npm - @datacules/agent-identity-anomaly - Versions diffs - 0.2.1 - Mend

@datacules/agent-identity-anomaly 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +61 -0
package/package.json +39 -0

package/README.md ADDED Viewed

@@ -0,0 +1,61 @@
+# `@datacules/agent-identity-anomaly`
+Behavioral baseline and anomaly detection for [`@datacules/agent-identity`](../../core). Wraps your audit pipeline with zero routing config changes — each agent builds a rolling baseline and deviations trigger `credential.anomaly` audit events.
+## Install
+```bash
+npm install @datacules/agent-identity-anomaly
+```
+## Usage
+```typescript
+import { AnomalyDetector } from '@datacules/agent-identity-anomaly';
+const detector = new AnomalyDetector({
+  logger,
+  policy: {
+    lowAction: 'warn',      // emit audit event only
+    mediumAction: 'warn',   // same
+    highAction: 'block',    // return null — credential denied
+    baselineSamples: 20,    // collect 20 resolutions before scoring starts
+    rateSpikeThreshold: 3.0, // flag if current rate > 3x rolling average
+  },
+  onAnomaly: (event) => {
+    alertingService.send(`Anomaly detected: ${event.signal} (${event.severity}) for ${event.userId}`);
+  },
+});
+// Wrap your resolveAsync call
+const resolved = await detector.observe(ctx, () => router.resolveAsync(ctx));
+if (!resolved) {
+  // anomaly detected + policy was 'block' — the model layer should not proceed
+}
+```
+## Detected signals
+| Signal | Severity | Description |
+|--------|----------|-------------|
+| `rate_spike` | high | Call rate 3x the hourly EWMA |
+| `new_credential_type` | medium | Credential kind never seen before |
+| `new_action_type` | medium | Action (`read`/`write`/etc.) never seen before |
+| `new_resource_kind` | medium | Resource kind (`shared`/`personal`) never seen before |
+| `new_provider` | low | AI provider never seen before |
+| `off_hours` | low | Baseline was daytime only; now receiving night calls |
+## Audit event format
+Every anomaly emits a `credential.anomaly` audit entry with additional fields:
+```json
+{
+  "action": "credential.anomaly",
+  "signal": "rate_spike",
+  "severity": "high",
+  "baselineValue": 12.4,
+  "observedValue": 87,
+  "userId": "agent-orders"
+}
+```

package/package.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "name": "@datacules/agent-identity-anomaly",
+  "version": "0.2.1",
+  "private": false,
+  "description": "Anomaly detection and behavioral baseline for @datacules/agent-identity — statistical detection of unusual credential usage patterns",
+  "author": "Datacules LLC",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/hvrcharon1/agent-identity.git",
+    "directory": "packages/integrations/anomaly"
+  },
+  "main": "./dist/cjs/index.js",
+  "module": "./dist/esm/index.js",
+  "types": "./dist/types/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/esm/index.js",
+      "require": "./dist/cjs/index.js",
+      "types": "./dist/types/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "type-check": "tsc --noEmit",
+    "lint": "eslint src --ext .ts"
+  },
+  "devDependencies": {
+    "@types/node": "^20",
+    "typescript": "^5"
+  },
+  "peerDependencies": {
+    "@datacules/agent-identity": "^0.1.0"
+  }
+}