thumbgate 1.26.7 → 1.27.2

package/scripts/agent-reward-model.js

@@ -331,6 +331,55 @@ function buildRewardReport(episodes = [], options = {}) {
       deep: 'destructive, public, or production-adjacent work',
       xhigh: 'payments, secrets, deploy-prod, data-loss, force-push-main',
     },
+    continualAdapterPlan: buildContinualAdapterTrainingPlan(episodes, options),
+  };
+}
+
+function buildContinualAdapterTrainingPlan(episodes = [], options = {}) {
+  const maxAdapters = Math.max(1, Number(options.maxAdapters || 4));
+  const minExamples = Math.max(1, Number(options.minExamples || 2));
+  const pairs = buildPreferencePairs(episodes, { ...options, maxPairs: Number(options.maxPairs || 24) });
+  const candidates = rankGateCandidatesByReward(episodes, {
+    ...options,
+    minOccurrences: minExamples,
+    maxGateCandidates: maxAdapters,
+  }).slice(0, maxAdapters);
+
+  const adapters = candidates.map((candidate, index) => ({
+    id: `lora_${candidate.gateId || `adapter_${index + 1}`}`.slice(0, 96),
+    source: candidate.key,
+    trainingMode: 'concurrent-lora',
+    examples: candidate.occurrences,
+    priorityScore: candidate.priorityScore,
+    targetBehavior: candidate.recommendation,
+    retentionChecks: [
+      'baseline gate pass-rate must not regress',
+      'previous adapter reward must stay within tolerance',
+      'new adapter must improve blocked-repeat or verification reward on held-out episodes',
+    ],
+  }));
+
+  const enoughData = pairs.length >= minExamples && adapters.length > 0;
+  return {
+    status: enoughData ? 'ready' : 'needs_more_feedback',
+    trainingStack: 'multi-lora-continual-learning',
+    baseModelPolicy: 'freeze base model; train small adapters from reward-ranked DPO pairs',
+    scheduling: adapters.length > 1 ? 'batch adapters concurrently when they share the same frozen base' : 'train serially until at least two adapter candidates exist',
+    adapters,
+    dpoPairsAvailable: pairs.length,
+    retentionGate: 'ship no adapter unless reward, regression, and prior-domain retention checks pass',
+    nextActions: enoughData
+      ? [
+          'Export reward-ranked DPO pairs.',
+          'Train candidate LoRA adapters concurrently on the same frozen base.',
+          'Evaluate each adapter against held-out negative episodes and prior positive episodes.',
+          'Promote only the adapter that improves reward without retention regression.',
+        ]
+      : [
+          'Capture more thumbs-up/down outcomes before training.',
+          'Promote deterministic gates first when examples are sparse.',
+          'Use local semantic recall until enough reward-ranked pairs exist for adapter training.',
+        ],
   };
 }
 
@@ -419,8 +468,10 @@ if (isCliInvocation()) {
     console.log(JSON.stringify(buildPreferencePairs(episodes), null, 2));
   } else if (args.command === 'gates') {
     console.log(JSON.stringify(rankGateCandidatesByReward(episodes), null, 2));
+  } else if (args.command === 'adapters') {
+    console.log(JSON.stringify(buildContinualAdapterTrainingPlan(episodes), null, 2));
   } else {
-    console.error(`Unknown command: ${args.command}. Use: report, pairs, gates`);
+    console.error(`Unknown command: ${args.command}. Use: report, pairs, gates, adapters`);
     process.exit(1);
   }
 }
@@ -428,6 +479,7 @@ if (isCliInvocation()) {
 module.exports = {
   HIGH_RISK_TAGS,
   allocateTestTimeCompute,
+  buildContinualAdapterTrainingPlan,
   buildPreferencePairFromEpisodes,
   buildPreferencePairs,
   buildRewardReport,

package/scripts/ai-component-inventory.js

@@ -0,0 +1,367 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+
+const DEFAULT_MAX_FILES = 2500;
+const DEFAULT_MAX_BYTES = 1024 * 1024;
+
+const IGNORE_DIRS = new Set([
+  '.git',
+  '.hg',
+  '.svn',
+  '.thumbgate',
+  '.venv',
+  'venv',
+  '__pycache__',
+  'node_modules',
+  'dist',
+  'build',
+  'coverage',
+  '.next',
+  '.turbo',
+  '.cache',
+]);
+
+const TEXT_EXTENSIONS = new Set([
+  '.js',
+  '.jsx',
+  '.ts',
+  '.tsx',
+  '.mjs',
+  '.cjs',
+  '.py',
+  '.ipynb',
+  '.go',
+  '.java',
+  '.rb',
+  '.rs',
+  '.php',
+  '.cs',
+  '.swift',
+  '.kt',
+  '.scala',
+  '.sh',
+  '.yaml',
+  '.yml',
+  '.toml',
+  '.json',
+  '.ini',
+]);
+
+const MODEL_EXTENSIONS = new Map([
+  ['.gguf', { name: 'GGUF model artifact', category: 'model_artifact', ecosystem: 'local-model' }],
+  ['.safetensors', { name: 'SafeTensors model artifact', category: 'model_artifact', ecosystem: 'local-model' }],
+  ['.onnx', { name: 'ONNX model artifact', category: 'model_artifact', ecosystem: 'onnx' }],
+  ['.pt', { name: 'PyTorch model artifact', category: 'model_artifact', ecosystem: 'pytorch' }],
+  ['.pth', { name: 'PyTorch model artifact', category: 'model_artifact', ecosystem: 'pytorch' }],
+  ['.tflite', { name: 'TensorFlow Lite model artifact', category: 'model_artifact', ecosystem: 'tensorflow' }],
+]);
+
+const SOURCE_PATTERNS = [
+  component('openai', 'OpenAI SDK/API', 'provider_sdk', 'openai', /\b(from\s+openai\s+import|import\s+openai\b|require\(['"]openai['"]\)|from\s+['"]openai['"]|@openai\/agents|new\s+OpenAI\s*\()/i),
+  component('anthropic', 'Anthropic Claude SDK/API', 'provider_sdk', 'anthropic', /\b(@anthropic-ai\/sdk|from\s+anthropic\s+import|import\s+anthropic\b|require\(['"]@anthropic-ai\/sdk['"]\)|new\s+Anthropic\s*\()/i),
+  component('google-gemini', 'Google Gemini SDK/API', 'provider_sdk', 'google', /\b(@google\/generative-ai|google-genai|from\s+google\s+import\s+genai|GoogleGenerativeAI|GenerativeModel)/i),
+  component('vertex-ai', 'Google Vertex AI', 'ai_platform', 'google-cloud', /\b(vertexai|aiplatform|@google-cloud\/vertexai|PredictionServiceClient|projects\.locations\.publishers\.models)/i),
+  component('dialogflow-cx', 'Google Dialogflow CX', 'conversation_ai', 'google-cloud', /\b(dialogflowcx|dialogflow-cx|@google-cloud\/dialogflow-cx|SessionsClient|DetectIntentRequest)/i),
+  component('langchain', 'LangChain', 'agent_framework', 'langchain', /\b(@langchain\/|langchain\b|from\s+langchain(_community|_core)?\b)/i),
+  component('llamaindex', 'LlamaIndex', 'agent_framework', 'llamaindex', /\b(llama_index|llamaindex|from\s+llama_index\b)/i),
+  component('semantic-kernel', 'Semantic Kernel', 'agent_framework', 'microsoft', /\b(semantic-kernel|semantic_kernel|Microsoft\.SemanticKernel)/i),
+  component('crewai', 'CrewAI', 'agent_framework', 'crewai', /\b(crewai|from\s+crewai\b)/i),
+  component('autogen', 'AutoGen', 'agent_framework', 'microsoft', /\b(autogen|pyautogen|@microsoft\/autogen)/i),
+  component('transformers', 'Hugging Face Transformers', 'ml_framework', 'huggingface', /\b(transformers|AutoModel|AutoTokenizer|pipeline\s*\()/i),
+  component('sentence-transformers', 'Sentence Transformers', 'embedding_model', 'huggingface', /\b(sentence_transformers|SentenceTransformer)/i),
+  component('pytorch', 'PyTorch', 'ml_framework', 'pytorch', /\b(import\s+torch\b|from\s+torch\b|torch\.)/i),
+  component('tensorflow', 'TensorFlow/Keras', 'ml_framework', 'tensorflow', /\b(import\s+tensorflow\b|from\s+tensorflow\b|import\s+keras\b|from\s+keras\b|tf\.keras)/i),
+  component('scikit-learn', 'scikit-learn', 'ml_framework', 'scikit-learn', /\b(sklearn|scikit-learn|from\s+sklearn\b)/i),
+  component('onnxruntime', 'ONNX Runtime', 'ml_runtime', 'onnx', /\b(onnxruntime|InferenceSession)/i),
+  component('pinecone', 'Pinecone vector database', 'vector_database', 'pinecone', /\b(pinecone|@pinecone-database\/pinecone)/i),
+  component('weaviate', 'Weaviate vector database', 'vector_database', 'weaviate', /\b(weaviate|weaviate-client)/i),
+  component('qdrant', 'Qdrant vector database', 'vector_database', 'qdrant', /\b(qdrant|@qdrant\/js-client-rest|qdrant-client)/i),
+  component('chroma', 'Chroma vector database', 'vector_database', 'chroma', /\b(chromadb|chroma-client|ChromaClient)/i),
+  component('lancedb', 'LanceDB vector database', 'vector_database', 'lancedb', /\b(lancedb|@lancedb\/lancedb)/i),
+  component('faiss', 'FAISS vector index', 'vector_database', 'faiss', /\b(faiss|faiss-cpu|faiss-gpu)/i),
+  component('pgvector', 'Postgres pgvector', 'vector_database', 'postgres', /\b(pgvector|vector\(\d+\)|CREATE\s+EXTENSION\s+vector)/i),
+];
+
+const MANIFEST_FILES = new Set([
+  'package.json',
+  'requirements.txt',
+  'pyproject.toml',
+  'poetry.lock',
+  'Pipfile',
+  'Gemfile',
+  'go.mod',
+  'Cargo.toml',
+]);
+
+function component(id, name, category, ecosystem, pattern) {
+  return { id, name, category, ecosystem, pattern };
+}
+
+function relativePath(rootDir, filePath) {
+  return path.relative(rootDir, filePath).split(path.sep).join('/');
+}
+
+function shouldIgnoreDir(name) {
+  return IGNORE_DIRS.has(name);
+}
+
+function isTextLike(filePath) {
+  const base = path.basename(filePath);
+  if (MANIFEST_FILES.has(base)) return true;
+  return TEXT_EXTENSIONS.has(path.extname(filePath).toLowerCase());
+}
+
+function walkFiles(rootDir, options = {}) {
+  const maxFiles = Number(options.maxFiles || DEFAULT_MAX_FILES);
+  const files = [];
+  const queue = [rootDir];
+
+  while (queue.length && files.length < maxFiles) {
+    const dir = queue.shift();
+    let entries = [];
+    try {
+      entries = fs.readdirSync(dir, { withFileTypes: true });
+    } catch (_) {
+      continue;
+    }
+
+    for (const entry of entries) {
+      const fullPath = path.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        if (!shouldIgnoreDir(entry.name)) queue.push(fullPath);
+        continue;
+      }
+      if (entry.isFile()) {
+        files.push(fullPath);
+        if (files.length >= maxFiles) break;
+      }
+    }
+  }
+
+  return files;
+}
+
+function readLines(filePath, maxBytes = DEFAULT_MAX_BYTES) {
+  let stat;
+  try {
+    stat = fs.statSync(filePath);
+  } catch (_) {
+    return null;
+  }
+  if (!stat.isFile() || stat.size > maxBytes) return null;
+
+  try {
+    return fs.readFileSync(filePath, 'utf8').split(/\r?\n/);
+  } catch (_) {
+    return null;
+  }
+}
+
+function addEvidence(map, componentDef, evidence, maxEvidencePerComponent) {
+  const current = map.get(componentDef.id) || {
+    id: componentDef.id,
+    name: componentDef.name,
+    category: componentDef.category,
+    ecosystem: componentDef.ecosystem,
+    evidence: [],
+  };
+
+  if (current.evidence.length < maxEvidencePerComponent) {
+    const duplicate = current.evidence.some((item) => (
+      item.file === evidence.file && item.line === evidence.line && item.kind === evidence.kind
+    ));
+    if (!duplicate) current.evidence.push(evidence);
+  }
+  map.set(componentDef.id, current);
+}
+
+function scanSourceFile(rootDir, filePath, map, options) {
+  const lines = readLines(filePath, options.maxBytes);
+  if (!lines) return;
+
+  const rel = relativePath(rootDir, filePath);
+  lines.forEach((line, idx) => {
+    for (const def of SOURCE_PATTERNS) {
+      if (!def.pattern.test(line)) continue;
+      addEvidence(map, def, {
+        kind: 'source',
+        file: rel,
+        line: idx + 1,
+        snippet: options.includeSnippets === false ? undefined : line.trim().slice(0, 220),
+      }, options.maxEvidencePerComponent);
+    }
+  });
+}
+
+function scanManifestFile(rootDir, filePath, map, options) {
+  const lines = readLines(filePath, options.maxBytes);
+  if (!lines) return;
+  const rel = relativePath(rootDir, filePath);
+
+  lines.forEach((line, idx) => {
+    for (const def of SOURCE_PATTERNS) {
+      if (!def.pattern.test(line)) continue;
+      addEvidence(map, def, {
+        kind: 'manifest',
+        file: rel,
+        line: idx + 1,
+        snippet: options.includeSnippets === false ? undefined : line.trim().slice(0, 220),
+      }, options.maxEvidencePerComponent);
+    }
+  });
+}
+
+function scanModelArtifact(rootDir, filePath, map, options) {
+  const ext = path.extname(filePath).toLowerCase();
+  const def = MODEL_EXTENSIONS.get(ext);
+  if (!def) return;
+
+  let stat = null;
+  try {
+    stat = fs.statSync(filePath);
+  } catch (_) {
+    stat = null;
+  }
+
+  addEvidence(map, {
+    id: `${def.ecosystem}-${ext.slice(1)}-artifact`,
+    ...def,
+  }, {
+    kind: 'artifact',
+    file: relativePath(rootDir, filePath),
+    line: null,
+    bytes: stat ? stat.size : undefined,
+  }, options.maxEvidencePerComponent);
+}
+
+function summarizeComponents(components) {
+  const byCategory = {};
+  const byEcosystem = {};
+  for (const item of components) {
+    byCategory[item.category] = (byCategory[item.category] || 0) + 1;
+    byEcosystem[item.ecosystem] = (byEcosystem[item.ecosystem] || 0) + 1;
+  }
+  return { byCategory, byEcosystem };
+}
+
+function scanAiComponents(options = {}) {
+  const rootDir = path.resolve(options.rootDir || process.cwd());
+  const maxEvidencePerComponent = Number(options.maxEvidencePerComponent || 10);
+  const scanOptions = {
+    maxFiles: options.maxFiles || DEFAULT_MAX_FILES,
+    maxBytes: options.maxBytes || DEFAULT_MAX_BYTES,
+    includeSnippets: options.includeSnippets !== false,
+    maxEvidencePerComponent,
+  };
+
+  const files = walkFiles(rootDir, scanOptions);
+  const map = new Map();
+
+  for (const filePath of files) {
+    scanModelArtifact(rootDir, filePath, map, scanOptions);
+    const base = path.basename(filePath);
+    if (MANIFEST_FILES.has(base)) {
+      scanManifestFile(rootDir, filePath, map, scanOptions);
+      continue;
+    }
+    if (isTextLike(filePath)) scanSourceFile(rootDir, filePath, map, scanOptions);
+  }
+
+  const components = Array.from(map.values()).sort((a, b) => a.id.localeCompare(b.id));
+  const summary = summarizeComponents(components);
+  return {
+    schemaVersion: 'thumbgate.ai-inventory.v1',
+    generatedAt: new Date().toISOString(),
+    rootDir,
+    filesScanned: files.length,
+    componentCount: components.length,
+    summary,
+    components,
+  };
+}
+
+function buildCycloneDxMlBom(inventory, options = {}) {
+  const serialHash = crypto
+    .createHash('sha256')
+    .update(JSON.stringify({
+      rootDir: inventory.rootDir,
+      components: inventory.components.map((item) => [item.id, item.evidence.map((e) => e.file)]),
+    }))
+    .digest('hex')
+    .slice(0, 32);
+
+  return {
+    bomFormat: 'CycloneDX',
+    specVersion: '1.5',
+    serialNumber: `urn:uuid:${serialHash.slice(0, 8)}-${serialHash.slice(8, 12)}-${serialHash.slice(12, 16)}-${serialHash.slice(16, 20)}-${serialHash.slice(20, 32)}`,
+    version: 1,
+    metadata: {
+      timestamp: inventory.generatedAt,
+      tools: [
+        {
+          vendor: 'ThumbGate',
+          name: 'AI Component Inventory',
+          version: options.version || 'local',
+        },
+      ],
+      properties: [
+        { name: 'thumbgate:rootDir', value: inventory.rootDir },
+        { name: 'thumbgate:filesScanned', value: String(inventory.filesScanned) },
+        { name: 'thumbgate:componentCount', value: String(inventory.componentCount) },
+      ],
+    },
+    components: inventory.components.map((item) => ({
+      type: item.category === 'model_artifact' ? 'machine-learning-model' : 'library',
+      name: item.name,
+      group: item.ecosystem,
+      bomRef: `thumbgate:${item.id}`,
+      properties: [
+        { name: 'thumbgate:category', value: item.category },
+        { name: 'thumbgate:evidenceCount', value: String(item.evidence.length) },
+        { name: 'thumbgate:evidence', value: JSON.stringify(item.evidence.map((e) => ({ file: e.file, line: e.line, kind: e.kind }))) },
+      ],
+    })),
+  };
+}
+
+function formatInventoryText(inventory) {
+  const lines = [];
+  lines.push('ThumbGate AI Component Inventory');
+  lines.push(`  Root              : ${inventory.rootDir}`);
+  lines.push(`  Files scanned     : ${inventory.filesScanned}`);
+  lines.push(`  AI components     : ${inventory.componentCount}`);
+  lines.push('');
+  lines.push('By category:');
+  const categories = Object.entries(inventory.summary.byCategory).sort((a, b) => a[0].localeCompare(b[0]));
+  if (!categories.length) lines.push('  none detected');
+  for (const [category, count] of categories) lines.push(`  ${category}: ${count}`);
+  lines.push('');
+  lines.push('Evidence:');
+  if (!inventory.components.length) lines.push('  none detected');
+  for (const item of inventory.components) {
+    lines.push(`  - ${item.name} (${item.category}, ${item.ecosystem})`);
+    for (const evidence of item.evidence.slice(0, 3)) {
+      const loc = evidence.line ? `${evidence.file}:${evidence.line}` : evidence.file;
+      lines.push(`      ${loc} [${evidence.kind}]`);
+    }
+  }
+  return lines.join('\n');
+}
+
+function writeOutput(filePath, data) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.writeFileSync(filePath, data);
+}
+
+module.exports = {
+  SOURCE_PATTERNS,
+  MODEL_EXTENSIONS,
+  scanAiComponents,
+  buildCycloneDxMlBom,
+  formatInventoryText,
+  writeOutput,
+};

package/scripts/classifier-routing.js

@@ -0,0 +1,130 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const DEFAULT_CONFIG_PATH = path.join(__dirname, '..', 'config', 'gate-classifier-routing.json');
+
+function clamp01(value, fallback = 0) {
+  const number = Number(value);
+  if (!Number.isFinite(number)) return fallback;
+  return Math.min(1, Math.max(0, number));
+}
+
+function riskRank(risk) {
+  const normalized = String(risk || 'medium').toLowerCase();
+  if (['critical', 'block', 'regulated'].includes(normalized)) return 4;
+  if (['high', 'dangerous'].includes(normalized)) return 3;
+  if (['medium', 'warn'].includes(normalized)) return 2;
+  return 1;
+}
+
+function loadClassifierRoutingConfig(configPath = DEFAULT_CONFIG_PATH) {
+  return JSON.parse(fs.readFileSync(configPath, 'utf8'));
+}
+
+function lane(config, laneName, reason, input, overrides = {}) {
+  const laneConfig = (config.lanes && config.lanes[laneName]) || {};
+  return {
+    lane: laneName,
+    reason,
+    requiresEvidence: Boolean(laneConfig.requiresEvidence || overrides.requiresEvidence),
+    cloudAllowed: Boolean(laneConfig.cloudAllowed),
+    maxLatencyMs: laneConfig.maxLatencyMs,
+    risk: String(input.risk || 'medium').toLowerCase(),
+    ambiguity: clamp01(input.ambiguity),
+  };
+}
+
+function routeClassifier(input = {}, config = loadClassifierRoutingConfig()) {
+  const thresholds = config.thresholds || {};
+  const labelCount = Number(input.labelCount || input.examples || 0);
+  const latencyBudgetMs = Number(input.latencyBudgetMs || 0);
+  const ambiguity = clamp01(input.ambiguity);
+  const risk = riskRank(input.risk);
+  const largeBatch = Number(input.batchRows || 0) >= Number(thresholds.largeBatchRows || 50);
+  const privacySensitive = Boolean(input.privacySensitive || input.containsSecrets || input.customerData);
+  const allowCloud = Boolean(input.allowCloud);
+
+  if (input.hasHardRule || input.exactPolicyMatch) {
+    return lane(config, 'deterministic', 'exact hard rule or policy match; do not spend model tokens', input);
+  }
+
+  if (input.semanticCacheHit || input.equivalentRepeat) {
+    return lane(config, 'semantic_cache', 'semantically equivalent repeat; reuse the proven prior decision without a model call', input);
+  }
+
+  if (input.rubricFailed || input.missingEvidence || input.completionClaimWithoutProof) {
+    return lane(config, 'rubric_gate', 'rubric or completion evidence failed; block done claims until proof exists', input);
+  }
+
+  if (input.structuredDataset && (input.missingProvenance || input.missingSources)) {
+    return lane(config, 'rubric_gate', 'structured data claim is missing source provenance', input);
+  }
+
+  if (privacySensitive && !allowCloud && risk >= 3 && ambiguity >= Number(thresholds.mediumAmbiguity || 0.35)) {
+    return lane(config, 'human_review', 'private high-risk ambiguous action; keep data local and require approval', input);
+  }
+
+  if (labelCount >= Number(thresholds.classicalMinExamples || 40) && (largeBatch || latencyBudgetMs <= Number(thresholds.lowLatencyBudgetMs || 300)) && ambiguity < Number(thresholds.mediumAmbiguity || 0.35)) {
+    return lane(config, 'local_classical', 'enough examples and low ambiguity; use cheap local classification', input);
+  }
+
+  if (risk >= 3 && ambiguity >= Number(thresholds.highRiskAmbiguity || 0.65)) {
+    if (allowCloud && latencyBudgetMs >= Number(thresholds.llmMinLatencyBudgetMs || 2000)) {
+      return lane(config, 'llm_judge', 'high-risk semantic ambiguity; use a budget-capped LLM judge with evidence', input);
+    }
+    return lane(config, 'human_review', 'high-risk ambiguity without approved cloud/budget route', input);
+  }
+
+  if (labelCount < Number(thresholds.classicalMinExamples || 40) || ambiguity >= Number(thresholds.mediumAmbiguity || 0.35)) {
+    return lane(config, 'local_semantic', 'sparse labels or fuzzy intent; use local semantic recall before any LLM', input);
+  }
+
+  return lane(config, config.defaultLane || 'local_classical', 'default local route for routine gate classification', input);
+}
+
+function explainClassifierRoute(input = {}, config = loadClassifierRoutingConfig()) {
+  const decision = routeClassifier(input, config);
+  const laneConfig = (config.lanes && config.lanes[decision.lane]) || {};
+  return {
+    ...decision,
+    description: laneConfig.description || '',
+    useFor: laneConfig.useFor || [],
+  };
+}
+
+function parseArgs(argv) {
+  const input = {};
+  for (const arg of argv) {
+    if (arg === '--hard-rule') input.hasHardRule = true;
+    else if (arg === '--privacy-sensitive') input.privacySensitive = true;
+    else if (arg === '--allow-cloud') input.allowCloud = true;
+    else if (arg === '--customer-data') input.customerData = true;
+    else if (arg === '--semantic-cache-hit') input.semanticCacheHit = true;
+    else if (arg === '--equivalent-repeat') input.equivalentRepeat = true;
+    else if (arg === '--rubric-failed') input.rubricFailed = true;
+    else if (arg === '--missing-evidence') input.missingEvidence = true;
+    else if (arg === '--structured-dataset') input.structuredDataset = true;
+    else if (arg === '--missing-provenance') input.missingProvenance = true;
+    else if (arg.startsWith('--risk=')) input.risk = arg.slice('--risk='.length);
+    else if (arg.startsWith('--ambiguity=')) input.ambiguity = Number(arg.slice('--ambiguity='.length));
+    else if (arg.startsWith('--labels=')) input.labelCount = Number(arg.slice('--labels='.length));
+    else if (arg.startsWith('--latency-ms=')) input.latencyBudgetMs = Number(arg.slice('--latency-ms='.length));
+    else if (arg.startsWith('--batch-rows=')) input.batchRows = Number(arg.slice('--batch-rows='.length));
+  }
+  return input;
+}
+
+module.exports = {
+  DEFAULT_CONFIG_PATH,
+  explainClassifierRoute,
+  loadClassifierRoutingConfig,
+  routeClassifier,
+};
+
+if (require.main === module) {
+  const decision = explainClassifierRoute(parseArgs(process.argv.slice(2)));
+  process.stdout.write(`${JSON.stringify(decision, null, 2)}\n`);
+}

package/scripts/cli-schema.js

@@ -351,6 +351,19 @@ const CLI_COMMANDS = [
       { name: 'high-risk-workflows', type: 'string', description: 'Comma-separated workflows touching money, prod, secrets, data, or publishing' },
     ],
   }),
+  discoveryCommand({
+    name: 'ai-inventory',
+    aliases: ['ai-component-inventory', 'ml-bom', 'mlbom'],
+    description: 'Scan AI/ML components and export enterprise ML-BOM evidence',
+    mcpTool: 'ai_component_inventory',
+    flags: [
+      jsonFlag(),
+      { name: 'root', type: 'string', description: 'Project root to scan' },
+      { name: 'format', type: 'string', description: 'summary, json, or cyclonedx' },
+      { name: 'output', type: 'string', description: 'Write evidence to this path' },
+      { name: 'max-files', type: 'number', description: 'Maximum files to scan' },
+    ],
+  }),
   discoveryCommand({
     name: 'long-running-agent-context-guardrails',
     aliases: ['agent-context-guardrails', 'slack-context-guardrails'],
@@ -614,6 +627,19 @@ const CLI_COMMANDS = [
       { name: 'json',  type: 'boolean', description: 'Output the structured model as JSON' },
     ],
   },
+  {
+    name: 'workflow',
+    aliases: ['swarm'],
+    description: 'Execute a dynamic parallel workflow for security audit, benchmarking, or exploration',
+    group: 'ops',
+    mcpTool: 'parallel_workflow',
+    flags: [
+      { name: 'objective',   type: 'string',  required: true,  description: 'The objective to plan and execute (e.g. security audit, performance benchmark)' },
+      { name: 'concurrency', type: 'number',  description: 'Maximum parallel subtasks (default 3)' },
+      { name: 'timeoutMs',   type: 'number',  description: 'Timeout in milliseconds (default 60000)' },
+      { name: 'json',        type: 'boolean', description: 'Output results as JSON' },
+    ],
+  },
 ];
 
 /**