/** * Skill Behavioral Fingerprint * * Tracks what each skill "normally does" across invocations, then detects * behavioral drift when a previously-trusted skill starts acting differently. * * Solves the "installed then turns malicious" scenario: * - First N invocations: build fingerprint (what APIs, what patterns, what scope) * - After fingerprint stabilizes: flag any deviation as anomaly * * @module agent-threat-rules/skill-fingerprint */ import type { AgentEvent } from './types.js'; /** Behavioral capabilities observed for a skill */ interface SkillCapabilities { /** Seen filesystem operations (read/write/delete) */ readonly filesystemOps: ReadonlySet; /** Seen network destinations (hostnames) */ readonly networkTargets: ReadonlySet; /** Seen environment variable accesses */ readonly envAccesses: ReadonlySet; /** Seen child process executions */ readonly processExecs: ReadonlySet; /** Seen output patterns (categories: data, error, redirect, exfiltration) */ readonly outputPatterns: ReadonlySet; } /** Immutable fingerprint snapshot */ export interface SkillFingerprint { readonly skillName: string; readonly invocationCount: number; readonly firstSeen: number; readonly lastSeen: number; readonly isStable: boolean; readonly capabilities: SkillCapabilities; /** Hash of capabilities for quick comparison */ readonly capabilityHash: string; } /** Anomaly when behavior deviates from fingerprint */ export interface BehaviorAnomaly { readonly skillName: string; readonly anomalyType: 'new_filesystem_op' | 'new_network_target' | 'new_env_access' | 'new_process_exec' | 'new_output_pattern' | 'capability_expansion'; readonly description: string; readonly severity: 'low' | 'medium' | 'high' | 'critical'; readonly newValue: string; readonly timestamp: number; } export interface SkillFingerprintConfig { /** Minimum invocations before fingerprint can stabilize (default: 10) */ stabilityThreshold?: number; /** Consecutive clean invocations to mark stable (default: 5) */ stableStreak?: number; } export declare class SkillFingerprintStore { private readonly fingerprints; private readonly stabilityThreshold; private readonly stableStreak; constructor(config?: SkillFingerprintConfig); /** * Record a skill invocation and detect behavioral anomalies. * Returns anomalies if the fingerprint was stable and new capabilities appeared. */ recordInvocation(skillName: string, event: AgentEvent): readonly BehaviorAnomaly[]; /** * Get an immutable fingerprint snapshot for a skill. */ getFingerprint(skillName: string): SkillFingerprint | undefined; /** Get all tracked skill names */ getTrackedSkills(): string[]; /** Get count of stable fingerprints */ getStableCount(): number; /** Get total tracked skills */ getTrackedCount(): number; /** * Reset a skill's fingerprint (e.g., after a legitimate update). */ resetFingerprint(skillName: string): void; /** * Evict fingerprints not seen since cutoffMs ago. */ cleanup(cutoffMs: number): number; private getOrCreate; private computeCapabilityHash; } export {}; //# sourceMappingURL=skill-fingerprint.d.ts.map