/** * Threat Learning Service * * Self-learning threat pattern service using AgentDB for vector search * and ReasoningBank-style pattern storage. * * Features: * - HNSW-indexed threat pattern search (150x-12,500x faster) * - Pattern learning from successful detections * - Effectiveness tracking for adaptive mitigation * - Integration with agentic-flow attention mechanisms */ import type { ThreatType, ThreatSeverity, ThreatDetectionResult } from '../entities/threat.js'; /** * Learned threat pattern stored in vector database */ export interface LearnedThreatPattern { id: string; pattern: string; type: ThreatType; severity: ThreatSeverity; embedding?: number[]; effectiveness: number; detectionCount: number; falsePositiveCount: number; lastUpdated: Date; metadata: { source: 'builtin' | 'learned' | 'community'; confidenceDecay: number; contextPatterns: string[]; }; } /** * Mitigation strategy with effectiveness tracking */ export interface MitigationStrategy { id: string; threatType: ThreatType; strategy: 'block' | 'sanitize' | 'warn' | 'log' | 'escalate' | 'transform' | 'redirect'; effectiveness: number; applicationCount: number; successCount: number; rollbackCount: number; recursionDepth: number; lastUpdated: Date; } /** * Learning trajectory for ReasoningBank integration */ export interface LearningTrajectory { sessionId: string; task: string; steps: Array<{ input: string; output: ThreatDetectionResult; reward: number; timestamp: Date; }>; verdict: 'success' | 'failure' | 'partial'; totalReward: number; } /** * AgentDB-compatible vector store interface */ export interface VectorStore { store(params: { namespace: string; key: string; value: unknown; embedding?: number[]; ttl?: number; }): Promise; search(params: { namespace: string; query: string | number[]; k?: number; minSimilarity?: number; }): Promise>; get(namespace: string, key: string): Promise; delete(namespace: string, key: string): Promise; } /** * Simple in-memory vector store for standalone usage * Replace with AgentDB in production */ export declare class InMemoryVectorStore implements VectorStore { private storage; store(params: { namespace: string; key: string; value: unknown; embedding?: number[]; }): Promise; search(params: { namespace: string; query: string | number[]; k?: number; }): Promise>; get(namespace: string, key: string): Promise; delete(namespace: string, key: string): Promise; } /** * Threat Learning Service */ export declare class ThreatLearningService { private readonly vectorStore; private readonly namespace; private readonly mitigationNamespace; private trajectories; constructor(vectorStore?: VectorStore); /** * Search for similar threat patterns using HNSW * When connected to AgentDB, achieves 150x-12,500x speedup */ searchSimilarThreats(query: string, options?: { k?: number; minSimilarity?: number; }): Promise; /** * Learn from a detection result * Implements ReasoningBank RETRIEVE-JUDGE-DISTILL-CONSOLIDATE pattern */ learnFromDetection(input: string, result: ThreatDetectionResult, feedback?: { wasAccurate: boolean; userVerdict?: string; }): Promise; /** * Record mitigation effectiveness * Feeds into strange-loop meta-learning */ recordMitigation(threatType: ThreatType, strategy: MitigationStrategy['strategy'], success: boolean, recursionDepth?: number): Promise; /** * Get best mitigation strategy for a threat type */ getBestMitigation(threatType: ThreatType): Promise; /** * Start a learning trajectory (for ReasoningBank integration) */ startTrajectory(sessionId: string, task: string): void; /** * Record a trajectory step */ recordStep(sessionId: string, input: string, output: ThreatDetectionResult, reward: number): void; /** * End a trajectory and store for future learning */ endTrajectory(sessionId: string, verdict: 'success' | 'failure' | 'partial'): Promise; /** * Get learning statistics */ getStats(): Promise<{ learnedPatterns: number; mitigationStrategies: number; avgEffectiveness: number; }>; /** * Extract context patterns from input for better learning */ private extractContextPatterns; } /** * Create a ThreatLearningService with optional AgentDB vector store */ export declare function createThreatLearningService(vectorStore?: VectorStore): ThreatLearningService; //# sourceMappingURL=threat-learning-service.d.ts.map