helixmind 0.2.1 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +31 -0
- package/dist/cli/agent/autonomous.d.ts +14 -0
- package/dist/cli/agent/autonomous.d.ts.map +1 -1
- package/dist/cli/agent/autonomous.js +22 -0
- package/dist/cli/agent/autonomous.js.map +1 -1
- package/dist/cli/agent/monitor/alerter.d.ts +29 -0
- package/dist/cli/agent/monitor/alerter.d.ts.map +1 -0
- package/dist/cli/agent/monitor/alerter.js +80 -0
- package/dist/cli/agent/monitor/alerter.js.map +1 -0
- package/dist/cli/agent/monitor/baseline.d.ts +14 -0
- package/dist/cli/agent/monitor/baseline.d.ts.map +1 -0
- package/dist/cli/agent/monitor/baseline.js +157 -0
- package/dist/cli/agent/monitor/baseline.js.map +1 -0
- package/dist/cli/agent/monitor/prompts.d.ts +9 -0
- package/dist/cli/agent/monitor/prompts.d.ts.map +1 -0
- package/dist/cli/agent/monitor/prompts.js +103 -0
- package/dist/cli/agent/monitor/prompts.js.map +1 -0
- package/dist/cli/agent/monitor/responder.d.ts +12 -0
- package/dist/cli/agent/monitor/responder.d.ts.map +1 -0
- package/dist/cli/agent/monitor/responder.js +59 -0
- package/dist/cli/agent/monitor/responder.js.map +1 -0
- package/dist/cli/agent/monitor/scanner.d.ts +18 -0
- package/dist/cli/agent/monitor/scanner.d.ts.map +1 -0
- package/dist/cli/agent/monitor/scanner.js +81 -0
- package/dist/cli/agent/monitor/scanner.js.map +1 -0
- package/dist/cli/agent/monitor/types.d.ts +119 -0
- package/dist/cli/agent/monitor/types.d.ts.map +1 -0
- package/dist/cli/agent/monitor/types.js +5 -0
- package/dist/cli/agent/monitor/types.js.map +1 -0
- package/dist/cli/agent/monitor/watcher.d.ts +4 -0
- package/dist/cli/agent/monitor/watcher.d.ts.map +1 -0
- package/dist/cli/agent/monitor/watcher.js +214 -0
- package/dist/cli/agent/monitor/watcher.js.map +1 -0
- package/dist/cli/brain/control-protocol.d.ts +47 -1
- package/dist/cli/brain/control-protocol.d.ts.map +1 -1
- package/dist/cli/brain/control-protocol.js.map +1 -1
- package/dist/cli/brain/generator.d.ts +14 -0
- package/dist/cli/brain/generator.d.ts.map +1 -1
- package/dist/cli/brain/generator.js +40 -0
- package/dist/cli/brain/generator.js.map +1 -1
- package/dist/cli/checkpoints/browser.d.ts +3 -4
- package/dist/cli/checkpoints/browser.d.ts.map +1 -1
- package/dist/cli/checkpoints/browser.js +162 -135
- package/dist/cli/checkpoints/browser.js.map +1 -1
- package/dist/cli/checkpoints/store.js +1 -1
- package/dist/cli/checkpoints/store.js.map +1 -1
- package/dist/cli/commands/chat.d.ts.map +1 -1
- package/dist/cli/commands/chat.js +248 -2
- package/dist/cli/commands/chat.js.map +1 -1
- package/dist/cli/context/trimmer.d.ts.map +1 -1
- package/dist/cli/context/trimmer.js +31 -6
- package/dist/cli/context/trimmer.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -102,6 +102,20 @@ AI can **edit files, run commands, commit changes, and browse the web** — with
|
|
|
102
102
|
### 🔐 Authentication & Security
|
|
103
103
|
**OAuth login, API keys, feature gating** — secure access control with subscription tier enforcement.
|
|
104
104
|
|
|
105
|
+
</td>
|
|
106
|
+
</tr>
|
|
107
|
+
<tr>
|
|
108
|
+
<td width="50%">
|
|
109
|
+
|
|
110
|
+
### 🛡️ Security Monitor
|
|
111
|
+
**Continuous security monitoring** — threat detection, automated defenses, real-time dashboard with approval queue.
|
|
112
|
+
|
|
113
|
+
</td>
|
|
114
|
+
<td width="50%">
|
|
115
|
+
|
|
116
|
+
### 📈 MCP Integration
|
|
117
|
+
**Model Context Protocol** — works with Claude Code, Cursor, VS Code, Windsurf, Codex, JetBrains AI.
|
|
118
|
+
|
|
105
119
|
</td>
|
|
106
120
|
</tr>
|
|
107
121
|
</table>
|
|
@@ -331,6 +345,23 @@ npm run dev
|
|
|
331
345
|
|
|
332
346
|
---
|
|
333
347
|
|
|
348
|
+
## 📚 Documentation
|
|
349
|
+
|
|
350
|
+
Complete documentation is available in the web dashboard and includes:
|
|
351
|
+
|
|
352
|
+
| Category | Topics |
|
|
353
|
+
|:---------|:-------|
|
|
354
|
+
| **Core Concepts** | Spiral Memory, Validation Matrix, Web Knowledge, Bug Tracking, Browser Automation |
|
|
355
|
+
| **Usage Guides** | Getting Started, Configuration, Authentication, Project Setup |
|
|
356
|
+
| **Advanced** | Autonomous Modes, Agent Tools, MCP Integration, SWE-Bench |
|
|
357
|
+
| **Reference** | CLI Commands, Slash Commands, Permission System, Export/Import |
|
|
358
|
+
|
|
359
|
+
**Web Dashboard Docs**: Start the web dashboard (`cd web && npm run dev`) and navigate to `/docs`.
|
|
360
|
+
|
|
361
|
+
**CLI Help**: Use `helixmind --help` or `helixmind chat --help` for command reference.
|
|
362
|
+
|
|
363
|
+
---
|
|
364
|
+
|
|
334
365
|
## 📄 License
|
|
335
366
|
|
|
336
367
|
[AGPL-3.0](LICENSE) — Free for open-source use. Commercial licenses available.
|
|
@@ -7,4 +7,18 @@ export interface AutonomousCallbacks {
|
|
|
7
7
|
updateStatus: () => void;
|
|
8
8
|
}
|
|
9
9
|
export declare function runAutonomousLoop(callbacks: AutonomousCallbacks, initialGoal?: string): Promise<number>;
|
|
10
|
+
export declare const MONITOR_MODES: readonly [{
|
|
11
|
+
readonly key: "passive";
|
|
12
|
+
readonly label: "🔍 Passive";
|
|
13
|
+
readonly description: "Read-only, alerts only";
|
|
14
|
+
}, {
|
|
15
|
+
readonly key: "defensive";
|
|
16
|
+
readonly label: "🛡️ Defensive";
|
|
17
|
+
readonly description: "Auto-block attacks, rotate secrets";
|
|
18
|
+
}, {
|
|
19
|
+
readonly key: "active";
|
|
20
|
+
readonly label: "⚔️ Active";
|
|
21
|
+
readonly description: "+ Honeypots, counter-intel, deception";
|
|
22
|
+
}];
|
|
23
|
+
export declare const MONITOR_WARNINGS: Record<string, string[]>;
|
|
10
24
|
//# sourceMappingURL=autonomous.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"autonomous.d.ts","sourceRoot":"","sources":["../../../src/cli/agent/autonomous.ts"],"names":[],"mappings":"AAqCA,eAAO,MAAM,eAAe,sqCAoB+C,CAAC;AAE5E,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACjD,SAAS,EAAE,MAAM,OAAO,CAAC;IACzB,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IACtC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACrD,YAAY,EAAE,MAAM,IAAI,CAAC;CAC1B;AA+BD,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,mBAAmB,EAC9B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,CAiFjB"}
|
|
1
|
+
{"version":3,"file":"autonomous.d.ts","sourceRoot":"","sources":["../../../src/cli/agent/autonomous.ts"],"names":[],"mappings":"AAqCA,eAAO,MAAM,eAAe,sqCAoB+C,CAAC;AAE5E,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACjD,SAAS,EAAE,MAAM,OAAO,CAAC;IACzB,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IACtC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACrD,YAAY,EAAE,MAAM,IAAI,CAAC;CAC1B;AA+BD,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,mBAAmB,EAC9B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,CAiFjB;AAMD,eAAO,MAAM,aAAa;;;;;;;;;;;;EAIhB,CAAC;AAEX,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAarD,CAAC"}
|
|
@@ -157,6 +157,28 @@ export async function runAutonomousLoop(callbacks, initialGoal) {
|
|
|
157
157
|
}
|
|
158
158
|
return completed.length;
|
|
159
159
|
}
|
|
160
|
+
// ---------------------------------------------------------------------------
|
|
161
|
+
// Monitor mode helpers
|
|
162
|
+
// ---------------------------------------------------------------------------
|
|
163
|
+
export const MONITOR_MODES = [
|
|
164
|
+
{ key: 'passive', label: '\u{1F50D} Passive', description: 'Read-only, alerts only' },
|
|
165
|
+
{ key: 'defensive', label: '\u{1F6E1}\uFE0F Defensive', description: 'Auto-block attacks, rotate secrets' },
|
|
166
|
+
{ key: 'active', label: '\u2694\uFE0F Active', description: '+ Honeypots, counter-intel, deception' },
|
|
167
|
+
];
|
|
168
|
+
export const MONITOR_WARNINGS = {
|
|
169
|
+
defensive: [
|
|
170
|
+
'Block attacking IPs via iptables/fail2ban',
|
|
171
|
+
'Kill suspicious processes',
|
|
172
|
+
'Rotate compromised secrets',
|
|
173
|
+
'Write firewall rules',
|
|
174
|
+
],
|
|
175
|
+
active: [
|
|
176
|
+
'All defensive actions, plus:',
|
|
177
|
+
'Deploy honeypot services',
|
|
178
|
+
'Attacker profiling & counter-intel',
|
|
179
|
+
'Deception infrastructure',
|
|
180
|
+
],
|
|
181
|
+
};
|
|
160
182
|
function extractSummary(text) {
|
|
161
183
|
// Look for "DONE: ..." line
|
|
162
184
|
const doneMatch = text.match(/DONE:\s*(.+)/i);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"autonomous.js","sourceRoot":"","sources":["../../../src/cli/agent/autonomous.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;gGAe4E,CAAC;AAEjG,SAAS,cAAc,CAAC,SAAmB;IACzC,OAAO,qCAAqC,SAAS,CAAC,MAAM,GAAG,CAAC;;;EAGhE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;0EAMkB,CAAC;AAC3E,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAG;;;;;;;;;;;;;;;;;;;;2EAoB4C,CAAC;AAU5E,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO;;QAED,IAAI;;;;;;;;;4EASgE,CAAC;AAC7E,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,SAAmB;IAC3D,OAAO,qCAAqC,SAAS,CAAC,MAAM,GAAG,CAAC;;QAE1D,IAAI;;;EAGV,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;oDAKJ,CAAC;AACrD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,SAA8B,EAC9B,WAAoB;IAEpB,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAuB,WAAW,CAAC;IAE3C,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC;IACpB,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,4RAA4R,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7T,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,gCAAgC,CAAC,GAAG,IAAI,CAAC,CAAC;IAClH,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;QACpG,iDAAiD;QACjD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACxE,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,WAAW,GAAG,OAAO,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;IAChH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;QACpG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,0CAA0C,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;QAC1G,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,CAAC,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5G,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;IACpG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,CAAC;IACzG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,4RAA4R,CAAC,GAAG,MAAM,CAAC,CAAC;IAE/T,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;QAC9B,KAAK,EAAE,CAAC;QACR,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC9B,SAAS,CAAC,YAAY,EAAE,CAAC;QAEzB,IAAI,MAAc,CAAC;QACnB,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,wBAAwB,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAE1G,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACvD,IAAI,SAAS,CAAC,SAAS,EAAE;gBAAE,MAAM;YAEjC,gCAAgC;YAChC,IAAI,UAAU,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9C,IAAI,IAAI,EAAE,CAAC;oBACT,kDAAkD;oBAClD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,2BAA2B,SAAS,CAAC,MAAM,4CAA4C,CAAC,CAAC,CAAC;oBACjH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,IAAI,GAAG,SAAS,CAAC,CAAC,4CAA4C;oBAC9D,SAAS;gBACX,CAAC;qBAAM,CAAC;oBACN,0CAA0C;oBAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,4CAA4C,SAAS,CAAC,MAAM,kBAAkB,CAAC,CAAC,CAAC;oBACxG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,MAAM;gBACR,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;YAC3C,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAErC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,KAAK,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,SAAS,CAAC,SAAS,EAAE;gBAAE,MAAM;YACjC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,KAAK,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,IAAI,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,0CAA0C,SAAS,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC;QAC9F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,SAAS,CAAC,MAAM,CAAC;AAC1B,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,4BAA4B;IAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,gCAAgC;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnE,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/D,CAAC"}
|
|
1
|
+
{"version":3,"file":"autonomous.js","sourceRoot":"","sources":["../../../src/cli/agent/autonomous.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;gGAe4E,CAAC;AAEjG,SAAS,cAAc,CAAC,SAAmB;IACzC,OAAO,qCAAqC,SAAS,CAAC,MAAM,GAAG,CAAC;;;EAGhE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;0EAMkB,CAAC;AAC3E,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAG;;;;;;;;;;;;;;;;;;;;2EAoB4C,CAAC;AAU5E,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO;;QAED,IAAI;;;;;;;;;4EASgE,CAAC;AAC7E,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY,EAAE,SAAmB;IAC3D,OAAO,qCAAqC,SAAS,CAAC,MAAM,GAAG,CAAC;;QAE1D,IAAI;;;EAGV,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;oDAKJ,CAAC;AACrD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,SAA8B,EAC9B,WAAoB;IAEpB,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAuB,WAAW,CAAC;IAE3C,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC;IACpB,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,4RAA4R,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7T,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,gCAAgC,CAAC,GAAG,IAAI,CAAC,CAAC;IAClH,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;QACpG,iDAAiD;QACjD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACxE,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,WAAW,GAAG,OAAO,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;IAChH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;QACpG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,0CAA0C,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;QAC1G,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,CAAC,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5G,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,qDAAqD,CAAC,GAAG,IAAI,CAAC,CAAC;IACpG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,CAAC;IACzG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,4RAA4R,CAAC,GAAG,MAAM,CAAC,CAAC;IAE/T,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;QAC9B,KAAK,EAAE,CAAC;QACR,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC9B,SAAS,CAAC,YAAY,EAAE,CAAC;QAEzB,IAAI,MAAc,CAAC;QACnB,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,wBAAwB,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAE1G,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACvD,IAAI,SAAS,CAAC,SAAS,EAAE;gBAAE,MAAM;YAEjC,gCAAgC;YAChC,IAAI,UAAU,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9C,IAAI,IAAI,EAAE,CAAC;oBACT,kDAAkD;oBAClD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,2BAA2B,SAAS,CAAC,MAAM,4CAA4C,CAAC,CAAC,CAAC;oBACjH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,IAAI,GAAG,SAAS,CAAC,CAAC,4CAA4C;oBAC9D,SAAS;gBACX,CAAC;qBAAM,CAAC;oBACN,0CAA0C;oBAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,4CAA4C,SAAS,CAAC,MAAM,kBAAkB,CAAC,CAAC,CAAC;oBACxG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,MAAM;gBACR,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;YAC3C,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAErC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,KAAK,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,SAAS,CAAC,SAAS,EAAE;gBAAE,MAAM;YACjC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,KAAK,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,IAAI,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,0CAA0C,SAAS,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC;QAC9F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,SAAS,CAAC,MAAM,CAAC;AAC1B,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,EAAE,GAAG,EAAE,SAAkB,EAAE,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,wBAAwB,EAAE;IAC9F,EAAE,GAAG,EAAE,WAAoB,EAAE,KAAK,EAAE,2BAA2B,EAAE,WAAW,EAAE,oCAAoC,EAAE;IACpH,EAAE,GAAG,EAAE,QAAiB,EAAE,KAAK,EAAE,qBAAqB,EAAE,WAAW,EAAE,uCAAuC,EAAE;CACtG,CAAC;AAEX,MAAM,CAAC,MAAM,gBAAgB,GAA6B;IACxD,SAAS,EAAE;QACT,2CAA2C;QAC3C,2BAA2B;QAC3B,4BAA4B;QAC5B,sBAAsB;KACvB;IACD,MAAM,EAAE;QACN,8BAA8B;QAC9B,0BAA0B;QAC1B,oCAAoC;QACpC,0BAA0B;KAC3B;CACF,CAAC;AAEF,SAAS,cAAc,CAAC,IAAY;IAClC,4BAA4B;IAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,gCAAgC;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnE,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/D,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import type { ThreatEvent, DefenseRecord, ThreatSeverity, DefenseAction, ApprovalRequest } from './types.js';
|
|
2
|
+
export declare function getPendingApprovals(): ApprovalRequest[];
|
|
3
|
+
export declare function resolveApproval(requestId: string, approved: boolean): ApprovalRequest | undefined;
|
|
4
|
+
/**
|
|
5
|
+
* Push a threat event to all channels:
|
|
6
|
+
* 1. Brain visualization (as agent_finding)
|
|
7
|
+
* 2. Control protocol (for Web Dashboard)
|
|
8
|
+
*/
|
|
9
|
+
export declare function pushThreatEvent(threat: ThreatEvent): void;
|
|
10
|
+
/**
|
|
11
|
+
* Push a defense activation event.
|
|
12
|
+
*/
|
|
13
|
+
export declare function pushDefenseEvent(defense: DefenseRecord): void;
|
|
14
|
+
/**
|
|
15
|
+
* Push a monitor status update.
|
|
16
|
+
*/
|
|
17
|
+
export declare function pushMonitorStatus(status: {
|
|
18
|
+
mode: string;
|
|
19
|
+
uptime: number;
|
|
20
|
+
threatCount: number;
|
|
21
|
+
defenseCount: number;
|
|
22
|
+
lastScan: number;
|
|
23
|
+
}): void;
|
|
24
|
+
/**
|
|
25
|
+
* Request approval from the Web Dashboard for a defense action.
|
|
26
|
+
* Stores the request and pushes it to the web client.
|
|
27
|
+
*/
|
|
28
|
+
export declare function requestApproval(action: DefenseAction | string, reason: string, severity: ThreatSeverity): void;
|
|
29
|
+
//# sourceMappingURL=alerter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"alerter.d.ts","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/alerter.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAY7G,wBAAgB,mBAAmB,IAAI,eAAe,EAAE,CAEvD;AAED,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,GAAG,eAAe,GAAG,SAAS,CAMjG;AAMD;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,CAezD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAa7D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,IAAI,CAMP;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,aAAa,GAAG,MAAM,EAC9B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,cAAc,GACvB,IAAI,CAkBN"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Monitor System — Alert routing to Brain/Relay/Web.
|
|
3
|
+
*/
|
|
4
|
+
import { randomUUID } from 'node:crypto';
|
|
5
|
+
import { pushControlEvent as pushRawControlEvent, pushAgentFinding, } from '../../brain/generator.js';
|
|
6
|
+
// ---------------------------------------------------------------------------
|
|
7
|
+
// Pending approval requests
|
|
8
|
+
// ---------------------------------------------------------------------------
|
|
9
|
+
const pendingApprovals = new Map();
|
|
10
|
+
export function getPendingApprovals() {
|
|
11
|
+
return Array.from(pendingApprovals.values());
|
|
12
|
+
}
|
|
13
|
+
export function resolveApproval(requestId, approved) {
|
|
14
|
+
const req = pendingApprovals.get(requestId);
|
|
15
|
+
if (req) {
|
|
16
|
+
pendingApprovals.delete(requestId);
|
|
17
|
+
}
|
|
18
|
+
return req;
|
|
19
|
+
}
|
|
20
|
+
// ---------------------------------------------------------------------------
|
|
21
|
+
// Push functions
|
|
22
|
+
// ---------------------------------------------------------------------------
|
|
23
|
+
/**
|
|
24
|
+
* Push a threat event to all channels:
|
|
25
|
+
* 1. Brain visualization (as agent_finding)
|
|
26
|
+
* 2. Control protocol (for Web Dashboard)
|
|
27
|
+
*/
|
|
28
|
+
export function pushThreatEvent(threat) {
|
|
29
|
+
// Brain visualization — shows as finding popup
|
|
30
|
+
pushAgentFinding('Monitor', `[${threat.severity.toUpperCase()}] ${threat.title}: ${threat.details}`, threat.severity, threat.source);
|
|
31
|
+
// Control protocol — for Web Dashboard real-time updates
|
|
32
|
+
pushRawControlEvent({
|
|
33
|
+
type: 'threat_detected',
|
|
34
|
+
threat,
|
|
35
|
+
timestamp: Date.now(),
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Push a defense activation event.
|
|
40
|
+
*/
|
|
41
|
+
export function pushDefenseEvent(defense) {
|
|
42
|
+
pushAgentFinding('Monitor', `Defense: ${defense.action} → ${defense.target} (${defense.reason})`, 'info', defense.target);
|
|
43
|
+
pushRawControlEvent({
|
|
44
|
+
type: 'defense_activated',
|
|
45
|
+
defense,
|
|
46
|
+
timestamp: Date.now(),
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Push a monitor status update.
|
|
51
|
+
*/
|
|
52
|
+
export function pushMonitorStatus(status) {
|
|
53
|
+
pushRawControlEvent({
|
|
54
|
+
type: 'monitor_status',
|
|
55
|
+
...status,
|
|
56
|
+
timestamp: Date.now(),
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Request approval from the Web Dashboard for a defense action.
|
|
61
|
+
* Stores the request and pushes it to the web client.
|
|
62
|
+
*/
|
|
63
|
+
export function requestApproval(action, reason, severity) {
|
|
64
|
+
const request = {
|
|
65
|
+
id: randomUUID().slice(0, 8),
|
|
66
|
+
action: action,
|
|
67
|
+
target: reason,
|
|
68
|
+
reason,
|
|
69
|
+
severity,
|
|
70
|
+
timestamp: Date.now(),
|
|
71
|
+
expiresAt: Date.now() + 300_000, // 5 min expiry
|
|
72
|
+
};
|
|
73
|
+
pendingApprovals.set(request.id, request);
|
|
74
|
+
pushRawControlEvent({
|
|
75
|
+
type: 'approval_request',
|
|
76
|
+
request,
|
|
77
|
+
timestamp: Date.now(),
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
//# sourceMappingURL=alerter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"alerter.js","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/alerter.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EACL,gBAAgB,IAAI,mBAAmB,EACvC,gBAAgB,GACjB,MAAM,0BAA0B,CAAC;AAElC,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA2B,CAAC;AAE5D,MAAM,UAAU,mBAAmB;IACjC,OAAO,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,SAAiB,EAAE,QAAiB;IAClE,MAAM,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC5C,IAAI,GAAG,EAAE,CAAC;QACR,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,MAAmB;IACjD,+CAA+C;IAC/C,gBAAgB,CACd,SAAS,EACT,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,OAAO,EAAE,EACvE,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,MAAM,CACd,CAAC;IAEF,yDAAyD;IACzD,mBAAmB,CAAC;QAClB,IAAI,EAAE,iBAAiB;QACvB,MAAM;QACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAsB;IACrD,gBAAgB,CACd,SAAS,EACT,YAAY,OAAO,CAAC,MAAM,MAAM,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,EACpE,MAAM,EACN,OAAO,CAAC,MAAM,CACf,CAAC;IAEF,mBAAmB,CAAC;QAClB,IAAI,EAAE,mBAAmB;QACzB,OAAO;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAMjC;IACC,mBAAmB,CAAC;QAClB,IAAI,EAAE,gBAAgB;QACtB,GAAG,MAAM;QACT,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,MAA8B,EAC9B,MAAc,EACd,QAAwB;IAExB,MAAM,OAAO,GAAoB;QAC/B,EAAE,EAAE,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QAC5B,MAAM,EAAE,MAAuB;QAC/B,MAAM,EAAE,MAAM;QACd,MAAM;QACN,QAAQ;QACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,EAAE,eAAe;KACjD,CAAC;IAEF,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAE1C,mBAAmB,CAAC;QAClB,IAAI,EAAE,kBAAkB;QACxB,OAAO;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Monitor System — Builds and compares security baselines.
|
|
3
|
+
*/
|
|
4
|
+
import type { MonitorBaseline, ScanResult, Drift } from './types.js';
|
|
5
|
+
/**
|
|
6
|
+
* Build a MonitorBaseline from a scan result.
|
|
7
|
+
* Parses the structured BASELINE_START block or raw command outputs.
|
|
8
|
+
*/
|
|
9
|
+
export declare function buildBaseline(scan: ScanResult): MonitorBaseline;
|
|
10
|
+
/**
|
|
11
|
+
* Compare current scan against baseline and detect drift.
|
|
12
|
+
*/
|
|
13
|
+
export declare function diffBaseline(current: ScanResult, baseline: MonitorBaseline): Drift[];
|
|
14
|
+
//# sourceMappingURL=baseline.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.d.ts","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/baseline.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EACV,eAAe,EACf,UAAU,EACV,KAAK,EAMN,MAAM,YAAY,CAAC;AAEpB;;;GAGG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,UAAU,GAAG,eAAe,CAyC/D;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,eAAe,GAAG,KAAK,EAAE,CA4DpF"}
|
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Build a MonitorBaseline from a scan result.
|
|
3
|
+
* Parses the structured BASELINE_START block or raw command outputs.
|
|
4
|
+
*/
|
|
5
|
+
export function buildBaseline(scan) {
|
|
6
|
+
let processes = [];
|
|
7
|
+
let ports = [];
|
|
8
|
+
let configs = [];
|
|
9
|
+
let users = [];
|
|
10
|
+
let crons = [];
|
|
11
|
+
// Try to parse from the raw baseline JSON first
|
|
12
|
+
const rawBaseline = scan.rawBaseline;
|
|
13
|
+
if (rawBaseline) {
|
|
14
|
+
try {
|
|
15
|
+
const parsed = JSON.parse(rawBaseline);
|
|
16
|
+
if (Array.isArray(parsed.processes))
|
|
17
|
+
processes = parsed.processes;
|
|
18
|
+
if (Array.isArray(parsed.ports))
|
|
19
|
+
ports = parsed.ports;
|
|
20
|
+
if (Array.isArray(parsed.configs))
|
|
21
|
+
configs = parsed.configs;
|
|
22
|
+
if (Array.isArray(parsed.users))
|
|
23
|
+
users = parsed.users;
|
|
24
|
+
if (Array.isArray(parsed.crons))
|
|
25
|
+
crons = parsed.crons;
|
|
26
|
+
}
|
|
27
|
+
catch {
|
|
28
|
+
// Fall back to parsing raw text
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
// Fallback: parse processes from ps aux output
|
|
32
|
+
if (processes.length === 0 && scan.processes) {
|
|
33
|
+
processes = parseProcesses(scan.processes);
|
|
34
|
+
}
|
|
35
|
+
// Fallback: parse ports from ss output
|
|
36
|
+
if (ports.length === 0 && scan.ports) {
|
|
37
|
+
ports = parsePorts(scan.ports);
|
|
38
|
+
}
|
|
39
|
+
return {
|
|
40
|
+
processes,
|
|
41
|
+
ports,
|
|
42
|
+
configs,
|
|
43
|
+
packages: [],
|
|
44
|
+
users,
|
|
45
|
+
crons,
|
|
46
|
+
timestamp: scan.timestamp,
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Compare current scan against baseline and detect drift.
|
|
51
|
+
*/
|
|
52
|
+
export function diffBaseline(current, baseline) {
|
|
53
|
+
const drifts = [];
|
|
54
|
+
// Parse current state
|
|
55
|
+
const currentProcesses = parseProcesses(current.processes);
|
|
56
|
+
const currentPorts = parsePorts(current.ports);
|
|
57
|
+
// Check for new processes
|
|
58
|
+
const baselineCommands = new Set(baseline.processes.map(p => p.command));
|
|
59
|
+
for (const proc of currentProcesses) {
|
|
60
|
+
if (!baselineCommands.has(proc.command)) {
|
|
61
|
+
drifts.push({
|
|
62
|
+
category: 'process',
|
|
63
|
+
description: `New process: ${proc.command} (PID: ${proc.pid}, user: ${proc.user})`,
|
|
64
|
+
severity: proc.user === 'root' ? 'high' : 'medium',
|
|
65
|
+
details: `CPU: ${proc.cpu}%, MEM: ${proc.mem}%`,
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
// Check for disappeared processes (might indicate killed service)
|
|
70
|
+
const currentCommands = new Set(currentProcesses.map(p => p.command));
|
|
71
|
+
for (const proc of baseline.processes) {
|
|
72
|
+
if (!currentCommands.has(proc.command) && isImportantProcess(proc.command)) {
|
|
73
|
+
drifts.push({
|
|
74
|
+
category: 'process',
|
|
75
|
+
description: `Missing process: ${proc.command} (was running as ${proc.user})`,
|
|
76
|
+
severity: 'high',
|
|
77
|
+
details: 'Expected process is no longer running',
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
// Check for new ports
|
|
82
|
+
const baselinePorts = new Set(baseline.ports.map(p => `${p.port}/${p.protocol}`));
|
|
83
|
+
for (const port of currentPorts) {
|
|
84
|
+
if (!baselinePorts.has(`${port.port}/${port.protocol}`)) {
|
|
85
|
+
drifts.push({
|
|
86
|
+
category: 'port',
|
|
87
|
+
description: `New listening port: ${port.port}/${port.protocol} (${port.process})`,
|
|
88
|
+
severity: port.port < 1024 ? 'high' : 'medium',
|
|
89
|
+
details: `Address: ${port.address}`,
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
// Check for closed ports
|
|
94
|
+
const currentPortSet = new Set(currentPorts.map(p => `${p.port}/${p.protocol}`));
|
|
95
|
+
for (const port of baseline.ports) {
|
|
96
|
+
if (!currentPortSet.has(`${port.port}/${port.protocol}`)) {
|
|
97
|
+
drifts.push({
|
|
98
|
+
category: 'port',
|
|
99
|
+
description: `Closed port: ${port.port}/${port.protocol} (was ${port.process})`,
|
|
100
|
+
severity: 'medium',
|
|
101
|
+
details: 'Previously open port is no longer listening',
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
return drifts;
|
|
106
|
+
}
|
|
107
|
+
// ---------------------------------------------------------------------------
|
|
108
|
+
// Parsers
|
|
109
|
+
// ---------------------------------------------------------------------------
|
|
110
|
+
function parseProcesses(raw) {
|
|
111
|
+
const processes = [];
|
|
112
|
+
const lines = raw.split('\n').filter(l => l.trim());
|
|
113
|
+
for (const line of lines) {
|
|
114
|
+
// Skip header
|
|
115
|
+
if (line.includes('USER') && line.includes('PID'))
|
|
116
|
+
continue;
|
|
117
|
+
if (line.startsWith('---'))
|
|
118
|
+
continue;
|
|
119
|
+
const parts = line.trim().split(/\s+/);
|
|
120
|
+
if (parts.length >= 11) {
|
|
121
|
+
processes.push({
|
|
122
|
+
user: parts[0],
|
|
123
|
+
pid: parseInt(parts[1], 10) || 0,
|
|
124
|
+
cpu: parseFloat(parts[2]) || 0,
|
|
125
|
+
mem: parseFloat(parts[3]) || 0,
|
|
126
|
+
command: parts.slice(10).join(' '),
|
|
127
|
+
});
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
return processes;
|
|
131
|
+
}
|
|
132
|
+
function parsePorts(raw) {
|
|
133
|
+
const ports = [];
|
|
134
|
+
const lines = raw.split('\n').filter(l => l.trim());
|
|
135
|
+
for (const line of lines) {
|
|
136
|
+
// Skip header
|
|
137
|
+
if (line.includes('State') && line.includes('Local'))
|
|
138
|
+
continue;
|
|
139
|
+
// Parse ss -tlnp output: State Recv-Q Send-Q Local Address:Port ...
|
|
140
|
+
const match = line.match(/([\d.*:]+):(\d+)\s/);
|
|
141
|
+
if (match) {
|
|
142
|
+
const processMatch = line.match(/users:\(\("([^"]+)"/);
|
|
143
|
+
ports.push({
|
|
144
|
+
address: match[1],
|
|
145
|
+
port: parseInt(match[2], 10),
|
|
146
|
+
protocol: line.includes('udp') ? 'udp' : 'tcp',
|
|
147
|
+
process: processMatch?.[1] || 'unknown',
|
|
148
|
+
});
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
return ports;
|
|
152
|
+
}
|
|
153
|
+
function isImportantProcess(command) {
|
|
154
|
+
const important = ['sshd', 'nginx', 'apache', 'postgres', 'mysql', 'redis', 'docker', 'systemd'];
|
|
155
|
+
return important.some(name => command.toLowerCase().includes(name));
|
|
156
|
+
}
|
|
157
|
+
//# sourceMappingURL=baseline.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.js","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/baseline.ts"],"names":[],"mappings":"AAcA;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,IAAgB;IAC5C,IAAI,SAAS,GAAkB,EAAE,CAAC;IAClC,IAAI,KAAK,GAAe,EAAE,CAAC;IAC3B,IAAI,OAAO,GAAqB,EAAE,CAAC;IACnC,IAAI,KAAK,GAAe,EAAE,CAAC;IAC3B,IAAI,KAAK,GAAgB,EAAE,CAAC;IAE5B,gDAAgD;IAChD,MAAM,WAAW,GAAI,IAA0C,CAAC,WAAW,CAAC;IAC5E,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;gBAAE,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;YAClE,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;gBAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;YACtD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBAAE,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YAC5D,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;gBAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;YACtD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;gBAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QACxD,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7C,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED,uCAAuC;IACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACrC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED,OAAO;QACL,SAAS;QACT,KAAK;QACL,OAAO;QACP,QAAQ,EAAE,EAAE;QACZ,KAAK;QACL,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,OAAmB,EAAE,QAAyB;IACzE,MAAM,MAAM,GAAY,EAAE,CAAC;IAE3B,sBAAsB;IACtB,MAAM,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAE/C,0BAA0B;IAC1B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACzE,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,SAAS;gBACnB,WAAW,EAAE,gBAAgB,IAAI,CAAC,OAAO,UAAU,IAAI,CAAC,GAAG,WAAW,IAAI,CAAC,IAAI,GAAG;gBAClF,QAAQ,EAAE,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;gBAClD,OAAO,EAAE,QAAQ,IAAI,CAAC,GAAG,WAAW,IAAI,CAAC,GAAG,GAAG;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACtE,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,SAAS;gBACnB,WAAW,EAAE,oBAAoB,IAAI,CAAC,OAAO,oBAAoB,IAAI,CAAC,IAAI,GAAG;gBAC7E,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,uCAAuC;aACjD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAClF,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;YACxD,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,uBAAuB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,OAAO,GAAG;gBAClF,QAAQ,EAAE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;gBAC9C,OAAO,EAAE,YAAY,IAAI,CAAC,OAAO,EAAE;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IACjF,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAClC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;YACzD,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,gBAAgB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,SAAS,IAAI,CAAC,OAAO,GAAG;gBAC/E,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,SAAS,GAAkB,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAEpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,cAAc;QACd,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,SAAS;QAC5D,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS;QAErC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YACvB,SAAS,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;gBACd,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC;gBAChC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC9B,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC9B,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;aACnC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAEpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,cAAc;QACd,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QAE/D,wEAAwE;QACxE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC;gBACT,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjB,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK;gBAC9C,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,SAAS;aACxC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACjG,OAAO,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AACtE,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Monitor System — LLM prompts for each phase and check type.
|
|
3
|
+
*/
|
|
4
|
+
import type { MonitorMode, MonitorBaseline, ThreatEvent } from './types.js';
|
|
5
|
+
export declare const SCAN_SYSTEM_PROMPT = "You are a SECURITY MONITOR performing a full system scan.\n\nUse the run_command tool to gather system state. Run these commands:\n1. ps aux --sort=-%cpu | head -50\n2. ss -tlnp\n3. cat /etc/ssh/sshd_config 2>/dev/null || echo \"No SSH config\"\n4. crontab -l 2>/dev/null; for u in $(cut -f1 -d: /etc/passwd); do crontab -l -u $u 2>/dev/null && echo \"--- User: $u ---\"; done\n5. iptables -L -n 2>/dev/null || echo \"No iptables access\"\n6. last -20 2>/dev/null || echo \"No login history\"\n7. find /etc -newer /etc/hostname -type f -mmin -1440 2>/dev/null | head -30\n8. cat /etc/passwd | grep -v nologin | grep -v false\n\nAfter gathering all data, output a structured baseline report between these markers:\n\nBASELINE_START\n{\n \"processes\": [{\"pid\": N, \"user\": \"...\", \"command\": \"...\", \"cpu\": N, \"mem\": N}],\n \"ports\": [{\"port\": N, \"protocol\": \"tcp|udp\", \"process\": \"...\", \"address\": \"...\"}],\n \"configs\": [{\"file\": \"...\", \"hash\": \"...\", \"lastModified\": N}],\n \"users\": [{\"name\": \"...\", \"uid\": N, \"shell\": \"...\", \"lastLogin\": N}],\n \"crons\": [{\"user\": \"...\", \"schedule\": \"...\", \"command\": \"...\"}],\n \"packages\": []\n}\nBASELINE_END\n\nBe thorough but efficient. Only include active/relevant entries.";
|
|
6
|
+
export declare function watchPrompt(baseline: MonitorBaseline, mode: MonitorMode): string;
|
|
7
|
+
export declare function analyzeThreatPrompt(threat: ThreatEvent, mode: MonitorMode): string;
|
|
8
|
+
export declare const ACTIVE_INTEL_PROMPT = "You are a THREAT INTELLIGENCE analyst in ACTIVE mode.\n\nAnalyze the collected threat data and create an attacker profile:\n1. Group related events by source IP or pattern\n2. Identify attack vectors and techniques (MITRE ATT&CK if possible)\n3. Assess attacker sophistication\n4. Suggest honeypot configuration\n\nOutput:\nINTEL: {\"attackerProfile\": \"...\", \"techniques\": [\"...\"], \"sophistication\": \"low|medium|high|apt\", \"honeypotConfig\": {\"port\": N, \"service\": \"...\", \"purpose\": \"...\"}}";
|
|
9
|
+
//# sourceMappingURL=prompts.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/prompts.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM5E,eAAO,MAAM,kBAAkB,4wCAyBkC,CAAC;AAMlE,wBAAgB,WAAW,CAAC,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CA+BhF;AAMD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAsBlF;AAMD,eAAO,MAAM,mBAAmB,qgBASqI,CAAC"}
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
// ---------------------------------------------------------------------------
|
|
2
|
+
// Phase 1: Full System Scan
|
|
3
|
+
// ---------------------------------------------------------------------------
|
|
4
|
+
export const SCAN_SYSTEM_PROMPT = `You are a SECURITY MONITOR performing a full system scan.
|
|
5
|
+
|
|
6
|
+
Use the run_command tool to gather system state. Run these commands:
|
|
7
|
+
1. ps aux --sort=-%cpu | head -50
|
|
8
|
+
2. ss -tlnp
|
|
9
|
+
3. cat /etc/ssh/sshd_config 2>/dev/null || echo "No SSH config"
|
|
10
|
+
4. crontab -l 2>/dev/null; for u in $(cut -f1 -d: /etc/passwd); do crontab -l -u $u 2>/dev/null && echo "--- User: $u ---"; done
|
|
11
|
+
5. iptables -L -n 2>/dev/null || echo "No iptables access"
|
|
12
|
+
6. last -20 2>/dev/null || echo "No login history"
|
|
13
|
+
7. find /etc -newer /etc/hostname -type f -mmin -1440 2>/dev/null | head -30
|
|
14
|
+
8. cat /etc/passwd | grep -v nologin | grep -v false
|
|
15
|
+
|
|
16
|
+
After gathering all data, output a structured baseline report between these markers:
|
|
17
|
+
|
|
18
|
+
BASELINE_START
|
|
19
|
+
{
|
|
20
|
+
"processes": [{"pid": N, "user": "...", "command": "...", "cpu": N, "mem": N}],
|
|
21
|
+
"ports": [{"port": N, "protocol": "tcp|udp", "process": "...", "address": "..."}],
|
|
22
|
+
"configs": [{"file": "...", "hash": "...", "lastModified": N}],
|
|
23
|
+
"users": [{"name": "...", "uid": N, "shell": "...", "lastLogin": N}],
|
|
24
|
+
"crons": [{"user": "...", "schedule": "...", "command": "..."}],
|
|
25
|
+
"packages": []
|
|
26
|
+
}
|
|
27
|
+
BASELINE_END
|
|
28
|
+
|
|
29
|
+
Be thorough but efficient. Only include active/relevant entries.`;
|
|
30
|
+
// ---------------------------------------------------------------------------
|
|
31
|
+
// Phase 3: Continuous Watch
|
|
32
|
+
// ---------------------------------------------------------------------------
|
|
33
|
+
export function watchPrompt(baseline, mode) {
|
|
34
|
+
const modeDesc = {
|
|
35
|
+
passive: 'PASSIVE mode — read-only, report only, no actions',
|
|
36
|
+
defensive: 'DEFENSIVE mode — can block IPs, kill processes, rotate secrets',
|
|
37
|
+
active: 'ACTIVE mode — can deploy honeypots, counter-intel, all defensive actions',
|
|
38
|
+
}[mode];
|
|
39
|
+
return `You are a SECURITY MONITOR in ${modeDesc}.
|
|
40
|
+
|
|
41
|
+
Current baseline (established ${new Date(baseline.timestamp).toISOString()}):
|
|
42
|
+
- ${baseline.processes.length} known processes
|
|
43
|
+
- ${baseline.ports.length} open ports
|
|
44
|
+
- ${baseline.users.length} system users
|
|
45
|
+
- ${baseline.crons.length} cron jobs
|
|
46
|
+
|
|
47
|
+
Perform a quick security check using run_command:
|
|
48
|
+
1. ps aux --sort=-%cpu | head -30
|
|
49
|
+
2. ss -tlnp
|
|
50
|
+
3. last -5 2>/dev/null
|
|
51
|
+
4. dmesg -T 2>/dev/null | tail -20
|
|
52
|
+
|
|
53
|
+
Compare the current state against the baseline.
|
|
54
|
+
|
|
55
|
+
If you detect ANY anomaly or threat, output:
|
|
56
|
+
THREAT: {"severity": "critical|high|medium|low|info", "category": "bruteforce|portscan|exfiltration|malware|config_change|privilege_escalation|secret_leak|anomaly", "title": "...", "details": "...", "source": "..."}
|
|
57
|
+
|
|
58
|
+
If everything looks normal, output:
|
|
59
|
+
ALL_CLEAR
|
|
60
|
+
|
|
61
|
+
${mode !== 'passive' ? `In ${mode} mode, also suggest a response:
|
|
62
|
+
RESPONSE: {"action": "block_ip|kill_process|close_port|rotate_secret|isolate_service|deploy_honeypot", "target": "...", "reason": "..."}` : ''}`;
|
|
63
|
+
}
|
|
64
|
+
// ---------------------------------------------------------------------------
|
|
65
|
+
// Threat Analysis
|
|
66
|
+
// ---------------------------------------------------------------------------
|
|
67
|
+
export function analyzeThreatPrompt(threat, mode) {
|
|
68
|
+
return `You are a SECURITY ANALYST evaluating a detected threat.
|
|
69
|
+
|
|
70
|
+
Threat: ${threat.title}
|
|
71
|
+
Severity: ${threat.severity}
|
|
72
|
+
Category: ${threat.category}
|
|
73
|
+
Details: ${threat.details}
|
|
74
|
+
Source: ${threat.source}
|
|
75
|
+
Time: ${new Date(threat.timestamp).toISOString()}
|
|
76
|
+
|
|
77
|
+
Monitor Mode: ${mode.toUpperCase()}
|
|
78
|
+
|
|
79
|
+
Investigate this threat using run_command tools:
|
|
80
|
+
1. Check the source (IP, process, file) for more context
|
|
81
|
+
2. Look at related log entries
|
|
82
|
+
3. Assess real severity (could be false positive)
|
|
83
|
+
|
|
84
|
+
Output your assessment:
|
|
85
|
+
ASSESSMENT: {"confirmedSeverity": "critical|high|medium|low|info", "isFalsePositive": true|false, "details": "..."}
|
|
86
|
+
|
|
87
|
+
${mode !== 'passive' ? `If action is warranted, output:
|
|
88
|
+
RESPONSE: {"action": "block_ip|kill_process|close_port|rotate_secret|isolate_service|deploy_honeypot", "target": "...", "reason": "...", "autoApprove": true|false}` : 'In PASSIVE mode, only report findings — do not suggest actions.'}`;
|
|
89
|
+
}
|
|
90
|
+
// ---------------------------------------------------------------------------
|
|
91
|
+
// Active Mode: Attacker Profiling
|
|
92
|
+
// ---------------------------------------------------------------------------
|
|
93
|
+
export const ACTIVE_INTEL_PROMPT = `You are a THREAT INTELLIGENCE analyst in ACTIVE mode.
|
|
94
|
+
|
|
95
|
+
Analyze the collected threat data and create an attacker profile:
|
|
96
|
+
1. Group related events by source IP or pattern
|
|
97
|
+
2. Identify attack vectors and techniques (MITRE ATT&CK if possible)
|
|
98
|
+
3. Assess attacker sophistication
|
|
99
|
+
4. Suggest honeypot configuration
|
|
100
|
+
|
|
101
|
+
Output:
|
|
102
|
+
INTEL: {"attackerProfile": "...", "techniques": ["..."], "sophistication": "low|medium|high|apt", "honeypotConfig": {"port": N, "service": "...", "purpose": "..."}}`;
|
|
103
|
+
//# sourceMappingURL=prompts.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/prompts.ts"],"names":[],"mappings":"AAKA,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,MAAM,CAAC,MAAM,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;iEAyB+B,CAAC;AAElE,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,MAAM,UAAU,WAAW,CAAC,QAAyB,EAAE,IAAiB;IACtE,MAAM,QAAQ,GAAG;QACf,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,gEAAgE;QAC3E,MAAM,EAAE,0EAA0E;KACnF,CAAC,IAAI,CAAC,CAAC;IAER,OAAO,iCAAiC,QAAQ;;gCAElB,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;IACtE,QAAQ,CAAC,SAAS,CAAC,MAAM;IACzB,QAAQ,CAAC,KAAK,CAAC,MAAM;IACrB,QAAQ,CAAC,KAAK,CAAC,MAAM;IACrB,QAAQ,CAAC,KAAK,CAAC,MAAM;;;;;;;;;;;;;;;;EAgBvB,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,IAAI;yIACwG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACjJ,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,MAAM,UAAU,mBAAmB,CAAC,MAAmB,EAAE,IAAiB;IACxE,OAAO;;UAEC,MAAM,CAAC,KAAK;YACV,MAAM,CAAC,QAAQ;YACf,MAAM,CAAC,QAAQ;WAChB,MAAM,CAAC,OAAO;UACf,MAAM,CAAC,MAAM;QACf,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;;gBAEhC,IAAI,CAAC,WAAW,EAAE;;;;;;;;;;EAUhC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC;oKAC6I,CAAC,CAAC,CAAC,iEAAiE,EAAE,CAAC;AAC3O,CAAC;AAED,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E,MAAM,CAAC,MAAM,mBAAmB,GAAG;;;;;;;;;qKASkI,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { DefenseAction, DefenseRecord } from './types.js';
|
|
2
|
+
type SendFn = (prompt: string) => Promise<string>;
|
|
3
|
+
/**
|
|
4
|
+
* Execute a defense action using the agent's run_command tool.
|
|
5
|
+
*/
|
|
6
|
+
export declare function executeDefense(action: DefenseAction | string, target: string, sendMessage: SendFn): Promise<DefenseRecord>;
|
|
7
|
+
/**
|
|
8
|
+
* Undo a reversible defense action.
|
|
9
|
+
*/
|
|
10
|
+
export declare function undoDefense(defense: DefenseRecord, sendMessage: SendFn): Promise<boolean>;
|
|
11
|
+
export {};
|
|
12
|
+
//# sourceMappingURL=responder.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"responder.d.ts","sourceRoot":"","sources":["../../../../src/cli/agent/monitor/responder.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE/D,KAAK,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAElD;;GAEG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,aAAa,GAAG,MAAM,EAC9B,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,aAAa,CAAC,CAwCxB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,aAAa,EACtB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC,CAgBlB"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Monitor System — Executes defense actions (defensive/active mode only).
|
|
3
|
+
*/
|
|
4
|
+
import { randomUUID } from 'node:crypto';
|
|
5
|
+
/**
|
|
6
|
+
* Execute a defense action using the agent's run_command tool.
|
|
7
|
+
*/
|
|
8
|
+
export async function executeDefense(action, target, sendMessage) {
|
|
9
|
+
const defensePrompts = {
|
|
10
|
+
block_ip: `Block the IP address ${target} using iptables. Run:
|
|
11
|
+
iptables -A INPUT -s ${target} -j DROP
|
|
12
|
+
Then verify with: iptables -L -n | grep ${target}`,
|
|
13
|
+
kill_process: `Kill the suspicious process: ${target}. Run:
|
|
14
|
+
kill -9 ${target}
|
|
15
|
+
Then verify it's gone with: ps aux | grep ${target}`,
|
|
16
|
+
close_port: `Close port ${target} using iptables. Run:
|
|
17
|
+
iptables -A INPUT --dport ${target} -j DROP
|
|
18
|
+
Then verify with: ss -tlnp | grep ${target}`,
|
|
19
|
+
rotate_secret: `Rotate the compromised secret for: ${target}
|
|
20
|
+
Generate a new secure random key and update the relevant config file.`,
|
|
21
|
+
isolate_service: `Isolate the service: ${target}
|
|
22
|
+
Stop the service and block its network access:
|
|
23
|
+
systemctl stop ${target} 2>/dev/null
|
|
24
|
+
iptables -A OUTPUT -m owner --uid-owner $(id -u ${target}) -j DROP 2>/dev/null`,
|
|
25
|
+
deploy_honeypot: `Deploy a honeypot for: ${target}
|
|
26
|
+
Start a fake service that logs all connection attempts.
|
|
27
|
+
Use: ncat -l -k -p ${target} -c 'echo "SSH-2.0-OpenSSH_8.2p1"; cat >> /tmp/honeypot.log' &`,
|
|
28
|
+
};
|
|
29
|
+
const prompt = defensePrompts[action] || `Execute defense action "${action}" against target "${target}".`;
|
|
30
|
+
await sendMessage(prompt);
|
|
31
|
+
return {
|
|
32
|
+
id: randomUUID().slice(0, 8),
|
|
33
|
+
action: action,
|
|
34
|
+
target,
|
|
35
|
+
reason: `Auto-response to detected threat`,
|
|
36
|
+
autoApproved: true,
|
|
37
|
+
reversible: action === 'block_ip' || action === 'close_port',
|
|
38
|
+
timestamp: Date.now(),
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Undo a reversible defense action.
|
|
43
|
+
*/
|
|
44
|
+
export async function undoDefense(defense, sendMessage) {
|
|
45
|
+
if (!defense.reversible)
|
|
46
|
+
return false;
|
|
47
|
+
const undoPrompts = {
|
|
48
|
+
block_ip: `Unblock IP address ${defense.target}. Run:
|
|
49
|
+
iptables -D INPUT -s ${defense.target} -j DROP`,
|
|
50
|
+
close_port: `Re-open port ${defense.target}. Run:
|
|
51
|
+
iptables -D INPUT --dport ${defense.target} -j DROP`,
|
|
52
|
+
};
|
|
53
|
+
const prompt = undoPrompts[defense.action];
|
|
54
|
+
if (!prompt)
|
|
55
|
+
return false;
|
|
56
|
+
await sendMessage(prompt);
|
|
57
|
+
return true;
|
|
58
|
+
}
|
|
59
|
+
//# sourceMappingURL=responder.js.map
|