npm - @titanshield/core - Versions diffs - 0.1.0 - Mend

@titanshield/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/dist/nlrules.js ADDED Viewed

@@ -0,0 +1,232 @@
+"use strict";
+// ══════════════════════════════════════════════════════════════════════════════
+// TitanShieldAI — nlrules.ts
+//
+// WORLD'S FIRST: Natural Language Security Rules
+//
+// Write security rules in plain English. AI converts them to running code.
+// No other security tool on earth does this.
+//
+// Examples:
+//   "Block all logins from Russia after 10pm"
+//   "Lock any account after 3 failed attempts"
+//   "Alert me when someone exports more than 1000 records"
+//   "Require multi-factor auth for all admin users"
+//   "Block requests with more than 5 different user agents per hour"
+//
+// The AI (Gemini) parses the English, extracts structured intent,
+// compiles it to a TitanShield Rule, and starts enforcing it immediately.
+//
+// No engineers needed. No docs to read. No configuration files.
+// Just say what you want. TitanShield does it.
+// ══════════════════════════════════════════════════════════════════════════════
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NaturalLanguageRuleParser = void 0;
+const generative_ai_1 = require("@google/generative-ai");
+// ── NaturalLanguageRuleParser ─────────────────────────────────────────────────
+class NaturalLanguageRuleParser {
+    constructor(geminiApiKey) {
+        this.ai = null;
+        this.rules = [];
+        if (geminiApiKey) {
+            this.ai = new generative_ai_1.GoogleGenerativeAI(geminiApiKey);
+        }
+    }
+    /**
+     * Parse a natural language security rule into a structured TitanShield rule.
+     * Uses Gemini to understand intent, then compiles to an active rule.
+     *
+     * @example
+     * const rule = await parser.parse("Block all logins from Russia after 10pm");
+     * // → { conditions: [{type:'geo_country', value:'RU'}, {type:'time_window', value:'22:00'}], action:'block' }
+     */
+    async parse(text) {
+        const id = `rule_${Date.now()}_${Math.random().toString(36).slice(2, 6)}`;
+        let parsed;
+        if (this.ai) {
+            parsed = await this.parseWithAI(text, id);
+        }
+        else {
+            parsed = this.parseWithHeuristics(text, id);
+        }
+        const rule = {
+            id,
+            originalText: text,
+            conditions: parsed.conditions ?? [{ type: 'always' }],
+            action: parsed.action ?? 'alert',
+            severity: parsed.severity ?? 'warning',
+            message: parsed.message ?? `Rule: ${text}`,
+            confidence: parsed.confidence ?? 'medium',
+            createdAt: new Date(),
+            active: true,
+            triggerCount: 0,
+        };
+        this.rules.push(rule);
+        console.log(`[TitanShield NL] ✅ Rule compiled: "${text}" → ${rule.action} (${rule.confidence} confidence)`);
+        return rule;
+    }
+    async parseWithAI(text, id) {
+        const model = this.ai.getGenerativeModel({ model: 'gemini-2.5-flash' });
+        const prompt = `You are a security rule compiler for TitanShieldAI.
+Parse this natural language security rule into structured JSON.
+Rule: "${text}"
+Return ONLY a valid JSON object with this exact structure:
+{
+  "conditions": [
+    {
+      "type": "geo_country|time_window|event_type|failure_count|data_volume|user_role|ip_reputation|new_device|rate_threshold|user_agent_diversity|always",
+      "value": "the value to compare (string, number, or array of strings)",
+      "operator": "gt|lt|eq|in|not_in|after|before|between",
+      "window": (optional milliseconds for time windows)
+    }
+  ],
+  "action": "block|alert|log|lockout|require_mfa|rate_limit|flag",
+  "severity": "info|warning|critical",
+  "message": "Plain English: what this rule does and why. Start with an emoji.",
+  "confidence": "high|medium|low"
+}
+Country codes: US, RU, CN, KP, IR, etc.
+Event types: user.login, user.login_failed, user.logout, data.export, data.read, admin.settings_changed
+Time format for time_window values: "HH:MM" in 24h format
+Be creative and thorough. Extract ALL conditions from the rule text.`;
+        try {
+            const result = await model.generateContent(prompt);
+            const raw = result.response.text().replace(/```json\n?|```/g, '').trim();
+            return JSON.parse(raw);
+        }
+        catch {
+            return this.parseWithHeuristics(text, id);
+        }
+    }
+    parseWithHeuristics(text, _id) {
+        const lower = text.toLowerCase();
+        const conditions = [];
+        // Geo detection
+        const countries = {
+            'russia': 'RU', 'china': 'CN', 'north korea': 'KP', 'iran': 'IR',
+            'nigeria': 'NG', 'usa': 'US', 'india': 'IN', 'brazil': 'BR',
+        };
+        for (const [name, code] of Object.entries(countries)) {
+            if (lower.includes(name)) {
+                conditions.push({ type: 'geo_country', value: code, operator: 'eq' });
+            }
+        }
+        // Time detection
+        const timeMatch = lower.match(/after\s+(\d{1,2})(pm|am)/);
+        if (timeMatch) {
+            let hour = parseInt(timeMatch[1]);
+            if (timeMatch[2] === 'pm' && hour !== 12)
+                hour += 12;
+            conditions.push({ type: 'time_window', value: `${String(hour).padStart(2, '0')}:00`, operator: 'after' });
+        }
+        // Event detection
+        if (lower.includes('login'))
+            conditions.push({ type: 'event_type', value: 'user.login' });
+        if (lower.includes('export'))
+            conditions.push({ type: 'event_type', value: 'data.export' });
+        if (lower.includes('admin'))
+            conditions.push({ type: 'user_role', value: 'admin', operator: 'eq' });
+        // Failure count
+        const failMatch = lower.match(/(\d+)\s+failed/);
+        if (failMatch) {
+            conditions.push({ type: 'failure_count', value: parseInt(failMatch[1]), operator: 'gt', window: 300000 });
+        }
+        // Action detection
+        let action = 'alert';
+        if (lower.includes('block') || lower.includes('deny'))
+            action = 'block';
+        else if (lower.includes('lock'))
+            action = 'lockout';
+        else if (lower.includes('mfa') || lower.includes('multi-factor'))
+            action = 'require_mfa';
+        else if (lower.includes('alert') || lower.includes('notify'))
+            action = 'alert';
+        return {
+            conditions: conditions.length > 0 ? conditions : [{ type: 'always' }],
+            action,
+            severity: action === 'block' || action === 'lockout' ? 'critical' : 'warning',
+            message: `🛡️ NL Rule: ${text}`,
+            confidence: 'medium',
+        };
+    }
+    /**
+     * Evaluate all active rules against an incoming request context.
+     * Returns list of matching rules with their required actions.
+     */
+    evaluate(ctx) {
+        const matches = [];
+        const now = new Date();
+        const currentHour = now.getHours();
+        const currentMinute = now.getMinutes();
+        for (const rule of this.rules.filter(r => r.active)) {
+            const matched = rule.conditions.every(cond => this.evaluateCondition(cond, ctx, currentHour, currentMinute));
+            if (matched) {
+                rule.triggerCount++;
+                matches.push({
+                    rule,
+                    action: rule.action,
+                    message: `🛡️ Rule triggered: "${rule.originalText}" → ${rule.action.toUpperCase()}`,
+                    blocked: rule.action === 'block' || rule.action === 'lockout',
+                });
+            }
+        }
+        return matches;
+    }
+    evaluateCondition(cond, ctx, hour, _minute) {
+        switch (cond.type) {
+            case 'always': return true;
+            case 'geo_country':
+                return ctx.country === cond.value;
+            case 'time_window':
+                if (typeof cond.value === 'string') {
+                    const [h] = cond.value.split(':').map(Number);
+                    if (cond.operator === 'after')
+                        return hour >= h;
+                    if (cond.operator === 'before')
+                        return hour < h;
+                }
+                return false;
+            case 'event_type':
+                return ctx.event === cond.value || (Array.isArray(cond.value) && cond.value.includes(ctx.event));
+            case 'failure_count':
+                return typeof cond.value === 'number' && (ctx.failedLoginCount ?? 0) >= cond.value;
+            case 'data_volume':
+                return typeof cond.value === 'number' && (ctx.dataVolumeAccessed ?? 0) >= cond.value;
+            case 'user_role':
+                return ctx.userRole === cond.value;
+            case 'rate_threshold':
+                return typeof cond.value === 'number' && (ctx.recentEventCount ?? 0) >= cond.value;
+            case 'new_device':
+                return ctx.metadata?.newDevice === true;
+            case 'user_agent_diversity':
+                return typeof cond.value === 'number' && (ctx.uniqueUserAgents ?? 0) >= cond.value;
+            default: return false;
+        }
+    }
+    /** Get all active rules with their trigger counts */
+    getRules() { return [...this.rules]; }
+    /** Enable/disable a rule by ID */
+    setActive(ruleId, active) {
+        const rule = this.rules.find(r => r.id === ruleId);
+        if (rule) {
+            rule.active = active;
+            return true;
+        }
+        return false;
+    }
+    /** Delete a rule by ID */
+    deleteRule(ruleId) {
+        const idx = this.rules.findIndex(r => r.id === ruleId);
+        if (idx >= 0) {
+            this.rules.splice(idx, 1);
+            return true;
+        }
+        return false;
+    }
+}
+exports.NaturalLanguageRuleParser = NaturalLanguageRuleParser;
+//# sourceMappingURL=nlrules.js.map

package/dist/nlrules.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"nlrules.js","sourceRoot":"","sources":["../src/nlrules.ts"],"names":[],"mappings":";AAAA,iFAAiF;AACjF,6BAA6B;AAC7B,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,2EAA2E;AAC3E,6CAA6C;AAC7C,EAAE;AACF,YAAY;AACZ,8CAA8C;AAC9C,+CAA+C;AAC/C,2DAA2D;AAC3D,oDAAoD;AACpD,qEAAqE;AACrE,EAAE;AACF,kEAAkE;AAClE,0EAA0E;AAC1E,EAAE;AACF,gEAAgE;AAChE,+CAA+C;AAC/C,iFAAiF;;;AAEjF,yDAA2D;AA2D3D,iFAAiF;AACjF,MAAa,yBAAyB;IAIlC,YAAY,YAAqB;QAHzB,OAAE,GAA8B,IAAI,CAAC;QACrC,UAAK,GAAa,EAAE,CAAC;QAGzB,IAAI,YAAY,EAAE,CAAC;YACf,IAAI,CAAC,EAAE,GAAG,IAAI,kCAAkB,CAAC,YAAY,CAAC,CAAC;QACnD,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,KAAK,CAAC,IAAY;QACpB,MAAM,EAAE,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAE1E,IAAI,MAAuB,CAAC;QAE5B,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YACV,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACJ,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,IAAI,GAAW;YACjB,EAAE;YACF,YAAY,EAAE,IAAI;YAClB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;YACrD,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,OAAO;YAChC,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS;YACtC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS,IAAI,EAAE;YAC1C,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;YACzC,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,MAAM,EAAE,IAAI;YACZ,YAAY,EAAE,CAAC;SAClB,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,sCAAsC,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,cAAc,CAAC,CAAC;QAC5G,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,IAAY,EAAE,EAAU;QAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,EAAG,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAEzE,MAAM,MAAM,GAAG;;;SAGd,IAAI;;;;;;;;;;;;;;;;;;;;;;qEAsBwD,CAAC;QAE9D,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACnD,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACzE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;IAEO,mBAAmB,CAAC,IAAY,EAAE,GAAW;QACjD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,MAAM,UAAU,GAAoB,EAAE,CAAC;QAEvC,gBAAgB;QAChB,MAAM,SAAS,GAA2B;YACtC,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;YAChE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI;SAC9D,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YACnD,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1E,CAAC;QACL,CAAC;QAED,iBAAiB;QACjB,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC1D,IAAI,SAAS,EAAE,CAAC;YACZ,IAAI,IAAI,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,IAAI,KAAK,EAAE;gBAAE,IAAI,IAAI,EAAE,CAAC;YACrD,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC9G,CAAC;QAED,kBAAkB;QAClB,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;QAC1F,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,CAAC;QAC5F,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpG,gBAAgB;QAChB,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAChD,IAAI,SAAS,EAAE,CAAC;YACZ,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAO,EAAE,CAAC,CAAC;QAC/G,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,GAAe,OAAO,CAAC;QACjC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,MAAM,GAAG,OAAO,CAAC;aACnE,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,MAAM,GAAG,SAAS,CAAC;aAC/C,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC;YAAE,MAAM,GAAG,aAAa,CAAC;aACpF,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,MAAM,GAAG,OAAO,CAAC;QAE/E,OAAO;YACH,UAAU,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;YACrE,MAAM;YACN,QAAQ,EAAE,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;YAC7E,OAAO,EAAE,gBAAgB,IAAI,EAAE;YAC/B,UAAU,EAAE,QAAQ;SACvB,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,GAA0B;QAC/B,MAAM,OAAO,GAAgB,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACnC,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC;QAEvC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,GAAG,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC;YAE7G,IAAI,OAAO,EAAE,CAAC;gBACV,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC;oBACT,IAAI;oBACJ,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,OAAO,EAAE,wBAAwB,IAAI,CAAC,YAAY,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE;oBACpF,OAAO,EAAE,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS;iBAChE,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IACnB,CAAC;IAEO,iBAAiB,CACrB,IAAmB,EACnB,GAA0B,EAC1B,IAAY,EACZ,OAAe;QAEf,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAChB,KAAK,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC;YAC3B,KAAK,aAAa;gBACd,OAAO,GAAG,CAAC,OAAO,KAAK,IAAI,CAAC,KAAK,CAAC;YACtC,KAAK,aAAa;gBACd,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACjC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC9C,IAAI,IAAI,CAAC,QAAQ,KAAK,OAAO;wBAAE,OAAO,IAAI,IAAI,CAAC,CAAC;oBAChD,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ;wBAAE,OAAO,IAAI,GAAG,CAAC,CAAC;gBACpD,CAAC;gBACD,OAAO,KAAK,CAAC;YACjB,KAAK,YAAY;gBACb,OAAO,GAAG,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;YACrG,KAAK,eAAe;gBAChB,OAAO,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC;YACvF,KAAK,aAAa;gBACd,OAAO,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,kBAAkB,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC;YACzF,KAAK,WAAW;gBACZ,OAAO,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC;YACvC,KAAK,gBAAgB;gBACjB,OAAO,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC;YACvF,KAAK,YAAY;gBACb,OAAO,GAAG,CAAC,QAAQ,EAAE,SAAS,KAAK,IAAI,CAAC;YAC5C,KAAK,sBAAsB;gBACvB,OAAO,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC;YACvF,OAAO,CAAC,CAAC,OAAO,KAAK,CAAC;QAC1B,CAAC;IACL,CAAC;IAED,qDAAqD;IACrD,QAAQ,KAAe,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEhD,kCAAkC;IAClC,SAAS,CAAC,MAAc,EAAE,MAAe;QACrC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QACnD,IAAI,IAAI,EAAE,CAAC;YAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;YAAC,OAAO,IAAI,CAAC;QAAC,CAAC;QAChD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,0BAA0B;IAC1B,UAAU,CAAC,MAAc;QACrB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QACvD,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;YAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YAAC,OAAO,IAAI,CAAC;QAAC,CAAC;QACzD,OAAO,KAAK,CAAC;IACjB,CAAC;CACJ;AAtND,8DAsNC"}

package/dist/prevent.d.ts ADDED Viewed

@@ -0,0 +1,119 @@
+import type { Request, Response, NextFunction } from 'express';
+export interface LockoutRecord {
+    attempts: number;
+    firstAttemptAt: number;
+    lockedUntil?: number;
+    lastAttemptIp?: string;
+}
+export interface SessionFingerprint {
+    ip: string;
+    userAgent: string;
+    acceptLang: string;
+    hash: string;
+    createdAt: number;
+}
+export interface PreventionConfig {
+    maxFailedLogins?: number;
+    lockoutDurationMs?: number;
+    lockoutWindowMs?: number;
+    enableSecurityHeaders?: boolean;
+    cspDirectives?: Record<string, string | string[]>;
+    frameOptions?: 'DENY' | 'SAMEORIGIN';
+    enableCsrf?: boolean;
+    csrfExemptPaths?: string[];
+    enableBotDetection?: boolean;
+    blockHeadlessBrowsers?: boolean;
+    blockedCountries?: string[];
+    blockedIpRanges?: string[];
+    enablePathTraversalProtection?: boolean;
+    enableCommandInjectionProtection?: boolean;
+}
+declare const lockouts: Map<string, LockoutRecord>;
+declare const sessions: Map<string, SessionFingerprint>;
+declare const csrfTokens: Map<string, {
+    expires: number;
+}>;
+declare const ipReputation: Map<string, {
+    score: number;
+    reason: string;
+}>;
+export declare class AccountLockout {
+    private config;
+    constructor(config?: PreventionConfig);
+    /**
+     * Record a failed login attempt for this identifier (userId or IP).
+     * Returns lock status with human-readable message.
+     */
+    recordFailure(identifier: string, ip?: string): {
+        locked: boolean;
+        attemptsLeft: number;
+        message: string;
+        lockedFor?: number;
+    };
+    /** Call this on SUCCESSFUL login to reset the counter */
+    recordSuccess(identifier: string): void;
+    /** Check if an account is currently locked (before attempting auth) */
+    isLocked(identifier: string): {
+        locked: boolean;
+        unlockAt?: number;
+        message?: string;
+    };
+}
+export declare function securityHeaders(config?: PreventionConfig): (_req: Request, res: Response, next: NextFunction) => void;
+export declare class CsrfProtection {
+    private tokenTtlMs;
+    private exemptPaths;
+    constructor(config?: PreventionConfig);
+    /** Generate a CSRF token for a session */
+    generateToken(sessionId: string): string;
+    /** Validate a CSRF token */
+    validateToken(sessionId: string, token: string): boolean;
+    /** Express middleware — validates CSRF on state-changing requests */
+    middleware(): (req: Request, res: Response, next: NextFunction) => void;
+}
+export declare class SessionFingerprinter {
+    /**
+     * Create a fingerprint from request characteristics.
+     * Used to detect if someone stole a session cookie and is using it
+     * from a different device/browser/location.
+     */
+    createFingerprint(req: Request): SessionFingerprint;
+    /** Store a fingerprint for a session */
+    store(sessionId: string, fp: SessionFingerprint): void;
+    /**
+     * Verify current request matches the original session fingerprint.
+     * Returns { valid, reason } — soft verification (logs warning, doesn't hard block by default).
+     */
+    verify(sessionId: string, req: Request): {
+        valid: boolean;
+        reason?: string;
+        riskLevel: 'none' | 'low' | 'high';
+    };
+}
+export declare function detectBot(req: Request): {
+    isBot: boolean;
+    confidence: 'high' | 'medium' | 'low';
+    reason: string;
+};
+export declare function detectAdvancedInjection(req: Request): {
+    threat: boolean;
+    type: string;
+    detail: string;
+} | null;
+export declare class IpReputationEngine {
+    private blockedRanges;
+    constructor(config?: PreventionConfig);
+    /** Flag an IP as malicious (called by AI threat engine when threat detected) */
+    flagIp(ip: string, reason: string, score?: number): void;
+    /** Check if an IP should be blocked */
+    checkIp(ip: string): {
+        blocked: boolean;
+        score: number;
+        reason: string;
+    };
+    /** Call this after AI detects a threat to auto-add IP to blocklist */
+    autoBlockFromThreat(ip: string, alertNarrative: string): void;
+}
+export declare function titanPreventionMiddleware(lockout: AccountLockout, ipEngine: IpReputationEngine, config?: PreventionConfig, onThreat?: (event: string, detail: string, ip: string) => void): (req: Request, res: Response, next: NextFunction) => void;
+export { lockouts, sessions, csrfTokens, ipReputation };
+//# sourceMappingURL=prevent.d.ts.map

package/dist/prevent.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"prevent.d.ts","sourceRoot":"","sources":["../src/prevent.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG/D,MAAM,WAAW,aAAa;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAE7B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;IAGzB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAClD,YAAY,CAAC,EAAE,MAAM,GAAG,YAAY,CAAC;IAGrC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAG3B,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAGhC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAG3B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,gCAAgC,CAAC,EAAE,OAAO,CAAC;CAC9C;AAGD,QAAA,MAAM,QAAQ,4BAAmC,CAAC;AAClD,QAAA,MAAM,QAAQ,iCAAwC,CAAC;AACvD,QAAA,MAAM,UAAU;aAA8B,MAAM;EAAK,CAAC;AAC1D,QAAA,MAAM,YAAY;WAA4B,MAAM;YAAU,MAAM;EAAK,CAAC;AAY1E,qBAAa,cAAc;IACvB,OAAO,CAAC,MAAM,CAAgG;gBAElG,MAAM,GAAE,gBAAqB;IAQzC;;;OAGG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,GAAG;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE;IA6B9H,yDAAyD;IACzD,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAIvC,uEAAuE;IACvE,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE;CAezF;AAGD,wBAAgB,eAAe,CAAC,MAAM,GAAE,gBAAqB,IAsBpB,MAAM,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,UAwCxF;AAGD,qBAAa,cAAc;IACvB,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,WAAW,CAAW;gBAElB,MAAM,GAAE,gBAAqB;IAKzC,0CAA0C;IAC1C,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAaxC,4BAA4B;IAC5B,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO;IASxD,qEAAqE;IACrE,UAAU,KACE,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY;CAoB9D;AAGD,qBAAa,oBAAoB;IAC7B;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,kBAAkB;IAWnD,wCAAwC;IACxC,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,kBAAkB,GAAG,IAAI;IAItD;;;OAGG;IACH,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAA;KAAE;CAwBnH;AAGD,wBAAgB,SAAS,CAAC,GAAG,EAAE,OAAO,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CA0BjH;AAGD,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,OAAO,GAAG;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAyB9G;AAGD,qBAAa,kBAAkB;IAC3B,OAAO,CAAC,aAAa,CAAW;gBAEpB,MAAM,GAAE,gBAAqB;IAIzC,gFAAgF;IAChF,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,GAAE,MAAW,GAAG,IAAI;IAI5D,uCAAuC;IACvC,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE;IAexE,sEAAsE;IACtE,mBAAmB,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,IAAI;CAIhE;AAGD,wBAAgB,yBAAyB,CACrC,OAAO,EAAE,cAAc,EACvB,QAAQ,EAAE,kBAAkB,EAC5B,MAAM,GAAE,gBAAqB,EAC7B,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,KAAK,IAAI,IAEtC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,UAiD1E;AAGD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC"}