Persisted anomaly record detected by the anomaly detection system. Each record represents a single detected anomaly with detection_method discriminator, type, severity, deviation_score, significance evidence, occurrence_count for duplicate tracking, and reference to the source config and affected resource.

An asterisk * in the title indicates the field is mandatory.
If a field has a default value, it is shown in the Description column.
If the field type is an array, the Field Name has a .[n] suffix, where n is the array index placeholder.
Object and array field names are listed to provide context. If a field belongs to an object or an array, the full field name is shown in dot separated notation.

Title	Description	Details
Anomaly Type *	Classification of the detected anomaly	Field Name: anomaly_type Type: String MaxLength: 1024 Choices: ["Config Drift", "Threshold Breach", "Pattern Deviation"]
Detection Method *	Discriminator indicating how the anomaly was detected	Field Name: detection_method Type: String MaxLength: 1024 Choices: ["Isolation Forest", "Config Drift Analysis", "Prophet Forecast"]
Severity *	Severity level of the detected anomaly	Field Name: severity Type: String MaxLength: 1024 Choices: ["Low", "Medium", "High", "Critical"]
Confidence *	Confidence level of the anomaly detection (very_high >= 0.85, high >= 0.70, medium >= 0.50, low < 0.50)	Field Name: confidence Type: String MaxLength: 1024 Choices: ["Low", "Medium", "High", "Very High"]
Affected Resource *	Identifier of the affected resource (resource path or name from any datasource)	Field Name: affected_resource Type: String MaxLength: 1024
Title *	Human-readable anomaly title	Field Name: title Type: String MaxLength: 1024
Description *	Detailed description of the anomaly	Field Name: description Type: String MaxLength: 1024
First Detected At *	Timestamp when the anomaly was first detected	Field Name: first_detected_at Type: String MaxLength: 1024 Format: date-time
Expires At *	Timestamp when the anomaly record expires	Field Name: expires_at Type: String MaxLength: 1024 Format: date-time
Detection Config *	Reference to the AnomalyDetectionConfig that triggered this detection	Field Name: detection_config Type: String Target: data/AnomalyDetectionConfig Target attr: name MaxLength: 1024 Format: uri
Detection Run	Reference to the AnomalyDetectionRun that produced this anomaly. Used for cascading cleanup when run records expire.	Field Name: detection_run Type: String Target: data/AnomalyDetectionRun Target attr: run_id MaxLength: 1024 Format: uri
Deviation Score	Normalized anomaly magnitude (0.0-1.0) stored as string. Absent means not computed.	Field Name: deviation_score Type: String MaxLength: 1024
Significance	JSON-serialized structured evidence of why the anomaly was detected. Format varies by detection_method.	Field Name: significance Type: String MaxLength: 8192
Occurrence Count	Number of times this anomaly has been detected (incremented on duplicate detection) Default: 1	Field Name: occurrence_count Type: Integer Default: 1
Last Detected	Timestamp of the most recent detection of this anomaly	Field Name: last_detected Type: String MaxLength: 1024 Format: date-time
Idempotency Key	Deterministic hash for duplicate suppression. Computed from detection_config + affected_resource + anomaly_type + baseline_fingerprint + detection_method	Field Name: idempotency_key Type: String MaxLength: 1024
Raw Data	JSON-serialized diagnostic data from the detection run. Deserialized by the application layer.	Field Name: raw_data Type: String MaxLength: 524288

Model: data/DetectedAnomaly

Model Details: data/DetectedAnomaly