anomaly

type Detector interface {
	Score(ctx context.Context, line string) (Result, error)
}

type EmbeddedDetector struct {
	// contains filtered or unexported fields
}

type Options struct {
	ModelPath     string
	TokenizerPath string
	Threshold     float64
	Window        int

	// LLMEndpoint is the base URL of an OpenAI-compatible API (Ollama: http://localhost:11434/v1,
	// LM Studio: http://localhost:1234/v1). When set, log lines are scored via chat completions.
	LLMEndpoint string
	// LLMModel is the model name sent to the LLM endpoint. Defaults to "llama3" when empty.
	LLMModel string
	// LLMContextLines is the number of recent log lines sent as context with each LLM request.
	// 0 disables context (single-line mode). Default 5 when unset.
	LLMContextLines int
	// FilterThreshold enables CoLA-style two-tier detection when > 0. The fast detector
	// (heuristic when LLM-only, ONNX when ensemble) runs first; the LLM is only invoked
	// when the fast score is at or above this value. Lines below it are returned as normal
	// without an LLM call. Recommended value: 0.40. 0 disables filtering (default).
	FilterThreshold float64
	// FreqWindow is the short-window size used for rate-ratio burst detection. When a log
	// template's occurrence rate in the last FreqWindow lines exceeds FreqRatio × its
	// long-term baseline rate, it is flagged as a frequency spike. Default 100; 0 disables.
	FreqWindow int
	// FreqRatio is the short/long rate ratio that triggers a freq-spike score. Default 5.0.
	FreqRatio float64
}

type Result struct {
	Score    float64
	Anomaly  bool
	Reason   string
	Original string
}