<a href="https://colab.research.google.com/github/Abumaude/AI-Foolosophy/blob/main/AI_AGENTS_lab_8_(1).ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Agents and their Types

**An agent** is a system or program that can autonomously perform tasks on behalf of a user or another system. These agents interact with their environment, collect data, and use this data to make decisions and take actions to achieve specific goals.

**AI agents can vary in complexity and functionality. Here are some key characteristics:**


- **Autonomy**: They operate without human intervention, making decisions based on their programming and the data they collect.

- **Perception**: They use sensors or data inputs to perceive their environment.

- **Action**: They can take actions to influence their environment, such as moving, speaking, or making decisions.

- **Rationality**: They aim to achieve their goals in the most efficient way possible, often using algorithms to determine the best course of action.





**AI agents** can be categorized into several types based on their capabilities and how they interact with their environment. Here are the main types:



**1- Simple Reflex Agents**: These agents act only based on the current percept, ignoring the rest of the percept history. They follow a set of predefined rules to respond to specific situations. For example, a thermostat that turns on the heater when the temperature drops below a certain point.




In [1]:
# Define a simple reflex agent for a thermostat
class ThermostatAgent:
    def __init__(self, temperature_threshold):
        self.temperature_threshold = temperature_threshold
        self.heater_on = False

    def perceive(self, current_temperature):
        self.current_temperature = current_temperature

    def act(self):
        if self.current_temperature < self.temperature_threshold:
            self.heater_on = True
            print("Heater turned ON")
        else:
            self.heater_on = False
            print("Heater turned OFF")

# Example usage
thermostat = ThermostatAgent(20)  # Threshold temperature is 20 degrees

# Simulate temperature readings
temperatures = [18, 22, 19, 25, 15]

for temp in temperatures:
  thermostat.perceive(temp)
  thermostat.act()

Heater turned ON
Heater turned OFF
Heater turned ON
Heater turned OFF
Heater turned ON


**Task 1: Simple Reflex Agent**:
   - **Description**: Implement a simple reflex agent for a basic environment, such as a vacuum cleaner that cleans a room.
   - **Requirements**: The agent should move around a grid and clean any dirty spots it encounters based on predefined rules.

**2- Model-Based Reflex Agents:** These agents maintain an internal model of the world, which helps them handle more complex situations by considering the history of percepts. They can make decisions based on both current and past information.

In [2]:
# Model-Based Reflex Agents Example (Expanding on the Thermostat)

class ModelBasedThermostatAgent:
    def __init__(self, temperature_threshold, learning_rate=0.1):
        self.temperature_threshold = temperature_threshold
        self.heater_on = False
        self.internal_temperature_model = 20  # Initial temperature guess
        self.learning_rate = learning_rate

    def perceive(self, current_temperature):
        self.current_temperature = current_temperature

    def update_model(self):
        # Simple model update based on current temperature and error
        error = self.current_temperature - self.internal_temperature_model
        self.internal_temperature_model += error * self.learning_rate

    def act(self):
        self.update_model()  # Update the model first

        if self.internal_temperature_model < self.temperature_threshold:
            self.heater_on = True
            print(f"Heater turned ON (Model temp: {self.internal_temperature_model:.2f}, Actual temp: {self.current_temperature})")
        else:
            self.heater_on = False
            print(f"Heater turned OFF (Model temp: {self.internal_temperature_model:.2f}, Actual temp: {self.current_temperature})")


# Example usage
model_thermostat = ModelBasedThermostatAgent(20)

# Simulate temperature readings
temperatures = [18, 22, 19, 25, 15]

for temp in temperatures:
    model_thermostat.perceive(temp)
    model_thermostat.act()

Heater turned ON (Model temp: 19.80, Actual temp: 18)
Heater turned OFF (Model temp: 20.02, Actual temp: 22)
Heater turned ON (Model temp: 19.92, Actual temp: 19)
Heater turned OFF (Model temp: 20.43, Actual temp: 25)
Heater turned ON (Model temp: 19.88, Actual temp: 15)


**Task 2: Model-Based Reflex Agent**:
   - **Description**: Enhance the vacuum cleaner agent to remember which spots it has already cleaned.
   - **Requirements**: The agent should maintain an internal state to avoid re-cleaning the same spot.


**3- Goal-Based Agents**: These agents act to achieve specific goals. They use their internal model to evaluate different actions and choose the one that brings them closer to their goal. For instance, a navigation system that plans a route to a destination.

In [3]:
# Goal-Based Agent Example (Navigation)

class NavigationAgent:
    def __init__(self, destination):
        self.destination = destination
        self.current_location = (0, 0)  # Initial location
        self.map = {  # Simplified map representation
            (0, 0): [(1, 0), (0, 1)],
            (1, 0): [(0, 0), (2, 0)],
            (0, 1): [(0, 0), (0, 2)],
            (2, 0): [(1, 0)],
            (0, 2): [(0,1), (1,2)],
            (1,2): [(0,2), (2,2)],
            (2,2): [(1,2)]
        }

    def perceive(self, current_location):
        self.current_location = current_location

    def plan_route(self):
      # Simple route planning (replace with a better algorithm)
      queue = [(self.current_location, [self.current_location])]
      visited = set()
      while queue:
          current, path = queue.pop(0)
          if current == self.destination:
              return path
          visited.add(current)
          for neighbor in self.map.get(current, []):
              if neighbor not in visited:
                  queue.append((neighbor, path + [neighbor]))
      return None


    def act(self):
        route = self.plan_route()
        if route:
            if len(route) > 1:
                next_location = route[1]
                print(f"Moving from {self.current_location} to {next_location}")
                self.current_location = next_location # Update current location
            else:
                print(f"Arrived at destination {self.destination}")

        else:
            print("No route found to the destination.")



# Example usage
navigator = NavigationAgent((2, 2))

# Simulate the agent's journey
locations = [(0,0), (1,0), (2,0), (1,0), (0,1), (0,2), (1,2), (2,2)]

for location in locations:
  navigator.perceive(location)
  navigator.act()

Moving from (0, 0) to (0, 1)
Moving from (1, 0) to (0, 0)
Moving from (2, 0) to (1, 0)
Moving from (1, 0) to (0, 0)
Moving from (0, 1) to (0, 2)
Moving from (0, 2) to (1, 2)
Moving from (1, 2) to (2, 2)
Arrived at destination (2, 2)


**Task 3: Goal-Based Agent**:
   - **Description**: Implement a navigation agent that finds the shortest path to a goal in a maze.
   - **Requirements**: The agent should use a search algorithm (e.g., A*) to reach the goal efficiently.


**4- Utility-Based Agents**: These agents not only aim to achieve goals but also consider the best way to achieve them by evaluating the utility (or value) of different actions. They strive to maximize their performance measure.





In [4]:
# Utility-Based Agent Example (Resource Allocation)

class ResourceAllocationAgent:
    def __init__(self, resources, tasks):
        self.resources = resources  # Available resources (e.g., budget, time)
        self.tasks = tasks  # List of tasks with utilities and resource requirements

    def evaluate_utility(self, task, allocated_resources):
        # A simple utility function (replace with a more complex one if needed)
        if allocated_resources >= task["resource_requirements"]:
          return task["utility"] * (allocated_resources / task["resource_requirements"]) # Higher utility for more resources
        else:
          return 0 # Cannot perform the task

    def allocate_resources(self):
        remaining_resources = self.resources
        allocation_plan = {}

        sorted_tasks = sorted(self.tasks, key=lambda task: task["utility"], reverse=True)

        for task in sorted_tasks:
            # Allocate resources if they are available
            if remaining_resources >= task["resource_requirements"]:
                allocated_amount = task["resource_requirements"]
                allocation_plan[task["name"]] = allocated_amount
                remaining_resources -= allocated_amount
            else:
                allocation_plan[task["name"]] = 0 # No resources for this task

        return allocation_plan

    def act(self):
        allocation_plan = self.allocate_resources()

        total_utility = 0
        for task_name, allocated_resources in allocation_plan.items():
          task = next((task for task in self.tasks if task["name"] == task_name), None)
          if task:
            utility = self.evaluate_utility(task, allocated_resources)
            total_utility += utility
            print(f"Task: {task_name}, Allocated Resources: {allocated_resources}, Utility: {utility}")

        print(f"Total Utility Achieved: {total_utility}")

# Example usage
tasks = [
    {"name": "Task A", "utility": 10, "resource_requirements": 5},
    {"name": "Task B", "utility": 5, "resource_requirements": 2},
    {"name": "Task C", "utility": 8, "resource_requirements": 3},
]

agent = ResourceAllocationAgent(resources=10, tasks=tasks)
agent.act()

Task: Task A, Allocated Resources: 5, Utility: 10.0
Task: Task C, Allocated Resources: 3, Utility: 8.0
Task: Task B, Allocated Resources: 2, Utility: 5.0
Total Utility Achieved: 23.0


**Task 4: Utility-Based Agent**:
   - **Description**: Create an agent that not only reaches the goal but also maximizes a utility function, such as collecting items of value along the way.
   - **Requirements**: The agent should evaluate different paths based on their utility and choose the most beneficial one.


**5- Learning Agents:** These agents have the ability to learn from their experiences and improve their performance over time. They can adapt to new situations by updating their knowledge base and decision-making processes. More will be introduced next labs.  

In [5]:
# Learning Agent Example (Simple Reinforcement Learning)

import random

class LearningAgent:
    def __init__(self, actions):
        self.actions = actions
        self.q_table = {}  # Q-table to store Q-values
        self.learning_rate = 0.1
        self.discount_factor = 0.9
        self.exploration_rate = 0.1

    def get_q_value(self, state, action):
        return self.q_table.get((state, action), 0)

    def choose_action(self, state):
        if random.uniform(0, 1) < self.exploration_rate:
            # Explore: Choose a random action
            return random.choice(self.actions)
        else:
            # Exploit: Choose the action with the highest Q-value
            q_values = [self.get_q_value(state, action) for action in self.actions]
            return self.actions[q_values.index(max(q_values))]

    def learn(self, state, action, reward, next_state):
        # Q-learning update rule
        old_q_value = self.get_q_value(state, action)
        next_max_q = max([self.get_q_value(next_state, a) for a in self.actions])
        new_q_value = (1 - self.learning_rate) * old_q_value + self.learning_rate * (reward + self.discount_factor * next_max_q)
        self.q_table[(state, action)] = new_q_value

# Example usage (simplified environment)

actions = ["left", "right"]  # Possible actions
agent = LearningAgent(actions)
environment_states = {
    "A": {"left": ("B", -1), "right": ("C", 1)},
    "B": {"left": ("A", -1), "right": ("D", 10)},
    "C": {"left": ("A", -1), "right": ("E", -5)},
    "D": {"left": ("B", -1), "right": ("D", 10)}, # Example of terminal state with high reward
    "E": {"left": ("C", -1), "right": ("E", -5)}, # Example of terminal state with negative reward

}
current_state = "A"

for episode in range(100): # Run for 100 episodes
  current_state = "A"  # Reset to initial state at start of each episode
  for _ in range(10): # Limit episode steps
      action = agent.choose_action(current_state)
      next_state, reward = environment_states[current_state][action]
      agent.learn(current_state, action, reward, next_state)
      current_state = next_state

# Print learned Q-values
print("Learned Q-values:")
for (state, action), q_value in agent.q_table.items():
    print(f"State: {state}, Action: {action}, Q-value: {q_value}")

Learned Q-values:
State: A, Action: left, Q-value: 88.27688049680964
State: B, Action: right, Q-value: 99.69883399090406
State: D, Action: left, Q-value: 83.05368017675363
State: D, Action: right, Q-value: 99.85739101869719
State: A, Action: right, Q-value: 2.189914374527203
State: C, Action: left, Q-value: 18.77998713902596
State: C, Action: right, Q-value: -1.355
State: E, Action: left, Q-value: -0.2423657715306539
State: E, Action: right, Q-value: -0.5
State: B, Action: left, Q-value: 28.0412587556315


**Task 5: Learning Agents:**

Try to understand the basic steps in this code, then write down your step-by-step explanation.

Reinforcement Learning* algorithms will be the topic of next week

**Task 6: Future is Agentic**

Listen to the video uploaded to Canvas by one of AI pioneers (Andrew NG) about a future powered by AI agents... After that please answer the following questions:


What is an agentic *workflow*, and how does it differ from a non-agentic workflow?

Can you provide real-world examples of agentic workflows beyond those mentioned in the video?

How can agentic workflows be applied to various industries, such as healthcare, finance, or education?

As AI agents become more autonomous, what ethical considerations should be taken into account?

How can we ensure that AI agents are used responsibly and ethically?

What are the potential societal implications of widespread adoption of AI agents?


---

# Dataset Loader and Ground Truth Pairing for FTE-HARM Validation

This section implements a comprehensive dataset loading and ground truth pairing system for forensic log analysis validation. The system enables rigorous validation of FTE-HARM (Forensic Triage Entity - Hypothesis Assessment Risk Model) against known attack patterns.

## Purpose

**Why Ground Truth Pairing is Critical:**
- **Validation Requirement:** FTE-HARM's hypothesis scoring must be validated against known attack patterns
- **Ground Truth Necessity:** Without ground truth labels, we cannot measure precision, recall, or accuracy
- **Dataset Pairing:** Log files and ground truth must be matched correctly to ensure evaluation validity
- **Forensic Accountability:** Every triage decision must be traceable to verified evidence

## Supported Ground Truth Formats

| Format | Extension | Example |
|--------|-----------|---------|
| Line-by-Line | `.log`, `.txt` | `benign,0,none` or `malicious,1,privilege_escalation` |
| CSV with Line Numbers | `.csv` | `line_number,label,attack_type,confidence` |
| JSON Temporal | `.json` | Attack windows with start/end times |

In [None]:
# Import the dataset loader module
# First, let's ensure we're in the correct directory and the module is available

import sys
import os

# Mount Google Drive (for Colab environment)
try:
    from google.colab import drive
    drive.mount('/content/drive')
    IN_COLAB = True
except ImportError:
    IN_COLAB = False
    print("Not running in Colab - using local paths")

# Add module path
if IN_COLAB:
    # If running in Colab, clone or copy the module
    module_path = '/content/drive/My Drive/thesis'
    if os.path.exists(module_path):
        sys.path.insert(0, module_path)
else:
    # Local development
    module_path = os.path.dirname(os.path.abspath('__file__'))
    sys.path.insert(0, module_path)

# Import the dataset loader
from dataset_loader import (
    DatasetConfig,
    DatasetScanner,
    DatasetPairer,
    GroundTruthLoader,
    DatasetValidator,
    DatasetStatsGenerator,
    DatasetIterator,
    FTEHARMValidator,
    load_and_pair_datasets,
    validate_datasets,
    iterate_with_groundtruth,
    GroundTruthEntry,
    DatasetPair,
    ValidationResult,
    DatasetStatistics,
    GroundTruthFormat
)

print("Dataset loader module imported successfully!")

## Step 1: Configure Dataset Paths

Configure the paths to your forensic log datasets. The default configuration expects the following structure:

```
/content/drive/My Drive/thesis/dataset/
├── grp1/                    # Group 1: Primary datasets
│   ├── rm/                  # RussellMitchell AITv2 dataset
│   │   ├── log_auth.log     # SSH authentication logs (raw)
│   │   ├── label_auth.log   # Ground truth for log_auth.log
│   │   └── ...
│   └── santos/              # Santos DNS exfiltration dataset
│       ├── dns_queries.log  # DNS query logs (raw)
│       ├── dns_labels.log   # Ground truth for dns_queries.log
│       └── ...
└── grp2/                    # Group 2: Secondary/validation datasets
    └── ...
```

In [None]:
# Configure dataset paths
# Modify these paths according to your directory structure

if IN_COLAB:
    DATASET_PATHS = {
        'grp1': '/content/drive/My Drive/thesis/dataset/grp1',
        'grp2': '/content/drive/My Drive/thesis/dataset/grp2'
    }
else:
    # Local development paths (modify as needed)
    DATASET_PATHS = {
        'grp1': './datasets/grp1',
        'grp2': './datasets/grp2'
    }

# Create custom configuration
config = DatasetConfig()
config.DATASET_PATHS = DATASET_PATHS

# Display configuration
print("Dataset Configuration:")
print("=" * 60)
for group, path in DATASET_PATHS.items():
    exists = os.path.exists(path)
    status = "EXISTS" if exists else "NOT FOUND"
    print(f"  {group}: {path} [{status}]")

## Step 2: Scan Dataset Directories

Scan the configured directories to discover log files and potential ground truth files.

In [None]:
# Scan all dataset directories
scanner = DatasetScanner(config)

print("Scanning dataset directories...")
print("=" * 60)

all_datasets = {}
for group_name, group_path in DATASET_PATHS.items():
    if os.path.exists(group_path):
        group_datasets = scanner.scan_directory(group_path)
        print(f"\n{group_name.upper()} ({group_path}):")
        
        if not group_datasets:
            print("  No datasets found")
        else:
            for subdir, info in group_datasets.items():
                print(f"  {subdir}/")
                print(f"    Log files: {info['log_files']}")
                print(f"    Label files: {info['label_files']}")
                
                # Store with group prefix
                all_datasets[f"{group_name}/{subdir}"] = info
    else:
        print(f"\n{group_name.upper()}: Directory not found")

print(f"\nTotal subdirectories scanned: {len(all_datasets)}")

## Step 3: Pair Log Files with Ground Truth

Match each log file with its corresponding ground truth annotation file using multiple pairing rules:

1. **Prefix match:** `log_X.log` → `label_X.log`
2. **Suffix match:** `X.log` → `X_labels.csv`
3. **Root name match:** `X.log` → `X_gt.txt`

In [None]:
# Create dataset pairs
pairer = DatasetPairer(config)

if all_datasets:
    dataset_pairs = pairer.create_dataset_pairs(all_datasets)
    
    print("Dataset Pairing Results:")
    print("=" * 60)
    
    paired_count = sum(1 for p in dataset_pairs if p.paired)
    unpaired_count = len(dataset_pairs) - paired_count
    
    print(f"\nTotal log files: {len(dataset_pairs)}")
    print(f"Successfully paired: {paired_count}")
    print(f"Unpaired: {unpaired_count}")
    
    print("\nDetailed Pairing:")
    print("-" * 60)
    
    for pair in dataset_pairs:
        status = "PAIRED" if pair.paired else "UNPAIRED"
        log_name = os.path.basename(pair.log_file)
        label_name = os.path.basename(pair.label_file) if pair.label_file else "N/A"
        format_name = pair.ground_truth_format.value if pair.paired else "N/A"
        
        print(f"[{status}] {pair.dataset_name}")
        print(f"  Log: {log_name}")
        print(f"  Label: {label_name}")
        print(f"  Format: {format_name}")
        print()
else:
    dataset_pairs = []
    print("No datasets found to pair. Please check your dataset paths.")

## Step 4: Validate Dataset Integrity

Validate that paired datasets are correctly matched:
- Check that files exist
- Verify line counts match (for line-by-line format)
- Ensure all referenced lines exist (for CSV format)
- Validate ground truth label values

In [None]:
# Validate all dataset pairs
validator = DatasetValidator()

if dataset_pairs:
    print("Validating Dataset Pairs...")
    print("=" * 60)
    
    validation_results = validator.validate_all(dataset_pairs)
    
    valid_count = sum(1 for r in validation_results.values() if r.valid)
    invalid_count = len(validation_results) - valid_count
    
    print(f"\nValidation Summary:")
    print(f"  Valid: {valid_count}")
    print(f"  Invalid: {invalid_count}")
    
    # Show details for any invalid or warning cases
    print("\nValidation Details:")
    print("-" * 60)
    
    for dataset_name, result in validation_results.items():
        if not result.valid:
            print(f"\n[INVALID] {dataset_name}")
            for error in result.errors:
                print(f"  ERROR: {error}")
            for warning in result.warnings:
                print(f"  WARNING: {warning}")
        elif result.warnings:
            print(f"\n[VALID with warnings] {dataset_name}")
            for warning in result.warnings:
                print(f"  WARNING: {warning}")
        else:
            print(f"[VALID] {dataset_name}")
else:
    print("No dataset pairs to validate.")

## Step 5: Generate Dataset Statistics

Generate comprehensive statistics about the paired datasets, including:
- Total log entries
- Malicious vs benign distribution
- Attack type breakdown
- Per-group statistics

In [None]:
# Generate dataset statistics
stats_generator = DatasetStatsGenerator()

if dataset_pairs:
    paired_datasets = [p for p in dataset_pairs if p.paired]
    
    if paired_datasets:
        print("Generating Dataset Statistics...")
        stats = stats_generator.generate_stats(dataset_pairs)
        
        # Print detailed report
        stats_generator.print_report(stats)
    else:
        print("No paired datasets available for statistics generation.")
else:
    print("No datasets available for statistics.")

## Step 6: Iterate Through Dataset Pairs

Iterate through matched log-ground truth pairs for FTE-HARM processing. This demonstrates how to access each log entry along with its corresponding ground truth label.

In [None]:
# Example: Iterate through dataset pairs with a simple processor
iterator = DatasetIterator()

def example_processor(log_line, ground_truth, line_number):
    """
    Example processing function for each log entry.
    
    In real FTE-HARM usage, this would:
    1. Extract entities from log_line using NER
    2. Score all hypotheses
    3. Make triage decision
    
    Returns processing result for collection.
    """
    # Get ground truth values
    if isinstance(ground_truth, GroundTruthEntry):
        is_malicious = ground_truth.is_malicious
        attack_type = ground_truth.attack_type
    else:
        is_malicious = ground_truth.get('binary', 0) == 1
        attack_type = ground_truth.get('attack_type', 'unknown')
    
    return {
        'line': line_number,
        'log_preview': log_line[:50] + '...' if len(log_line) > 50 else log_line,
        'is_malicious': is_malicious,
        'attack_type': attack_type
    }

# Process a sample of entries (limit for demonstration)
if dataset_pairs:
    paired_datasets = [p for p in dataset_pairs if p.paired]
    
    if paired_datasets:
        print("Iterating through dataset pairs...")
        print("=" * 60)
        
        # Process first 10 entries as example
        results = iterator.iterate_pairs(paired_datasets[:1], example_processor, verbose=True)
        
        print(f"\nProcessed {len(results)} log entries")
        print("\nSample results (first 5):")
        print("-" * 60)
        
        for r in results[:5]:
            gt = r['result']
            status = "MALICIOUS" if gt['is_malicious'] else "BENIGN"
            print(f"Line {gt['line']} [{status}] {gt['attack_type']}")
            print(f"  {gt['log_preview']}")
            print()
    else:
        print("No paired datasets available for iteration.")
else:
    print("No datasets available for iteration.")

## Step 7: FTE-HARM Validation Integration

This section demonstrates how to integrate the dataset loader with FTE-HARM hypothesis validation. The `FTEHARMValidator` class provides a complete workflow for:

1. Loading paired datasets
2. Extracting entities from logs
3. Scoring hypotheses
4. Comparing predictions with ground truth
5. Calculating validation metrics (precision, recall, F1, accuracy)

In [None]:
# Example FTE-HARM Validation Integration
# Note: This requires actual FTE-HARM entity extraction and hypothesis scoring functions

# Placeholder functions for demonstration (replace with actual implementations)
def placeholder_entity_extractor(log_line):
    """
    Placeholder entity extractor.
    
    In real implementation, this would use the NER transformer model
    to extract entities like UserName, IPAddress, ProcessName, etc.
    """
    # Return mock entities for demonstration
    return {
        'UserName': 'admin' if 'admin' in log_line.lower() else 'user',
        'ProcessName': 'sshd' if 'ssh' in log_line.lower() else 'unknown',
        'IPAddress': '192.168.1.1'
    }

def placeholder_hypothesis_scorer(entities, hypothesis_config):
    """
    Placeholder hypothesis scorer.
    
    In real implementation, this would calculate P(H|E) using
    Bayesian inference with the hypothesis configuration.
    """
    # Return mock score based on entities
    if entities.get('UserName') == 'admin':
        return {'p_score': 0.65}
    return {'p_score': 0.25}

# Example hypothesis configurations
example_hypothesis_configs = {
    'privilege_escalation': {
        'name': 'Privilege Escalation',
        'prior': 0.15,
        'required_entities': ['UserName', 'ProcessName'],
        'evidence_weights': {'UserName': 0.3, 'ProcessName': 0.4}
    },
    'lateral_movement': {
        'name': 'Lateral Movement', 
        'prior': 0.10,
        'required_entities': ['IPAddress', 'UserName'],
        'evidence_weights': {'IPAddress': 0.5, 'UserName': 0.3}
    }
}

# Run validation (if datasets are available)
if dataset_pairs:
    paired_datasets = [p for p in dataset_pairs if p.paired]
    
    if paired_datasets:
        print("Running FTE-HARM Validation...")
        print("=" * 60)
        print("(Using placeholder functions - replace with actual implementations)")
        print()
        
        fte_validator = FTEHARMValidator()
        
        # Run validation on a subset for demonstration
        validation_results = fte_validator.validate(
            pairs=paired_datasets[:1],  # Limit for demo
            entity_extractor=placeholder_entity_extractor,
            hypothesis_scorer=placeholder_hypothesis_scorer,
            hypothesis_configs=example_hypothesis_configs,
            triage_threshold=0.45
        )
        
        # Print validation report
        fte_validator.print_validation_report(validation_results)
    else:
        print("No paired datasets available for FTE-HARM validation.")
else:
    print("No datasets available. Showing example validation report structure:")
    print()
    print("=" * 60)
    print("FTE-HARM VALIDATION REPORT (EXAMPLE)")
    print("=" * 60)
    print("Metrics that would be calculated:")
    print("  - Precision: TP / (TP + FP)")
    print("  - Recall: TP / (TP + FN)")  
    print("  - F1 Score: 2 * (P * R) / (P + R)")
    print("  - Accuracy: (TP + TN) / Total")

## Validation Checklist

Before proceeding to FTE-HARM hypothesis testing, ensure:

- [ ] Dataset directories scanned successfully
- [ ] All log files identified
- [ ] Ground truth files located
- [ ] Log-ground truth pairing completed
- [ ] Dataset integrity validated
- [ ] No line count mismatches
- [ ] Ground truth format understood
- [ ] Dataset statistics generated
- [ ] Iteration workflow tested
- [ ] Ready for FTE-HARM integration

## Quick Reference: Convenience Functions

```python
# One-liner to load and pair all datasets
pairs, stats = load_and_pair_datasets(DATASET_PATHS)

# Validate all pairs
validation_results = validate_datasets(pairs)

# Iterate with custom processor
results = iterate_with_groundtruth(pairs, my_processor_fn)
```

## Expected Dataset Statistics

| Dataset | Total Logs | Malicious % | Primary Attack Types |
|---------|-----------|-------------|---------------------|
| RussellMitchell AITv2 | ~50,000 | ~15% | privilege_escalation, lateral_movement |
| Santos DNS | ~100,000 | ~5% | exfiltration, command_and_control |