Hugging Face's logo

Spaces:
Che237
/
cyberforge
Sleeping

App Files Community
Che237 commited on
Commit
4b93b4a
Β·
verified Β·
1 Parent(s): a1f6dc3

Add 04_agent_intelligence.ipynb

Browse files
Files changed (1) hide show
  1. notebooks/04_agent_intelligence.ipynb +773 -0
notebooks/04_agent_intelligence.ipynb ADDED
@@ -0,0 +1,773 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ {
2
+ "cells": [
3
+ {
4
+ "cell_type": "markdown",
5
+ "id": "a684408b",
6
+ "metadata": {},
7
+ "source": [
8
+ "# 04 - Agent Intelligence\n",
9
+ "\n",
10
+ "## CyberForge AI - Agentic AI Capabilities\n",
11
+ "\n",
12
+ "This notebook implements intelligent agent decision-making for:\n",
13
+ "- Task prioritization and execution planning\n",
14
+ "- Confidence-based decision scoring\n",
15
+ "- Gemini API integration for reasoning\n",
16
+ "- Autonomous threat response workflows\n",
17
+ "\n",
18
+ "### Alignment:\n",
19
+ "- Integrates with desktop app agentic system\n",
20
+ "- Supports backend task queue management\n",
21
+ "- Provides explainable outputs for user transparency"
22
+ ]
23
+ },
24
+ {
25
+ "cell_type": "code",
26
+ "execution_count": null,
27
+ "id": "8af0eaa6",
28
+ "metadata": {},
29
+ "outputs": [],
30
+ "source": [
31
+ "import json\n",
32
+ "import os\n",
33
+ "import time\n",
34
+ "import numpy as np\n",
35
+ "from pathlib import Path\n",
36
+ "from typing import Dict, List, Any, Optional, Tuple\n",
37
+ "from dataclasses import dataclass, asdict\n",
38
+ "from enum import Enum\n",
39
+ "import warnings\n",
40
+ "warnings.filterwarnings('ignore')\n",
41
+ "\n",
42
+ "# Load configuration\n",
43
+ "config_path = Path(\"../notebook_config.json\")\n",
44
+ "with open(config_path) as f:\n",
45
+ " CONFIG = json.load(f)\n",
46
+ "\n",
47
+ "MODELS_DIR = Path(CONFIG[\"datasets_dir\"]).parent / \"models\"\n",
48
+ "AGENT_DIR = MODELS_DIR.parent / \"agent\"\n",
49
+ "AGENT_DIR.mkdir(exist_ok=True)\n",
50
+ "\n",
51
+ "print(f\"βœ“ Configuration loaded\")\n",
52
+ "print(f\"βœ“ Agent output: {AGENT_DIR}\")"
53
+ ]
54
+ },
55
+ {
56
+ "cell_type": "markdown",
57
+ "id": "bbcc7dc9",
58
+ "metadata": {},
59
+ "source": [
60
+ "## 1. Agent Task Definitions"
61
+ ]
62
+ },
63
+ {
64
+ "cell_type": "code",
65
+ "execution_count": null,
66
+ "id": "bc6eb821",
67
+ "metadata": {},
68
+ "outputs": [],
69
+ "source": [
70
+ "class TaskPriority(Enum):\n",
71
+ " CRITICAL = 4\n",
72
+ " HIGH = 3\n",
73
+ " MEDIUM = 2\n",
74
+ " LOW = 1\n",
75
+ " BACKGROUND = 0\n",
76
+ "\n",
77
+ "@dataclass\n",
78
+ "class AgentTask:\n",
79
+ " \"\"\"Represents a task the agent can execute\"\"\"\n",
80
+ " task_id: str\n",
81
+ " task_type: str\n",
82
+ " priority: int\n",
83
+ " target: str\n",
84
+ " context: Dict\n",
85
+ " created_at: float\n",
86
+ " confidence: float = 0.0\n",
87
+ " status: str = \"pending\"\n",
88
+ " result: Dict = None\n",
89
+ " \n",
90
+ " def to_dict(self) -> Dict:\n",
91
+ " return asdict(self)\n",
92
+ "\n",
93
+ "@dataclass\n",
94
+ "class AgentDecision:\n",
95
+ " \"\"\"Represents an agent decision with reasoning\"\"\"\n",
96
+ " action: str\n",
97
+ " confidence: float\n",
98
+ " reasoning: str\n",
99
+ " evidence: List[str]\n",
100
+ " risk_level: str\n",
101
+ " recommended_follow_up: List[str]\n",
102
+ " \n",
103
+ " def to_dict(self) -> Dict:\n",
104
+ " return asdict(self)\n",
105
+ "\n",
106
+ "print(\"βœ“ Task definitions loaded\")"
107
+ ]
108
+ },
109
+ {
110
+ "cell_type": "markdown",
111
+ "id": "c6785168",
112
+ "metadata": {},
113
+ "source": [
114
+ "## 2. Decision Scoring Engine"
115
+ ]
116
+ },
117
+ {
118
+ "cell_type": "code",
119
+ "execution_count": null,
120
+ "id": "0e0109ae",
121
+ "metadata": {},
122
+ "outputs": [],
123
+ "source": [
124
+ "class DecisionScoringEngine:\n",
125
+ " \"\"\"\n",
126
+ " Calculates confidence scores for agent decisions.\n",
127
+ " Combines model predictions with heuristic rules.\n",
128
+ " \"\"\"\n",
129
+ " \n",
130
+ " # Threat severity weights\n",
131
+ " SEVERITY_WEIGHTS = {\n",
132
+ " 'critical': 1.0,\n",
133
+ " 'high': 0.8,\n",
134
+ " 'medium': 0.5,\n",
135
+ " 'low': 0.3,\n",
136
+ " 'info': 0.1\n",
137
+ " }\n",
138
+ " \n",
139
+ " # Evidence type weights\n",
140
+ " EVIDENCE_WEIGHTS = {\n",
141
+ " 'model_prediction': 0.4,\n",
142
+ " 'signature_match': 0.3,\n",
143
+ " 'behavioral_pattern': 0.2,\n",
144
+ " 'heuristic_rule': 0.1\n",
145
+ " }\n",
146
+ " \n",
147
+ " def __init__(self, confidence_threshold: float = 0.7):\n",
148
+ " self.confidence_threshold = confidence_threshold\n",
149
+ " \n",
150
+ " def calculate_threat_score(self, indicators: List[Dict]) -> Tuple[float, str]:\n",
151
+ " \"\"\"Calculate threat score from multiple indicators\"\"\"\n",
152
+ " if not indicators:\n",
153
+ " return 0.0, 'low'\n",
154
+ " \n",
155
+ " # Weighted average of indicator scores\n",
156
+ " total_weight = 0\n",
157
+ " total_score = 0\n",
158
+ " \n",
159
+ " for indicator in indicators:\n",
160
+ " severity = indicator.get('severity', 'low')\n",
161
+ " confidence = indicator.get('confidence', 0.5)\n",
162
+ " evidence_type = indicator.get('evidence_type', 'heuristic_rule')\n",
163
+ " \n",
164
+ " weight = self.SEVERITY_WEIGHTS.get(severity, 0.3) * \\\n",
165
+ " self.EVIDENCE_WEIGHTS.get(evidence_type, 0.1)\n",
166
+ " \n",
167
+ " total_weight += weight\n",
168
+ " total_score += confidence * weight\n",
169
+ " \n",
170
+ " if total_weight == 0:\n",
171
+ " return 0.0, 'low'\n",
172
+ " \n",
173
+ " final_score = total_score / total_weight\n",
174
+ " \n",
175
+ " # Determine risk level\n",
176
+ " if final_score >= 0.8:\n",
177
+ " risk = 'critical'\n",
178
+ " elif final_score >= 0.6:\n",
179
+ " risk = 'high'\n",
180
+ " elif final_score >= 0.4:\n",
181
+ " risk = 'medium'\n",
182
+ " elif final_score >= 0.2:\n",
183
+ " risk = 'low'\n",
184
+ " else:\n",
185
+ " risk = 'info'\n",
186
+ " \n",
187
+ " return final_score, risk\n",
188
+ " \n",
189
+ " def should_act(self, score: float, task_type: str) -> bool:\n",
190
+ " \"\"\"Determine if agent should act based on score\"\"\"\n",
191
+ " # Different thresholds for different task types\n",
192
+ " thresholds = {\n",
193
+ " 'block_threat': 0.85,\n",
194
+ " 'quarantine': 0.75,\n",
195
+ " 'alert': 0.5,\n",
196
+ " 'scan': 0.3,\n",
197
+ " 'monitor': 0.1\n",
198
+ " }\n",
199
+ " \n",
200
+ " threshold = thresholds.get(task_type, self.confidence_threshold)\n",
201
+ " return score >= threshold\n",
202
+ " \n",
203
+ " def prioritize_tasks(self, tasks: List[AgentTask]) -> List[AgentTask]:\n",
204
+ " \"\"\"Sort tasks by priority and confidence\"\"\"\n",
205
+ " return sorted(tasks, \n",
206
+ " key=lambda t: (t.priority, t.confidence), \n",
207
+ " reverse=True)\n",
208
+ "\n",
209
+ "scoring_engine = DecisionScoringEngine()\n",
210
+ "print(\"βœ“ Decision Scoring Engine initialized\")"
211
+ ]
212
+ },
213
+ {
214
+ "cell_type": "markdown",
215
+ "id": "572652b4",
216
+ "metadata": {},
217
+ "source": [
218
+ "## 3. Gemini API Integration for Reasoning"
219
+ ]
220
+ },
221
+ {
222
+ "cell_type": "code",
223
+ "execution_count": null,
224
+ "id": "e68b585e",
225
+ "metadata": {},
226
+ "outputs": [],
227
+ "source": [
228
+ "try:\n",
229
+ " import google.generativeai as genai\n",
230
+ " GEMINI_AVAILABLE = True\n",
231
+ "except ImportError:\n",
232
+ " import subprocess\n",
233
+ " subprocess.run(['pip', 'install', 'google-generativeai', '-q'])\n",
234
+ " import google.generativeai as genai\n",
235
+ " GEMINI_AVAILABLE = True\n",
236
+ "\n",
237
+ "class GeminiReasoningEngine:\n",
238
+ " \"\"\"\n",
239
+ " Uses Gemini API for intelligent threat reasoning.\n",
240
+ " Provides explainable AI outputs.\n",
241
+ " \"\"\"\n",
242
+ " \n",
243
+ " SYSTEM_PROMPT = \"\"\"You are a cybersecurity AI agent analyzing security threats.\n",
244
+ "Your role is to:\n",
245
+ "1. Analyze security indicators and threat patterns\n",
246
+ "2. Provide clear, actionable recommendations\n",
247
+ "3. Explain your reasoning in a way users can understand\n",
248
+ "4. Prioritize user safety while minimizing false positives\n",
249
+ "\n",
250
+ "Always respond with JSON containing:\n",
251
+ "- action: recommended action (block, alert, monitor, allow)\n",
252
+ "- confidence: 0.0-1.0 confidence score\n",
253
+ "- reasoning: brief explanation\n",
254
+ "- evidence: list of supporting evidence\n",
255
+ "- risk_level: critical/high/medium/low/info\n",
256
+ "- recommended_follow_up: list of next steps\"\"\"\n",
257
+ " \n",
258
+ " def __init__(self):\n",
259
+ " self.api_key = CONFIG.get('gemini_api_key', os.environ.get('GEMINI_API_KEY'))\n",
260
+ " self.model = None\n",
261
+ " \n",
262
+ " if self.api_key:\n",
263
+ " try:\n",
264
+ " genai.configure(api_key=self.api_key)\n",
265
+ " self.model = genai.GenerativeModel('gemini-2.0-flash')\n",
266
+ " print(\" βœ“ Gemini API connected\")\n",
267
+ " except Exception as e:\n",
268
+ " print(f\" ⚠ Gemini API error: {e}\")\n",
269
+ " else:\n",
270
+ " print(\" ⚠ No Gemini API key found (will use fallback reasoning)\")\n",
271
+ " \n",
272
+ " def analyze_threat(self, threat_data: Dict) -> AgentDecision:\n",
273
+ " \"\"\"Analyze threat and generate decision with reasoning\"\"\"\n",
274
+ " if self.model:\n",
275
+ " return self._gemini_analyze(threat_data)\n",
276
+ " else:\n",
277
+ " return self._fallback_analyze(threat_data)\n",
278
+ " \n",
279
+ " def _gemini_analyze(self, threat_data: Dict) -> AgentDecision:\n",
280
+ " \"\"\"Use Gemini for threat analysis\"\"\"\n",
281
+ " prompt = f\"\"\"{self.SYSTEM_PROMPT}\n",
282
+ "\n",
283
+ "Analyze this security threat:\n",
284
+ "{json.dumps(threat_data, indent=2)}\n",
285
+ "\n",
286
+ "Provide your analysis as JSON.\"\"\"\n",
287
+ " \n",
288
+ " try:\n",
289
+ " response = self.model.generate_content(prompt)\n",
290
+ " \n",
291
+ " # Parse response\n",
292
+ " text = response.text\n",
293
+ " # Extract JSON from response\n",
294
+ " if '```json' in text:\n",
295
+ " text = text.split('```json')[1].split('```')[0]\n",
296
+ " elif '```' in text:\n",
297
+ " text = text.split('```')[1].split('```')[0]\n",
298
+ " \n",
299
+ " result = json.loads(text)\n",
300
+ " \n",
301
+ " return AgentDecision(\n",
302
+ " action=result.get('action', 'monitor'),\n",
303
+ " confidence=float(result.get('confidence', 0.5)),\n",
304
+ " reasoning=result.get('reasoning', 'Analysis pending'),\n",
305
+ " evidence=result.get('evidence', []),\n",
306
+ " risk_level=result.get('risk_level', 'medium'),\n",
307
+ " recommended_follow_up=result.get('recommended_follow_up', [])\n",
308
+ " )\n",
309
+ " except Exception as e:\n",
310
+ " print(f\" ⚠ Gemini error: {e}\")\n",
311
+ " return self._fallback_analyze(threat_data)\n",
312
+ " \n",
313
+ " def _fallback_analyze(self, threat_data: Dict) -> AgentDecision:\n",
314
+ " \"\"\"Rule-based fallback when Gemini unavailable\"\"\"\n",
315
+ " risk_score = threat_data.get('risk_score', 0.5)\n",
316
+ " indicators = threat_data.get('indicators', [])\n",
317
+ " \n",
318
+ " # Determine action based on risk score\n",
319
+ " if risk_score >= 0.8:\n",
320
+ " action = 'block'\n",
321
+ " risk_level = 'critical'\n",
322
+ " elif risk_score >= 0.6:\n",
323
+ " action = 'alert'\n",
324
+ " risk_level = 'high'\n",
325
+ " elif risk_score >= 0.4:\n",
326
+ " action = 'monitor'\n",
327
+ " risk_level = 'medium'\n",
328
+ " else:\n",
329
+ " action = 'allow'\n",
330
+ " risk_level = 'low'\n",
331
+ " \n",
332
+ " return AgentDecision(\n",
333
+ " action=action,\n",
334
+ " confidence=risk_score,\n",
335
+ " reasoning=f\"Risk score: {risk_score:.2f}. Indicators found: {len(indicators)}\",\n",
336
+ " evidence=[str(i) for i in indicators[:3]],\n",
337
+ " risk_level=risk_level,\n",
338
+ " recommended_follow_up=['Continue monitoring', 'Review threat logs']\n",
339
+ " )\n",
340
+ "\n",
341
+ "reasoning_engine = GeminiReasoningEngine()\n",
342
+ "print(\"βœ“ Gemini Reasoning Engine initialized\")"
343
+ ]
344
+ },
345
+ {
346
+ "cell_type": "markdown",
347
+ "id": "a5f5a0a7",
348
+ "metadata": {},
349
+ "source": [
350
+ "## 4. Task Queue Manager"
351
+ ]
352
+ },
353
+ {
354
+ "cell_type": "code",
355
+ "execution_count": null,
356
+ "id": "1f9ba4fe",
357
+ "metadata": {},
358
+ "outputs": [],
359
+ "source": [
360
+ "import uuid\n",
361
+ "from collections import deque\n",
362
+ "\n",
363
+ "class AgentTaskQueue:\n",
364
+ " \"\"\"\n",
365
+ " Manages agent task queue for autonomous operation.\n",
366
+ " Supports priority-based execution and task lifecycle.\n",
367
+ " \"\"\"\n",
368
+ " \n",
369
+ " def __init__(self, max_concurrent: int = 5):\n",
370
+ " self.pending = deque()\n",
371
+ " self.active = []\n",
372
+ " self.completed = []\n",
373
+ " self.failed = []\n",
374
+ " self.max_concurrent = max_concurrent\n",
375
+ " \n",
376
+ " def add_task(self, task_type: str, target: str, context: Dict,\n",
377
+ " priority: TaskPriority = TaskPriority.MEDIUM) -> AgentTask:\n",
378
+ " \"\"\"Add a new task to the queue\"\"\"\n",
379
+ " task = AgentTask(\n",
380
+ " task_id=str(uuid.uuid4())[:8],\n",
381
+ " task_type=task_type,\n",
382
+ " priority=priority.value,\n",
383
+ " target=target,\n",
384
+ " context=context,\n",
385
+ " created_at=time.time()\n",
386
+ " )\n",
387
+ " \n",
388
+ " self.pending.append(task)\n",
389
+ " self._reorder_queue()\n",
390
+ " \n",
391
+ " return task\n",
392
+ " \n",
393
+ " def _reorder_queue(self):\n",
394
+ " \"\"\"Reorder queue by priority\"\"\"\n",
395
+ " self.pending = deque(sorted(self.pending, \n",
396
+ " key=lambda t: (t.priority, -t.created_at),\n",
397
+ " reverse=True))\n",
398
+ " \n",
399
+ " def get_next_task(self) -> Optional[AgentTask]:\n",
400
+ " \"\"\"Get next task to execute\"\"\"\n",
401
+ " if len(self.active) >= self.max_concurrent:\n",
402
+ " return None\n",
403
+ " \n",
404
+ " if self.pending:\n",
405
+ " task = self.pending.popleft()\n",
406
+ " task.status = 'active'\n",
407
+ " self.active.append(task)\n",
408
+ " return task\n",
409
+ " \n",
410
+ " return None\n",
411
+ " \n",
412
+ " def complete_task(self, task_id: str, result: Dict, success: bool = True):\n",
413
+ " \"\"\"Mark task as completed\"\"\"\n",
414
+ " for i, task in enumerate(self.active):\n",
415
+ " if task.task_id == task_id:\n",
416
+ " task.status = 'completed' if success else 'failed'\n",
417
+ " task.result = result\n",
418
+ " \n",
419
+ " if success:\n",
420
+ " self.completed.append(task)\n",
421
+ " else:\n",
422
+ " self.failed.append(task)\n",
423
+ " \n",
424
+ " del self.active[i]\n",
425
+ " return\n",
426
+ " \n",
427
+ " def get_stats(self) -> Dict:\n",
428
+ " \"\"\"Get queue statistics\"\"\"\n",
429
+ " return {\n",
430
+ " 'pending': len(self.pending),\n",
431
+ " 'active': len(self.active),\n",
432
+ " 'completed': len(self.completed),\n",
433
+ " 'failed': len(self.failed),\n",
434
+ " 'total': len(self.pending) + len(self.active) + len(self.completed) + len(self.failed)\n",
435
+ " }\n",
436
+ "\n",
437
+ "task_queue = AgentTaskQueue()\n",
438
+ "print(\"βœ“ Task Queue Manager initialized\")"
439
+ ]
440
+ },
441
+ {
442
+ "cell_type": "markdown",
443
+ "id": "1a56cbf3",
444
+ "metadata": {},
445
+ "source": [
446
+ "## 5. Autonomous Agent Orchestrator"
447
+ ]
448
+ },
449
+ {
450
+ "cell_type": "code",
451
+ "execution_count": null,
452
+ "id": "3a79fff8",
453
+ "metadata": {},
454
+ "outputs": [],
455
+ "source": [
456
+ "class CyberForgeAgent:\n",
457
+ " \"\"\"\n",
458
+ " Main autonomous agent for CyberForge.\n",
459
+ " Orchestrates threat detection, analysis, and response.\n",
460
+ " \"\"\"\n",
461
+ " \n",
462
+ " def __init__(self):\n",
463
+ " self.scoring_engine = DecisionScoringEngine()\n",
464
+ " self.reasoning_engine = GeminiReasoningEngine()\n",
465
+ " self.task_queue = AgentTaskQueue()\n",
466
+ " self.action_history = []\n",
467
+ " \n",
468
+ " def analyze_website(self, url: str, scraped_data: Dict) -> AgentDecision:\n",
469
+ " \"\"\"Analyze a website for threats\"\"\"\n",
470
+ " # Extract indicators\n",
471
+ " indicators = self._extract_indicators(scraped_data)\n",
472
+ " \n",
473
+ " # Calculate threat score\n",
474
+ " score, risk_level = self.scoring_engine.calculate_threat_score(indicators)\n",
475
+ " \n",
476
+ " # Get AI reasoning\n",
477
+ " threat_data = {\n",
478
+ " 'url': url,\n",
479
+ " 'risk_score': score,\n",
480
+ " 'indicators': indicators,\n",
481
+ " 'security_report': scraped_data.get('security_report', {})\n",
482
+ " }\n",
483
+ " \n",
484
+ " decision = self.reasoning_engine.analyze_threat(threat_data)\n",
485
+ " \n",
486
+ " # Log decision\n",
487
+ " self._log_action(url, decision)\n",
488
+ " \n",
489
+ " return decision\n",
490
+ " \n",
491
+ " def _extract_indicators(self, data: Dict) -> List[Dict]:\n",
492
+ " \"\"\"Extract threat indicators from scraped data\"\"\"\n",
493
+ " indicators = []\n",
494
+ " \n",
495
+ " # Check security report\n",
496
+ " security = data.get('security_report', {})\n",
497
+ " if not security.get('is_https', True):\n",
498
+ " indicators.append({\n",
499
+ " 'type': 'insecure_protocol',\n",
500
+ " 'severity': 'medium',\n",
501
+ " 'confidence': 0.9,\n",
502
+ " 'evidence_type': 'signature_match'\n",
503
+ " })\n",
504
+ " \n",
505
+ " if security.get('mixed_content', False):\n",
506
+ " indicators.append({\n",
507
+ " 'type': 'mixed_content',\n",
508
+ " 'severity': 'medium',\n",
509
+ " 'confidence': 0.85,\n",
510
+ " 'evidence_type': 'signature_match'\n",
511
+ " })\n",
512
+ " \n",
513
+ " # Check console errors\n",
514
+ " console_logs = data.get('console_logs', [])\n",
515
+ " errors = [log for log in console_logs if log.get('level') == 'error']\n",
516
+ " if len(errors) > 5:\n",
517
+ " indicators.append({\n",
518
+ " 'type': 'excessive_errors',\n",
519
+ " 'severity': 'low',\n",
520
+ " 'confidence': 0.6,\n",
521
+ " 'evidence_type': 'behavioral_pattern'\n",
522
+ " })\n",
523
+ " \n",
524
+ " # Check for suspicious network requests\n",
525
+ " requests = data.get('network_requests', [])\n",
526
+ " suspicious_domains = ['malware', 'phishing', 'hack', 'tracker']\n",
527
+ " for req in requests:\n",
528
+ " url = req.get('url', '').lower()\n",
529
+ " if any(s in url for s in suspicious_domains):\n",
530
+ " indicators.append({\n",
531
+ " 'type': 'suspicious_request',\n",
532
+ " 'severity': 'high',\n",
533
+ " 'confidence': 0.75,\n",
534
+ " 'evidence_type': 'signature_match',\n",
535
+ " 'details': url[:100]\n",
536
+ " })\n",
537
+ " \n",
538
+ " return indicators\n",
539
+ " \n",
540
+ " def _log_action(self, target: str, decision: AgentDecision):\n",
541
+ " \"\"\"Log agent action for audit trail\"\"\"\n",
542
+ " self.action_history.append({\n",
543
+ " 'timestamp': time.time(),\n",
544
+ " 'target': target,\n",
545
+ " 'action': decision.action,\n",
546
+ " 'confidence': decision.confidence,\n",
547
+ " 'risk_level': decision.risk_level\n",
548
+ " })\n",
549
+ " \n",
550
+ " def get_action_summary(self) -> Dict:\n",
551
+ " \"\"\"Get summary of agent actions\"\"\"\n",
552
+ " if not self.action_history:\n",
553
+ " return {'total_actions': 0}\n",
554
+ " \n",
555
+ " actions = [a['action'] for a in self.action_history]\n",
556
+ " return {\n",
557
+ " 'total_actions': len(self.action_history),\n",
558
+ " 'action_counts': {a: actions.count(a) for a in set(actions)},\n",
559
+ " 'avg_confidence': np.mean([a['confidence'] for a in self.action_history])\n",
560
+ " }\n",
561
+ "\n",
562
+ "agent = CyberForgeAgent()\n",
563
+ "print(\"βœ“ CyberForge Agent initialized\")"
564
+ ]
565
+ },
566
+ {
567
+ "cell_type": "markdown",
568
+ "id": "7b7ad27d",
569
+ "metadata": {},
570
+ "source": [
571
+ "## 6. Test Agent Decision Making"
572
+ ]
573
+ },
574
+ {
575
+ "cell_type": "code",
576
+ "execution_count": null,
577
+ "id": "a377b332",
578
+ "metadata": {},
579
+ "outputs": [],
580
+ "source": [
581
+ "# Test with sample threat data\n",
582
+ "test_data = {\n",
583
+ " 'url': 'https://suspicious-login.example.com/verify',\n",
584
+ " 'security_report': {\n",
585
+ " 'is_https': True,\n",
586
+ " 'mixed_content': True,\n",
587
+ " 'insecure_cookies': True\n",
588
+ " },\n",
589
+ " 'console_logs': [\n",
590
+ " {'level': 'error', 'message': 'CORS policy violation'},\n",
591
+ " {'level': 'error', 'message': 'Failed to load resource'},\n",
592
+ " ],\n",
593
+ " 'network_requests': [\n",
594
+ " {'url': 'https://tracker.malicious.com/collect', 'type': 'xhr'},\n",
595
+ " {'url': 'https://cdn.example.com/app.js', 'type': 'script'}\n",
596
+ " ]\n",
597
+ "}\n",
598
+ "\n",
599
+ "print(\"Testing agent analysis...\\n\")\n",
600
+ "decision = agent.analyze_website(test_data['url'], test_data)\n",
601
+ "\n",
602
+ "print(f\"Decision: {decision.action}\")\n",
603
+ "print(f\"Confidence: {decision.confidence:.2%}\")\n",
604
+ "print(f\"Risk Level: {decision.risk_level}\")\n",
605
+ "print(f\"\\nReasoning: {decision.reasoning}\")\n",
606
+ "print(f\"\\nEvidence:\")\n",
607
+ "for e in decision.evidence[:3]:\n",
608
+ " print(f\" - {e}\")\n",
609
+ "print(f\"\\nRecommended Follow-up:\")\n",
610
+ "for r in decision.recommended_follow_up[:3]:\n",
611
+ " print(f\" - {r}\")"
612
+ ]
613
+ },
614
+ {
615
+ "cell_type": "markdown",
616
+ "id": "e68ef74b",
617
+ "metadata": {},
618
+ "source": [
619
+ "## 7. Save Agent Configuration"
620
+ ]
621
+ },
622
+ {
623
+ "cell_type": "code",
624
+ "execution_count": null,
625
+ "id": "cde8619f",
626
+ "metadata": {},
627
+ "outputs": [],
628
+ "source": [
629
+ "# Save agent configuration and modules\n",
630
+ "agent_config = {\n",
631
+ " 'version': '1.0.0',\n",
632
+ " 'confidence_threshold': 0.7,\n",
633
+ " 'max_concurrent_tasks': 5,\n",
634
+ " 'severity_weights': DecisionScoringEngine.SEVERITY_WEIGHTS,\n",
635
+ " 'evidence_weights': DecisionScoringEngine.EVIDENCE_WEIGHTS,\n",
636
+ " 'task_priorities': {p.name: p.value for p in TaskPriority},\n",
637
+ " 'gemini_model': 'gemini-2.0-flash'\n",
638
+ "}\n",
639
+ "\n",
640
+ "config_path = AGENT_DIR / \"agent_config.json\"\n",
641
+ "with open(config_path, 'w') as f:\n",
642
+ " json.dump(agent_config, f, indent=2)\n",
643
+ "\n",
644
+ "print(f\"βœ“ Agent config saved to: {config_path}\")"
645
+ ]
646
+ },
647
+ {
648
+ "cell_type": "code",
649
+ "execution_count": null,
650
+ "id": "43b960cd",
651
+ "metadata": {},
652
+ "outputs": [],
653
+ "source": [
654
+ "# Save agent module for backend import\n",
655
+ "agent_module = '''\n",
656
+ "\"\"\"CyberForge Agent Intelligence Module\"\"\"\n",
657
+ "\n",
658
+ "import json\n",
659
+ "import time\n",
660
+ "import numpy as np\n",
661
+ "from pathlib import Path\n",
662
+ "from dataclasses import dataclass, asdict\n",
663
+ "from typing import Dict, List, Any, Optional\n",
664
+ "\n",
665
+ "@dataclass\n",
666
+ "class AgentDecision:\n",
667
+ " action: str\n",
668
+ " confidence: float\n",
669
+ " reasoning: str\n",
670
+ " evidence: List[str]\n",
671
+ " risk_level: str\n",
672
+ " recommended_follow_up: List[str]\n",
673
+ " \n",
674
+ " def to_dict(self):\n",
675
+ " return asdict(self)\n",
676
+ "\n",
677
+ "class DecisionEngine:\n",
678
+ " SEVERITY_WEIGHTS = {\"critical\": 1.0, \"high\": 0.8, \"medium\": 0.5, \"low\": 0.3, \"info\": 0.1}\n",
679
+ " \n",
680
+ " def calculate_threat_score(self, indicators: List[Dict]) -> tuple:\n",
681
+ " if not indicators:\n",
682
+ " return 0.0, \"low\"\n",
683
+ " scores = [i.get(\"confidence\", 0.5) * self.SEVERITY_WEIGHTS.get(i.get(\"severity\", \"low\"), 0.3) \n",
684
+ " for i in indicators]\n",
685
+ " score = sum(scores) / len(scores) if scores else 0\n",
686
+ " risk = \"critical\" if score >= 0.8 else \"high\" if score >= 0.6 else \"medium\" if score >= 0.4 else \"low\"\n",
687
+ " return score, risk\n",
688
+ "\n",
689
+ "class CyberForgeAgent:\n",
690
+ " def __init__(self):\n",
691
+ " self.engine = DecisionEngine()\n",
692
+ " \n",
693
+ " def analyze(self, url: str, data: Dict) -> Dict:\n",
694
+ " indicators = self._extract_indicators(data)\n",
695
+ " score, risk = self.engine.calculate_threat_score(indicators)\n",
696
+ " action = \"block\" if score >= 0.8 else \"alert\" if score >= 0.6 else \"monitor\" if score >= 0.4 else \"allow\"\n",
697
+ " \n",
698
+ " return AgentDecision(\n",
699
+ " action=action,\n",
700
+ " confidence=score,\n",
701
+ " reasoning=f\"Threat score: {score:.2f}. {len(indicators)} indicators found.\",\n",
702
+ " evidence=[str(i) for i in indicators[:3]],\n",
703
+ " risk_level=risk,\n",
704
+ " recommended_follow_up=[\"Continue monitoring\"]\n",
705
+ " ).to_dict()\n",
706
+ " \n",
707
+ " def _extract_indicators(self, data: Dict) -> List[Dict]:\n",
708
+ " indicators = []\n",
709
+ " sec = data.get(\"security_report\", {})\n",
710
+ " if not sec.get(\"is_https\", True):\n",
711
+ " indicators.append({\"type\": \"insecure\", \"severity\": \"medium\", \"confidence\": 0.9})\n",
712
+ " if sec.get(\"mixed_content\"):\n",
713
+ " indicators.append({\"type\": \"mixed_content\", \"severity\": \"medium\", \"confidence\": 0.85})\n",
714
+ " return indicators\n",
715
+ "'''\n",
716
+ "\n",
717
+ "module_path = AGENT_DIR / \"cyberforge_agent.py\"\n",
718
+ "with open(module_path, 'w') as f:\n",
719
+ " f.write(agent_module)\n",
720
+ "\n",
721
+ "print(f\"βœ“ Agent module saved to: {module_path}\")"
722
+ ]
723
+ },
724
+ {
725
+ "cell_type": "markdown",
726
+ "id": "31978536",
727
+ "metadata": {},
728
+ "source": [
729
+ "## 8. Summary"
730
+ ]
731
+ },
732
+ {
733
+ "cell_type": "code",
734
+ "execution_count": null,
735
+ "id": "d6e9505c",
736
+ "metadata": {},
737
+ "outputs": [],
738
+ "source": [
739
+ "print(\"\\n\" + \"=\" * 60)\n",
740
+ "print(\"AGENT INTELLIGENCE COMPLETE\")\n",
741
+ "print(\"=\" * 60)\n",
742
+ "\n",
743
+ "print(f\"\"\"\n",
744
+ "πŸ€– Agent Capabilities:\n",
745
+ " - Decision Scoring: Weighted threat assessment\n",
746
+ " - Gemini Integration: AI-powered reasoning\n",
747
+ " - Task Queue: Priority-based execution\n",
748
+ " - Action History: Full audit trail\n",
749
+ "\n",
750
+ "πŸ“Š Test Results:\n",
751
+ " - Action: {decision.action}\n",
752
+ " - Confidence: {decision.confidence:.2%}\n",
753
+ " - Risk Level: {decision.risk_level}\n",
754
+ "\n",
755
+ "πŸ“ Output Files:\n",
756
+ " - Config: {AGENT_DIR}/agent_config.json\n",
757
+ " - Module: {AGENT_DIR}/cyberforge_agent.py\n",
758
+ "\n",
759
+ "Next step:\n",
760
+ " β†’ 05_model_validation.ipynb\n",
761
+ "\"\"\")\n",
762
+ "print(\"=\" * 60)"
763
+ ]
764
+ }
765
+ ],
766
+ "metadata": {
767
+ "language_info": {
768
+ "name": "python"
769
+ }
770
+ },
771
+ "nbformat": 4,
772
+ "nbformat_minor": 5
773
+ }