@opena2a/oasb 0.1.0

package/src/atomic/intelligence/AT-INT-005.baseline-learning.test.ts

@@ -0,0 +1,121 @@
+// AT-INT-005: Baseline Learning
+// ATLAS: AML.T0015 (Evasion)
+// OWASP: A04 (Excessive Agency)
+//
+// Verifies that the AnomalyDetector learns a statistical baseline from
+// observed events and can distinguish normal frequency patterns from
+// anomalous ones. Also verifies that reset() clears learned baselines
+// so the detector returns to its initial state.
+
+import { describe, it, expect } from 'vitest';
+import { AnomalyDetector } from '@opena2a/arp';
+import type { ARPEvent } from '@opena2a/arp';
+
+/** Create a minimal ARPEvent for the given source. */
+function makeEvent(source: ARPEvent['source']): ARPEvent {
+  return {
+    id: crypto.randomUUID(),
+    timestamp: new Date().toISOString(),
+    source,
+    category: 'normal',
+    severity: 'info',
+    description: 'Baseline test event',
+    data: {},
+    classifiedBy: 'L0-rules',
+  };
+}
+
+describe('AT-INT-005: Baseline Learning', () => {
+  it('should establish a baseline after recording many events', () => {
+    const detector = new AnomalyDetector();
+
+    // Feed 50 observations to build a solid baseline for the 'network' source
+    for (let i = 0; i < 50; i++) {
+      detector.record(makeEvent('network'));
+    }
+
+    const baseline = detector.getBaseline('network');
+    expect(baseline).not.toBeNull();
+    expect(baseline!.count).toBeGreaterThan(0);
+    expect(baseline!.mean).toBeGreaterThan(0);
+  });
+
+  it('should return low anomaly score for events matching the baseline', () => {
+    const detector = new AnomalyDetector();
+
+    // Build baseline with consistent frequency
+    for (let i = 0; i < 50; i++) {
+      detector.record(makeEvent('network'));
+    }
+
+    // Score a new event from the same source -- should be low
+    const score = detector.score(makeEvent('network'));
+    expect(score).toBeLessThan(2.0);
+  });
+
+  it('should track baselines independently per source', () => {
+    const detector = new AnomalyDetector();
+
+    // Build baseline for 'network' only
+    for (let i = 0; i < 50; i++) {
+      detector.record(makeEvent('network'));
+    }
+
+    // 'process' has no baseline
+    expect(detector.getBaseline('process')).toBeNull();
+    expect(detector.getBaseline('network')).not.toBeNull();
+
+    // Score for 'process' should be 0 (no data)
+    const processScore = detector.score(makeEvent('process'));
+    expect(processScore).toBe(0);
+  });
+
+  it('should clear all baselines on reset and return score 0', () => {
+    const detector = new AnomalyDetector();
+
+    // Build baselines for two sources
+    for (let i = 0; i < 50; i++) {
+      detector.record(makeEvent('network'));
+      detector.record(makeEvent('process'));
+    }
+
+    expect(detector.getBaseline('network')).not.toBeNull();
+    expect(detector.getBaseline('process')).not.toBeNull();
+
+    // Reset clears everything
+    detector.reset();
+
+    expect(detector.getBaseline('network')).toBeNull();
+    expect(detector.getBaseline('process')).toBeNull();
+
+    // Scores should return 0 after reset (insufficient data)
+    expect(detector.score(makeEvent('network'))).toBe(0);
+    expect(detector.score(makeEvent('process'))).toBe(0);
+  });
+
+  it('should differentiate between sources with different baselines', () => {
+    const detector = new AnomalyDetector();
+
+    // Build baseline for 'network' with many events
+    for (let i = 0; i < 50; i++) {
+      detector.record(makeEvent('network'));
+    }
+
+    // Build baseline for 'filesystem' with fewer events
+    for (let i = 0; i < 35; i++) {
+      detector.record(makeEvent('filesystem'));
+    }
+
+    const networkBaseline = detector.getBaseline('network');
+    const fsBaseline = detector.getBaseline('filesystem');
+
+    expect(networkBaseline).not.toBeNull();
+    expect(fsBaseline).not.toBeNull();
+
+    // Both sources should have baselines but with different event counts
+    // (the mean tracks events-per-minute, which will be similar since all
+    // events are in the same minute, but the raw time series differs)
+    expect(networkBaseline!.mean).toBeGreaterThan(0);
+    expect(fsBaseline!.mean).toBeGreaterThan(0);
+  });
+});

package/src/atomic/network/AT-NET-001.new-outbound.test.ts

@@ -0,0 +1,103 @@
+// AT-NET-001: New Outbound Connection Detection
+// ATLAS: AML.T0024 (Exfiltration via ML Model)
+// OWASP: A07 (System Prompt Leakage)
+
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { ArpWrapper } from '../../harness/arp-wrapper';
+
+describe('AT-NET-001: New Outbound Connection Detection', () => {
+  let arp: ArpWrapper;
+
+  beforeEach(async () => {
+    arp = new ArpWrapper({
+      monitors: { network: false },
+    });
+    await arp.start();
+  });
+
+  afterEach(async () => {
+    await arp.stop();
+  });
+
+  it('should capture normal outbound connections without flagging them', async () => {
+    await arp.injectEvent({
+      source: 'network-monitor',
+      category: 'connection',
+      severity: 'info',
+      description: 'New outbound connection to localhost:443',
+      data: {
+        remoteAddr: 'localhost',
+        remotePort: 443,
+        protocol: 'tcp',
+        direction: 'outbound',
+      },
+    });
+
+    const events = arp.collector.eventsByCategory('connection');
+    expect(events.length).toBe(1);
+    expect(events[0].severity).toBe('info');
+    expect(events[0].data.remoteAddr).toBe('localhost');
+  });
+
+  it('should capture anomalous outbound connections to unknown hosts', async () => {
+    await arp.injectEvent({
+      source: 'network-monitor',
+      category: 'anomaly',
+      severity: 'warning',
+      description: 'New outbound connection to unknown-host:8080',
+      data: {
+        remoteAddr: 'unknown-host',
+        remotePort: 8080,
+        protocol: 'tcp',
+        direction: 'outbound',
+      },
+    });
+
+    const anomalies = arp.collector.eventsByCategory('anomaly');
+    expect(anomalies.length).toBe(1);
+    expect(anomalies[0].severity).toBe('warning');
+    expect(anomalies[0].data.remoteAddr).toBe('unknown-host');
+    expect(anomalies[0].data.remotePort).toBe(8080);
+  });
+
+  it('should distinguish normal connections from anomalous ones', async () => {
+    await arp.injectEvent({
+      source: 'network-monitor',
+      category: 'connection',
+      severity: 'info',
+      description: 'New outbound connection to localhost:443',
+      data: {
+        remoteAddr: 'localhost',
+        remotePort: 443,
+        protocol: 'tcp',
+        direction: 'outbound',
+      },
+    });
+
+    await arp.injectEvent({
+      source: 'network-monitor',
+      category: 'anomaly',
+      severity: 'warning',
+      description: 'New outbound connection to unknown-host:8080',
+      data: {
+        remoteAddr: 'unknown-host',
+        remotePort: 8080,
+        protocol: 'tcp',
+        direction: 'outbound',
+      },
+    });
+
+    const allEvents = arp.collector.getEvents();
+    expect(allEvents.length).toBe(2);
+
+    const normalEvents = arp.collector.eventsByCategory('connection');
+    expect(normalEvents.length).toBe(1);
+
+    const anomalyEvents = arp.collector.eventsByCategory('anomaly');
+    expect(anomalyEvents.length).toBe(1);
+
+    expect(
+      arp.collector.hasEvent((e) => e.data.remoteAddr === 'unknown-host')
+    ).toBe(true);
+  });
+});

package/src/atomic/network/AT-NET-002.suspicious-host.test.ts

@@ -0,0 +1,82 @@
+// AT-NET-002: Suspicious Host Detection
+// ATLAS: AML.T0057 (Data Leakage)
+// OWASP: A07 (System Prompt Leakage)
+
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { ArpWrapper } from '../../harness/arp-wrapper';
+
+describe('AT-NET-002: Suspicious Host Detection', () => {
+  let arp: ArpWrapper;
+
+  const suspiciousHosts = [
+    { host: 'webhook.site', description: 'webhook exfiltration endpoint' },
+    { host: 'pastebin.com', description: 'public paste service' },
+    { host: 'ngrok.io', description: 'tunnel service' },
+  ];
+
+  beforeEach(async () => {
+    arp = new ArpWrapper({
+      monitors: { network: false },
+    });
+    await arp.start();
+  });
+
+  afterEach(async () => {
+    await arp.stop();
+  });
+
+  it.each(suspiciousHosts)(
+    'should flag connection to $host as critical threat',
+    async ({ host, description }) => {
+      await arp.injectEvent({
+        source: 'network-monitor',
+        category: 'threat',
+        severity: 'critical',
+        description: `Connection to suspicious host: ${description}`,
+        data: {
+          remoteAddr: host,
+          remotePort: 443,
+          protocol: 'tcp',
+          direction: 'outbound',
+        },
+      });
+
+      const threats = arp.collector.eventsByCategory('threat');
+      expect(threats.length).toBeGreaterThanOrEqual(1);
+
+      const hostThreat = threats.find((e) => e.data.remoteAddr === host);
+      expect(hostThreat).toBeDefined();
+      expect(hostThreat!.severity).toBe('critical');
+      expect(hostThreat!.category).toBe('threat');
+    }
+  );
+
+  it('should capture all suspicious host connections', async () => {
+    for (const { host, description } of suspiciousHosts) {
+      await arp.injectEvent({
+        source: 'network-monitor',
+        category: 'threat',
+        severity: 'critical',
+        description: `Connection to suspicious host: ${description}`,
+        data: {
+          remoteAddr: host,
+          remotePort: 443,
+          protocol: 'tcp',
+          direction: 'outbound',
+        },
+      });
+    }
+
+    const threats = arp.collector.eventsByCategory('threat');
+    expect(threats.length).toBe(suspiciousHosts.length);
+
+    const criticalEvents = arp.collector.eventsBySeverity('critical');
+    expect(criticalEvents.length).toBe(suspiciousHosts.length);
+
+    for (const { host } of suspiciousHosts) {
+      expect(
+        arp.collector.hasEvent((e) => e.data.remoteAddr === host)
+      ).toBe(true);
+    }
+  });
+});

package/src/atomic/network/AT-NET-003.connection-burst.test.ts

@@ -0,0 +1,91 @@
+// AT-NET-003: Connection Burst Detection
+// ATLAS: AML.T0029 (Denial of Service)
+// OWASP: A06 (Excessive Consumption)
+
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { ArpWrapper } from '../../harness/arp-wrapper';
+
+describe('AT-NET-003: Connection Burst Detection', () => {
+  let arp: ArpWrapper;
+
+  const BURST_COUNT = 15;
+
+  beforeEach(async () => {
+    arp = new ArpWrapper({
+      monitors: { network: false },
+    });
+    await arp.start();
+  });
+
+  afterEach(async () => {
+    await arp.stop();
+  });
+
+  it('should capture all events from a rapid connection burst', async () => {
+    for (let i = 0; i < BURST_COUNT; i++) {
+      await arp.injectEvent({
+        source: 'network-monitor',
+        category: 'anomaly',
+        severity: 'warning',
+        description: `Rapid connection burst event ${i + 1}/${BURST_COUNT}`,
+        data: {
+          remoteAddr: `target-${i}.example.com`,
+          remotePort: 443,
+          protocol: 'tcp',
+          direction: 'outbound',
+          burstIndex: i,
+        },
+      });
+    }
+
+    const allEvents = arp.collector.getEvents();
+    expect(allEvents.length).toBe(BURST_COUNT);
+  });
+
+  it('should categorize all burst events as anomalies', async () => {
+    for (let i = 0; i < BURST_COUNT; i++) {
+      await arp.injectEvent({
+        source: 'network-monitor',
+        category: 'anomaly',
+        severity: 'warning',
+        description: `Rapid connection burst event ${i + 1}/${BURST_COUNT}`,
+        data: {
+          remoteAddr: `target-${i}.example.com`,
+          remotePort: 443,
+          protocol: 'tcp',
+          direction: 'outbound',
+          burstIndex: i,
+        },
+      });
+    }
+
+    const anomalies = arp.collector.eventsByCategory('anomaly');
+    expect(anomalies.length).toBe(BURST_COUNT);
+
+    const warnings = arp.collector.eventsBySeverity('warning');
+    expect(warnings.length).toBe(BURST_COUNT);
+  });
+
+  it('should preserve event ordering within a burst', async () => {
+    for (let i = 0; i < BURST_COUNT; i++) {
+      await arp.injectEvent({
+        source: 'network-monitor',
+        category: 'anomaly',
+        severity: 'warning',
+        description: `Rapid connection burst event ${i + 1}/${BURST_COUNT}`,
+        data: {
+          remoteAddr: `target-${i}.example.com`,
+          remotePort: 443,
+          protocol: 'tcp',
+          direction: 'outbound',
+          burstIndex: i,
+        },
+      });
+    }
+
+    const events = arp.collector.getEvents();
+    for (let i = 0; i < BURST_COUNT; i++) {
+      expect(events[i].data.burstIndex).toBe(i);
+    }
+  });
+});

package/src/atomic/network/AT-NET-004.allowed-host-bypass.test.ts

@@ -0,0 +1,129 @@
+// AT-NET-004: Allowed Host Bypass (subdomain attack)
+// ATLAS: AML.T0024
+// OWASP: A04 (Excessive Agency)
+
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { ArpWrapper } from '../../harness/arp-wrapper';
+
+describe('AT-NET-004: Allowed Host Bypass (subdomain attack)', () => {
+  let arp: ArpWrapper;
+
+  beforeEach(async () => {
+    arp = new ArpWrapper({
+      monitors: { network: false },
+    });
+    await arp.start();
+  });
+
+  afterEach(async () => {
+    await arp.stop();
+  });
+
+  it('should flag evil-api.example.com as anomaly (not a subdomain of api.example.com)', async () => {
+    // evil-api.example.com ends with "api.example.com" as a string suffix,
+    // but it is NOT a proper subdomain. A naive suffix check would miss this.
+    await arp.injectEvent({
+      source: 'network-monitor',
+      category: 'anomaly',
+      severity: 'warning',
+      description: 'Connection to host mimicking allowed host via suffix match',
+      data: {
+        remoteAddr: 'evil-api.example.com',
+        remotePort: 443,
+        protocol: 'tcp',
+        direction: 'outbound',
+        allowedHost: 'api.example.com',
+        matchResult: 'rejected',
+      },
+    });
+
+    const anomalies = arp.collector.eventsByCategory('anomaly');
+    expect(anomalies.length).toBe(1);
+    expect(anomalies[0].data.remoteAddr).toBe('evil-api.example.com');
+    expect(anomalies[0].data.matchResult).toBe('rejected');
+
+    // Verify it was NOT treated as a normal connection
+    const normalConnections = arp.collector.eventsByCategory('connection');
+    expect(normalConnections.length).toBe(0);
+  });
+
+  it('should allow sub.api.example.com as a proper subdomain of api.example.com', async () => {
+    // sub.api.example.com IS a proper subdomain of api.example.com
+    // (preceded by a dot separator)
+    await arp.injectEvent({
+      source: 'network-monitor',
+      category: 'connection',
+      severity: 'info',
+      description: 'Connection to proper subdomain of allowed host',
+      data: {
+        remoteAddr: 'sub.api.example.com',
+        remotePort: 443,
+        protocol: 'tcp',
+        direction: 'outbound',
+        allowedHost: 'api.example.com',
+        matchResult: 'accepted',
+      },
+    });
+
+    const connections = arp.collector.eventsByCategory('connection');
+    expect(connections.length).toBe(1);
+    expect(connections[0].data.remoteAddr).toBe('sub.api.example.com');
+    expect(connections[0].data.matchResult).toBe('accepted');
+    expect(connections[0].severity).toBe('info');
+  });
+
+  it('should correctly differentiate bypass attempts from legitimate subdomains', async () => {
+    // Inject the bypass attempt
+    await arp.injectEvent({
+      source: 'network-monitor',
+      category: 'anomaly',
+      severity: 'warning',
+      description: 'Suffix-match bypass: evil-api.example.com',
+      data: {
+        remoteAddr: 'evil-api.example.com',
+        remotePort: 443,
+        protocol: 'tcp',
+        direction: 'outbound',
+        allowedHost: 'api.example.com',
+        matchResult: 'rejected',
+      },
+    });
+
+    // Inject the legitimate subdomain
+    await arp.injectEvent({
+      source: 'network-monitor',
+      category: 'connection',
+      severity: 'info',
+      description: 'Proper subdomain: sub.api.example.com',
+      data: {
+        remoteAddr: 'sub.api.example.com',
+        remotePort: 443,
+        protocol: 'tcp',
+        direction: 'outbound',
+        allowedHost: 'api.example.com',
+        matchResult: 'accepted',
+      },
+    });
+
+    const allEvents = arp.collector.getEvents();
+    expect(allEvents.length).toBe(2);
+
+    // The bypass attempt should be an anomaly
+    expect(
+      arp.collector.hasEvent(
+        (e) =>
+          e.data.remoteAddr === 'evil-api.example.com' &&
+          e.category === 'anomaly'
+      )
+    ).toBe(true);
+
+    // The legitimate subdomain should be a normal connection
+    expect(
+      arp.collector.hasEvent(
+        (e) =>
+          e.data.remoteAddr === 'sub.api.example.com' &&
+          e.category === 'connection'
+      )
+    ).toBe(true);
+  });
+});

package/src/atomic/network/AT-NET-005.exfil-destination.test.ts

@@ -0,0 +1,117 @@
+// AT-NET-005: Exfiltration Destination Detection
+// ATLAS: AML.T0057 (Data Leakage)
+// OWASP: A07 (System Prompt Leakage)
+
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { ArpWrapper } from '../../harness/arp-wrapper';
+
+describe('AT-NET-005: Exfiltration Destination Detection', () => {
+  let arp: ArpWrapper;
+
+  const exfilDestinations = [
+    { host: 'transfer.sh', description: 'file transfer service' },
+    { host: 'requestbin.com', description: 'HTTP request capture service' },
+    { host: 'interact.sh', description: 'OOB interaction service' },
+  ];
+
+  beforeEach(async () => {
+    arp = new ArpWrapper({
+      monitors: { network: false },
+    });
+    await arp.start();
+  });
+
+  afterEach(async () => {
+    await arp.stop();
+  });
+
+  it.each(exfilDestinations)(
+    'should flag connection to $host as critical exfiltration threat',
+    async ({ host, description }) => {
+      await arp.injectEvent({
+        source: 'network-monitor',
+        category: 'threat',
+        severity: 'critical',
+        description: `Exfiltration destination detected: ${host} (${description})`,
+        data: {
+          remoteAddr: host,
+          remotePort: 443,
+          protocol: 'tcp',
+          direction: 'outbound',
+          threatType: 'exfiltration',
+        },
+      });
+
+      const threats = arp.collector.eventsByCategory('threat');
+      expect(threats.length).toBeGreaterThanOrEqual(1);
+
+      const exfilThreat = threats.find((e) => e.data.remoteAddr === host);
+      expect(exfilThreat).toBeDefined();
+      expect(exfilThreat!.severity).toBe('critical');
+      expect(exfilThreat!.category).toBe('threat');
+      expect(exfilThreat!.data.threatType).toBe('exfiltration');
+    }
+  );
+
+  it('should capture all exfiltration destinations as critical threats', async () => {
+    for (const { host, description } of exfilDestinations) {
+      await arp.injectEvent({
+        source: 'network-monitor',
+        category: 'threat',
+        severity: 'critical',
+        description: `Exfiltration destination detected: ${host} (${description})`,
+        data: {
+          remoteAddr: host,
+          remotePort: 443,
+          protocol: 'tcp',
+          direction: 'outbound',
+          threatType: 'exfiltration',
+        },
+      });
+    }
+
+    const threats = arp.collector.eventsByCategory('threat');
+    expect(threats.length).toBe(exfilDestinations.length);
+
+    const criticalEvents = arp.collector.eventsBySeverity('critical');
+    expect(criticalEvents.length).toBe(exfilDestinations.length);
+
+    for (const { host } of exfilDestinations) {
+      expect(
+        arp.collector.hasEvent(
+          (e) =>
+            e.data.remoteAddr === host && e.data.threatType === 'exfiltration'
+        )
+      ).toBe(true);
+    }
+  });
+
+  it('should tag all exfiltration events with the correct threat type', async () => {
+    for (const { host, description } of exfilDestinations) {
+      await arp.injectEvent({
+        source: 'network-monitor',
+        category: 'threat',
+        severity: 'critical',
+        description: `Exfiltration destination detected: ${host} (${description})`,
+        data: {
+          remoteAddr: host,
+          remotePort: 443,
+          protocol: 'tcp',
+          direction: 'outbound',
+          threatType: 'exfiltration',
+        },
+      });
+    }
+
+    const allEvents = arp.collector.getEvents();
+    const exfilEvents = allEvents.filter(
+      (e) => e.data.threatType === 'exfiltration'
+    );
+    expect(exfilEvents.length).toBe(exfilDestinations.length);
+
+    for (const event of exfilEvents) {
+      expect(event.severity).toBe('critical');
+      expect(event.category).toBe('threat');
+    }
+  });
+});