@beingmartinbmc/ojas 0.2.0

package/dist/raksha/classifiers/http-classifier.js

@@ -0,0 +1,62 @@
+"use strict";
+/**
+ * HTTP-backed prompt injection classifier — reference implementation.
+ *
+ * Calls an external HTTP endpoint that accepts `{ text }` and returns
+ * `{ injectionProbability, label }`.  Works with any service that follows
+ * this contract (e.g. a Python FastAPI wrapping a HuggingFace classifier,
+ * the OpenAI moderation endpoint behind a thin adapter, Rebuff, etc.).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpPromptInjectionClassifier = void 0;
+class HttpPromptInjectionClassifier {
+    name;
+    opts;
+    constructor(options) {
+        this.name = `prompt-injection/http(${new URL(options.url).hostname})`;
+        this.opts = {
+            url: options.url,
+            apiKey: options.apiKey,
+            timeoutMs: options.timeoutMs ?? 5000,
+            headers: options.headers,
+        };
+    }
+    async classify(text, signal) {
+        const ac = new AbortController();
+        const timer = setTimeout(() => ac.abort(), this.opts.timeoutMs);
+        if (signal) {
+            signal.addEventListener('abort', () => ac.abort(), { once: true });
+        }
+        try {
+            const headers = {
+                'Content-Type': 'application/json',
+                ...this.opts.headers,
+            };
+            if (this.opts.apiKey) {
+                headers['Authorization'] = `Bearer ${this.opts.apiKey}`;
+            }
+            const res = await fetch(this.opts.url, {
+                method: 'POST',
+                headers,
+                body: JSON.stringify({ text }),
+                signal: ac.signal,
+            });
+            if (!res.ok) {
+                return { injectionProbability: 0, label: 'unknown', meta: { httpStatus: res.status } };
+            }
+            const body = await res.json();
+            const prob = typeof body.injectionProbability === 'number'
+                ? Math.max(0, Math.min(1, body.injectionProbability))
+                : 0;
+            const label = body.label === 'injection' ? 'injection'
+                : body.label === 'safe' ? 'safe'
+                    : 'unknown';
+            return { injectionProbability: prob, label, meta: body.meta };
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+}
+exports.HttpPromptInjectionClassifier = HttpPromptInjectionClassifier;
+//# sourceMappingURL=http-classifier.js.map

package/dist/raksha/classifiers/http-classifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-classifier.js","sourceRoot":"","sources":["../../../src/raksha/classifiers/http-classifier.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAeH,MAAa,6BAA6B;IAC/B,IAAI,CAAS;IACL,IAAI,CAAkH;IAEvI,YAAY,OAA8B;QACxC,IAAI,CAAC,IAAI,GAAG,yBAAyB,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,GAAG,CAAC;QACtE,IAAI,CAAC,IAAI,GAAG;YACV,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;YACpC,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY,EAAE,MAAoB;QAC/C,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEhE,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAA2B;gBACtC,cAAc,EAAE,kBAAkB;gBAClC,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO;aACrB,CAAC;YACF,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACrB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAC1D,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrC,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;gBAC9B,MAAM,EAAE,EAAE,CAAC,MAAM;aAClB,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,EAAE,oBAAoB,EAAE,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;YACzF,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA6B,CAAC;YACzD,MAAM,IAAI,GAAG,OAAO,IAAI,CAAC,oBAAoB,KAAK,QAAQ;gBACxD,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,oBAAoB,CAAC,CAAC;gBACrD,CAAC,CAAC,CAAC,CAAC;YACN,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,KAAK,WAAW,CAAC,CAAC,CAAC,WAAW;gBACpD,CAAC,CAAC,IAAI,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM;oBAChC,CAAC,CAAC,SAAS,CAAC;YAEd,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,IAA2C,EAAE,CAAC;QACvG,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;CACF;AAvDD,sEAuDC"}

package/dist/raksha/classifiers/index.d.ts

@@ -0,0 +1,5 @@
+export { OnnxPromptInjectionClassifier } from './onnx-classifier';
+export type { OnnxClassifierOptions } from './onnx-classifier';
+export { HttpPromptInjectionClassifier } from './http-classifier';
+export type { HttpClassifierOptions } from './http-classifier';
+//# sourceMappingURL=index.d.ts.map

package/dist/raksha/classifiers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/raksha/classifiers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AAClE,YAAY,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AAClE,YAAY,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/raksha/classifiers/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpPromptInjectionClassifier = exports.OnnxPromptInjectionClassifier = void 0;
+var onnx_classifier_1 = require("./onnx-classifier");
+Object.defineProperty(exports, "OnnxPromptInjectionClassifier", { enumerable: true, get: function () { return onnx_classifier_1.OnnxPromptInjectionClassifier; } });
+var http_classifier_1 = require("./http-classifier");
+Object.defineProperty(exports, "HttpPromptInjectionClassifier", { enumerable: true, get: function () { return http_classifier_1.HttpPromptInjectionClassifier; } });
+//# sourceMappingURL=index.js.map

package/dist/raksha/classifiers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/raksha/classifiers/index.ts"],"names":[],"mappings":";;;AAAA,qDAAkE;AAAzD,gIAAA,6BAA6B,OAAA;AAEtC,qDAAkE;AAAzD,gIAAA,6BAA6B,OAAA"}

package/dist/raksha/classifiers/onnx-classifier.d.ts

@@ -0,0 +1,41 @@
+/**
+ * ONNX Runtime–backed prompt injection classifier.
+ *
+ * Lazy-loads an ONNX model (e.g. protectai/deberta-v3-base-prompt-injection-v2)
+ * on first `classify()` call.  Requires `onnxruntime-node` as an optional peer
+ * dependency — if missing at runtime, the constructor succeeds but `classify()`
+ * rejects with an actionable install message.
+ *
+ * The model must be a binary-classification ONNX file that expects tokenized
+ * input (input_ids, attention_mask) and outputs logits or probabilities.
+ * A simple whitespace+lowercase tokenizer is built in for demonstration;
+ * production callers should supply a real tokenizer via `tokenize`.
+ */
+import type { PromptInjectionClassifier, ClassifierResult } from '../../types';
+export interface OnnxClassifierOptions {
+    modelPath: string;
+    /**
+     * Custom tokenizer.  Receives raw text, returns `{ inputIds, attentionMask }`
+     * as BigInt64Arrays suitable for the ONNX model's expected shapes.  When
+     * omitted a naive whitespace tokenizer is used (adequate for smoke testing
+     * but NOT production-grade).
+     */
+    tokenize?: (text: string) => {
+        inputIds: BigInt64Array;
+        attentionMask: BigInt64Array;
+    };
+    /** Maximum sequence length.  Tokens beyond this are truncated. */
+    maxLength?: number;
+    /** Threshold above which the injection probability triggers `label: 'injection'`. */
+    threshold?: number;
+}
+export declare class OnnxPromptInjectionClassifier implements PromptInjectionClassifier {
+    readonly name = "prompt-injection/onnx";
+    private session;
+    private readonly opts;
+    private loadError;
+    constructor(options: OnnxClassifierOptions);
+    classify(text: string, signal?: AbortSignal): Promise<ClassifierResult>;
+    private getSession;
+}
+//# sourceMappingURL=onnx-classifier.d.ts.map

package/dist/raksha/classifiers/onnx-classifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"onnx-classifier.d.ts","sourceRoot":"","sources":["../../../src/raksha/classifiers/onnx-classifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,yBAAyB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/E,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK;QAAE,QAAQ,EAAE,aAAa,CAAC;QAAC,aAAa,EAAE,aAAa,CAAA;KAAE,CAAC;IACvF,kEAAkE;IAClE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qFAAqF;IACrF,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,6BAA8B,YAAW,yBAAyB;IAC7E,QAAQ,CAAC,IAAI,2BAA2B;IACxC,OAAO,CAAC,OAAO,CAAwB;IACvC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAkC;IACvD,OAAO,CAAC,SAAS,CAAsB;gBAE3B,OAAO,EAAE,qBAAqB;IASpC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,gBAAgB,CAAC;YAwB/D,UAAU;CAazB"}

package/dist/raksha/classifiers/onnx-classifier.js

@@ -0,0 +1,99 @@
+"use strict";
+/**
+ * ONNX Runtime–backed prompt injection classifier.
+ *
+ * Lazy-loads an ONNX model (e.g. protectai/deberta-v3-base-prompt-injection-v2)
+ * on first `classify()` call.  Requires `onnxruntime-node` as an optional peer
+ * dependency — if missing at runtime, the constructor succeeds but `classify()`
+ * rejects with an actionable install message.
+ *
+ * The model must be a binary-classification ONNX file that expects tokenized
+ * input (input_ids, attention_mask) and outputs logits or probabilities.
+ * A simple whitespace+lowercase tokenizer is built in for demonstration;
+ * production callers should supply a real tokenizer via `tokenize`.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OnnxPromptInjectionClassifier = void 0;
+class OnnxPromptInjectionClassifier {
+    name = 'prompt-injection/onnx';
+    session = null;
+    opts;
+    loadError = null;
+    constructor(options) {
+        this.opts = {
+            modelPath: options.modelPath,
+            tokenize: options.tokenize ?? naiveTokenize(options.maxLength ?? 128),
+            maxLength: options.maxLength ?? 128,
+            threshold: options.threshold ?? 0.5,
+        };
+    }
+    async classify(text, signal) {
+        if (signal?.aborted)
+            throw new DOMException('Aborted', 'AbortError');
+        const session = await this.getSession();
+        const { inputIds, attentionMask } = this.opts.tokenize(text);
+        // onnxruntime-node types are not guaranteed at compile time
+        const ort = requireOrt();
+        const feeds = {
+            input_ids: new ort.Tensor('int64', inputIds, [1, inputIds.length]),
+            attention_mask: new ort.Tensor('int64', attentionMask, [1, attentionMask.length]),
+        };
+        const results = await session.run(feeds);
+        const logits = results.logits?.data ?? results.output?.data;
+        if (!logits || logits.length < 2) {
+            return { injectionProbability: 0, label: 'unknown', meta: { error: 'unexpected model output shape' } };
+        }
+        const prob = softmax(logits[0], logits[1]);
+        const label = prob >= this.opts.threshold ? 'injection' : 'safe';
+        return { injectionProbability: prob, label, meta: { modelPath: this.opts.modelPath } };
+    }
+    async getSession() {
+        if (this.loadError)
+            throw this.loadError;
+        if (this.session)
+            return this.session;
+        try {
+            const ort = requireOrt();
+            this.session = await ort.InferenceSession.create(this.opts.modelPath);
+            return this.session;
+        }
+        catch (err) {
+            this.loadError = err instanceof Error ? err : new Error(String(err));
+            throw this.loadError;
+        }
+    }
+}
+exports.OnnxPromptInjectionClassifier = OnnxPromptInjectionClassifier;
+function requireOrt() {
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        return require('onnxruntime-node');
+    }
+    catch {
+        throw new Error('onnxruntime-node is required for OnnxPromptInjectionClassifier. ' +
+            'Install it with: npm install onnxruntime-node');
+    }
+}
+function softmax(logitSafe, logitInjection) {
+    const max = Math.max(logitSafe, logitInjection);
+    const expSafe = Math.exp(logitSafe - max);
+    const expInj = Math.exp(logitInjection - max);
+    return expInj / (expSafe + expInj);
+}
+function naiveTokenize(maxLength) {
+    return (text) => {
+        const words = text.toLowerCase().split(/\s+/).slice(0, maxLength);
+        const inputIds = new BigInt64Array(words.length);
+        const attentionMask = new BigInt64Array(words.length);
+        for (let i = 0; i < words.length; i++) {
+            let hash = 0;
+            for (let j = 0; j < words[i].length; j++) {
+                hash = ((hash << 5) - hash + words[i].charCodeAt(j)) | 0;
+            }
+            inputIds[i] = BigInt(Math.abs(hash) % 30000);
+            attentionMask[i] = 1n;
+        }
+        return { inputIds, attentionMask };
+    };
+}
+//# sourceMappingURL=onnx-classifier.js.map

package/dist/raksha/classifiers/onnx-classifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"onnx-classifier.js","sourceRoot":"","sources":["../../../src/raksha/classifiers/onnx-classifier.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAmBH,MAAa,6BAA6B;IAC/B,IAAI,GAAG,uBAAuB,CAAC;IAChC,OAAO,GAAmB,IAAI,CAAC;IACtB,IAAI,CAAkC;IAC/C,SAAS,GAAiB,IAAI,CAAC;IAEvC,YAAY,OAA8B;QACxC,IAAI,CAAC,IAAI,GAAG;YACV,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,aAAa,CAAC,OAAO,CAAC,SAAS,IAAI,GAAG,CAAC;YACrE,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,GAAG;YACnC,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,GAAG;SACpC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY,EAAE,MAAoB;QAC/C,IAAI,MAAM,EAAE,OAAO;YAAE,MAAM,IAAI,YAAY,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAErE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxC,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAE7D,4DAA4D;QAC5D,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;QACzB,MAAM,KAAK,GAA4B;YACrC,SAAS,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClE,cAAc,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;SAClF,CAAC;QAEF,MAAM,OAAO,GAAG,MAAO,OAAoG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACvI,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC;QAC5D,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,oBAAoB,EAAE,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,+BAA+B,EAAE,EAAE,CAAC;QACzG,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAG,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC;QACjE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;IACzF,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,CAAC,SAAS,CAAC;QACzC,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC,OAAO,CAAC;QAEtC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;YACzB,IAAI,CAAC,OAAO,GAAG,MAAM,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtE,OAAO,IAAI,CAAC,OAAO,CAAC;QACtB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACrE,MAAM,IAAI,CAAC,SAAS,CAAC;QACvB,CAAC;IACH,CAAC;CACF;AApDD,sEAoDC;AAED,SAAS,UAAU;IAIjB,IAAI,CAAC;QACH,8DAA8D;QAC9D,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,kEAAkE;YAClE,+CAA+C,CAChD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,OAAO,CAAC,SAAiB,EAAE,cAAsB;IACxD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,GAAG,GAAG,CAAC,CAAC;IAC9C,OAAO,MAAM,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB;IACtC,OAAO,CAAC,IAAY,EAAE,EAAE;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAClE,MAAM,QAAQ,GAAG,IAAI,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,IAAI,IAAI,GAAG,CAAC,CAAC;YACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACzC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAC3D,CAAC;YACD,QAAQ,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;YAC7C,aAAa,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QACxB,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC;IACrC,CAAC,CAAC;AACJ,CAAC"}

package/dist/raksha/hallucination-detectors.d.ts

@@ -0,0 +1,106 @@
+/**
+ * Built-in `HallucinationDetector` implementations.
+ *
+ * These detectors are deliberately **dep-free and runtime-fast**. They
+ * are not state-of-the-art; their purpose is to give Ojas users a
+ * sensible default and a working contract so they can later plug in
+ * heavier ML-backed detectors (encoder grounding models, LLM judges)
+ * via the same interface.
+ *
+ * Three detectors are shipped:
+ *
+ *   1. **`BestOfNInconsistencyDetector`** (black-box consistency)
+ *      Scores how much the agent's output disagrees with alternative
+ *      samples of the same prompt. We use a character-shingle Jaccard
+ *      distance rather than embeddings so we don't need ML. Risk =
+ *      mean pairwise distance from `output` to each sample, clamped
+ *      to [0, 1].
+ *
+ *   2. **`ClaimLevelDetector`** (long-text grounding)
+ *      Splits `output` into sentence-claims, then for each claim
+ *      measures n-gram overlap with each `context` item. A claim is
+ *      "unsupported" when its best-match overlap is below a
+ *      threshold. Risk = fraction of unsupported claims, weighted by
+ *      claim length.
+ *
+ *   3. **`AbstentionDetector`** (refusal recognition)
+ *      Treats appropriate abstention as a **positive** signal: if
+ *      the output is mostly hedging / refusal, returns low risk and
+ *      `abstention: true`. The caller can then route the task to a
+ *      stronger model rather than penalising the abstention.
+ *
+ * Composition: callers wanting an ensemble can wrap these via
+ * `EnsembleHallucinationDetector` (also shipped).
+ */
+import type { HallucinationAssessment, HallucinationDetector, HallucinationDetectorInput } from '../types';
+export interface BestOfNDetectorPolicy {
+    /** Character-shingle length. 4 is a robust default for English. */
+    shingleK?: number;
+    /**
+     * Minimum sample count below which we return a low-confidence
+     * "no signal" assessment instead of guessing. Default 2 (one
+     * pairwise comparison).
+     */
+    minSamples?: number;
+}
+export declare class BestOfNInconsistencyDetector implements HallucinationDetector {
+    readonly name = "bestofn/n-gram-jaccard";
+    private readonly policy;
+    constructor(policy?: BestOfNDetectorPolicy);
+    detect(input: HallucinationDetectorInput): Promise<HallucinationAssessment>;
+}
+export interface ClaimLevelDetectorPolicy {
+    /** N-gram length for claim-to-context overlap. 4 chars works well for English. */
+    shingleK?: number;
+    /**
+     * Per-claim grounding threshold. A claim with `bestOverlap < threshold`
+     * is marked unsupported. 0.25 is conservative — it requires a quarter
+     * of the claim's shingles to appear in some context item.
+     */
+    groundingThreshold?: number;
+}
+export declare class ClaimLevelDetector implements HallucinationDetector {
+    readonly name = "claim-level/n-gram-grounding";
+    private readonly policy;
+    constructor(policy?: ClaimLevelDetectorPolicy);
+    detect(input: HallucinationDetectorInput): Promise<HallucinationAssessment>;
+}
+export interface AbstentionDetectorPolicy {
+    /**
+     * Minimum fraction of the output that must match an abstention
+     * pattern (by character count) for the output to be considered an
+     * abstention. Default 0.15 — a short hedge inside a long substantive
+     * answer should NOT count.
+     */
+    minAbstentionFraction?: number;
+}
+export declare class AbstentionDetector implements HallucinationDetector {
+    readonly name = "abstention/canonical-hedges";
+    private readonly policy;
+    constructor(policy?: AbstentionDetectorPolicy);
+    detect(input: HallucinationDetectorInput): Promise<HallucinationAssessment>;
+}
+/**
+ * Compose multiple detectors with weighted-average aggregation. We
+ * weight by both the configured weight AND each detector's reported
+ * confidence so a detector that signals "I don't have enough input"
+ * is automatically down-weighted in the aggregate.
+ *
+ * The `abstention` flag short-circuits: if *any* detector reports
+ * `abstention: true`, the ensemble surfaces the abstention and uses
+ * the abstention detector's risk score (low) rather than averaging
+ * across the consistency / claim-level detectors (which would
+ * incorrectly score "I don't know" as high-risk because it has no
+ * grounding signal).
+ */
+export interface EnsembleEntry {
+    detector: HallucinationDetector;
+    weight?: number;
+}
+export declare class EnsembleHallucinationDetector implements HallucinationDetector {
+    readonly name: string;
+    private readonly entries;
+    constructor(entries: ReadonlyArray<EnsembleEntry>);
+    detect(input: HallucinationDetectorInput): Promise<HallucinationAssessment>;
+}
+//# sourceMappingURL=hallucination-detectors.d.ts.map

package/dist/raksha/hallucination-detectors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hallucination-detectors.d.ts","sourceRoot":"","sources":["../../src/raksha/hallucination-detectors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,KAAK,EAEV,uBAAuB,EACvB,qBAAqB,EACrB,0BAA0B,EAC3B,MAAM,UAAU,CAAC;AAsDlB,MAAM,WAAW,qBAAqB;IACpC,mEAAmE;IACnE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,4BAA6B,YAAW,qBAAqB;IACxE,QAAQ,CAAC,IAAI,4BAA4B;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkC;gBAE7C,MAAM,GAAE,qBAA0B;IAOxC,MAAM,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC;CAoClF;AAID,MAAM,WAAW,wBAAwB;IACvC,kFAAkF;IAClF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,qBAAa,kBAAmB,YAAW,qBAAqB;IAC9D,QAAQ,CAAC,IAAI,kCAAkC;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqC;gBAEhD,MAAM,GAAE,wBAA6B;IAO3C,MAAM,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC;CAuElF;AAqBD,MAAM,WAAW,wBAAwB;IACvC;;;;;OAKG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,qBAAa,kBAAmB,YAAW,qBAAqB;IAC9D,QAAQ,CAAC,IAAI,iCAAiC;IAC9C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqC;gBAEhD,MAAM,GAAE,wBAA6B;IAM3C,MAAM,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC;CAqClF;AAID;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,qBAAqB,CAAC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,6BAA8B,YAAW,qBAAqB;IACzE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyC;gBAErD,OAAO,EAAE,aAAa,CAAC,aAAa,CAAC;IAW3C,MAAM,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC;CAiDlF"}