Add researcher reputation anomaly guard

[shaiananvari8]

/claim #11

Summary

• Adds a self-contained researcher-reputation-anomaly-guard/ module for the User & Project Management bounty.
• Evaluates public researcher reputation badges before they are shown by detecting suspicious download bursts, fork rings, reciprocal endorsement clusters, reproducibility-score inflation, private-profile exposure, anonymous-review linkage risk, and stale metric windows.
• Emits deterministic reviewer actions, audit digests, JSON and Markdown review packets, an SVG summary, and a short AVI demo artifact from synthetic data only.

Non-overlap

This is a narrow metric-abuse and badge-publication safety guard. It avoids the existing broad RBAC/workspace modules, profile reputation sync and freshness slice, privacy access review, lifecycle/offboarding, institutional recertification, anonymous review escrow, identity merge/export, data-room consent, archive handoff, access-audit anomaly, role delegation, invitation-domain/MFA, funding attribution, automation credential governance, deletion/erasure, break-glass, visibility-transition, project provisioning, and object permission inheritance slices.

Validation

• npm run check
• npm test -> 4 tests passed
• npm run demo -> generated reports/reputation-anomaly-packet.json, reports/reputation-anomaly-report.md, and reports/summary.svg
• npm run demo:video -> generated reports/demo.avi (2,765,416 bytes)
• git diff --check
• git diff --cached --check
• Sensitive material scan across researcher-reputation-anomaly-guard -> no matches

Synthetic data only. No credentials, private user or project data, identity-provider calls, production profile analytics, payment data, or external APIs are used by the module.

AI-assisted with OpenAI Codex; reviewed and locally verified before submission.