@upx-us/shield 0.2.12-beta

package/dist/src/config.js

@@ -0,0 +1,181 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SHIELD_CONFIG_PATH = void 0;
+exports.injectConfigEnv = injectConfigEnv;
+exports.loadCredentials = loadCredentials;
+exports.loadCredentialsFromPluginConfig = loadCredentialsFromPluginConfig;
+exports.loadConfig = loadConfig;
+const os_1 = require("os");
+const path_1 = require("path");
+const fs_1 = require("fs");
+const log = __importStar(require("./log"));
+/** Default OpenClaw agents directory */
+const OPENCLAW_AGENTS_DIR = (0, path_1.join)((0, os_1.homedir)(), '.openclaw/agents');
+function safeParseInt(value, fallback) {
+    if (!value)
+        return fallback;
+    const parsed = parseInt(value, 10);
+    return isNaN(parsed) ? fallback : parsed;
+}
+function optString(val) {
+    return val != null ? String(val) : '';
+}
+/**
+ * Auto-discover all agent session directories.
+ * Scans ~/.openclaw/agents/{agent}/sessions for directories that exist.
+ */
+function discoverSessionDirs() {
+    const dirs = [];
+    if (!(0, fs_1.existsSync)(OPENCLAW_AGENTS_DIR))
+        return dirs;
+    try {
+        for (const agent of (0, fs_1.readdirSync)(OPENCLAW_AGENTS_DIR)) {
+            const sessDir = (0, path_1.join)(OPENCLAW_AGENTS_DIR, agent, 'sessions');
+            if ((0, fs_1.existsSync)(sessDir)) {
+                dirs.push(sessDir);
+            }
+        }
+    }
+    catch (err) {
+        log.warn('config', `Failed to scan agents directory: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    return dirs;
+}
+/** Canonical config location — shared by setup, bridge, and plugin entry. */
+exports.SHIELD_CONFIG_PATH = (0, path_1.join)((0, os_1.homedir)(), '.openclaw', 'shield', 'config.env');
+/**
+ * Load config file if it exists (~/.openclaw/shield/config.env).
+ * Parses KEY=VALUE lines into a flat record. Lines starting with # are ignored.
+ *
+ * The path can be overridden by SHIELD_CONFIG_PATH env var — used in tests
+ * to isolate from real credentials on the developer machine.
+ */
+function loadConfigFile() {
+    const configPath = process.env.SHIELD_CONFIG_PATH || exports.SHIELD_CONFIG_PATH;
+    if (!(0, fs_1.existsSync)(configPath))
+        return {};
+    try {
+        const lines = (0, fs_1.readFileSync)(configPath, 'utf-8').split('\n');
+        const result = {};
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith('#'))
+                continue;
+            const eq = trimmed.indexOf('=');
+            if (eq < 1)
+                continue;
+            const key = trimmed.slice(0, eq).trim();
+            const val = trimmed.slice(eq + 1).trim();
+            result[key] = val;
+        }
+        return result;
+    }
+    catch { /* corrupt config — use defaults */ }
+    return {};
+}
+/**
+ * Inject config file values into process.env so the standalone bridge
+ * (sender, fetcher, etc.) can read credentials via env vars.
+ * Values already set in the environment take precedence (allows override).
+ */
+function injectConfigEnv() {
+    const file = loadConfigFile();
+    for (const [key, val] of Object.entries(file)) {
+        if (!process.env[key])
+            process.env[key] = val;
+    }
+}
+/**
+ * Load credentials from config.env file and environment variables.
+ * Supports new env var names with backward compat for the old names.
+ */
+function loadCredentials() {
+    const file = loadConfigFile();
+    function resolve(newName, oldName) {
+        const val = process.env[newName] || process.env[oldName] || file[newName] || file[oldName] || '';
+        if (!val && (process.env[oldName] || file[oldName])) {
+            log.warn('config', `${oldName} is deprecated, use ${newName} instead`);
+        }
+        return val;
+    }
+    return {
+        apiUrl: process.env.SHIELD_API_URL || file.SHIELD_API_URL || '',
+        hmacSecret: resolve('SHIELD_HMAC_SECRET', 'SHIELD_SECRET'),
+        instanceId: resolve('SHIELD_INSTANCE_ID', 'SHIELD_FINGERPRINT'),
+        shieldEnv: process.env.SHIELD_ENV || file.SHIELD_ENV || '',
+    };
+}
+/**
+ * Build credentials from a plugin config object (openclaw.json).
+ * Falls back to config.env / env vars for any missing values.
+ */
+function loadCredentialsFromPluginConfig(pluginConfig) {
+    const fileCreds = loadCredentials();
+    return {
+        apiUrl: optString(pluginConfig.apiUrl) || fileCreds.apiUrl,
+        hmacSecret: optString(pluginConfig.registrationKey) || fileCreds.hmacSecret,
+        instanceId: optString(pluginConfig.instanceId) || fileCreds.instanceId,
+        // shieldEnv is internal — not exposed in plugin config (customers only see PROD)
+        shieldEnv: fileCreds.shieldEnv,
+    };
+}
+function loadConfig(overrides) {
+    if (!overrides?.credentials) {
+        injectConfigEnv();
+    }
+    let sessionDirs;
+    if (process.env.SESSION_DIR) {
+        sessionDirs = process.env.SESSION_DIR.split(',').map(s => s.trim()).filter(Boolean);
+    }
+    else {
+        sessionDirs = discoverSessionDirs();
+    }
+    if (sessionDirs.length === 0) {
+        log.warn('config', 'No OpenClaw session directories found. Run: npx shield-setup');
+    }
+    const credentials = overrides?.credentials ?? loadCredentials();
+    return {
+        dryRun: overrides?.dryRun ?? (process.env.DRY_RUN === 'true'),
+        pollIntervalMs: overrides?.pollIntervalMs ?? safeParseInt(process.env.POLL_INTERVAL_MS, 30000),
+        sessionDirs,
+        cursorFile: process.env.CURSOR_FILE || (0, path_1.join)((0, os_1.homedir)(), '.openclaw', 'shield', 'data', 'cursor.json'),
+        hostname: process.env.INSTANCE_NAME || 'openclaw-instance',
+        maxEvents: safeParseInt(process.env.MAX_EVENTS, 0),
+        collectHostMetrics: overrides?.collectHostMetrics ?? (process.env.COLLECT_HOST_METRICS === 'true'),
+        redactionEnabled: overrides?.redactionEnabled ?? (process.env.REDACTION_ENABLED !== 'false'),
+        credentials,
+    };
+}

package/dist/src/events/base.d.ts

@@ -0,0 +1,110 @@
+/**
+ * base.ts — Core types, composable blocks, and generic engine for the Shield event model.
+ *
+ * All event types extend BaseEvent. The engine composes base rules with type-specific rules.
+ * Individual event types never redeclare base-level concerns.
+ */
+export interface BaseEvent {
+    timestamp: string;
+    event_type: 'TOOL_CALL' | 'TOOL_RESULT';
+    tool_name: string;
+    /** Discriminator — lets the parser know the shape of each event */
+    tool_category: string;
+    session_id: string;
+    model?: string;
+    product_name: string;
+    vendor_name: string;
+    principal: {
+        hostname: string;
+        ip: string;
+        platform: string;
+        user: string;
+    };
+    tool_metadata?: Record<string, string | null>;
+}
+/** Attach to any event type when network context is relevant (SSH, HTTP, etc.) */
+export interface NetworkBlock {
+    network: {
+        session_id: string;
+        protocol: string;
+        direction: string;
+    };
+}
+/**
+ * Attach to any event type when a security-relevant finding is detected.
+ * NOTE: `target` is NOT a composable block — each event type owns its `target` shape
+ * to avoid property collisions across types.
+ */
+export interface SecurityResultBlock {
+    security_result: {
+        severity: string;
+        summary: string;
+        category: string;
+    };
+}
+/** Dot-notation path to a field in an event, plus the redaction strategy to apply */
+export interface FieldRedaction {
+    path: string;
+    /** Strategy key — must match a registered RedactionStrategy in src/redactor/strategies/ */
+    strategy: string;
+}
+export interface ValidationResult {
+    valid: boolean;
+    field?: string;
+    error?: string;
+}
+/** Raw tool call from the JSONL session file */
+export interface RawToolCall {
+    name: string;
+    id?: string;
+    arguments: Record<string, any>;
+}
+/** Context passed to every enrich() function */
+export interface EnrichmentContext {
+    sessionId: string;
+    agentId: string;
+    timestamp: string;
+    model?: string;
+    source: SourceInfo;
+}
+export interface SourceInfo {
+    hostname: string;
+    ip_addresses: string[];
+    os: {
+        type: string;
+        platform: string;
+        release: string;
+        arch: string;
+    };
+    openclaw: {
+        version: string;
+        agent_id: string;
+        agent_label: string;
+    };
+    plugin: {
+        version: string;
+        transport: string;
+    };
+}
+/** Schema descriptor — one per event type */
+export interface EventSchema<T extends BaseEvent = BaseEvent> {
+    category: string;
+    /** Pure, fast matcher. First match wins. GenericSchema must be last. */
+    match: (tool: RawToolCall) => boolean;
+    enrich: (tool: RawToolCall, context: EnrichmentContext) => T;
+    redactions: FieldRedaction[];
+    validate: (event: T) => ValidationResult;
+}
+export declare const baseValidations: {
+    validate(event: BaseEvent): ValidationResult;
+};
+/** Applied to every event, regardless of type */
+export declare const baseRedactions: FieldRedaction[];
+/**
+ * Run base validations first, then type-specific validations.
+ * Returns the first failure encountered.
+ */
+export declare function validateEvent(event: BaseEvent, schema: EventSchema): ValidationResult;
+/** Convert all values in a metadata object to strings (Chronicle CBN can't extract booleans/integers) */
+export declare function stringifyMetadata(meta: Record<string, any>): Record<string, string | null>;
+export declare function truncate(s: string, max?: number): string;

package/dist/src/events/base.js

@@ -0,0 +1,61 @@
+"use strict";
+/**
+ * base.ts — Core types, composable blocks, and generic engine for the Shield event model.
+ *
+ * All event types extend BaseEvent. The engine composes base rules with type-specific rules.
+ * Individual event types never redeclare base-level concerns.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.baseRedactions = exports.baseValidations = void 0;
+exports.validateEvent = validateEvent;
+exports.stringifyMetadata = stringifyMetadata;
+exports.truncate = truncate;
+// ─── Base Validations ─────────────────────────────────────────────────────────
+exports.baseValidations = {
+    validate(event) {
+        if (!event.timestamp)
+            return { valid: false, field: 'timestamp', error: 'missing' };
+        if (!event.session_id)
+            return { valid: false, field: 'session_id', error: 'missing' };
+        if (!event.tool_name)
+            return { valid: false, field: 'tool_name', error: 'missing' };
+        if (!event.tool_category)
+            return { valid: false, field: 'tool_category', error: 'missing' };
+        if (!event.principal?.hostname)
+            return { valid: false, field: 'principal.hostname', error: 'missing' };
+        return { valid: true };
+    },
+};
+// ─── Base Redactions ──────────────────────────────────────────────────────────
+/** Applied to every event, regardless of type */
+exports.baseRedactions = [
+    { path: 'principal.hostname', strategy: 'hostname' },
+    { path: 'principal.user', strategy: 'username' },
+];
+// ─── Generic Engine ───────────────────────────────────────────────────────────
+/**
+ * Run base validations first, then type-specific validations.
+ * Returns the first failure encountered.
+ */
+function validateEvent(event, schema) {
+    const baseResult = exports.baseValidations.validate(event);
+    if (!baseResult.valid)
+        return baseResult;
+    return schema.validate(event);
+}
+/** Convert all values in a metadata object to strings (Chronicle CBN can't extract booleans/integers) */
+function stringifyMetadata(meta) {
+    const result = {};
+    for (const [k, v] of Object.entries(meta)) {
+        if (v === null || v === undefined)
+            result[k] = null;
+        else if (Array.isArray(v))
+            result[k] = JSON.stringify(v);
+        else
+            result[k] = String(v);
+    }
+    return result;
+}
+function truncate(s, max = 500) {
+    return s && s.length > max ? s.slice(0, max) : s;
+}

package/dist/src/events/browser/enrich.d.ts

@@ -0,0 +1,3 @@
+import { RawToolCall, EnrichmentContext } from '../base';
+import { BrowserEvent } from './event';
+export declare function enrich(tool: RawToolCall, ctx: EnrichmentContext): BrowserEvent;

package/dist/src/events/browser/enrich.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.enrich = enrich;
+const base_1 = require("../base");
+function enrich(tool, ctx) {
+    const args = tool.arguments;
+    const url = args.targetUrl || args.url || '';
+    const meta = {
+        tool_name: 'browser',
+        'openclaw.session_id': ctx.sessionId,
+        'openclaw.agent_id': ctx.agentId,
+        browser_action: args.action || null,
+        url_domain: null,
+        url_is_internal: false,
+    };
+    const event = {
+        timestamp: ctx.timestamp,
+        event_type: 'TOOL_CALL',
+        tool_name: 'browser',
+        tool_category: 'browser',
+        session_id: ctx.sessionId,
+        model: ctx.model,
+        product_name: 'OpenClaw',
+        vendor_name: 'UPX',
+        principal: {
+            hostname: ctx.source.hostname,
+            ip: ctx.source.ip_addresses?.[0] || '',
+            platform: ctx.source.os.platform,
+            user: ctx.agentId,
+        },
+        url,
+        target: { url },
+        tool_metadata: (0, base_1.stringifyMetadata)(meta),
+    };
+    try {
+        const u = new URL(url);
+        event.target.hostname = u.hostname;
+        event.target.url_domain = u.hostname;
+        meta.url_domain = u.hostname;
+        meta.url_is_internal = u.hostname === 'localhost' || u.hostname === '127.0.0.1';
+        event.network = { session_id: ctx.sessionId, protocol: 'HTTPS', direction: 'OUTBOUND' };
+        event.tool_metadata = (0, base_1.stringifyMetadata)(meta);
+    }
+    catch { /* no valid URL */ }
+    return event;
+}

package/dist/src/events/browser/event.d.ts

@@ -0,0 +1,10 @@
+import { BaseEvent, NetworkBlock } from '../base';
+export interface BrowserEvent extends BaseEvent, Partial<NetworkBlock> {
+    tool_category: 'browser';
+    url: string;
+    target: {
+        url: string;
+        hostname?: string;
+        url_domain?: string;
+    };
+}

package/dist/src/events/browser/event.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/src/events/browser/index.d.ts

@@ -0,0 +1,4 @@
+import { EventSchema } from '../base';
+import { BrowserEvent } from './event';
+export type { BrowserEvent };
+export declare const BrowserSchema: EventSchema<BrowserEvent>;

package/dist/src/events/browser/index.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BrowserSchema = void 0;
+const enrich_1 = require("./enrich");
+const redactions_1 = require("./redactions");
+const validations_1 = require("./validations");
+exports.BrowserSchema = {
+    category: 'browser',
+    match: (tool) => tool.name === 'browser',
+    enrich: enrich_1.enrich,
+    redactions: redactions_1.redactions,
+    validate: validations_1.validate,
+};

package/dist/src/events/browser/redactions.d.ts

@@ -0,0 +1,2 @@
+import { FieldRedaction } from '../base';
+export declare const redactions: FieldRedaction[];

package/dist/src/events/browser/redactions.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.redactions = void 0;
+exports.redactions = [];

package/dist/src/events/browser/validations.d.ts

@@ -0,0 +1,3 @@
+import { ValidationResult } from '../base';
+import { BrowserEvent } from './event';
+export declare function validate(event: BrowserEvent): ValidationResult;

package/dist/src/events/browser/validations.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validate = validate;
+function validate(event) {
+    if (!event.url)
+        return { valid: false, field: 'url', error: 'missing url' };
+    if (!event.target?.url)
+        return { valid: false, field: 'target.url', error: 'missing target.url' };
+    return { valid: true };
+}

package/dist/src/events/cron/enrich.d.ts

@@ -0,0 +1,3 @@
+import { RawToolCall, EnrichmentContext } from '../base';
+import { CronEvent } from './event';
+export declare function enrich(tool: RawToolCall, ctx: EnrichmentContext): CronEvent;

package/dist/src/events/cron/enrich.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.enrich = enrich;
+const base_1 = require("../base");
+function enrich(tool, ctx) {
+    const args = tool.arguments;
+    const meta = {
+        tool_name: 'cron',
+        'openclaw.session_id': ctx.sessionId,
+        'openclaw.agent_id': ctx.agentId,
+        sub_action: args.action || null,
+        cron_job_id: args.jobId || args.id || null,
+    };
+    if (args.job) {
+        const payload = args.job.payload || {};
+        meta.cron_payload_kind = payload.kind || null;
+        meta.cron_session_target = args.job.sessionTarget || null;
+        if (payload.message) {
+            meta.cron_has_exec_instruction = /\b(exec|run|execute|shell|command|delete|rm|kill)\b/i.test(payload.message);
+            meta.cron_has_cred_instruction = /\b(password|credential|secret|key|token|ssh)\b/i.test(payload.message);
+        }
+        if (payload.text) {
+            meta.cron_has_exec_instruction = /\b(exec|run|execute|shell|command|delete|rm|kill)\b/i.test(payload.text);
+        }
+    }
+    return {
+        timestamp: ctx.timestamp,
+        event_type: 'TOOL_CALL',
+        tool_name: 'cron',
+        tool_category: 'cron',
+        session_id: ctx.sessionId,
+        model: ctx.model,
+        product_name: 'OpenClaw',
+        vendor_name: 'UPX',
+        principal: {
+            hostname: ctx.source.hostname,
+            ip: ctx.source.ip_addresses?.[0] || '',
+            platform: ctx.source.os.platform,
+            user: ctx.agentId,
+        },
+        arguments_summary: (0, base_1.truncate)(JSON.stringify(args || {})),
+        tool_metadata: (0, base_1.stringifyMetadata)(meta),
+    };
+}

package/dist/src/events/cron/event.d.ts

@@ -0,0 +1,5 @@
+import { BaseEvent } from '../base';
+export interface CronEvent extends BaseEvent {
+    tool_category: 'cron';
+    arguments_summary?: string;
+}

package/dist/src/events/cron/event.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/src/events/cron/index.d.ts

@@ -0,0 +1,4 @@
+import { EventSchema } from '../base';
+import { CronEvent } from './event';
+export type { CronEvent };
+export declare const CronSchema: EventSchema<CronEvent>;

package/dist/src/events/cron/index.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CronSchema = void 0;
+const enrich_1 = require("./enrich");
+const redactions_1 = require("./redactions");
+const validations_1 = require("./validations");
+exports.CronSchema = {
+    category: 'cron',
+    match: (tool) => tool.name === 'cron',
+    enrich: enrich_1.enrich,
+    redactions: redactions_1.redactions,
+    validate: validations_1.validate,
+};

package/dist/src/events/cron/redactions.d.ts

@@ -0,0 +1,2 @@
+import { FieldRedaction } from '../base';
+export declare const redactions: FieldRedaction[];

package/dist/src/events/cron/redactions.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.redactions = void 0;
+exports.redactions = [];

package/dist/src/events/cron/validations.d.ts

@@ -0,0 +1,3 @@
+import { ValidationResult } from '../base';
+import { CronEvent } from './event';
+export declare function validate(_event: CronEvent): ValidationResult;

package/dist/src/events/cron/validations.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validate = validate;
+function validate(_event) { return { valid: true }; }

package/dist/src/events/exec/enrich.d.ts

@@ -0,0 +1,3 @@
+import { RawToolCall, EnrichmentContext } from '../base';
+import { ExecEvent } from './event';
+export declare function enrich(tool: RawToolCall, ctx: EnrichmentContext): ExecEvent;

package/dist/src/events/exec/enrich.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.enrich = enrich;
+const base_1 = require("../base");
+function enrich(tool, ctx) {
+    const args = tool.arguments;
+    const cmd = args.command || '';
+    const rootCmd = (cmd.split(/\s+/)[0] || '').split('/').pop() || '';
+    const meta = {
+        tool_name: 'exec',
+        'openclaw.session_id': ctx.sessionId,
+        'openclaw.agent_id': ctx.agentId,
+        cmd_root_command: rootCmd,
+        cmd_has_sudo: /\bsudo\b/.test(cmd),
+        cmd_has_pipe: /\|/.test(cmd),
+    };
+    // Process scope escape detection (kill/pkill/killall)
+    if (/^(kill|pkill|killall)$/.test(rootCmd)) {
+        const pidMatch = cmd.match(/\bkill\s+(?:-\d+\s+)?(\d+)/);
+        if (pidMatch) {
+            meta.target_pid = pidMatch[1];
+            meta.target_pid_in_scope = 'false';
+        }
+    }
+    const event = {
+        timestamp: ctx.timestamp,
+        event_type: 'TOOL_CALL',
+        tool_name: 'exec',
+        tool_category: 'exec',
+        session_id: ctx.sessionId,
+        model: ctx.model,
+        product_name: 'OpenClaw',
+        vendor_name: 'UPX',
+        principal: {
+            hostname: ctx.source.hostname,
+            ip: ctx.source.ip_addresses?.[0] || '',
+            platform: ctx.source.os.platform,
+            user: ctx.agentId,
+        },
+        command: (0, base_1.truncate)(cmd),
+        workdir: args.workdir || null,
+        target: { command_line: (0, base_1.truncate)(cmd) },
+        tool_metadata: (0, base_1.stringifyMetadata)(meta),
+    };
+    // SSH / SCP / rsync detection
+    if (/^(ssh|scp|rsync)\b/.test(rootCmd)) {
+        const stripped = cmd.replace(/\s-[ipoFlJWbDeLRw]\s+\S+/g, ' ').replace(/\s-[^\s]+/g, ' ');
+        const parts = stripped.trim().split(/\s+/).slice(1);
+        let targetHost = null;
+        for (const p of parts) {
+            if (p.includes('@')) {
+                targetHost = p.includes(':') ? p.split(':')[0] : p;
+                break;
+            }
+        }
+        if (!targetHost) {
+            for (const p of parts) {
+                if (p.startsWith("'") || p.startsWith('"') || p.startsWith('|') || p.startsWith('2>'))
+                    break;
+                if (/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(p)) {
+                    targetHost = p;
+                    break;
+                }
+            }
+        }
+        if (targetHost) {
+            const atIdx = targetHost.indexOf('@');
+            const host = atIdx >= 0 ? targetHost.substring(atIdx + 1) : targetHost;
+            event.target.hostname = host;
+            if (/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(host))
+                event.target.ip = host;
+            event.tool_metadata['cmd_target_host'] = targetHost;
+        }
+        if (event.target.hostname) {
+            event.network = { session_id: ctx.sessionId, protocol: 'SSH', direction: 'OUTBOUND' };
+        }
+        event.security_result = { severity: 'MEDIUM', summary: 'SSH to external host', category: 'lateral_movement' };
+    }
+    return event;
+}

package/dist/src/events/exec/event.d.ts

@@ -0,0 +1,11 @@
+import { BaseEvent, NetworkBlock, SecurityResultBlock } from '../base';
+export interface ExecEvent extends BaseEvent, Partial<NetworkBlock>, Partial<SecurityResultBlock> {
+    tool_category: 'exec';
+    command: string;
+    workdir: string | null;
+    target: {
+        command_line: string;
+        hostname?: string;
+        ip?: string;
+    };
+}