rust-kgdb 0.4.2 → 0.4.4

package/examples/fraud-detection-agent.js

@@ -0,0 +1,346 @@
+/**
+ * Fraud Detection Agent - Production Example
+ *
+ * Real-world insurance fraud detection using rust-kgdb:
+ * - Knowledge graph for relationship analysis
+ * - GraphFrames for network pattern detection
+ * - Vector embeddings for semantic similarity
+ * - Datalog rules for fraud pattern inference
+ *
+ * Fraud patterns based on NICB (National Insurance Crime Bureau) data:
+ * - Staged accidents (20% of fraud)
+ * - Provider collusion (25%)
+ * - Ring operations (40%)
+ */
+
+const {
+  GraphDB,
+  GraphFrame,
+  EmbeddingService,
+  DatalogProgram,
+  evaluateDatalog,
+  queryDatalog,
+  getVersion
+} = require('../index.js')
+
+// ============================================
+// STEP 1: Insurance Claims Data (NICB patterns)
+// ============================================
+
+const INSURANCE_CLAIMS_TTL = `
+@prefix : <http://insurance.org/> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+
+# === CLAIMS ===
+:CLM001 :amount "18500" ; :type "collision" ; :claimant :P001 ; :provider :PROV001 .
+:CLM002 :amount "22300" ; :type "bodily_injury" ; :claimant :P002 ; :provider :PROV001 .
+:CLM003 :amount "15800" ; :type "collision" ; :claimant :P003 ; :provider :PROV002 .
+:CLM004 :amount "31200" ; :type "total_loss" ; :claimant :P001 ; :provider :PROV001 .
+:CLM005 :amount "8500" ; :type "collision" ; :claimant :P004 ; :provider :PROV003 .
+
+# === PAYMENT FLOWS (Fraud Ring Pattern) ===
+:P001 :paidTo :P002 .
+:P002 :paidTo :P003 .
+:P003 :paidTo :P001 .
+
+# === RELATIONSHIPS ===
+:P001 :relatedTo :P002 ; :sharedAddress "123 Oak St Miami" .
+:P002 :relatedTo :P003 ; :sharedPhone "305-555-0199" .
+
+# === PROVIDERS ===
+:PROV001 :name "Miami Auto Body LLC" ; :avgCost "18500" .
+:PROV002 :name "South FL Collision" ; :avgCost "12200" .
+:PROV003 :name "Sunrise Body Shop" ; :avgCost "7800" .
+`
+
+// ============================================
+// STEP 2: Generate Semantic Embeddings
+// ============================================
+
+function generateClaimEmbedding(type, amount, riskScore) {
+  // 384-dimensional embedding representing claim characteristics
+  const embedding = new Array(384).fill(0)
+
+  // Type encoding (dims 0-63)
+  const typeWeights = {
+    collision: 0.3,
+    bodily_injury: 0.7,
+    total_loss: 0.9,
+    theft: 0.8
+  }
+  const typeWeight = typeWeights[type] || 0.5
+  for (let i = 0; i < 64; i++) {
+    embedding[i] = typeWeight * (0.8 + Math.sin(i * 0.1) * 0.2)
+  }
+
+  // Amount encoding (dims 64-127)
+  const normalizedAmount = Math.min(amount / 50000, 1)
+  for (let i = 64; i < 128; i++) {
+    embedding[i] = normalizedAmount * (0.5 + Math.cos((i - 64) * 0.1) * 0.5)
+  }
+
+  // Risk score encoding (dims 128-191)
+  for (let i = 128; i < 192; i++) {
+    embedding[i] = riskScore * (0.6 + Math.sin((i - 128) * 0.15) * 0.4)
+  }
+
+  // Pattern features (dims 192-383)
+  for (let i = 192; i < 384; i++) {
+    embedding[i] = (typeWeight + normalizedAmount + riskScore) / 3 * Math.cos((i - 192) * 0.05)
+  }
+
+  // Normalize to unit vector
+  const magnitude = Math.sqrt(embedding.reduce((s, v) => s + v * v, 0))
+  if (magnitude > 0) {
+    for (let i = 0; i < embedding.length; i++) {
+      embedding[i] = embedding[i] / magnitude
+    }
+  }
+
+  return embedding
+}
+
+// ============================================
+// MAIN FRAUD DETECTION PIPELINE
+// ============================================
+
+async function runFraudDetection() {
+  console.log('='.repeat(70))
+  console.log('  FRAUD DETECTION AGENT - Production Pipeline')
+  console.log('  rust-kgdb v' + getVersion() + ' | Neuro-Symbolic AI Framework')
+  console.log('='.repeat(70))
+  console.log()
+
+  // ===== PHASE 1: Knowledge Graph =====
+  console.log('[PHASE 1] Knowledge Graph Initialization')
+  console.log('-'.repeat(50))
+
+  const db = new GraphDB('http://insurance.org/fraud-kb')
+  db.loadTtl(INSURANCE_CLAIMS_TTL, null)
+
+  console.log(`  Graph URI:    ${db.getGraphUri()}`)
+  console.log(`  Triples:      ${db.countTriples()}`)
+
+  // Query claims
+  const claims = db.querySelect(`
+    PREFIX : <http://insurance.org/>
+    SELECT ?claim ?amount ?type ?claimant WHERE {
+      ?claim :amount ?amount ;
+             :type ?type ;
+             :claimant ?claimant .
+    }
+  `)
+
+  console.log(`  Claims found: ${claims.length}`)
+  claims.forEach(c => {
+    console.log(`    - ${c.bindings.claim}: $${c.bindings.amount} (${c.bindings.type}) by ${c.bindings.claimant}`)
+  })
+
+  // Query circular payments
+  const circular = db.querySelect(`
+    PREFIX : <http://insurance.org/>
+    SELECT ?p1 ?p2 ?p3 WHERE {
+      ?p1 :paidTo ?p2 .
+      ?p2 :paidTo ?p3 .
+      ?p3 :paidTo ?p1 .
+    }
+  `)
+  console.log(`  Circular payments: ${circular.length} pattern(s) detected`)
+  if (circular.length > 0) {
+    circular.forEach(p => {
+      console.log(`    - RING: ${p.bindings.p1} -> ${p.bindings.p2} -> ${p.bindings.p3} -> (cycle)`)
+    })
+  }
+  console.log()
+
+  // ===== PHASE 2: GraphFrame Analytics =====
+  console.log('[PHASE 2] Graph Network Analysis')
+  console.log('-'.repeat(50))
+
+  const vertices = JSON.stringify([
+    { id: 'P001' }, { id: 'P002' }, { id: 'P003' }, { id: 'P004' },
+    { id: 'PROV001' }, { id: 'PROV002' }, { id: 'PROV003' }
+  ])
+
+  const edges = JSON.stringify([
+    // Payment flows
+    { src: 'P001', dst: 'P002' },
+    { src: 'P002', dst: 'P003' },
+    { src: 'P003', dst: 'P001' },
+    // Provider relationships
+    { src: 'P001', dst: 'PROV001' },
+    { src: 'P002', dst: 'PROV001' },
+    { src: 'P003', dst: 'PROV002' },
+    { src: 'P004', dst: 'PROV003' },
+    { src: 'P001', dst: 'PROV001' }  // Multiple claims
+  ])
+
+  const graph = new GraphFrame(vertices, edges)
+  console.log(`  Vertices: ${graph.vertexCount()}`)
+  console.log(`  Edges:    ${graph.edgeCount()}`)
+
+  // Triangle detection (fraud ring indicator)
+  const triangles = graph.triangleCount()
+  console.log(`  Triangles: ${triangles} (fraud ring indicator)`)
+
+  // PageRank for central actors
+  const pr = JSON.parse(graph.pageRank(0.15, 20))
+  console.log('  PageRank (central actors):')
+  if (pr.ranks) {
+    const sorted = Object.entries(pr.ranks).sort((a, b) => b[1] - a[1])
+    sorted.slice(0, 4).forEach(([node, score]) => {
+      console.log(`    - ${node}: ${score.toFixed(4)}`)
+    })
+  }
+
+  // Connected components
+  const cc = JSON.parse(graph.connectedComponents())
+  console.log(`  Connected components: ${JSON.stringify(cc).length > 10 ? 'detected' : 'none'}`)
+  console.log()
+
+  // ===== PHASE 3: Semantic Embeddings =====
+  console.log('[PHASE 3] Semantic Similarity Analysis')
+  console.log('-'.repeat(50))
+
+  const embeddings = new EmbeddingService()
+  console.log(`  Service enabled: ${embeddings.isEnabled()}`)
+
+  // Store claim embeddings
+  const claimData = [
+    { id: 'CLM001', type: 'collision', amount: 18500, risk: 0.75 },
+    { id: 'CLM002', type: 'bodily_injury', amount: 22300, risk: 0.85 },
+    { id: 'CLM003', type: 'collision', amount: 15800, risk: 0.70 },
+    { id: 'CLM004', type: 'total_loss', amount: 31200, risk: 0.95 },
+    { id: 'CLM005', type: 'collision', amount: 8500, risk: 0.25 }
+  ]
+
+  claimData.forEach(claim => {
+    const vec = generateClaimEmbedding(claim.type, claim.amount, claim.risk)
+    embeddings.storeVector(claim.id, vec)
+  })
+
+  console.log(`  Embeddings stored: ${claimData.length}`)
+
+  // Verify embedding storage
+  const vec = embeddings.getVector('CLM004')
+  console.log(`  Vector dimension: ${vec ? vec.length : 'N/A'}`)
+
+  // Rebuild index for similarity search
+  embeddings.rebuildIndex()
+
+  // Find similar claims to the suspicious high-value one
+  const similar = JSON.parse(embeddings.findSimilar('CLM004', 5, 0.3))
+  console.log('  Similar to CLM004 (high-risk):')
+  similar.filter(s => s.entity !== 'CLM004').forEach(s => {
+    const sim = typeof s.similarity === 'number' && !isNaN(s.similarity)
+      ? (s.similarity * 100).toFixed(1) + '%'
+      : 'N/A'
+    console.log(`    - ${s.entity}: ${sim} similarity`)
+  })
+  console.log()
+
+  // ===== PHASE 4: Datalog Reasoning =====
+  console.log('[PHASE 4] Datalog Rule-Based Inference')
+  console.log('-'.repeat(50))
+
+  const datalog = new DatalogProgram()
+
+  // Add facts
+  datalog.addFact(JSON.stringify({ predicate: 'claim', terms: ['CLM001', 'P001', 'PROV001'] }))
+  datalog.addFact(JSON.stringify({ predicate: 'claim', terms: ['CLM002', 'P002', 'PROV001'] }))
+  datalog.addFact(JSON.stringify({ predicate: 'claim', terms: ['CLM003', 'P003', 'PROV002'] }))
+  datalog.addFact(JSON.stringify({ predicate: 'claim', terms: ['CLM004', 'P001', 'PROV001'] }))
+  datalog.addFact(JSON.stringify({ predicate: 'related', terms: ['P001', 'P002'] }))
+  datalog.addFact(JSON.stringify({ predicate: 'related', terms: ['P002', 'P003'] }))
+
+  console.log(`  Facts: ${datalog.factCount()}`)
+
+  // Rule: Provider collusion detection
+  // collusion(P1, P2, Provider) :- claim(_, P1, Provider), claim(_, P2, Provider), related(P1, P2)
+  datalog.addRule(JSON.stringify({
+    head: { predicate: 'collusion', terms: ['?P1', '?P2', '?Prov'] },
+    body: [
+      { predicate: 'claim', terms: ['?C1', '?P1', '?Prov'] },
+      { predicate: 'claim', terms: ['?C2', '?P2', '?Prov'] },
+      { predicate: 'related', terms: ['?P1', '?P2'] }
+    ]
+  }))
+
+  // Rule: Transitive relationship
+  // connected(X, Z) :- related(X, Y), related(Y, Z)
+  datalog.addRule(JSON.stringify({
+    head: { predicate: 'connected', terms: ['?X', '?Z'] },
+    body: [
+      { predicate: 'related', terms: ['?X', '?Y'] },
+      { predicate: 'related', terms: ['?Y', '?Z'] }
+    ]
+  }))
+
+  console.log(`  Rules: ${datalog.ruleCount()}`)
+
+  // Evaluate
+  const result = evaluateDatalog(datalog)
+  const parsed = JSON.parse(result)
+
+  console.log('  Inferred facts:')
+  if (parsed.collusion && parsed.collusion.length > 0) {
+    console.log(`    - Collusion: ${JSON.stringify(parsed.collusion)}`)
+  }
+  if (parsed.connected && parsed.connected.length > 0) {
+    console.log(`    - Connected: ${JSON.stringify(parsed.connected)}`)
+  }
+  console.log()
+
+  // ===== FINAL REPORT =====
+  console.log('='.repeat(70))
+  console.log('  FRAUD DETECTION REPORT')
+  console.log('='.repeat(70))
+  console.log()
+
+  const riskLevel = triangles > 0 || circular.length > 0 ? 'HIGH' : 'MEDIUM'
+
+  console.log('  SUMMARY:')
+  console.log(`    Claims analyzed:      ${claims.length}`)
+  console.log(`    Circular payments:    ${circular.length}`)
+  console.log(`    Network triangles:    ${triangles}`)
+  console.log(`    Provider collusions:  ${parsed.collusion ? parsed.collusion.length : 0}`)
+  console.log()
+
+  console.log('  RISK INDICATORS:')
+  if (triangles > 0) {
+    console.log('    [HIGH] Triangular payment pattern - classic fraud ring')
+  }
+  if (circular.length > 0) {
+    console.log('    [HIGH] Circular payment flow - money laundering pattern')
+  }
+  if (parsed.collusion && parsed.collusion.length > 0) {
+    console.log('    [HIGH] Provider collusion detected - coordinated fraud')
+  }
+  console.log('    [MEDIUM] Shared provider concentration')
+  console.log()
+
+  console.log(`  OVERALL RISK: ${riskLevel}`)
+  console.log('  RECOMMENDATION: Refer to SIU for investigation')
+  console.log()
+  console.log('='.repeat(70))
+
+  return {
+    claimsAnalyzed: claims.length,
+    circularPayments: circular.length,
+    triangles,
+    collusions: parsed.collusion ? parsed.collusion.length : 0,
+    riskLevel
+  }
+}
+
+// Execute
+runFraudDetection()
+  .then(result => {
+    console.log('\nPipeline completed successfully.')
+    console.log('Output:', JSON.stringify(result, null, 2))
+    process.exit(0)
+  })
+  .catch(err => {
+    console.error('Pipeline failed:', err.message)
+    process.exit(1)
+  })