feat: add ai investigation assistant for incident analysis

jest.backend.config.js

@@ -3,7 +3,7 @@ module.exports = {
   preset: 'ts-jest',
   testEnvironment: 'node',
   rootDir: '.',
-  testMatch: ['<rootDir>/apps/backend/**/*.spec.ts'],
+  testMatch: ['<rootDir>/apps/backend/**/*.spec.ts', '<rootDir>/src/**/*.spec.ts'],
   transform: {
     '^.+\\.ts$': ['ts-jest', {
       tsconfig: {
@@ -22,5 +22,5 @@ module.exports = {
     '^@common/(.*)$': '<rootDir>/apps/backend/src/common/$1',
     '^@modules/(.*)$': '<rootDir>/apps/backend/src/modules/$1',
   },
-  collectCoverageFrom: ['apps/backend/src/**/*.ts', '!**/*.module.ts'],
+  collectCoverageFrom: ['apps/backend/src/**/*.ts', 'src/**/*.ts', '!**/*.module.ts'],
 };

src/modules/ai/investigations/index.ts

@@ -0,0 +1,13 @@
+/**
+ * AI Investigation Assistant Module
+ *
+ * Provides AI-powered assistance for security incident investigations:
+ * - Incident context generation
+ * - Related event suggestions
+ * - Timeline analysis
+ * - Investigation step recommendations
+ */
+
+export * from './interfaces/investigation.interface';
+export * from './investigation.service';
+export * from './investigation.module';

src/modules/ai/investigations/interfaces/investigation.interface.ts

@@ -0,0 +1,71 @@
+/**
+ * Represents a security incident for investigation analysis.
+ */
+export interface Incident {
+  /** Unique identifier for the incident. */
+  id: string;
+  /** Human-readable title of the incident. */
+  title: string;
+  /** Detailed description of the incident. */
+  description: string;
+  /** Severity level of the incident. */
+  severity: 'low' | 'medium' | 'high' | 'critical';
+  /** ISO-8601 timestamp when the incident was detected. */
+  timestamp: string;
+  /** Source system or chain (e.g., "stellar", "ethereum"). */
+  source: string;
+  /** Raw event data associated with the incident. */
+  data?: Record<string, unknown>;
+}
+
+/**
+ * Related event suggestion for investigation context.
+ */
+export interface RelatedEvent {
+  /** Event identifier or reference. */
+  id: string;
+  /** Brief description of the related event. */
+  description: string;
+  /** Correlation score (0-1) indicating relevance. */
+  correlationScore: number;
+  /** ISO-8601 timestamp of the event. */
+  timestamp: string;
+  /** Event type or category. */
+  eventType: string;
+}
+
+/**
+ * Timeline entry for chronological incident analysis.
+ */
+export interface TimelineEntry {
+  /** ISO-8601 timestamp of the event. */
+  timestamp: string;
+  /** Event description or summary. */
+  description: string;
+  /** Event type or action performed. */
+  action: string;
+  /** Actor or source that triggered the event. */
+  actor?: string;
+  /** Additional metadata or context. */
+  metadata?: Record<string, unknown>;
+}
+
+/**
+ * Complete investigation context generated by the AI assistant.
+ */
+export interface InvestigationContext {
+  /** Incident being investigated. */
+  incident: Incident;
+  /** AI-generated contextual summary. */
+  contextSummary: string;
+  /** List of related events for investigation. */
+  relatedEvents: RelatedEvent[];
+  /** Chronological timeline of relevant activities. */
+  timeline: TimelineEntry[];
+  /** Key indicators of compromise identified. */
+  indicators: string[];
+  /** Suggested investigation steps. */
+  investigationSteps: string[];
+  /** Confidence score (0-1) of the analysis. */
+  confidence: number;
+}

src/modules/ai/investigations/investigation.module.ts

@@ -0,0 +1,15 @@
+import { InvestigationService } from './investigation.service';
+
+/**
+ * Module for AI-powered investigation assistance.
+ * Provides incident context generation, related event suggestions, and timeline analysis.
+ */
+export class InvestigationModule {
+  /**
+   * Create and configure the investigation service.
+   * Returns a ready-to-use InvestigationService instance.
+   */
+  static create(): InvestigationService {
+    return new InvestigationService();
+  }
+}