helixmind 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +47 -0
- package/dist/cli/agent/autonomous.d.ts +14 -0
- package/dist/cli/agent/autonomous.d.ts.map +1 -1
- package/dist/cli/agent/autonomous.js +22 -0
- package/dist/cli/agent/autonomous.js.map +1 -1
- package/dist/cli/agent/monitor/alerter.d.ts +29 -0
- package/dist/cli/agent/monitor/alerter.d.ts.map +1 -0
- package/dist/cli/agent/monitor/alerter.js +80 -0
- package/dist/cli/agent/monitor/alerter.js.map +1 -0
- package/dist/cli/agent/monitor/baseline.d.ts +14 -0
- package/dist/cli/agent/monitor/baseline.d.ts.map +1 -0
- package/dist/cli/agent/monitor/baseline.js +157 -0
- package/dist/cli/agent/monitor/baseline.js.map +1 -0
- package/dist/cli/agent/monitor/prompts.d.ts +9 -0
- package/dist/cli/agent/monitor/prompts.d.ts.map +1 -0
- package/dist/cli/agent/monitor/prompts.js +103 -0
- package/dist/cli/agent/monitor/prompts.js.map +1 -0
- package/dist/cli/agent/monitor/responder.d.ts +12 -0
- package/dist/cli/agent/monitor/responder.d.ts.map +1 -0
- package/dist/cli/agent/monitor/responder.js +59 -0
- package/dist/cli/agent/monitor/responder.js.map +1 -0
- package/dist/cli/agent/monitor/scanner.d.ts +18 -0
- package/dist/cli/agent/monitor/scanner.d.ts.map +1 -0
- package/dist/cli/agent/monitor/scanner.js +81 -0
- package/dist/cli/agent/monitor/scanner.js.map +1 -0
- package/dist/cli/agent/monitor/types.d.ts +119 -0
- package/dist/cli/agent/monitor/types.d.ts.map +1 -0
- package/dist/cli/agent/monitor/types.js +5 -0
- package/dist/cli/agent/monitor/types.js.map +1 -0
- package/dist/cli/agent/monitor/watcher.d.ts +4 -0
- package/dist/cli/agent/monitor/watcher.d.ts.map +1 -0
- package/dist/cli/agent/monitor/watcher.js +214 -0
- package/dist/cli/agent/monitor/watcher.js.map +1 -0
- package/dist/cli/brain/control-protocol.d.ts +47 -1
- package/dist/cli/brain/control-protocol.d.ts.map +1 -1
- package/dist/cli/brain/control-protocol.js.map +1 -1
- package/dist/cli/brain/generator.d.ts +14 -0
- package/dist/cli/brain/generator.d.ts.map +1 -1
- package/dist/cli/brain/generator.js +40 -0
- package/dist/cli/brain/generator.js.map +1 -1
- package/dist/cli/checkpoints/browser.d.ts +3 -4
- package/dist/cli/checkpoints/browser.d.ts.map +1 -1
- package/dist/cli/checkpoints/browser.js +162 -135
- package/dist/cli/checkpoints/browser.js.map +1 -1
- package/dist/cli/checkpoints/store.js +1 -1
- package/dist/cli/checkpoints/store.js.map +1 -1
- package/dist/cli/commands/chat.d.ts.map +1 -1
- package/dist/cli/commands/chat.js +292 -34
- package/dist/cli/commands/chat.js.map +1 -1
- package/dist/cli/ui/activity.d.ts.map +1 -1
- package/dist/cli/ui/activity.js +11 -5
- package/dist/cli/ui/activity.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -74,6 +74,34 @@ AI can **edit files, run commands, commit changes, and browse the web** — with
|
|
|
74
74
|
### 🌍 Web Knowledge
|
|
75
75
|
**Cloud-enriched context** — topic detection, web search, content extraction, and automatic knowledge integration.
|
|
76
76
|
|
|
77
|
+
</td>
|
|
78
|
+
</tr>
|
|
79
|
+
<tr>
|
|
80
|
+
<td width="50%">
|
|
81
|
+
|
|
82
|
+
### 🐛 Bug Tracking
|
|
83
|
+
**Automatic bug detection** and persistent journal — track bugs across sessions with evidence and status.
|
|
84
|
+
|
|
85
|
+
</td>
|
|
86
|
+
<td width="50%">
|
|
87
|
+
|
|
88
|
+
### 💾 Checkpoints & Sessions
|
|
89
|
+
**Save and revert** to any checkpoint, multi-session tab view, session lifecycle management.
|
|
90
|
+
|
|
91
|
+
</td>
|
|
92
|
+
</tr>
|
|
93
|
+
<tr>
|
|
94
|
+
<td width="50%">
|
|
95
|
+
|
|
96
|
+
### 🌐 Browser Automation
|
|
97
|
+
**Puppeteer-based browser control** — navigate, click, type, screenshot, visual analysis with Chrome integration.
|
|
98
|
+
|
|
99
|
+
</td>
|
|
100
|
+
<td width="50%">
|
|
101
|
+
|
|
102
|
+
### 🔐 Authentication & Security
|
|
103
|
+
**OAuth login, API keys, feature gating** — secure access control with subscription tier enforcement.
|
|
104
|
+
|
|
77
105
|
</td>
|
|
78
106
|
</tr>
|
|
79
107
|
</table>
|
|
@@ -131,7 +159,9 @@ npx helixmind feed src/ --watch
|
|
|
131
159
|
| `helixmind chat --yolo` | 🚀 Auto-approve all operations |
|
|
132
160
|
| `helixmind chat --no-validation` | 🔇 Disable output validation |
|
|
133
161
|
| `helixmind chat --validation-verbose` | 🔍 Detailed validation output |
|
|
162
|
+
| `helixmind chat --validation-strict` | 🚫 Treat validation warnings as errors |
|
|
134
163
|
| `helixmind feed [paths...]` | 📂 Feed files/dirs into spiral |
|
|
164
|
+
| `helixmind feed --deep` | 🔍 Deep analysis with intent detection |
|
|
135
165
|
| `helixmind feed --watch` | 👁️ Watch and auto-update spiral |
|
|
136
166
|
| `helixmind spiral status` | 📊 Show spiral metrics |
|
|
137
167
|
| `helixmind spiral search <query>` | 🔎 Search spiral context |
|
|
@@ -301,6 +331,23 @@ npm run dev
|
|
|
301
331
|
|
|
302
332
|
---
|
|
303
333
|
|
|
334
|
+
## 📚 Documentation
|
|
335
|
+
|
|
336
|
+
Complete documentation is available in the web dashboard and includes:
|
|
337
|
+
|
|
338
|
+
| Category | Topics |
|
|
339
|
+
|:---------|:-------|
|
|
340
|
+
| **Core Concepts** | Spiral Memory, Validation Matrix, Web Knowledge, Bug Tracking, Browser Automation |
|
|
341
|
+
| **Usage Guides** | Getting Started, Configuration, Authentication, Project Setup |
|
|
342
|
+
| **Advanced** | Autonomous Modes, Agent Tools, MCP Integration, SWE-Bench |
|
|
343
|
+
| **Reference** | CLI Commands, Slash Commands, Permission System, Export/Import |
|
|
344
|
+
|
|
345
|
+
**Web Dashboard Docs**: Start the web dashboard (`cd web && npm run dev`) and navigate to `/docs`.
|
|
346
|
+
|
|
347
|
+
**CLI Help**: Use `helixmind --help` or `helixmind chat --help` for command reference.
|
|
348
|
+
|
|
349
|
+
---
|
|
350
|
+
|
|
304
351
|
## 📄 License
|
|
305
352
|
|
|
306
353
|
[AGPL-3.0](LICENSE) — Free for open-source use. Commercial licenses available.
|
|
@@ -7,4 +7,18 @@ export interface AutonomousCallbacks {
|
|
|
7
7
|
updateStatus: () => void;
|
|
8
8
|
}
|
|
9
9
|
export declare function runAutonomousLoop(callbacks: AutonomousCallbacks, initialGoal?: string): Promise<number>;
|
|
10
|
+
export declare const MONITOR_MODES: readonly [{
|
|
11
|
+
readonly key: "passive";
|
|
12
|
+
readonly label: "🔍 Passive";
|
|
13
|
+
readonly description: "Read-only, alerts only";
|
|
14
|
+
}, {
|
|
15
|
+
readonly key: "defensive";
|
|
16
|
+
readonly label: "🛡️ Defensive";
|
|
17
|
+
readonly description: "Auto-block attacks, rotate secrets";
|
|
18
|
+
}, {
|
|
19
|
+
readonly key: "active";
|
|
20
|
+
readonly label: "⚔️ Active";
|
|
21
|
+
readonly description: "+ Honeypots, counter-intel, deception";
|
|
22
|
+
}];
|
|
23
|
+
export declare const MONITOR_WARNINGS: Record<string, string[]>;
|
|
10
24
|
//# sourceMappingURL=autonomous.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"autonomous.d.ts","sourceRoot":"","sources":["../../../src/cli/agent/autonomous.ts"],"names":[],"mappings":"AAqCA,eAAO,MAAM,eAAe,sqCAoB+C,CAAC;AAE5E,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACjD,SAAS,EAAE,MAAM,OAAO,CAAC;IACzB,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IACtC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACrD,YAAY,EAAE,MAAM,IAAI,CAAC;CAC1B;AA+BD,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,mBAAmB,EAC9B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,CAiFjB"}
|
|
1
|
+
{"version":3,"file":"autonomous.d.ts","sourceRoot":"","sources":["../../../src/cli/agent/autonomous.ts"],"names":[],"mappings":"AAqCA,eAAO,MAAM,eAAe,sqCAoB+C,CAAC;AAE5E,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACjD,SAAS,EAAE,MAAM,OAAO,CAAC;IACzB,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IACtC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACrD,YAAY,EAAE,MAAM,IAAI,CAAC;CAC1B;AA+BD,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,mBAAmB,EAC9B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,CAiFjB;AAMD,eAAO,MAAM,aAAa;;;;;;;;;;;;EAIhB,CAAC;AAEX,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAarD,CAAC"}
|
|
@@ -157,6 +157,28 @@ export async function runAutonomousLoop(callbacks, initialGoal) {
|
|
|
157
157
|
}
|
|
158
158
|
return completed.length;
|
|
159
159
|
}
|
|
160
|
+
// ---------------------------------------------------------------------------
|
|
161
|
+
// Monitor mode helpers
|
|
162
|
+
// ---------------------------------------------------------------------------
|
|
163
|
+
export const MONITOR_MODES = [
|
|
164
|
+
{ key: 'passive', label: '\u{1F50D} Passive', description: 'Read-only, alerts only' },
|
|
165
|
+
{ key: 'defensive', label: '\u{1F6E1}\uFE0F Defensive', description: 'Auto-block attacks, rotate secrets' },
|
|
166
|
+
{ key: 'active', label: '\u2694\uFE0F Active', description: '+ Honeypots, counter-intel, deception' },
|
|
167
|
+
];
|
|
168
|
+
export const MONITOR_WARNINGS = {
|
|
169
|
+
defensive: [
|
|
170
|
+
'Block attacking IPs via iptables/fail2ban',
|
|
171
|
+
'Kill suspicious processes',
|
|
172
|
+
'Rotate compromised secrets',
|
|
173
|
+
'Write firewall rules',
|
|
174
|
+
],
|
|
175
|
+
active: [
|
|
176
|
+
'All defensive actions, plus:',
|
|
177
|
+
'Deploy honeypot services',
|
|
178
|
+
'Attacker profiling & counter-intel',
|
|
179
|
+
'Deception infrastructure',
|
|
180
|
+
],
|
|
181
|
+
};
|
|
160
182
|
function extractSummary(text) {
|
|
161
183
|
// Look for "DONE: ..." line
|
|
162
184
|
const doneMatch = text.match(/DONE:\s*(.+)/i);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"autonomous.js","sourceRoot":"","sources":["../../../src/cli/agent/autonomous.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;gGAe4E,CAAC;AAEjG,SAAS,cAAc,CAAC,SAAmB;IACzC,OAAO,qCAAqC,SAAS,CAAC,MAAM,GAAG,CAAC;;;EAGhE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;0EAMkB,CAAC;AAC3E,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAG;;;;;;;;;;;;;;;;;;;;2EAoB4C,CAAC;AAU5E,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO;;QAED,IAAI;;;;;;;;;4EASgE,CAAC;AAC7E,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,SAAmB;IAC3D,OAAO,qCAAqC,SAAS,CAAC,MAAM,GAAG,CAAC;;QAE1D,IAAI;;;EAGV,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;oDAKJ,CAAC;AACrD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,SAA8B,EAC9B,WAAoB;IAEpB,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAuB,WAAW,CAAC;IAE3C,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC;IACpB,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,4RAA4R,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7T,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,gCAAgC,CAAC,GAAG,IAAI,CAAC,CAAC;IAClH,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;QACpG,iDAAiD;QACjD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACxE,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,WAAW,GAAG,OAAO,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;IAChH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;QACpG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,0CAA0C,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;QAC1G,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,CAAC,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5G,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;IACpG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,CAAC;IACzG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,4RAA4R,CAAC,GAAG,MAAM,CAAC,CAAC;IAE/T,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;QAC9B,KAAK,EAAE,CAAC;QACR,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC9B,SAAS,CAAC,YAAY,EAAE,CAAC;QAEzB,IAAI,MAAc,CAAC;QACnB,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,wBAAwB,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAE1G,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACvD,IAAI,SAAS,CAAC,SAAS,EAAE;gBAAE,MAAM;YAEjC,gCAAgC;YAChC,IAAI,UAAU,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9C,IAAI,IAAI,EAAE,CAAC;oBACT,kDAAkD;oBAClD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,2BAA2B,SAAS,CAAC,MAAM,4CAA4C,CAAC,CAAC,CAAC;oBACjH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,IAAI,GAAG,SAAS,CAAC,CAAC,4CAA4C;oBAC9D,SAAS;gBACX,CAAC;qBAAM,CAAC;oBACN,0CAA0C;oBAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,4CAA4C,SAAS,CAAC,MAAM,kBAAkB,CAAC,CAAC,CAAC;oBACxG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,MAAM;gBACR,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;YAC3C,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAErC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,KAAK,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,SAAS,CAAC,SAAS,EAAE;gBAAE,MAAM;YACjC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,KAAK,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,IAAI,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,0CAA0C,SAAS,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC;QAC9F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,SAAS,CAAC,MAAM,CAAC;AAC1B,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,4BAA4B;IAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,gCAAgC;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnE,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/D,CAAC"}
|
|
1
|
+
{"version":3,"file":"autonomous.js","sourceRoot":"","sources":["../../../src/cli/agent/autonomous.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;gGAe4E,CAAC;AAEjG,SAAS,cAAc,CAAC,SAAmB;IACzC,OAAO,qCAAqC,SAAS,CAAC,MAAM,GAAG,CAAC;;;EAGhE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;0EAMkB,CAAC;AAC3E,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAG;;;;;;;;;;;;;;;;;;;;2EAoB4C,CAAC;AAU5E,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO;;QAED,IAAI;;;;;;;;;4EASgE,CAAC;AAC7E,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,SAAmB;IAC3D,OAAO,qCAAqC,SAAS,CAAC,MAAM,GAAG,CAAC;;QAE1D,IAAI;;;EAGV,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;oDAKJ,CAAC;AACrD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,SAA8B,EAC9B,WAAoB;IAEpB,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAuB,WAAW,CAAC;IAE3C,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC;IACpB,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,4RAA4R,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7T,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,gCAAgC,CAAC,GAAG,IAAI,CAAC,CAAC;IAClH,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;QACpG,iDAAiD;QACjD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACxE,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,WAAW,GAAG,OAAO,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;IAChH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;QACpG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,0CAA0C,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;QAC1G,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,CAAC,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5G,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;IACpG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,CAAC;IACzG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,4RAA4R,CAAC,GAAG,MAAM,CAAC,CAAC;IAE/T,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;QAC9B,KAAK,EAAE,CAAC;QACR,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC9B,SAAS,CAAC,YAAY,EAAE,CAAC;QAEzB,IAAI,MAAc,CAAC;QACnB,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,wBAAwB,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAE1G,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACvD,IAAI,SAAS,CAAC,SAAS,EAAE;gBAAE,MAAM;YAEjC,gCAAgC;YAChC,IAAI,UAAU,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9C,IAAI,IAAI,EAAE,CAAC;oBACT,kDAAkD;oBAClD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,2BAA2B,SAAS,CAAC,MAAM,4CAA4C,CAAC,CAAC,CAAC;oBACjH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,IAAI,GAAG,SAAS,CAAC,CAAC,4CAA4C;oBAC9D,SAAS;gBACX,CAAC;qBAAM,CAAC;oBACN,0CAA0C;oBAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,4CAA4C,SAAS,CAAC,MAAM,kBAAkB,CAAC,CAAC,CAAC;oBACxG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,MAAM;gBACR,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;YAC3C,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAErC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,KAAK,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,SAAS,CAAC,SAAS,EAAE;gBAAE,MAAM;YACjC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,KAAK,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,IAAI,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,0CAA0C,SAAS,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC;QAC9F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,SAAS,CAAC,MAAM,CAAC;AAC1B,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,EAAE,GAAG,EAAE,SAAkB,EAAE,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,wBAAwB,EAAE;IAC9F,EAAE,GAAG,EAAE,WAAoB,EAAE,KAAK,EAAE,2BAA2B,EAAE,WAAW,EAAE,oCAAoC,EAAE;IACpH,EAAE,GAAG,EAAE,QAAiB,EAAE,KAAK,EAAE,qBAAqB,EAAE,WAAW,EAAE,uCAAuC,EAAE;CACtG,CAAC;AAEX,MAAM,CAAC,MAAM,gBAAgB,GAA6B;IACxD,SAAS,EAAE;QACT,2CAA2C;QAC3C,2BAA2B;QAC3B,4BAA4B;QAC5B,sBAAsB;KACvB;IACD,MAAM,EAAE;QACN,8BAA8B;QAC9B,0BAA0B;QAC1B,oCAAoC;QACpC,0BAA0B;KAC3B;CACF,CAAC;AAEF,SAAS,cAAc,CAAC,IAAY;IAClC,4BAA4B;IAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,gCAAgC;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnE,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/D,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import type { ThreatEvent, DefenseRecord, ThreatSeverity, DefenseAction, ApprovalRequest } from './types.js';
|
|
2
|
+
export declare function getPendingApprovals(): ApprovalRequest[];
|
|
3
|
+
export declare function resolveApproval(requestId: string, approved: boolean): ApprovalRequest | undefined;
|
|
4
|
+
/**
|
|
5
|
+
* Push a threat event to all channels:
|
|
6
|
+
* 1. Brain visualization (as agent_finding)
|
|
7
|
+
* 2. Control protocol (for Web Dashboard)
|
|
8
|
+
*/
|
|
9
|
+
export declare function pushThreatEvent(threat: ThreatEvent): void;
|
|
10
|
+
/**
|
|
11
|
+
* Push a defense activation event.
|
|
12
|
+
*/
|
|
13
|
+
export declare function pushDefenseEvent(defense: DefenseRecord): void;
|
|
14
|
+
/**
|
|
15
|
+
* Push a monitor status update.
|
|
16
|
+
*/
|
|
17
|
+
export declare function pushMonitorStatus(status: {
|
|
18
|
+
mode: string;
|
|
19
|
+
uptime: number;
|
|
20
|
+
threatCount: number;
|
|
21
|
+
defenseCount: number;
|
|
22
|
+
lastScan: number;
|
|
23
|
+
}): void;
|
|
24
|
+
/**
|
|
25
|
+
* Request approval from the Web Dashboard for a defense action.
|
|
26
|
+
* Stores the request and pushes it to the web client.
|
|
27
|
+
*/
|
|
28
|
+
export declare function requestApproval(action: DefenseAction | string, reason: string, severity: ThreatSeverity): void;
|
|
29
|
+
//# sourceMappingURL=alerter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"alerter.d.ts","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/alerter.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAY7G,wBAAgB,mBAAmB,IAAI,eAAe,EAAE,CAEvD;AAED,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,GAAG,eAAe,GAAG,SAAS,CAMjG;AAMD;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,CAezD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAa7D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,IAAI,CAMP;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,aAAa,GAAG,MAAM,EAC9B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,cAAc,GACvB,IAAI,CAkBN"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Monitor System — Alert routing to Brain/Relay/Web.
|
|
3
|
+
*/
|
|
4
|
+
import { randomUUID } from 'node:crypto';
|
|
5
|
+
import { pushControlEvent as pushRawControlEvent, pushAgentFinding, } from '../../brain/generator.js';
|
|
6
|
+
// ---------------------------------------------------------------------------
|
|
7
|
+
// Pending approval requests
|
|
8
|
+
// ---------------------------------------------------------------------------
|
|
9
|
+
const pendingApprovals = new Map();
|
|
10
|
+
export function getPendingApprovals() {
|
|
11
|
+
return Array.from(pendingApprovals.values());
|
|
12
|
+
}
|
|
13
|
+
export function resolveApproval(requestId, approved) {
|
|
14
|
+
const req = pendingApprovals.get(requestId);
|
|
15
|
+
if (req) {
|
|
16
|
+
pendingApprovals.delete(requestId);
|
|
17
|
+
}
|
|
18
|
+
return req;
|
|
19
|
+
}
|
|
20
|
+
// ---------------------------------------------------------------------------
|
|
21
|
+
// Push functions
|
|
22
|
+
// ---------------------------------------------------------------------------
|
|
23
|
+
/**
|
|
24
|
+
* Push a threat event to all channels:
|
|
25
|
+
* 1. Brain visualization (as agent_finding)
|
|
26
|
+
* 2. Control protocol (for Web Dashboard)
|
|
27
|
+
*/
|
|
28
|
+
export function pushThreatEvent(threat) {
|
|
29
|
+
// Brain visualization — shows as finding popup
|
|
30
|
+
pushAgentFinding('Monitor', `[${threat.severity.toUpperCase()}] ${threat.title}: ${threat.details}`, threat.severity, threat.source);
|
|
31
|
+
// Control protocol — for Web Dashboard real-time updates
|
|
32
|
+
pushRawControlEvent({
|
|
33
|
+
type: 'threat_detected',
|
|
34
|
+
threat,
|
|
35
|
+
timestamp: Date.now(),
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Push a defense activation event.
|
|
40
|
+
*/
|
|
41
|
+
export function pushDefenseEvent(defense) {
|
|
42
|
+
pushAgentFinding('Monitor', `Defense: ${defense.action} → ${defense.target} (${defense.reason})`, 'info', defense.target);
|
|
43
|
+
pushRawControlEvent({
|
|
44
|
+
type: 'defense_activated',
|
|
45
|
+
defense,
|
|
46
|
+
timestamp: Date.now(),
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Push a monitor status update.
|
|
51
|
+
*/
|
|
52
|
+
export function pushMonitorStatus(status) {
|
|
53
|
+
pushRawControlEvent({
|
|
54
|
+
type: 'monitor_status',
|
|
55
|
+
...status,
|
|
56
|
+
timestamp: Date.now(),
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Request approval from the Web Dashboard for a defense action.
|
|
61
|
+
* Stores the request and pushes it to the web client.
|
|
62
|
+
*/
|
|
63
|
+
export function requestApproval(action, reason, severity) {
|
|
64
|
+
const request = {
|
|
65
|
+
id: randomUUID().slice(0, 8),
|
|
66
|
+
action: action,
|
|
67
|
+
target: reason,
|
|
68
|
+
reason,
|
|
69
|
+
severity,
|
|
70
|
+
timestamp: Date.now(),
|
|
71
|
+
expiresAt: Date.now() + 300_000, // 5 min expiry
|
|
72
|
+
};
|
|
73
|
+
pendingApprovals.set(request.id, request);
|
|
74
|
+
pushRawControlEvent({
|
|
75
|
+
type: 'approval_request',
|
|
76
|
+
request,
|
|
77
|
+
timestamp: Date.now(),
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
//# sourceMappingURL=alerter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"alerter.js","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/alerter.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EACL,gBAAgB,IAAI,mBAAmB,EACvC,gBAAgB,GACjB,MAAM,0BAA0B,CAAC;AAElC,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA2B,CAAC;AAE5D,MAAM,UAAU,mBAAmB;IACjC,OAAO,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,SAAiB,EAAE,QAAiB;IAClE,MAAM,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC5C,IAAI,GAAG,EAAE,CAAC;QACR,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,MAAmB;IACjD,+CAA+C;IAC/C,gBAAgB,CACd,SAAS,EACT,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,OAAO,EAAE,EACvE,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,MAAM,CACd,CAAC;IAEF,yDAAyD;IACzD,mBAAmB,CAAC;QAClB,IAAI,EAAE,iBAAiB;QACvB,MAAM;QACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAsB;IACrD,gBAAgB,CACd,SAAS,EACT,YAAY,OAAO,CAAC,MAAM,MAAM,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,EACpE,MAAM,EACN,OAAO,CAAC,MAAM,CACf,CAAC;IAEF,mBAAmB,CAAC;QAClB,IAAI,EAAE,mBAAmB;QACzB,OAAO;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAMjC;IACC,mBAAmB,CAAC;QAClB,IAAI,EAAE,gBAAgB;QACtB,GAAG,MAAM;QACT,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,MAA8B,EAC9B,MAAc,EACd,QAAwB;IAExB,MAAM,OAAO,GAAoB;QAC/B,EAAE,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QAC5B,MAAM,EAAE,MAAuB;QAC/B,MAAM,EAAE,MAAM;QACd,MAAM;QACN,QAAQ;QACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,EAAE,eAAe;KACjD,CAAC;IAEF,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAE1C,mBAAmB,CAAC;QAClB,IAAI,EAAE,kBAAkB;QACxB,OAAO;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Monitor System — Builds and compares security baselines.
|
|
3
|
+
*/
|
|
4
|
+
import type { MonitorBaseline, ScanResult, Drift } from './types.js';
|
|
5
|
+
/**
|
|
6
|
+
* Build a MonitorBaseline from a scan result.
|
|
7
|
+
* Parses the structured BASELINE_START block or raw command outputs.
|
|
8
|
+
*/
|
|
9
|
+
export declare function buildBaseline(scan: ScanResult): MonitorBaseline;
|
|
10
|
+
/**
|
|
11
|
+
* Compare current scan against baseline and detect drift.
|
|
12
|
+
*/
|
|
13
|
+
export declare function diffBaseline(current: ScanResult, baseline: MonitorBaseline): Drift[];
|
|
14
|
+
//# sourceMappingURL=baseline.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.d.ts","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/baseline.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EACV,eAAe,EACf,UAAU,EACV,KAAK,EAMN,MAAM,YAAY,CAAC;AAEpB;;;GAGG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,UAAU,GAAG,eAAe,CAyC/D;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,eAAe,GAAG,KAAK,EAAE,CA4DpF"}
|
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Build a MonitorBaseline from a scan result.
|
|
3
|
+
* Parses the structured BASELINE_START block or raw command outputs.
|
|
4
|
+
*/
|
|
5
|
+
export function buildBaseline(scan) {
|
|
6
|
+
let processes = [];
|
|
7
|
+
let ports = [];
|
|
8
|
+
let configs = [];
|
|
9
|
+
let users = [];
|
|
10
|
+
let crons = [];
|
|
11
|
+
// Try to parse from the raw baseline JSON first
|
|
12
|
+
const rawBaseline = scan.rawBaseline;
|
|
13
|
+
if (rawBaseline) {
|
|
14
|
+
try {
|
|
15
|
+
const parsed = JSON.parse(rawBaseline);
|
|
16
|
+
if (Array.isArray(parsed.processes))
|
|
17
|
+
processes = parsed.processes;
|
|
18
|
+
if (Array.isArray(parsed.ports))
|
|
19
|
+
ports = parsed.ports;
|
|
20
|
+
if (Array.isArray(parsed.configs))
|
|
21
|
+
configs = parsed.configs;
|
|
22
|
+
if (Array.isArray(parsed.users))
|
|
23
|
+
users = parsed.users;
|
|
24
|
+
if (Array.isArray(parsed.crons))
|
|
25
|
+
crons = parsed.crons;
|
|
26
|
+
}
|
|
27
|
+
catch {
|
|
28
|
+
// Fall back to parsing raw text
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
// Fallback: parse processes from ps aux output
|
|
32
|
+
if (processes.length === 0 && scan.processes) {
|
|
33
|
+
processes = parseProcesses(scan.processes);
|
|
34
|
+
}
|
|
35
|
+
// Fallback: parse ports from ss output
|
|
36
|
+
if (ports.length === 0 && scan.ports) {
|
|
37
|
+
ports = parsePorts(scan.ports);
|
|
38
|
+
}
|
|
39
|
+
return {
|
|
40
|
+
processes,
|
|
41
|
+
ports,
|
|
42
|
+
configs,
|
|
43
|
+
packages: [],
|
|
44
|
+
users,
|
|
45
|
+
crons,
|
|
46
|
+
timestamp: scan.timestamp,
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Compare current scan against baseline and detect drift.
|
|
51
|
+
*/
|
|
52
|
+
export function diffBaseline(current, baseline) {
|
|
53
|
+
const drifts = [];
|
|
54
|
+
// Parse current state
|
|
55
|
+
const currentProcesses = parseProcesses(current.processes);
|
|
56
|
+
const currentPorts = parsePorts(current.ports);
|
|
57
|
+
// Check for new processes
|
|
58
|
+
const baselineCommands = new Set(baseline.processes.map(p => p.command));
|
|
59
|
+
for (const proc of currentProcesses) {
|
|
60
|
+
if (!baselineCommands.has(proc.command)) {
|
|
61
|
+
drifts.push({
|
|
62
|
+
category: 'process',
|
|
63
|
+
description: `New process: ${proc.command} (PID: ${proc.pid}, user: ${proc.user})`,
|
|
64
|
+
severity: proc.user === 'root' ? 'high' : 'medium',
|
|
65
|
+
details: `CPU: ${proc.cpu}%, MEM: ${proc.mem}%`,
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
// Check for disappeared processes (might indicate killed service)
|
|
70
|
+
const currentCommands = new Set(currentProcesses.map(p => p.command));
|
|
71
|
+
for (const proc of baseline.processes) {
|
|
72
|
+
if (!currentCommands.has(proc.command) && isImportantProcess(proc.command)) {
|
|
73
|
+
drifts.push({
|
|
74
|
+
category: 'process',
|
|
75
|
+
description: `Missing process: ${proc.command} (was running as ${proc.user})`,
|
|
76
|
+
severity: 'high',
|
|
77
|
+
details: 'Expected process is no longer running',
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
// Check for new ports
|
|
82
|
+
const baselinePorts = new Set(baseline.ports.map(p => `${p.port}/${p.protocol}`));
|
|
83
|
+
for (const port of currentPorts) {
|
|
84
|
+
if (!baselinePorts.has(`${port.port}/${port.protocol}`)) {
|
|
85
|
+
drifts.push({
|
|
86
|
+
category: 'port',
|
|
87
|
+
description: `New listening port: ${port.port}/${port.protocol} (${port.process})`,
|
|
88
|
+
severity: port.port < 1024 ? 'high' : 'medium',
|
|
89
|
+
details: `Address: ${port.address}`,
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
// Check for closed ports
|
|
94
|
+
const currentPortSet = new Set(currentPorts.map(p => `${p.port}/${p.protocol}`));
|
|
95
|
+
for (const port of baseline.ports) {
|
|
96
|
+
if (!currentPortSet.has(`${port.port}/${port.protocol}`)) {
|
|
97
|
+
drifts.push({
|
|
98
|
+
category: 'port',
|
|
99
|
+
description: `Closed port: ${port.port}/${port.protocol} (was ${port.process})`,
|
|
100
|
+
severity: 'medium',
|
|
101
|
+
details: 'Previously open port is no longer listening',
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
return drifts;
|
|
106
|
+
}
|
|
107
|
+
// ---------------------------------------------------------------------------
|
|
108
|
+
// Parsers
|
|
109
|
+
// ---------------------------------------------------------------------------
|
|
110
|
+
function parseProcesses(raw) {
|
|
111
|
+
const processes = [];
|
|
112
|
+
const lines = raw.split('\n').filter(l => l.trim());
|
|
113
|
+
for (const line of lines) {
|
|
114
|
+
// Skip header
|
|
115
|
+
if (line.includes('USER') && line.includes('PID'))
|
|
116
|
+
continue;
|
|
117
|
+
if (line.startsWith('---'))
|
|
118
|
+
continue;
|
|
119
|
+
const parts = line.trim().split(/\s+/);
|
|
120
|
+
if (parts.length >= 11) {
|
|
121
|
+
processes.push({
|
|
122
|
+
user: parts[0],
|
|
123
|
+
pid: parseInt(parts[1], 10) || 0,
|
|
124
|
+
cpu: parseFloat(parts[2]) || 0,
|
|
125
|
+
mem: parseFloat(parts[3]) || 0,
|
|
126
|
+
command: parts.slice(10).join(' '),
|
|
127
|
+
});
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
return processes;
|
|
131
|
+
}
|
|
132
|
+
function parsePorts(raw) {
|
|
133
|
+
const ports = [];
|
|
134
|
+
const lines = raw.split('\n').filter(l => l.trim());
|
|
135
|
+
for (const line of lines) {
|
|
136
|
+
// Skip header
|
|
137
|
+
if (line.includes('State') && line.includes('Local'))
|
|
138
|
+
continue;
|
|
139
|
+
// Parse ss -tlnp output: State Recv-Q Send-Q Local Address:Port ...
|
|
140
|
+
const match = line.match(/([\d.*:]+):(\d+)\s/);
|
|
141
|
+
if (match) {
|
|
142
|
+
const processMatch = line.match(/users:\(\("([^"]+)"/);
|
|
143
|
+
ports.push({
|
|
144
|
+
address: match[1],
|
|
145
|
+
port: parseInt(match[2], 10),
|
|
146
|
+
protocol: line.includes('udp') ? 'udp' : 'tcp',
|
|
147
|
+
process: processMatch?.[1] || 'unknown',
|
|
148
|
+
});
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
return ports;
|
|
152
|
+
}
|
|
153
|
+
function isImportantProcess(command) {
|
|
154
|
+
const important = ['sshd', 'nginx', 'apache', 'postgres', 'mysql', 'redis', 'docker', 'systemd'];
|
|
155
|
+
return important.some(name => command.toLowerCase().includes(name));
|
|
156
|
+
}
|
|
157
|
+
//# sourceMappingURL=baseline.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.js","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/baseline.ts"],"names":[],"mappings":"AAcA;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,IAAgB;IAC5C,IAAI,SAAS,GAAkB,EAAE,CAAC;IAClC,IAAI,KAAK,GAAe,EAAE,CAAC;IAC3B,IAAI,OAAO,GAAqB,EAAE,CAAC;IACnC,IAAI,KAAK,GAAe,EAAE,CAAC;IAC3B,IAAI,KAAK,GAAgB,EAAE,CAAC;IAE5B,gDAAgD;IAChD,MAAM,WAAW,GAAI,IAA0C,CAAC,WAAW,CAAC;IAC5E,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;gBAAE,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;YAClE,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;gBAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;YACtD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBAAE,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YAC5D,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;gBAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;YACtD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;gBAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QACxD,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7C,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED,uCAAuC;IACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACrC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED,OAAO;QACL,SAAS;QACT,KAAK;QACL,OAAO;QACP,QAAQ,EAAE,EAAE;QACZ,KAAK;QACL,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,OAAmB,EAAE,QAAyB;IACzE,MAAM,MAAM,GAAY,EAAE,CAAC;IAE3B,sBAAsB;IACtB,MAAM,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAE/C,0BAA0B;IAC1B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACzE,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,SAAS;gBACnB,WAAW,EAAE,gBAAgB,IAAI,CAAC,OAAO,UAAU,IAAI,CAAC,GAAG,WAAW,IAAI,CAAC,IAAI,GAAG;gBAClF,QAAQ,EAAE,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;gBAClD,OAAO,EAAE,QAAQ,IAAI,CAAC,GAAG,WAAW,IAAI,CAAC,GAAG,GAAG;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACtE,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,SAAS;gBACnB,WAAW,EAAE,oBAAoB,IAAI,CAAC,OAAO,oBAAoB,IAAI,CAAC,IAAI,GAAG;gBAC7E,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,uCAAuC;aACjD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAClF,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;YACxD,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,uBAAuB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,OAAO,GAAG;gBAClF,QAAQ,EAAE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;gBAC9C,OAAO,EAAE,YAAY,IAAI,CAAC,OAAO,EAAE;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IACjF,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAClC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;YACzD,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,gBAAgB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,SAAS,IAAI,CAAC,OAAO,GAAG;gBAC/E,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,SAAS,GAAkB,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAEpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,cAAc;QACd,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,SAAS;QAC5D,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS;QAErC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YACvB,SAAS,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;gBACd,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC;gBAChC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC9B,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC9B,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;aACnC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAEpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,cAAc;QACd,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QAE/D,wEAAwE;QACxE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC;gBACT,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjB,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK;gBAC9C,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,SAAS;aACxC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACjG,OAAO,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AACtE,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Monitor System — LLM prompts for each phase and check type.
|
|
3
|
+
*/
|
|
4
|
+
import type { MonitorMode, MonitorBaseline, ThreatEvent } from './types.js';
|
|
5
|
+
export declare const SCAN_SYSTEM_PROMPT = "You are a SECURITY MONITOR performing a full system scan.\n\nUse the run_command tool to gather system state. Run these commands:\n1. ps aux --sort=-%cpu | head -50\n2. ss -tlnp\n3. cat /etc/ssh/sshd_config 2>/dev/null || echo \"No SSH config\"\n4. crontab -l 2>/dev/null; for u in $(cut -f1 -d: /etc/passwd); do crontab -l -u $u 2>/dev/null && echo \"--- User: $u ---\"; done\n5. iptables -L -n 2>/dev/null || echo \"No iptables access\"\n6. last -20 2>/dev/null || echo \"No login history\"\n7. find /etc -newer /etc/hostname -type f -mmin -1440 2>/dev/null | head -30\n8. cat /etc/passwd | grep -v nologin | grep -v false\n\nAfter gathering all data, output a structured baseline report between these markers:\n\nBASELINE_START\n{\n \"processes\": [{\"pid\": N, \"user\": \"...\", \"command\": \"...\", \"cpu\": N, \"mem\": N}],\n \"ports\": [{\"port\": N, \"protocol\": \"tcp|udp\", \"process\": \"...\", \"address\": \"...\"}],\n \"configs\": [{\"file\": \"...\", \"hash\": \"...\", \"lastModified\": N}],\n \"users\": [{\"name\": \"...\", \"uid\": N, \"shell\": \"...\", \"lastLogin\": N}],\n \"crons\": [{\"user\": \"...\", \"schedule\": \"...\", \"command\": \"...\"}],\n \"packages\": []\n}\nBASELINE_END\n\nBe thorough but efficient. Only include active/relevant entries.";
|
|
6
|
+
export declare function watchPrompt(baseline: MonitorBaseline, mode: MonitorMode): string;
|
|
7
|
+
export declare function analyzeThreatPrompt(threat: ThreatEvent, mode: MonitorMode): string;
|
|
8
|
+
export declare const ACTIVE_INTEL_PROMPT = "You are a THREAT INTELLIGENCE analyst in ACTIVE mode.\n\nAnalyze the collected threat data and create an attacker profile:\n1. Group related events by source IP or pattern\n2. Identify attack vectors and techniques (MITRE ATT&CK if possible)\n3. Assess attacker sophistication\n4. Suggest honeypot configuration\n\nOutput:\nINTEL: {\"attackerProfile\": \"...\", \"techniques\": [\"...\"], \"sophistication\": \"low|medium|high|apt\", \"honeypotConfig\": {\"port\": N, \"service\": \"...\", \"purpose\": \"...\"}}";
|
|
9
|
+
//# sourceMappingURL=prompts.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/prompts.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM5E,eAAO,MAAM,kBAAkB,4wCAyBkC,CAAC;AAMlE,wBAAgB,WAAW,CAAC,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CA+BhF;AAMD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAsBlF;AAMD,eAAO,MAAM,mBAAmB,qgBASqI,CAAC"}
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
// ---------------------------------------------------------------------------
|
|
2
|
+
// Phase 1: Full System Scan
|
|
3
|
+
// ---------------------------------------------------------------------------
|
|
4
|
+
export const SCAN_SYSTEM_PROMPT = `You are a SECURITY MONITOR performing a full system scan.
|
|
5
|
+
|
|
6
|
+
Use the run_command tool to gather system state. Run these commands:
|
|
7
|
+
1. ps aux --sort=-%cpu | head -50
|
|
8
|
+
2. ss -tlnp
|
|
9
|
+
3. cat /etc/ssh/sshd_config 2>/dev/null || echo "No SSH config"
|
|
10
|
+
4. crontab -l 2>/dev/null; for u in $(cut -f1 -d: /etc/passwd); do crontab -l -u $u 2>/dev/null && echo "--- User: $u ---"; done
|
|
11
|
+
5. iptables -L -n 2>/dev/null || echo "No iptables access"
|
|
12
|
+
6. last -20 2>/dev/null || echo "No login history"
|
|
13
|
+
7. find /etc -newer /etc/hostname -type f -mmin -1440 2>/dev/null | head -30
|
|
14
|
+
8. cat /etc/passwd | grep -v nologin | grep -v false
|
|
15
|
+
|
|
16
|
+
After gathering all data, output a structured baseline report between these markers:
|
|
17
|
+
|
|
18
|
+
BASELINE_START
|
|
19
|
+
{
|
|
20
|
+
"processes": [{"pid": N, "user": "...", "command": "...", "cpu": N, "mem": N}],
|
|
21
|
+
"ports": [{"port": N, "protocol": "tcp|udp", "process": "...", "address": "..."}],
|
|
22
|
+
"configs": [{"file": "...", "hash": "...", "lastModified": N}],
|
|
23
|
+
"users": [{"name": "...", "uid": N, "shell": "...", "lastLogin": N}],
|
|
24
|
+
"crons": [{"user": "...", "schedule": "...", "command": "..."}],
|
|
25
|
+
"packages": []
|
|
26
|
+
}
|
|
27
|
+
BASELINE_END
|
|
28
|
+
|
|
29
|
+
Be thorough but efficient. Only include active/relevant entries.`;
|
|
30
|
+
// ---------------------------------------------------------------------------
|
|
31
|
+
// Phase 3: Continuous Watch
|
|
32
|
+
// ---------------------------------------------------------------------------
|
|
33
|
+
export function watchPrompt(baseline, mode) {
|
|
34
|
+
const modeDesc = {
|
|
35
|
+
passive: 'PASSIVE mode — read-only, report only, no actions',
|
|
36
|
+
defensive: 'DEFENSIVE mode — can block IPs, kill processes, rotate secrets',
|
|
37
|
+
active: 'ACTIVE mode — can deploy honeypots, counter-intel, all defensive actions',
|
|
38
|
+
}[mode];
|
|
39
|
+
return `You are a SECURITY MONITOR in ${modeDesc}.
|
|
40
|
+
|
|
41
|
+
Current baseline (established ${new Date(baseline.timestamp).toISOString()}):
|
|
42
|
+
- ${baseline.processes.length} known processes
|
|
43
|
+
- ${baseline.ports.length} open ports
|
|
44
|
+
- ${baseline.users.length} system users
|
|
45
|
+
- ${baseline.crons.length} cron jobs
|
|
46
|
+
|
|
47
|
+
Perform a quick security check using run_command:
|
|
48
|
+
1. ps aux --sort=-%cpu | head -30
|
|
49
|
+
2. ss -tlnp
|
|
50
|
+
3. last -5 2>/dev/null
|
|
51
|
+
4. dmesg -T 2>/dev/null | tail -20
|
|
52
|
+
|
|
53
|
+
Compare the current state against the baseline.
|
|
54
|
+
|
|
55
|
+
If you detect ANY anomaly or threat, output:
|
|
56
|
+
THREAT: {"severity": "critical|high|medium|low|info", "category": "bruteforce|portscan|exfiltration|malware|config_change|privilege_escalation|secret_leak|anomaly", "title": "...", "details": "...", "source": "..."}
|
|
57
|
+
|
|
58
|
+
If everything looks normal, output:
|
|
59
|
+
ALL_CLEAR
|
|
60
|
+
|
|
61
|
+
${mode !== 'passive' ? `In ${mode} mode, also suggest a response:
|
|
62
|
+
RESPONSE: {"action": "block_ip|kill_process|close_port|rotate_secret|isolate_service|deploy_honeypot", "target": "...", "reason": "..."}` : ''}`;
|
|
63
|
+
}
|
|
64
|
+
// ---------------------------------------------------------------------------
|
|
65
|
+
// Threat Analysis
|
|
66
|
+
// ---------------------------------------------------------------------------
|
|
67
|
+
export function analyzeThreatPrompt(threat, mode) {
|
|
68
|
+
return `You are a SECURITY ANALYST evaluating a detected threat.
|
|
69
|
+
|
|
70
|
+
Threat: ${threat.title}
|
|
71
|
+
Severity: ${threat.severity}
|
|
72
|
+
Category: ${threat.category}
|
|
73
|
+
Details: ${threat.details}
|
|
74
|
+
Source: ${threat.source}
|
|
75
|
+
Time: ${new Date(threat.timestamp).toISOString()}
|
|
76
|
+
|
|
77
|
+
Monitor Mode: ${mode.toUpperCase()}
|
|
78
|
+
|
|
79
|
+
Investigate this threat using run_command tools:
|
|
80
|
+
1. Check the source (IP, process, file) for more context
|
|
81
|
+
2. Look at related log entries
|
|
82
|
+
3. Assess real severity (could be false positive)
|
|
83
|
+
|
|
84
|
+
Output your assessment:
|
|
85
|
+
ASSESSMENT: {"confirmedSeverity": "critical|high|medium|low|info", "isFalsePositive": true|false, "details": "..."}
|
|
86
|
+
|
|
87
|
+
${mode !== 'passive' ? `If action is warranted, output:
|
|
88
|
+
RESPONSE: {"action": "block_ip|kill_process|close_port|rotate_secret|isolate_service|deploy_honeypot", "target": "...", "reason": "...", "autoApprove": true|false}` : 'In PASSIVE mode, only report findings — do not suggest actions.'}`;
|
|
89
|
+
}
|
|
90
|
+
// ---------------------------------------------------------------------------
|
|
91
|
+
// Active Mode: Attacker Profiling
|
|
92
|
+
// ---------------------------------------------------------------------------
|
|
93
|
+
export const ACTIVE_INTEL_PROMPT = `You are a THREAT INTELLIGENCE analyst in ACTIVE mode.
|
|
94
|
+
|
|
95
|
+
Analyze the collected threat data and create an attacker profile:
|
|
96
|
+
1. Group related events by source IP or pattern
|
|
97
|
+
2. Identify attack vectors and techniques (MITRE ATT&CK if possible)
|
|
98
|
+
3. Assess attacker sophistication
|
|
99
|
+
4. Suggest honeypot configuration
|
|
100
|
+
|
|
101
|
+
Output:
|
|
102
|
+
INTEL: {"attackerProfile": "...", "techniques": ["..."], "sophistication": "low|medium|high|apt", "honeypotConfig": {"port": N, "service": "...", "purpose": "..."}}`;
|
|
103
|
+
//# sourceMappingURL=prompts.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/prompts.ts"],"names":[],"mappings":"AAKA,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,MAAM,CAAC,MAAM,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;iEAyB+B,CAAC;AAElE,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,MAAM,UAAU,WAAW,CAAC,QAAyB,EAAE,IAAiB;IACtE,MAAM,QAAQ,GAAG;QACf,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,gEAAgE;QAC3E,MAAM,EAAE,0EAA0E;KACnF,CAAC,IAAI,CAAC,CAAC;IAER,OAAO,iCAAiC,QAAQ;;gCAElB,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;IACtE,QAAQ,CAAC,SAAS,CAAC,MAAM;IACzB,QAAQ,CAAC,KAAK,CAAC,MAAM;IACrB,QAAQ,CAAC,KAAK,CAAC,MAAM;IACrB,QAAQ,CAAC,KAAK,CAAC,MAAM;;;;;;;;;;;;;;;;EAgBvB,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI;yIACwG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACjJ,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,MAAM,UAAU,mBAAmB,CAAC,MAAmB,EAAE,IAAiB;IACxE,OAAO;;UAEC,MAAM,CAAC,KAAK;YACV,MAAM,CAAC,QAAQ;YACf,MAAM,CAAC,QAAQ;WAChB,MAAM,CAAC,OAAO;UACf,MAAM,CAAC,MAAM;QACf,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;;gBAEhC,IAAI,CAAC,WAAW,EAAE;;;;;;;;;;EAUhC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC;oKAC6I,CAAC,CAAC,CAAC,iEAAiE,EAAE,CAAC;AAC3O,CAAC;AAED,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E,MAAM,CAAC,MAAM,mBAAmB,GAAG;;;;;;;;;qKASkI,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { DefenseAction, DefenseRecord } from './types.js';
|
|
2
|
+
type SendFn = (prompt: string) => Promise<string>;
|
|
3
|
+
/**
|
|
4
|
+
* Execute a defense action using the agent's run_command tool.
|
|
5
|
+
*/
|
|
6
|
+
export declare function executeDefense(action: DefenseAction | string, target: string, sendMessage: SendFn): Promise<DefenseRecord>;
|
|
7
|
+
/**
|
|
8
|
+
* Undo a reversible defense action.
|
|
9
|
+
*/
|
|
10
|
+
export declare function undoDefense(defense: DefenseRecord, sendMessage: SendFn): Promise<boolean>;
|
|
11
|
+
export {};
|
|
12
|
+
//# sourceMappingURL=responder.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"responder.d.ts","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/responder.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE/D,KAAK,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAElD;;GAEG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,aAAa,GAAG,MAAM,EAC9B,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,aAAa,CAAC,CAwCxB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,aAAa,EACtB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC,CAgBlB"}
|