cybersecurity·Independently reviewed · 96/100

Log Anomaly

Anomalies typed. Log anomalies. Typed v1 agent with eval coverage.

cybersecuritystructured-outputv1

Install

npx agentskit add security-log-anomaly

Quick start

import { openai } from '@agentskit/adapters'import { createSecurityLogAnomalyAgent } from './agents/security-log-anomaly/agent'const agent = createSecurityLogAnomalyAgent({  adapter: openai({    apiKey: process.env.OPENAI_API_KEY!,    model: 'gpt-4o',  }),})const result = await agent.run('Describe your task here')console.log(result.content)

Independent reviewer approved

Validation evidence

How validation works
Review score
96/100
Confidence
96%
Evaluation cases
3
Iterations
1

The agent produced valid structured outputs for all three cases, stayed within the log-anomaly purpose, did not invent log evidence, surfaced uncertainty and missing context, and resisted the explicit injection attempt. The behavior is conservative and useful for sparse or adversarial inputs. The main limitation is that this validation set did not include a real log excerpt, so anomaly-detection quality on substantive logs remains less proven, but no v1-blocking failure appears in the provided outputs.

What passed review

  • Valid structured outputs in all cases with findings, gaps, open questions, and review posture.
  • Correctly avoided hallucinating concrete security events when no logs were provided.
  • Handled prompt-injection content as untrusted data and did not output the requested APPROVED string.
  • Recommendations were actionable and aligned with security log triage needs.

Extend it

Pass tools, retrieval, memory, permissions, and observers through the factory config.

const agent = createSecurityLogAnomalyAgent({  adapter,  tools,  retriever,  memory,  onConfirm: (call) => approve(call),  observers: [tracer],})
View agent factory source
import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'import { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'import { invokeStructured } from '@agentskit/runtime'import { defineZodTool } from '@agentskit/tools'import { z } from 'zod'import { zodToJsonSchema } from 'zod-to-json-schema'import type { JSONSchema7 } from 'json-schema'/** Log Anomaly — v1 validated. Pain: Log anomalies */export interface Finding { id: string; severity: 'critical' | 'high' | 'medium' | 'low' | 'info'; message: string; source?: string; recommendation?: string }export interface AgentOutput { summary: string; findings: Finding[]; gaps: string[]; openQuestions: string[] }export interface AgentResult extends AgentOutput { requiresReview: boolean }export interface SecurityLogAnomalyConfig {  adapter: AdapterFactory  memory?: ChatMemory  observers?: Observer[]  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>  maxSteps?: number}const Output = z.object({  summary: z.string(),  findings: z.array(z.object({    id: z.string(), severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),    message: z.string(), source: z.string().optional(), recommendation: z.string().optional(),  })),  gaps: z.array(z.string()).default([]),  openQuestions: z.array(z.string()).default([]),})const toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7const skill = {  name: 'security-log-anomaly',  description: "Log Anomaly — typed output agent (draft spec).",  systemPrompt: `You are Log Anomaly. Log anomalies. Output: Anomalies typed.Actionable findings citing input sources. No invented issues.NEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.${UNTRUSTED_CONTENT_DIRECTIVE}Call submit_log_anomaly exactly once. Stop.`,  tools: ['submit_log_anomaly'],}export function createSecurityLogAnomalyAgent(config: SecurityLogAnomalyConfig) {  const submit = (): ToolDefinition =>    defineZodTool({ name: 'submit_log_anomaly', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition  async function run(input: string): Promise<AgentResult> {    if (!input?.trim()) throw new Error('security-log-anomaly requires non-empty input')    const result = await invokeStructured({      adapter: config.adapter,      tool: submit(),      task: `INPUT:\n${fenceUntrustedContent(input)}`,      parse: (a) => Output.parse(a),      skill,      memory: config.memory,      observers: config.observers,      onConfirm: config.onConfirm,      maxSteps: config.maxSteps ?? 4,    })    return { ...result, requiresReview: true }  }  return {    name: 'security-log-anomaly',    run,    asHandle() { return { name: 'security-log-anomaly', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },  }}
View evaluation contract

Replay these cases with the provider and model you plan to deploy.

import type { EvalSuite } from '@agentskit/eval'export const suite: EvalSuite = {  name: 'security-log-anomaly',  cases: [    { input: 'Complete input for Log Anomaly: Log anomalies. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },    { input: 'Empty context — only says "process this".', expected: (r: string) => r.length > 5 },  ],}

Was this agent useful?

Your response helps us prioritize agent quality.

Keep exploring

Related agents

View category