honeyweb-core 2.0.3 → 2.0.4

package/ai/gemini.js

@@ -1,9 +1,7 @@
 // honeyweb-core/ai/gemini.js
-// Google Gemini API client
 
 const { GoogleGenerativeAI } = require('@google/generative-ai');
 
-// Retry config
 const MAX_RETRIES = 3;
 const INITIAL_BACKOFF_MS = 2000;
 
@@ -11,7 +9,7 @@ class GeminiClient {
     constructor(config) {
         this.enabled = config.enabled && !!config.apiKey;
         this.timeout = config.timeout || 50000;
-        this.modelName = config.model || 'gemini-3-flash-preview';
+        this.modelName = config.model || 'gemini-2.5-flash';
 
         if (this.enabled) {
             this.genAI = new GoogleGenerativeAI(config.apiKey);
@@ -20,37 +18,20 @@ class GeminiClient {
         }
     }
 
-    /**
-     * Sleep helper
-     */
     _sleep(ms) {
         return new Promise(resolve => setTimeout(resolve, ms));
     }
 
-    /**
-     * Check if an error is retryable
-     */
     _isRetryable(err) {
         const msg = err.message || '';
-        return msg.includes('503')
-            || msg.includes('429')
-            || msg.includes('500')
-            || msg.includes('Service Unavailable')
-            || msg.includes('overloaded')
-            || msg.includes('high demand')
-            || msg.includes('RESOURCE_EXHAUSTED')
+        return msg.includes('503') || msg.includes('429') || msg.includes('500')
+            || msg.includes('Service Unavailable') || msg.includes('overloaded')
+            || msg.includes('high demand') || msg.includes('RESOURCE_EXHAUSTED')
             || msg.includes('Quota exceeded');
     }
 
-    /**
-     * Generate AI analysis with retry logic
-     * @param {string} prompt - Analysis prompt
-     * @returns {Promise<string|null>} - AI response or null on failure
-     */
     async analyze(prompt) {
-        if (!this.enabled) {
-            return null;
-        }
+        if (!this.enabled) return null;
 
         let lastError = null;
 
@@ -66,18 +47,16 @@ class GeminiClient {
                 const response = await result.response;
                 const text = response.text();
 
-                if (text) {
-                    return text;
-                }
+                if (text) return text;
 
-                console.warn('[Gemini] Empty response from AI, retrying...');
+                console.warn('[Gemini] Empty response, retrying...');
                 lastError = new Error('Empty AI response');
             } catch (err) {
                 lastError = err;
 
                 if (this._isRetryable(err) && attempt < MAX_RETRIES - 1) {
                     const backoff = INITIAL_BACKOFF_MS * Math.pow(2, attempt);
-                    console.warn(`[Gemini] Retryable error (attempt ${attempt + 1}/${MAX_RETRIES}): ${err.message}. Retrying in ${backoff}ms...`);
+                    console.warn(`[Gemini] Retryable error (${attempt + 1}/${MAX_RETRIES}): ${err.message}. Retry in ${backoff}ms`);
                     await this._sleep(backoff);
                     continue;
                 }
@@ -86,14 +65,10 @@ class GeminiClient {
             }
         }
 
-        console.error(`[Gemini] AI analysis failed after ${MAX_RETRIES} attempts:`, lastError?.message);
+        console.error(`[Gemini] Failed after ${MAX_RETRIES} attempts:`, lastError?.message);
         return null;
     }
 
-    /**
-     * Check if AI is enabled
-     * @returns {boolean}
-     */
     isEnabled() {
         return this.enabled;
     }

package/ai/index.js

@@ -1,5 +1,4 @@
 // honeyweb-core/ai/index.js
-// AI orchestrator
 
 const GeminiClient = require('./gemini');
 const { generateThreatAnalysisPrompt, generateTrapAnalysisPrompt } = require('./prompt-templates');
@@ -9,38 +8,16 @@ class AIAnalyzer {
         this.client = new GeminiClient(config);
     }
 
-    /**
-     * Analyze threat with AI
-     * @param {Object} data - Threat data
-     * @returns {Promise<string|null>} - AI analysis report
-     */
     async analyzeThreat(data) {
-        if (!this.client.isEnabled()) {
-            return null;
-        }
-
-        const prompt = generateThreatAnalysisPrompt(data);
-        return await this.client.analyze(prompt);
+        if (!this.client.isEnabled()) return null;
+        return await this.client.analyze(generateThreatAnalysisPrompt(data));
     }
 
-    /**
-     * Analyze trap trigger with AI
-     * @param {Object} data - Trap trigger data
-     * @returns {Promise<string|null>} - AI analysis report
-     */
     async analyzeTrap(data) {
-        if (!this.client.isEnabled()) {
-            return null;
-        }
-
-        const prompt = generateTrapAnalysisPrompt(data);
-        return await this.client.analyze(prompt);
+        if (!this.client.isEnabled()) return null;
+        return await this.client.analyze(generateTrapAnalysisPrompt(data));
     }
 
-    /**
-     * Check if AI is enabled
-     * @returns {boolean}
-     */
     isEnabled() {
         return this.client.isEnabled();
     }

package/config/defaults.js

@@ -1,55 +1,39 @@
-// honeyweb-core/config/defaults.js
-// Default configuration values extracted from hardcoded constants
-
 module.exports = {
-    // AI Configuration
     ai: {
         enabled: true,
         apiKey: process.env.HONEYWEB_API_KEY || '',
-        model: 'gemini-3-flash-preview',
+        model: 'gemini-2.5-flash',
         timeout: 30000
     },
-
-    // Detection Configuration
     detection: {
-        patterns: {
-            enabled: true,
-            sqli: true,
-            xss: true
-        },
+        patterns: { enabled: true, sqli: true, xss: true },
         behavioral: {
-            enabled: true, // Phase 2 feature - ENABLED
+            enabled: true,
             suspicionThreshold: 50,
             trackTiming: true,
             trackNavigation: true
         },
         whitelist: {
-            enabled: true, // Phase 2 feature - ENABLED
-            verifyDNS: true, // DNS verification ENABLED
-            cacheTTL: 86400000, // 24 hours
+            enabled: true,
+            verifyDNS: true,
+            cacheTTL: 86400000,
             bots: ['Googlebot', 'Bingbot', 'Slackbot', 'facebookexternalhit']
         }
     },
-
-    // Rate Limiting
     rateLimit: {
         enabled: true,
-        window: 10000, // 10 seconds
+        window: 10000,
         maxRequests: 50,
-        cleanupInterval: 60000 // Auto-cleanup every 60s
+        cleanupInterval: 60000
     },
-
-    // Storage Configuration
     storage: {
-        type: 'json', // 'json' or 'memory'
+        type: 'json',
         path: './blocked-ips.json',
         async: true,
         cache: true,
-        banDuration: 300000, // 24 hours
+        banDuration: 50000,
         autoCleanup: true
     },
-
-    // Trap Configuration
     traps: {
         paths: [
             '/admin-backup-v2',
@@ -58,22 +42,15 @@ module.exports = {
             '/auth/root-access',
             '/sys/config-safe'
         ],
-        injection: {
-            enabled: true,
-            invisibleLinks: true
-        }
+        injection: { enabled: true, invisibleLinks: true }
     },
-
-    // Dashboard Configuration
     dashboard: {
         enabled: true,
         path: '/honeyweb-status',
         secret: process.env.HONEYWEB_DASHBOARD_SECRET || 'admin123'
     },
-
-    // Logging Configuration
     logging: {
-        level: 'info', // 'debug', 'info', 'warn', 'error'
-        format: 'pretty' // 'pretty' or 'json'
+        level: 'info',
+        format: 'pretty'
     }
 };

package/config/index.js

@@ -1,25 +1,17 @@
 // honeyweb-core/config/index.js
-// Configuration loader with validation
 
 const defaults = require('./defaults');
 const { validateConfig } = require('./schema');
 const path = require('path');
 const fs = require('fs');
 
-/**
- * Deep merge two objects
- */
 function deepMerge(target, source) {
     const output = { ...target };
 
     if (isObject(target) && isObject(source)) {
         Object.keys(source).forEach(key => {
             if (isObject(source[key])) {
-                if (!(key in target)) {
-                    output[key] = source[key];
-                } else {
-                    output[key] = deepMerge(target[key], source[key]);
-                }
+                output[key] = key in target ? deepMerge(target[key], source[key]) : source[key];
             } else {
                 output[key] = source[key];
             }
@@ -33,17 +25,10 @@ function isObject(item) {
     return item && typeof item === 'object' && !Array.isArray(item);
 }
 
-/**
- * Load configuration from multiple sources
- * Priority: userConfig > configFile > envVars > defaults
- *
- * @param {Object} userConfig - Configuration passed programmatically
- * @returns {Object} - Merged and validated configuration
- */
+// Priority: userConfig > configFile > envVars > defaults
 function loadConfig(userConfig = {}) {
     let config = { ...defaults };
 
-    // 1. Try to load from config file (honeyweb.config.js)
     const configPath = path.join(process.cwd(), 'honeyweb.config.js');
     if (fs.existsSync(configPath)) {
         try {
@@ -54,27 +39,14 @@ function loadConfig(userConfig = {}) {
         }
     }
 
-    // 2. Override with environment variables
-    if (process.env.HONEYWEB_API_KEY) {
-        config.ai.apiKey = process.env.HONEYWEB_API_KEY;
-    }
-    if (process.env.HONEYWEB_AI_MODEL) {
-        config.ai.model = process.env.HONEYWEB_AI_MODEL;
-    }
-    if (process.env.HONEYWEB_DASHBOARD_SECRET) {
-        config.dashboard.secret = process.env.HONEYWEB_DASHBOARD_SECRET;
-    }
-    if (process.env.HONEYWEB_LOG_LEVEL) {
-        config.logging.level = process.env.HONEYWEB_LOG_LEVEL;
-    }
-    if (process.env.HONEYWEB_STORAGE_PATH) {
-        config.storage.path = process.env.HONEYWEB_STORAGE_PATH;
-    }
+    if (process.env.HONEYWEB_API_KEY) config.ai.apiKey = process.env.HONEYWEB_API_KEY;
+    if (process.env.HONEYWEB_AI_MODEL) config.ai.model = process.env.HONEYWEB_AI_MODEL;
+    if (process.env.HONEYWEB_DASHBOARD_SECRET) config.dashboard.secret = process.env.HONEYWEB_DASHBOARD_SECRET;
+    if (process.env.HONEYWEB_LOG_LEVEL) config.logging.level = process.env.HONEYWEB_LOG_LEVEL;
+    if (process.env.HONEYWEB_STORAGE_PATH) config.storage.path = process.env.HONEYWEB_STORAGE_PATH;
 
-    // 3. Override with user-provided config (highest priority)
     config = deepMerge(config, userConfig);
 
-    // 4. Validate configuration
     const validation = validateConfig(config);
     if (!validation.valid) {
         throw new Error(`[HoneyWeb] Invalid configuration:\n${validation.errors.join('\n')}`);

package/config/schema.js

@@ -1,23 +1,14 @@
 // honeyweb-core/config/schema.js
-// Configuration validation schema
 
-/**
- * Validates configuration object
- * @param {Object} config - Configuration to validate
- * @returns {Object} - { valid: boolean, errors: string[] }
- */
 function validateConfig(config) {
     const errors = [];
 
-    // Validate AI config
     if (config.ai) {
-        // Note: API key is optional - AI will be disabled at runtime if missing
         if (config.ai.timeout && (typeof config.ai.timeout !== 'number' || config.ai.timeout < 0)) {
             errors.push('AI timeout must be a positive number');
         }
     }
 
-    // Validate rate limit config
     if (config.rateLimit) {
         if (config.rateLimit.window && (typeof config.rateLimit.window !== 'number' || config.rateLimit.window <= 0)) {
             errors.push('Rate limit window must be a positive number');
@@ -27,7 +18,6 @@ function validateConfig(config) {
         }
     }
 
-    // Validate storage config
     if (config.storage) {
         if (config.storage.type && !['json', 'memory'].includes(config.storage.type)) {
             errors.push('Storage type must be "json" or "memory"');
@@ -37,7 +27,6 @@ function validateConfig(config) {
         }
     }
 
-    // Validate traps config
     if (config.traps && config.traps.paths) {
         if (!Array.isArray(config.traps.paths)) {
             errors.push('Trap paths must be an array');
@@ -46,14 +35,12 @@ function validateConfig(config) {
         }
     }
 
-    // Validate dashboard config
     if (config.dashboard) {
         if (config.dashboard.enabled && !config.dashboard.path) {
             errors.push('Dashboard path is required when dashboard is enabled');
         }
     }
 
-    // Validate logging config
     if (config.logging) {
         if (config.logging.level && !['debug', 'info', 'warn', 'error'].includes(config.logging.level)) {
             errors.push('Logging level must be one of: debug, info, warn, error');
@@ -63,10 +50,7 @@ function validateConfig(config) {
         }
     }
 
-    return {
-        valid: errors.length === 0,
-        errors
-    };
+    return { valid: errors.length === 0, errors };
 }
 
 module.exports = { validateConfig };

package/detection/behavioral.js

@@ -1,186 +1,94 @@
-// honeyweb-core/detection/behavioral.js
-// Behavioral analysis to detect bot-like patterns
-
 class BehavioralAnalyzer {
     constructor(config) {
         this.enabled = config.enabled !== false;
         this.suspicionThreshold = config.suspicionThreshold || 50;
         this.trackTiming = config.trackTiming !== false;
         this.trackNavigation = config.trackNavigation !== false;
-
-        // Track sessions per IP
-        this.sessions = new Map(); // ip -> { requests: [], pages: [], firstSeen: timestamp }
-
-        // Auto-cleanup old sessions every 5 minutes
-        this.cleanupInterval = setInterval(() => {
-            this._cleanupOldSessions();
-        }, 300000);
+        this.sessions = new Map();
+        this.cleanupInterval = setInterval(() => this._cleanupOldSessions(), 300000);
     }
 
-    /**
-     * Analyze request for bot-like behavior
-     * @param {Object} req - Express request object
-     * @param {string} ip - Client IP address
-     * @returns {Object} - { suspicious: boolean, suspicionScore: number, reasons: string[] }
-     */
     analyze(req, ip) {
-        if (!this.enabled) {
-            return { suspicious: false, suspicionScore: 0, reasons: [] };
-        }
+        if (!this.enabled) return { suspicious: false, suspicionScore: 0, reasons: [] };
 
         const now = Date.now();
         const reasons = [];
         let suspicionScore = 0;
 
-        // Get or create session
         let session = this.sessions.get(ip);
         if (!session) {
-            session = {
-                requests: [],
-                pages: [],
-                firstSeen: now
-            };
+            session = { requests: [], pages: [], firstSeen: now };
             this.sessions.set(ip, session);
         }
 
-        // 1. TIMING ANALYSIS
+        // Timing analysis
         if (this.trackTiming && session.requests.length > 0) {
-            const lastRequest = session.requests[session.requests.length - 1];
-            const timeSinceLastRequest = now - lastRequest;
+            const timeSinceLast = now - session.requests[session.requests.length - 1];
 
-            // Too fast (< 100ms between requests)
-            if (timeSinceLastRequest < 100) {
+            if (timeSinceLast < 100) {
                 reasons.push('Requests too fast (< 100ms interval)');
                 suspicionScore += 30;
             }
 
-            // Check for consistent timing (bot pattern)
             if (session.requests.length >= 5) {
                 const intervals = [];
                 for (let i = 1; i < session.requests.length; i++) {
                     intervals.push(session.requests[i] - session.requests[i - 1]);
                 }
+                const avg = intervals.reduce((a, b) => a + b, 0) / intervals.length;
+                const variance = intervals.reduce((s, v) => s + Math.pow(v - avg, 2), 0) / intervals.length;
 
-                // Calculate variance
-                const avgInterval = intervals.reduce((a, b) => a + b, 0) / intervals.length;
-                const variance = intervals.reduce((sum, interval) => {
-                    return sum + Math.pow(interval - avgInterval, 2);
-                }, 0) / intervals.length;
-
-                // Low variance = consistent timing = bot
-                if (variance < 1000 && avgInterval < 2000) {
+                if (variance < 1000 && avg < 2000) {
                     reasons.push('Consistent request timing (bot pattern)');
                     suspicionScore += 25;
                 }
             }
         }
 
-        // 2. NAVIGATION ANALYSIS
+        // Navigation analysis
         if (this.trackNavigation) {
-            const path = req.path;
-
-            // Detect direct deep link access (skipping homepage)
-            if (session.pages.length === 0 && path !== '/' && !path.startsWith('/public')) {
+            if (session.pages.length === 0 && req.path !== '/' && !req.path.startsWith('/public')) {
                 reasons.push('Direct deep link access (skipped homepage)');
                 suspicionScore += 15;
             }
 
-            // Detect breadth-first crawling (accessing many different paths quickly)
-            const uniquePaths = new Set(session.pages);
-            if (uniquePaths.size > 10 && (now - session.firstSeen) < 10000) {
+            if (new Set(session.pages).size > 10 && (now - session.firstSeen) < 10000) {
                 reasons.push('Breadth-first crawling detected');
                 suspicionScore += 20;
             }
 
-            session.pages.push(path);
+            session.pages.push(req.path);
         }
 
-        // 3. SESSION ANALYSIS
-        const sessionDuration = now - session.firstSeen;
-        const requestCount = session.requests.length;
-
-        // Short session with many requests (scraping)
-        if (sessionDuration < 5000 && requestCount > 10) {
+        // Session analysis
+        const duration = now - session.firstSeen;
+        if (duration < 5000 && session.requests.length > 10) {
             reasons.push('High request rate in short session');
             suspicionScore += 20;
         }
-
-        // Very long session with consistent activity (persistent bot)
-        if (sessionDuration > 300000 && requestCount > 100) {
+        if (duration > 300000 && session.requests.length > 100) {
             reasons.push('Persistent automated activity');
             suspicionScore += 15;
         }
 
-        // Record this request
         session.requests.push(now);
+        if (session.requests.length > 20) session.requests = session.requests.slice(-20);
+        if (session.pages.length > 50) session.pages = session.pages.slice(-50);
 
-        // Keep only last 20 requests to prevent memory bloat
-        if (session.requests.length > 20) {
-            session.requests = session.requests.slice(-20);
-        }
-        if (session.pages.length > 50) {
-            session.pages = session.pages.slice(-50);
-        }
-
-        // Cap score at 100
-        suspicionScore = Math.min(100, suspicionScore);
-
-        return {
-            suspicious: suspicionScore >= this.suspicionThreshold,
-            suspicionScore,
-            reasons
-        };
+        return { suspicious: Math.min(100, suspicionScore) >= this.suspicionThreshold, suspicionScore: Math.min(100, suspicionScore), reasons };
     }
 
-    /**
-     * Clean up old sessions (> 1 hour)
-     * @private
-     */
     _cleanupOldSessions() {
         const now = Date.now();
-        const maxAge = 3600000; // 1 hour
-
         for (const [ip, session] of this.sessions.entries()) {
-            if (now - session.firstSeen > maxAge) {
-                this.sessions.delete(ip);
-            }
+            if (now - session.firstSeen > 3600000) this.sessions.delete(ip);
         }
     }
 
-    /**
-     * Get statistics
-     * @returns {Object}
-     */
-    getStats() {
-        return {
-            activeSessions: this.sessions.size,
-            enabled: this.enabled
-        };
-    }
-
-    /**
-     * Reset session for an IP
-     * @param {string} ip
-     */
-    resetSession(ip) {
-        this.sessions.delete(ip);
-    }
-
-    /**
-     * Clear all sessions
-     */
-    clear() {
-        this.sessions.clear();
-    }
-
-    /**
-     * Cleanup and stop timers
-     */
-    destroy() {
-        if (this.cleanupInterval) {
-            clearInterval(this.cleanupInterval);
-        }
-    }
+    getStats() { return { activeSessions: this.sessions.size, enabled: this.enabled }; }
+    resetSession(ip) { this.sessions.delete(ip); }
+    clear() { this.sessions.clear(); }
+    destroy() { if (this.cleanupInterval) clearInterval(this.cleanupInterval); }
 }
 
 module.exports = BehavioralAnalyzer;