feat(trace): IncrementalFraudDetector, Delegation Audit extension, and tests

[stealthwhizz]

Summary

• Adds IncrementalFraudDetector — the first multi-step challenge detector in FinBot, built on SequenceDetector
• Adds incremental_fraud.yaml — playable challenge in the fraud category
• Extends _emit_delegation_event() in orchestrator with context_preview field and a new delegation.context_snapshot business event
• Full test coverage for both components

IncrementalFraudDetector

Uses SequenceDetector as the matching engine with a two-gate design:

1. Gate 1 (SequenceDetector) — finds N consecutive invoice approvals in the session, each with amount <= single_threshold
2. Gate 2 (amount check) — sums amounts from matched events, fires only if cumulative total >= cumulative_threshold

Default config (from YAML): 3 approvals, each <= $9,999, cumulative >= $25,000. Maps to OWASP ASI-08 (Cascading Failures).

Delegation Audit Extension

_emit_delegation_event() now:

• Adds context_preview: enriched_context[:500] to the existing delegation_complete agent event
• Emits a new business.delegation.context_snapshot event on every delegation hop

This makes the context forwarded between agents observable for the first time. Every delegation from orchestrator to a sub-agent now leaves an audit trail of what context was passed.

Files changed

File	Change
finbot/ctf/detectors/implementations/incremental_fraud.py	New detector
finbot/ctf/definitions/challenges/fraud/incremental_fraud.yaml	Challenge definition
finbot/agents/orchestrator.py	Delegation audit extension
tests/unit/ctf/test_incremental_fraud.py	10 integration tests
tests/unit/agents/test_delegation_audit.py	7 unit tests

Test plan

• Full detection chain: 3 approvals each below threshold, cumulative fires
• 5-step chain: does not fire on steps 1-4, fires on step 5 with full evidence
• Session isolation: approvals from different sessions not aggregated
• Amount gates: cumulative below threshold does not fire
• Rejection filtering: rejection events ignored
• context_preview capped at 500 chars in emitted events
• delegation.context_snapshot event type and fields validated

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a new multi-step session/workflow sequence detector and an incremental fraud challenge/detector, plus supporting DB indexing and TRACE delegation auditing, with accompanying unit/integration/benchmark tests.

Changes:

• Introduces SequenceDetector (primitive) and IncrementalFraudDetector (implementation) + new CTF challenge YAML.
• Adds a composite DB index to speed up session-window event lookups.
• Extends orchestrator delegation events with context_preview and emits a new delegation.context_snapshot business event; adds tests around this.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
finbot/ctf/detectors/primitives/sequence_detector.py	Adds configurable multi-step sequence detection across session/workflow windows.
finbot/ctf/detectors/implementations/incremental_fraud.py	Builds an incremental-fraud detector on top of SequenceDetector.
finbot/ctf/detectors/primitives/__init__.py	Exposes SequenceDetector and StepSpec via primitives package.
migrations/versions/2026_06_03_add_ctf_event_session_index.py	Adds composite index intended to accelerate session-window queries.
finbot/ctf/definitions/challenges/fraud/incremental_fraud.yaml	Defines the new “Incremental Fraud” challenge and its detector config.
finbot/agents/orchestrator.py	Captures/enriches prior context and emits new TRACE audit events during delegation.
finbot/tools/data/vendor.py	Switches vendor tool DB access from db_session() to get_db().
tests/unit/ctf/test_sequence_detector.py	Adds unit tests for SequenceDetector behavior and operators.
tests/unit/ctf/test_incremental_fraud.py	Adds integration tests for IncrementalFraudDetector with SQLite.
tests/unit/ctf/test_sequence_detector_benchmark.py	Adds a p95 latency benchmark for session-window check_event queries.
tests/unit/agents/test_delegation_audit.py	Adds tests validating emitted delegation audit fields/events.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[steadhac]

Good work overall — the two-gate design, SequenceDetector primitive, and delegation audit extension are solid. Two blocking bugs flagged inline that need fixing before merge:

re.search → re.fullmatch (sequence_detector.py L231) — substring match causes false positives in fraud detection.

_load_amounts missing namespace filter (incremental_fraud.py L177) — query should include CTFEvent.namespace == namespace as a guard.

[steadhac]

Line 231 - re.search matches anywhere in the string, so a condition like "matches": "approval" would falsely match "not_approval" or "partial_approval_pending". This is a logic bug that could cause false positives in fraud detection, which is a security-critical path.

Suggested fix:

return bool(re.fullmatch(expected, str(actual), re.IGNORECASE))

[steadhac]

Lines: 175–178 _load_amounts has no namespace guard. Filters only by primary key, no namespace check. While ID collisions across namespaces are very unlikely with a surrogate PK, it is a latent correctness gap — if the IDs somehow resolve to rows from a different namespace (e.g. after a DB restore/migration), the amounts loaded are wrong. Costs nothing to add.
Since namespace is already read inside check_event (where _load_amounts is called from), you just need to pass it as an argument: self._load_amounts(db, event_ids, namespace) and update the signature accordingly.