepare(`
+    INSERT OR REPLACE INTO module_state (module, key, value) VALUES (?, ?, ?)
+  `).run(module, key, JSON.stringify(value));
+}
+
+function rowToEvent(row: any): ThreatEvent {
+  return {
+    id: row.id,
+    timestamp: new Date(row.timestamp),
+    module: row.module,
+    category: row.category,
+    severity: row.severity,
+    message: row.message,
+    source_ip: row.source_ip,
+    details: row.details ? JSON.parse(row.details) : undefined,
+  };
+}
+
+export function closeDB(): void {
+  if (db) {
+    db.close();
+    db = null;
+  }
+}

package/src/index.ts

@@ -0,0 +1,114 @@
+#!/usr/bin/env node
+
+import { Command } from "commander";
+import chalk from "chalk";
+import readline from "readline";
+
+const LOGO = `
+${chalk.green("  ████████╗██╗  ██╗██████╗ ███████╗ █████╗ ████████╗")}
+${chalk.green("  ╚══██╔══╝██║  ██║██╔══██╗██╔════╝██╔══██╗╚══██╔══╝")}
+${chalk.green("     ██║   ███████║██████╔╝█████╗  ███████║   ██║   ")}
+${chalk.green("     ██║   ██╔══██║██╔══██╗██╔══╝  ██╔══██║   ██║   ")}
+${chalk.green("     ██║   ██║  ██║██║  ██║███████╗██║  ██║   ██║   ")}
+${chalk.green("     ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝   ╚═╝")}
+${chalk.dim("                    C R U S H")}
+`;
+
+const API_URL = process.env.THREATCRUSH_API_URL || "https://threatcrush.com";
+
+async function promptEmail(): Promise<string | null> {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(chalk.green("\n  Enter your email to continue: "), (answer) => {
+      rl.close();
+      resolve(answer.trim() || null);
+    });
+  });
+}
+
+async function joinWaitlist(email: string): Promise<{ referral_code?: string } | null> {
+  try {
+    const res = await fetch(`${API_URL}/api/waitlist`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email }),
+    });
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+
+async function emailGate(): Promise<boolean> {
+  console.log(LOGO);
+  console.log(chalk.yellow("  ⚡ Coming soon — ThreatCrush is in private beta.\n"));
+
+  const email = await promptEmail();
+  if (!email || !email.includes("@")) {
+    console.log(chalk.red("\n  Invalid email. Try again.\n"));
+    return false;
+  }
+
+  const result = await joinWaitlist(email);
+  if (result?.referral_code) {
+    console.log(chalk.green(`\n  ✓ You're on the list!`));
+    console.log(chalk.dim(`  Referral code: ${chalk.white(result.referral_code)}`));
+    console.log(chalk.dim(`  Share: ${API_URL}?ref=${result.referral_code}`));
+    console.log(chalk.green(`\n  🎁 Refer a friend → both get lifetime access for $249 (instead of $499)\n`));
+  } else {
+    console.log(chalk.green(`\n  ✓ Thanks! We'll notify you when ThreatCrush launches.\n`));
+  }
+
+  return true;
+}
+
+const program = new Command();
+
+program
+  .name("threatcrush")
+  .description("All-in-one security agent — monitor, detect, scan, protect")
+  .version("0.1.0");
+
+// Every command goes through email gate for now
+const gatedCommand = (name: string, desc: string) => {
+  program.command(name).description(desc).action(async () => {
+    await emailGate();
+  });
+};
+
+gatedCommand("monitor", "Real-time security monitoring (all ports, all protocols)");
+gatedCommand("tui", "Interactive security dashboard (htop for security)");
+gatedCommand("init", "Auto-detect services and configure ThreatCrush");
+gatedCommand("scan", "Scan codebase for vulnerabilities and secrets");
+gatedCommand("pentest", "Penetration test URLs and APIs");
+gatedCommand("status", "Show daemon status and loaded modules");
+gatedCommand("start", "Start the ThreatCrush daemon");
+gatedCommand("stop", "Stop the ThreatCrush daemon");
+gatedCommand("logs", "Tail daemon logs");
+gatedCommand("update", "Update CLI and all installed modules");
+gatedCommand("activate", "Activate your license key");
+
+program
+  .command("modules")
+  .description("Manage security modules")
+  .argument("[action]", "list | install | remove | available")
+  .argument("[name]", "module name")
+  .action(async () => {
+    await emailGate();
+  });
+
+program
+  .command("store")
+  .description("Browse the module marketplace")
+  .argument("[action]", "search | info | publish")
+  .argument("[query]", "search query or module name")
+  .action(async () => {
+    await emailGate();
+  });
+
+// Default action (no command)
+program.action(async () => {
+  await emailGate();
+});
+
+program.parse();

package/src/types/config.ts

@@ -0,0 +1,63 @@
+export interface DaemonConfig {
+  pid_file: string;
+  log_level: 'debug' | 'info' | 'warn' | 'error';
+  log_file: string;
+  state_db: string;
+}
+
+export interface ApiConfig {
+  enabled: boolean;
+  bind: string;
+  tls: boolean;
+}
+
+export interface AlertChannelConfig {
+  enabled: boolean;
+  [key: string]: unknown;
+}
+
+export interface ModulesConfig {
+  auto_update: boolean;
+  update_interval: string;
+  module_dir: string;
+  config_dir: string;
+}
+
+export interface ThreatCrushConfig {
+  daemon: DaemonConfig;
+  api: ApiConfig;
+  alerts: Record<string, AlertChannelConfig>;
+  modules: ModulesConfig;
+  license?: {
+    key_file?: string;
+    key?: string;
+  };
+}
+
+export interface ModuleManifest {
+  module: {
+    name: string;
+    version: string;
+    description: string;
+    author: string;
+    license: string;
+    homepage?: string;
+    pricing?: {
+      type: 'free' | 'paid' | 'freemium';
+      price_usd?: number;
+    };
+    requirements?: {
+      threatcrush?: string;
+      os?: string[];
+      capabilities?: string[];
+    };
+    config?: {
+      defaults?: Record<string, unknown>;
+    };
+  };
+}
+
+export interface ModuleConfig {
+  enabled: boolean;
+  [key: string]: unknown;
+}

package/src/types/events.ts

@@ -0,0 +1,54 @@
+export type EventSeverity = 'info' | 'low' | 'medium' | 'high' | 'critical';
+export type EventCategory = 'auth' | 'web' | 'network' | 'system' | 'scan' | 'pentest';
+
+export interface ThreatEvent {
+  id?: number;
+  timestamp: Date;
+  module: string;
+  category: EventCategory;
+  severity: EventSeverity;
+  message: string;
+  source_ip?: string;
+  details?: Record<string, unknown>;
+}
+
+export interface ParsedLogLine {
+  timestamp: Date;
+  raw: string;
+  source: string;
+  fields: Record<string, string>;
+}
+
+export interface NginxLogEntry extends ParsedLogLine {
+  source: 'nginx';
+  fields: {
+    ip: string;
+    method: string;
+    path: string;
+    status: string;
+    size: string;
+    user_agent: string;
+    [key: string]: string;
+  };
+}
+
+export interface AuthLogEntry extends ParsedLogLine {
+  source: 'auth';
+  fields: {
+    process: string;
+    message: string;
+    ip?: string;
+    user?: string;
+    [key: string]: string;
+  };
+}
+
+export interface SyslogEntry extends ParsedLogLine {
+  source: 'syslog';
+  fields: {
+    facility: string;
+    process: string;
+    message: string;
+    [key: string]: string;
+  };
+}

package/src/types/module.ts

@@ -0,0 +1,42 @@
+import type { ThreatEvent } from './events.js';
+import type { ModuleConfig } from './config.js';
+
+export interface ModuleContext {
+  config: ModuleConfig;
+  logger: ModuleLogger;
+  emit: (event: ThreatEvent) => void;
+  getState: (key: string) => unknown;
+  setState: (key: string, value: unknown) => void;
+}
+
+export interface ModuleLogger {
+  debug: (msg: string, ...args: unknown[]) => void;
+  info: (msg: string, ...args: unknown[]) => void;
+  warn: (msg: string, ...args: unknown[]) => void;
+  error: (msg: string, ...args: unknown[]) => void;
+}
+
+export interface ThreatCrushModule {
+  name: string;
+  version: string;
+  description?: string;
+
+  init(ctx: ModuleContext): Promise<void>;
+  start(): Promise<void>;
+  stop(): Promise<void>;
+  onEvent?(event: ThreatEvent): Promise<void>;
+}
+
+export interface LoadedModule {
+  manifest: {
+    name: string;
+    version: string;
+    description: string;
+    author: string;
+  };
+  config: ModuleConfig;
+  instance?: ThreatCrushModule;
+  status: 'loaded' | 'running' | 'stopped' | 'error';
+  eventCount: number;
+  path: string;
+}

package/tsconfig.json

@@ -0,0 +1,19 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "outDir": "dist",
+    "rootDir": "src",
+    "declaration": true,
+    "resolveJsonModule": true,
+    "sourceMap": true,
+    "types": ["node"]
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

package/tsup.config.ts

@@ -0,0 +1,16 @@
+import { defineConfig } from 'tsup';
+
+export default defineConfig({
+  entry: ['src/index.ts'],
+  format: ['cjs'],
+  target: 'node20',
+  platform: 'node',
+  outDir: 'dist',
+  clean: true,
+  splitting: false,
+  sourcemap: true,
+  dts: false,
+
+  external: ['better-sqlite3', 'blessed', 'blessed-contrib'],
+  noExternal: ['chalk', 'ora', '@iarna/toml', 'commander'],
+});