open-classify 0.5.0 → 0.6.0

package/README.md

@@ -6,7 +6,7 @@
   Decide what should happen to a user message <em>before</em> it reaches your downstream model.
 </p>
 
-Open Classify is a pre-routing layer for AI products. It runs a small set of fast classifiers in parallel against the latest user message, then returns a single decision envelope your app can act on: a downstream model recommendation, a tool exposure list, an optional acknowledgement, and any custom signals your own classifiers contribute.
+Open Classify is a pre-routing layer for AI products. It runs a small set of fast classifiers in parallel against the latest user message, then returns a single `PipelineResult` your app can act on: an action (`route`, `block`, or `reply`), a downstream model recommendation, a tool exposure list, an optional immediate reply, and any custom signals your own classifiers contribute.
 
 Use it when your frontier model should not be the first thing every request touches. Open Classify can handle tiny terminal replies before they hit an expensive model, recommend the right downstream model for the actual task, suggest what tools or context the downstream model should receive, and add a focused prompt-injection pass.
 
@@ -17,7 +17,7 @@ message
 normalize + trim classifier context
   │
   ├─► preflight ─────────────► final_reply? / ack_reply?
-  ├─► routing ───────────────► model_tier?
+  ├─► model_tier ────────────► model_tier?
   ├─► model_specialization ──► model_specialization?
   ├─► tools ─────────────────► tools?
   ├─► prompt_injection ─────► risk_level?
@@ -28,18 +28,18 @@ normalize + trim classifier context
 aggregator + model catalog
   │
   ▼
-route
+PipelineResult { action, model_id, tools, reply, ... }
 ```
 
 Every classifier uses the same manifest shape and emits the same output envelope: `{ reason, certainty, ...payload }`. Some payload fields are **reserved** — like `model_tier`, `final_reply`, and `risk_level` — and the aggregator knows how to consume them into a routing decision. Everything else is your classifier's own data and passes through to the caller untouched.
 
 ## Why Open Classify
 
-- **Spend frontier tokens only when they matter.** Simple greetings, thanks, spelling checks, and small arithmetic can be answered immediately via `audit.final_reply` without sending the request downstream.
-- **Keep the user interface responsive.** For complex work, preflight can suggest an `ack_reply` while your app routes the request to the real worker.
+- **Spend frontier tokens only when they matter.** Simple greetings, thanks, spelling checks, and small arithmetic can be answered immediately (`action: "reply"`) without sending the request downstream.
+- **Keep the user interface responsive.** For complex work, preflight emits an `ack_reply` — a task-specific acknowledgement your UI can show while routing the real request.
 - **Pick the right model per message.** Classifiers emit soft constraints like tier and specialization; your catalog turns those into a concrete model optimized for cost, capability, and fit.
 - **Shape downstream context intentionally.** Built-in and custom classifiers can recommend tools, retrieval queries, summaries, or other context hints without passing the full conversation history back to the caller.
-- **Add another defensive layer.** The `prompt_injection` classifier surfaces instruction-override attempts so your app can decide whether to continue.
+- **Add another defensive layer.** The `prompt_injection` classifier surfaces instruction-override attempts. High-risk or unknown injection risk automatically sets `action: "block"`.
 
 ## Install
 
@@ -62,10 +62,18 @@ const result = await classify({
   ],
 });
 
-// result.action is always "route". Use the audit envelope and the per-classifier
-// outputs to decide what to do next.
-const { model_id, target_message, tools } = result.downstream;
-const ackReply = result.audit.ack_reply?.text;
+if (result.action === "block") {
+  // classification error or prompt injection — handle appropriately
+  console.error(result.block_reason, result.failed_classifiers);
+} else if (result.action === "reply") {
+  // preflight can answer this immediately — skip the downstream model
+  respondToUser(result.reply.text);
+} else {
+  // route to the downstream model
+  callDownstream(result.model_id, result.tools);
+  respondToUser(result.reply?.text); // show the ack while it works
+}
+
 const queries = result.classifier_outputs.memory_retrieval_queries?.queries;
 ```
 
@@ -73,36 +81,39 @@ const queries = result.classifier_outputs.memory_retrieval_queries?.queries;
 
 ### Classifying assistant output
 
-`inspect()` is a lean second pass for the **assistant's reply**. It only runs classifiers tagged `applies_to: "both"` (or `"assistant"`) in their manifest, and returns just the per-classifier outputs — no routing, no model resolution, no audit envelope.
+`inspect()` is a lean second pass for the **assistant's reply**. It only runs classifiers tagged `applies_to: "both"` (or `"assistant"`) in their manifest, and returns the per-classifier outputs plus the message that was inspected — no routing, no action, no block logic.
 
 ```ts
-const reply = await inspect({
+const result = await inspect({
   messages: [
     { role: "user", text: "Summarize the contract." },
     { role: "assistant", text: "The contract has three notable risks…" },
   ],
 });
 
-const risk = reply.classifier_outputs.prompt_injection?.risk_level;
+// result.message is { role: "assistant", text: "..." }
+const risk = result.classifier_outputs.prompt_injection?.risk_level;
 ```
 
-Use it for things like prompt-injection checks on model output, summarized slugs, or any classifier you want to apply post-hoc. The built-in `prompt_injection` classifier ships tagged `"both"`, so it runs in both passes; everything else is `"user"` by default. Tag your own classifiers with `applies_to` in their manifest to opt into either side.
+Use it for things like prompt-injection checks on model output, summarized slugs, or any classifier you want to apply post-hoc. The built-in `prompt_injection` classifier ships tagged `"both"`, so it runs in both passes; everything else is `"user"` by default.
 
 ## What you get back
 
-Every call returns a `PipelineResult`:
+Every `classify()` call returns a `PipelineResult`:
 
 | Field | What it is |
 |---|---|
-| `action` | Always `"route"` — the worker pool always runs every classifier and returns aggregated results |
+| `action` | `"route"` \| `"block"` \| `"reply"` |
+| `block_reason` | `"prompt_injection"` \| `"classification_error"` (only when `action === "block"`) |
 | `target_message_hash` | Stable 8-hex fingerprint of the target message |
-| `downstream.model_id` | Concrete model id chosen from your catalog |
-| `downstream.target_message` | The sanitized target message that should be sent downstream |
-| `downstream.tools` | The recommended tool exposure (may be `{ tools: [] }`) |
-| `classifier_outputs[name]` | Each classifier's payload (reserved + custom fields) with `reason` and `certainty` stripped |
-| `audit` | The full envelope: reserved-field slots, every classifier's full output, model resolution details, and run metadata |
-
-For complex requests, look for `audit.ack_reply` — that's the immediate acknowledgement your UI can show while the downstream model works. For trivial requests, `audit.final_reply.text` is a tiny terminal answer your app can return directly without ever calling the downstream model. The pipeline never decides for you; the caller chooses what to act on.
+| `model_id` | Concrete model id chosen from your catalog (or `null` if unresolvable) |
+| `tools` | Recommended tool ids (always an array; empty if not emitted) |
+| `reply` | `{ text }` — the `ack_reply` or `final_reply` text, if any |
+| `prompt_injection` | `{ risk_level }` from the injection classifier, or `null` |
+| `avg_certainty` | Arithmetic mean certainty score (float 0–1) across all classifiers |
+| `min_certainty` | Minimum certainty score (float 0–1) across all classifiers |
+| `failed_classifiers` | Names of classifiers that errored or timed out (always present; may be empty) |
+| `classifier_outputs` | Each classifier's payload with `reason` (string) and `certainty` (float) |
 
 Example result:
 
@@ -110,30 +121,19 @@ Example result:
 {
   "action": "route",
   "target_message_hash": "b11d5268",
-  "downstream": {
-    "model_id": "gpt-5.5",
-    "tools": { "tools": ["workspace"] },
-    "target_message": { "role": "user", "text": "...", "hash": "b11d5268" }
-  },
+  "model_id": "gpt-5.5",
+  "tools": ["workspace"],
+  "reply": { "text": "On it — I'll review the contract now." },
+  "prompt_injection": { "risk_level": "normal" },
+  "avg_certainty": 0.84,
+  "min_certainty": 0.75,
+  "failed_classifiers": [],
   "classifier_outputs": {
-    "routing": { "model_tier": "frontier_strong" },
-    "model_specialization": { "model_specialization": "coding" },
-    "tools": { "tools": ["workspace"] },
-    "prompt_injection": { "risk_level": "normal" },
-    "memory_retrieval_queries": { "queries": ["user code review preferences"] }
-  },
-  "audit": {
-    "ack_reply": { "text": "Let me check." },
-    "routing": { "model_tier": "frontier_strong", "model_specialization": "coding" },
-    "tools": { "tools": ["workspace"] },
-    "prompt_injection": { "risk_level": "normal" },
-    "classifier_outputs": [ /* every classifier's full output, with reason + certainty */ ],
-    "model_recommendation": {
-      "id": "gpt-5.5",
-      "context_window": 1050000,
-      "resolution": { "...": "..." }
-    },
-    "meta": { "classifiers": { "...": "..." } }
+    "model_tier": { "model_tier": "frontier_strong", "reason": "...", "certainty": 0.88 },
+    "model_specialization": { "model_specialization": "coding", "reason": "...", "certainty": 0.75 },
+    "tools": { "tools": ["workspace"], "reason": "...", "certainty": 0.88 },
+    "prompt_injection": { "risk_level": "normal", "reason": "...", "certainty": 0.97 },
+    "memory_retrieval_queries": { "queries": ["user code review preferences"], "reason": "...", "certainty": 0.75 }
   }
 }
 ```
@@ -142,16 +142,16 @@ Example result:
 
 Open Classify ships with eight built-in classifiers; all use the same manifest shape. There is no distinction between "stock" and "custom" — the runtime only cares about which **reserved fields** a classifier declares.
 
-| Name | Reserved fields | What the aggregator does with it |
-|---|---|---|
-| `preflight` | `final_reply`, `ack_reply` | Surfaces the highest-certainty reply in `audit.final_reply` / `audit.ack_reply` |
-| `routing` | `model_tier` | Feeds the catalog resolver as a soft constraint |
-| `model_specialization` | `model_specialization` | Feeds the catalog resolver as a soft constraint |
-| `tools` | `tools` | Sets `downstream.tools` |
-| `prompt_injection` | `risk_level` | Surfaces in `audit.prompt_injection` |
-| `memory_retrieval_queries` | — | Passes through to `classifier_outputs.memory_retrieval_queries` |
-| `conversation_digest` | — | Passes through |
-| `context_shift` | — | Passes through |
+| Name | dispatch_order | Reserved fields | What the aggregator does with it |
+|---|---|---|---|
+| `preflight` | 10 | `final_reply`, `ack_reply` | Sets `action: "reply"` or populates `result.reply` |
+| `model_tier` | 20 | `model_tier` | Feeds the catalog resolver as a soft constraint |
+| `model_specialization` | 30 | `model_specialization` | Feeds the catalog resolver as a soft constraint |
+| `tools` | 40 | `tools` | Sets `result.tools` |
+| `prompt_injection` | 50 | `risk_level` | High-risk/unknown → `action: "block"`; suspicious → advisory |
+| `memory_retrieval_queries` | 60 | — | Passes through to `classifier_outputs` |
+| `conversation_digest` | 70 | — | Passes through |
+| `context_shift` | 80 | — | Passes through |
 
 Reserved fields are well-known output keys with canonical JSON Schemas and prompt fragments baked into the runtime. When you declare one in your manifest, you don't have to redeclare its enum values or shape — the runtime injects them.
 
@@ -198,7 +198,7 @@ Rules:
 
 - `name` must match the directory name.
 - Reserved field names cannot appear in `output_schema.properties` — declare them in `reserved_fields` instead.
-- `fallback` must validate against the composed schema; reserved fields are optional in fallback since "I failed" means "no signal."
+- `fallback` requires only `reason` and `certainty`; reserved and custom required fields are exempt from the fallback check.
 - If you want hand-picked examples (preflight does this), add an `output_schema.examples` array. Each entry must validate against the composed schema at load time. Otherwise the runtime synthesizes a skeleton example for you.
 
 Consume your output:
@@ -212,7 +212,7 @@ See [docs/adding-a-classifier.md](docs/adding-a-classifier.md) for a full walkth
 
 ## Using reserved fields in your own classifier
 
-Any classifier can emit reserved fields. If you write your own `task_router` that emits `model_tier`, the aggregator will fold it into the model resolution alongside the built-in `routing` classifier — highest-certainty contributor wins, ties broken by manifest `dispatch_order` ascending.
+Any classifier can emit reserved fields. If you write your own `task_router` that emits `model_tier`, the aggregator will fold it into the model resolution alongside the built-in `model_tier` classifier — highest-certainty contributor wins, ties broken by manifest `dispatch_order` ascending.
 
 ```json
 {
@@ -262,7 +262,7 @@ Classifiers never emit model ids. They emit constraints; your catalog maps const
 }
 ```
 
-The resolver picks the cheapest model matching `model_specialization` and `model_tier`, relaxing constraints in order when nothing fits, and reports what it dropped on `audit.model_recommendation.resolution`. See [docs/resolver.md](docs/resolver.md) for ranking details.
+The resolver picks the cheapest model matching `model_specialization` and `model_tier`, relaxing constraints in order when nothing fits. See [docs/resolver.md](docs/resolver.md) for ranking details.
 
 ## Input contract
 
@@ -292,14 +292,11 @@ cp open-classify.config.example.json open-classify.config.json
     "provider": "ollama",
     "defaultModel": "gemma4:e4b-it-q4_K_M",
     "models": {
-      "routing": "qwen2.5:7b-instruct-q4_K_M",
+      "model_tier": "qwen2.5:7b-instruct-q4_K_M",
       "prompt_injection": "llama-guard3:8b",
       "memory_retrieval_queries": "qwen2.5:7b-instruct-q4_K_M"
     }
   },
-  "aggregator": {
-    "certaintyThreshold": 0.65
-  },
   "catalog": "downstream-models.json"
 }
 ```

package/dist/src/aggregator.d.ts

@@ -1,28 +1,12 @@
-import type { AggregatorConfig, Catalog, ClassifierRegistry, ClassifierResults, Envelope, ModelRecommendation, ModelRecommendationResolution } from "./manifest.js";
-import type { AckReplySignal, Certainty, FinalReplySignal, RoutingSignal, ToolsSignal } from "./stock.js";
-import type { DownstreamModelTier, ModelSpecialization } from "./enums.js";
-import type { ClassifierInput } from "./types.js";
-export declare const DEFAULT_CERTAINTY_THRESHOLD = 0.65;
-/** @deprecated Use DEFAULT_CERTAINTY_THRESHOLD. */
-export declare const DEFAULT_CONFIDENCE_THRESHOLD = 0.65;
-export interface ComposeEnvelopeArgs {
+import type { Catalog, ClassifierPublicOutputs, ClassifierRegistry, ClassifierResults, PipelineResult } from "./manifest.js";
+import type { AckReplySignal, FinalReplySignal, ToolsSignal } from "./stock.js";
+export interface AssembleResultArgs {
     readonly registry: ClassifierRegistry;
     readonly results: ClassifierResults;
+    readonly failedClassifiers: ReadonlyArray<string>;
     readonly catalog: Catalog;
-    readonly input: ClassifierInput;
-    readonly config?: AggregatorConfig;
 }
-export declare function composeEnvelope(args: ComposeEnvelopeArgs): Envelope;
-export declare function certaintyThreshold(config: AggregatorConfig | undefined): number;
-export declare function resolveModelFromRouting(routing: RoutingSignal | undefined, catalog: Catalog, confidence: number | undefined, ignoredConstraints?: ModelRecommendationResolution["constraints_dropped"]): ModelRecommendation;
-export declare function resolveModel(results: Readonly<{
-    routing?: {
-        model_tier?: DownstreamModelTier;
-        certainty?: Certainty;
-    };
-    model_specialization?: {
-        model_specialization?: ModelSpecialization;
-        certainty?: Certainty;
-    };
-}>, catalog: Catalog, threshold: number): ModelRecommendation;
+type AssembledResult = Omit<PipelineResult, "target_message_hash">;
+export declare function assembleResult(args: AssembleResultArgs): AssembledResult;
+export declare function buildPublicOutputs(registry: ClassifierRegistry, results: ClassifierResults): ClassifierPublicOutputs;
 export type { FinalReplySignal, AckReplySignal, ToolsSignal };

package/dist/src/aggregator.js

@@ -1,119 +1,121 @@
 import { certaintyScore } from "./stock.js";
-export const DEFAULT_CERTAINTY_THRESHOLD = 0.65;
-/** @deprecated Use DEFAULT_CERTAINTY_THRESHOLD. */
-export const DEFAULT_CONFIDENCE_THRESHOLD = DEFAULT_CERTAINTY_THRESHOLD;
-export function composeEnvelope(args) {
-    const { registry, results, catalog, config } = args;
-    const threshold = certaintyThreshold(config);
-    const finalReplyPick = pickReservedField(registry, results, "final_reply", threshold);
-    const ackReplyPick = pickReservedField(registry, results, "ack_reply", threshold);
-    const tierPick = pickReservedField(registry, results, "model_tier", threshold);
-    const specPick = pickReservedField(registry, results, "model_specialization", threshold);
-    const toolsPick = pickReservedField(registry, results, "tools", threshold);
-    const riskLevelPick = pickReservedField(registry, results, "risk_level", threshold);
-    const routing = mergeRouting(tierPick?.value, specPick?.value);
-    const routingConfidence = maxConfidence([tierPick?.confidence, specPick?.confidence]);
-    const routingDrops = lowConfidenceRoutingDrops(registry, results, threshold, routing);
-    const envelope = {
-        ...optional("final_reply", finalReplyPick?.value),
-        ...optional("ack_reply", ackReplyPick?.value),
-        ...optional("routing", routing),
-        ...optional("tools", toolsPick?.value === undefined ? undefined : { tools: toolsPick.value }),
-        ...optional("prompt_injection", riskLevelPick?.value === undefined ? undefined : { risk_level: riskLevelPick.value }),
-        classifier_outputs: buildAuditOutputs(registry, results),
-        model_recommendation: resolveModelFromRouting(routing, catalog, routingConfidence, routingDrops),
-    };
-    return envelope;
-}
-export function certaintyThreshold(config) {
-    return config?.certaintyThreshold ?? config?.confidenceThreshold ?? DEFAULT_CERTAINTY_THRESHOLD;
-}
-function optional(key, value) {
-    return value === undefined ? {} : { [key]: value };
-}
-// Highest-certainty contributor wins. Ties broken by registry order — the
-// registry is already sorted by `dispatch_order` ascending (classifiers without
-// dispatch_order sort last), and we iterate in that order, so the first
-// encountered tie keeps the slot.
-function pickReservedField(registry, results, field, threshold) {
-    let best;
-    for (const manifest of registry) {
-        if (!manifest.reservedFields.includes(field))
-            continue;
-        const output = results[manifest.name];
-        if (output === undefined)
-            continue;
-        const raw = output[field];
-        if (raw === undefined)
-            continue;
-        const confidence = scoreCertainty(output.certainty);
-        if (confidence < threshold)
-            continue;
-        if (best === undefined || confidence > best.confidence) {
-            best = { value: raw, confidence, source: manifest.name };
-        }
+export function assembleResult(args) {
+    const { registry, results, failedClassifiers, catalog } = args;
+    // Pick reserved fields — highest certainty wins, no threshold gate.
+    const finalReply = pickField(registry, results, "final_reply");
+    const ackReply = pickField(registry, results, "ack_reply");
+    const modelTier = pickField(registry, results, "model_tier");
+    const modelSpec = pickField(registry, results, "model_specialization");
+    const toolsPick = pickField(registry, results, "tools");
+    const riskLevel = pickField(registry, results, "risk_level");
+    // Resolve concrete model id.
+    let model_id = null;
+    try {
+        const routing = mergeRouting(modelTier?.value, modelSpec?.value);
+        model_id = resolveModelFromRouting(routing, catalog).id;
+    }
+    catch {
+        // Catalog error — model_id stays null.
+    }
+    const tools = toolsPick?.value ?? [];
+    const reply = finalReply?.value
+        ? { text: finalReply.value.text }
+        : ackReply?.value
+            ? { text: ackReply.value.text }
+            : null;
+    const prompt_injection = riskLevel?.value !== undefined ? { risk_level: riskLevel.value } : null;
+    const { avg_certainty, min_certainty } = certaintySummary(registry, results);
+    const classifier_outputs = buildPublicOutputs(registry, results);
+    // Determine action. Priority: prompt_injection > classification_error > reply > route.
+    const isInjectionBlock = riskLevel?.value === "high_risk" || riskLevel?.value === "unknown";
+    const isClassificationError = failedClassifiers.length > 0 || reply === null || model_id === null;
+    let action;
+    let block_reason;
+    if (isInjectionBlock) {
+        action = "block";
+        block_reason = "prompt_injection";
+    }
+    else if (isClassificationError) {
+        action = "block";
+        block_reason = "classification_error";
+    }
+    else if (finalReply?.value !== undefined) {
+        action = "reply";
+    }
+    else {
+        action = "route";
     }
-    return best;
-}
-function mergeRouting(tier, model_specialization) {
-    if (tier === undefined && model_specialization === undefined)
-        return undefined;
     return {
-        ...(tier === undefined ? {} : { model_tier: tier }),
-        ...(model_specialization === undefined ? {} : { model_specialization }),
+        action,
+        ...(block_reason !== undefined ? { block_reason } : {}),
+        model_id,
+        tools,
+        reply,
+        prompt_injection,
+        avg_certainty,
+        min_certainty,
+        failed_classifiers: failedClassifiers,
+        classifier_outputs,
     };
 }
-function maxConfidence(values) {
-    const finite = values.filter((v) => v !== undefined);
-    if (finite.length === 0)
-        return undefined;
-    return Math.max(...finite);
-}
-function buildAuditOutputs(registry, results) {
-    const out = [];
+// Build the public classifier_outputs map. Keeps reason + payload fields;
+// converts certainty label to float score.
+export function buildPublicOutputs(registry, results) {
+    const out = {};
     for (const manifest of registry) {
         const result = results[manifest.name];
         if (result === undefined)
             continue;
-        out.push({ classifier: manifest.name, ...result });
+        const { certainty, ...rest } = result;
+        out[manifest.name] = {
+            ...rest,
+            certainty: scoreCertainty(certainty),
+        };
     }
     return out;
 }
-// ─── Model recommendation ───────────────────────────────────────────────────
-function lowConfidenceRoutingDrops(registry, results, threshold, merged) {
-    const dropped = [];
-    if (merged?.model_tier === undefined && hasLowConfidenceReservedField(registry, results, "model_tier", threshold)) {
-        dropped.push({ axis: "model_tier", reason: "low_confidence" });
-    }
-    if (merged?.model_specialization === undefined &&
-        hasLowConfidenceReservedField(registry, results, "model_specialization", threshold)) {
-        dropped.push({ axis: "model_specialization", reason: "low_confidence" });
-    }
-    return dropped;
-}
-function hasLowConfidenceReservedField(registry, results, field, threshold) {
+function certaintySummary(registry, results) {
+    const scores = registry.map((m) => scoreCertainty(results[m.name]?.certainty));
+    if (scores.length === 0)
+        return { avg_certainty: 0, min_certainty: 0 };
+    const min_certainty = Math.min(...scores);
+    const avg_certainty = scores.reduce((sum, v) => sum + v, 0) / scores.length;
+    return { min_certainty, avg_certainty };
+}
+// Highest certainty wins; ties broken by registry order (already sorted by
+// dispatch_order ascending).
+function pickField(registry, results, field) {
+    let best;
     for (const manifest of registry) {
         if (!manifest.reservedFields.includes(field))
             continue;
         const output = results[manifest.name];
         if (output === undefined)
             continue;
-        if (output[field] === undefined)
+        const raw = output[field];
+        if (raw === undefined)
             continue;
-        if (scoreCertainty(output.certainty) < threshold)
-            return true;
+        const score = scoreCertainty(output.certainty);
+        if (best === undefined || score > best.score) {
+            best = { value: raw, source: manifest.name, score };
+        }
     }
-    return false;
+    return best;
 }
 function scoreCertainty(certainty) {
     return certainty === undefined ? 0 : certaintyScore[certainty];
 }
-export function resolveModelFromRouting(routing, catalog, confidence, ignoredConstraints = []) {
+// ─── Model resolution ────────────────────────────────────────────────────────
+function mergeRouting(tier, specialization) {
+    if (tier === undefined && specialization === undefined)
+        return undefined;
+    return {
+        ...(tier === undefined ? {} : { model_tier: tier }),
+        ...(specialization === undefined ? {} : { model_specialization: specialization }),
+    };
+}
+function resolveModelFromRouting(routing, catalog) {
     const requested = {};
-    const confidences = {};
-    if (confidence !== undefined) {
-        confidences.routing = confidence;
-    }
     if (routing?.model_specialization !== undefined) {
         requested.model_specialization = routing.model_specialization;
     }
@@ -121,74 +123,27 @@ export function resolveModelFromRouting(routing, catalog, confidence, ignoredCon
         requested.model_tier = routing.model_tier;
     }
     const passes = [
-        { useSpecialization: true, useTier: true },
-        { useSpecialization: true, useTier: false },
-        { useSpecialization: false, useTier: true },
-        { useSpecialization: false, useTier: false },
+        { useSpec: true, useTier: true },
+        { useSpec: true, useTier: false },
+        { useSpec: false, useTier: true },
+        { useSpec: false, useTier: false },
     ];
     for (const pass of passes) {
-        const constraints_used = constraintsForPass(requested, pass);
-        const matching = catalog.models.filter((model) => matchesConstraints(model, constraints_used));
+        const constraints = constraintsForPass(requested, pass);
+        const matching = catalog.models.filter((m) => matchesConstraints(m, constraints));
         if (matching.length === 0)
             continue;
-        const winner = pickBestModel(matching, catalog.models);
-        return {
-            ...modelRecommendationFields(winner),
-            resolution: {
-                constraints_used,
-                constraints_dropped: [
-                    ...ignoredConstraints,
-                    ...relaxedConstraints(requested, constraints_used),
-                ],
-                confidences,
-                fell_back_to_default: false,
-            },
-        };
+        return { id: pickBestModel(matching, catalog.models).id };
     }
-    const fallback = catalog.models.find((model) => model.id === catalog.default);
+    const fallback = catalog.models.find((m) => m.id === catalog.default);
     if (!fallback) {
-        throw new Error(`catalog default "${catalog.default}" not found in models — catalog skipped validation`);
+        throw new Error(`catalog default "${catalog.default}" not found in models`);
     }
-    return {
-        ...modelRecommendationFields(fallback),
-        resolution: {
-            constraints_used: {},
-            constraints_dropped: [
-                ...ignoredConstraints,
-                ...defaultFallbackConstraints(requested),
-            ],
-            confidences,
-            fell_back_to_default: true,
-        },
-    };
-}
-// Test-friendly convenience wrapper: given typed result outputs for the
-// routing-bearing classifiers, merge their reserved fields and resolve a
-// model.
-export function resolveModel(results, catalog, threshold) {
-    const routingCert = scoreCertainty(results.routing?.certainty);
-    const specCert = scoreCertainty(results.model_specialization?.certainty);
-    const tier = routingCert >= threshold ? results.routing?.model_tier : undefined;
-    const model_specialization = specCert >= threshold ? results.model_specialization?.model_specialization : undefined;
-    const merged = mergeRouting(tier, model_specialization);
-    const dropped = [];
-    if (tier === undefined && results.routing?.model_tier !== undefined && routingCert < threshold) {
-        dropped.push({ axis: "model_tier", reason: "low_confidence" });
-    }
-    if (model_specialization === undefined &&
-        results.model_specialization?.model_specialization !== undefined &&
-        specCert < threshold) {
-        dropped.push({ axis: "model_specialization", reason: "low_confidence" });
-    }
-    const confidence = maxConfidence([
-        results.routing?.certainty === undefined ? undefined : routingCert,
-        results.model_specialization?.certainty === undefined ? undefined : specCert,
-    ]);
-    return resolveModelFromRouting(merged, catalog, confidence, dropped);
+    return { id: fallback.id };
 }
 function constraintsForPass(requested, pass) {
     return {
-        ...(pass.useSpecialization && requested.model_specialization !== undefined
+        ...(pass.useSpec && requested.model_specialization !== undefined
             ? { model_specialization: requested.model_specialization }
             : {}),
         ...(pass.useTier && requested.model_tier !== undefined
@@ -201,32 +156,11 @@ function matchesConstraints(model, constraints) {
         model.specializations.includes(constraints.model_specialization)) &&
         (constraints.model_tier === undefined || model.tier === constraints.model_tier));
 }
-function relaxedConstraints(requested, used) {
-    const dropped = [];
-    if (requested.model_specialization !== undefined && used.model_specialization === undefined) {
-        dropped.push({ axis: "model_specialization", reason: "no_match_relaxed" });
-    }
-    if (requested.model_tier !== undefined && used.model_tier === undefined) {
-        dropped.push({ axis: "model_tier", reason: "no_match_relaxed" });
-    }
-    return dropped;
-}
-function defaultFallbackConstraints(requested) {
-    const dropped = [];
-    if (requested.model_specialization !== undefined) {
-        dropped.push({ axis: "model_specialization", reason: "default_fallback" });
-    }
-    if (requested.model_tier !== undefined) {
-        dropped.push({ axis: "model_tier", reason: "default_fallback" });
-    }
-    return dropped;
-}
 function pickBestModel(candidates, catalogOrder) {
     let winner = candidates[0];
     for (let i = 1; i < candidates.length; i++) {
-        const candidate = candidates[i];
-        if (compareModels(candidate, winner, catalogOrder) < 0) {
-            winner = candidate;
+        if (compareModels(candidates[i], winner, catalogOrder) < 0) {
+            winner = candidates[i];
         }
     }
     return winner;
@@ -238,27 +172,15 @@ function compareModels(a, b, catalogOrder) {
     if (a.params_in_billions !== b.params_in_billions) {
         return comparableParams(b) - comparableParams(a);
     }
-    if (a.context_window !== b.context_window) {
+    if (a.context_window !== b.context_window)
         return b.context_window - a.context_window;
-    }
     return catalogOrder.indexOf(a) - catalogOrder.indexOf(b);
 }
 function priceIndex(model) {
-    if (model.input_tokens_cpm === undefined || model.output_tokens_cpm === undefined) {
+    if (model.input_tokens_cpm === undefined || model.output_tokens_cpm === undefined)
         return 0;
-    }
     return model.input_tokens_cpm + model.output_tokens_cpm;
 }
 function comparableParams(model) {
     return model.params_in_billions ?? 0;
 }
-function modelRecommendationFields(winner) {
-    return {
-        id: winner.id,
-        params_in_billions: winner.params_in_billions,
-        context_window: winner.context_window,
-        ...(winner.input_tokens_cpm === undefined ? {} : { input_tokens_cpm: winner.input_tokens_cpm }),
-        ...(winner.cached_tokens_cpm === undefined ? {} : { cached_tokens_cpm: winner.cached_tokens_cpm }),
-        ...(winner.output_tokens_cpm === undefined ? {} : { output_tokens_cpm: winner.output_tokens_cpm }),
-    };
-}