Expand description
Standardized tool result parsing (R-AS-01).
Diverse security detectors (classifiers, heuristics, LLM judges, etc.)
produce wildly different output formats. This module normalises those
outputs into a unified DetectorResult schema, then aggregates multiple
detector results into a single ScanResult using pluggable
AggregationStrategy policies.
§Quick start
use llmtrace_security::result_parser::*;
use llmtrace_core::SecuritySeverity;
let r1 = DetectorResult::new("injecguard", DetectorType::Classifier)
.with_threat(ThreatCategory::InjectionDirect)
.with_confidence(0.92)
.with_severity(SecuritySeverity::High);
let r2 = DetectorResult::new("heuristic-v1", DetectorType::Heuristic)
.with_threat(ThreatCategory::Benign)
.with_confidence(0.85)
.with_severity(SecuritySeverity::Info);
let aggregator = ResultAggregator::new(AggregationStrategy::MajorityVote);
let agg = aggregator.aggregate(&[r1, r2]);Structs§
- Aggregated
Result - The outcome of combining multiple detector results.
- Detector
Result - Normalised output from a single security detector.
- Result
Aggregator - Combines multiple
DetectorResults into a single verdict. - Scan
Result - Final scan output combining all detector results and their aggregation.
- Scan
Result Builder - Incrementally builds a
ScanResultfrom individual detector results.
Enums§
- Aggregation
Strategy - Strategy for combining multiple detector results.
- Detector
Type - Kind of security detector that produced a result.
- Threat
Category - Threat classification for a scanned input.
Functions§
- compute_
input_ hash - Deterministic hash of input text. Uses a simple multiplicative hash folded to 16 hex characters.