/** * Threat Cloud Reporter — turns any ATR integration into a global sensor endpoint. * * Usage: * import { ATREngine, createTCReporter } from 'agent-threat-rules'; * * const engine = new ATREngine({ * reporter: createTCReporter(), // anonymous, no API key needed * }); * * // or with explicit config: * const engine = new ATREngine({ * reporter: createTCReporter({ * tcUrl: 'https://tc.panguard.ai', * apiKey: process.env.TC_API_KEY, * batchSize: 50, * flushIntervalMs: 60_000, * }), * }); * * Privacy: only ruleId, severity, category, confidence, contentHash, and timestamp * are sent. scanTarget is sanitized to a short label (max 64 chars, no path separators). * No raw content, no PII, no file paths. * * @module tc-reporter */ import type { ATRReporter } from './engine.js'; export interface TCReporterConfig { /** Threat Cloud endpoint. Default: https://tc.panguard.ai */ readonly tcUrl?: string; /** Optional API key for authenticated reporting. Default: env TC_API_KEY */ readonly apiKey?: string; /** Flush buffer when it reaches this size. Default: 50 */ readonly batchSize?: number; /** Periodic flush interval in ms. Default: 60000 (60s) */ readonly flushIntervalMs?: number; /** Unique client ID. Default: random UUID per process */ readonly clientId?: string; /** Called on flush errors. Default: no-op (silent). Provide your own logger. */ readonly onError?: (error: Error) => void; } /** * Create an ATRReporter that buffers detection events and POSTs them * to ATR Threat Cloud in batches. Each reporter instance = one sensor endpoint. */ export declare function createTCReporter(config?: TCReporterConfig): ATRReporter & { flush(): Promise; destroy(): Promise; }; //# sourceMappingURL=tc-reporter.d.ts.map