@framers/agentos-ext-ml-classifiers 0.1.0 → 0.2.1

package/dist/tools/ClassifyContentTool.js

@@ -1,147 +1,96 @@
 /**
- * @fileoverview On-demand content classification tool for AgentOS.
+ * @file ClassifyContentTool.ts
+ * @description An AgentOS tool that exposes the ML classifier as a callable tool,
+ * enabling agents to perform on-demand safety classification of arbitrary text.
  *
- * `ClassifyContentTool` exposes the ML classifier pipeline as an invocable
- * {@link ITool}, enabling agents and workflows to explicitly classify text
- * for safety signals (toxicity, prompt injection, jailbreak) on demand,
- * rather than relying solely on the implicit guardrail pipeline.
- *
- * Use cases:
- * - An agent that needs to evaluate user-generated content before storing
- *   it in a knowledge base.
- * - A moderation workflow that classifies a batch of flagged messages.
- * - A debugging tool for inspecting classifier behaviour on specific inputs.
- *
- * The tool delegates to a {@link ClassifierOrchestrator} instance and returns
- * the full {@link ChunkEvaluation} (including per-classifier scores and the
- * aggregated recommended action).
- *
- * @module agentos/extensions/packs/ml-classifiers/tools/ClassifyContentTool
+ * @module ml-classifiers/tools/ClassifyContentTool
  */
 // ---------------------------------------------------------------------------
 // ClassifyContentTool
 // ---------------------------------------------------------------------------
 /**
- * ITool implementation that runs ML content classifiers on demand.
- *
- * The tool is read-only (`hasSideEffects: false`) — it inspects text and
- * returns structured classification results without modifying any state.
+ * AgentOS tool that classifies text for toxicity, injection, NSFW, and threat
+ * content using the same three-tier strategy as the guardrail.
  *
- * @implements {ITool<ClassifyInput, ChunkEvaluation>}
- *
- * @example
- * ```typescript
- * const tool = new ClassifyContentTool(orchestrator);
- * const result = await tool.execute(
- *   { text: 'some potentially harmful text' },
- *   executionContext,
- * );
- *
- * if (result.success) {
- *   console.log(result.output.recommendedAction); // 'allow' | 'flag' | 'block' | …
- * }
- * ```
+ * @implements {ITool<ClassifyContentInput, ClassifyContentOutput>}
  */
 export class ClassifyContentTool {
-    // -------------------------------------------------------------------------
-    // ITool identity & metadata
-    // -------------------------------------------------------------------------
-    /** Unique tool identifier used for registration and lookup. */
+    // -----------------------------------------------------------------------
+    // ITool metadata
+    // -----------------------------------------------------------------------
+    /** Stable tool identifier. */
     id = 'classify_content';
-    /** Functional name exposed to LLMs for tool-call invocation. */
+    /** Tool name presented to the LLM. */
     name = 'classify_content';
-    /** Human-readable display name for dashboards and UI. */
-    displayName = 'Content Safety Classifier';
-    /** Natural-language description of the tool's purpose and behaviour. */
-    description = 'Classify text for toxicity, prompt injection, and jailbreak attempts ' +
-        'using ML models. Returns per-classifier scores and an aggregated ' +
-        'recommended guardrail action.';
-    /** Logical grouping for tool discovery and filtering. */
+    /** Human-readable display name. */
+    displayName = 'ML Content Classifier';
+    /** Description used by the LLM to decide when to invoke the tool. */
+    description = 'Classify text for safety across four categories: toxic, injection, nsfw, and threat. ' +
+        'Returns per-category confidence scores and a flagged boolean. Use this tool to ' +
+        'pre-screen user-generated content or agent output before further processing.';
+    /** Tool category for capability discovery grouping. */
     category = 'security';
-    /** SemVer version of this tool implementation. */
+    /** Semantic version. */
     version = '1.0.0';
-    /** This tool only reads text — it performs no mutations. */
+    /** Read-only analysis — no side effects. */
     hasSideEffects = false;
-    // -------------------------------------------------------------------------
-    // JSON Schema for input validation
-    // -------------------------------------------------------------------------
-    /**
-     * JSON Schema describing the expected input arguments.
-     *
-     * - `text` (required): The string to classify.
-     * - `classifiers` (optional): Array of classifier IDs to restrict evaluation.
-     */
+    /** JSON Schema for tool input validation. */
     inputSchema = {
         type: 'object',
         properties: {
             text: {
                 type: 'string',
-                description: 'Text to classify for safety signals.',
-            },
-            classifiers: {
-                type: 'array',
-                items: { type: 'string' },
-                description: 'Optional: only run these classifier IDs. When omitted all registered classifiers are used.',
+                description: 'The text to classify for safety.',
             },
         },
         required: ['text'],
     };
-    // -------------------------------------------------------------------------
-    // Internal state
-    // -------------------------------------------------------------------------
-    /** The orchestrator that drives the underlying ML classifiers. */
-    orchestrator;
-    // -------------------------------------------------------------------------
+    // -----------------------------------------------------------------------
+    // Private fields
+    // -----------------------------------------------------------------------
+    /** The guardrail instance used for classification. */
+    guardrail;
+    // -----------------------------------------------------------------------
     // Constructor
-    // -------------------------------------------------------------------------
+    // -----------------------------------------------------------------------
     /**
      * Create a new ClassifyContentTool.
      *
-     * @param orchestrator - The classifier orchestrator that will handle
-     *                       parallel classification and result aggregation.
+     * @param guardrail - The {@link MLClassifierGuardrail} instance to delegate
+     *                    classification to.  Shared and stateless (except for the
+     *                    cached ONNX pipeline).
      */
-    constructor(orchestrator) {
-        this.orchestrator = orchestrator;
+    constructor(guardrail) {
+        this.guardrail = guardrail;
     }
-    // -------------------------------------------------------------------------
-    // execute
-    // -------------------------------------------------------------------------
+    // -----------------------------------------------------------------------
+    // ITool.execute
+    // -----------------------------------------------------------------------
     /**
-     * Run all (or a subset of) ML classifiers against the provided text and
-     * return the aggregated evaluation.
+     * Execute the classification against the provided text.
      *
-     * @param args    - Tool input containing the text to classify and an
-     *                  optional list of classifier IDs to restrict execution.
-     * @param _context - Execution context (unused — classification is
-     *                   stateless and user-agnostic).
-     * @returns A successful result containing the {@link ChunkEvaluation},
-     *          or a failure result if the text is missing or classification
-     *          throws an unexpected error.
+     * @param args    - Validated input arguments containing `text`.
+     * @param context - Tool execution context (unused by this read-only tool).
+     * @returns Tool execution result wrapping the classification output.
      */
-    async execute(args, _context) {
-        // Validate that text is provided and non-empty.
-        if (!args.text || args.text.trim().length === 0) {
-            return {
-                success: false,
-                error: 'The "text" argument is required and must not be empty.',
-            };
-        }
+    async execute(args, 
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    context) {
         try {
-            // Delegate to the orchestrator for parallel classification.
-            // NOTE: The `args.classifiers` filter is not yet implemented in the
-            // orchestrator — it would require a filtering layer.  For now, all
-            // registered classifiers are invoked regardless.
-            const evaluation = await this.orchestrator.classifyAll(args.text);
+            const result = await this.guardrail.classify(args.text);
             return {
                 success: true,
-                output: evaluation,
+                output: {
+                    categories: result.categories,
+                    flagged: result.flagged,
+                },
             };
         }
         catch (err) {
-            const message = err instanceof Error ? err.message : String(err);
+            const message = err instanceof Error ? err.message : 'Unknown error during classification';
             return {
                 success: false,
-                error: `Classification failed: ${message}`,
+                error: `Content classification failed: ${message}`,
             };
         }
     }

package/dist/tools/ClassifyContentTool.js.map

@@ -1 +1 @@
-{"version":3,"file":"ClassifyContentTool.js","sourceRoot":"","sources":["../../src/tools/ClassifyContentTool.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAgCH,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,mBAAmB;IAC9B,4EAA4E;IAC5E,4BAA4B;IAC5B,4EAA4E;IAE5E,+DAA+D;IACtD,EAAE,GAAG,kBAAkB,CAAC;IAEjC,gEAAgE;IACvD,IAAI,GAAG,kBAAkB,CAAC;IAEnC,yDAAyD;IAChD,WAAW,GAAG,2BAA2B,CAAC;IAEnD,wEAAwE;IAC/D,WAAW,GAClB,uEAAuE;QACvE,mEAAmE;QACnE,+BAA+B,CAAC;IAElC,yDAAyD;IAChD,QAAQ,GAAG,UAAU,CAAC;IAE/B,kDAAkD;IACzC,OAAO,GAAG,OAAO,CAAC;IAE3B,4DAA4D;IACnD,cAAc,GAAG,KAAK,CAAC;IAEhC,4EAA4E;IAC5E,mCAAmC;IACnC,4EAA4E;IAE5E;;;;;OAKG;IACM,WAAW,GAAqB;QACvC,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,sCAAsC;aACpD;YACD,WAAW,EAAE;gBACX,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,WAAW,EACT,4FAA4F;aAC/F;SACF;QACD,QAAQ,EAAE,CAAC,MAAM,CAAC;KACnB,CAAC;IAEF,4EAA4E;IAC5E,iBAAiB;IACjB,4EAA4E;IAE5E,kEAAkE;IACjD,YAAY,CAAyB;IAEtD,4EAA4E;IAC5E,cAAc;IACd,4EAA4E;IAE5E;;;;;OAKG;IACH,YAAY,YAAoC;QAC9C,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED,4EAA4E;IAC5E,UAAU;IACV,4EAA4E;IAE5E;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,OAAO,CACX,IAAmB,EACnB,QAA8B;QAE9B,gDAAgD;QAChD,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,wDAAwD;aAChE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,4DAA4D;YAC5D,oEAAoE;YACpE,mEAAmE;YACnE,iDAAiD;YACjD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAElE,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,UAAU;aACnB,CAAC;QACJ,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,0BAA0B,OAAO,EAAE;aAC3C,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"ClassifyContentTool.js","sourceRoot":"","sources":["../../src/tools/ClassifyContentTool.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA6BH,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,OAAO,mBAAmB;IAC9B,0EAA0E;IAC1E,iBAAiB;IACjB,0EAA0E;IAE1E,8BAA8B;IACrB,EAAE,GAAG,kBAAkB,CAAC;IAEjC,sCAAsC;IAC7B,IAAI,GAAG,kBAAkB,CAAC;IAEnC,mCAAmC;IAC1B,WAAW,GAAG,uBAAuB,CAAC;IAE/C,qEAAqE;IAC5D,WAAW,GAClB,uFAAuF;QACvF,iFAAiF;QACjF,8EAA8E,CAAC;IAEjF,uDAAuD;IAC9C,QAAQ,GAAG,UAAU,CAAC;IAE/B,wBAAwB;IACf,OAAO,GAAG,OAAO,CAAC;IAE3B,4CAA4C;IACnC,cAAc,GAAG,KAAK,CAAC;IAEhC,6CAA6C;IACpC,WAAW,GAAG;QACrB,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAiB;gBACvB,WAAW,EAAE,kCAAkC;aAChD;SACF;QACD,QAAQ,EAAE,CAAC,MAAM,CAAC;KACnB,CAAC;IAEF,0EAA0E;IAC1E,iBAAiB;IACjB,0EAA0E;IAE1E,sDAAsD;IACrC,SAAS,CAAwB;IAElD,0EAA0E;IAC1E,cAAc;IACd,0EAA0E;IAE1E;;;;;;OAMG;IACH,YAAY,SAAgC;QAC1C,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,0EAA0E;IAC1E,gBAAgB;IAChB,0EAA0E;IAE1E;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CACX,IAA0B;IAC1B,6DAA6D;IAC7D,OAA6B;QAE7B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAExD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE;oBACN,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;iBACxB;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,qCAAqC,CAAC;YAE3F,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kCAAkC,OAAO,EAAE;aACnD,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/types.d.ts

@@ -1,319 +1,119 @@
 /**
- * @fileoverview Core type definitions for the ML Classifier Guardrail Extension Pack.
+ * @file types.ts
+ * @description Core type definitions for the ML Classifiers extension pack.
  *
- * This file defines all configuration shapes, runtime result types, and
- * service-identifier constants used by the ML classifier pipeline. All
- * classifiers in this pack evaluate text content against learned models
- * (toxicity, prompt-injection, jailbreak) and emit structured results that
- * feed into the AgentOS guardrail decision tree.
+ * Defines the shared interfaces used across the ML classification system:
+ * classifier categories, confidence results, option shapes, and the LLM
+ * invoker callback signature.
  *
- * Import hierarchy
- * ----------------
- * ```
- * IUtilityAI  ──── ClassificationResult, ClassificationScore
- * IGuardrailService ── GuardrailAction
- *                   │
- *                   ▼
- *              types.ts  (this file)
- *                   │
- *                   ▼
- *           IContentClassifier.ts  /  SlidingWindowBuffer.ts  /  …
- * ```
- *
- * @module agentos/extensions/packs/ml-classifiers/types
+ * @module ml-classifiers/types
  */
-import type { ClassificationResult, ClassificationScore } from '@framers/agentos';
-import type { GuardrailAction } from '@framers/agentos';
-export type { ClassificationResult, ClassificationScore };
 /**
- * Numeric thresholds that map raw classifier confidence scores (0–1) to
- * guardrail actions.
+ * Safety categories evaluated by the ML classifier.
  *
- * The thresholds are applied in descending priority:
- *  1. `score >= blockThreshold` → {@link GuardrailAction.BLOCK}
- *  2. `score >= flagThreshold`  → {@link GuardrailAction.FLAG}
- *  3. `score >= warnThreshold`  → {@link GuardrailAction.SANITIZE}
- *  4. otherwise                 → {@link GuardrailAction.ALLOW}
+ * - `'toxic'`     — Hateful, abusive, or threatening language.
+ * - `'injection'` — Prompt injection or jailbreak attempts.
+ * - `'nsfw'`      — Sexually explicit or adult content.
+ * - `'threat'`    — Direct threats of violence or self-harm.
  */
-export interface ClassifierThresholds {
-    /**
-     * Minimum score at which content is **blocked** (interaction terminated).
-     * Must be in the range [0, 1].  Typical default: `0.9`.
-     */
-    blockThreshold: number;
-    /**
-     * Minimum score at which content is **flagged** for review while still
-     * being allowed through.  Must be in the range [0, 1].  Typical default: `0.7`.
-     */
-    flagThreshold: number;
-    /**
-     * Minimum score at which a **warn** action is taken (e.g. the chunk is
-     * sanitised or a warning is appended to the response).  Must be in the range
-     * [0, 1].  Typical default: `0.4`.
-     */
-    warnThreshold: number;
-}
+export type ClassifierCategory = 'toxic' | 'injection' | 'nsfw' | 'threat';
 /**
- * Sensible defaults for {@link ClassifierThresholds}.
- *
- * These values reflect a conservative-but-pragmatic policy:
- * - block at 90 % confidence → very high bar, minimises false positives
- * - flag at 70 % → surfaced for human review, not blocked
- * - warn at 40 % → low-confidence signal, handled with a light touch
+ * All supported classifier categories as a constant array, used for
+ * iteration and default configuration.
  */
-export declare const DEFAULT_THRESHOLDS: ClassifierThresholds;
+export declare const ALL_CATEGORIES: ClassifierCategory[];
 /**
- * Configuration for a single ML classifier pipeline.
+ * Confidence score for a single safety category.
  *
- * Allows individual classifiers to override the pack-level defaults for the
- * model variant and decision thresholds, and to customise which guardrail
- * action is taken for each classification label.
+ * Scores are normalised to the range `[0, 1]`, where `0` means "no signal"
+ * and `1` means "extremely confident match".
  */
-export interface ClassifierConfig {
-    /**
-     * Hugging Face model identifier (e.g. `"Xenova/toxic-bert"`) or a local
-     * model path to load instead of the pack default.
-     * @optional Falls back to the pack-level `MLClassifierPackOptions.modelCacheDir` default.
-     */
-    modelId?: string;
-    /**
-     * Per-classifier threshold overrides.
-     * @optional Falls back to {@link DEFAULT_THRESHOLDS}.
-     */
-    thresholds?: Partial<ClassifierThresholds>;
-    /**
-     * Maps classification labels to the guardrail action that should be taken
-     * when that label is the winning class.
-     *
-     * @example
-     * ```typescript
-     * // Always block on TOXIC label regardless of threshold.
-     * labelActions: { TOXIC: GuardrailAction.BLOCK }
-     * ```
-     */
-    labelActions?: Record<string, GuardrailAction>;
+export interface CategoryScore {
+    /** The safety category this score applies to. */
+    name: ClassifierCategory;
+    /** Normalised confidence score in the range [0, 1]. */
+    confidence: number;
 }
 /**
- * Configuration for browser-side model execution.
+ * Complete result from a classification pass over a text input.
  *
- * When the ML classifier pack is loaded in a browser context (e.g. a chat
- * widget), models run inside a Web Worker to avoid blocking the main thread.
- * This interface controls worker lifecycle and cache management.
+ * Includes per-category scores and an overall `flagged` boolean that is
+ * `true` when any category exceeds the configured flag threshold (default 0.5).
  */
-export interface BrowserConfig {
+export interface ClassifierResult {
     /**
-     * Run model inference in a Web Worker.
-     * @default true
+     * Per-category confidence scores, one entry for each category that was
+     * evaluated.
      */
-    useWebWorker?: boolean;
+    categories: CategoryScore[];
     /**
-     * Caching strategy for downloaded model weights.
-     * - `'memory'`  — keep weights in memory only (lost on page unload)
-     * - `'indexeddb'` — persist weights to IndexedDB (survives reloads)
-     * - `'none'` — no caching; re-download on every page load
-     * @default 'indexeddb'
+     * `true` when at least one category score exceeds the flag threshold.
+     * Convenience field — equivalent to `categories.some(c => c.confidence > flagThreshold)`.
      */
-    cacheStrategy?: 'memory' | 'indexeddb' | 'none';
+    flagged: boolean;
     /**
-     * Maximum number of model shards to keep in the in-memory cache when
-     * `cacheStrategy === 'memory'`.  Oldest entries are evicted LRU-style.
-     * @default 3
+     * Which classification backend produced this result.
+     * Useful for logging and debugging which tier was active.
      */
-    maxCacheSize?: number;
-    /**
-     * Callback invoked with download progress as model weights are fetched.
-     * Useful for showing a progress bar in the UI.
-     *
-     * @param progress - Current progress state.
-     */
-    onProgress?: (progress: ModelDownloadProgress) => void;
-}
-/**
- * Progress report emitted during model weight downloads.
- *
- * @example
- * ```typescript
- * onProgress({ modelId: 'Xenova/toxic-bert', loaded: 50_000, total: 200_000, percent: 25 })
- * ```
- */
-export interface ModelDownloadProgress {
-    /** Identifier of the model being downloaded (Hugging Face ID or path). */
-    modelId: string;
-    /** Number of bytes downloaded so far. */
-    loaded: number;
-    /** Total number of bytes to download (`0` if unknown). */
-    total: number;
-    /** Download progress as a percentage in the range [0, 100]. */
-    percent: number;
+    source: 'onnx' | 'llm' | 'keyword';
 }
 /**
- * Top-level configuration for the ML Classifier Extension Pack.
+ * Callback signature for invoking an LLM to perform classification when
+ * ONNX models are unavailable.
  *
- * Passed to `createMLClassifierPack()` (or the NestJS module factory) to
- * control which classifiers are active, how models are loaded, and how the
- * sliding-window streaming evaluation behaves.
+ * The callback receives a system prompt and a user message and returns
+ * the raw LLM text response.  The caller is responsible for parsing the
+ * JSON output.
  *
- * @example
- * ```typescript
- * const packOptions: MLClassifierPackOptions = {
- *   classifiers: ['toxicity', 'jailbreak'],
- *   quantized: true,
- *   runtime: 'node',
- *   thresholds: { blockThreshold: 0.95, flagThreshold: 0.75, warnThreshold: 0.5 },
- *   streamingMode: true,
- *   chunkSize: 150,
- *   contextSize: 50,
- * };
- * ```
+ * @param systemPrompt - Instruction prompt describing the classification task.
+ * @param userMessage  - The text to classify.
+ * @returns The raw string response from the LLM.
  */
-export interface MLClassifierPackOptions {
-    /**
-     * Subset of built-in classifiers to activate.
-     * Omit or pass an empty array to activate all built-in classifiers.
-     *
-     * @example `['toxicity', 'injection']`
-     */
-    classifiers?: Array<'toxicity' | 'injection' | 'jailbreak'>;
-    /**
-     * Fully-qualified `IContentClassifier` instances to add alongside the
-     * built-in classifiers (e.g. domain-specific harm classifiers).
-     */
-    customClassifiers?: import('./IContentClassifier').IContentClassifier[];
-    /**
-     * Local filesystem path where downloaded model weights are cached.
-     * Defaults to `~/.cache/agentos/ml-classifiers`.
-     */
-    modelCacheDir?: string;
-    /**
-     * Use 8-bit quantised model variants when available.
-     * Reduces VRAM/RAM footprint and increases inference speed at a small
-     * accuracy cost.
-     * @default false
-     */
-    quantized?: boolean;
-    /**
-     * Execution runtime for model inference.
-     * - `'node'`    — Runs via `@xenova/transformers` in the Node.js process.
-     * - `'browser'` — Runs via `@xenova/transformers` in a Web Worker.
-     * - `'wasm'`    — Explicit WebAssembly fallback (Node.js or browser).
-     * @default 'node'
-     */
-    runtime?: 'node' | 'browser' | 'wasm';
-    /**
-     * Browser-specific options.  Only applicable when `runtime === 'browser'`.
-     */
-    browser?: BrowserConfig;
-    /**
-     * Number of tokens per evaluation window when streaming mode is enabled.
-     * Smaller values detect issues earlier but increase evaluation frequency.
-     * @default 200
-     */
-    chunkSize?: number;
-    /**
-     * Number of tokens from the previous chunk to carry forward as context into
-     * the next window, preventing boundary effects.
-     * @default 50
-     */
-    contextSize?: number;
-    /**
-     * Maximum number of classifier evaluations per stream.  The sliding window
-     * stops advancing after this many evaluations, allowing the stream to
-     * complete without further overhead.
-     * @default 100
-     */
-    maxEvaluations?: number;
-    /**
-     * Enable sliding-window evaluation for streamed (token-by-token) output.
-     * When `false`, classifiers only run on the completed final response.
-     * @default false
-     */
-    streamingMode?: boolean;
-    /**
-     * Pack-level threshold defaults applied to every classifier unless
-     * overridden by a per-classifier {@link ClassifierConfig}.
-     */
-    thresholds?: Partial<ClassifierThresholds>;
-    /**
-     * Scope of guardrail enforcement.
-     * - `'input'`  — Evaluate user messages before orchestration.
-     * - `'output'` — Evaluate agent responses before delivery.
-     * - `'both'`   — Evaluate at both stages.
-     * @default 'both'
-     */
-    guardrailScope?: 'input' | 'output' | 'both';
-}
-/**
- * Well-known service identifier strings for the three built-in ML classifier
- * pipelines.
- *
- * These IDs follow the `agentos:<domain>:<name>` naming convention used
- * throughout the AgentOS extension ecosystem.  Use them to retrieve specific
- * classifier services from the shared service registry.
- *
- * @example
- * ```typescript
- * const toxicity = serviceRegistry.get(ML_CLASSIFIER_SERVICE_IDS.TOXICITY_PIPELINE);
- * ```
- */
-export declare const ML_CLASSIFIER_SERVICE_IDS: {
-    /** Classifier that detects toxic, hateful, or abusive language. */
-    readonly TOXICITY_PIPELINE: "agentos:ml-classifiers:toxicity-pipeline";
-    /** Classifier that detects prompt-injection attempts. */
-    readonly INJECTION_PIPELINE: "agentos:ml-classifiers:injection-pipeline";
-    /** Classifier that detects jailbreak / system-override attempts. */
-    readonly JAILBREAK_PIPELINE: "agentos:ml-classifiers:jailbreak-pipeline";
-};
-/** Union type of all ML classifier service ID strings. */
-export type MLClassifierServiceId = (typeof ML_CLASSIFIER_SERVICE_IDS)[keyof typeof ML_CLASSIFIER_SERVICE_IDS];
+export type LlmInvoker = (systemPrompt: string, userMessage: string) => Promise<string>;
 /**
- * A {@link ClassificationResult} augmented with provenance metadata.
+ * Configuration options for the ML Classifiers extension pack.
  *
- * Produced when a classifier evaluates a chunk of text.  Carries the
- * classifier's identity and the wall-clock latency so callers can build
- * audit trails and SLO dashboards.
+ * All properties are optional.  Sensible defaults allow zero-config operation
+ * using the keyword fallback classifier.
  */
-export interface AnnotatedClassificationResult extends ClassificationResult {
+export interface MLClassifierOptions {
     /**
-     * The {@link IContentClassifier.id} of the classifier that produced this
-     * result (e.g. `ML_CLASSIFIER_SERVICE_IDS.TOXICITY_PIPELINE`).
+     * Which safety categories to evaluate.
+     * @default ALL_CATEGORIES
      */
-    classifierId: string;
+    categories?: ClassifierCategory[];
     /**
-     * Wall-clock time in milliseconds from when `classify()` was called to when
-     * it resolved.
-     */
-    latencyMs: number;
-}
-/**
- * Aggregated evaluation outcome for a single sliding-window chunk.
- *
- * Produced by running all active classifiers against one text window and
- * collating their results into a single action recommendation.
- *
- * The `recommendedAction` is the most restrictive action across all
- * classifiers (BLOCK > FLAG > SANITIZE > ALLOW).
- */
-export interface ChunkEvaluation {
-    /**
-     * Individual results from every classifier that evaluated this chunk,
-     * in the order the classifiers were invoked.
+     * Per-category confidence thresholds that override the global defaults.
+     *
+     * Keys are category names; values are threshold overrides with optional
+     * `flag` and `block` levels.
+     *
+     * @example `{ toxic: { flag: 0.4, block: 0.7 } }`
      */
-    results: AnnotatedClassificationResult[];
+    thresholds?: Partial<Record<ClassifierCategory, {
+        flag?: number;
+        block?: number;
+    }>>;
     /**
-     * The most restrictive guardrail action recommended across all results.
-     * The pipeline should act on this value rather than iterating `results`
-     * manually.
+     * Global flag threshold applied to all categories that do not have a
+     * per-category override.
+     * @default 0.5
      */
-    recommendedAction: GuardrailAction;
+    flagThreshold?: number;
     /**
-     * ID of the classifier that triggered the `recommendedAction`, or `null`
-     * if the action is {@link GuardrailAction.ALLOW} (no classifier triggered).
+     * Global block threshold applied to all categories that do not have a
+     * per-category override.
+     * @default 0.8
      */
-    triggeredBy: string | null;
+    blockThreshold?: number;
     /**
-     * Sum of all classifier `latencyMs` values — useful for profiling the
-     * total evaluation overhead per chunk.
+     * Optional LLM invoker callback.  When provided and ONNX models are
+     * unavailable, the classifier will fall back to LLM-as-judge classification
+     * using this callback.
+     *
+     * When omitted AND ONNX models are unavailable, the classifier falls back
+     * to keyword-based detection.
      */
-    totalLatencyMs: number;
+    llmInvoker?: LlmInvoker;
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAClF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGxD,YAAY,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;AAM1D;;;;;;;;;GASG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,cAAc,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,aAAa,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,EAAE,oBAIvB,CAAC;AAMX;;;;;;GAMG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAE3C;;;;;;;;;OASG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;CAChD;AAMD;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,QAAQ,GAAG,WAAW,GAAG,MAAM,CAAC;IAEhD;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,qBAAqB,KAAK,IAAI,CAAC;CACxD;AAMD;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAqB;IACpC,0EAA0E;IAC1E,OAAO,EAAE,MAAM,CAAC;IAEhB,yCAAyC;IACzC,MAAM,EAAE,MAAM,CAAC;IAEf,0DAA0D;IAC1D,KAAK,EAAE,MAAM,CAAC;IAEd,+DAA+D;IAC/D,OAAO,EAAE,MAAM,CAAC;CACjB;AAMD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;;;OAKG;IACH,WAAW,CAAC,EAAE,KAAK,CAAC,UAAU,GAAG,WAAW,GAAG,WAAW,CAAC,CAAC;IAE5D;;;OAGG;IACH,iBAAiB,CAAC,EAAE,OAAO,sBAAsB,EAAE,kBAAkB,EAAE,CAAC;IAExE;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAAC;IAEtC;;OAEG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;IAExB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;;;OAIG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAE3C;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;CAC9C;AAMD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,yBAAyB;IACpC,mEAAmE;;IAGnE,yDAAyD;;IAGzD,oEAAoE;;CAE5D,CAAC;AAEX,0DAA0D;AAC1D,MAAM,MAAM,qBAAqB,GAC/B,CAAC,OAAO,yBAAyB,CAAC,CAAC,MAAM,OAAO,yBAAyB,CAAC,CAAC;AAM7E;;;;;;GAMG;AACH,MAAM,WAAW,6BAA8B,SAAQ,oBAAoB;IACzE;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,OAAO,EAAE,6BAA6B,EAAE,CAAC;IAEzC;;;;OAIG;IACH,iBAAiB,EAAE,eAAe,CAAC;IAEnC;;;OAGG;IACH,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAE3B;;;OAGG;IACH,cAAc,EAAE,MAAM,CAAC;CACxB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH;;;;;;;GAOG;AACH,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,WAAW,GAAG,MAAM,GAAG,QAAQ,CAAC;AAE3E;;;GAGG;AACH,eAAO,MAAM,cAAc,EAAE,kBAAkB,EAA6C,CAAC;AAM7F;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,iDAAiD;IACjD,IAAI,EAAE,kBAAkB,CAAC;IAEzB,uDAAuD;IACvD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,UAAU,EAAE,aAAa,EAAE,CAAC;IAE5B;;;OAGG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,MAAM,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;CACpC;AAMD;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAMxF;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAElC;;;;;;;OAOG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,kBAAkB,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,CAAC;IAEpF;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;;;;;;OAOG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB"}