honeyweb-core 2.0.2 → 2.0.4

package/ai/gemini.js

@@ -1,49 +1,74 @@
 // honeyweb-core/ai/gemini.js
-// Google Gemini API client (extracted from main index.js)
 
 const { GoogleGenerativeAI } = require('@google/generative-ai');
 
+const MAX_RETRIES = 3;
+const INITIAL_BACKOFF_MS = 2000;
+
 class GeminiClient {
     constructor(config) {
-        this.enabled = config.enabled && config.apiKey;
-        this.timeout = config.timeout || 10000;
+        this.enabled = config.enabled && !!config.apiKey;
+        this.timeout = config.timeout || 50000;
+        this.modelName = config.model || 'gemini-2.5-flash';
 
         if (this.enabled) {
             this.genAI = new GoogleGenerativeAI(config.apiKey);
-            this.model = this.genAI.getGenerativeModel({ model: config.model || 'gemini-1.5-flash' });
+            this.model = this.genAI.getGenerativeModel({ model: this.modelName });
+            console.log(`[Gemini] Initialized with model: ${this.modelName}`);
         }
     }
 
-    /**
-     * Generate AI analysis
-     * @param {string} prompt - Analysis prompt
-     * @returns {Promise<string>} - AI response
-     */
+    _sleep(ms) {
+        return new Promise(resolve => setTimeout(resolve, ms));
+    }
+
+    _isRetryable(err) {
+        const msg = err.message || '';
+        return msg.includes('503') || msg.includes('429') || msg.includes('500')
+            || msg.includes('Service Unavailable') || msg.includes('overloaded')
+            || msg.includes('high demand') || msg.includes('RESOURCE_EXHAUSTED')
+            || msg.includes('Quota exceeded');
+    }
+
     async analyze(prompt) {
-        if (!this.enabled) {
-            return null;
-        }
+        if (!this.enabled) return null;
+
+        let lastError = null;
 
-        try {
-            const result = await Promise.race([
-                this.model.generateContent(prompt),
-                new Promise((_, reject) =>
-                    setTimeout(() => reject(new Error('AI request timeout')), this.timeout)
-                )
-            ]);
-
-            const response = await result.response;
-            return response.text();
-        } catch (err) {
-            console.error('[Gemini] AI analysis failed:', err.message);
-            return null;
+        for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
+            try {
+                const result = await Promise.race([
+                    this.model.generateContent(prompt),
+                    new Promise((_, reject) =>
+                        setTimeout(() => reject(new Error('AI request timeout')), this.timeout)
+                    )
+                ]);
+
+                const response = await result.response;
+                const text = response.text();
+
+                if (text) return text;
+
+                console.warn('[Gemini] Empty response, retrying...');
+                lastError = new Error('Empty AI response');
+            } catch (err) {
+                lastError = err;
+
+                if (this._isRetryable(err) && attempt < MAX_RETRIES - 1) {
+                    const backoff = INITIAL_BACKOFF_MS * Math.pow(2, attempt);
+                    console.warn(`[Gemini] Retryable error (${attempt + 1}/${MAX_RETRIES}): ${err.message}. Retry in ${backoff}ms`);
+                    await this._sleep(backoff);
+                    continue;
+                }
+
+                break;
+            }
         }
+
+        console.error(`[Gemini] Failed after ${MAX_RETRIES} attempts:`, lastError?.message);
+        return null;
     }
 
-    /**
-     * Check if AI is enabled
-     * @returns {boolean}
-     */
     isEnabled() {
         return this.enabled;
     }

package/ai/index.js

@@ -1,5 +1,4 @@
 // honeyweb-core/ai/index.js
-// AI orchestrator
 
 const GeminiClient = require('./gemini');
 const { generateThreatAnalysisPrompt, generateTrapAnalysisPrompt } = require('./prompt-templates');
@@ -9,38 +8,16 @@ class AIAnalyzer {
         this.client = new GeminiClient(config);
     }
 
-    /**
-     * Analyze threat with AI
-     * @param {Object} data - Threat data
-     * @returns {Promise<string|null>} - AI analysis report
-     */
     async analyzeThreat(data) {
-        if (!this.client.isEnabled()) {
-            return null;
-        }
-
-        const prompt = generateThreatAnalysisPrompt(data);
-        return await this.client.analyze(prompt);
+        if (!this.client.isEnabled()) return null;
+        return await this.client.analyze(generateThreatAnalysisPrompt(data));
     }
 
-    /**
-     * Analyze trap trigger with AI
-     * @param {Object} data - Trap trigger data
-     * @returns {Promise<string|null>} - AI analysis report
-     */
     async analyzeTrap(data) {
-        if (!this.client.isEnabled()) {
-            return null;
-        }
-
-        const prompt = generateTrapAnalysisPrompt(data);
-        return await this.client.analyze(prompt);
+        if (!this.client.isEnabled()) return null;
+        return await this.client.analyze(generateTrapAnalysisPrompt(data));
     }
 
-    /**
-     * Check if AI is enabled
-     * @returns {boolean}
-     */
     isEnabled() {
         return this.client.isEnabled();
     }

package/ai/prompt-templates.js

@@ -1,61 +1,41 @@
 // honeyweb-core/ai/prompt-templates.js
 // AI prompt templates for threat analysis
 
-/**
- * Generate threat analysis prompt
- * @param {Object} data - Threat data
- * @returns {string} - Formatted prompt
- */
 function generateThreatAnalysisPrompt(data) {
-    const { ip, path, threats, userAgent, referer, method, timestamp } = data;
+    const { ip, path, threats, userAgent, method, timestamp } = data;
 
-    return `You are a cybersecurity analyst. Analyze this suspicious web request and provide a concise threat assessment.
+    return `Cybersecurity analyst for HoneyWeb honeypot. Analyze this attack. Plain text only, no markdown or asterisks. Use UPPERCASE headers.
 
-**Request Details:**
-- IP Address: ${ip}
-- Path: ${path}
-- Method: ${method}
-- User-Agent: ${userAgent || 'Not provided'}
-- Referer: ${referer || 'Not provided'}
-- Timestamp: ${new Date(timestamp).toISOString()}
+REQUEST: ${method} ${path} from ${ip}
+User-Agent: ${userAgent || 'N/A'}
+Time: ${new Date(timestamp).toISOString()}
+Threats: ${threats.join('; ')}
 
-**Detected Threats:**
-${threats.map(t => `- ${t}`).join('\n')}
+Respond with:
+CLASSIFICATION: Attack type and technique.
+RISK: Severity (CRITICAL/HIGH/MEDIUM/LOW), impact if successful.
+PROFILE: Skill level, likely tool, automated or manual.
+ACTIONS: Immediate and long-term defenses.
 
-**Analysis Required:**
-1. What type of attack is this likely to be?
-2. What is the attacker's probable intent?
-3. What vulnerabilities are they trying to exploit?
-4. Recommended defensive actions?
-
-Provide a brief, actionable report (3-4 sentences).`;
+Keep to 4-6 sentences total.`;
 }
 
-/**
- * Generate trap trigger analysis prompt
- * @param {Object} data - Trap trigger data
- * @returns {string} - Formatted prompt
- */
 function generateTrapAnalysisPrompt(data) {
     const { ip, path, userAgent, timestamp } = data;
 
-    return `A honeypot trap was triggered. Analyze this bot behavior:
-
-**Bot Details:**
-- IP Address: ${ip}
-- Trap Path: ${path}
-- User-Agent: ${userAgent || 'Not provided'}
-- Timestamp: ${new Date(timestamp).toISOString()}
+    return `Cybersecurity analyst for HoneyWeb honeypot. A hidden trap link (invisible to humans) was accessed. Plain text only, no markdown or asterisks. Use UPPERCASE headers.
 
-**Context:**
-The bot accessed an invisible honeypot link that legitimate users cannot see. This indicates automated crawling behavior.
+TRAP HIT: ${path} from ${ip}
+User-Agent: ${userAgent || 'N/A'}
+Time: ${new Date(timestamp).toISOString()}
 
-**Analysis Required:**
-1. What type of bot is this (scraper, vulnerability scanner, etc.)?
-2. What is the bot's likely purpose?
-3. Is this a sophisticated or basic bot?
+Respond with:
+BOT TYPE: What kind of bot and why.
+SOPHISTICATION: BASIC/INTERMEDIATE/ADVANCED with reason.
+THREAT: Severity (CRITICAL/HIGH/MEDIUM/LOW), malicious or benign.
+ACTIONS: Recommended next steps.
 
-Provide a brief assessment (2-3 sentences).`;
+Keep to 3-5 sentences total.`;
 }
 
 module.exports = {

package/config/defaults.js

@@ -1,55 +1,39 @@
-// honeyweb-core/config/defaults.js
-// Default configuration values extracted from hardcoded constants
-
 module.exports = {
-    // AI Configuration
     ai: {
         enabled: true,
         apiKey: process.env.HONEYWEB_API_KEY || '',
-        model: 'gemini-1.5-flash', // Using 1.5 for wider geographic availability
-        timeout: 10000
+        model: 'gemini-2.5-flash',
+        timeout: 30000
     },
-
-    // Detection Configuration
     detection: {
-        patterns: {
-            enabled: true,
-            sqli: true,
-            xss: true
-        },
+        patterns: { enabled: true, sqli: true, xss: true },
         behavioral: {
-            enabled: true, // Phase 2 feature - ENABLED
+            enabled: true,
             suspicionThreshold: 50,
             trackTiming: true,
             trackNavigation: true
         },
         whitelist: {
-            enabled: true, // Phase 2 feature - ENABLED
-            verifyDNS: true, // DNS verification ENABLED
-            cacheTTL: 86400000, // 24 hours
+            enabled: true,
+            verifyDNS: true,
+            cacheTTL: 86400000,
             bots: ['Googlebot', 'Bingbot', 'Slackbot', 'facebookexternalhit']
         }
     },
-
-    // Rate Limiting
     rateLimit: {
         enabled: true,
-        window: 10000, // 10 seconds
+        window: 10000,
         maxRequests: 50,
-        cleanupInterval: 60000 // Auto-cleanup every 60s
+        cleanupInterval: 60000
     },
-
-    // Storage Configuration
     storage: {
-        type: 'json', // 'json' or 'memory'
+        type: 'json',
         path: './blocked-ips.json',
         async: true,
         cache: true,
-        banDuration: 86400000, // 24 hours
+        banDuration: 50000,
         autoCleanup: true
     },
-
-    // Trap Configuration
     traps: {
         paths: [
             '/admin-backup-v2',
@@ -58,22 +42,15 @@ module.exports = {
             '/auth/root-access',
             '/sys/config-safe'
         ],
-        injection: {
-            enabled: true,
-            invisibleLinks: true
-        }
+        injection: { enabled: true, invisibleLinks: true }
     },
-
-    // Dashboard Configuration
     dashboard: {
         enabled: true,
         path: '/honeyweb-status',
         secret: process.env.HONEYWEB_DASHBOARD_SECRET || 'admin123'
     },
-
-    // Logging Configuration
     logging: {
-        level: 'info', // 'debug', 'info', 'warn', 'error'
-        format: 'pretty' // 'pretty' or 'json'
+        level: 'info',
+        format: 'pretty'
     }
 };

package/config/index.js

@@ -1,25 +1,17 @@
 // honeyweb-core/config/index.js
-// Configuration loader with validation
 
 const defaults = require('./defaults');
 const { validateConfig } = require('./schema');
 const path = require('path');
 const fs = require('fs');
 
-/**
- * Deep merge two objects
- */
 function deepMerge(target, source) {
     const output = { ...target };
 
     if (isObject(target) && isObject(source)) {
         Object.keys(source).forEach(key => {
             if (isObject(source[key])) {
-                if (!(key in target)) {
-                    output[key] = source[key];
-                } else {
-                    output[key] = deepMerge(target[key], source[key]);
-                }
+                output[key] = key in target ? deepMerge(target[key], source[key]) : source[key];
             } else {
                 output[key] = source[key];
             }
@@ -33,17 +25,10 @@ function isObject(item) {
     return item && typeof item === 'object' && !Array.isArray(item);
 }
 
-/**
- * Load configuration from multiple sources
- * Priority: userConfig > configFile > envVars > defaults
- *
- * @param {Object} userConfig - Configuration passed programmatically
- * @returns {Object} - Merged and validated configuration
- */
+// Priority: userConfig > configFile > envVars > defaults
 function loadConfig(userConfig = {}) {
     let config = { ...defaults };
 
-    // 1. Try to load from config file (honeyweb.config.js)
     const configPath = path.join(process.cwd(), 'honeyweb.config.js');
     if (fs.existsSync(configPath)) {
         try {
@@ -54,27 +39,14 @@ function loadConfig(userConfig = {}) {
         }
     }
 
-    // 2. Override with environment variables
-    if (process.env.HONEYWEB_API_KEY) {
-        config.ai.apiKey = process.env.HONEYWEB_API_KEY;
-    }
-    if (process.env.HONEYWEB_AI_MODEL) {
-        config.ai.model = process.env.HONEYWEB_AI_MODEL;
-    }
-    if (process.env.HONEYWEB_DASHBOARD_SECRET) {
-        config.dashboard.secret = process.env.HONEYWEB_DASHBOARD_SECRET;
-    }
-    if (process.env.HONEYWEB_LOG_LEVEL) {
-        config.logging.level = process.env.HONEYWEB_LOG_LEVEL;
-    }
-    if (process.env.HONEYWEB_STORAGE_PATH) {
-        config.storage.path = process.env.HONEYWEB_STORAGE_PATH;
-    }
+    if (process.env.HONEYWEB_API_KEY) config.ai.apiKey = process.env.HONEYWEB_API_KEY;
+    if (process.env.HONEYWEB_AI_MODEL) config.ai.model = process.env.HONEYWEB_AI_MODEL;
+    if (process.env.HONEYWEB_DASHBOARD_SECRET) config.dashboard.secret = process.env.HONEYWEB_DASHBOARD_SECRET;
+    if (process.env.HONEYWEB_LOG_LEVEL) config.logging.level = process.env.HONEYWEB_LOG_LEVEL;
+    if (process.env.HONEYWEB_STORAGE_PATH) config.storage.path = process.env.HONEYWEB_STORAGE_PATH;
 
-    // 3. Override with user-provided config (highest priority)
     config = deepMerge(config, userConfig);
 
-    // 4. Validate configuration
     const validation = validateConfig(config);
     if (!validation.valid) {
         throw new Error(`[HoneyWeb] Invalid configuration:\n${validation.errors.join('\n')}`);

package/config/schema.js

@@ -1,23 +1,14 @@
 // honeyweb-core/config/schema.js
-// Configuration validation schema
 
-/**
- * Validates configuration object
- * @param {Object} config - Configuration to validate
- * @returns {Object} - { valid: boolean, errors: string[] }
- */
 function validateConfig(config) {
     const errors = [];
 
-    // Validate AI config
     if (config.ai) {
-        // Note: API key is optional - AI will be disabled at runtime if missing
         if (config.ai.timeout && (typeof config.ai.timeout !== 'number' || config.ai.timeout < 0)) {
             errors.push('AI timeout must be a positive number');
         }
     }
 
-    // Validate rate limit config
     if (config.rateLimit) {
         if (config.rateLimit.window && (typeof config.rateLimit.window !== 'number' || config.rateLimit.window <= 0)) {
             errors.push('Rate limit window must be a positive number');
@@ -27,7 +18,6 @@ function validateConfig(config) {
         }
     }
 
-    // Validate storage config
     if (config.storage) {
         if (config.storage.type && !['json', 'memory'].includes(config.storage.type)) {
             errors.push('Storage type must be "json" or "memory"');
@@ -37,7 +27,6 @@ function validateConfig(config) {
         }
     }
 
-    // Validate traps config
     if (config.traps && config.traps.paths) {
         if (!Array.isArray(config.traps.paths)) {
             errors.push('Trap paths must be an array');
@@ -46,14 +35,12 @@ function validateConfig(config) {
         }
     }
 
-    // Validate dashboard config
     if (config.dashboard) {
         if (config.dashboard.enabled && !config.dashboard.path) {
             errors.push('Dashboard path is required when dashboard is enabled');
         }
     }
 
-    // Validate logging config
     if (config.logging) {
         if (config.logging.level && !['debug', 'info', 'warn', 'error'].includes(config.logging.level)) {
             errors.push('Logging level must be one of: debug, info, warn, error');
@@ -63,10 +50,7 @@ function validateConfig(config) {
         }
     }
 
-    return {
-        valid: errors.length === 0,
-        errors
-    };
+    return { valid: errors.length === 0, errors };
 }
 
 module.exports = { validateConfig };