Add Platt scaling, allowlist/blocklist, caching, dashboard, and 4 new attack types

- Platt scaling confidence calibration (99.45% leave-one-out accuracy)
- IP/path allowlist/blocklist with CIDR support
- Thread-safe LRU cache with TTL
- ActiveSupport::Notifications instrumentation
- Structured JSON/text logging
- Hot reload via AiBouncer.reload! and SIGUSR2 signal
- Mountable Rails dashboard engine at /ai_bouncer
- 4 new attack types: CRLF injection, host header injection, HTTP smuggling, prototype pollution
- 18 attack types total, 3,300 balanced training patterns
- Fix spec edge cases for CI stability

Author: khasinski

README.md

@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.metadata["rubygems_mfa_required"] = "true"
 
   spec.files = Dir.chdir(__dir__) do
-    Dir["{lib}/**/*", "README.md", "LICENSE.txt", "CHANGELOG.md"].reject do |f|
+    Dir["{app,config,lib}/**/*", "README.md", "LICENSE.txt", "CHANGELOG.md"].reject do |f|
       File.directory?(f)
     end
   end

ai_bouncer.gemspec

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module AiBouncer
+  class DashboardController < ActionController::Base
+    layout "ai_bouncer/application"
+
+    before_action :authenticate!
+
+    def index
+      @stats = AiBouncer.event_store.stats
+      @recent_attacks = AiBouncer.event_store.recent_attacks(25)
+      @recent_requests = AiBouncer.event_store.recent(25)
+    end
+
+    private
+
+    def authenticate!
+      auth_proc = AiBouncer.configuration.dashboard_auth
+      return unless auth_proc
+
+      instance_exec(&auth_proc)
+    end
+  end
+end

app/controllers/ai_bouncer/dashboard_controller.rb

@@ -0,0 +1,106 @@
+<div class="stats-grid">
+  <div class="stat-card">
+    <div class="label">Total Requests</div>
+    <div class="value blue"><%= @stats[:total_requests] %></div>
+  </div>
+  <div class="stat-card">
+    <div class="label">Attacks Detected</div>
+    <div class="value red"><%= @stats[:total_attacks] %></div>
+  </div>
+  <div class="stat-card">
+    <div class="label">Attack Rate</div>
+    <div class="value yellow"><%= @stats[:attack_rate] %>%</div>
+  </div>
+  <div class="stat-card">
+    <div class="label">Events Stored</div>
+    <div class="value green"><%= @stats[:events_stored] %></div>
+  </div>
+</div>
+
+<% if @stats[:label_distribution].any? %>
+<div class="section">
+  <div class="section-header"><h2>Attack Distribution</h2></div>
+  <div style="padding: 16px;">
+    <% max_count = @stats[:label_distribution].values.max || 1 %>
+    <% @stats[:label_distribution].each do |label, count| %>
+      <div class="dist-bar">
+        <span class="name"><%= label %></span>
+        <div class="bar" style="width: <%= (count.to_f / max_count * 200).round %>px;"></div>
+        <span class="count"><%= count %></span>
+      </div>
+    <% end %>
+  </div>
+</div>
+<% end %>
+
+<div class="section">
+  <div class="section-header"><h2>Recent Attacks</h2></div>
+  <% if @recent_attacks.any? %>
+    <table>
+      <thead>
+        <tr>
+          <th>Time</th>
+          <th>Label</th>
+          <th>Confidence</th>
+          <th>Method</th>
+          <th>Path</th>
+          <th>IP</th>
+          <th>Latency</th>
+        </tr>
+      </thead>
+      <tbody>
+        <% @recent_attacks.each do |event| %>
+          <tr>
+            <td><%= event.timestamp.strftime("%H:%M:%S") %></td>
+            <td><span class="badge badge-attack"><%= event.label %></span></td>
+            <td><%= (event.confidence * 100).round(1) %>%</td>
+            <td><%= event.method %></td>
+            <td><%= event.path %></td>
+            <td><%= event.ip %></td>
+            <td><%= event.latency_ms %>ms</td>
+          </tr>
+        <% end %>
+      </tbody>
+    </table>
+  <% else %>
+    <div class="empty">No attacks detected yet</div>
+  <% end %>
+</div>
+
+<div class="section">
+  <div class="section-header"><h2>Recent Requests</h2></div>
+  <% if @recent_requests.any? %>
+    <table>
+      <thead>
+        <tr>
+          <th>Time</th>
+          <th>Label</th>
+          <th>Confidence</th>
+          <th>Method</th>
+          <th>Path</th>
+          <th>IP</th>
+          <th>Cached</th>
+        </tr>
+      </thead>
+      <tbody>
+        <% @recent_requests.each do |event| %>
+          <tr>
+            <td><%= event.timestamp.strftime("%H:%M:%S") %></td>
+            <td>
+              <span class="badge <%= event.is_attack ? 'badge-attack' : 'badge-clean' %>">
+                <%= event.label %>
+              </span>
+            </td>
+            <td><%= (event.confidence * 100).round(1) %>%</td>
+            <td><%= event.method %></td>
+            <td><%= event.path %></td>
+            <td><%= event.ip %></td>
+            <td><%= event.cached ? 'Yes' : '' %></td>
+          </tr>
+        <% end %>
+      </tbody>
+    </table>
+  <% else %>
+    <div class="empty">No requests recorded yet</div>
+  <% end %>
+</div>

app/views/ai_bouncer/dashboard/index.html.erb

@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>AiBouncer Dashboard</title>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; background: #0f1117; color: #e1e4e8; line-height: 1.5; }
+    .container { max-width: 1200px; margin: 0 auto; padding: 20px; }
+    header { background: #161b22; border-bottom: 1px solid #30363d; padding: 16px 0; margin-bottom: 24px; }
+    header .container { display: flex; align-items: center; justify-content: space-between; }
+    h1 { font-size: 20px; font-weight: 600; }
+    h1 span { color: #58a6ff; }
+    h2 { font-size: 16px; margin-bottom: 12px; color: #c9d1d9; }
+    .stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 16px; margin-bottom: 24px; }
+    .stat-card { background: #161b22; border: 1px solid #30363d; border-radius: 6px; padding: 16px; }
+    .stat-card .label { font-size: 12px; color: #8b949e; text-transform: uppercase; letter-spacing: 0.5px; }
+    .stat-card .value { font-size: 28px; font-weight: 700; margin-top: 4px; }
+    .stat-card .value.green { color: #3fb950; }
+    .stat-card .value.red { color: #f85149; }
+    .stat-card .value.yellow { color: #d29922; }
+    .stat-card .value.blue { color: #58a6ff; }
+    .section { background: #161b22; border: 1px solid #30363d; border-radius: 6px; margin-bottom: 24px; overflow: hidden; }
+    .section-header { padding: 12px 16px; border-bottom: 1px solid #30363d; }
+    table { width: 100%; border-collapse: collapse; font-size: 13px; }
+    th { text-align: left; padding: 8px 16px; color: #8b949e; font-weight: 500; background: #0d1117; border-bottom: 1px solid #30363d; }
+    td { padding: 8px 16px; border-bottom: 1px solid #21262d; }
+    tr:last-child td { border-bottom: none; }
+    .badge { display: inline-block; padding: 2px 8px; border-radius: 12px; font-size: 11px; font-weight: 600; }
+    .badge-attack { background: rgba(248,81,73,0.15); color: #f85149; }
+    .badge-clean { background: rgba(63,185,80,0.15); color: #3fb950; }
+    .dist-bar { display: flex; align-items: center; gap: 8px; margin: 4px 0; }
+    .dist-bar .bar { height: 8px; border-radius: 4px; background: #f85149; }
+    .dist-bar .name { font-size: 12px; min-width: 160px; }
+    .dist-bar .count { font-size: 12px; color: #8b949e; }
+    .empty { padding: 24px; text-align: center; color: #8b949e; }
+  </style>
+</head>
+<body>
+  <header>
+    <div class="container">
+      <h1><span>AI</span>Bouncer Dashboard</h1>
+      <span style="color: #8b949e; font-size: 13px;">Real-time threat monitoring</span>
+    </div>
+  </header>
+  <div class="container">
+    <%= yield %>
+  </div>
+</body>
+</html>

app/views/layouts/ai_bouncer/application.html.erb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+AiBouncer::Engine.routes.draw do
+  root to: "dashboard#index"
+end

config/routes.rb

@@ -9,6 +9,10 @@
 require_relative "ai_bouncer/model"
 require_relative "ai_bouncer/classifier"
 require_relative "ai_bouncer/middleware"
+require_relative "ai_bouncer/cache"
+require_relative "ai_bouncer/instrumentation"
+require_relative "ai_bouncer/structured_logger"
+require_relative "ai_bouncer/event_store"
 
 # Rails-specific components loaded conditionally
 if defined?(ActiveSupport::Concern)
@@ -36,6 +40,8 @@ def configure
       if configuration.enabled && configuration.memory_storage? && configuration.model_path
         load_classifier if configuration.preload_model
       end
+
+      setup_signal_reload if configuration.signal_reload
     end
 
     # The ONNX embedding model (shared between memory and database modes)
@@ -48,6 +54,27 @@ def classifier
       @classifier ||= load_classifier
     end
 
+    # Classification cache
+    def cache
+      @cache ||= Cache.new(
+        max_size: configuration.cache_max_size,
+        ttl: configuration.cache_ttl
+      )
+    end
+
+    # Structured logger
+    def structured_logger
+      @structured_logger ||= StructuredLogger.new(
+        logger: configuration.logger || (defined?(Rails) ? Rails.logger : nil),
+        format: configuration.log_format
+      )
+    end
+
+    # Event store for dashboard
+    def event_store
+      @event_store ||= EventStore.new(max_size: configuration.event_store_size)
+    end
+
     def enabled?
       return false unless configuration.enabled
 
@@ -59,24 +86,67 @@ def enabled?
     end
 
     # Classify a request text
-    # Automatically uses the configured storage mode
+    # Uses cache and instrumentation when enabled
     def classify(request_text, k: 5)
-      if configuration.database_storage?
-        classify_with_database(request_text, k: k)
-      else
-        classifier.classify(request_text, k: k)
+      # Check cache first
+      if configuration.cache_enabled
+        cached = cache.get(request_text)
+        return cached if cached
+      end
+
+      # Perform classification
+      result = if configuration.database_storage?
+                 classify_with_database(request_text, k: k)
+               else
+                 classifier.classify(request_text, k: k)
+               end
+
+      # Instrument
+      if Instrumentation.notifications_available?
+        Instrumentation.instrument_classify(request_text) { result }
       end
+
+      # Cache result
+      cache.set(request_text, result) if configuration.cache_enabled
+
+      result
     end
 
     # Helper to build request text from components
     def request_to_text(**args)
       Classifier.request_to_text(**args)
     end
 
+    # Thread-safe hot reload of model and classifier
+    def reload!
+      @reload_mutex ||= Mutex.new
+      @reload_mutex.synchronize do
+        old_classifier = @classifier
+        old_model = @model
+
+        begin
+          @classifier = nil
+          @model = nil
+          load_classifier if configuration.memory_storage?
+          cache.clear if @cache
+          structured_logger.log_blocked("model_reloaded") if @structured_logger
+        rescue StandardError => e
+          # Rollback on failure
+          @classifier = old_classifier
+          @model = old_model
+          warn "[AiBouncer] Reload failed: #{e.message}"
+          raise
+        end
+      end
+    end
+
     def reset!
       @configuration = nil
       @classifier = nil
       @model = nil
+      @cache = nil
+      @structured_logger = nil
+      @event_store = nil
     end
 
     private
@@ -106,6 +176,15 @@ def load_classifier
       @classifier = Classifier.new(model_path)
     end
 
+    def setup_signal_reload
+      Signal.trap("USR2") do
+        Thread.new { reload! }
+      end
+    rescue ArgumentError
+      # Signal not available on this platform (e.g., Windows)
+      nil
+    end
+
     def ensure_model_files!(model_path)
       # Check if model exists
       if Downloader.model_exists?(model_path)