recoder-security
Version:
Enterprise-grade security and compliance layer for CodeCraft CLI
373 lines • 9.68 kB
TypeScript
/**
* Comprehensive Audit Trail System
* Provides complete security event logging, forensic analysis, and compliance reporting
* with tamper-proof logging and real-time monitoring capabilities
*/
import { EventEmitter } from 'events';
export interface AuditEvent {
id: string;
timestamp: number;
eventType: 'authentication' | 'authorization' | 'data_access' | 'data_modification' | 'system_access' | 'security_incident' | 'compliance' | 'admin_action';
category: 'security' | 'privacy' | 'compliance' | 'operations' | 'user_activity';
severity: 'info' | 'warning' | 'error' | 'critical';
source: string;
actor: {
type: 'user' | 'system' | 'api' | 'service';
id: string;
name?: string;
ip?: string;
userAgent?: string;
sessionId?: string;
};
action: string;
resource: {
type: 'file' | 'database' | 'api' | 'system' | 'user_data' | 'configuration';
id: string;
name?: string;
classification?: 'public' | 'internal' | 'confidential' | 'restricted';
};
outcome: 'success' | 'failure' | 'partial' | 'denied';
details: {
description: string;
metadata: Record<string, any>;
requestId?: string;
correlationId?: string;
riskScore?: number;
geolocation?: {
country: string;
region: string;
city: string;
coordinates?: [number, number];
};
};
compliance: {
frameworks: string[];
retention: number;
classification: 'sensitive' | 'normal' | 'public';
};
integrity: {
hash: string;
previousHash?: string;
signature?: string;
};
}
export interface AuditQuery {
startTime?: number;
endTime?: number;
eventTypes?: string[];
categories?: string[];
severities?: string[];
actors?: string[];
resources?: string[];
outcomes?: string[];
sources?: string[];
searchText?: string;
limit?: number;
offset?: number;
orderBy?: 'timestamp' | 'severity' | 'actor' | 'resource';
orderDirection?: 'asc' | 'desc';
}
export interface AuditReport {
id: string;
title: string;
description: string;
timeframe: {
start: number;
end: number;
};
generatedAt: number;
generatedBy: string;
events: AuditEvent[];
summary: {
totalEvents: number;
successfulEvents: number;
failedEvents: number;
criticalEvents: number;
uniqueActors: number;
uniqueResources: number;
securityIncidents: number;
complianceViolations: number;
};
insights: {
topActors: {
actor: string;
count: number;
}[];
topResources: {
resource: string;
count: number;
}[];
failurePatterns: {
pattern: string;
count: number;
}[];
riskIndicators: {
indicator: string;
severity: string;
count: number;
}[];
geographicDistribution: {
location: string;
count: number;
}[];
};
recommendations: string[];
complianceStatus: {
framework: string;
status: 'compliant' | 'non_compliant' | 'partial';
violations: any[];
}[];
}
export interface AuditConfig {
enabled: boolean;
realTimeAlerts: boolean;
storageBackend: 'file' | 'database' | 'elasticsearch' | 'cloudwatch';
retention: {
default: number;
security: number;
compliance: number;
admin: number;
};
encryption: {
enabled: boolean;
algorithm: string;
keyRotationDays: number;
};
integrity: {
enabled: boolean;
hashChain: boolean;
digitalSignature: boolean;
};
alertThresholds: {
criticalEvents: number;
failureRate: number;
suspiciousActivity: number;
};
export: {
formats: ('json' | 'csv' | 'syslog' | 'cef')[];
compression: boolean;
encryption: boolean;
};
}
export interface SecurityAlert {
id: string;
timestamp: number;
type: 'brute_force' | 'privilege_escalation' | 'data_exfiltration' | 'suspicious_access' | 'compliance_violation' | 'system_compromise';
severity: 'low' | 'medium' | 'high' | 'critical';
title: string;
description: string;
events: AuditEvent[];
indicators: {
type: string;
value: string;
confidence: number;
}[];
mitigation: {
automated: boolean;
actions: string[];
status: 'pending' | 'in_progress' | 'completed' | 'failed';
};
assignee?: string;
status: 'open' | 'investigating' | 'mitigated' | 'false_positive' | 'closed';
}
export declare class AuditTrail extends EventEmitter {
private readonly logger;
private readonly config;
private readonly eventBuffer;
private readonly alertQueue;
private lastEventHash;
private encryptionKey?;
private signingKey?;
constructor(config?: Partial<AuditConfig>);
/**
* Log security event to audit trail
*/
logEvent(event: Omit<AuditEvent, 'id' | 'timestamp' | 'integrity'>): Promise<string>;
/**
* Query audit events with filtering and pagination
*/
queryEvents(query: AuditQuery): Promise<{
events: AuditEvent[];
total: number;
hasMore: boolean;
}>;
/**
* Generate comprehensive audit report
*/
generateReport(timeframe: {
start: number;
end: number;
}, title: string, description: string, generatedBy: string): Promise<AuditReport>;
/**
* Export audit data in various formats
*/
exportData(query: AuditQuery, format: 'json' | 'csv' | 'syslog' | 'cef', options?: {
compress?: boolean;
encrypt?: boolean;
filename?: string;
}): Promise<string>;
/**
* Verify audit trail integrity
*/
verifyIntegrity(startTime?: number, endTime?: number): Promise<{
valid: boolean;
issues: {
eventId: string;
issue: string;
}[];
summary: {
total: number;
valid: number;
invalid: number;
};
}>;
/**
* Create security alert
*/
createAlert(type: SecurityAlert['type'], severity: SecurityAlert['severity'], title: string, description: string, events: AuditEvent[], indicators?: SecurityAlert['indicators']): Promise<string>;
/**
* Get audit statistics
*/
getStatistics(timeframe?: {
start: number;
end: number;
}): {
totalEvents: number;
eventsToday: number;
criticalEvents: number;
failureRate: number;
activeAlerts: number;
topActors: string[];
topActions: string[];
complianceScore: number;
};
/**
* Initialize security keys for encryption and signing
*/
private initializeSecurityKeys;
/**
* Setup event processing pipeline
*/
private setupEventProcessing;
/**
* Start periodic maintenance tasks
*/
private startPeriodicTasks;
/**
* Flush event buffer to storage
*/
private flushEventBuffer;
/**
* Persist events to storage backend
*/
private persistEvents;
/**
* Persist events to file system
*/
private persistToFile;
/**
* Persist events to database
*/
private persistToDatabase;
/**
* Persist events to Elasticsearch
*/
private persistToElasticsearch;
/**
* Persist events to CloudWatch
*/
private persistToCloudWatch;
/**
* Search events based on query
*/
private searchEvents;
/**
* Check if event matches query filters
*/
private matchesQuery;
/**
* Calculate event hash for integrity
*/
private calculateEventHash;
/**
* Sign event with digital signature
*/
private signEvent;
/**
* Verify event digital signature
*/
private verifyEventSignature;
/**
* Analyze event for potential threats
*/
private analyzeEventForThreats;
/**
* Process security alert
*/
private processSecurityAlert;
/**
* Calculate event summary statistics
*/
private calculateEventSummary;
/**
* Generate insights from events
*/
private generateEventInsights;
/**
* Generate recommendations based on analysis
*/
private generateRecommendations;
/**
* Assess compliance status
*/
private assessComplianceStatus;
/**
* Save audit report
*/
private saveReport;
/**
* Convert events to CSV format
*/
private convertToCSV;
/**
* Convert events to Syslog format
*/
private convertToSyslog;
/**
* Convert events to CEF format
*/
private convertToCEF;
/**
* Get Syslog priority from severity
*/
private getSyslogPriority;
/**
* Get CEF severity from severity
*/
private getCEFSeverity;
/**
* Compress data using gzip
*/
private compressData;
/**
* Encrypt data
*/
private encryptData;
/**
* Decrypt data
*/
private decryptData;
/**
* Cleanup old events based on retention policies
*/
private cleanupOldEvents;
/**
* Rotate encryption keys
*/
private rotateEncryptionKeys;
/**
* Generate unique event ID
*/
private generateEventId;
}
//# sourceMappingURL=audit-trail.d.ts.map