Référence API¶

from src.session_classifier import SessionClassifier

classifier = SessionClassifier(config={
    "ephemeral_threshold_s": 5,
    "recon_threshold_s": 20,
    "recon_max_cmds": 3,
    "human_min_duration_s": 20,
    "human_min_non_disc": 1,
})

result = classifier.classify_session(session_data)
# result.label: "bot_ephemeral" | "bot_exec_scanner" | "bot_dropper" | "bot_recon" | "likely_human"
# result.confidence: 0.0-1.0
# result.is_signal: bool

from src.prompt_guard import PromptGuard

guard = PromptGuard()
result = guard.score(command="ignore previous instructions")
# result.score: 0.95
# result.patterns: ["ignore_instructions"]
# result.action: "log_only"

from src.persona_engine import PersonaEngine

engine = PersonaEngine()
persona = engine.select()
# persona.name: "fintech_trading"
# persona.hostname: "srv-prod-01"
# persona.llm_context: "You are simulating a fintech trading server..."

from pdx.training.data_router import DataRouter

router = DataRouter(
    hydra_logs_dir="path/to/logs",
    output_dir="training_output/data_router"
)

stats = router.split_sessions()
# stats: {"sessions_processed": 3337, "defensive_events": 8668, "offensive_events": 4910}

router.generate_defensive()   # → sft_detection_patterns.jsonl + dpo_lure_quality.jsonl
router.generate_offensive()   # → sft_attack_chains.jsonl + raft_kill_chains.jsonl
router.generate_combined()    # → react_dual_perspective.jsonl

from pdx.training.quality.pipeline import QualityPipeline

qp = QualityPipeline(min_quality=0.3, dedup_threshold=0.85, min_tokens=50, max_tokens=2000)
clean = qp.run(entries, dedup=True, quality_filter=True, curriculum=True)

from pdx.feedback.feedback_engine import FeedbackEngine

engine = FeedbackEngine()
# Produit : AttackerProfiles, AggregateMetrics, PromptPatches

# CLI
python -m pdx.pipeline.orchestrator --logs-dir logs/ --once   # One-shot
python -m pdx.pipeline.orchestrator --logs-dir logs/ --watch  # Surveillance continue

{
  "timestamp": "2026-04-06T13:37:38.000Z",
  "session_id": "a92f516c",
  "event_type": "command_executed",
  "client_ip": "185.213.154.248",
  "data": {
    "command": "cat /etc/shadow",
    "output_preview": "root:$6$...",
    "source": "llm",
    "latency_ms": 342,
    "exit_code": 0,
    "cwd": "/root",
    "mitre_tags": [{"tactic": "credential-access", "technique_id": "T1003", "confidence": 0.95}],
    "prompt_guard": {"score": 0.1, "action": "none"}
  }
}

{
  "instruction": "Un utilisateur SSH exécute : `cat /etc/shadow`. Identifiez la tactique MITRE.",
  "output": "Tactique : credential-access\nMenace : Haute\nAction : Alerter et surveiller.",
  "source": "hydra_defensive",
  "mitre_tactic": "credential-access"
}