Spaces:

AvinashAnalytics
/

sentinel-scam-honeypo

Paused

App Files Files Community

avinash-rai commited on Feb 5

Commit

deeaf96

1 Parent(s): 84ae2d0

Clean agentNotes: human-readable format per GUVI spec Section 12

Browse files

Files changed (1) hide show

app/utils/guvi_handler.py +61 -28

app/utils/guvi_handler.py CHANGED Viewed

@@ -342,36 +342,69 @@ class GUVIHandler:
             if agg_intel.get("is_synthetic"):
                 ethics_note = " [NOTE: Synthetic identifiers injected for sandbox visibility]"
-            # [SCORING] Include orchestrator-level summary
-            orch_summary = result.get("agent_notes", "")
-            if orch_summary:
-                orch_summary = f" | Summary: {orch_summary}"
-            agent_notes = (
-                f"[{result.get('threat_level', 'LOW')} RISK] {scam_type.upper()} attempt detected. "
-                f"Tactics identified: {', '.join(tactics[:3])}. "
-                f"Intelligence: {'Captured ' + str(len(guvi_intel.upiIds)) + ' identifiers' if guvi_intel.upiIds else 'Awaiting identifiers'}."
-                f" [AGITATION: {current_agitation}]{ethics_note}{orch_summary}"
-                f"{reasoning_snippet}"
-                f" | INTEL_COUNT: UPI={len(guvi_intel.upiIds)}, PHONES={len(guvi_intel.phoneNumbers)}, URLS={len(guvi_intel.phishingLinks)}"
-                f" | ENGAGEMENT_DEPTH: {total_messages // 2} turns"
-            )
-            # [SCORING BOOST] Add visible extracted data for judges
             if guvi_intel.upiIds:
-                agent_notes += f" | EXTR: {', '.join(guvi_intel.upiIds[:1])}..."
-            try:
-                # [PERFORMANCE] Telemetry Latency Guard
-                # Only run forensic lookup if Risk is HIGH or scams are clearly detected
-                if (result.get("threat_level") == "HIGH" or result.get("is_scam")) and telemetry_collector:
-                    client_ip = result.get("analysis", {}).get("client_ip", "Unknown")
-                    forensics = telemetry_collector.tracked_ips.get(client_ip, {}).get("forensics")
-                    if forensics:
-                        fid = telemetry_collector.tracked_ips.get(client_ip, {}).get("fingerprint_id", "N/A")
-                        agent_notes += f"[FORENSIC ID: {fid}] TZ: {forensics.get('timezone')}. "
-            except ImportError:
-                 pass # Telemetry optional for crash safety
             # Evaluation Flags
             is_scam = result.get("is_scam", False)

             if agg_intel.get("is_synthetic"):
                 ethics_note = " [NOTE: Synthetic identifiers injected for sandbox visibility]"
+            # [SCORING] Build CLEAN human-readable agentNotes (per GUVI spec Section 12)
+            # Example: "Scammer used urgency tactics and payment redirection"
+            # Map tactics to readable descriptions
+            tactic_descriptions = {
+                "urgency": "urgency pressure",
+                "authority": "authority impersonation",
+                "fear": "fear tactics",
+                "greed": "fake reward promises",
+                "social_proof": "social proof manipulation",
+                "reciprocity": "reciprocity manipulation",
+                "scarcity": "scarcity pressure",
+                "time_pressure": "time-based coercion",
+                "identity_theft": "identity theft attempt",
+                "phishing": "phishing attempt",
+                "credential_harvesting": "credential harvesting"
+            }
+            # Build readable tactics list
+            readable_tactics = []
+            for t in tactics[:3]:
+                readable_tactics.append(tactic_descriptions.get(t.lower(), t.replace("_", " ")))
+            # Determine primary scam vector
+            scam_vectors = []
             if guvi_intel.upiIds:
+                scam_vectors.append("UPI payment redirect")
+            if guvi_intel.bankAccounts:
+                scam_vectors.append("bank account harvesting")
+            if guvi_intel.phishingLinks:
+                scam_vectors.append("phishing link distribution")
+            if guvi_intel.phoneNumbers:
+                scam_vectors.append("phone number collection")
+            if any(k in ["OTP", "otp"] for k in guvi_intel.suspiciousKeywords):
+                scam_vectors.append("OTP theft attempt")
+            # Build clean agent notes
+            tactics_str = " and ".join(readable_tactics) if readable_tactics else "social engineering"
+            vectors_str = " and ".join(scam_vectors[:2]) if scam_vectors else "credential extraction"
+            agent_notes = f"Scammer used {tactics_str}. Detected {vectors_str}."
+            # Add intel summary if available
+            intel_items = []
+            if guvi_intel.upiIds:
+                intel_items.append(f"{len(guvi_intel.upiIds)} UPI ID(s)")
+            if guvi_intel.bankAccounts:
+                intel_items.append(f"{len(guvi_intel.bankAccounts)} bank account(s)")
+            if guvi_intel.phoneNumbers:
+                intel_items.append(f"{len(guvi_intel.phoneNumbers)} phone number(s)")
+            if guvi_intel.phishingLinks:
+                intel_items.append(f"{len(guvi_intel.phishingLinks)} phishing link(s)")
+            if intel_items:
+                agent_notes += f" Extracted: {', '.join(intel_items)}."
+            # Add engagement depth
+            turns = total_messages // 2
+            if turns >= 5:
+                agent_notes += f" Successfully engaged for {turns} turns."
+            # Add ethics note if applicable
+            agent_notes += ethics_note
             # Evaluation Flags
             is_scam = result.get("is_scam", False)