173 lines
5.1 KiB
TypeScript
173 lines
5.1 KiB
TypeScript
/**
|
|
* Threat Learning Service
|
|
*
|
|
* Self-learning threat pattern service using AgentDB for vector search
|
|
* and ReasoningBank-style pattern storage.
|
|
*
|
|
* Features:
|
|
* - HNSW-indexed threat pattern search (150x-12,500x faster)
|
|
* - Pattern learning from successful detections
|
|
* - Effectiveness tracking for adaptive mitigation
|
|
* - Integration with agentic-flow attention mechanisms
|
|
*/
|
|
import type { ThreatType, ThreatSeverity, ThreatDetectionResult } from '../entities/threat.js';
|
|
/**
|
|
* Learned threat pattern stored in vector database
|
|
*/
|
|
export interface LearnedThreatPattern {
|
|
id: string;
|
|
pattern: string;
|
|
type: ThreatType;
|
|
severity: ThreatSeverity;
|
|
embedding?: number[];
|
|
effectiveness: number;
|
|
detectionCount: number;
|
|
falsePositiveCount: number;
|
|
lastUpdated: Date;
|
|
metadata: {
|
|
source: 'builtin' | 'learned' | 'community';
|
|
confidenceDecay: number;
|
|
contextPatterns: string[];
|
|
};
|
|
}
|
|
/**
|
|
* Mitigation strategy with effectiveness tracking
|
|
*/
|
|
export interface MitigationStrategy {
|
|
id: string;
|
|
threatType: ThreatType;
|
|
strategy: 'block' | 'sanitize' | 'warn' | 'log' | 'escalate' | 'transform' | 'redirect';
|
|
effectiveness: number;
|
|
applicationCount: number;
|
|
successCount: number;
|
|
rollbackCount: number;
|
|
recursionDepth: number;
|
|
lastUpdated: Date;
|
|
}
|
|
/**
|
|
* Learning trajectory for ReasoningBank integration
|
|
*/
|
|
export interface LearningTrajectory {
|
|
sessionId: string;
|
|
task: string;
|
|
steps: Array<{
|
|
input: string;
|
|
output: ThreatDetectionResult;
|
|
reward: number;
|
|
timestamp: Date;
|
|
}>;
|
|
verdict: 'success' | 'failure' | 'partial';
|
|
totalReward: number;
|
|
}
|
|
/**
|
|
* AgentDB-compatible vector store interface
|
|
*/
|
|
export interface VectorStore {
|
|
store(params: {
|
|
namespace: string;
|
|
key: string;
|
|
value: unknown;
|
|
embedding?: number[];
|
|
ttl?: number;
|
|
}): Promise<void>;
|
|
search(params: {
|
|
namespace: string;
|
|
query: string | number[];
|
|
k?: number;
|
|
minSimilarity?: number;
|
|
}): Promise<Array<{
|
|
key: string;
|
|
value: unknown;
|
|
similarity: number;
|
|
}>>;
|
|
get(namespace: string, key: string): Promise<unknown | null>;
|
|
delete(namespace: string, key: string): Promise<void>;
|
|
}
|
|
/**
|
|
* Simple in-memory vector store for standalone usage
|
|
* Replace with AgentDB in production
|
|
*/
|
|
export declare class InMemoryVectorStore implements VectorStore {
|
|
private storage;
|
|
store(params: {
|
|
namespace: string;
|
|
key: string;
|
|
value: unknown;
|
|
embedding?: number[];
|
|
}): Promise<void>;
|
|
search(params: {
|
|
namespace: string;
|
|
query: string | number[];
|
|
k?: number;
|
|
}): Promise<Array<{
|
|
key: string;
|
|
value: unknown;
|
|
similarity: number;
|
|
}>>;
|
|
get(namespace: string, key: string): Promise<unknown | null>;
|
|
delete(namespace: string, key: string): Promise<void>;
|
|
}
|
|
/**
|
|
* Threat Learning Service
|
|
*/
|
|
export declare class ThreatLearningService {
|
|
private readonly vectorStore;
|
|
private readonly namespace;
|
|
private readonly mitigationNamespace;
|
|
private trajectories;
|
|
constructor(vectorStore?: VectorStore);
|
|
/**
|
|
* Search for similar threat patterns using HNSW
|
|
* When connected to AgentDB, achieves 150x-12,500x speedup
|
|
*/
|
|
searchSimilarThreats(query: string, options?: {
|
|
k?: number;
|
|
minSimilarity?: number;
|
|
}): Promise<LearnedThreatPattern[]>;
|
|
/**
|
|
* Learn from a detection result
|
|
* Implements ReasoningBank RETRIEVE-JUDGE-DISTILL-CONSOLIDATE pattern
|
|
*/
|
|
learnFromDetection(input: string, result: ThreatDetectionResult, feedback?: {
|
|
wasAccurate: boolean;
|
|
userVerdict?: string;
|
|
}): Promise<void>;
|
|
/**
|
|
* Record mitigation effectiveness
|
|
* Feeds into strange-loop meta-learning
|
|
*/
|
|
recordMitigation(threatType: ThreatType, strategy: MitigationStrategy['strategy'], success: boolean, recursionDepth?: number): Promise<void>;
|
|
/**
|
|
* Get best mitigation strategy for a threat type
|
|
*/
|
|
getBestMitigation(threatType: ThreatType): Promise<MitigationStrategy | null>;
|
|
/**
|
|
* Start a learning trajectory (for ReasoningBank integration)
|
|
*/
|
|
startTrajectory(sessionId: string, task: string): void;
|
|
/**
|
|
* Record a trajectory step
|
|
*/
|
|
recordStep(sessionId: string, input: string, output: ThreatDetectionResult, reward: number): void;
|
|
/**
|
|
* End a trajectory and store for future learning
|
|
*/
|
|
endTrajectory(sessionId: string, verdict: 'success' | 'failure' | 'partial'): Promise<void>;
|
|
/**
|
|
* Get learning statistics
|
|
*/
|
|
getStats(): Promise<{
|
|
learnedPatterns: number;
|
|
mitigationStrategies: number;
|
|
avgEffectiveness: number;
|
|
}>;
|
|
/**
|
|
* Extract context patterns from input for better learning
|
|
*/
|
|
private extractContextPatterns;
|
|
}
|
|
/**
|
|
* Create a ThreatLearningService with optional AgentDB vector store
|
|
*/
|
|
export declare function createThreatLearningService(vectorStore?: VectorStore): ThreatLearningService;
|
|
//# sourceMappingURL=threat-learning-service.d.ts.map
|