NANOMIND-SPEC v2.0

Embedded AI intelligence
for security tools

Open protocol for adding intent classification, behavioral anomaly detection, and federated learning to any CLI or runtime security system.

npm install @nanomind/engine @nanomind/router @nanomind/guard
View SpecPackages

CLI Intelligence

16 intent types classify natural language into security commands. Cross-product routing maps user requests to the right tool, regardless of which CLI they are using.

local-fast: <5ms | local-full: <50ms

Runtime Protection

Behavioral anomaly detection monitors agent actions in real time. Five-tier response system escalates from allow to kill based on deviation score.

Sub-2ms inference latency

Federated Learning

Endpoints submit differentially-private gradient updates. Raw behavioral data never leaves the endpoint. Global model improves from fleet-wide patterns without exposing individual sessions.

Differential privacy: epsilon=1.0, delta=1e-5

Intent Classification

Route natural language to one of 16 security intent types. Each classification includes the compute tier and confidence score.

intent-routing.ts
import { NanoMindRouter } from '@nanomind/router';

const router = new NanoMindRouter();

// Classify natural language into one of 16 intent types
const result = router.classify("scan this repo for leaked credentials");
// => { intent: "SECRETS_EXPOSE", tier: "local-fast", confidence: 0.94 }

const result2 = router.classify("explain why this dependency is untrusted");
// => { intent: "EXPLAIN", tier: "local-full", confidence: 0.91 }

const result3 = router.classify("what is the trust level of lodash?");
// => { intent: "TRUST_QUERY", tier: "local-fast", confidence: 0.97 }

Runtime Anomaly Detection

Monitor agent behavior in real time. Anomaly scores trigger graduated responses from logging to termination.

runtime-protection.ts
import { NanoMindRuntime } from '@nanomind/runtime';

const runtime = new NanoMindRuntime({ agentId: "agent-007" });

// Subscribe to behavioral anomalies (sub-2ms inference)
runtime.onAnomalyDetected((score, action) => {
  // score: 0.0 (normal) to 1.0 (kill)
  // action: "allow" | "alert" | "throttle" | "suspend" | "kill"
  console.log(`Anomaly score: ${score}, action: ${action}`);
});