Skip to content

ci(monitor): bump scan budget + enable Anthropic deep-dive on the ambiguous band#22

Merged
Ap6pack merged 1 commit into
mainfrom
claude/enable-escalation
Jul 6, 2026
Merged

ci(monitor): bump scan budget + enable Anthropic deep-dive on the ambiguous band#22
Ap6pack merged 1 commit into
mainfrom
claude/enable-escalation

Conversation

@Ap6pack

@Ap6pack Ap6pack commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Description

Turns on targeted escalation in the scheduled sweep now that the pipeline reliably commits, and validates the HF model.

  • Budget bump: --max-scans 3000 → 4000 (rules-only is fetch-bound at ~2 req/s; 4000 still fits the CI window and shortens the ~66k-skill baseline build).
  • Anthropic deep-dive on the outliers: --escalate-backend anthropic --escalate-budget 200. The ~150 skills/run the rules flag short of a confident verdict (the ambiguous band — SUSPICIOUS/CAUTION) get an LLM second opinion that can raise a sneaky skill or clear a false positive. Confident-clean and confident-malicious are never escalated, so LLM spend tracks the small uncertain middle — not the whole 66k registry.
  • Escalation no longer live-crawls URLs (use_urls off in AnthropicBackend): removes external-fetch latency/flakiness at escalation scale; the deep dive's value is the LLM's read of intent (rules + threat intel still run).

HF model — validated ✅

Confirmed on the Hub: protectai/deberta-v3-base-prompt-injection-v2 — apache-2.0, ungated, 5.6M downloads, ships ONNX weights. That's the right free-tier pick (permissive license, no HF token needed). It stays wired as the default for local --escalate-backend hf|tiered, but is kept out of CI to avoid a ~2GB torch install on the run that must reliably commit. Enabling it in CI (or a decoupled escalation job) is a follow-up if we want the free tier automated.

Why Anthropic-direct rather than tiered-in-CI

The ambiguous band is only ~150 skills/run, so Anthropic's cost is already small; putting HF (torch) in the daily job would add fragility to the pipeline we just got committing, for marginal savings. Anthropic-direct is the reliable "deep dive on the outliers."

Type of Change

  • Infrastructure / CI
  • Minor behavior change (escalation URL crawl off)

Checklist

  • Workflow YAML validated; ruff + tests pass (65 monitor/escalation)
  • HF model verified on the Hub (license, gating, downloads)
  • Docs updated (docs/crawl.md)

🤖 Generated with Claude Code

https://claude.ai/code/session_01DNoTXU8k3pfSBzR7aJubqL


Generated by Claude Code

Enable targeted escalation in the scheduled sweep now that the pipeline is
reliably committing:

- --max-scans 3000 -> 4000 (rules-only is fetch-bound at ~2 req/s; 4000
  still fits the window and shortens the ~66k-skill baseline build).
- --escalate-backend anthropic --escalate-budget 200: the ~150 skills/run
  the rules flag short of a confident verdict (the ambiguous band) get an
  LLM deep-dive second opinion; confident-clean and confident-malicious are
  never escalated, so spend tracks the uncertain middle.
- AnthropicBackend no longer live-crawls URLs during escalation (use_urls
  off): removes external-fetch latency/flakiness at escalation scale; the
  deep dive's value is the LLM's read of intent (rules + threat intel still
  run).

HF classifier stays validated (protectai/deberta-v3-base-prompt-injection-v2,
apache-2.0, ungated) and available for local "--escalate-backend hf|tiered",
but is kept off the CI critical path to avoid a ~2GB torch install on the
run that must reliably commit.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DNoTXU8k3pfSBzR7aJubqL
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

✅ Malwar Scan Results

Metric Value
Verdict CLEAN
Risk Score 0/100
Findings 0

Scanned by Malwar — malware detection for agentic AI skills.

@Ap6pack Ap6pack merged commit ab0608d into main Jul 6, 2026
6 checks passed
@Ap6pack Ap6pack deleted the claude/enable-escalation branch July 7, 2026 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants