siftly 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a7542071989804851d01823da767383c5e8fb19a0f7af0964cc240ba040d8a35
+  data.tar.gz: 35e5c8553f42537ab0c6fb5437c240b909869e71fbe505e00a1334ee7de3fa39
+SHA512:
+  metadata.gz: 1011fb8411cce769bcdf8f90e3efc8b10e4291b97945744bdc5ab5f8c126a618bf5ff6befce490621d46fb443943466e820c05f497a7521101ddb4ceb29cb825
+  data.tar.gz: 0d71948ed52554568fa9e62738fdc017062807d682bea8b7ffe08fe07faa03ce94d880ddc9619af1e19b2642493780008acd496e70480223e2004320eb7ab107

data/CHANGELOG.md

@@ -0,0 +1,6 @@
+# Changelog
+
+## Unreleased
+
+- Initial `siftly` core gem implementation.
+

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Tomos Rees
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,512 @@
+# Siftly
+
+`siftly` is the core runtime. It does not ship opinionated spam rules. It gives you:
+
+- a filter contract
+- a registry
+- pipeline configuration
+- result objects
+- aggregation and failure handling
+
+Use this gem directly if you are writing your own filters. Add one or more plugin gems if you want ready-made heuristics.
+
+## Installation
+
+```ruby
+gem "siftly"
+```
+
+## Usage
+
+Load the core gem plus any plugin gems you want to use, configure the active filters once, then call `Siftly.check`.
+
+```ruby
+require "siftly"
+require "siftly/content"
+require "siftly/links"
+
+Siftly.configure do |config|
+  config.aggregator = :score
+  config.threshold = 1.0
+  config.failure_mode = :record
+
+  config.use :keyword_pack
+  config.use :shortener_link
+
+  config.filter :keyword_pack do |filter|
+    filter.keywords = ["seo agency", "buy backlinks", "guest post"]
+    filter.weight = 0.4
+  end
+end
+
+result = Siftly.check(
+  value: "Our SEO agency can buy backlinks. Details: https://bit.ly/demo",
+  attribute: :message,
+  context: { source: "contact_form" }
+)
+
+result.spam?    # => true
+result.score    # => 1.3
+result.reasons  # => ["Matched 2 configured keyword terms", "Submission contains shortened URLs"]
+result.matches.map(&:filter) # => [:keyword_pack, :shortener_link]
+```
+
+## Configuration Reference
+
+`Siftly.configure` yields a `Siftly::Config` object. These are the supported global settings.
+
+### `config.use(key)`
+
+Enables a filter for all future `Siftly.check` calls unless that call passes an explicit `filters:` list.
+
+Accepted values:
+
+- a symbol such as `:keyword_pack`
+- a string such as `"keyword_pack"`
+
+Behavior:
+
+- keys are normalized to symbols
+- duplicate calls are ignored
+- order is preserved, and filters run in that order
+
+### `config.filter(key) { |filter| ... }`
+
+Creates or updates a `Siftly::FilterConfig` for the named filter.
+
+Accepted values for `key`:
+
+- a symbol
+- a string
+
+Inside the block, `filter` is a mutable `Siftly::FilterConfig`.
+
+You can set arbitrary keys on it:
+
+```ruby
+config.filter :keyword_pack do |filter|
+  filter.keywords = ["seo agency", "buy backlinks"]
+  filter.weight = 0.4
+  filter.min_hits = 2
+end
+```
+
+Important detail:
+
+- the core gem does not validate per-filter settings
+- each filter decides which keys it reads
+- unknown settings are simply stored and ignored unless the filter uses them
+
+### `config.aggregator`
+
+Controls how filter results are combined into the final spam decision.
+
+Default:
+
+- `:score`
+
+Accepted values:
+
+- `:score`
+- `:weighted` as an alias for `:score`
+- `:any`
+- any object responding to `call(filter_results:, threshold:, context:)`
+
+Built-in behavior:
+
+- `:score` and `:weighted` sum all filter scores and mark spam when `score >= threshold`
+- `:any` marks spam when any filter matches
+
+Custom aggregator contract:
+
+```ruby
+class MyAggregator
+  def call(filter_results:, threshold:, context:)
+    { spam: true_or_false, score: numeric_score }
+  end
+end
+```
+
+If `aggregator` is set to anything else, Siftly raises `Siftly::InvalidAggregatorError`.
+
+### `config.threshold`
+
+Controls the spam cutoff used by score-based aggregation.
+
+Default:
+
+- `1.0`
+
+Accepted values:
+
+- any numeric value that can be converted with `to_f`
+
+Notes:
+
+- it matters for `:score`, `:weighted`, and most custom aggregators
+- it does not affect the built-in `:any` aggregator
+
+### `config.failure_mode`
+
+Controls what happens when a filter raises an exception.
+
+Default:
+
+- `:record`
+
+Accepted values:
+
+- `:record`
+- `:open`
+- `:closed`
+- `:raise`
+
+Behavior:
+
+- `:record` records the filter error, continues the pipeline, and treats that filter as a non-match with score `0.0`
+- `:open` currently behaves the same as `:record`
+- `:closed` records the filter error, forces that filter to match, and gives it a score equal to the pipeline threshold
+- `:raise` re-raises the original exception immediately
+
+If `failure_mode` is set to anything else, Siftly raises `Siftly::ConfigurationError`.
+
+### `config.instrumenter`
+
+Receives instrumentation events from the pipeline.
+
+Default:
+
+- `nil`
+
+Accepted values:
+
+- `nil`
+- any object responding to `instrument(event, payload = {})`
+
+Events emitted by the pipeline:
+
+- `siftly.filter.started`
+- `siftly.filter.finished`
+- `siftly.pipeline.completed`
+
+`payload` is a hash and varies by event. For example, `siftly.filter.finished` includes fields such as `filter`, `attribute`, `matched`, `score`, `duration_ms`, and `error` when applicable.
+
+### `config.enabled_filters`
+
+Read-only array of enabled filter keys.
+
+Default:
+
+- `[]`
+
+Values returned:
+
+- an array of symbols in execution order
+
+### `config.filter_config_for(key)`
+
+Returns a copy of the current `Siftly::FilterConfig` for that filter.
+
+Accepted values for `key`:
+
+- a symbol
+- a string
+
+Return behavior:
+
+- returns an existing config copy if one has been set
+- returns an empty config object for that key if one has not
+
+### `config.filter_configs`
+
+Returns a hash of all configured filter configs.
+
+Return shape:
+
+```ruby
+{
+  keyword_pack: #<Siftly::FilterConfig ...>,
+  shortener_link: #<Siftly::FilterConfig ...>
+}
+```
+
+### `config.dup`
+
+Returns a deep copy of the configuration.
+
+This duplicates:
+
+- enabled filters
+- filter configs
+- aggregator
+- threshold
+- failure mode
+- instrumenter reference
+
+## `Siftly.check` Reference
+
+`Siftly.check` accepts the following keyword arguments.
+
+### `value:`
+
+Required.
+
+Accepted values:
+
+- any object
+
+Behavior:
+
+- Siftly passes it to each filter as-is
+- most filters call `to_s`, but that is filter-specific
+
+### `attribute:`
+
+Optional.
+
+Accepted values:
+
+- `nil`
+- typically a symbol such as `:email` or `:message`
+- strings also work if the filter handles them
+
+Default:
+
+- `nil`
+
+### `record:`
+
+Optional.
+
+Accepted values:
+
+- `nil`
+- any object, typically a model or form object
+
+Default:
+
+- `nil`
+
+### `context:`
+
+Optional.
+
+Accepted values:
+
+- a hash
+
+Default:
+
+- `{}`
+
+Use this for request metadata and external signals such as:
+
+- IP address
+- user agent
+- form timing
+- honeypot values
+- precomputed fingerprints
+
+### `filters:`
+
+Optional.
+
+Accepted values:
+
+- `nil`
+- an array of symbols or strings
+
+Default:
+
+- `nil`, which means "use `config.enabled_filters`"
+
+Behavior:
+
+- keys are normalized to symbols
+- passing `filters:` replaces the globally enabled filter list for that call
+
+### `filter_overrides:`
+
+Optional.
+
+Accepted values:
+
+- a hash keyed by filter symbol or string
+
+Default:
+
+- `{}`
+
+Example:
+
+```ruby
+Siftly.check(
+  value: "special phrase",
+  filters: [:keyword_pack],
+  filter_overrides: {
+    keyword_pack: {
+      keywords: ["special phrase"],
+      weight: 0.9
+    }
+  }
+)
+```
+
+Behavior:
+
+- overrides are merged into the configured `FilterConfig` for that call only
+- string and symbol keys are both supported for filter names
+
+### `aggregator:`
+
+Optional per-call override for `config.aggregator`.
+
+Accepted values:
+
+- `:score`
+- `:weighted`
+- `:any`
+- a custom aggregator object
+
+Default:
+
+- the configured global aggregator
+
+### `threshold:`
+
+Optional per-call override for `config.threshold`.
+
+Accepted values:
+
+- any numeric value convertible with `to_f`
+
+Default:
+
+- the configured global threshold
+
+### `failure_mode:`
+
+Optional per-call override for `config.failure_mode`.
+
+Accepted values:
+
+- `:record`
+- `:open`
+- `:closed`
+- `:raise`
+
+Default:
+
+- the configured global failure mode
+
+### `instrumenter:`
+
+Optional per-call override for `config.instrumenter`.
+
+Accepted values:
+
+- `nil`
+- any object responding to `instrument(event, payload = {})`
+
+Default:
+
+- the configured global instrumenter
+
+## `Siftly::FilterConfig` Reference
+
+`Siftly::FilterConfig` stores per-filter settings.
+
+Supported methods:
+
+- `key` returns the filter key as a symbol
+- `config[:setting_name]` reads a stored setting
+- `config.fetch(:setting_name, default)` reads a stored setting with fallback
+- dynamic writers such as `config.weight = 0.7`
+- dynamic readers such as `config.weight`
+- `to_h` returns a copy of the settings hash
+- `merge(overrides)` returns a new `FilterConfig` with merged overrides
+
+Accepted setting values:
+
+- any Ruby object
+
+The core gem does not impose a schema here. Plugin filters define their own supported keys.
+
+## Writing a filter
+
+Subclass `Siftly::Filter`, call `register_as`, and return `result(...)` from `#call`.
+
+```ruby
+require "siftly"
+
+class BlocklistFilter < Siftly::Filter
+  register_as :blocklist
+
+  def call(value:, attribute: nil, record: nil, context: {})
+    blocked = Array(config.fetch(:blocked_terms, []))
+    matched_terms = blocked.select { |term| value.to_s.downcase.include?(term.downcase) }
+
+    result(
+      matched: matched_terms.any?,
+      score: matched_terms.any? ? config.fetch(:weight, 1.0).to_f : 0.0,
+      reason: matched_terms.any? ? "Matched blocked terms" : nil,
+      metadata: { matched_terms: matched_terms, attribute: attribute, context_keys: context.keys }
+    )
+  end
+end
+
+Siftly::Registry.register(BlocklistFilter)
+```
+
+## Results
+
+`Siftly.check` returns `Siftly::Result`.
+
+- `spam?` tells you whether the pipeline classified the input as spam
+- `score` is the summed score from all filter results
+- `matches` returns only the matched `Siftly::FilterResult` objects
+- `errors` returns only filters that failed
+- `reasons` is a flat list of non-nil match reasons
+- `filter_results` contains every filter result, matched or not
+
+Each `Siftly::FilterResult` exposes:
+
+- `filter`
+- `matched?`
+- `score`
+- `reason`
+- `metadata`
+- `error?`
+
+Additional result fields:
+
+- `Siftly::Result#attribute`
+- `Siftly::Result#value_preview`
+- `Siftly::Result#threshold`
+- `Siftly::Result#aggregator`
+
+Additional filter result fields:
+
+- `Siftly::FilterResult#error`
+- `Siftly::FilterResult#duration_ms`
+
+## Utility Methods
+
+### `Siftly.config`
+
+Returns the current global `Siftly::Config` instance.
+
+### `Siftly.reset_configuration!`
+
+Resets the global configuration back to defaults:
+
+- no enabled filters
+- no filter configs
+- `aggregator = :score`
+- `threshold = 1.0`
+- `failure_mode = :record`
+- `instrumenter = nil`
+
+## Plugin loading
+
+Plugin gems register their filters when required. If a check fails with an unknown filter error, you either forgot to add the plugin gem or forgot to require it.

data/lib/siftly/aggregators.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Siftly
+  module Aggregators
+    class Any
+      def call(filter_results:, threshold:, context:)
+        score = filter_results.sum(&:score)
+        { spam: filter_results.any?(&:matched?), score: score }
+      end
+    end
+
+    class Score
+      def call(filter_results:, threshold:, context:)
+        score = filter_results.sum(&:score)
+        { spam: score >= threshold.to_f, score: score }
+      end
+    end
+  end
+end
+

data/lib/siftly/checker.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Siftly
+  class Checker
+    def initialize(config:)
+      @config = config
+    end
+
+    def call(
+      value:,
+      attribute: nil,
+      record: nil,
+      context: {},
+      filters: nil,
+      filter_overrides: {},
+      aggregator: nil,
+      threshold: nil,
+      failure_mode: nil,
+      instrumenter: nil
+    )
+      active_filters = resolve_filters(filters)
+      runtime_filter_configs = build_filter_configs(active_filters, filter_overrides)
+
+      Pipeline.new(
+        filter_keys: active_filters,
+        filter_configs: runtime_filter_configs,
+        aggregator: aggregator || config.aggregator,
+        threshold: threshold || config.threshold,
+        failure_mode: failure_mode || config.failure_mode,
+        instrumenter: instrumenter || config.instrumenter
+      ).call(value: value, attribute: attribute, record: record, context: context)
+    end
+
+    private
+
+    attr_reader :config
+
+    def resolve_filters(filters)
+      (filters || config.enabled_filters).map(&:to_sym)
+    end
+
+    def build_filter_configs(filter_keys, filter_overrides)
+      filter_keys.each_with_object({}) do |filter_key, result|
+        overrides = filter_overrides.fetch(filter_key, filter_overrides.fetch(filter_key.to_s, {}))
+        result[filter_key] = config.filter_config_for(filter_key).merge(overrides)
+      end
+    end
+  end
+end

data/lib/siftly/config.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Siftly
+  class Config
+    attr_accessor :aggregator, :threshold, :failure_mode, :instrumenter
+    attr_reader :enabled_filters
+
+    def initialize(
+      enabled_filters: [],
+      filter_configs: {},
+      aggregator: :score,
+      threshold: 1.0,
+      failure_mode: :record,
+      instrumenter: nil
+    )
+      @enabled_filters = enabled_filters.map(&:to_sym)
+      @filter_configs = normalize_filter_configs(filter_configs)
+      @aggregator = aggregator
+      @threshold = threshold
+      @failure_mode = failure_mode
+      @instrumenter = instrumenter
+    end
+
+    def use(key)
+      key = key.to_sym
+      @enabled_filters << key unless @enabled_filters.include?(key)
+      key
+    end
+
+    def filter(key)
+      filter_config = (@filter_configs[key.to_sym] ||= FilterConfig.new(key))
+      yield(filter_config) if block_given?
+      filter_config
+    end
+
+    def filter_config_for(key)
+      existing = @filter_configs[key.to_sym]
+      existing ? existing.merge({}) : FilterConfig.new(key)
+    end
+
+    def filter_configs
+      @filter_configs.transform_values { |config| config.merge({}) }
+    end
+
+    def dup
+      self.class.new(
+        enabled_filters: enabled_filters.dup,
+        filter_configs: filter_configs.transform_values(&:to_h),
+        aggregator: aggregator,
+        threshold: threshold,
+        failure_mode: failure_mode,
+        instrumenter: instrumenter
+      )
+    end
+
+    private
+
+    def normalize_filter_configs(filter_configs)
+      filter_configs.each_with_object({}) do |(key, value), result|
+        result[key.to_sym] =
+          case value
+          when FilterConfig
+            value.merge({})
+          when Hash
+            FilterConfig.new(key, value)
+          else
+            raise ConfigurationError, "expected filter config for #{key.inspect} to be a Hash or FilterConfig"
+          end
+      end
+    end
+  end
+end
+

data/lib/siftly/errors.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Siftly
+  class Error < StandardError; end
+  class ConfigurationError < Error; end
+  class InvalidFilterError < Error; end
+  class DuplicateFilterError < Error; end
+  class UnknownFilterError < Error; end
+  class InvalidAggregatorError < Error; end
+end
+

data/lib/siftly/filter.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Siftly
+  class Filter
+    class << self
+      attr_reader :key
+
+      def register_as(key)
+        @key = key.to_sym
+      end
+    end
+
+    def initialize(config: {})
+      @config =
+        case config
+        when FilterConfig
+          config.merge({})
+        when Hash
+          FilterConfig.new(self.class.key || :unknown, config)
+        else
+          raise ConfigurationError, "filter config must be a Hash or FilterConfig"
+        end
+    end
+
+    def call(value:, attribute: nil, record: nil, context: {})
+      raise NotImplementedError, "#{self.class} must implement #call"
+    end
+
+    private
+
+    attr_reader :config
+
+    def result(matched:, score: 0.0, reason: nil, metadata: {}, error: nil)
+      FilterResult.new(
+        filter: self.class.key,
+        matched: matched,
+        score: score,
+        reason: reason,
+        metadata: metadata,
+        error: error
+      )
+    end
+  end
+end
+

data/lib/siftly/filter_config.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Siftly
+  class FilterConfig
+    attr_reader :key
+
+    def initialize(key, settings = {})
+      @key = key.to_sym
+      @settings = symbolize_keys(settings)
+    end
+
+    def [](name)
+      @settings[name.to_sym]
+    end
+
+    def fetch(name, *fallback)
+      @settings.fetch(name.to_sym, *fallback)
+    end
+
+    def to_h
+      @settings.dup
+    end
+
+    def merge(overrides)
+      self.class.new(key, @settings.merge(symbolize_keys(overrides)))
+    end
+
+    def method_missing(method_name, *arguments, &block)
+      return super if block
+
+      method = method_name.to_s
+
+      if method.end_with?("=")
+        @settings[method.delete_suffix("=").to_sym] = arguments.fetch(0)
+      elsif arguments.empty?
+        @settings[method_name]
+      else
+        super
+      end
+    end
+
+    def respond_to_missing?(method_name, include_private = false)
+      method_name.to_s.end_with?("=") || @settings.key?(method_name.to_sym) || super
+    end
+
+    private
+
+    def symbolize_keys(hash)
+      hash.each_with_object({}) do |(key, value), result|
+        result[key.to_sym] = value
+      end
+    end
+  end
+end
+

data/lib/siftly/filter_result.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Siftly
+  class FilterResult
+    attr_reader :filter, :score, :reason, :metadata, :error, :duration_ms
+
+    def initialize(filter:, matched:, score:, reason: nil, metadata: {}, error: nil, duration_ms: nil)
+      @filter = filter.to_sym
+      @matched = matched
+      @score = score.to_f
+      @reason = reason
+      @metadata = metadata.dup
+      @error = error
+      @duration_ms = duration_ms
+    end
+
+    def matched?
+      @matched
+    end
+
+    def error?
+      !error.nil?
+    end
+
+    def with(
+      filter: @filter,
+      matched: @matched,
+      score: @score,
+      reason: @reason,
+      metadata: @metadata,
+      error: @error,
+      duration_ms: @duration_ms
+    )
+      self.class.new(
+        filter: filter,
+        matched: matched,
+        score: score,
+        reason: reason,
+        metadata: metadata,
+        error: error,
+        duration_ms: duration_ms
+      )
+    end
+  end
+end

data/lib/siftly/instrumentation.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Siftly
+  module Instrumentation
+    class NullInstrumenter
+      def instrument(_event, payload = {})
+        yield(payload) if block_given?
+      end
+    end
+  end
+end
+

data/lib/siftly/pipeline.rb

@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+
+module Siftly
+  class Pipeline
+    VALID_FAILURE_MODES = %i[record open closed raise].freeze
+
+    def initialize(filter_keys:, filter_configs:, aggregator:, threshold:, failure_mode:, instrumenter:)
+      @filter_keys = filter_keys.map(&:to_sym)
+      @filter_configs = filter_configs
+      @aggregator = aggregator
+      @threshold = threshold.to_f
+      @failure_mode = normalize_failure_mode(failure_mode)
+      @instrumenter = instrumenter || Instrumentation::NullInstrumenter.new
+    end
+
+    def call(value:, attribute: nil, record: nil, context: {})
+      filter_results = filter_keys.map do |filter_key|
+        run_filter(filter_key, value: value, attribute: attribute, record: record, context: context)
+      end
+
+      aggregation = resolve_aggregator.call(
+        filter_results: filter_results,
+        threshold: threshold,
+        context: { value: value, attribute: attribute, record: record, context: context }
+      )
+
+      result = Result.new(
+        spam: aggregation.fetch(:spam),
+        score: aggregation.fetch(:score),
+        filter_results: filter_results,
+        reasons: filter_results.map(&:reason).compact,
+        attribute: attribute,
+        value_preview: preview(value),
+        threshold: threshold,
+        aggregator: aggregator_name
+      )
+
+      instrumenter.instrument(
+        "siftly.pipeline.completed",
+        attribute: attribute,
+        filter_count: filter_keys.length,
+        matched_filters: result.matches.map(&:filter),
+        spam: result.spam?,
+        score: result.score
+      )
+
+      result
+    end
+
+    private
+
+    attr_reader :filter_keys, :filter_configs, :aggregator, :threshold, :failure_mode, :instrumenter
+
+    def run_filter(filter_key, value:, attribute:, record:, context:)
+      payload = { filter: filter_key, attribute: attribute }
+      start = monotonic_time
+      filter_class = Registry.resolve(filter_key)
+      filter = filter_class.new(config: filter_configs.fetch(filter_key))
+
+      instrumenter.instrument("siftly.filter.started", payload)
+
+      filter_result = filter.call(value: value, attribute: attribute, record: record, context: context)
+      raise InvalidFilterError, "#{filter_class} must return Siftly::FilterResult" unless filter_result.is_a?(FilterResult)
+
+      duration = elapsed_ms(start)
+      finalized = filter_result.with(duration_ms: duration)
+
+      instrumenter.instrument("siftly.filter.finished", payload.merge(matched: finalized.matched?, score: finalized.score, duration_ms: duration))
+
+      finalized
+    rescue UnknownFilterError
+      raise
+    rescue StandardError => error
+      raise if failure_mode == :raise
+
+      duration = elapsed_ms(start)
+      failed_result = build_failed_result(filter_key, error, duration)
+
+      instrumenter.instrument(
+        "siftly.filter.finished",
+        payload.merge(matched: failed_result.matched?, score: failed_result.score, duration_ms: duration, error: error.message)
+      )
+
+      failed_result
+    end
+
+    def build_failed_result(filter_key, error, duration_ms)
+      matched = failure_mode == :closed
+      score = matched ? threshold : 0.0
+      reason = matched ? "Filter #{filter_key} failed and failure_mode=:closed forced a spam match" : nil
+
+      FilterResult.new(
+        filter: filter_key,
+        matched: matched,
+        score: score,
+        reason: reason,
+        metadata: { exception_class: error.class.name },
+        error: error.message,
+        duration_ms: duration_ms
+      )
+    end
+
+    def resolve_aggregator
+      case aggregator
+      when :any
+        Aggregators::Any.new
+      when :score, :weighted
+        Aggregators::Score.new
+      else
+        return aggregator if aggregator.respond_to?(:call)
+
+        raise InvalidAggregatorError, "unsupported aggregator #{aggregator.inspect}"
+      end
+    end
+
+    def aggregator_name
+      aggregator.is_a?(Symbol) ? aggregator : aggregator.class.name
+    end
+
+    def preview(value)
+      value.to_s[0, 80]
+    end
+
+    def normalize_failure_mode(mode)
+      mode = mode.to_sym
+      return mode if VALID_FAILURE_MODES.include?(mode)
+
+      raise ConfigurationError, "unsupported failure mode #{mode.inspect}"
+    end
+
+    def monotonic_time
+      Process.clock_gettime(Process::CLOCK_MONOTONIC)
+    end
+
+    def elapsed_ms(start_time)
+      ((monotonic_time - start_time) * 1000.0).round(3)
+    end
+  end
+end

data/lib/siftly/registry.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Siftly
+  class Registry
+    class << self
+      def register(filter_class, replace: false, metadata: {})
+        validate_filter_class!(filter_class)
+
+        key = filter_class.key
+        raise DuplicateFilterError, "filter #{key.inspect} is already registered" if !replace && filters.key?(key)
+
+        filters[key] = { klass: filter_class, metadata: metadata.dup.freeze }
+        filter_class
+      end
+
+      def fetch(key)
+        filters.fetch(key.to_sym) { raise UnknownFilterError, "unknown filter #{key.inspect}" }
+      end
+
+      def resolve(key)
+        fetch(key).fetch(:klass)
+      end
+
+      def metadata_for(key)
+        fetch(key).fetch(:metadata)
+      end
+
+      def available
+        filters.keys.sort
+      end
+
+      def registered?(key)
+        filters.key?(key.to_sym)
+      end
+
+      def clear
+        @filters = {}
+      end
+
+      private
+
+      def filters
+        @filters ||= {}
+      end
+
+      def validate_filter_class!(filter_class)
+        raise InvalidFilterError, "registered filters must inherit from Siftly::Filter" unless filter_class < Filter
+        raise InvalidFilterError, "registered filters must call register_as" if filter_class.key.nil?
+      end
+    end
+  end
+end
+

data/lib/siftly/result.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Siftly
+  class Result
+    attr_reader :score, :filter_results, :reasons, :attribute, :value_preview, :threshold, :aggregator
+
+    def initialize(spam:, score:, filter_results:, reasons:, attribute:, value_preview:, threshold:, aggregator:)
+      @spam = spam
+      @score = score.to_f
+      @filter_results = filter_results.dup.freeze
+      @reasons = reasons.compact.freeze
+      @attribute = attribute
+      @value_preview = value_preview
+      @threshold = threshold
+      @aggregator = aggregator
+    end
+
+    def spam?
+      @spam
+    end
+
+    def matches
+      filter_results.select(&:matched?)
+    end
+
+    def errors
+      filter_results.select(&:error?)
+    end
+  end
+end
+

data/lib/siftly/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Siftly
+  VERSION = "0.1.0"
+end
+

data/lib/siftly.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require_relative "siftly/version"
+require_relative "siftly/errors"
+require_relative "siftly/filter_config"
+require_relative "siftly/config"
+require_relative "siftly/filter"
+require_relative "siftly/filter_result"
+require_relative "siftly/result"
+require_relative "siftly/registry"
+require_relative "siftly/instrumentation"
+require_relative "siftly/aggregators"
+require_relative "siftly/pipeline"
+require_relative "siftly/checker"
+
+module Siftly
+  class << self
+    def configure
+      yield(config)
+      config
+    end
+
+    def config
+      @config ||= Config.new
+    end
+
+    def check(**options)
+      Checker.new(config: config).call(**options)
+    end
+
+    def reset_configuration!
+      @config = Config.new
+    end
+  end
+end

data/siftly.gemspec

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require_relative "lib/siftly/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "siftly"
+  spec.version = Siftly::VERSION
+  spec.authors = ["Tomos Rees"]
+
+  spec.summary = "Composable spam filtering core for Ruby applications."
+  spec.description = "Siftly provides a small, framework-agnostic core for registering spam filters, executing pipelines, and aggregating structured results."
+  spec.homepage = "https://github.com/tomosjohnrees/siftly"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.2"
+
+  spec.metadata["source_code_uri"] = spec.homepage
+  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
+
+  spec.files = Dir.glob("lib/**/*") + %w[CHANGELOG.md LICENSE README.md siftly.gemspec]
+  spec.bindir = "exe"
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "minitest", "~> 5.0"
+  spec.add_development_dependency "rake", "~> 13.0"
+end

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: siftly
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Tomos Rees
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2026-03-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+description: Siftly provides a small, framework-agnostic core for registering spam
+  filters, executing pipelines, and aggregating structured results.
+email: 
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE
+- README.md
+- lib/siftly.rb
+- lib/siftly/aggregators.rb
+- lib/siftly/checker.rb
+- lib/siftly/config.rb
+- lib/siftly/errors.rb
+- lib/siftly/filter.rb
+- lib/siftly/filter_config.rb
+- lib/siftly/filter_result.rb
+- lib/siftly/instrumentation.rb
+- lib/siftly/pipeline.rb
+- lib/siftly/registry.rb
+- lib/siftly/result.rb
+- lib/siftly/version.rb
+- siftly.gemspec
+homepage: https://github.com/tomosjohnrees/siftly
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/tomosjohnrees/siftly
+  changelog_uri: https://github.com/tomosjohnrees/siftly/blob/main/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key: 
+specification_version: 4
+summary: Composable spam filtering core for Ruby applications.
+test_files: []