palaryn 0.1.0

package/dist/tests/unit/anomaly-detector.test.js

@@ -0,0 +1,903 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const anomaly_1 = require("../../src/anomaly");
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/** Build a minimal valid ToolCall with configurable fields. */
+function buildToolCall(overrides = {}) {
+    return {
+        tool_call_id: `tc-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+        task_id: 'task-001',
+        workspace_id: overrides.workspaceId ?? 'ws-default',
+        actor: {
+            type: 'agent',
+            id: overrides.actorId ?? 'agent-1',
+        },
+        source: {
+            platform: 'test',
+        },
+        tool: {
+            name: overrides.toolName ?? 'http.request',
+            capability: overrides.capability ?? 'read',
+        },
+        args: {
+            method: 'GET',
+            url: 'https://api.example.com/data',
+        },
+        timestamp: new Date().toISOString(),
+    };
+}
+/** Build a default AnomalyConfig with optional overrides. */
+function defaultConfig(overrides) {
+    return {
+        enabled: true,
+        window_ms: 3600000,
+        z_score_threshold: 3,
+        min_samples: 10,
+        action: 'flag',
+        track_actors: true,
+        track_tools: true,
+        track_workspaces: true,
+        ...overrides,
+    };
+}
+// ===========================================================================
+// Tests
+// ===========================================================================
+describe('AnomalyDetector', () => {
+    // -----------------------------------------------------------------------
+    // Disabled
+    // -----------------------------------------------------------------------
+    describe('when anomaly detection is disabled', () => {
+        it('should return no alerts from analyze()', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ enabled: false }));
+            const tc = buildToolCall();
+            const alerts = detector.analyze(tc);
+            expect(alerts).toEqual([]);
+        });
+        it('should return no alerts from analyzeResult()', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ enabled: false }));
+            const tc = buildToolCall();
+            const alerts = detector.analyzeResult(tc, 100, false);
+            expect(alerts).toEqual([]);
+        });
+        it('should not record results when disabled', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ enabled: false }));
+            const tc = buildToolCall();
+            // Should not throw
+            detector.recordResult(tc, 100, false);
+            detector.recordResult(tc, 200, true);
+            // No baselines should exist
+            expect(detector.getBaseline('tool', 'http.request', 'latency')).toBeNull();
+        });
+        it('should return no alerts even with many calls', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ enabled: false }));
+            for (let i = 0; i < 50; i++) {
+                const alerts = detector.analyze(buildToolCall());
+                expect(alerts).toEqual([]);
+            }
+        });
+    });
+    // -----------------------------------------------------------------------
+    // New tool usage detection
+    // -----------------------------------------------------------------------
+    describe('new tool usage detection', () => {
+        it('should not alert on the first tool an actor uses', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ actorId: 'actor-new', toolName: 'http.get' });
+            const alerts = detector.analyze(tc);
+            const newToolAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage');
+            expect(newToolAlerts).toHaveLength(0);
+        });
+        it('should alert when an actor uses a new tool after their first', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // First tool -- no alert
+            detector.analyze(buildToolCall({ actorId: 'actor-a', toolName: 'http.get' }));
+            // Second tool -- should alert
+            const alerts = detector.analyze(buildToolCall({ actorId: 'actor-a', toolName: 'slack.post' }));
+            const newToolAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage');
+            expect(newToolAlerts).toHaveLength(1);
+            expect(newToolAlerts[0].entity_type).toBe('actor');
+            expect(newToolAlerts[0].entity_id).toBe('actor-a');
+            expect(newToolAlerts[0].metric).toBe('new_tool');
+            expect(newToolAlerts[0].severity).toBe('low');
+        });
+        it('should not alert on repeated use of the same tool', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Use tool twice
+            detector.analyze(buildToolCall({ actorId: 'actor-b', toolName: 'http.get' }));
+            detector.analyze(buildToolCall({ actorId: 'actor-b', toolName: 'slack.post' })); // triggers new tool alert
+            // Use the same tool again -- should not trigger new_tool_usage
+            const alerts = detector.analyze(buildToolCall({ actorId: 'actor-b', toolName: 'slack.post' }));
+            const newToolAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage');
+            expect(newToolAlerts).toHaveLength(0);
+        });
+        it('should track different actors independently', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Actor A uses two tools
+            detector.analyze(buildToolCall({ actorId: 'actor-x', toolName: 'http.get' }));
+            detector.analyze(buildToolCall({ actorId: 'actor-x', toolName: 'slack.post' }));
+            // Actor B using http.get should not alert (it's their first tool)
+            const alerts = detector.analyze(buildToolCall({ actorId: 'actor-y', toolName: 'http.get' }));
+            const newToolAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage');
+            expect(newToolAlerts).toHaveLength(0);
+        });
+        it('should not track new tools when track_actors is false', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ track_actors: false }));
+            detector.analyze(buildToolCall({ actorId: 'actor-c', toolName: 'http.get' }));
+            const alerts = detector.analyze(buildToolCall({ actorId: 'actor-c', toolName: 'slack.post' }));
+            const newToolAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage');
+            expect(newToolAlerts).toHaveLength(0);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Capability escalation detection
+    // -----------------------------------------------------------------------
+    describe('capability escalation detection', () => {
+        it('should not alert on the first capability an actor uses', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ actorId: 'cap-actor', capability: 'read' });
+            const alerts = detector.analyze(tc);
+            const capAlerts = alerts.filter(a => a.anomaly_type === 'capability_escalation');
+            expect(capAlerts).toHaveLength(0);
+        });
+        it('should alert when actor escalates from read to write', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Start with read
+            detector.analyze(buildToolCall({ actorId: 'cap-1', capability: 'read' }));
+            // Escalate to write
+            const alerts = detector.analyze(buildToolCall({ actorId: 'cap-1', capability: 'write' }));
+            const capAlerts = alerts.filter(a => a.anomaly_type === 'capability_escalation');
+            expect(capAlerts).toHaveLength(1);
+            expect(capAlerts[0].entity_type).toBe('actor');
+            expect(capAlerts[0].entity_id).toBe('cap-1');
+            expect(capAlerts[0].severity).toBe('low');
+        });
+        it('should alert with medium severity when escalating to delete', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            detector.analyze(buildToolCall({ actorId: 'cap-2', capability: 'read' }));
+            const alerts = detector.analyze(buildToolCall({ actorId: 'cap-2', capability: 'delete' }));
+            const capAlerts = alerts.filter(a => a.anomaly_type === 'capability_escalation');
+            expect(capAlerts).toHaveLength(1);
+            expect(capAlerts[0].severity).toBe('medium');
+        });
+        it('should alert with high severity when escalating to admin', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            detector.analyze(buildToolCall({ actorId: 'cap-3', capability: 'read' }));
+            const alerts = detector.analyze(buildToolCall({ actorId: 'cap-3', capability: 'admin' }));
+            const capAlerts = alerts.filter(a => a.anomaly_type === 'capability_escalation');
+            expect(capAlerts).toHaveLength(1);
+            expect(capAlerts[0].severity).toBe('high');
+        });
+        it('should not alert when actor already used this capability before', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            detector.analyze(buildToolCall({ actorId: 'cap-4', capability: 'read' }));
+            detector.analyze(buildToolCall({ actorId: 'cap-4', capability: 'write' })); // alerts once
+            // Using write again -- should not alert
+            const alerts = detector.analyze(buildToolCall({ actorId: 'cap-4', capability: 'write' }));
+            const capAlerts = alerts.filter(a => a.anomaly_type === 'capability_escalation');
+            expect(capAlerts).toHaveLength(0);
+        });
+        it('should not alert when going from write down to read (not an escalation)', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            detector.analyze(buildToolCall({ actorId: 'cap-5', capability: 'write' }));
+            // Going to read is a de-escalation, not escalation
+            const alerts = detector.analyze(buildToolCall({ actorId: 'cap-5', capability: 'read' }));
+            const capAlerts = alerts.filter(a => a.anomaly_type === 'capability_escalation');
+            expect(capAlerts).toHaveLength(0);
+        });
+        it('should not track capability escalation when track_actors is false', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ track_actors: false }));
+            detector.analyze(buildToolCall({ actorId: 'cap-6', capability: 'read' }));
+            const alerts = detector.analyze(buildToolCall({ actorId: 'cap-6', capability: 'admin' }));
+            const capAlerts = alerts.filter(a => a.anomaly_type === 'capability_escalation');
+            expect(capAlerts).toHaveLength(0);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Off-hours activity detection
+    // -----------------------------------------------------------------------
+    describe('off-hours activity detection', () => {
+        beforeEach(() => {
+            jest.useFakeTimers();
+        });
+        afterEach(() => {
+            jest.useRealTimers();
+        });
+        it('should not alert during normal business hours (weekday)', () => {
+            // Set time to Wednesday 2pm UTC
+            const wednesday2pm = new Date('2025-01-15T14:00:00Z'); // Wednesday
+            jest.setSystemTime(wednesday2pm);
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const alerts = detector.analyze(buildToolCall({ actorId: 'office-worker' }));
+            const offHoursAlerts = alerts.filter(a => a.anomaly_type === 'off_hours_activity');
+            expect(offHoursAlerts).toHaveLength(0);
+        });
+        it('should alert for activity at 3am UTC', () => {
+            // Set time to Wednesday 3am UTC
+            const wednesday3am = new Date('2025-01-15T03:00:00Z');
+            jest.setSystemTime(wednesday3am);
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const alerts = detector.analyze(buildToolCall({ actorId: 'night-owl' }));
+            const offHoursAlerts = alerts.filter(a => a.anomaly_type === 'off_hours_activity');
+            expect(offHoursAlerts).toHaveLength(1);
+            expect(offHoursAlerts[0].entity_id).toBe('night-owl');
+            expect(offHoursAlerts[0].metric).toBe('hour_utc');
+        });
+        it('should alert for activity at 11pm UTC (hour 23)', () => {
+            const wednesday11pm = new Date('2025-01-15T23:00:00Z');
+            jest.setSystemTime(wednesday11pm);
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const alerts = detector.analyze(buildToolCall({ actorId: 'late-worker' }));
+            const offHoursAlerts = alerts.filter(a => a.anomaly_type === 'off_hours_activity');
+            expect(offHoursAlerts).toHaveLength(1);
+        });
+        it('should alert for weekend activity', () => {
+            // Set time to Saturday 10am UTC
+            const saturday10am = new Date('2025-01-18T10:00:00Z'); // Saturday
+            jest.setSystemTime(saturday10am);
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const alerts = detector.analyze(buildToolCall({ actorId: 'weekend-worker' }));
+            const offHoursAlerts = alerts.filter(a => a.anomaly_type === 'off_hours_activity');
+            expect(offHoursAlerts).toHaveLength(1);
+            expect(offHoursAlerts[0].severity).toBe('low');
+        });
+        it('should have medium severity for weekend + off-hours combined', () => {
+            // Set time to Saturday 3am UTC
+            const saturday3am = new Date('2025-01-18T03:00:00Z'); // Saturday
+            jest.setSystemTime(saturday3am);
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const alerts = detector.analyze(buildToolCall({ actorId: 'deep-night-weekend' }));
+            const offHoursAlerts = alerts.filter(a => a.anomaly_type === 'off_hours_activity');
+            expect(offHoursAlerts).toHaveLength(1);
+            expect(offHoursAlerts[0].severity).toBe('medium');
+        });
+        it('should throttle off-hours alerts to once per entity per hour', () => {
+            const wednesday3am = new Date('2025-01-15T03:00:00Z');
+            jest.setSystemTime(wednesday3am);
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // First call should alert
+            const alerts1 = detector.analyze(buildToolCall({ actorId: 'throttle-test' }));
+            const offHours1 = alerts1.filter(a => a.anomaly_type === 'off_hours_activity');
+            expect(offHours1).toHaveLength(1);
+            // Second call within same hour should NOT alert
+            const alerts2 = detector.analyze(buildToolCall({ actorId: 'throttle-test' }));
+            const offHours2 = alerts2.filter(a => a.anomaly_type === 'off_hours_activity');
+            expect(offHours2).toHaveLength(0);
+        });
+        it('should alert again in the next hour', () => {
+            const wednesday3am = new Date('2025-01-15T03:00:00Z');
+            jest.setSystemTime(wednesday3am);
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // First alert at 3am
+            const alerts1 = detector.analyze(buildToolCall({ actorId: 'next-hour' }));
+            expect(alerts1.filter(a => a.anomaly_type === 'off_hours_activity')).toHaveLength(1);
+            // Advance to 4am (still off-hours)
+            jest.setSystemTime(new Date('2025-01-15T04:00:00Z'));
+            // Should alert again since it's a new hour
+            const alerts2 = detector.analyze(buildToolCall({ actorId: 'next-hour' }));
+            expect(alerts2.filter(a => a.anomaly_type === 'off_hours_activity')).toHaveLength(1);
+        });
+        it('should not alert at 6am UTC (boundary - start of business)', () => {
+            const wednesday6am = new Date('2025-01-15T06:00:00Z');
+            jest.setSystemTime(wednesday6am);
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const alerts = detector.analyze(buildToolCall({ actorId: 'boundary-test' }));
+            const offHoursAlerts = alerts.filter(a => a.anomaly_type === 'off_hours_activity');
+            expect(offHoursAlerts).toHaveLength(0);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Latency spike detection
+    // -----------------------------------------------------------------------
+    describe('latency spike detection', () => {
+        it('should not alert when there are fewer than min_samples', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 10 }));
+            const tc = buildToolCall({ toolName: 'http.fast' });
+            // Record 5 normal latencies
+            for (let i = 0; i < 5; i++) {
+                detector.recordResult(tc, 100, false);
+            }
+            // Even a very high latency should not alert (not enough samples)
+            const alerts = detector.analyzeResult(tc, 10000, false);
+            expect(alerts.filter(a => a.anomaly_type === 'latency_spike')).toHaveLength(0);
+        });
+        it('should not alert for normal latency within baseline', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 10 }));
+            const tc = buildToolCall({ toolName: 'http.normal' });
+            // Build baseline with significant variance (50-150ms range)
+            const values = [50, 60, 70, 80, 90, 100, 110, 120, 130, 140, 150, 100, 90, 110, 105];
+            for (const v of values) {
+                detector.recordResult(tc, v, false);
+            }
+            // A value within the normal range should not alert
+            const alerts = detector.analyzeResult(tc, 115, false);
+            expect(alerts.filter(a => a.anomaly_type === 'latency_spike')).toHaveLength(0);
+        });
+        it('should alert for a significant latency spike', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 10, z_score_threshold: 3 }));
+            const tc = buildToolCall({ toolName: 'http.spike' });
+            // Build baseline of ~100ms latency with low variance
+            for (let i = 0; i < 20; i++) {
+                detector.recordResult(tc, 100, false); // constant 100ms
+            }
+            // Add a tiny bit of variance so stddev > 0
+            detector.recordResult(tc, 101, false);
+            detector.recordResult(tc, 99, false);
+            // Now a 10x spike
+            const alerts = detector.analyzeResult(tc, 1000, false);
+            const latencyAlerts = alerts.filter(a => a.anomaly_type === 'latency_spike');
+            expect(latencyAlerts).toHaveLength(1);
+            expect(latencyAlerts[0].entity_type).toBe('tool');
+            expect(latencyAlerts[0].entity_id).toBe('http.spike');
+            expect(latencyAlerts[0].metric).toBe('latency_ms');
+            expect(latencyAlerts[0].current_value).toBe(1000);
+            expect(latencyAlerts[0].z_score).toBeGreaterThan(3);
+        });
+        it('should classify latency spike severity based on z-score', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 5, z_score_threshold: 2 }));
+            const tc = buildToolCall({ toolName: 'http.severity' });
+            // Build tight baseline
+            for (let i = 0; i < 10; i++) {
+                detector.recordResult(tc, 100, false);
+            }
+            detector.recordResult(tc, 101, false);
+            detector.recordResult(tc, 99, false);
+            // Extreme spike
+            const alerts = detector.analyzeResult(tc, 5000, false);
+            const latencyAlerts = alerts.filter(a => a.anomaly_type === 'latency_spike');
+            if (latencyAlerts.length > 0) {
+                // z-score for 5000 with mean ~100 should be very high
+                expect(latencyAlerts[0].z_score).toBeGreaterThan(6);
+                expect(latencyAlerts[0].severity).toBe('high');
+            }
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Error rate spike detection
+    // -----------------------------------------------------------------------
+    describe('error rate spike detection', () => {
+        it('should not alert for errors when there are fewer than min_samples', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 10 }));
+            const tc = buildToolCall({ actorId: 'err-actor-1' });
+            // Record 5 successful calls
+            for (let i = 0; i < 5; i++) {
+                detector.recordResult(tc, 100, false);
+            }
+            // An error should not trigger an alert (not enough samples)
+            const alerts = detector.analyzeResult(tc, 100, true);
+            expect(alerts.filter(a => a.anomaly_type === 'error_rate_spike')).toHaveLength(0);
+        });
+        it('should alert when error rate spikes from a low baseline', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 10 }));
+            const tc = buildToolCall({ actorId: 'err-actor-2' });
+            // Build baseline with all successes (error_rate near 0)
+            for (let i = 0; i < 20; i++) {
+                detector.recordResult(tc, 100, false);
+            }
+            // Record the error and analyze
+            detector.recordResult(tc, 100, true);
+            const alerts = detector.analyzeResult(tc, 100, true);
+            const errorAlerts = alerts.filter(a => a.anomaly_type === 'error_rate_spike');
+            expect(errorAlerts).toHaveLength(1);
+            expect(errorAlerts[0].entity_type).toBe('actor');
+            expect(errorAlerts[0].entity_id).toBe('err-actor-2');
+            expect(errorAlerts[0].metric).toBe('error_rate');
+        });
+        it('should not alert for errors when error rate was already high', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 10 }));
+            const tc = buildToolCall({ actorId: 'err-actor-3' });
+            // Build baseline with high error rate (50% errors)
+            for (let i = 0; i < 20; i++) {
+                detector.recordResult(tc, 100, i % 2 === 0); // alternating
+            }
+            // Another error should not spike (error rate already ~0.5)
+            const alerts = detector.analyzeResult(tc, 100, true);
+            const errorAlerts = alerts.filter(a => a.anomaly_type === 'error_rate_spike');
+            expect(errorAlerts).toHaveLength(0);
+        });
+        it('should not alert for successful requests', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 10 }));
+            const tc = buildToolCall({ actorId: 'err-actor-4' });
+            // Build baseline
+            for (let i = 0; i < 15; i++) {
+                detector.recordResult(tc, 100, false);
+            }
+            // Analyze a success -- should not trigger error alert
+            const alerts = detector.analyzeResult(tc, 100, false);
+            const errorAlerts = alerts.filter(a => a.anomaly_type === 'error_rate_spike');
+            expect(errorAlerts).toHaveLength(0);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Request rate spike detection
+    // -----------------------------------------------------------------------
+    describe('request rate spike detection', () => {
+        it('should not alert with fewer than min_samples requests', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 10 }));
+            // Send a few requests
+            for (let i = 0; i < 5; i++) {
+                const alerts = detector.analyze(buildToolCall({ actorId: 'rate-1' }));
+                const rateAlerts = alerts.filter(a => a.anomaly_type === 'request_rate_spike');
+                expect(rateAlerts).toHaveLength(0);
+            }
+        });
+        it('should build baselines without alerting during normal traffic', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 5 }));
+            // Send steady traffic -- should not alert during baseline building
+            let rateAlertCount = 0;
+            for (let i = 0; i < 20; i++) {
+                const alerts = detector.analyze(buildToolCall({ actorId: 'rate-2' }));
+                rateAlertCount += alerts.filter(a => a.anomaly_type === 'request_rate_spike').length;
+            }
+            // Some alerts might fire during the initial window as baselines form,
+            // but after steady traffic the system should stabilize
+            // We just verify the detector runs without error
+            expect(typeof rateAlertCount).toBe('number');
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Config options
+    // -----------------------------------------------------------------------
+    describe('configuration options', () => {
+        it('should use custom z_score_threshold', () => {
+            // With a very high threshold, latency spikes should not alert
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 5, z_score_threshold: 100 }));
+            const tc = buildToolCall({ toolName: 'http.threshold' });
+            // Build baseline with significant variance so z-scores stay manageable
+            const values = [50, 60, 70, 80, 90, 100, 110, 120, 130, 140, 150, 100, 90, 110, 105];
+            for (const v of values) {
+                detector.recordResult(tc, v, false);
+            }
+            // A spike that would normally alert with z_score_threshold=3
+            // but shouldn't alert with z_score_threshold=100
+            const alerts = detector.analyzeResult(tc, 500, false);
+            const latencyAlerts = alerts.filter(a => a.anomaly_type === 'latency_spike');
+            expect(latencyAlerts).toHaveLength(0);
+        });
+        it('should use custom min_samples', () => {
+            // With min_samples = 3, we should start detecting earlier
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 3, z_score_threshold: 2 }));
+            const tc = buildToolCall({ toolName: 'http.min' });
+            // Build baseline with just 3 samples
+            detector.recordResult(tc, 100, false);
+            detector.recordResult(tc, 101, false);
+            detector.recordResult(tc, 99, false);
+            // Should have enough samples now
+            const baseline = detector.getBaseline('tool', 'http.min', 'latency');
+            expect(baseline).not.toBeNull();
+            expect(baseline.count).toBe(3);
+        });
+        it('should respect track_actors: false', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ track_actors: false }));
+            // New tool usage and capability escalation should not be tracked
+            detector.analyze(buildToolCall({ actorId: 'no-track', toolName: 'http.get', capability: 'read' }));
+            const alerts = detector.analyze(buildToolCall({ actorId: 'no-track', toolName: 'slack.post', capability: 'admin' }));
+            const actorAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage' || a.anomaly_type === 'capability_escalation');
+            expect(actorAlerts).toHaveLength(0);
+        });
+        it('should respect track_tools: false', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ track_tools: false }));
+            for (let i = 0; i < 15; i++) {
+                const alerts = detector.analyze(buildToolCall({ toolName: 'http.get' }));
+                const toolRateAlerts = alerts.filter(a => a.anomaly_type === 'request_rate_spike' && a.entity_type === 'tool');
+                // No tool-level rate tracking
+                expect(toolRateAlerts).toHaveLength(0);
+            }
+        });
+        it('should respect track_workspaces: false', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ track_workspaces: false }));
+            for (let i = 0; i < 15; i++) {
+                const alerts = detector.analyze(buildToolCall({ workspaceId: 'ws-1' }));
+                const wsRateAlerts = alerts.filter(a => a.anomaly_type === 'request_rate_spike' && a.entity_type === 'workspace');
+                expect(wsRateAlerts).toHaveLength(0);
+            }
+        });
+        it('should use custom window_ms', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ window_ms: 5000 }));
+            const tc = buildToolCall({ toolName: 'http.window' });
+            detector.recordResult(tc, 100, false);
+            const baseline = detector.getBaseline('tool', 'http.window', 'latency');
+            expect(baseline).not.toBeNull();
+            expect(baseline.count).toBe(1);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Alert management
+    // -----------------------------------------------------------------------
+    describe('alert management', () => {
+        it('should return recent alerts via getAlerts()', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Generate some alerts by using new tools
+            detector.analyze(buildToolCall({ actorId: 'alert-mgmt', toolName: 'tool-a' }));
+            detector.analyze(buildToolCall({ actorId: 'alert-mgmt', toolName: 'tool-b' }));
+            detector.analyze(buildToolCall({ actorId: 'alert-mgmt', toolName: 'tool-c' }));
+            const alerts = detector.getAlerts();
+            // Should have new_tool_usage alerts for tool-b and tool-c
+            const newToolAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage');
+            expect(newToolAlerts.length).toBeGreaterThanOrEqual(2);
+        });
+        it('should limit alerts with getAlerts(limit)', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Generate multiple alerts
+            detector.analyze(buildToolCall({ actorId: 'limit-test', toolName: 'tool-1' }));
+            detector.analyze(buildToolCall({ actorId: 'limit-test', toolName: 'tool-2' }));
+            detector.analyze(buildToolCall({ actorId: 'limit-test', toolName: 'tool-3' }));
+            detector.analyze(buildToolCall({ actorId: 'limit-test', toolName: 'tool-4' }));
+            const alerts = detector.getAlerts(2);
+            expect(alerts.length).toBeLessThanOrEqual(2);
+        });
+        it('should filter alerts by entity via getAlertsForEntity()', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Generate alerts for different actors
+            detector.analyze(buildToolCall({ actorId: 'entity-a', toolName: 'tool-1' }));
+            detector.analyze(buildToolCall({ actorId: 'entity-a', toolName: 'tool-2' })); // new_tool alert
+            detector.analyze(buildToolCall({ actorId: 'entity-b', toolName: 'tool-1' }));
+            detector.analyze(buildToolCall({ actorId: 'entity-b', toolName: 'tool-3' })); // new_tool alert
+            const alertsA = detector.getAlertsForEntity('actor', 'entity-a');
+            const alertsB = detector.getAlertsForEntity('actor', 'entity-b');
+            // Each should have their own alerts
+            for (const alert of alertsA) {
+                expect(alert.entity_id).toBe('entity-a');
+            }
+            for (const alert of alertsB) {
+                expect(alert.entity_id).toBe('entity-b');
+            }
+        });
+        it('should return empty array for non-existent entity', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const alerts = detector.getAlertsForEntity('actor', 'does-not-exist');
+            expect(alerts).toEqual([]);
+        });
+        it('should cap stored alerts at maxAlerts', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Generate more than 1000 alerts by creating many new tool usages
+            // Each new actor gets one bootstrap tool, then every subsequent tool triggers an alert
+            for (let i = 0; i < 600; i++) {
+                const actorId = `bulk-actor-${i}`;
+                detector.analyze(buildToolCall({ actorId, toolName: 'tool-base' }));
+                detector.analyze(buildToolCall({ actorId, toolName: 'tool-new' }));
+            }
+            const allAlerts = detector.getAlerts(2000);
+            expect(allAlerts.length).toBeLessThanOrEqual(1000);
+        });
+        it('should have valid alert fields', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            detector.analyze(buildToolCall({ actorId: 'field-test', toolName: 'tool-a' }));
+            const alerts = detector.analyze(buildToolCall({ actorId: 'field-test', toolName: 'tool-b' }));
+            const newToolAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage');
+            expect(newToolAlerts).toHaveLength(1);
+            const alert = newToolAlerts[0];
+            // Verify all required fields are present
+            expect(alert.alert_id).toBeTruthy();
+            expect(typeof alert.alert_id).toBe('string');
+            expect(alert.timestamp).toBeTruthy();
+            expect(new Date(alert.timestamp).getTime()).not.toBeNaN();
+            expect(alert.anomaly_type).toBe('new_tool_usage');
+            expect(alert.entity_type).toBe('actor');
+            expect(alert.entity_id).toBe('field-test');
+            expect(alert.metric).toBe('new_tool');
+            expect(typeof alert.current_value).toBe('number');
+            expect(typeof alert.baseline_mean).toBe('number');
+            expect(typeof alert.baseline_stddev).toBe('number');
+            expect(typeof alert.z_score).toBe('number');
+            expect(['low', 'medium', 'high']).toContain(alert.severity);
+        });
+        it('should generate unique alert_ids', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            detector.analyze(buildToolCall({ actorId: 'unique-id', toolName: 'tool-a' }));
+            detector.analyze(buildToolCall({ actorId: 'unique-id', toolName: 'tool-b' }));
+            detector.analyze(buildToolCall({ actorId: 'unique-id', toolName: 'tool-c' }));
+            const alerts = detector.getAlerts();
+            const ids = alerts.map(a => a.alert_id);
+            const uniqueIds = new Set(ids);
+            expect(uniqueIds.size).toBe(ids.length);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Baseline queries
+    // -----------------------------------------------------------------------
+    describe('getBaseline()', () => {
+        it('should return null for unknown metrics', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const baseline = detector.getBaseline('tool', 'unknown-tool', 'latency');
+            expect(baseline).toBeNull();
+        });
+        it('should return correct stats after recording data', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ toolName: 'http.stats' });
+            // Record 5 latencies: 100, 200, 300, 400, 500
+            detector.recordResult(tc, 100, false);
+            detector.recordResult(tc, 200, false);
+            detector.recordResult(tc, 300, false);
+            detector.recordResult(tc, 400, false);
+            detector.recordResult(tc, 500, false);
+            const baseline = detector.getBaseline('tool', 'http.stats', 'latency');
+            expect(baseline).not.toBeNull();
+            expect(baseline.count).toBe(5);
+            expect(baseline.mean).toBe(300); // (100+200+300+400+500)/5
+            expect(baseline.stddev).toBeCloseTo(Math.sqrt(25000), 1); // sample stddev ~ 158.11
+        });
+        it('should return correct error rate baseline', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ actorId: 'err-baseline' });
+            // Record 8 successes and 2 errors
+            for (let i = 0; i < 8; i++) {
+                detector.recordResult(tc, 100, false);
+            }
+            for (let i = 0; i < 2; i++) {
+                detector.recordResult(tc, 100, true);
+            }
+            const baseline = detector.getBaseline('actor', 'err-baseline', 'error_rate');
+            expect(baseline).not.toBeNull();
+            expect(baseline.count).toBe(10);
+            expect(baseline.mean).toBeCloseTo(0.2, 2); // 2/10
+        });
+    });
+    // -----------------------------------------------------------------------
+    // reset()
+    // -----------------------------------------------------------------------
+    describe('reset()', () => {
+        it('should clear all tracking data', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Generate some state
+            detector.analyze(buildToolCall({ actorId: 'reset-test', toolName: 'tool-a' }));
+            detector.analyze(buildToolCall({ actorId: 'reset-test', toolName: 'tool-b' }));
+            detector.recordResult(buildToolCall({ toolName: 'http.reset' }), 100, false);
+            expect(detector.getAlerts().length).toBeGreaterThan(0);
+            expect(detector.getBaseline('tool', 'http.reset', 'latency')).not.toBeNull();
+            // Reset
+            detector.reset();
+            // Everything should be cleared
+            expect(detector.getAlerts()).toEqual([]);
+            expect(detector.getBaseline('tool', 'http.reset', 'latency')).toBeNull();
+        });
+        it('should allow new tool usage alerts again after reset', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Build tool history
+            detector.analyze(buildToolCall({ actorId: 'reset-actor', toolName: 'tool-a' }));
+            detector.analyze(buildToolCall({ actorId: 'reset-actor', toolName: 'tool-b' }));
+            detector.reset();
+            // After reset, tool-a should not trigger new_tool_usage (first tool again)
+            const alerts1 = detector.analyze(buildToolCall({ actorId: 'reset-actor', toolName: 'tool-a' }));
+            expect(alerts1.filter(a => a.anomaly_type === 'new_tool_usage')).toHaveLength(0);
+            // tool-b should now trigger new_tool_usage (it's the second tool after reset)
+            const alerts2 = detector.analyze(buildToolCall({ actorId: 'reset-actor', toolName: 'tool-b' }));
+            expect(alerts2.filter(a => a.anomaly_type === 'new_tool_usage')).toHaveLength(1);
+        });
+        it('should allow capability escalation alerts again after reset', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Build capability history
+            detector.analyze(buildToolCall({ actorId: 'reset-cap', capability: 'read' }));
+            detector.analyze(buildToolCall({ actorId: 'reset-cap', capability: 'write' }));
+            detector.reset();
+            // After reset, read should not alert (first cap)
+            const alerts1 = detector.analyze(buildToolCall({ actorId: 'reset-cap', capability: 'read' }));
+            expect(alerts1.filter(a => a.anomaly_type === 'capability_escalation')).toHaveLength(0);
+            // write should alert again (escalation from read)
+            const alerts2 = detector.analyze(buildToolCall({ actorId: 'reset-cap', capability: 'write' }));
+            expect(alerts2.filter(a => a.anomaly_type === 'capability_escalation')).toHaveLength(1);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Window pruning (data expiry)
+    // -----------------------------------------------------------------------
+    describe('window pruning', () => {
+        beforeEach(() => {
+            jest.useFakeTimers();
+        });
+        afterEach(() => {
+            jest.useRealTimers();
+        });
+        it('should prune old data points outside the window', () => {
+            const windowMs = 10000; // 10 seconds
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ window_ms: windowMs }));
+            const tc = buildToolCall({ toolName: 'http.prune' });
+            // Record at t=0
+            detector.recordResult(tc, 100, false);
+            expect(detector.getBaseline('tool', 'http.prune', 'latency').count).toBe(1);
+            // Advance past window
+            jest.advanceTimersByTime(windowMs + 1);
+            // Record a new point -- the old one should be pruned
+            detector.recordResult(tc, 200, false);
+            const baseline = detector.getBaseline('tool', 'http.prune', 'latency');
+            expect(baseline.count).toBe(1);
+            expect(baseline.mean).toBe(200); // Only the new data point
+        });
+        it('should keep data points within the window', () => {
+            const windowMs = 10000;
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ window_ms: windowMs }));
+            const tc = buildToolCall({ toolName: 'http.keep' });
+            // Record at t=0
+            detector.recordResult(tc, 100, false);
+            // Advance by half the window
+            jest.advanceTimersByTime(windowMs / 2);
+            // Record at t=5s
+            detector.recordResult(tc, 200, false);
+            // Both should still be in the window
+            const baseline = detector.getBaseline('tool', 'http.keep', 'latency');
+            expect(baseline.count).toBe(2);
+            expect(baseline.mean).toBe(150);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Rolling window statistics (mean, stddev, z-score)
+    // -----------------------------------------------------------------------
+    describe('rolling window statistics', () => {
+        it('should compute correct mean', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ toolName: 'http.mean' });
+            detector.recordResult(tc, 10, false);
+            detector.recordResult(tc, 20, false);
+            detector.recordResult(tc, 30, false);
+            const baseline = detector.getBaseline('tool', 'http.mean', 'latency');
+            expect(baseline.mean).toBe(20);
+        });
+        it('should compute correct stddev', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ toolName: 'http.stddev' });
+            // Values: 2, 4, 4, 4, 5, 5, 7, 9
+            // Mean = 5, Sample Variance = 4.571..., Sample Stddev = ~2.138
+            [2, 4, 4, 4, 5, 5, 7, 9].forEach(v => {
+                detector.recordResult(tc, v, false);
+            });
+            const baseline = detector.getBaseline('tool', 'http.stddev', 'latency');
+            expect(baseline.mean).toBe(5);
+            expect(baseline.stddev).toBeCloseTo(2.138, 2);
+        });
+        it('should return stddev of 0 with a single data point', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ toolName: 'http.single' });
+            detector.recordResult(tc, 100, false);
+            const baseline = detector.getBaseline('tool', 'http.single', 'latency');
+            expect(baseline.stddev).toBe(0);
+        });
+        it('should return mean of 0 with no data points', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const baseline = detector.getBaseline('tool', 'http.empty', 'latency');
+            expect(baseline).toBeNull();
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Severity classification
+    // -----------------------------------------------------------------------
+    describe('severity classification', () => {
+        it('should classify z-score 3-4 as low', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ min_samples: 5, z_score_threshold: 2 }));
+            const tc = buildToolCall({ toolName: 'http.sev-low' });
+            // Build baseline with values where we can control z-score
+            // Values: 10 x 100, then record 101, 99 for tiny variance
+            for (let i = 0; i < 10; i++) {
+                detector.recordResult(tc, 100, false);
+            }
+            detector.recordResult(tc, 102, false);
+            detector.recordResult(tc, 98, false);
+            // The baseline has mean ~100, tiny stddev
+            // We need a spike that gives z ~3-4
+            const baseline = detector.getBaseline('tool', 'http.sev-low', 'latency');
+            if (baseline && baseline.stddev > 0) {
+                // Compute a value that would give z ~ 3.5
+                const targetValue = baseline.mean + 3.5 * baseline.stddev;
+                const alerts = detector.analyzeResult(tc, targetValue, false);
+                const latencyAlerts = alerts.filter(a => a.anomaly_type === 'latency_spike');
+                if (latencyAlerts.length > 0) {
+                    expect(latencyAlerts[0].severity).toBe('low');
+                }
+            }
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Gateway integration (action modes)
+    // -----------------------------------------------------------------------
+    describe('action modes', () => {
+        it('should not block on action: "log"', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ action: 'log' }));
+            // Even if alerts are generated, action=log means we just record them
+            detector.analyze(buildToolCall({ actorId: 'log-test', toolName: 'tool-a' }));
+            const alerts = detector.analyze(buildToolCall({ actorId: 'log-test', toolName: 'tool-b' }));
+            // Alerts are generated but action is just 'log'
+            const newToolAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage');
+            expect(newToolAlerts).toHaveLength(1);
+            // The detector itself doesn't enforce actions -- that's the gateway's job
+            // We just verify alerts are still produced
+        });
+        it('should not block on action: "flag"', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ action: 'flag' }));
+            detector.analyze(buildToolCall({ actorId: 'flag-test', toolName: 'tool-a' }));
+            const alerts = detector.analyze(buildToolCall({ actorId: 'flag-test', toolName: 'tool-b' }));
+            const newToolAlerts = alerts.filter(a => a.anomaly_type === 'new_tool_usage');
+            expect(newToolAlerts).toHaveLength(1);
+        });
+        it('action: "block" with high severity should produce alerts for gateway to act on', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig({ action: 'block' }));
+            // Generate a high severity alert (capability escalation to admin)
+            detector.analyze(buildToolCall({ actorId: 'block-test', capability: 'read' }));
+            const alerts = detector.analyze(buildToolCall({ actorId: 'block-test', capability: 'admin' }));
+            const highAlerts = alerts.filter(a => a.severity === 'high');
+            expect(highAlerts.length).toBeGreaterThanOrEqual(1);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Multiple anomaly types in single call
+    // -----------------------------------------------------------------------
+    describe('multiple anomaly types in single call', () => {
+        beforeEach(() => {
+            jest.useFakeTimers();
+        });
+        afterEach(() => {
+            jest.useRealTimers();
+        });
+        it('should detect multiple anomaly types simultaneously', () => {
+            // Establish history during business hours on a weekday
+            jest.setSystemTime(new Date('2025-01-15T14:00:00Z')); // Wednesday 2pm
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // First, establish some history during business hours (no off-hours alert)
+            detector.analyze(buildToolCall({ actorId: 'multi', toolName: 'http.get', capability: 'read' }));
+            // Now set time to Saturday 3am UTC (off hours + weekend)
+            jest.setSystemTime(new Date('2025-01-18T03:00:00Z'));
+            // Trigger multiple anomalies at once:
+            // - new_tool_usage (slack.post is new)
+            // - capability_escalation (admin is new)
+            // - off_hours_activity (3am Saturday -- first time at this hour)
+            const alerts = detector.analyze(buildToolCall({
+                actorId: 'multi',
+                toolName: 'slack.post',
+                capability: 'admin',
+            }));
+            const types = new Set(alerts.map(a => a.anomaly_type));
+            expect(types.has('new_tool_usage')).toBe(true);
+            expect(types.has('capability_escalation')).toBe(true);
+            expect(types.has('off_hours_activity')).toBe(true);
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Edge cases
+    // -----------------------------------------------------------------------
+    describe('edge cases', () => {
+        it('should handle empty actor id', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ actorId: '' });
+            // Should not throw
+            const alerts = detector.analyze(tc);
+            expect(Array.isArray(alerts)).toBe(true);
+        });
+        it('should handle empty tool name', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ toolName: '' });
+            const alerts = detector.analyze(tc);
+            expect(Array.isArray(alerts)).toBe(true);
+        });
+        it('should handle zero latency', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall();
+            detector.recordResult(tc, 0, false);
+            const baseline = detector.getBaseline('tool', tc.tool.name, 'latency');
+            expect(baseline.mean).toBe(0);
+        });
+        it('should handle negative latency gracefully', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall();
+            // Shouldn't throw
+            detector.recordResult(tc, -1, false);
+            const baseline = detector.getBaseline('tool', tc.tool.name, 'latency');
+            expect(baseline).not.toBeNull();
+        });
+        it('should handle very large latency values', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            const tc = buildToolCall({ toolName: 'http.large' });
+            detector.recordResult(tc, Number.MAX_SAFE_INTEGER, false);
+            const baseline = detector.getBaseline('tool', 'http.large', 'latency');
+            expect(baseline.mean).toBe(Number.MAX_SAFE_INTEGER);
+        });
+        it('should handle concurrent analysis of many actors', () => {
+            const detector = new anomaly_1.AnomalyDetector(defaultConfig());
+            // Simulate many different actors
+            for (let i = 0; i < 100; i++) {
+                const alerts = detector.analyze(buildToolCall({ actorId: `actor-${i}` }));
+                expect(Array.isArray(alerts)).toBe(true);
+            }
+        });
+    });
+});
+//# sourceMappingURL=anomaly-detector.test.js.map