sentinel-ai/ai-classifier.js at main · alam-cloud/sentinel-ai · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
// ai-classifier.js - TARS ONLY (ES Module)
import 'dotenv/config';
import OpenAI from 'openai';

const tars = new OpenAI({
  apiKey: process.env.TETRATE_API_KEY,
  baseURL: process.env.TETRATE_BASE_URL,
  timeout: 15000,
});

export async function classifyEvent(description, source = 'unknown') {
  console.log(`🔍 TARS Classifying: ${source}`);

  try {
    const response = await tars.chat.completions.create({
      model: 'gpt-3.5-turbo',
      messages: [
        {
          role: 'system',
          content: 'Classify security events into: malware, intrusion, anomaly, reconnaissance, policy_violation, or info. Return JSON: {"category": "...", "confidence": 0.0-1.0, "severity": "LOW|MEDIUM|HIGH"}'
        },
        {
          role: 'user',
          content: `Event: ${description}\nSource: ${source}`
        }
      ],
      response_format: { type: 'json_object' },
      max_tokens: 100,
      temperature: 0,
    });

    return JSON.parse(response.choices[0].message.content);

  } catch (error) {
    console.error(`❌ TARS Classification failed: ${error.message}`);
    return {
      category: 'unknown',
      confidence: 0,
      severity: 'MEDIUM',
      error: 'Classification unavailable'
    };
  }
}

// Backwards compatibility
export default { classifyEvent };