securenow 5.2.2 → 5.3.1

package/cli/security.js

@@ -0,0 +1,681 @@
+'use strict';
+
+const { api, requireAuth } = require('./client');
+const config = require('./config');
+const ui = require('./ui');
+
+function resolveApp(flags) {
+  return flags.app || config.getDefaultApp();
+}
+
+// ── Alert Rules ──
+
+async function alertRulesList(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching alert rules');
+  try {
+    const data = await api.get('/alert-rules');
+    const rules = data.alertRules || [];
+    s.stop(`Found ${rules.length} rule${rules.length !== 1 ? 's' : ''}`);
+
+    if (flags.json) { ui.json(rules); return; }
+
+    console.log('');
+    const rows = rules.map(r => [
+      ui.c.dim(ui.truncate(r._id, 12)),
+      r.name || r.type || '—',
+      ui.statusBadge(r.enabled !== false ? 'enabled' : 'disabled'),
+      r.severity ? ui.statusBadge(r.severity) : '—',
+      r.type || '—',
+      r.serviceName || ui.c.dim('all'),
+    ]);
+    ui.table(['ID', 'Name', 'Status', 'Severity', 'Type', 'App'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch alert rules');
+    throw err;
+  }
+}
+
+// ── Alert Channels ──
+
+async function alertChannelsList(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching alert channels');
+  try {
+    const data = await api.get('/alert-channels');
+    const channels = data.alertChannels || [];
+    s.stop(`Found ${channels.length} channel${channels.length !== 1 ? 's' : ''}`);
+
+    if (flags.json) { ui.json(channels); return; }
+
+    console.log('');
+    const rows = channels.map(ch => [
+      ui.c.dim(ui.truncate(ch._id, 12)),
+      ch.name || '—',
+      ch.type || '—',
+      ui.statusBadge(ch.enabled !== false ? 'enabled' : 'disabled'),
+      ch.target || ch.email || ch.webhookUrl || '—',
+    ]);
+    ui.table(['ID', 'Name', 'Type', 'Status', 'Target'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch alert channels');
+    throw err;
+  }
+}
+
+// ── Alert History ──
+
+async function alertHistoryList(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching alert history');
+  try {
+    const query = { limit: flags.limit || 20 };
+    const data = await api.get('/alert-history', { query });
+    const history = data.alerts || [];
+    s.stop(`Found ${history.length} alert${history.length !== 1 ? 's' : ''}${data.totalItems ? ` (${data.totalItems} total)` : ''}`);
+
+    if (flags.json) { ui.json(data); return; }
+
+    console.log('');
+    const rows = history.map(h => [
+      ui.c.dim(ui.truncate(h._id, 12)),
+      h.ruleName || h.type || '—',
+      h.severity ? ui.statusBadge(h.severity) : '—',
+      ui.truncate(h.message || h.description || '', 40),
+      h.serviceName || '—',
+      ui.timeAgo(h.triggeredAt || h.createdAt),
+    ]);
+    ui.table(['ID', 'Rule', 'Severity', 'Message', 'App', 'Triggered'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch alert history');
+    throw err;
+  }
+}
+
+// ── Blocklist ──
+
+async function blocklistList(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching blocklist');
+  try {
+    const data = await api.get('/blocklist');
+    const items = data.blockedIps || [];
+    s.stop(`Found ${items.length} blocked IP${items.length !== 1 ? 's' : ''}${data.total ? ` (${data.total} total)` : ''}`);
+
+    if (flags.json) { ui.json(data); return; }
+
+    console.log('');
+    const rows = items.map(b => [
+      ui.c.dim(ui.truncate(b._id, 12)),
+      ui.c.red(b.ip || b.cidr || '—'),
+      ui.truncate(b.reason || '', 40),
+      b.source || '—',
+      ui.timeAgo(b.createdAt),
+      b.expiresAt ? new Date(b.expiresAt).toLocaleDateString() : ui.c.dim('permanent'),
+    ]);
+    ui.table(['ID', 'IP/CIDR', 'Reason', 'Source', 'Added', 'Expires'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch blocklist');
+    throw err;
+  }
+}
+
+async function blocklistAdd(args, flags) {
+  requireAuth();
+  let ip = args[0];
+  if (!ip) {
+    ip = await ui.prompt('IP address or CIDR to block');
+    if (!ip) { ui.error('IP is required'); process.exit(1); }
+  }
+
+  const body = { ip };
+  if (flags.reason) body.reason = flags.reason;
+  if (flags.duration) body.duration = flags.duration;
+  if (flags.app) body.serviceName = flags.app;
+
+  const s = ui.spinner(`Blocking ${ip}`);
+  try {
+    await api.post('/blocklist', body);
+    s.stop(`${ip} added to blocklist`);
+  } catch (err) {
+    s.fail('Failed to add to blocklist');
+    throw err;
+  }
+}
+
+async function blocklistRemove(args, flags) {
+  requireAuth();
+  const id = args[0];
+  if (!id) {
+    ui.error('Blocklist entry ID required. Usage: securenow blocklist remove <id>');
+    process.exit(1);
+  }
+
+  if (!flags.force && !flags.yes) {
+    const ok = await ui.confirm('Remove this IP from blocklist?');
+    if (!ok) { ui.info('Cancelled'); return; }
+  }
+
+  const s = ui.spinner('Removing from blocklist');
+  try {
+    await api.delete(`/blocklist/${id}`);
+    s.stop('Removed from blocklist');
+  } catch (err) {
+    s.fail('Failed to remove from blocklist');
+    throw err;
+  }
+}
+
+async function blocklistStats(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching blocklist stats');
+  try {
+    const data = await api.get('/blocklist/stats');
+    const stats = data.stats || data;
+    s.stop('Stats loaded');
+
+    if (flags.json) { ui.json(stats); return; }
+
+    console.log('');
+    ui.heading('Blocklist Statistics');
+    console.log('');
+    ui.keyValue([
+      ['Total Active', String(stats.totalActive ?? '—')],
+      ['Total Removed', String(stats.totalRemoved ?? '—')],
+      ['Manual Blocks', String(stats.manualCount ?? '—')],
+      ['Automation Blocks', String(stats.automationCount ?? '—')],
+      ['Active Rules', String(stats.activeAutomationRules ?? '—')],
+    ]);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch stats');
+    throw err;
+  }
+}
+
+// ── Trusted IPs ──
+
+async function trustedList(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching trusted IPs');
+  try {
+    const data = await api.get('/trusted-ips');
+    const items = data.trustedIps || [];
+    s.stop(`Found ${items.length} trusted IP${items.length !== 1 ? 's' : ''}`);
+
+    if (flags.json) { ui.json(items); return; }
+
+    console.log('');
+    const rows = items.map(t => [
+      ui.c.dim(ui.truncate(t._id, 12)),
+      ui.c.green(t.ip || t.cidr || '—'),
+      t.label || t.description || ui.c.dim('—'),
+      ui.timeAgo(t.createdAt),
+    ]);
+    ui.table(['ID', 'IP/CIDR', 'Label', 'Added'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch trusted IPs');
+    throw err;
+  }
+}
+
+async function trustedAdd(args, flags) {
+  requireAuth();
+  let ip = args[0];
+  if (!ip) {
+    ip = await ui.prompt('IP address or CIDR to trust');
+    if (!ip) { ui.error('IP is required'); process.exit(1); }
+  }
+
+  const body = { ip };
+  if (flags.label) body.label = flags.label;
+  if (flags.description) body.description = flags.description;
+
+  const s = ui.spinner(`Adding ${ip} to trusted IPs`);
+  try {
+    await api.post('/trusted-ips', body);
+    s.stop(`${ip} added to trusted IPs`);
+  } catch (err) {
+    s.fail('Failed to add trusted IP');
+    throw err;
+  }
+}
+
+async function trustedRemove(args, flags) {
+  requireAuth();
+  const id = args[0];
+  if (!id) {
+    ui.error('Trusted IP entry ID required. Usage: securenow trusted remove <id>');
+    process.exit(1);
+  }
+
+  if (!flags.force && !flags.yes) {
+    const ok = await ui.confirm('Remove this IP from trusted list?');
+    if (!ok) { ui.info('Cancelled'); return; }
+  }
+
+  const s = ui.spinner('Removing from trusted IPs');
+  try {
+    await api.delete(`/trusted-ips/${id}`);
+    s.stop('Removed from trusted IPs');
+  } catch (err) {
+    s.fail('Failed to remove trusted IP');
+    throw err;
+  }
+}
+
+// ── Forensics ──
+
+async function forensicsQuery(args, flags) {
+  requireAuth();
+  const query = args.join(' ');
+  if (!query) {
+    ui.error('Query required. Usage: securenow forensics "your natural language query"');
+    process.exit(1);
+  }
+
+  const s = ui.spinner('Submitting forensic query');
+  try {
+    const body = { query };
+    if (flags.instance) body.instanceId = flags.instance;
+
+    const job = await api.post('/forensics/query', body);
+    const jobId = job.jobId;
+
+    if (!jobId) {
+      s.stop('Query complete');
+      if (flags.json) { ui.json(job); return; }
+      if (job.result) {
+        console.log('');
+        if (job.sqlquery) {
+          ui.subheading('Generated SQL');
+          console.log(`\n  ${ui.c.dim(job.sqlquery)}\n`);
+        }
+        const data = job.result;
+        if (Array.isArray(data) && data.length > 0) {
+          const headers = Object.keys(data[0]);
+          const rows = data.map(row => headers.map(h => String(row[h] ?? '')));
+          ui.table(headers, rows);
+        } else {
+          ui.json(data);
+        }
+        console.log('');
+      }
+      return;
+    }
+
+    s.update('Processing query...');
+
+    let result;
+    const maxAttempts = 60;
+    for (let i = 0; i < maxAttempts; i++) {
+      await new Promise(r => setTimeout(r, 2000));
+      result = await api.get(`/forensics/query/status/${jobId}`);
+      if (result.status === 'completed' || result.status === 'failed') break;
+      s.update(`Processing query... (${(i + 1) * 2}s)`);
+    }
+
+    if (result.status === 'failed') {
+      s.fail('Query failed');
+      ui.error(result.error || 'Unknown error');
+      return;
+    }
+
+    if (result.status !== 'completed') {
+      s.fail('Query timed out');
+      ui.warn('Query is still processing. Check back later.');
+      return;
+    }
+
+    s.stop('Query complete');
+
+    if (flags.json) { ui.json(result); return; }
+
+    console.log('');
+    if (result.sqlquery) {
+      ui.subheading('Generated SQL');
+      console.log(`\n  ${ui.c.dim(result.sqlquery)}\n`);
+    }
+
+    if (result.result) {
+      const data = result.result;
+      ui.subheading(`Results (${result.rowCount ?? (Array.isArray(data) ? data.length : '?')} rows)`);
+      console.log('');
+
+      if (Array.isArray(data) && data.length > 0) {
+        const headers = Object.keys(data[0]);
+        const rows = data.map(row => headers.map(h => String(row[h] ?? '')));
+        ui.table(headers, rows);
+      } else {
+        ui.json(data);
+      }
+    }
+    console.log('');
+  } catch (err) {
+    s.fail('Forensic query failed');
+    throw err;
+  }
+}
+
+async function forensicsLibrary(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching query library');
+  try {
+    const data = await api.get('/forensics/query-library');
+    const queries = data.data || [];
+    s.stop(`Found ${queries.length} saved quer${queries.length !== 1 ? 'ies' : 'y'}`);
+
+    if (flags.json) { ui.json(queries); return; }
+
+    console.log('');
+    const rows = queries.map(q => [
+      ui.c.dim(ui.truncate(q._id, 12)),
+      q.name || q.title || '—',
+      ui.truncate(q.description || q.query || '', 50),
+      ui.timeAgo(q.createdAt),
+    ]);
+    ui.table(['ID', 'Name', 'Description', 'Created'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch query library');
+    throw err;
+  }
+}
+
+// ── IP Lookup ──
+
+async function ipLookup(args, flags) {
+  requireAuth();
+  const ip = args[0];
+  if (!ip) {
+    ui.error('IP address required. Usage: securenow ip <ip-address>');
+    process.exit(1);
+  }
+
+  const s = ui.spinner(`Looking up ${ip}`);
+  try {
+    const data = await api.get(`/ip/${ip}`);
+    s.stop('IP intelligence loaded');
+
+    if (flags.json) { ui.json(data); return; }
+
+    console.log('');
+    ui.heading(`IP Intelligence: ${data.ip || ip}`);
+    console.log('');
+
+    const pairs = [];
+    if (data.countryName || data.countryCode) pairs.push(['Country', `${data.countryName || ''} ${data.countryCode ? `(${data.countryCode})` : ''}`.trim()]);
+    if (data.domain) pairs.push(['Domain', data.domain]);
+    if (data.isp) pairs.push(['ISP', data.isp]);
+    if (data.usageType) pairs.push(['Usage Type', data.usageType]);
+    if (data.abuseConfidenceScore != null) pairs.push(['Abuse Score', `${data.abuseConfidenceScore}/100`]);
+    if (data.securenowScore != null) pairs.push(['SecureNow Score', String(data.securenowScore)]);
+    if (data.verdict) pairs.push(['Verdict', data.verdict]);
+    if (data.isMalicious != null) pairs.push(['Malicious', data.isMalicious ? ui.c.red('Yes') : ui.c.green('No')]);
+    if (data.isBot != null) pairs.push(['Bot', data.isBot ? ui.c.yellow('Yes') : 'No']);
+    if (data.activityType) pairs.push(['Activity', data.activityType]);
+    if (data.totalReports != null) pairs.push(['Total Reports', String(data.totalReports)]);
+    if (data.lastReportedAt) pairs.push(['Last Reported', new Date(data.lastReportedAt).toLocaleString()]);
+
+    if (pairs.length) {
+      ui.keyValue(pairs);
+    }
+
+    if (data.riskFactors?.length) {
+      ui.subheading('Risk Factors');
+      console.log('');
+      data.riskFactors.forEach(f => console.log(`  • ${f}`));
+    }
+
+    if (data.attackTypes?.length) {
+      ui.subheading('Attack Types');
+      console.log('');
+      data.attackTypes.forEach(a => console.log(`  • ${a}`));
+    }
+
+    if (data.summary) {
+      ui.subheading('Summary');
+      console.log(`\n  ${data.summary}`);
+    }
+    console.log('');
+  } catch (err) {
+    s.fail('IP lookup failed');
+    throw err;
+  }
+}
+
+async function ipTraces(args, flags) {
+  requireAuth();
+  const ip = args[0];
+  if (!ip) {
+    ui.error('IP address required. Usage: securenow ip traces <ip>');
+    process.exit(1);
+  }
+
+  const s = ui.spinner(`Fetching traces for ${ip}`);
+  try {
+    const data = await api.get(`/ip/${ip}/traces`);
+    const traces = data.traces || [];
+    s.stop(`Found ${traces.length} trace${traces.length !== 1 ? 's' : ''}`);
+
+    if (flags.json) { ui.json(data); return; }
+
+    console.log('');
+    const rows = traces.map(t => [
+      ui.c.dim(ui.truncate(t.traceID || t.traceId, 16)),
+      t.httpMethod || t.method || '—',
+      ui.httpStatusColor(t.statusCode || t.httpStatusCode || t.responseStatusCode || '—'),
+      ui.truncate(t.httpUrl || t.url || '', 40),
+      ui.durationColor(t.durationNano ? t.durationNano / 1e6 : t.duration),
+      ui.timeAgo(t.timestamp),
+    ]);
+    ui.table(['Trace ID', 'Method', 'Status', 'URL', 'Duration', 'Time'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch traces');
+    throw err;
+  }
+}
+
+// ── API Map ──
+
+async function apiMapList(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching API map');
+  try {
+    const data = await api.get('/api-map');
+    const apiMap = data.apiMap;
+    s.stop('API map loaded');
+
+    if (flags.json) { ui.json(data); return; }
+
+    if (!apiMap) {
+      console.log('');
+      ui.info(data.message || 'No API map discovered yet. Run discovery from the dashboard.');
+      console.log('');
+      return;
+    }
+
+    console.log('');
+    if (apiMap.apps && typeof apiMap.apps === 'object') {
+      for (const [appName, appData] of Object.entries(apiMap.apps)) {
+        ui.subheading(appName);
+        console.log('');
+        const endpoints = appData.endpoints || [];
+        if (endpoints.length) {
+          const rows = endpoints.map(e => [
+            e.method || '—',
+            e.path || e.route || '—',
+            e.requestCount != null ? String(e.requestCount) : '—',
+            e.description || ui.c.dim('—'),
+          ]);
+          ui.table(['Method', 'Path', 'Requests', 'Description'], rows);
+        } else {
+          ui.info('No endpoints discovered for this app.');
+        }
+        console.log('');
+      }
+    } else {
+      ui.json(apiMap);
+    }
+  } catch (err) {
+    s.fail('Failed to fetch API map');
+    throw err;
+  }
+}
+
+async function apiMapStats(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching API map stats');
+  try {
+    const data = await api.get('/api-map/stats');
+    const stats = data.stats;
+    s.stop('Stats loaded');
+
+    if (flags.json) { ui.json(stats); return; }
+
+    if (!stats) {
+      console.log('');
+      ui.info('No API map stats available.');
+      console.log('');
+      return;
+    }
+
+    console.log('');
+    ui.heading('API Map Statistics');
+    console.log('');
+    ui.keyValue([
+      ['Total Apps', String(stats.totalApps ?? '—')],
+      ['Total Endpoints', String(stats.totalEndpoints ?? '—')],
+      ['Total Requests', String(stats.totalRequests ?? '—')],
+      ['Discovery Status', stats.discoveryStatus || '—'],
+      ['Last Discovered', stats.lastDiscoveredAt ? new Date(stats.lastDiscoveredAt).toLocaleString() : '—'],
+      ['Version', String(stats.version ?? '—')],
+    ]);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch stats');
+    throw err;
+  }
+}
+
+// ── Instances ──
+
+async function instancesList(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching instances');
+  try {
+    const data = await api.get('/instances');
+    const instances = data.instances || [];
+    s.stop(`Found ${instances.length} instance${instances.length !== 1 ? 's' : ''}`);
+
+    if (flags.json) { ui.json(instances); return; }
+
+    console.log('');
+    const rows = instances.map(inst => [
+      ui.c.dim(ui.truncate(inst._id, 12)),
+      inst.name || inst.host || '—',
+      inst.host || '—',
+      inst.port != null ? String(inst.port) : '—',
+      inst.linkedApps != null ? String(inst.linkedApps) : '—',
+      ui.timeAgo(inst.createdAt),
+    ]);
+    ui.table(['ID', 'Name', 'Host', 'Port', 'Linked Apps', 'Added'], rows);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch instances');
+    throw err;
+  }
+}
+
+async function instancesTest(args, flags) {
+  requireAuth();
+  const id = args[0];
+  if (!id) {
+    ui.error('Instance ID required. Usage: securenow instances test <id>');
+    process.exit(1);
+  }
+
+  const s = ui.spinner('Testing instance connection');
+  try {
+    const result = await api.post(`/instances/${id}/test`);
+    if (result.success) {
+      s.stop(`Connection successful${result.storageGb ? ` (${result.storageGb} GB storage)` : ''}`);
+    } else {
+      s.fail(result.message || 'Connection failed');
+    }
+
+    if (flags.json) ui.json(result);
+  } catch (err) {
+    s.fail('Instance test failed');
+    throw err;
+  }
+}
+
+// ── Analytics ──
+
+async function analytics(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Fetching analytics');
+  try {
+    const query = {};
+    const appKey = resolveApp(flags);
+    if (flags.instance) query.instanceId = flags.instance;
+
+    const endpoints = ['2xx-responses', '3xx-responses', '4xx-responses', '5xx-responses', '500-errors'];
+    const results = await Promise.all(
+      endpoints.map(ep => api.get(`/analytics/${ep}`, { query }).catch(() => null))
+    );
+
+    s.stop('Analytics loaded');
+
+    if (flags.json) {
+      const data = {};
+      endpoints.forEach((ep, i) => { data[ep] = results[i]; });
+      ui.json(data);
+      return;
+    }
+
+    console.log('');
+    ui.heading('Analytics Overview');
+    console.log('');
+
+    const pairs = endpoints.map((ep, i) => {
+      const val = results[i];
+      const count = val?.meta?.count ?? '—';
+      return [ep, String(count)];
+    });
+    ui.keyValue(pairs);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to fetch analytics');
+    throw err;
+  }
+}
+
+module.exports = {
+  alertRulesList,
+  alertChannelsList,
+  alertHistoryList,
+  blocklistList,
+  blocklistAdd,
+  blocklistRemove,
+  blocklistStats,
+  trustedList,
+  trustedAdd,
+  trustedRemove,
+  forensicsQuery,
+  forensicsLibrary,
+  ipLookup,
+  ipTraces,
+  apiMapList,
+  apiMapStats,
+  instancesList,
+  instancesTest,
+  analytics,
+};