Home Dashboard GitHub

Security

Security policy engine, anomaly detection, and baseline management

Security API

Runtime security policy management and anomaly detection.

Security Status

curl -H "Authorization: Bearer br_live_..." \
  https://api.brainstormrouter.com/v1/security/status

Response

{
  "policy": {
    "version": "none",
    "ruleCount": 0,
    "mode": "off"
  },
  "anomaly": {
    "metricsTracked": 0,
    "recentAlerts": 0,
    "scope": "process-local"
  }
}

Policy Management

Get Policies

Returns the current security policy ruleset. Returns { "ruleset": null } when no policies are configured.

Update Policies

Request Body

{
  "version": 1,
  "rules": [
    {
      "id": "block-sql-injection",
      "description": "Block SQL injection patterns in tool arguments",
      "action": "deny",
      "conditions": [
        { "field": "tool.arguments", "op": "matches", "value": "DROP TABLE|DELETE FROM" }
      ],
      "priority": 100,
      "enabled": true
    }
  ]
}

Response

{
  "ruleset": { "version": 1, "rules": [...] },
  "version": 4,
  "status": "updated"
}

Test Policy

POST /v1/security/policies/test

Test a context object against the current policy ruleset without affecting live traffic.

Request Body

{
  "context": {
    "tool.name": "execute_sql",
    "tool.arguments": "SELECT * FROM users",
    "agent.role": "developer",
    "action": "tool_call"
  }
}

Response

{
  "decision": "allow",
  "evaluatedCount": 3,
  "matchedRule": null
}

Policy Presets

GET /v1/security/policies/presets

Returns the L3 baseline policy pack with recommended rules for production deployments.

Response

{
  "presets": {
    "l3-baseline": { ... }
  }
}

Anomaly Detection

Recent Anomalies

Returns recent anomaly alerts from the adaptive 3-sigma threshold detector.

Response

{
  "alerts": [
    {
      "entityType": "api_key",
      "entityId": "key-123",
      "metric": "cost_usd",
      "currentValue": 12.5,
      "threshold": 5.0,
      "mean": 2.1,
      "stdDev": 0.97,
      "sigma": 3,
      "timestamp": "2026-03-10T14:30:00Z"
    }
  ],
  "node": "process-local"
}

Export Baselines

GET /v1/security/anomalies/baselines

Export the current anomaly detector state for backup or migration.

Response

{
  "baselines": { ... },
  "node": "process-local"
}

Import Baselines

POST /v1/security/anomalies/baselines

Import previously exported anomaly detector state.

Response

{
  "imported": 5
}

Per-Entity Stats

GET /v1/security/anomalies/stats/:entityType/:entityId/:metric

Get rolling-window statistics for a specific entity and metric.

Response

{
  "stats": {
    "count": 100,
    "mean": 2.1,
    "stdDev": 0.97,
    "min": 0.01,
    "max": 12.5
  }
}