45 lines
1.4 KiB
JavaScript
45 lines
1.4 KiB
JavaScript
|
/**
|
|||
|
|
* 共享安全事件日志模块 (M14)
|
|||
|
|
*
|
|||
|
|
* 替代 5 个 hook 中各自实现的 logSecurityEvent 函数。
|
|||
|
|
* 统一日志格式、脱敏策略和文件写入逻辑。
|
|||
|
|
*/
|
|||
|
|
|
|||
|
|
const fs = require('fs');
|
|||
|
|
const path = require('path');
|
|||
|
|
const { safeAppendJsonl } = require('./safe-append.js');
|
|||
|
|
|
|||
|
|
const CLAUDE_ROOT = require('./root.js');
|
|||
|
|
const DEBUG_DIR = path.join(CLAUDE_ROOT, 'debug');
|
|||
|
|
|
|||
|
|
// 脱敏函数(优先使用 sanitize.js)
|
|||
|
|
const _sanitize = (() => {
|
|||
|
|
try { return require('../../scripts/sanitize.js').sanitize; }
|
|||
|
|
catch { return (text) => (text || '').replace(/[A-Za-z0-9+/]{32,}/g, '[REDACTED]'); }
|
|||
|
|
})();
|
|||
|
|
|
|||
|
|
/**
|
|||
|
|
* 写入安全事件日志
|
|||
|
|
* @param {string} decision - 决策类型 (deny/ask/allow/auto-fix/hook-tamper 等)
|
|||
|
|
* @param {string} hook - hook 名称
|
|||
|
|
* @param {string} reason - 原因描述
|
|||
|
|
* @param {string} [detail] - 详细信息(会被脱敏和截断)
|
|||
|
|
*/
|
|||
|
|
function logSecurityEvent(decision, hook, reason, detail) {
|
|||
|
|
try {
|
|||
|
|
if (!fs.existsSync(DEBUG_DIR)) fs.mkdirSync(DEBUG_DIR, { recursive: true });
|
|||
|
|
const dateStr = new Date().toISOString().slice(0, 10);
|
|||
|
|
const logFile = path.join(DEBUG_DIR, `security-${dateStr}.jsonl`);
|
|||
|
|
const entry = {
|
|||
|
|
ts: new Date().toISOString(),
|
|||
|
|
decision,
|
|||
|
|
hook,
|
|||
|
|
reason,
|
|||
|
|
detail: _sanitize((detail || '').slice(0, 200)),
|
|||
|
|
};
|
|||
|
|
safeAppendJsonl(logFile, entry);
|
|||
|
|
} catch {}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
module.exports = { logSecurityEvent, _sanitize };
|