beddel 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +297 -0
- package/dist/agents/agentRegistry.d.ts +68 -0
- package/dist/agents/agentRegistry.d.ts.map +1 -0
- package/dist/agents/agentRegistry.js +222 -0
- package/dist/agents/agentRegistry.js.map +1 -0
- package/dist/agents/formatter-agent.d.ts +10 -0
- package/dist/agents/formatter-agent.d.ts.map +1 -0
- package/dist/agents/formatter-agent.js +49 -0
- package/dist/agents/formatter-agent.js.map +1 -0
- package/dist/agents/genkit-agent.d.ts +12 -0
- package/dist/agents/genkit-agent.d.ts.map +1 -0
- package/dist/agents/genkit-agent.js +119 -0
- package/dist/agents/genkit-agent.js.map +1 -0
- package/dist/agents/i18n-messages.d.ts +17 -0
- package/dist/agents/i18n-messages.d.ts.map +1 -0
- package/dist/agents/i18n-messages.js +92 -0
- package/dist/agents/i18n-messages.js.map +1 -0
- package/dist/agents/index.d.ts +10 -0
- package/dist/agents/index.d.ts.map +1 -0
- package/dist/agents/index.js +26 -0
- package/dist/agents/index.js.map +1 -0
- package/dist/agents/pipeline.d.ts +15 -0
- package/dist/agents/pipeline.d.ts.map +1 -0
- package/dist/agents/pipeline.js +45 -0
- package/dist/agents/pipeline.js.map +1 -0
- package/dist/agents/schema-factory.d.ts +40 -0
- package/dist/agents/schema-factory.d.ts.map +1 -0
- package/dist/agents/schema-factory.js +121 -0
- package/dist/agents/schema-factory.js.map +1 -0
- package/dist/agents/translation-validators.d.ts +26 -0
- package/dist/agents/translation-validators.d.ts.map +1 -0
- package/dist/agents/translation-validators.js +77 -0
- package/dist/agents/translation-validators.js.map +1 -0
- package/dist/agents/translator-agents.d.ts +184 -0
- package/dist/agents/translator-agents.d.ts.map +1 -0
- package/dist/agents/translator-agents.js +613 -0
- package/dist/agents/translator-agents.js.map +1 -0
- package/dist/agents/types/translation.types.d.ts +100 -0
- package/dist/agents/types/translation.types.d.ts.map +1 -0
- package/dist/agents/types/translation.types.js +3 -0
- package/dist/agents/types/translation.types.js.map +1 -0
- package/dist/agents/validator-agent.d.ts +42 -0
- package/dist/agents/validator-agent.d.ts.map +1 -0
- package/dist/agents/validator-agent.js +122 -0
- package/dist/agents/validator-agent.js.map +1 -0
- package/dist/audit/auditTrail.d.ts +55 -0
- package/dist/audit/auditTrail.d.ts.map +1 -0
- package/dist/audit/auditTrail.js +93 -0
- package/dist/audit/auditTrail.js.map +1 -0
- package/dist/compliance/gdprEngine.d.ts +44 -0
- package/dist/compliance/gdprEngine.d.ts.map +1 -0
- package/dist/compliance/gdprEngine.js +178 -0
- package/dist/compliance/gdprEngine.js.map +1 -0
- package/dist/compliance/lgpdEngine.d.ts +51 -0
- package/dist/compliance/lgpdEngine.d.ts.map +1 -0
- package/dist/compliance/lgpdEngine.js +221 -0
- package/dist/compliance/lgpdEngine.js.map +1 -0
- package/dist/config.d.ts +78 -0
- package/dist/config.d.ts.map +1 -0
- package/dist/config.js +77 -0
- package/dist/config.js.map +1 -0
- package/dist/errors.d.ts +17 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +40 -0
- package/dist/errors.js.map +1 -0
- package/dist/firebase/tenantManager.d.ts +84 -0
- package/dist/firebase/tenantManager.d.ts.map +1 -0
- package/dist/firebase/tenantManager.js +378 -0
- package/dist/firebase/tenantManager.js.map +1 -0
- package/dist/index.d.ts +36 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +118 -0
- package/dist/index.js.map +1 -0
- package/dist/integration/secure-yaml-runtime.d.ts +68 -0
- package/dist/integration/secure-yaml-runtime.d.ts.map +1 -0
- package/dist/integration/secure-yaml-runtime.js +245 -0
- package/dist/integration/secure-yaml-runtime.js.map +1 -0
- package/dist/parser/secure-yaml-parser.d.ts +62 -0
- package/dist/parser/secure-yaml-parser.d.ts.map +1 -0
- package/dist/parser/secure-yaml-parser.js +234 -0
- package/dist/parser/secure-yaml-parser.js.map +1 -0
- package/dist/performance/autoscaling.d.ts +100 -0
- package/dist/performance/autoscaling.d.ts.map +1 -0
- package/dist/performance/autoscaling.js +339 -0
- package/dist/performance/autoscaling.js.map +1 -0
- package/dist/performance/benchmark.d.ts +104 -0
- package/dist/performance/benchmark.d.ts.map +1 -0
- package/dist/performance/benchmark.js +514 -0
- package/dist/performance/benchmark.js.map +1 -0
- package/dist/performance/index.d.ts +14 -0
- package/dist/performance/index.d.ts.map +1 -0
- package/dist/performance/index.js +35 -0
- package/dist/performance/index.js.map +1 -0
- package/dist/performance/monitor.d.ts +126 -0
- package/dist/performance/monitor.d.ts.map +1 -0
- package/dist/performance/monitor.js +324 -0
- package/dist/performance/monitor.js.map +1 -0
- package/dist/performance/streaming.d.ts +82 -0
- package/dist/performance/streaming.d.ts.map +1 -0
- package/dist/performance/streaming.js +287 -0
- package/dist/performance/streaming.js.map +1 -0
- package/dist/runtime/audit.d.ts +240 -0
- package/dist/runtime/audit.d.ts.map +1 -0
- package/dist/runtime/audit.js +641 -0
- package/dist/runtime/audit.js.map +1 -0
- package/dist/runtime/declarativeAgentRuntime.d.ts +123 -0
- package/dist/runtime/declarativeAgentRuntime.d.ts.map +1 -0
- package/dist/runtime/declarativeAgentRuntime.js +576 -0
- package/dist/runtime/declarativeAgentRuntime.js.map +1 -0
- package/dist/runtime/isolatedRuntime.d.ts +119 -0
- package/dist/runtime/isolatedRuntime.d.ts.map +1 -0
- package/dist/runtime/isolatedRuntime.js +425 -0
- package/dist/runtime/isolatedRuntime.js.map +1 -0
- package/dist/runtime/schemaCompiler.d.ts +35 -0
- package/dist/runtime/schemaCompiler.d.ts.map +1 -0
- package/dist/runtime/schemaCompiler.js +151 -0
- package/dist/runtime/schemaCompiler.js.map +1 -0
- package/dist/runtime/simpleRuntime.d.ts +57 -0
- package/dist/runtime/simpleRuntime.d.ts.map +1 -0
- package/dist/runtime/simpleRuntime.js +187 -0
- package/dist/runtime/simpleRuntime.js.map +1 -0
- package/dist/security/dashboard.d.ts +89 -0
- package/dist/security/dashboard.d.ts.map +1 -0
- package/dist/security/dashboard.js +300 -0
- package/dist/security/dashboard.js.map +1 -0
- package/dist/security/hardening.d.ts +130 -0
- package/dist/security/hardening.d.ts.map +1 -0
- package/dist/security/hardening.js +414 -0
- package/dist/security/hardening.js.map +1 -0
- package/dist/security/index.d.ts +128 -0
- package/dist/security/index.d.ts.map +1 -0
- package/dist/security/index.js +353 -0
- package/dist/security/index.js.map +1 -0
- package/dist/security/monitor.d.ts +88 -0
- package/dist/security/monitor.d.ts.map +1 -0
- package/dist/security/monitor.js +356 -0
- package/dist/security/monitor.js.map +1 -0
- package/dist/security/scanner.d.ts +104 -0
- package/dist/security/scanner.d.ts.map +1 -0
- package/dist/security/scanner.js +298 -0
- package/dist/security/scanner.js.map +1 -0
- package/dist/security/score.d.ts +150 -0
- package/dist/security/score.d.ts.map +1 -0
- package/dist/security/score.js +983 -0
- package/dist/security/score.js.map +1 -0
- package/dist/security/test-security.d.ts +22 -0
- package/dist/security/test-security.d.ts.map +1 -0
- package/dist/security/test-security.js +154 -0
- package/dist/security/test-security.js.map +1 -0
- package/dist/security/threatDetector.d.ts +39 -0
- package/dist/security/threatDetector.d.ts.map +1 -0
- package/dist/security/threatDetector.js +354 -0
- package/dist/security/threatDetector.js.map +1 -0
- package/dist/security/validation.d.ts +69 -0
- package/dist/security/validation.d.ts.map +1 -0
- package/dist/security/validation.js +286 -0
- package/dist/security/validation.js.map +1 -0
- package/dist/server/api/clientsRoute.d.ts +9 -0
- package/dist/server/api/clientsRoute.d.ts.map +1 -0
- package/dist/server/api/clientsRoute.js +71 -0
- package/dist/server/api/clientsRoute.js.map +1 -0
- package/dist/server/api/endpointsRoute.d.ts +8 -0
- package/dist/server/api/endpointsRoute.d.ts.map +1 -0
- package/dist/server/api/endpointsRoute.js +76 -0
- package/dist/server/api/endpointsRoute.js.map +1 -0
- package/dist/server/api/graphql.d.ts +9 -0
- package/dist/server/api/graphql.d.ts.map +1 -0
- package/dist/server/api/graphql.js +180 -0
- package/dist/server/api/graphql.js.map +1 -0
- package/dist/server/errors.d.ts +19 -0
- package/dist/server/errors.d.ts.map +1 -0
- package/dist/server/errors.js +42 -0
- package/dist/server/errors.js.map +1 -0
- package/dist/server/index.d.ts +7 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +24 -0
- package/dist/server/index.js.map +1 -0
- package/dist/server/kvStore.d.ts +27 -0
- package/dist/server/kvStore.d.ts.map +1 -0
- package/dist/server/kvStore.js +128 -0
- package/dist/server/kvStore.js.map +1 -0
- package/dist/server/runtimeSecurity.d.ts +28 -0
- package/dist/server/runtimeSecurity.d.ts.map +1 -0
- package/dist/server/runtimeSecurity.js +85 -0
- package/dist/server/runtimeSecurity.js.map +1 -0
- package/dist/server/types.d.ts +53 -0
- package/dist/server/types.d.ts.map +1 -0
- package/dist/server/types.js +8 -0
- package/dist/server/types.js.map +1 -0
- package/dist/types/executionContext.d.ts +16 -0
- package/dist/types/executionContext.d.ts.map +1 -0
- package/dist/types/executionContext.js +3 -0
- package/dist/types/executionContext.js.map +1 -0
- package/package.json +77 -0
- package/src/agents/agentRegistry.ts +272 -0
- package/src/agents/image-agent.yaml +86 -0
- package/src/agents/joker-agent.yaml +47 -0
- package/src/agents/translator-agent.yaml +80 -0
- package/src/audit/auditTrail.ts +134 -0
- package/src/compliance/gdprEngine.ts +209 -0
- package/src/compliance/lgpdEngine.ts +268 -0
- package/src/config.ts +179 -0
- package/src/errors.ts +35 -0
- package/src/firebase/tenantManager.ts +443 -0
- package/src/index.ts +125 -0
- package/src/integration/secure-yaml-runtime.ts +341 -0
- package/src/parser/secure-yaml-parser.ts +273 -0
- package/src/performance/autoscaling.ts +495 -0
- package/src/performance/benchmark.ts +644 -0
- package/src/performance/index.ts +34 -0
- package/src/performance/monitor.ts +469 -0
- package/src/performance/streaming.ts +317 -0
- package/src/runtime/audit.ts +907 -0
- package/src/runtime/declarativeAgentRuntime.ts +836 -0
- package/src/runtime/isolatedRuntime.ts +572 -0
- package/src/runtime/schemaCompiler.ts +228 -0
- package/src/runtime/simpleRuntime.ts +201 -0
- package/src/security/dashboard.ts +462 -0
- package/src/security/hardening.ts +560 -0
- package/src/security/index.ts +439 -0
- package/src/security/monitor.ts +490 -0
- package/src/security/scanner.ts +368 -0
- package/src/security/score.ts +1138 -0
- package/src/security/threatDetector.ts +481 -0
- package/src/security/validation.ts +365 -0
- package/src/server/api/clientsRoute.ts +92 -0
- package/src/server/api/endpointsRoute.ts +97 -0
- package/src/server/api/graphql.ts +249 -0
- package/src/server/errors.ts +38 -0
- package/src/server/index.ts +6 -0
- package/src/server/kvStore.ts +152 -0
- package/src/server/runtimeSecurity.ts +102 -0
- package/src/server/types.ts +60 -0
- package/src/types/executionContext.ts +16 -0
- package/tools/seed.ts +365 -0
- package/tools/test-endpoints.ts +174 -0
|
@@ -0,0 +1,490 @@
|
|
|
1
|
+
import { EventEmitter } from "events";
|
|
2
|
+
import { AuditTrail } from "../audit/auditTrail";
|
|
3
|
+
import { runtimeConfig } from "../config";
|
|
4
|
+
|
|
5
|
+
export interface SecurityEvent {
|
|
6
|
+
id: string;
|
|
7
|
+
tenantId: string;
|
|
8
|
+
operation: string;
|
|
9
|
+
metadata: any;
|
|
10
|
+
timestamp: Date;
|
|
11
|
+
riskScore: number;
|
|
12
|
+
alertLevel: AlertLevel;
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
export enum AlertLevel {
|
|
16
|
+
INFO = "info",
|
|
17
|
+
WARNING = "warning",
|
|
18
|
+
CRITICAL = "critical",
|
|
19
|
+
EMERGENCY = "emergency",
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
export interface ThreatAnalysis {
|
|
23
|
+
riskScore: number;
|
|
24
|
+
threatType: string;
|
|
25
|
+
confidence: number;
|
|
26
|
+
recommendations: string[];
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
export class SecurityMonitor extends EventEmitter {
|
|
30
|
+
private static instance: SecurityMonitor;
|
|
31
|
+
private threatDetector: ThreatDetectionEngine;
|
|
32
|
+
private alertManager: AlertManager;
|
|
33
|
+
private metricsCollector: MetricsCollector;
|
|
34
|
+
private isMonitoring: boolean = false;
|
|
35
|
+
private auditTrail: AuditTrail;
|
|
36
|
+
private securityConfig: any;
|
|
37
|
+
|
|
38
|
+
constructor() {
|
|
39
|
+
super();
|
|
40
|
+
this.threatDetector = new ThreatDetectionEngine();
|
|
41
|
+
this.alertManager = new AlertManager();
|
|
42
|
+
this.metricsCollector = new MetricsCollector();
|
|
43
|
+
this.auditTrail = new AuditTrail();
|
|
44
|
+
this.securityConfig = {
|
|
45
|
+
alertThreshold: runtimeConfig.securityScore >= 9.5 ? 0.7 : 0.6,
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
static getInstance(): SecurityMonitor {
|
|
50
|
+
if (!SecurityMonitor.instance) {
|
|
51
|
+
SecurityMonitor.instance = new SecurityMonitor();
|
|
52
|
+
}
|
|
53
|
+
return SecurityMonitor.instance;
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
public startMonitoring(): void {
|
|
57
|
+
if (this.isMonitoring) {
|
|
58
|
+
return;
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
this.isMonitoring = true;
|
|
62
|
+
this.emit("monitoringStarted", { timestamp: new Date() });
|
|
63
|
+
this.logEvent("system", "monitoring_started", { version: "2025.1.0" });
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
public stopMonitoring(): void {
|
|
67
|
+
if (!this.isMonitoring) {
|
|
68
|
+
return;
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
this.isMonitoring = false;
|
|
72
|
+
this.emit("monitoringStopped", { timestamp: new Date() });
|
|
73
|
+
this.logEvent("system", "monitoring_stopped", { reason: "manual" });
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
public isMonitoringActive(): boolean {
|
|
77
|
+
return this.isMonitoring;
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
public async monitorActivity(
|
|
81
|
+
tenantId: string,
|
|
82
|
+
operation: string,
|
|
83
|
+
metadata: any
|
|
84
|
+
): Promise<SecurityEvent> {
|
|
85
|
+
if (!this.isMonitoring) {
|
|
86
|
+
throw new Error("Security monitoring is not active");
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
const eventId = this.generateEventId();
|
|
90
|
+
const timestamp = new Date();
|
|
91
|
+
|
|
92
|
+
// Perform threat analysis
|
|
93
|
+
const threatAnalysis = await this.threatDetector.analyze(
|
|
94
|
+
tenantId,
|
|
95
|
+
operation,
|
|
96
|
+
metadata
|
|
97
|
+
);
|
|
98
|
+
|
|
99
|
+
const securityEvent: SecurityEvent = {
|
|
100
|
+
id: eventId,
|
|
101
|
+
tenantId,
|
|
102
|
+
operation,
|
|
103
|
+
metadata,
|
|
104
|
+
timestamp,
|
|
105
|
+
riskScore: threatAnalysis.riskScore,
|
|
106
|
+
alertLevel: this.determineAlertLevel(threatAnalysis.riskScore),
|
|
107
|
+
};
|
|
108
|
+
|
|
109
|
+
// Log to audit trail
|
|
110
|
+
await this.logSecurityEvent(securityEvent);
|
|
111
|
+
|
|
112
|
+
// Check if alert needs to be triggered
|
|
113
|
+
if (securityEvent.riskScore > this.securityConfig.alertThreshold) {
|
|
114
|
+
await this.triggerSecurityAlert(securityEvent);
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
// Emit event for real-time dashboards
|
|
118
|
+
this.emit("securityEvent", securityEvent);
|
|
119
|
+
this.metricsCollector.recordEvent(securityEvent);
|
|
120
|
+
|
|
121
|
+
return securityEvent;
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
private generateEventId(): string {
|
|
125
|
+
return `sec-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
private determineAlertLevel(riskScore: number): AlertLevel {
|
|
129
|
+
if (riskScore >= 0.9) return AlertLevel.EMERGENCY;
|
|
130
|
+
if (riskScore >= 0.7) return AlertLevel.CRITICAL;
|
|
131
|
+
if (riskScore >= 0.4) return AlertLevel.WARNING;
|
|
132
|
+
return AlertLevel.INFO;
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
private async logSecurityEvent(event: SecurityEvent): Promise<void> {
|
|
136
|
+
await this.auditTrail.logOperation({
|
|
137
|
+
operationId: event.id,
|
|
138
|
+
tenantId: event.tenantId,
|
|
139
|
+
operation: `security_${event.operation}`,
|
|
140
|
+
data: {
|
|
141
|
+
metadata: event.metadata,
|
|
142
|
+
riskScore: event.riskScore,
|
|
143
|
+
alertLevel: event.alertLevel,
|
|
144
|
+
},
|
|
145
|
+
timestamp: event.timestamp,
|
|
146
|
+
success: true,
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
private async triggerSecurityAlert(event: SecurityEvent): Promise<void> {
|
|
151
|
+
await this.alertManager.sendAlert(event);
|
|
152
|
+
this.emit("securityAlert", event);
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
public async logEvent(
|
|
156
|
+
tenantId: string,
|
|
157
|
+
operation: string,
|
|
158
|
+
metadata: any,
|
|
159
|
+
riskScore: number = 0.1
|
|
160
|
+
): Promise<SecurityEvent> {
|
|
161
|
+
return this.monitorActivity(tenantId, operation, metadata);
|
|
162
|
+
}
|
|
163
|
+
|
|
164
|
+
public getMetrics() {
|
|
165
|
+
return this.metricsCollector.getMetrics();
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
public getThreatStatistics() {
|
|
169
|
+
return this.threatDetector.getStatistics();
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
// Supporting Classes
|
|
174
|
+
|
|
175
|
+
export class ThreatDetectionEngine {
|
|
176
|
+
private patterns: Map<string, RegExp> = new Map();
|
|
177
|
+
private anomalyDetector: AnomalyDetector;
|
|
178
|
+
private mlModel: ThreatMLModel;
|
|
179
|
+
|
|
180
|
+
constructor() {
|
|
181
|
+
this.initializePatterns();
|
|
182
|
+
this.anomalyDetector = new AnomalyDetector();
|
|
183
|
+
this.mlModel = new ThreatMLModel();
|
|
184
|
+
}
|
|
185
|
+
|
|
186
|
+
private initializePatterns(): void {
|
|
187
|
+
this.patterns.set(
|
|
188
|
+
"brute_force",
|
|
189
|
+
/multiple_failed_attempts|rapid_login_sequence/i
|
|
190
|
+
);
|
|
191
|
+
this.patterns.set(
|
|
192
|
+
"sql_injection",
|
|
193
|
+
/union.*select|drop.*table|exec.*\(.*\)/i
|
|
194
|
+
);
|
|
195
|
+
this.patterns.set(
|
|
196
|
+
"data_exfiltration",
|
|
197
|
+
/bulk.*export|mass.*download|unusual.*access/i
|
|
198
|
+
);
|
|
199
|
+
this.patterns.set(
|
|
200
|
+
"cross_tenant",
|
|
201
|
+
/cross.*tenant|tenant.*injection|unauthorized.*access/i
|
|
202
|
+
);
|
|
203
|
+
this.patterns.set(
|
|
204
|
+
"lgpd_violation",
|
|
205
|
+
/unauthorized.*data|consent.*violation|retention.*breach/i
|
|
206
|
+
);
|
|
207
|
+
}
|
|
208
|
+
|
|
209
|
+
public async analyze(
|
|
210
|
+
tenantId: string,
|
|
211
|
+
operation: string,
|
|
212
|
+
metadata: any
|
|
213
|
+
): Promise<ThreatAnalysis> {
|
|
214
|
+
let riskScore = 0.1; // Base risk
|
|
215
|
+
let threatType = "low_risk";
|
|
216
|
+
let confidence = 0.9;
|
|
217
|
+
|
|
218
|
+
// Pattern matching
|
|
219
|
+
for (const [patternName, pattern] of this.patterns) {
|
|
220
|
+
if (pattern.test(operation) || pattern.test(JSON.stringify(metadata))) {
|
|
221
|
+
riskScore += patternName === "emergency" ? 0.8 : 0.4;
|
|
222
|
+
threatType = patternName;
|
|
223
|
+
break;
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
|
|
227
|
+
// Anomaly detection
|
|
228
|
+
const anomalyScore = await this.anomalyDetector.detectAnomaly(
|
|
229
|
+
tenantId,
|
|
230
|
+
operation,
|
|
231
|
+
metadata
|
|
232
|
+
);
|
|
233
|
+
riskScore += anomalyScore * 0.3;
|
|
234
|
+
|
|
235
|
+
// ML model prediction
|
|
236
|
+
const mlScore = await this.mlModel.predict(tenantId, operation, metadata);
|
|
237
|
+
riskScore += mlScore * 0.2;
|
|
238
|
+
|
|
239
|
+
// Cap risk score at 1.0
|
|
240
|
+
riskScore = Math.min(riskScore, 1.0);
|
|
241
|
+
|
|
242
|
+
const recommendations = this.generateRecommendations(riskScore, threatType);
|
|
243
|
+
|
|
244
|
+
return {
|
|
245
|
+
riskScore,
|
|
246
|
+
threatType,
|
|
247
|
+
confidence,
|
|
248
|
+
recommendations,
|
|
249
|
+
};
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
private generateRecommendations(
|
|
253
|
+
riskScore: number,
|
|
254
|
+
threatType: string
|
|
255
|
+
): string[] {
|
|
256
|
+
const recommendations: string[] = [];
|
|
257
|
+
|
|
258
|
+
if (riskScore > 0.7) {
|
|
259
|
+
recommendations.push("Immediate investigation required");
|
|
260
|
+
recommendations.push("Consider tenant isolation");
|
|
261
|
+
recommendations.push("Notify security team");
|
|
262
|
+
} else if (riskScore > 0.4) {
|
|
263
|
+
recommendations.push("Monitor closely");
|
|
264
|
+
recommendations.push("Check access logs");
|
|
265
|
+
recommendations.push("Review permissions");
|
|
266
|
+
} else {
|
|
267
|
+
recommendations.push("Routine monitoring");
|
|
268
|
+
recommendations.push("Document pattern");
|
|
269
|
+
}
|
|
270
|
+
|
|
271
|
+
return recommendations;
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
public getStatistics() {
|
|
275
|
+
return {
|
|
276
|
+
patternsLoaded: this.patterns.size,
|
|
277
|
+
lastUpdate: new Date().toISOString(),
|
|
278
|
+
mlModelVersion: "2025.1.0",
|
|
279
|
+
};
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
|
|
283
|
+
export class AnomalyDetector {
|
|
284
|
+
private normalPatterns: Map<string, any[]> = new Map();
|
|
285
|
+
private anomalyThreshold: number = 2.5;
|
|
286
|
+
|
|
287
|
+
public async detectAnomaly(
|
|
288
|
+
tenantId: string,
|
|
289
|
+
operation: string,
|
|
290
|
+
metadata: any
|
|
291
|
+
): Promise<number> {
|
|
292
|
+
const key = `${tenantId}:${operation}`;
|
|
293
|
+
const currentTime = new Date().getTime();
|
|
294
|
+
|
|
295
|
+
if (!this.normalPatterns.has(key)) {
|
|
296
|
+
this.normalPatterns.set(key, []);
|
|
297
|
+
}
|
|
298
|
+
|
|
299
|
+
const patterns = this.normalPatterns.get(key)!;
|
|
300
|
+
|
|
301
|
+
// Simple time-based anomaly detection
|
|
302
|
+
if (patterns.length > 10) {
|
|
303
|
+
const timeInterval =
|
|
304
|
+
currentTime - patterns[patterns.length - 1].timestamp;
|
|
305
|
+
|
|
306
|
+
// Check if current operation is happening too frequently
|
|
307
|
+
if (timeInterval < 1000) {
|
|
308
|
+
// Less than 1 second
|
|
309
|
+
return 0.6; // High anomaly score
|
|
310
|
+
}
|
|
311
|
+
|
|
312
|
+
// Check for unusual velocity
|
|
313
|
+
const intervals = [];
|
|
314
|
+
for (let i = 1; i < patterns.length; i++) {
|
|
315
|
+
intervals.push(patterns[i].timestamp - patterns[i - 1].timestamp);
|
|
316
|
+
}
|
|
317
|
+
|
|
318
|
+
const avgInterval =
|
|
319
|
+
intervals.reduce((a, b) => a + b, 0) / intervals.length;
|
|
320
|
+
const currentDeviation =
|
|
321
|
+
Math.abs(timeInterval - avgInterval) / avgInterval;
|
|
322
|
+
|
|
323
|
+
if (currentDeviation > this.anomalyThreshold) {
|
|
324
|
+
return 0.4;
|
|
325
|
+
}
|
|
326
|
+
}
|
|
327
|
+
|
|
328
|
+
// Store current pattern
|
|
329
|
+
patterns.push({
|
|
330
|
+
timestamp: currentTime,
|
|
331
|
+
metadata: metadata,
|
|
332
|
+
});
|
|
333
|
+
|
|
334
|
+
// Keep only recent patterns (last 24 hours)
|
|
335
|
+
const cutoff = currentTime - 24 * 60 * 60 * 1000;
|
|
336
|
+
this.normalPatterns.set(
|
|
337
|
+
key,
|
|
338
|
+
patterns.filter((p) => p.timestamp > cutoff)
|
|
339
|
+
);
|
|
340
|
+
|
|
341
|
+
return 0.0; // Normal behavior
|
|
342
|
+
}
|
|
343
|
+
}
|
|
344
|
+
|
|
345
|
+
export class ThreatMLModel {
|
|
346
|
+
private modelWeights: Map<string, number> = new Map();
|
|
347
|
+
|
|
348
|
+
constructor() {
|
|
349
|
+
this.initializeModel();
|
|
350
|
+
}
|
|
351
|
+
|
|
352
|
+
private initializeModel(): void {
|
|
353
|
+
// Simplified ML model weights
|
|
354
|
+
this.modelWeights.set("tenant_historical_access", 0.3);
|
|
355
|
+
this.modelWeights.set("operation_frequency", 0.4);
|
|
356
|
+
this.modelWeights.set("metadata_complexity", 0.2);
|
|
357
|
+
this.modelWeights.set("time_based_anomaly", 0.1);
|
|
358
|
+
}
|
|
359
|
+
|
|
360
|
+
public async predict(
|
|
361
|
+
tenantId: string,
|
|
362
|
+
operation: string,
|
|
363
|
+
metadata: any
|
|
364
|
+
): Promise<number> {
|
|
365
|
+
// Simplified ML prediction
|
|
366
|
+
let score = 0.0;
|
|
367
|
+
|
|
368
|
+
// Higher risk for operations outside business hours
|
|
369
|
+
const hour = new Date().getHours();
|
|
370
|
+
if (hour < 6 || hour > 22) {
|
|
371
|
+
score += 0.3;
|
|
372
|
+
}
|
|
373
|
+
|
|
374
|
+
// Higher risk for complex metadata
|
|
375
|
+
if (JSON.stringify(metadata).length > 1000) {
|
|
376
|
+
score += 0.2;
|
|
377
|
+
}
|
|
378
|
+
|
|
379
|
+
// Higher risk for bulk operations
|
|
380
|
+
if (operation.includes("bulk") || operation.includes("mass")) {
|
|
381
|
+
score += 0.4;
|
|
382
|
+
}
|
|
383
|
+
|
|
384
|
+
// Higher risk for cross-tenant operations
|
|
385
|
+
if (operation.includes("cross") || operation.includes("tenant")) {
|
|
386
|
+
score += 0.5;
|
|
387
|
+
}
|
|
388
|
+
|
|
389
|
+
return Math.min(score, 0.8);
|
|
390
|
+
}
|
|
391
|
+
}
|
|
392
|
+
|
|
393
|
+
export class AlertManager {
|
|
394
|
+
private alertHistory: Map<string, SecurityEvent[]> = new Map();
|
|
395
|
+
private readonly MAX_ALERTS_PER_TENANT = 100;
|
|
396
|
+
|
|
397
|
+
public async sendAlert(event: SecurityEvent): Promise<void> {
|
|
398
|
+
const key = event.tenantId;
|
|
399
|
+
|
|
400
|
+
if (!this.alertHistory.has(key)) {
|
|
401
|
+
this.alertHistory.set(key, []);
|
|
402
|
+
}
|
|
403
|
+
|
|
404
|
+
const alerts = this.alertHistory.get(key)!;
|
|
405
|
+
alerts.push(event);
|
|
406
|
+
|
|
407
|
+
// Keep only recent alerts
|
|
408
|
+
if (alerts.length > this.MAX_ALERTS_PER_TENANT) {
|
|
409
|
+
alerts.shift();
|
|
410
|
+
}
|
|
411
|
+
|
|
412
|
+
// Log the alert
|
|
413
|
+
console.warn(
|
|
414
|
+
`[SECURITY_ALERT] Tenant: ${event.tenantId}, Risk: ${event.riskScore}, Operation: ${event.operation}`
|
|
415
|
+
);
|
|
416
|
+
}
|
|
417
|
+
|
|
418
|
+
public getAlertHistory(tenantId: string): SecurityEvent[] {
|
|
419
|
+
return this.alertHistory.get(tenantId) || [];
|
|
420
|
+
}
|
|
421
|
+
|
|
422
|
+
public getAlertSummary(): Record<string, any> {
|
|
423
|
+
const summary: Record<string, any> = {};
|
|
424
|
+
for (const [tenantId, alerts] of this.alertHistory) {
|
|
425
|
+
summary[tenantId] = {
|
|
426
|
+
totalAlerts: alerts.length,
|
|
427
|
+
criticalAlerts: alerts.filter((a) => a.riskScore > 0.7).length,
|
|
428
|
+
lastAlert: alerts[alerts.length - 1]?.timestamp,
|
|
429
|
+
};
|
|
430
|
+
}
|
|
431
|
+
return summary;
|
|
432
|
+
}
|
|
433
|
+
}
|
|
434
|
+
|
|
435
|
+
export class MetricsCollector {
|
|
436
|
+
private metrics: any = {
|
|
437
|
+
totalEvents: 0,
|
|
438
|
+
totalAlerts: 0,
|
|
439
|
+
alertsByLevel: {
|
|
440
|
+
info: 0,
|
|
441
|
+
warning: 0,
|
|
442
|
+
critical: 0,
|
|
443
|
+
emergency: 0,
|
|
444
|
+
},
|
|
445
|
+
averageRiskScore: 0,
|
|
446
|
+
lastUpdate: null,
|
|
447
|
+
};
|
|
448
|
+
|
|
449
|
+
public recordEvent(event: SecurityEvent): void {
|
|
450
|
+
this.metrics.totalEvents++;
|
|
451
|
+
this.metrics.totalAlerts += event.riskScore > 0.7 ? 1 : 0;
|
|
452
|
+
this.metrics.alertsByLevel[event.alertLevel]++;
|
|
453
|
+
|
|
454
|
+
// Update average risk score
|
|
455
|
+
this.metrics.averageRiskScore =
|
|
456
|
+
(this.metrics.averageRiskScore * (this.metrics.totalEvents - 1) +
|
|
457
|
+
event.riskScore) /
|
|
458
|
+
this.metrics.totalEvents;
|
|
459
|
+
|
|
460
|
+
this.metrics.lastUpdate = new Date().toISOString();
|
|
461
|
+
}
|
|
462
|
+
|
|
463
|
+
public getMetrics(): any {
|
|
464
|
+
return {
|
|
465
|
+
...this.metrics,
|
|
466
|
+
alertRate:
|
|
467
|
+
this.metrics.totalEvents > 0
|
|
468
|
+
? this.metrics.totalAlerts / this.metrics.totalEvents
|
|
469
|
+
: 0,
|
|
470
|
+
};
|
|
471
|
+
}
|
|
472
|
+
|
|
473
|
+
public resetMetrics(): void {
|
|
474
|
+
this.metrics = {
|
|
475
|
+
totalEvents: 0,
|
|
476
|
+
totalAlerts: 0,
|
|
477
|
+
alertsByLevel: {
|
|
478
|
+
info: 0,
|
|
479
|
+
warning: 0,
|
|
480
|
+
critical: 0,
|
|
481
|
+
emergency: 0,
|
|
482
|
+
},
|
|
483
|
+
averageRiskScore: 0,
|
|
484
|
+
lastUpdate: null,
|
|
485
|
+
};
|
|
486
|
+
}
|
|
487
|
+
}
|
|
488
|
+
|
|
489
|
+
// Export singleton instance
|
|
490
|
+
export const securityMonitor = SecurityMonitor.getInstance();
|